Index: head/en_US.ISO8859-1/books/faq/book.xml
===================================================================
--- head/en_US.ISO8859-1/books/faq/book.xml	(revision 53757)
+++ head/en_US.ISO8859-1/books/faq/book.xml	(revision 53758)
@@ -1,6496 +1,6473 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
 <!DOCTYPE book PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN"
 	"http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd" [
 <!ENTITY bibliography SYSTEM "../../../share/xml/bibliography.xml">
 <!ENTITY rel.numbranch "3">  <!-- number of branches that follow in this list -->
 <!ENTITY rel.head "<emphasis xmlns='http://docbook.org/ns/docbook'>13-CURRENT</emphasis>">
 <!ENTITY rel.head.relx "13.<replaceable xmlns='http://docbook.org/ns/docbook'>X</replaceable>">
 <!ENTITY rel.head.releng "<symbol xmlns='http://docbook.org/ns/docbook'>head/</symbol>">
 <!ENTITY rel.relx "12.<replaceable xmlns='http://docbook.org/ns/docbook'>X</replaceable>">
 <!ENTITY rel.stable "<emphasis xmlns='http://docbook.org/ns/docbook'>12-STABLE</emphasis>">
 <!ENTITY rel.releng "<symbol xmlns='http://docbook.org/ns/docbook'>stable/12/</symbol>">
 <!ENTITY rel.relengdate "December 2018">
 <!ENTITY rel2.relx "11.<replaceable xmlns='http://docbook.org/ns/docbook'>X</replaceable>">
 <!ENTITY rel2.stable "<emphasis xmlns='http://docbook.org/ns/docbook'>11-STABLE</emphasis>">
 <!ENTITY rel2.releng "<symbol xmlns='http://docbook.org/ns/docbook'>stable/11/</symbol>">
 <!ENTITY rel2.relengdate "October 2016">
 ]>
 <book xmlns="http://docbook.org/ns/docbook"
   xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
   xml:lang="en">
   <info>
     <title>Frequently Asked Questions for &os;
       &rel2.relx; and &rel.relx;</title>
 
     <author><orgname>The &os; Documentation Project</orgname></author>
 
     <copyright>
       <year>1995</year>
       <year>1996</year>
       <year>1997</year>
       <year>1998</year>
       <year>1999</year>
       <year>2000</year>
       <year>2001</year>
       <year>2002</year>
       <year>2003</year>
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
       <year>2007</year>
       <year>2008</year>
       <year>2009</year>
       <year>2010</year>
       <year>2011</year>
       <year>2012</year>
       <year>2013</year>
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
+      <year>2020</year>
 
       <holder>The &os; Documentation Project</holder>
     </copyright>
 
     &legalnotice;
 
     <legalnotice xml:id="trademarks" role="trademarks">
       &tm-attrib.freebsd;
       &tm-attrib.adobe;
       &tm-attrib.ibm;
       &tm-attrib.ieee;
       &tm-attrib.intel;
       &tm-attrib.linux;
       &tm-attrib.microsoft;
       &tm-attrib.netbsd;
       &tm-attrib.opengroup;
       &tm-attrib.sgi;
       &tm-attrib.sun;
       &tm-attrib.general;
     </legalnotice>
 
     <releaseinfo>$FreeBSD$</releaseinfo>
 
     <abstract>
       <para>This is the Frequently Asked Questions
 	<acronym>(FAQ)</acronym> for &os; versions
 	&rel.relx; and &rel2.relx;.  Every effort has been made to
 	make this <acronym>FAQ</acronym> as informative as possible;
 	if you have any suggestions as to how it may be improved, send
 	them to the &a.doc;.</para>
 
       <para>The latest version of this document is always available
 	from the <link
 	  xlink:href="https://www.FreeBSD.org/doc/en_US.ISO8859-1/books/faq/index.html">&os;
 	  website</link>.  It may also be downloaded as one large
 	<link xlink:href="book.html">HTML</link> file with HTTP or as
 	a variety of other formats from the <link
 	  xlink:href="https://download.freebsd.org/ftp/doc/">&os; FTP
 	  server</link>.</para>
     </abstract>
   </info>
 
   <chapter xml:id="introduction">
     <title>Introduction</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="what-is-FreeBSD">
 	  <para>What is &os;?</para>
 	</question>
 
 	<answer>
 	  <para>&os; is a modern operating system for desktops,
 	    laptops, servers, and embedded systems with support for a
 	    large number of  <link
 	      xlink:href="https://www.FreeBSD.org/platforms/">platforms</link>.</para>
 
 	  <para>It is based on U.C. Berkeley's
 	    <quote>4.4BSD-Lite</quote> release, with some
 	    <quote>4.4BSD-Lite2</quote> enhancements.  It is also
 	    based indirectly on William Jolitz's port of U.C.
 	    Berkeley's <quote>Net/2</quote> to the &i386;, known as
 	    <quote>386BSD</quote>, though very little of the 386BSD
 	    code remains.</para>
 
 	  <para>&os; is used by companies, Internet Service Providers,
 	    researchers, computer professionals, students and home
 	    users all over the world in their work, education and
 	    recreation.</para>
 
 	  <para>For more detailed information on &os;, refer to the
 	    <link xlink:href="&url.books.handbook;/index.html">&os;
 	      Handbook</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="FreeBSD-goals">
 	  <para>What is the goal of the &os; Project?</para>
 	</question>
 
 	<answer>
 	  <para>The goal of the &os; Project is to provide a stable
 	    and fast general purpose operating system that may be used
 	    for any purpose without strings attached.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="bsd-license-restrictions">
 	  <para>Does the &os; license have any restrictions?</para>
 	</question>
 
 	<answer>
 	  <para>Yes.  Those restrictions do not control how the code
 	    is used, but how to treat the &os; Project itself.
 	    The license itself is available at
 	    <link
 	      xlink:href="https://www.FreeBSD.org/copyright/freebsd-license.html">license</link>
 	    and can be summarized like this:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>Do not claim that you wrote this.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Do not sue us if it breaks.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Do not remove or modify the license.</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>Many of us have a significant investment in the
 	    project and would certainly not mind a little financial
 	    compensation now and then, but we definitely do not insist
 	    on it.  We believe that our first and foremost
 	    <quote>mission</quote> is to provide code to any and all
 	    comers, and for whatever purpose, so that the code gets
 	    the widest possible use and provides the widest possible
 	    benefit.  This, we believe, is one of the most fundamental
 	    goals of Free Software and one that we enthusiastically
 	    support.</para>
 
 	  <para>Code in our source tree which falls under the <link
 	      xlink:href="https://www.FreeBSD.org/copyright/COPYING">GNU
 	      General Public License (GPL)</link> or <link
 	      xlink:href="https://www.FreeBSD.org/copyright/COPYING.LIB">GNU
 	      Library General Public License (LGPL)</link> comes with
 	    slightly more strings attached, though at least on the
 	    side of enforced access rather than the usual opposite.
 	    Due to the additional complexities that can evolve in the
 	    commercial use of GPL software, we do, however, endeavor
 	    to replace such software with submissions under the more
 	    relaxed <link
 	      xlink:href="https://www.FreeBSD.org/copyright/freebsd-license.html">&os;
 	      license</link> whenever possible.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="replace-current-OS">
 	  <para>Can &os; replace my current operating system?</para>
 	</question>
 
 	<answer>
 	  <para>For most people, yes.  But this question is not quite
 	    that cut-and-dried.</para>
 
 	  <para>Most people do not actually use an operating system.
 	    They use applications.  The applications are what really
 	    use the operating system.  &os; is designed to provide a
 	    robust and full-featured environment for applications.  It
 	    supports a wide variety of web browsers, office suites,
 	    email readers, graphics programs, programming
 	    environments, network servers, and much more.
 	    Most of these applications can be
 	    managed through the <link
 	      xlink:href="https://www.FreeBSD.org/ports/">Ports
 	      Collection</link>.</para>
 
 	  <para>If an application is only available on one operating
 	    system, that operating system cannot just be replaced.
 	    Chances are, there is a very similar application on &os;,
 	    however.  As a solid office or Internet server or a
 	    reliable workstation, &os; will almost certainly do
 	    everything you need.  Many computer users across the
 	    world, including both novices and experienced &unix;
 	    administrators, use &os; as their only desktop operating
 	    system.</para>
 
 	  <para>Users migrating to &os; from another &unix;-like
             environment will find &os; to be similar.
             &windows; and &macos; users may be interested in instead
             using <link
               xlink:href="https://www.furybsd.org/">FuryBSD</link>, 
             <link
               xlink:href="https://ghostbsd.org/">GhostBSD</link> 
             or <link
               xlink:href="https://www.midnightbsd.org/">MidnightBSD</link>
             three &os;-based desktop distributions.  Non-&unix; users
             should expect to invest some additional time learning the
             &unix; way of doing things.  This <acronym>FAQ</acronym>
             and the <link
               xlink:href="&url.books.handbook;/index.html">&os;
             Handbook</link> are excellent places to start.</para>
         </answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="why-called-FreeBSD">
 	  <para>Why is it called &os;?</para>
 	</question>
 
 	<answer>
 	  <itemizedlist>
 	    <listitem>
 	      <para>It may be used free of charge, even by commercial
 		users.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Full source for the operating system is freely
 		available, and the minimum possible restrictions have
 		been placed upon its use, distribution and
 		incorporation into other work (commercial or
 		non-commercial).</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Anyone who has an improvement or bug fix is free
 		to submit their code and have it added to the source
 		tree (subject to one or two obvious
 		provisions).</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>It is worth pointing out that the word
 	    <quote>free</quote> is being used in two ways here: one
 	    meaning <quote>at no cost</quote> and the other meaning
 	    <quote>do whatever you like</quote>.  Apart from
 	    one or two things you <emphasis>cannot</emphasis> do with
 	    the &os; code, for example pretending you wrote it, you
 	    can really do whatever you like with it.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="differences-to-other-bsds">
 	  <para>What are the differences between &os; and NetBSD,
 	    OpenBSD, and other open source BSD operating
 	    systems?</para>
 	</question>
 
 	<answer>
 	  <para>James Howard wrote a good explanation of the history
 	    and differences between the various projects, called <link
 	      xlink:href="https://jameshoward.us/archive/the-bsd-family-tree/">The
 	      BSD Family Tree</link> which goes a fair way to
 	    answering this question.  Some of the information is out
 	    of date, but the history portion in particular remains
 	    accurate.</para>
 
 	  <para>Most of the BSDs share patches and code, even today.
 	    All of the BSDs have common ancestry.</para>
 
 	  <para>The design goals of &os; are described in <xref
 	      linkend="FreeBSD-goals"/>, above.  The design goals of
 	    the other most popular BSDs may be summarized as
 	    follows:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>OpenBSD aims for operating system security above
 		all else.  The OpenBSD team wrote &man.ssh.1; and
 		&man.pf.4;, which have both been ported to
 		&os;.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>NetBSD aims to be easily ported to other hardware
 		platforms.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>DragonFly&nbsp;BSD is a fork of &os;&nbsp;4.8 that
 		has since developed many interesting features of its
 		own, including the HAMMER file system and support for
 		user-mode <quote>vkernels</quote>.</para>
 	    </listitem>
 	  </itemizedlist>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="latest-version">
 	  <para>What is the latest version of &os;?</para>
 	</question>
 
 	<answer>
 	  <para>At any point in the development of &os;, there can be
 	    multiple parallel branches.  &rel.relx; releases are made
 	    from the &rel.stable; branch, and &rel2.relx; releases are
 	    made from the &rel2.stable; branch.</para>
 
 	  <para>Up until the release of 12.0, the &rel2.relx; series
 	    was the one known as <emphasis>-STABLE</emphasis>.
 	    However, as of &rel.head.relx;, the &rel2.relx; branch
 	    will be designated for an <quote>extended support</quote>
 	    status and receive only fixes for major problems, such as
 	    security-related fixes.
 	    <!--There will be no more releases made from the
 	    &rel2.stable; branch, and it is considered a
 	    <quote>legacy</quote> branch and most current work will only
 	    become a part of &rel.stable; and &rel2.stable;.--></para>
 
 	  <para>Releases are made <link linkend="release-freq">every
 	      few months</link>.  While many people stay more
 	    up-to-date with the &os; sources (see the questions on
 	    <link linkend="current">&os.current;</link> and <link
 	      linkend="stable">&os.stable;</link>) than that, doing so
 	    is more of a commitment, as the sources are a moving
 	    target.</para>
 
 	  <para>More information on &os; releases can be found on the
 	    <link
 	      xlink:href="https://www.FreeBSD.org/releng/index.html#release-build">Release
 	      Engineering page</link> and in &man.release.7;.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="current">
 	  <para>What is <emphasis>&os;-CURRENT</emphasis>?</para>
 	</question>
 
 	<answer>
 	  <para><link
 	      xlink:href="&url.books.handbook;/current-stable.html#current">&os.current;</link>
 	    is the development version of the operating system, which
 	    will in due course become the new &os.stable; branch.  As
 	    such, it is really only of interest to developers working
 	    on the system and die-hard hobbyists.  See the <link
 	      xlink:href="&url.books.handbook;/current-stable.html#current">relevant
 	      section</link> in the <link
 	      xlink:href="&url.books.handbook;/index.html">Handbook</link>
 	    for details on running
 	    <emphasis>-CURRENT</emphasis>.</para>
 
 	  <para>Users not familiar with &os; should not use
 	    &os.current;.  This branch sometimes evolves quite quickly
 	    and due to mistake can be un-buildable at times.  People
 	    that use &os.current; are expected to be able to analyze,
 	    debug, and report problems.</para>
 
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="stable">
 	  <para>What is the <emphasis>&os;-STABLE</emphasis>
 	    concept?</para>
 	</question>
 
 	<answer>
 	  <para>
 	    <emphasis>&os;-STABLE</emphasis> is the development branch
 	    from which major releases are made.  Changes go into this
 	    branch at a slower pace and with the general assumption
 	    that they have first been tested in &os;-CURRENT.
 	    However, at any given time, the sources for &os;-STABLE
 	    may or may not be suitable for general use, as it may
 	    uncover bugs and corner cases that were not yet found in
 	    &os;-CURRENT.  Users who do not have the resources to
 	    perform testing should instead run the most recent release
 	    of &os;.
 	    <emphasis>&os;-CURRENT</emphasis>, on the other hand, has
 	    been one unbroken line since 2.0 was released.</para>
 
 	  <para>For more
 	    detailed information on branches see <quote><link
 	      xlink:href="&url.articles.releng;/release-proc.html#rel-branch">&os;
 	      Release Engineering: Creating the Release
 	      Branch</link></quote>, the status of the branches and
 	      the upcoming release schedule can be found on the <link
 	      xlink:href="https://www.FreeBSD.org/releng">Release
 	      Engineering Information</link> page.</para>
 
 	  <para>Version <link
 	      xlink:href="https://download.FreeBSD.org/ftp/releases/amd64/amd64/&rel121.current;-RELEASE/">&rel121.current;</link>
 	    is the latest release from the &rel.stable; branch; it was
 	    released in &rel121.current.date;.  Version <link
 	      xlink:href="https://download.FreeBSD.org/ftp/releases/amd64/amd64/&rel1.current;-RELEASE/">&rel1.current;</link>
 	    is the latest release from the &rel2.stable; branch; it
 	    was released in &rel1.current.date;.</para>
 
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="release-freq">
 	  <para>When are &os; releases made?</para>
 	</question>
 
 	<answer>
 	  <para>The &a.re; releases a new major version of &os; about
 	    every 18 months and a new minor version about every 8
 	    months, on average.  Release dates are announced well in
 	    advance, so that the people working on the system know
 	    when their projects need to be finished and tested.  A
 	    testing period precedes each release, to ensure that the
 	    addition of new features does not compromise the stability
 	    of the release.  Many users regard this caution as one of
 	    the best things about &os;, even though waiting for all
 	    the latest goodies to reach <emphasis>-STABLE</emphasis>
 	    can be a little frustrating.</para>
 
 	  <para>More information on the release engineering process
 	    (including a schedule of upcoming releases) can be found
 	    on the <link
 	      xlink:href="https://www.FreeBSD.org/releng/index.html">release
 	      engineering</link> pages on the &os; Web site.</para>
 
 	  <para>For people who need or want a little more excitement,
 	    binary snapshots are made weekly as discussed
 	    above.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="snapshot-freq">
 	  <para>When are &os; snapshots made?</para>
 	</question>
 
 	<answer>
 	  <para>&os; <link
 	      xlink:href="&url.base;/snapshots/">snapshot</link>
 	    releases are made based on the current state of the
 	    <emphasis>-CURRENT</emphasis> and
 	    <emphasis>-STABLE</emphasis> branches.  The goals behind
 	    each snapshot release are:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>To test the latest version of the installation
 		software.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>To give people who would like to run
 		<emphasis>-CURRENT</emphasis> or
 		<emphasis>-STABLE</emphasis> but who do not have the
 		time or bandwidth to follow it on a day-to-day basis
 		an easy way of bootstrapping it onto their
 		systems.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>To preserve a fixed reference point for the code
 		in question, just in case we break something really
 		badly later.  (Although Subversion normally prevents
 		anything horrible like this happening.)</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>To ensure that all new features and fixes in need
 		of testing have the greatest possible number of
 		potential testers.</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>No claims are made that any
 	    <emphasis>-CURRENT</emphasis> snapshot can be considered
 	    <quote>production quality</quote> for any purpose.
 	    If a stable and fully tested system is needed,
 	    stick to full releases.</para>
 
 	  <para>Snapshot releases are directly available from <link
 	      xlink:href="&url.base;/snapshots/">snapshot</link>.</para>
 
 	  <para>Official snapshots are generated on a regular
 	    basis for all actively developed branches.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="responsible">
 	  <para>Who is responsible for &os;?</para>
 	</question>
 
 	<answer>
 	  <para>The key decisions concerning the &os; project, such as
 	    the overall direction of the project and who is allowed to
 	    add code to the source tree, are made by a <link
 	      xlink:href="&url.base;/administration.html#t-core">core
 	      team</link> of 9 people.  There is a much larger team of
 	    more than 350 <link
 	      xlink:href="&url.articles.contributors;/article.html#staff-committers">committers</link>
 	    who are authorized to make changes directly to the &os;
 	    source tree.</para>
 
 	  <para>However, most non-trivial changes are discussed in
 	    advance in the <link linkend="mailing">mailing
 	      lists</link>, and there are no restrictions on who may
 	    take part in the discussion.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="where-get">
 	  <para>Where can I get &os;?</para>
 	</question>
 
 	<answer>
 	  <para>Every significant release of &os; is available via
 	    anonymous FTP from the <link
 	      xlink:href="https://download.FreeBSD.org/ftp/releases/">&os;
 	      FTP site</link>:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>The latest &rel.stable; release,
 		&rel121.current;-RELEASE can be found in the <link
 		  xlink:href="https://download.FreeBSD.org/ftp/releases/amd64/amd64/&rel121.current;-RELEASE/">&rel121.current;-RELEASE
 		  directory</link>.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para><link
 		  xlink:href="&url.base;/snapshots/">Snapshot</link>
 		releases are made monthly for the <link
 		  linkend="current">-CURRENT</link> and <link
 		  linkend="stable">-STABLE</link> branch, these being
 		of service purely to bleeding-edge testers and
 		developers.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>The latest &rel2.stable; release,
 		&rel1.current;-RELEASE can be found in the <link
 		  xlink:href="https://download.FreeBSD.org/ftp/releases/amd64/amd64/&rel1.current;-RELEASE/">&rel1.current;-RELEASE
 		  directory</link>.</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>Information about obtaining &os; on CD, DVD, and other
 	    media can be found in <link
 	      xlink:href="&url.books.handbook;/mirrors.html">the
 	      Handbook</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="access-pr">
 	  <para>How do I access the Problem Report database?</para>
 	</question>
 
 	<answer>
 	  <para>The Problem Report database of all user change
 	    requests may be queried by using our web-based PR <link
 	      xlink:href="https://bugs.FreeBSD.org/search/">query</link>
 	    interface.</para>
 
 	  <para>The <link
 	      xlink:href="&url.base;/support/bugreports.html">web-based
 	      problem report submission interface</link> can be used
 	    to submit problem reports through a web browser.</para>
 
 	  <para>Before submitting a problem report, read <link
 	      xlink:href="&url.articles.problem-reports;/article.html">Writing
 	      &os; Problem Reports</link>, an article on how to write
 	    good problem reports.</para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="support">
     <title>Documentation and Support</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="books">
 	  <para>What good books are there about &os;?</para>
 	</question>
 
 	<answer>
 	  <para>The project produces a wide range of documentation,
 	    available online from this link: <uri
 	      xlink:href="https://www.FreeBSD.org/docs.html">https://www.FreeBSD.org/docs.html</uri>.
 <!-- TODO suppress this until some future time that the bibliography is updated
 	    In addition, the <link
 	      xlink:href="&url.books.handbook;/bibliography.html">the
 	      bibliography in the Handbook</link> reference other
 	    recommended books.
 -->
 	  </para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="doc-formats">
 	  <para>Is the documentation available in other formats, such
 	    as plain text (ASCII), or &postscript;?</para>
 	</question>
 
 	<answer>
 	  <para>Yes.  The documentation is available in a number of
 	    different formats and compression schemes on the &os; FTP
 	    site, in the <link
 	      xlink:href="https://download.freebsd.org/ftp/doc/">/pub/FreeBSD/doc/</link>
 	    directory.</para>
 
 	  <para>The documentation is categorized in a number of
 	    different ways.  These include:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>The document's name, such as
 		<literal>faq</literal>, or
 		<literal>handbook</literal>.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>The document's language and encoding.  These are
 		based on the locale names found under
 		<filename>/usr/share/locale</filename> on a &os;
 		system.  The current languages and encodings
 		are as follows:</para>
 
 	      <informaltable frame="none" pgwide="1">
 		<tgroup cols="2">
 		  <thead>
 		    <row>
 		      <entry>Name</entry>
 
 		      <entry>Meaning</entry>
 		    </row>
 		  </thead>
 
 		  <tbody>
 		    <row>
 		      <entry><literal>en_US.ISO8859-1</literal></entry>
 
 		      <entry>English (United States)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>bn_BD.ISO10646-1</literal></entry>
 
 		      <entry>Bengali or Bangla (Bangladesh)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>da_DK.ISO8859-1</literal></entry>
 
 		      <entry>Danish (Denmark)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>de_DE.ISO8859-1</literal></entry>
 
 		      <entry>German (Germany)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>el_GR.ISO8859-7</literal></entry>
 
 		      <entry>Greek (Greece)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>es_ES.ISO8859-1</literal></entry>
 
 		      <entry>Spanish (Spain)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>fr_FR.ISO8859-1</literal></entry>
 
 		      <entry>French (France)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>hu_HU.ISO8859-2</literal></entry>
 
 		      <entry>Hungarian (Hungary)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>it_IT.ISO8859-15</literal></entry>
 
 		      <entry>Italian (Italy)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>ja_JP.eucJP</literal></entry>
 
 		      <entry>Japanese (Japan, EUC encoding)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>ko_KR.UTF-8</literal></entry>
 
 		      <entry>Korean (Korea, UTF-8 encoding)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>mn_MN.UTF-8</literal></entry>
 
 		      <entry>Mongolian (Mongolia, UTF-8
 			encoding)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>nl_NL.ISO8859-1</literal></entry>
 
 		      <entry>Dutch (Netherlands)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>pl_PL.ISO8859-2</literal></entry>
 
 		      <entry>Polish (Poland)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>pt_BR.ISO8859-1</literal></entry>
 
 		      <entry>Portuguese (Brazil)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>ru_RU.KOI8-R</literal></entry>
 
 		      <entry>Russian (Russia, KOI8-R encoding)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>tr_TR.ISO8859-9</literal></entry>
 
 		      <entry>Turkish (Turkey)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>zh_CN.UTF-8</literal></entry>
 
 		      <entry>Simplified Chinese (China, UTF-8
 			encoding)</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>zh_TW.UTF-8</literal></entry>
 
 		      <entry>Traditional Chinese (Taiwan, UTF-8
 			encoding)</entry>
 		    </row>
 		  </tbody>
 		</tgroup>
 	      </informaltable>
 
 	      <note>
 		<para>Some documents may not be available in all
 		  languages.</para>
 	      </note>
 	    </listitem>
 
 	    <listitem>
 	      <para>The document's format.  We produce the
 		documentation in a number of different output formats.
 		Each format has its own advantages and disadvantages.
 		Some formats are better suited for online reading,
 		while others are meant to be aesthetically pleasing
 		when printed on paper.  Having the documentation
 		available in any of these formats ensures that our
 		readers will be able to read the parts they are
 		interested in, either on their monitor, or on paper
 		after printing the documents.  The currently available
 		formats are:</para>
 
 	      <informaltable frame="none" pgwide="1">
 		<tgroup cols="2">
 		  <thead>
 		    <row>
 		      <entry>Format</entry>
 
 		      <entry>Meaning</entry>
 		    </row>
 		  </thead>
 
 		  <tbody>
 		    <row>
 		      <entry><literal>html-split</literal></entry>
 
 		      <entry>A collection of small, linked, HTML
 			files.</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>html</literal></entry>
 
 		      <entry>One large HTML file containing the entire
 			document</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>pdf</literal></entry>
 
 		      <entry>Adobe's Portable Document Format</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>ps</literal></entry>
 
 		      <entry>&postscript;</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>rtf</literal></entry>
 
 		      <entry>&microsoft;'s Rich Text Format</entry>
 		    </row>
 
 		    <row>
 		      <entry><literal>txt</literal></entry>
 
 		      <entry>Plain text</entry>
 		    </row>
 		  </tbody>
 		</tgroup>
 	      </informaltable>
 
 	      <note>
 		<para>Page numbers are not automatically updated when
 		  loading Rich Text Format into Word.  Press <keycombo
 		    action="simul"><keycap>Ctrl</keycap><keycap>A</keycap></keycombo>,
 		  <keycombo
 		    action="simul"><keycap>Ctrl</keycap><keycap>End</keycap></keycombo>,
 		  <keycap>F9</keycap> after loading the document, to
 		  update the page numbers.</para>
 	      </note>
 	    </listitem>
 
 	    <listitem>
 	      <para>The compression and packaging scheme.</para>
 
 	      <orderedlist>
 		<listitem>
 		  <para>Where the format is
 		    <literal>html-split</literal>, the files are
 		    bundled up using &man.tar.1;.  The resulting
 		    <filename>.tar</filename> is then compressed
 		    using the compression schemes detailed in the next
 		    point.</para>
 		</listitem>
 
 		<listitem>
 		  <para>All the other formats generate one file.  For
 		    example,
 		    <filename>article.pdf</filename>,
 		    <filename>book.html</filename>, and so on.</para>
 
 		  <para>These files are then compressed using either
 		    the <literal>zip</literal> or
 		    <literal>bz2</literal> compression schemes.
 		    &man.tar.1; can be used to uncompress these
 		    files.</para>
 
 		  <para>So the &postscript; version of the Handbook,
 		    compressed using <literal>bzip2</literal> will be
 		    stored in a file called
 		    <filename>book.ps.bz2</filename> in the
 		    <filename>handbook/</filename> directory.</para>
 		</listitem>
 	      </orderedlist>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>After choosing the format and compression mechanism,
 	    download the
 	    compressed files, uncompress them, and then copy
 	    the appropriate documents into place.</para>
 
 	  <para>For example, the split HTML version of the
 	    <acronym>FAQ</acronym>, compressed using &man.bzip2.1;,
 	    can be found in
 	    <filename>doc/en_US.ISO8859-1/books/faq/book.html-split.tar.bz2</filename>
 	    To download and uncompress that file, type:</para>
 
 	  <screen>&prompt.root; <userinput>fetch https://download.freebsd.org/ftp/doc/en_US.ISO8859-1/books/faq/book.html-split.tar.bz2</userinput>
 &prompt.root; <userinput>tar xvf book.html-split.tar.bz2</userinput></screen>
 
 	  <para>If the file is compressed,
 	    <application>tar</application> will automatically
 	    detect the appropriate format and decompress it correctly,
 	    resulting in a collection of
 	    <filename>.html</filename> files.  The main one is called
 	    <filename>index.html</filename>, which will contain the
 	    table of contents, introductory material, and links to the
 	    other parts of the document.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="mailing">
 	  <para>Where do I find info on the &os; mailing lists?  What
 	    &os; news groups are available?</para>
 	</question>
 
 	<answer>
 	  <para>Refer to the <link
 	      xlink:href="&url.books.handbook;/eresources.html#eresources-mail">Handbook
 	      entry on mailing-lists</link> and the <link
 	      xlink:href="&url.books.handbook;/eresources-news.html">Handbook
 	      entry on newsgroups</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="irc">
 	  <para>Are there &os; IRC (Internet Relay Chat)
 	    channels?</para>
 	</question>
 
 	<answer>
 	  <para>Yes, most major IRC networks host a &os; chat
 	    channel:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>Channel <literal>#FreeBSDhelp</literal> on <link
 		  xlink:href="http://www.efnet.org/index.php">EFNet</link>
 		is a channel dedicated to helping &os; users.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Channel <literal>#FreeBSD</literal> on <link
 		  xlink:href="http://freenode.net/">Freenode</link> is
 		a general help channel with many users at any time.
 		The conversations have been known to run off-topic for
 		a while, but priority is given to users with &os;
 		questions.  Other users can help with
 		the basics, referring to the Handbook whenever
 		possible and providing links for learning more about
 		a particular topic.  This is primarily an English
 		speaking channel, though it does have users from all
 		over the world.  Non-native English speakers should
 		try to ask the question in English first and then
 		relocate to <literal>##freebsd-lang</literal> as
 		appropriate.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Channel <literal>#FreeBSD</literal> on <link
 		  xlink:href="http://www.dal.net/">DALNET</link> is
 		available at <systemitem>irc.dal.net</systemitem> in
 		the US and <systemitem>irc.eu.dal.net</systemitem> in
 		Europe.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Channel <literal>#FreeBSD</literal> on <link
 		  xlink:href="http://www.undernet.org/">UNDERNET</link>
 		is available at
 		<systemitem>us.undernet.org</systemitem> in the US and
 		<systemitem>eu.undernet.org</systemitem> in Europe.
 		Since it is a help channel, be prepared to read the
 		documents you are referred to.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Channel <literal>#FreeBSD</literal> on <link
 		  xlink:href="http://www.rusnet.org.ru/">RUSNET</link>
 		is a Russian language channel dedicated to
 		helping &os; users.  This is also good place for
 		non-technical discussions.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Channel <literal>#bsdchat</literal> on <link
 		  xlink:href="http://freenode.net/">Freenode</link> is
 		a Traditional Chinese (UTF-8 encoding) language
 		channel dedicated to helping &os; users.
 		This is also good place for non-technical
 		discussions.</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>The &os; wiki has a <link
 	      xlink:href="https://wiki.freebsd.org/IRC/Channels">good
 	      list</link> of IRC channels.</para>
 
 	  <para>Each of these channels are distinct and are not
 	    connected to each other.  Since their chat styles differ,
 	    try each to find one suited to your
 	    chat style.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="forums">
 	  <para>Are there any web based forums to discuss &os;?</para>
 	</question>
 	<answer>
 	  <para>The official &os; forums are located at <link
 	      xlink:href="https://forums.FreeBSD.org/">https://forums.FreeBSD.org/</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="training">
 	  <para>Where can I get commercial &os; training and
 	    support?</para>
 	</question>
 
 	<answer>
 	  <para><link xlink:href="http://www.ixsystems.com">iXsystems,
 	      Inc.</link>, parent company of the <link
 	      xlink:href="http://www.freebsdmall.com/">&os;
 	      Mall</link>, provides commercial &os; and TrueOS
 	    software <link
 	      xlink:href="http://www.ixsystems.com/support">support</link>,
 	    in addition to &os; development and tuning
 	    solutions.</para>
 
 	  <para>BSD Certification Group, Inc. provides system
 	    administration certifications for DragonFly&nbsp;BSD,
 	    &os;, NetBSD, and OpenBSD.  Refer to <link
 	      xlink:href="http://www.BSDCertification.org">their
 	      site</link> for more information.</para>
 
 	  <para>Any other organizations providing training and support
 	    should contact the Project to be listed here.</para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="install">
     <info>
       <title>Installation</title>
 
       <author>
 	<personname>
 	  <firstname>Nik</firstname>
 	  <surname>Clayton</surname>
 	</personname>
 	<affiliation>
 	  <address>
 	    <email>nik@FreeBSD.org</email>
 	  </address>
 	</affiliation>
       </author>
     </info>
 
     <qandaset>
 
       <qandaentry>
 	<question xml:id="which-architecture">
 	  <para>Which platform should I download? I have a 64
 	    bit capable &intel; CPU,
 	    but I only see <literal>amd64</literal>.</para>
 	</question>
 
 	<answer>
 	  <para>&arch.amd64; is the term &os; uses for 64-bit
 	    compatible x86 architectures (also known as "x86-64" or
 	    "x64").  Most modern computers should use &arch.amd64;.
 	    Older hardware should use &arch.i386;.  When installing
 	    on a non-x86-compatible architecture, select the
 	    platform which best matches the hardware.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="floppy-download">
 	  <para>Which file do I download to get &os;?</para>
 	</question>
 
 	<answer>
 	  <para>On the <link
 	      xlink:href="https://www.freebsd.org/where.html">Getting
 	      &os;</link> page, select <literal>[iso]</literal> next
 	    to the architecture that matches the hardware.</para>
 
 	  <para>Any of the following can be used:</para>
 
 	  <informaltable frame="none" pgwide="1">
 	    <tgroup cols="2">
 	      <thead>
 		<row>
 		  <entry>file</entry>
 		  <entry>description</entry>
 		</row>
 	      </thead>
 
 	      <tbody>
 		<row>
 		  <entry><filename>disc1.iso</filename></entry>
 		  <entry>Contains enough to install &os; and
 		    a minimal set of packages.</entry>
 		</row>
 
 		<row>
 		  <entry><filename>dvd1.iso</filename></entry>
 		  <entry>Similar to <filename>disc1.iso</filename>
 		    but with additional packages.</entry>
 		</row>
 
 		<row>
 		  <entry><filename>memstick.img</filename></entry>
 		  <entry>A bootable image sufficient for writing to a
 		    USB stick.</entry>
 		</row>
 
 		<row>
 		  <entry><filename>bootonly.iso</filename></entry>
 		  <entry>A minimal image that requires network access
 		    during installation to completely install
 		    &os;.</entry>
 		</row>
 	      </tbody>
 	    </tgroup>
 	  </informaltable>
 
 	  <para>Full instructions on this procedure and a little bit
 	    more about installation issues in general can be found in
 	    the <link
 	      xlink:href="&url.books.handbook;/bsdinstall.html">Handbook
 	      entry on installing &os;</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="floppy-image-too-large">
 	  <para>What do I do if the install image does not
 	    boot?</para>
 	</question>
 
 	<answer>
 	  <para>This can be caused by not downloading the image in
 	    <emphasis>binary</emphasis> mode when using
 	    <acronym>FTP</acronym>.</para>
 
 	  <para>Some FTP clients default their transfer mode to
 	    <emphasis>ascii</emphasis> and attempt to change any
 	    end-of-line characters received to match the
 	    conventions used by the client's system.  This will
 	    almost invariably corrupt the boot image.  Check the
 	    SHA-256 checksum of the downloaded boot image: if it
 	    is not <emphasis>exactly</emphasis> that on the
 	    server, then the download process is suspect.</para>
 
 	  <para>When using a command line FTP client, type
 	    <emphasis>binary</emphasis> at the FTP command prompt
 	    after getting connected to the server and before
 	    starting the download of the image.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="install-instructions-location">
 	  <para>Where are the instructions for installing &os;?</para>
 	</question>
 
 	<answer>
 	  <para>Installation instructions
 	    can be found at <link
 	      xlink:href="&url.books.handbook;/bsdinstall.html">Handbook
 	      entry on installing &os;</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="custom-boot-floppy">
 	  <para>How can I make my own custom release or install
 	    disk?</para>
 	</question>
 
 	<answer>
 	  <para>Customized &os; installation media can be created by
 	    building a custom release.  Follow the instructions in the
 	    <link
 	      xlink:href="&url.articles.releng;/article.html">Release
 	      Engineering</link> article.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="windows-coexist">
 	  <para>Can &windows; co-exist with &os;? (x86-specific)</para>
 	</question>
 
 	<answer>
 	  <para>If &windows; is installed first, then yes.  &os;'s
 	    boot manager will then manage to boot &windows; and &os;.
 	    If &windows; is installed afterwards, it will
 	    overwrite the boot manager.  If that
 	    happens, see the next section.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="bootmanager-restore">
 	  <para>Another operating system destroyed my Boot Manager.
 	    How do I get it back? (x86-specific)</para>
 	</question>
 
 	<answer>
 	  <para>This depends upon the boot manager.
 	    The &os; boot selection menu can be reinstalled using
 	    &man.boot0cfg.8;.  For example, to restore the boot menu
 	    onto the disk <replaceable>ada0</replaceable>:</para>
 
 	  <screen>&prompt.root; <userinput>boot0cfg -B ada0</userinput></screen>
 
 	  <para>The non-interactive MBR bootloader can be installed
 	    using &man.gpart.8;:</para>
 
 	  <screen>&prompt.root; <userinput>gpart bootcode -b /boot/mbr ada0</userinput></screen>
 
 	  <para>For more complex situations, including GPT disks, see
 	    &man.gpart.8;.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="need-complete-sources">
 	  <para>Do I need to install the source?</para>
 	</question>
 
 	<answer>
 	  <para>In general, no.  There is nothing in the base system
 	    which requires the presence of the source to operate.
 	    Some ports, like <package>sysutils/lsof</package>, will
 	    not build unless the source is installed.  In particular,
 	    if the port builds a kernel module or directly operates on
 	    kernel structures, the source must be installed.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="need-kernel">
 	  <para>Do I need to build a kernel?</para>
 	</question>
 
 	<answer>
 	  <para>Usually not.  The supplied <literal>GENERIC</literal>
 	    kernel contains the drivers an ordinary computer will
 	    need.  &man.freebsd-update.8;, the &os; binary upgrade
 	    tool, cannot upgrade custom kernels, another reason to
 	    stick with the <literal>GENERIC</literal> kernel when
 	    possible.  For computers with very limited RAM, such as
 	    embedded systems, it may be worthwhile to build a smaller
 	    custom kernel containing just the required drivers.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="password-encryption">
 	  <para>Should I use DES, Blowfish, or MD5 passwords and how
 	    do I specify which form my users receive?</para>
 	</question>
 
 	<answer>
 	  <para>&os; uses
 	    <emphasis>SHA512</emphasis> by
 	    default.  DES
 	    passwords are still available for backwards compatibility
 	    with operating systems that still
 	    use the less secure password format.  &os; also supports
 	    the Blowfish and MD5 password formats.  Which
 	    password format to use for new passwords is controlled by
 	    the <literal>passwd_format</literal> login capability in
 	    <filename>/etc/login.conf</filename>, which takes values
 	    of <literal>des</literal>, <literal>blf</literal> (if
 	    these are available) or <literal>md5</literal>.  See the
 	    &man.login.conf.5; manual page for more information about
 	    login capabilities.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="ffs-limits">
 	  <para>What are the limits for FFS file systems?</para>
 	</question>
 
 	<answer>
 	  <para>For FFS file systems, the largest file system is
 	    practically limited by the amount of memory required to
 	    &man.fsck.8; the file system.  &man.fsck.8; requires one
 	    bit per fragment, which with the default fragment size of
 	    4&nbsp;KB equates to 32&nbsp;MB of memory per TB of disk.
 	    This does mean that on architectures which limit userland
 	    processes to 2&nbsp;GB (e.g., &i386;), the maximum
 	    &man.fsck.8;'able filesystem is ~60&nbsp;TB.</para>
 
 	  <para>If there was not a &man.fsck.8; memory limit the
 	    maximum filesystem size would be 2&nbsp;^&nbsp;64 (blocks)
 	    * 32&nbsp;KB => 16 Exa * 32&nbsp;KB => 512
 	    ZettaBytes.</para>
 
 	  <para>The maximum size of a single FFS file is approximately
 	    2&nbsp;PB with the default block size of 32&nbsp;KB.  Each
 	    32&nbsp;KB block can point to 4096 blocks.  With triple
 	    indirect blocks, the calculation is 32&nbsp;KB * 12 +
 	    32&nbsp;KB * 4096 + 32&nbsp;KB * 4096^2 + 32&nbsp;KB *
 	    4096^3.  Increasing the block size to 64&nbsp;KB will
 	    increase the max file size by a factor of 16.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="archsw-readin-failed-error">
 	  <para>Why do I get an error message, <errorname>readin
 	      failed</errorname> after compiling and booting a new
 	    kernel?</para>
 	</question>
 
 	<answer>
 	  <para>The world and kernel are out of sync.  This
 	    is not supported.  Be sure to use <command>make
 	      buildworld</command> and <command>make
 	      buildkernel</command> to update the kernel.</para>
 
 	  <para>Boot the system by specifying the kernel directly at
 	    the second stage, pressing any key when the
 	    <literal>|</literal> shows up before loader is
 	    started.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="general-configuration-tool">
 	  <para>Is there a tool to perform post-installation
 	    configuration tasks?</para>
 	</question>
 
 	<answer>
 	  <para>Yes.  <application>bsdconfig</application> provides a
 	    nice interface to configure &os; post-installation.</para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="hardware">
     <title>Hardware Compatibility</title>
 
     <sect1 xml:id="compatibility-general">
       <title>General</title>
 
       <qandaset>
 	<qandaentry>
 	  <question xml:id="which-hardware-to-get">
 	    <para>I want to get a piece of hardware for my &os;
 	      system.  Which model/brand/type is best?</para>
 	  </question>
 
 	  <answer>
 	    <para>This is discussed continually on the &os; mailing
 	      lists but is to be expected since hardware changes so
 	      quickly.  Read through the Hardware&nbsp;Notes
 	      for &os; <link
 		xlink:href="&rel121.current.hardware;">&rel121.current;</link>
 	      or <link
 		xlink:href="&rel1.current.hardware;">&rel1.current;</link>
 	      and search the mailing list <link
 		xlink:href="https://www.FreeBSD.org/search/#mailinglists">archives</link>
 	      before asking about the latest and greatest hardware.
 	      Chances are a discussion about that type of hardware
 	      took place just last week.</para>
 
 	    <para>Before purchasing a laptop, check the archives for
 	      &a.mobile; and &a.questions;, or possibly a specific
 	      mailing list for a particular hardware type.</para>
 	  </answer>
 	</qandaentry>
 
 	<qandaentry>
 	  <question xml:id="memory-upper-limitation">
 	    <para>What are the limits for memory?</para>
 	  </question>
 
 	  <answer>
 	    <para>&os; as an operating system generally supports
 	      as much physical memory (RAM) as the platform it is
 	      running on does.  Keep in mind that different platforms
 	      have different limits for memory; for example &i386;
 	      without <acronym>PAE</acronym> supports at most
 	      4&nbsp;GB of memory (and usually less than that because
 	      of PCI address space) and &i386; with PAE supports at
 	      most 64&nbsp;GB memory.  As of &os;&nbsp;10, AMD64
 	      platforms support up to 4&nbsp;TB of physical
 	      memory.</para>
 	  </answer>
 	</qandaentry>
 
 	<qandaentry>
 	  <question xml:id="memory-i386-over-4gb">
 	    <para>Why does &os; report less than 4&nbsp;GB memory when
 	      installed on an &i386; machine?</para>
 	  </question>
 
 	  <answer>
 	    <para>The total address space on &i386; machines is
 	      32-bit, meaning that at most 4&nbsp;GB of memory is
 	      addressable (can be accessed).  Furthermore, some
 	      addresses in this range are reserved by hardware for
 	      different purposes, for example for using and
 	      controlling PCI devices, for accessing video memory, and
 	      so on.  Therefore, the total amount of memory usable by
 	      the operating system for its kernel and applications is
 	      limited to significantly less than 4&nbsp;GB.  Usually,
 	      3.2&nbsp;GB to 3.7&nbsp;GB is the maximum usable
 	      physical memory in this configuration.</para>
 
 	    <para>To access more than 3.2&nbsp;GB to 3.7&nbsp;GB of
 	      installed memory (meaning up to 4&nbsp;GB but also more
 	      than 4&nbsp;GB), a special tweak called
 	      <acronym>PAE</acronym> must be used.  PAE stands for
 	      Physical Address Extension and is a way for 32-bit x86
 	      CPUs to address more than 4&nbsp;GB of memory.  It
 	      remaps the memory that would otherwise be overlaid by
 	      address reservations for hardware devices above the
 	      4&nbsp;GB range and uses it as additional physical
 	      memory (see &man.pae.4;).  Using PAE has some drawbacks;
 	      this mode of memory access is a little bit slower than
 	      the normal (without PAE) mode and loadable modules (see
 	      &man.kld.4;) are not supported.  This means all drivers
 	      must be compiled into the kernel.</para>
 
 	    <para>The most common way to enable PAE is to build a new
 	      kernel with the special ready-provided kernel
 	      configuration file called <filename>PAE</filename>,
 	      which is already configured to build a safe kernel.
 	      Note that some entries in this kernel configuration file
 	      are too conservative and some drivers marked as unready
 	      to be used with PAE are actually usable.  A rule of
 	      thumb is that if the driver is usable on 64-bit
 	      architectures (like AMD64), it is also usable with PAE.
 	      When creating a custom kernel configuration
 	      file, PAE can be enabled by adding the following
 	      line:</para>
 
 	    <programlisting>options       PAE</programlisting>
 
 	    <para>PAE is not much used nowadays because most new x86
 	      hardware also supports running in 64-bit mode, known as
 	      AMD64 or &intel;&nbsp;64.  It has a much larger address
 	      space and does not need such tweaks.  &os; supports
 	      AMD64 and it is recommended that this version of &os; be
 	      used instead of the &i386; version if 4&nbsp;GB or more
 	      memory is required.</para>
 	  </answer>
 	</qandaentry>
       </qandaset>
     </sect1>
 
     <sect1 xml:id="compatibility-processors">
       <title>Architectures and Processors</title>
 
       <qandaset>
 	<qandaentry>
 	  <question xml:id="architectures">
 	    <para>Does &os; support architectures other than the
 	      x86?</para>
 	  </question>
 
 	  <answer>
 	    <para>Yes.  &os; divides support into multiple tiers.
 	      Tier 1 architectures, such as i386 or amd64; are fully
 	      supported.  Tiers 2 and 3 are supported on a
 	      best-effort basis.  A full explanation of the tier
 	      system is available in the <link
 		xlink:href="&url.articles.committers-guide;/archs.html">Committer's
 		Guide.</link></para>
 
 	    <para>A complete  list of supported architectures can be
 	      found on the <link
 		xlink:href="https://www.FreeBSD.org/platforms/">platforms
 		page.</link></para>
 	  </answer>
 	</qandaentry>
 
 	<qandaentry>
 	  <question xml:id="smp-support">
 	    <para>Does &os; support Symmetric Multiprocessing
 	      (SMP)?</para>
 	  </question>
 
 	  <answer>
 	    <para>&os; supports symmetric multi-processor (SMP) on all
 	      non-embedded platforms (e.g, &arch.i386;, &arch.amd64;,
 	      etc.).  SMP is also supported in arm and MIPS kernels,
 	      although some CPUs may not support this.  &os;'s SMP
 	      implementation uses fine-grained locking, and
 	      performance scales nearly linearly with number of
 	      CPUs.</para>
 
 	    <para>&man.smp.4; has more details.</para>
 	  </answer>
 	</qandaentry>
 
 	<qandaentry>
 	  <question xml:id="microcode">
 	    <para>What is microcode?
 	      How do I install &intel; CPU microcode updates?</para>
 	  </question>
 
 	  <answer>
 	    <para>Microcode is a method of programmatically
 	      implementing hardware level instructions.  This allows
 	      for CPU bugs to be fixed without replacing the on board
 	      chip.</para>
 
 	    <para>Install <package>sysutils/devcpu-data</package>,
 	      then add:</para>
 
 	    <programlisting>microcode_update_enable="YES"</programlisting>
 
 	    <para>to <filename>/etc/rc.conf</filename></para>
 	  </answer>
 	</qandaentry>
       </qandaset>
     </sect1>
 
     <sect1 xml:id="compatibility-peripherals">
       <title>Peripherals</title>
 
       <qandaset>
 	<qandaentry>
 	  <question xml:id="supported-peripherals">
 	    <para>What kind of peripherals does &os; support?</para>
 	  </question>
 
 	  <answer>
 	    <para>See the complete list in the Hardware Notes for &os;
 	      <link
 		xlink:href="&rel121.current.hardware;">&rel121.current;</link>
 	      or <link
 		xlink:href="&rel1.current.hardware;">&rel1.current;</link>.</para>
 	  </answer>
 	</qandaentry>
       </qandaset>
     </sect1>
 
     <sect1 xml:id="compatibility-kbd-mice">
       <title>Keyboards and Mice</title>
 
       <qandaset>
 	<qandaentry>
 	  <question xml:id="moused">
 	    <para>Is it possible to use a mouse outside the
 	      X Window system?</para>
 	  </question>
 
 	  <answer>
 	    <para>The default console driver,
 	      &man.syscons.4;, provides the ability to use a mouse
 	      pointer in text consoles to cut &amp; paste text.  Run
 	      the mouse daemon, &man.moused.8;, and turn on the mouse
 	      pointer in the virtual console:</para>
 
 	    <screen>&prompt.root; <userinput>moused -p /dev/xxxx -t yyyy</userinput>
 &prompt.root; <userinput>vidcontrol -m on</userinput></screen>
 
 	    <para>Where <replaceable>xxxx</replaceable> is the mouse
 	      device name and <replaceable>yyyy</replaceable> is a
 	      protocol type for the mouse.  The mouse daemon can
 	      automatically determine the protocol type of most mice,
 	      except old serial mice.  Specify the
 	      <literal>auto</literal> protocol to invoke automatic
 	      detection.  If automatic detection does not work, see
 	      the &man.moused.8; manual page for a list of supported
 	      protocol types.</para>
 
 	    <para>For a PS/2 mouse, add
 	      <literal>moused_enable="YES"</literal> to
 	      <filename>/etc/rc.conf</filename> to start the mouse
 	      daemon at boot time.  Additionally, to
 	      use the mouse daemon on all virtual terminals instead of
 	      just the console, add <literal>allscreens_flags="-m
 		on"</literal> to
 	      <filename>/etc/rc.conf</filename>.</para>
 
 	    <para>When the mouse daemon is running, access to the
 	      mouse must be coordinated between the mouse daemon and
 	      other programs such as X Windows.  Refer to the
 	      <acronym>FAQ</acronym>
 	      <link linkend="x-and-moused">Why does my mouse not work
 		with X?</link> for more details on this issue.</para>
 	  </answer>
 	</qandaentry>
 
 	<qandaentry>
 	  <question xml:id="text-mode-cut-paste">
 	    <para>How do I cut and paste text with a mouse in the text
 	      console?</para>
 	  </question>
 
 	  <answer>
 	    <para>It is not possible to remove data using the mouse.
 	      However, it is possible to copy and paste.  Once the
 	      mouse daemon is running as described in the <link
 		linkend="moused">previous question</link>, hold down
 	      button 1 (left button) and move the mouse to select a
 	      region of text.  Then, press button 2 (middle button) to
 	      paste it at the text cursor.  Pressing button 3 (right
 	      button) will <quote>extend</quote> the selected region
 	      of text.</para>
 
 	    <para>If the mouse does not have a middle button, it is
 	      possible to emulate one or remap buttons using mouse
 	      daemon options.  See the &man.moused.8; manual page for
 	      details.</para>
 	  </answer>
 	</qandaentry>
 
 	<qandaentry>
 	  <question xml:id="mouse-wheel-buttons">
 	    <para>My mouse has a fancy wheel and buttons.  Can I use
 	      them in &os;?</para>
 	  </question>
 
 	  <answer>
 	    <para>The answer is, unfortunately, <quote>It
 		depends</quote>.  These mice with additional features
 	      require specialized driver in most cases.  Unless the
 	      mouse device driver or the user program has specific
 	      support for the mouse, it will act just like a standard
 	      two, or three button mouse.</para>
 
 	    <para>For the possible usage of wheels in the X Window
 	      environment, refer to <link
 		linkend="x-and-wheel">that section</link>.</para>
 	  </answer>
 	</qandaentry>
 
 	<qandaentry>
 	  <question xml:id="keyboard-delete-key">
 	    <para>How do I use my delete key in <command>sh</command>
 	      and <command>csh</command>?</para>
 	  </question>
 
 	  <answer>
 	    <para>For the <application>Bourne Shell</application>, add
 	      the following lines to <filename>~/.shrc</filename>.
 	      See &man.sh.1; and &man.editrc.5;.</para>
 
             <programlisting>bind ^[[3~ ed-delete-next-char # for xterm</programlisting>
 
 	    <para>For the <application>C Shell</application>, add the
 	      following lines to <filename>~/.cshrc</filename>.
 	      See &man.csh.1;.</para>
 
             <programlisting>bindkey ^[[3~ delete-char # for xterm</programlisting>
 
 	  </answer>
 	</qandaentry>
       </qandaset>
     </sect1>
 
     <sect1 xml:id="compatibility-other">
       <title>Other Hardware</title>
 
       <qandaset>
 	<qandaentry>
 	  <question xml:id="es1370-silent-pcm">
 	    <para>Workarounds for no sound from my &man.pcm.4; sound
 	      card?</para>
 	  </question>
 
 	  <answer>
 	    <para>Some sound cards set their output volume to 0 at
 	      every boot.  Run the following command every time the
 	      machine boots:</para>
 
 	    <screen>&prompt.root; <userinput>mixer pcm 100 vol 100 cd 100</userinput></screen>
 	  </answer>
 	</qandaentry>
 
 	<qandaentry>
 	  <question xml:id="power-management-support">
 	    <para>Does &os; support power management on my
 	      laptop?</para>
 	  </question>
 
 	  <answer>
 	    <para>&os; supports the <acronym>ACPI</acronym> features
 	      found in modern hardware.  Further information can be
 	      found in &man.acpi.4;.</para>
 	  </answer>
 	</qandaentry>
       </qandaset>
     </sect1>
   </chapter>
 
   <chapter xml:id="troubleshoot">
     <title>Troubleshooting</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="pae">
 	  <para>Why is &os; finding the wrong amount of memory on
 	    &i386; hardware?</para>
 	</question>
 
 	<answer>
 	  <para>The most likely reason is the difference between
 	    physical memory addresses and virtual addresses.</para>
 
 	  <para>The convention for most PC hardware is to use the
 	    memory area between 3.5&nbsp;GB and 4&nbsp;GB for a
 	    special purpose (usually for PCI).  This address space is
 	    used to access PCI hardware.  As a result real, physical
 	    memory cannot be accessed by that address space.</para>
 
 	  <para>What happens to the memory that should appear in that
 	    location is hardware dependent.  Unfortunately,
 	    some hardware does nothing and the ability to use that
 	    last 500&nbsp;MB of RAM is entirely lost.</para>
 
 	  <para>Luckily, most hardware remaps the memory to a higher
 	    location so that it can still be used.  However, this can
 	    cause some confusion when watching the boot
 	    messages.</para>
 
 	  <para>On a 32-bit version of &os;, the memory appears lost,
 	    since it will be remapped above 4&nbsp;GB, which a 32-bit
 	    kernel is unable to access.  In this case, the solution is
 	    to build a PAE enabled kernel.  See the entry on memory
 	    limits for more information.</para>
 
 	  <para>On a 64-bit version of &os;, or when running a
 	    PAE-enabled kernel, &os; will correctly detect and remap
 	    the memory so it is usable.  During boot, however, it may
 	    seem as if &os; is detecting more memory than the system
 	    really has, due to the described remapping.  This is
 	    normal and the available memory will be corrected as the
 	    boot process completes.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="signal11">
 	  <para>Why do my programs occasionally die with
 	    <errorname>Signal 11</errorname> errors?</para>
 	</question>
 
 	<answer>
 	  <para>Signal 11 errors are caused when a process has
 	    attempted to access memory which the operating system has
 	    not granted it access to.  If something like this is
 	    happening at seemingly random intervals,
 	    start investigating the cause.</para>
 
 	  <para>These problems can usually be attributed to
 	    either:</para>
 
 	  <orderedlist>
 	    <listitem>
 	      <para>If the problem is occurring only in a specific
 		custom application, it is
 		probably a bug in the code.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>If it is a problem with part of the base &os;
 		system, it may also be buggy code, but more often than
 		not these problems are found and fixed long before us
 		general <acronym>FAQ</acronym> readers get to use
 		these bits of code (that is what -CURRENT is
 		for).</para>
 	    </listitem>
 	  </orderedlist>
 
 	  <para>It is probably
 	    not a &os; bug if the
 	    problem occurs compiling a program, but the activity
 	    that the compiler is carrying out changes each
 	    time.</para>
 
 	  <para>For example, if <command>make
 	      buildworld</command> fails while trying
 	    to compile <filename>ls.c</filename> into
 	    <filename>ls.o</filename> and, when run again, it fails
 	    in the same place, this is a broken build.  Try
 	    updating source and try again.  If the compile fails
 	    elsewhere, it is almost certainly due to hardware.</para>
 
 	  <para>In the first case, use a debugger such as
 	    &man.gdb.1; to find the point in the program which is
 	    attempting to access a bogus address and fix
 	    it.</para>
 
 	  <para>In the second case, verify which piece of
 	    hardware is at fault.</para>
 
 	  <para>Common causes of this include:</para>
 
 	  <orderedlist>
 	    <listitem>
 	      <para>The hard disks might be overheating: Check that
 		the fans are still working, as the disk and
 		other hardware might be overheating.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>The processor running is overheating: This might
 		be because the processor has been overclocked, or the
 		fan on the processor might have died.  In either case,
 		ensure that the hardware is running at
 		what it is specified to run at, at least while trying
 		to solve this problem.  If it is not, clock it back
 		to the default settings.)</para>
 
 	      <para>Regarding overclocking, it is far
 		cheaper to have a slow system than a fried system that
 		needs replacing!  Also the community is not
 		sympathetic to problems on overclocked systems.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Dodgy memory: if multiple memory
 		SIMMS/DIMMS are installed, pull them all out and try
 		running the machine with each SIMM or DIMM
 		individually to narrow the problem down to either the
 		problematic DIMM/SIMM or perhaps even a
 		combination.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Over-optimistic motherboard settings: the BIOS
 		settings, and some motherboard jumpers, provide
 		options to set various timings.  The defaults
 		are often sufficient, but sometimes setting the wait
 		states on RAM too low, or setting the <quote>RAM
 		  Speed: Turbo</quote> option
 		will cause strange behavior.  A possible idea is to
 		set to BIOS defaults, after noting
 		the current settings first.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Unclean or insufficient power to the motherboard.
 		Remove any unused I/O boards, hard disks, or
 		CD-ROMs,
 		or disconnect the power cable from them, to see if
 		the power supply can manage a smaller load.  Or try
 		another power supply, preferably one with a little
 		more power.  For instance, if the current power supply
 		is rated at 250&nbsp;Watts, try one rated at
 		300&nbsp;Watts.</para>
 	    </listitem>
 	  </orderedlist>
 
 	  <para>Read the section on
 	    <link linkend="signal11">Signal 11</link> for a further
 	    explanation and a discussion on how memory testing
 	    software or hardware can still pass faulty memory.  There
 	    is an extensive <acronym>FAQ</acronym> on this at <link
 	      xlink:href="http://www.bitwizard.nl/sig11/">the SIG11
 	      problem <acronym>FAQ</acronym></link>.</para>
 
 	  <para>Finally, if none of this has helped, it is possibly
 	    a bug in &os;.
 	    Follow <link linkend="access-pr">these instructions</link>
 	    to send a problem report.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="trap-12-panic">
 	  <para>My system crashes with either <errorname>Fatal trap
 	      12: page fault in kernel mode</errorname>, or
 	    <errorname>panic:</errorname>, and spits out a bunch of
 	    information.  What should I do?</para>
 	</question>
 
 	<answer>
 	  <para>The &os; developers are interested in these
 	    errors, but need more information than just the error
 	    message.  Copy the full crash message.  Then consult the
 	    <acronym>FAQ</acronym> section on <link
 	      linkend="kernel-panic-troubleshooting">kernel
 	      panics</link>, build a debugging kernel, and get a
 	    backtrace.  This might sound difficult, but does not
 	    require any programming skills.  Just follow the
 	    instructions.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="proc-table-full">
 	  <para>What is the meaning of the error <errorname>maxproc
 	      limit exceeded by uid %i, please see tuning(7) and
 	      login.conf(5)</errorname>?</para>
 	</question>
 
 	<answer>
 	  <para>The &os; kernel will only allow a certain number of
 	    processes to exist at one time.  The number is based on
 	    the <varname>kern.maxusers</varname> &man.sysctl.8;
 	    variable.  <varname>kern.maxusers</varname> also affects
 	    various other in-kernel limits, such as network buffers.
 	    If the machine is heavily loaded,
 	    increase <varname>kern.maxusers</varname>.  This will
 	    increase these other system limits in addition to the
 	    maximum number of processes.</para>
 
 	  <para>To adjust the <varname>kern.maxusers</varname> value,
 	    see the <link
 	      xlink:href="&url.books.handbook;/configtuning-kernel-limits.html#kern-maxfiles">File/Process
 	      Limits</link> section of the Handbook.  While that
 	    section refers to open files, the same limits apply to
 	    processes.</para>
 
 	  <para>If the machine is lightly loaded but running a very
 	    large number of processes, adjust the
 	    <varname>kern.maxproc</varname> tunable by defining it in
 	    <filename>/boot/loader.conf</filename>.  The tunable will
 	    not get adjusted until the system is rebooted.  For more
 	    information about tuning tunables, see
 	    &man.loader.conf.5;.  If these processes are being run by
 	    a single user, adjust
 	    <varname>kern.maxprocperuid</varname> to be one less than
 	    the new <varname>kern.maxproc</varname> value.  It must
 	    be at least one less because one system program,
 	    &man.init.8;, must always be running.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="remote-fullscreen">
 	  <para>Why do full screen applications on remote machines
 	    misbehave?</para>
 	</question>
 
 	<answer>
 	  <para>The remote machine may be setting the terminal type to
 	    something other than <literal>xterm</literal> which is
 	    required by the &os; console.  Alternatively the kernel
 	    may have the wrong values for the width and height of the
 	    terminal.</para>
 
 	  <para>Check the value of the <envar>TERM</envar>
 	    environment variable is <literal>xterm</literal>.  If the
 	    remote machine does not support that try
 	    <literal>vt100</literal>.</para>
 
 	  <para>Run <command>stty -a</command> to check what the
 	    kernel thinks the terminal dimensions are.  If they are
 	    incorrect, they can be changed by running
 	    <command>stty rows <replaceable>RR</replaceable> cols
 	    <replaceable>CC</replaceable></command>.</para>
 
 	  <para>Alternatively, if the client machine has
 	    <package>x11/xterm</package> installed, then running
 	    <command>resize</command> will query the terminal for the
 	    correct dimensions and set them.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="connection-delay">
 	  <para>Why does it take so long to connect to my computer via
 	    <command>ssh</command> or
 	    <command>telnet</command>?</para>
 	</question>
 
 	<answer>
 	  <para>The symptom: there is a long delay between the time
 	    the TCP connection is established and the time when the
 	    client software asks for a password (or, in
 	    &man.telnet.1;'s case, when a login prompt
 	    appears).</para>
 
 	  <para>The problem: more likely than not, the delay is caused
 	    by the server software trying to resolve the client's IP
 	    address into a hostname.  Many servers, including the
 	    <application>Telnet</application> and
 	    <application>SSH</application> servers that come with
 	    &os;, do this to store the hostname in a log file for
 	    future reference by the administrator.</para>
 
 	  <para>The remedy: if the problem occurs whenever connecting
 	    the client computer to any server, the problem
 	    is with the client.  If the problem only occurs
 	    when someone connects to the server computer, the
 	    problem is with the server.</para>
 
 	  <para>If the problem is with the client, the only remedy is
 	    to fix the DNS so the server can resolve it.  If this is
 	    on a local network, consider it a server problem and keep
 	    reading.  If this is on the Internet,
 	    contact your ISP.</para>
 
 	  <para>If the problem is with the server on a
 	    local network, configure the server
 	    to resolve address-to-hostname queries for the local
 	    address range.  See &man.hosts.5; and &man.named.8;
 	    for more information.  If this is on the
 	    Internet, the problem may be that the local server's
 	    resolver is not functioning correctly.  To check, try to
 	    look up another host such as
 	    <systemitem>www.yahoo.com</systemitem>.  If it does not
 	    work, that is the problem.</para>
 
 	  <para>Following a fresh install of &os;, it is also possible
 	    that domain and name server information is missing from
 	    <filename>/etc/resolv.conf</filename>.  This will often
 	    cause a delay in <application>SSH</application>, as the
 	    option <literal>UseDNS</literal> is set to
 	    <literal>yes</literal> by default in
 	    <filename>/etc/ssh/sshd_config</filename>.  If this is
 	    causing the problem, either fill in the
 	    missing information in
 	    <filename>/etc/resolv.conf</filename> or set
 	    <literal>UseDNS</literal> to <literal>no</literal> in
 	    <filename>sshd_config</filename> as a temporary
 	    workaround.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="file-table-full">
 	  <para>Why does <errorname>file: table is full</errorname>
 	    show up repeatedly in &man.dmesg.8;?</para>
 	</question>
 
 	<answer>
 	  <para>This error message indicates that the number of
 	    available file descriptors have been exhausted on the
 	    system.  Refer to the <link
 	      xlink:href="&url.books.handbook;/configtuning-kernel-limits.html#kern-maxfiles">kern.maxfiles</link>
 	    section of the <link
 	      xlink:href="&url.books.handbook;/configtuning-kernel-limits.html">Tuning
 	      Kernel Limits</link> section of the Handbook for a
 	    discussion and solution.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="computer-clock-skew">
 	  <para>Why does the clock on my computer keep incorrect
 	    time?</para>
 	</question>
 
 	<answer>
 	  <para>The computer has two or more clocks, and &os; has
 	    chosen to use the wrong one.</para>
 
 	  <para>Run &man.dmesg.8;, and check for lines that contain
 	    <literal>Timecounter</literal>.  The one with the highest
 	    quality value that &os; chose.</para>
 
 	  <screen>&prompt.root; <userinput>dmesg | grep Timecounter</userinput>
 Timecounter "i8254" frequency 1193182 Hz quality 0
 Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
 Timecounter "TSC" frequency 2998570050 Hz quality 800
 Timecounters tick every 1.000 msec</screen>
 
 	  <para>Confirm this by checking the
 	    <varname>kern.timecounter.hardware</varname>
 	    &man.sysctl.3;.</para>
 
 	  <screen>&prompt.root; <userinput>sysctl kern.timecounter.hardware</userinput>
 kern.timecounter.hardware: ACPI-fast</screen>
 
 	  <para>It may be a broken ACPI timer.  The simplest solution
 	    is to disable the ACPI timer in
 	    <filename>/boot/loader.conf</filename>:</para>
 
 	  <programlisting>debug.acpi.disabled="timer"</programlisting>
 
 	  <para>Or the BIOS may modify the TSC clock&mdash;perhaps to
 	    change the speed of the processor when running from
 	    batteries, or going into a power saving mode, but &os; is
 	    unaware of these adjustments, and appears to gain or lose
 	    time.</para>
 
 	  <para>In this example, the <literal>i8254</literal> clock is
 	    also available, and can be selected by writing its name to
 	    the <varname>kern.timecounter.hardware</varname>
 	    &man.sysctl.3;.</para>
 
 	  <screen>&prompt.root; <userinput>sysctl kern.timecounter.hardware=i8254</userinput>
 kern.timecounter.hardware: TSC -&gt; i8254</screen>
 
 	  <para>The computer should now start keeping more accurate
 	    time.</para>
 
 	  <para>To have this change automatically run at boot time,
 	    add the following line to
 	    <filename>/etc/sysctl.conf</filename>:</para>
 
 	  <programlisting>kern.timecounter.hardware=i8254</programlisting>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="indefinite-wait-buffer">
 	  <para>What does the error <errorname>swap_pager: indefinite
 	      wait buffer:</errorname> mean?</para>
 	</question>
 
 	<answer>
 	  <para>This means that a process is trying to page memory
 	    from
 	    disk, and the page attempt has hung trying to access the
 	    disk for more than 20 seconds.  It might be caused by bad
 	    blocks on the disk drive, disk wiring, cables, or any
 	    other disk I/O-related hardware.  If the drive itself is
 	    bad, disk errors will appear in
 	    <filename>/var/log/messages</filename> and in the output
 	    of <command>dmesg</command>.  Otherwise, check the cables
 	    and connections.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="lock-order-reversal">
 	  <para>What is a <errorname>lock order
 	      reversal</errorname>?</para>
 	</question>
 
 	<answer>
 	  <para>The &os; kernel uses a number of resource locks to
 	    arbitrate contention for certain resources.  When multiple
 	    kernel threads try to obtain multiple resource locks,
 	    there's always the potential for a deadlock, where two
 	    threads have each obtained one of the locks and blocks
 	    forever waiting for the other thread to release one of the
 	    other locks.  This sort of locking problem can be avoided
 	    if all threads obtain the locks in the same order.</para>
 
 	  <para>A run-time lock diagnostic system called
 	    &man.witness.4;, enabled in &os.current; and disabled by
 	    default for stable branches and releases, detects the
 	    potential for deadlocks due to locking errors, including
 	    errors caused by obtaining multiple resource locks with a
 	    different order from different parts of the kernel.  The
 	    &man.witness.4; framework tries to detect this problem as
 	    it happens, and reports it by printing a message to the
 	    system console about a <errorname>lock order
 	      reversal</errorname> (often referred to also as
 	    <acronym>LOR</acronym>).</para>
 
 	  <para>It is possible to get false positives, as
 	    &man.witness.4; is conservative.  A true positive report
 	    <emphasis>does not</emphasis> mean that a system is
 	    dead-locked; instead it should be understood as a warning
 	    that a deadlock could have happened here.</para>
 
 	  <note>
 	    <para>Problematic <acronym>LOR</acronym>s tend to get
 	      fixed quickly, so check the &a.current; before posting
 	      to it.</para>
 	  </note>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="called-with-non-sleepable-locks-held">
 	  <para>What does <errorname>Called ...  with the following
 	      non-sleepable locks held</errorname> mean?</para>
 	</question>
 
 	<answer>
 	  <para>This means that a function that may sleep was called
 	    while a mutex (or other unsleepable) lock was held.</para>
 
 	  <para>The reason this is an error is because mutexes are not
 	    intended to be held for long periods of time; they are
 	    supposed to only be held to maintain short periods of
 	    synchronization.  This programming contract allows device
 	    drivers to use mutexes to synchronize with the rest of the
 	    kernel during interrupts.  Interrupts (under &os;) may not
 	    sleep.  Hence it is imperative that no subsystem in the
 	    kernel block for an extended period while holding a
 	    mutex.</para>
 
 	  <para>To catch such errors, assertions may be added to the
 	    kernel that interact with the &man.witness.4; subsystem to
 	    emit a warning or fatal error (depending on the system
 	    configuration) when a potentially blocking call is made
 	    while holding a mutex.</para>
 
 	  <para>In summary, such warnings are non-fatal, however with
 	    unfortunate timing they could cause undesirable effects
 	    ranging from a minor blip in the system's responsiveness
 	    to a complete system lockup.</para>
 
 	  <para>For additional information about locking in &os; see
 	    &man.locking.9;.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="touch-not-found">
 	  <para>Why does
 	    <buildtarget>buildworld</buildtarget>/<buildtarget>installworld</buildtarget>
 	    die with the message <errorname>touch: not
 	      found</errorname>?</para>
 	</question>
 
 	<answer>
 	  <para>This error does not mean that the &man.touch.1;
 	    utility is missing.  The error is instead probably due to
 	    the dates of the files being set sometime in the future.
 	    If the CMOS clock is set to local time, run
 	    <command>adjkerntz&nbsp;-i</command> to adjust
 	    the kernel clock when booting into single-user
 	    mode.</para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="applications">
     <title>User Applications</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="user-apps">
 	  <para>Where are all the user applications?</para>
 	</question>
 
 	<answer>
 	  <para>Refer to <link
 	      xlink:href="&url.base;/ports/index.html">the ports
 	      page</link> for info on software packages ported to
 	    &os;.</para>
 
 	  <para>Most ports should work on all supported versions of
 	    &os;.  Those that do not are specifically marked as such.
 	    Each time a &os; release is made, a snapshot of the ports
 	    tree at the time of release in also included in the
 	    <filename>ports/</filename> directory.</para>
 
 	  <para>&os; supports compressed binary packages to easily
 	    install and uninstall ports.  Use &man.pkg.7; to control
 	    the installation of packages.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="how-do-download-ports-tree">
 	  <para>How do I download the Ports tree? Should I be using
 	    Subversion?</para>
 	</question>
 
 	<answer>
 	  <para>Any of the methods listed here work:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>Use portsnap for most use cases.  Refer to <link
 		  xlink:href="&url.books.handbook;/ports-using.html">Using
 		the Ports Collection</link> for instructions on how to
 		use this tool.</para>
 	    </listitem>
 	    <listitem>
 	      <para>Use Subversion if custom patches to the
 		ports tree are needed.  Refer to <link
 		  xlink:href="&url.books.handbook;/svn.html">Using
 		  Subversion</link> for details.</para>
 	    </listitem>
 	  </itemizedlist>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="ports-4x">
 	  <para>Why can I not build this port on my
 	    &rel2.relx;&nbsp;-, or
 	    &rel.relx;&nbsp;-STABLE machine?</para>
 	</question>
 
 	<answer>
 	  <para>If the installed &os; version lags significantly
 	    behind <emphasis>-CURRENT</emphasis> or
 	    <emphasis>-STABLE</emphasis>, update the Ports Collection
 	    using the instructions in <link
 	      xlink:href="&url.books.handbook;/ports-using.html">Using
 	      the Ports Collection</link>.  If the system is
 	    up-to-date, someone might have committed a change to the
 	    port which works for <emphasis>-CURRENT</emphasis> but
 	    which broke the port for <emphasis>-STABLE</emphasis>.
 	    <link
 	      xlink:href="https://bugs.FreeBSD.org/submit/">Submit</link>
 	    a bug report, since the Ports Collection is supposed to
 	    work for both the <emphasis>-CURRENT</emphasis> and
 	    <emphasis>-STABLE</emphasis> branches.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="make-index">
 	  <para>I just tried to build <filename>INDEX</filename> using
 	    <command>make index</command>, and it failed.  Why?</para>
 	</question>
 
 	<answer>
 	  <para>First, make sure that the Ports Collection is
 	    up-to-date.  Errors that affect building
 	    <filename>INDEX</filename> from an up-to-date copy of the
 	    Ports Collection are high-visibility and are thus almost
 	    always fixed immediately.</para>
 
 	  <para>There are rare cases where <filename>INDEX</filename>
 	    will not build due to odd cases involving
 	    <varname>OPTIONS_SET</varname>
 	    being set in <filename>make.conf</filename>.  If
 	    you suspect that this is the case, try to make
 	    <filename>INDEX</filename> with those variables
 	    turned off before reporting it to &a.ports;.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="ports-update">
 	  <para>I updated the sources, now how do I update my
 	    installed ports?</para>
 	</question>
 
 	<answer>
 	  <para>&os; does not include a port upgrading tool, but it
 	    does have some tools to make the upgrade process somewhat
 	    easier.  Additional tools are available to simplify
 	    port handling and are described the <link
 	      xlink:href="&url.books.handbook;/ports-using.html">Upgrading
 	      Ports</link> section in the &os; Handbook.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="ports-major-upgrade">
 	  <para>Do I need to recompile every port each time I perform
 	    a major version update?</para>
 	</question>
 
 	<answer>
 	  <para>Yes!  While a recent system will run with
 	    software compiled under an older release,
 	    things will randomly crash and fail to work once
 	    other ports are installed or updated.</para>
 
 	  <para>When the system is upgraded, various shared libraries,
 	    loadable modules, and other parts of the system will be
 	    replaced with newer versions.  Applications linked against
 	    the older versions may fail to start or, in other cases,
 	    fail to function properly.</para>
 
 	  <para>For more information, see <link
 	      xlink:href="&url.books.handbook;/updating-upgrading-freebsdupdate.html#freebsdupdate-upgrade">the
 	      section on upgrades</link> in the &os; Handbook.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="ports-minor-upgrade">
 	  <para>Do I need to recompile every port each time I perform
 	    a minor version update?</para>
 	</question>
 
 	<answer>
 	  <para>In general, no.  &os; developers do their utmost to
 	    guarantee binary compatibility across all releases with
 	    the same major version number.  Any exceptions will be
 	    documented in the Release Notes, and advice given there
 	    should be followed.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="minimal-sh">
 	  <para>Why is <command>/bin/sh</command> so minimal?  Why
 	    does &os; not use <command>bash</command> or another
 	    shell?</para>
 	</question>
 
 	<answer>
 	  <para>Many people need to write shell scripts which will be
 	    portable across many systems.  That is why &posix;
 	    specifies the shell and utility commands in great detail.
 	    Most scripts are written in Bourne shell (&man.sh.1;), and
 	    because several important programming interfaces
 	    (&man.make.1;, &man.system.3;, &man.popen.3;, and
 	    analogues in higher-level scripting languages like Perl
 	    and Tcl) are specified to use the Bourne shell to
 	    interpret commands.  Because the Bourne shell is so often
 	    and widely used, it is important for it to be quick to
 	    start, be deterministic in its behavior, and have a small
 	    memory footprint.</para>
 
 	  <para>The existing implementation is our best effort at
 	    meeting as many of these requirements simultaneously as we
 	    can.  To keep <command>/bin/sh</command> small, we have
 	    not provided many of the convenience features that other
 	    shells have.  That is why other more featureful shells
 	    like <command>bash</command>, <command>scsh</command>,
 	    &man.tcsh.1;, and <command>zsh</command> are available.
 	    Compare the memory utilization of
 	    these shells by looking at the <quote>VSZ</quote> and
 	    <quote>RSS</quote> columns in a <command>ps -u</command>
 	    listing.</para>
-	</answer>
-      </qandaentry>
-
-      <qandaentry>
-	<question xml:id="midi-sound-files">
-	  <para>How do I create audio CDs from my MIDI files?</para>
-	</question>
-
-	<answer>
-	  <para>To create audio CDs from MIDI files, first install
-	    <package>audio/timidity++</package> from ports then
-	    install manually the GUS patches set by Eric A. Welsh,
-	    available at <uri
-	      xlink:href="http://alleg.sourceforge.net/digmid.html">http://alleg.sourceforge.net/digmid.html</uri>.
-	    After <application>TiMidity++</application> has been
-	    installed properly, MIDI files may be converted to WAV
-	    files with the following command line:</para>
-
-	  <screen>&prompt.user; <userinput>timidity -Ow -s 44100 -o /tmp/juke/01.wav 01.mid</userinput></screen>
-
-	  <para>The WAV files can then be converted to other formats
-	    or burned onto audio CDs, as described in the <link
-	      xlink:href="&url.books.handbook;/creating-cds.html">&os;
-	      Handbook</link>.</para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="kernelconfig">
     <title>Kernel Configuration</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="make-kernel">
 	  <para>I would like to customize my kernel.  Is it
 	    difficult?</para>
 	</question>
 
 	<answer>
 	  <para>Not at all!  Check out the <link
 	      xlink:href="&url.books.handbook;/kernelconfig.html">kernel
 	      config section of the Handbook</link>.</para>
 
 	  <note>
 	    <para>The new <filename>kernel</filename> will be
 	      installed to the <filename>/boot/kernel</filename>
 	      directory along with its modules, while the old kernel
 	      and its modules will be moved to the
 	      <filename>/boot/kernel.old</filename> directory.  If
 	      a mistake is made in the
 	      configuration, simply boot the previous version of the
 	      kernel.</para>
 	  </note>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="why-kernel-big">
 	  <para>Why is my kernel so big?</para>
 	</question>
 
 	<answer>
 	  <para><literal>GENERIC</literal> kernels shipped with &os;
 	    are compiled in <emphasis>debug mode</emphasis>.
 	    Kernels built in debug mode contain debug data in
 	    separate files that are used for debugging.
 	    &os; releases prior to 11.0 store these debug files in
 	    the same directory as the kernel itself,
 	    <filename>/boot/kernel/</filename>.
 	    In &os; 11.0 and later the debug files are stored in
 	    <filename>/usr/lib/debug/boot/kernel/</filename>.
 	    Note that there will be little or no performance loss from
 	    running a debug kernel, and it is useful to keep one
 	    around in case of a system panic.</para>
 
 	  <para>When running low on disk space, there
 	    are different options to reduce the size of
 	    <filename>/boot/kernel/</filename> and
 	    <filename>/usr/lib/debug/</filename>.</para>
 
 	  <para>To not install the symbol files,
 	    make sure the following line exists in
 	    <filename>/etc/src.conf</filename>:</para>
 
 	  <programlisting>WITHOUT_KERNEL_SYMBOLS=yes</programlisting>
 
 	  <para>For more information see &man.src.conf.5;.</para>
 
 	  <para>If you want to avoid building debug files altogether,
 	    make sure that both of the following are true:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>This line does not exist in the kernel
 		configuration file:</para>
 
 	      <programlisting>makeoptions DEBUG=-g</programlisting>
 	    </listitem>
 
 	    <listitem>
 	      <para>Do not run &man.config.8; with
 		<option>-g</option>.</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>Either of the above settings will cause the kernel to
 	    be built in debug mode.</para>
 
 	  <para>To build and install only the specified modules, list
 	    them in
 	    <filename>/etc/make.conf</filename>:</para>
 
 	  <programlisting>MODULES_OVERRIDE= <replaceable>accf_http ipfw</replaceable></programlisting>
 
 	  <para>Replace <emphasis>accf_httpd ipfw</emphasis> with a
 	    list of needed modules.  Only the listed modules will be
 	    built.  This reduces the size of the kernel
 	    directory and decreases the amount of time needed to
 	    build the kernel.  For more information, read
 	    <filename>/usr/share/examples/etc/make.conf</filename>.</para>
 
 	  <para>Unneeded devices can be removed from the kernel
 	    to further reduce the size.  See <xref
 	      linkend="make-kernel"/> for more information.</para>
 
 	  <para>To put any of these options into effect, follow the
 	    instructions to <link
 	      xlink:href="&url.books.handbook;/kernelconfig-building.html">build
 	      and install</link> the new kernel.</para>
 
 	  <para>For reference, the &os; 11 &arch.amd64; kernel
 	    (<filename>/boot/kernel/kernel</filename>) is
 	    approximately 25&nbsp;MB.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="generic-kernel-build-failure">
 	  <para>Why does every kernel I try to build fail to compile,
 	    even <filename>GENERIC</filename>?</para>
 	</question>
 
 	<answer>
 	  <para>There are a number of possible causes for this
 	    problem:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>The source
 		tree is different from the one used to build the
 		currently running system.  When attempting an upgrade,
 		read <filename>/usr/src/UPDATING</filename>, paying
 		particular attention to the <quote>COMMON
 		  ITEMS</quote> section at the end.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>The <command>make buildkernel</command> did not
 		complete successfully.  The <command>make
 		  buildkernel</command> target relies on files
 		generated by the <command>make buildworld</command>
 		target to complete its job correctly.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Even when building <link
 		  linkend="stable">&os;-STABLE</link>, it is possible
 		that the source tree was fetched at a time when it was
 		either being modified or it was broken.
 		Only releases are guaranteed to be
 		buildable, although <link
 		  linkend="stable">&os;-STABLE</link> builds fine the
 		majority of the time.  Try re-fetching the source tree
 		and see if the problem goes away.  Try using a
 		different mirror in case the previous one is having
 		problems.</para>
 	    </listitem>
 	  </itemizedlist>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="scheduler-in-use">
 	  <para>Which scheduler is in use on a
 	    running system?</para>
 	</question>
 
 	<answer>
 	  <para>The name of the scheduler currently being used is
 	    directly available as the value of the
 	    <varname>kern.sched.name</varname> sysctl:</para>
 
 	  <screen>&prompt.user; sysctl <replaceable>kern.sched.name</replaceable>
 kern.sched.name: ULE</screen>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="scheduler-kern-quantum">
 	  <para>What is <varname>kern.sched.quantum</varname>?</para>
 	</question>
 
 	<answer>
 	  <para><varname>kern.sched.quantum</varname> is the maximum
 	    number of ticks a process can run without being preempted
 	    in the 4BSD scheduler.</para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="disks">
     <title>Disks, File Systems, and Boot Loaders</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="adding-disks">
 	  <para>How can I add my new hard disk to my &os;
 	    system?</para>
 	</question>
 
 	<answer>
 	  <para>See the <link
 	      xlink:href="&url.books.handbook;/disks-adding.html">Adding
 	      Disks</link> section in the &os; Handbook.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="new-huge-disk">
 	  <para>How do I move my system over to my huge new
 	    disk?</para>
 	</question>
 
 	<answer>
 	  <para>The best way is to reinstall the operating system on
 	    the new disk, then move the user data over.  This is
 	    highly recommended when tracking
 	    <emphasis>-STABLE</emphasis> for more than one release or
 	    when updating a release instead of installing a new one.
 	    Install booteasy on both disks with &man.boot0cfg.8; and
 	    dual boot until you are happy with the new configuration.
 	    Skip the next paragraph to find out how to move the data
 	    after doing this.</para>
 
 	  <para>Alternatively, partition and label the new disk with
 	    either &man.sade.8; or &man.gpart.8;.  If the disks are
 	    MBR-formatted, booteasy can be installed on both disks
 	    with &man.boot0cfg.8; so that the computer can dual boot
 	    to the old or new system after the copying is done.</para>
 
 	  <para>Once the new disk set up,
 	    the data cannot just be copied.  Instead, use tools that
 	    understand device files and system flags, such as
 	    &man.dump.8;.  Although it is recommended
 	    to move the data while in single-user mode, it
 	    is not required.</para>
 
 	  <para>When the disks are formatted with
 	    <acronym>UFS</acronym>, never use anything but
 	    &man.dump.8; and &man.restore.8; to move the root file
 	    system.  These commands should also be used when moving a
 	    single partition to another empty partition.  The sequence
 	    of steps to use <command>dump</command> to move the data
 	    from one <acronym>UFS</acronym> partitions to a new
 	    partition is:</para>
 
 	  <procedure>
 	    <step>
 	      <para><command>newfs</command> the new partition.</para>
 	    </step>
 
 	    <step>
 	      <para><command>mount</command> it on a temporary mount
 		point.</para>
 	    </step>
 
 	    <step>
 	      <para><command>cd</command> to that directory.</para>
 	    </step>
 
 	    <step>
 	      <para><command>dump</command> the old partition, piping
 		output to the new one.</para>
 	    </step>
 	  </procedure>
 
 	  <para>For example, to move
 	    <filename>/dev/ada1s1a</filename> with
 	    <filename>/mnt</filename> as the temporary mount point,
 	    type:</para>
 
 	  <screen>&prompt.root; <userinput>newfs /dev/ada1s1a</userinput>
 &prompt.root; <userinput>mount /dev/ada1s1a /mnt</userinput>
 &prompt.root; <userinput>cd /mnt</userinput>
 &prompt.root; <userinput>dump 0af - / | restore rf -</userinput></screen>
 
 	  <para>Rearranging partitions with
 	    <command>dump</command> takes a bit more work.  To merge a
 	    partition like <filename>/var</filename> into its parent,
 	    create the new partition large enough for both, move the
 	    parent partition as described above, then move the child
 	    partition into the empty directory that the first move
 	    created:</para>
 
 	  <screen>&prompt.root; <userinput>newfs /dev/ada1s1a</userinput>
 &prompt.root; <userinput>mount /dev/ada1s1a /mnt</userinput>
 &prompt.root; <userinput>cd /mnt</userinput>
 &prompt.root; <userinput>dump 0af - / | restore rf -</userinput>
 &prompt.root; <userinput>cd var</userinput>
 &prompt.root; <userinput>dump 0af - /var | restore rf -</userinput></screen>
 
 	  <para>To split a directory from its parent, say putting
 	    <filename>/var</filename> on its own partition when it was
 	    not before, create both partitions, then mount the child
 	    partition on the appropriate directory in the temporary
 	    mount point, then move the old single partition:</para>
 
 	  <screen>&prompt.root; <userinput>newfs /dev/ada1s1a</userinput>
 &prompt.root; <userinput>newfs /dev/ada1s1d</userinput>
 &prompt.root; <userinput>mount /dev/ada1s1a /mnt</userinput>
 &prompt.root; <userinput>mkdir /mnt/var</userinput>
 &prompt.root; <userinput>mount /dev/ada1s1d /mnt/var</userinput>
 &prompt.root; <userinput>cd /mnt</userinput>
 &prompt.root; <userinput>dump 0af - / | restore rf -</userinput></screen>
 
 	  <para>The &man.cpio.1; and &man.pax.1; utilities are also
 	    available for moving user data.  These are known to lose
 	    file flag information, so use them with caution.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="safe-softupdates">
 	  <para>Which partitions can safely use Soft Updates?  I have
 	    heard that Soft Updates on <filename>/</filename> can
 	    cause problems.  What about Journaled Soft Updates?</para>
 	</question>
 
 	<answer>
 	  <para>Short answer: Soft Updates can usually be safely used
 	    on all partitions.</para>
 
 	  <para>Long answer:  Soft Updates has two characteristics
 	    that may be undesirable on certain partitions.  First, a
 	    Soft Updates partition has a small chance of losing data
 	    during a system crash.  The partition will not be
 	    corrupted as the data will simply be lost.  Second, Soft
 	    Updates can cause temporary space shortages.</para>
 
 	  <para>When using Soft Updates, the kernel can take up to
 	    thirty seconds to write changes to the physical disk.
 	    When a large file is deleted the file still resides on
 	    disk until the kernel actually performs the deletion.
 	    This can cause a very simple race condition.  Suppose
 	    one large file is deleted and another large file is
 	    immediately created.  The first large file is not yet
 	    actually removed from the physical disk, so the disk might
 	    not have enough room for the second large file.  This will
 	    produce an error that the partition does not have enough
 	    space, even though a large chunk of space has just been
 	    released.  A few seconds later, the file creation works as
 	    expected.</para>
 
 	  <para>If a system should crash after the kernel accepts a
 	    chunk of data for writing to disk, but before that data is
 	    actually written out, data could be lost.  This risk is
 	    extremely small, but generally manageable.</para>
 
 	  <para>These issues affect all partitions using Soft Updates.
 	    So, what does this mean for the root partition?</para>
 
 	  <para>Vital information on the root partition changes very
 	    rarely.  If the system crashed during the thirty-second
 	    window after such a change is made, it is possible that
 	    data could be lost.  This risk is negligible for most
 	    applications, but be aware that it exists.  If
 	    the system cannot tolerate this much risk, do not use
 	    Soft Updates on the root file system!</para>
 
 	  <para><filename>/</filename> is traditionally one of the
 	    smallest partitions.  If
 	    <filename>/tmp</filename> is on
 	    <filename>/</filename>, there may be intermittent
 	    space problems.  Symlinking <filename>/tmp</filename> to
 	    <filename>/var/tmp</filename> will solve this
 	    problem.</para>
 
 	  <para>Finally, &man.dump.8; does not work in live mode (-L)
 	    on a filesystem, with Journaled Soft Updates
 	    (<acronym>SU+J</acronym>).</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="mount-foreign-fs">
 	  <para>Can I mount other foreign file systems under
 	    &os;?</para>
 	</question>
 
 	<answer>
 	  <para>&os; supports a variety of other file systems.</para>
 
 	  <variablelist>
 	    <varlistentry>
 	      <term>UFS</term>
 
 	      <listitem>
 		<para>UFS CD-ROMs can be mounted directly on &os;.
 		  Mounting disk partitions from Digital UNIX and other
 		  systems that support UFS may be more complex,
 		  depending on the details of the disk partitioning
 		  for the operating system in question.</para>
 	      </listitem>
 	    </varlistentry>
 
 	    <varlistentry>
 	      <term>ext2/ext3</term>
 
 	      <listitem>
 		<para>&os; supports <literal>ext2fs</literal> and
 		  <literal>ext3fs</literal> partitions.  See
 		  &man.ext2fs.5; for more information.</para>
 	      </listitem>
 	    </varlistentry>
 
 	    <varlistentry>
 	      <term>NTFS</term>
 
 	      <listitem>
 		<para>FUSE based NTFS support is available as a port
 		  (<package>sysutils/fusefs-ntfs</package>).  For more
 		  information see <link
 		    xlink:href="http://www.tuxera.com/community/ntfs-3g-manual/"><application>ntfs-3g</application></link>.</para>
 	      </listitem>
 	    </varlistentry>
 
 	    <varlistentry>
 	      <term>FAT</term>
 
 	      <listitem>
 		<para>&os; includes a read-write FAT driver.  For more
 		  information, see &man.mount.msdosfs.8;.</para>
 	      </listitem>
 	    </varlistentry>
 
 	    <varlistentry>
 	      <term>ZFS</term>
 
 	      <listitem>
 		<para>&os; includes a port of &sun;'s ZFS driver.  The
 		  current recommendation is to use it only on
 		  &arch.amd64; platforms with sufficient memory.  For
 		  more information, see &man.zfs.8;.</para>
 	      </listitem>
 	    </varlistentry>
 	  </variablelist>
 
 	  <para>&os; includes the Network File System
 	    <acronym>NFS</acronym> and the &os; Ports Collection
 	    provides several FUSE applications to support many other
 	    file systems.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="mount-dos">
 	  <para>How do I mount a secondary DOS partition?</para>
 	</question>
 
 	<answer>
 	  <para>The secondary DOS partitions are found after
 	    <emphasis>all</emphasis> the primary partitions.  For
 	    example, if <literal>E</literal> is the
 	    second DOS partition on the second SCSI drive, there will
 	    be a device file for <quote>slice 5</quote> in
 	    <filename>/dev</filename>.  To mount it:</para>
 
 	  <screen>&prompt.root; <userinput>mount -t msdosfs /dev/da1s5 /dos/e</userinput></screen>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="crypto-file-system">
 	  <para>Is there a cryptographic file system for &os;?</para>
 	</question>
 
 	<answer>
 	  <para>Yes, &man.gbde.8; and &man.geli.8;.
 	    See the <link
 	      xlink:href="&url.books.handbook;/disks-encrypting.html">Encrypting
 	      Disk Partitions</link> section of the &os;
 	    Handbook.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="grub-loader">
 	  <para>How do I boot &os; and &linux; using
 	    <application>GRUB</application>?</para>
 	</question>
 
 	<answer>
 	  <para>To boot &os; using <application>GRUB</application>,
 	    add the following to either
 	    <filename>/boot/grub/menu.lst</filename> or
 	    <filename>/boot/grub/grub.conf</filename>, depending upon
 	    which is used by the &linux; distribution.</para>
 
 	  <programlisting>title &os; 9.1
 	root <replaceable>(hd0,a)</replaceable>
 	kernel /boot/loader</programlisting>
 
 	  <para>Where <replaceable>hd0,a</replaceable> points to the
 	    root partition on the first disk.  To specify
 	    the slice number, use something like this
 	    <replaceable>(hd0,2,a)</replaceable>.  By default, if the
 	    slice number is omitted, <application>GRUB</application>
 	    searches the first slice
 	    which has the <literal>a</literal> partition.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="booteasy-loader">
 	  <para>How do I boot &os; and &linux; using
 	    <application>BootEasy?</application></para>
 	</question>
 
 	<answer>
 	  <para>Install LILO at the start of the &linux; boot
 	    partition instead of in the Master Boot Record.  You can
 	    then boot LILO from
 	    <application>BootEasy</application>.</para>
 
 	  <para>This is recommended when running &windows; and &linux;
 	    as it makes it simpler to get &linux; booting again if
 	    &windows; is reinstalled.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="changing-bootprompt">
 	  <para>How do I change the boot prompt from
 	    <literal>???</literal> to something more
 	    meaningful?</para>
 	</question>
 
 	<answer>
 	  <para>This cannot be accomplished with the standard boot
 	    manager without rewriting it.  There are a number of other
 	    boot managers in the <filename>sysutils</filename>
 	    category of the Ports Collection.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="removable-drives">
 	  <para>How do I use a new removable drive?</para>
 	</question>
 
 	<answer>
 	  <para>If the drive already has a file system on it,
 	    use a command like this:</para>
 
 	  <screen>&prompt.root; <userinput>mount -t msdosfs /dev/da0s1 /mnt</userinput></screen>
 
 	  <para>If the drive will only be used with &os; systems,
 	    partition it with <acronym>UFS</acronym> or
 	    <acronym>ZFS</acronym>.  This will provide long filename
 	    support, improvement in performance, and stability.  If
 	    the drive will be used by other operating systems, a more
 	    portable choice, such as msdosfs, is better.</para>
 
 	  <screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da0 count=2</userinput>
 &prompt.root; <userinput>gpart create -s GPT /dev/da0</userinput>
 &prompt.root; <userinput>gpart add -t freebsd-ufs /dev/da0</userinput></screen>
 
 	  <para>Finally, create a new file system:</para>
 
 	  <screen>&prompt.root; <userinput>newfs /dev/da0p1</userinput></screen>
 
 	  <para>and mount it:</para>
 
 	  <screen>&prompt.root; <userinput>mount /dev/da0s1 /mnt</userinput></screen>
 
 	  <para>It is a good idea to add a line to
 	    <filename>/etc/fstab</filename> (see &man.fstab.5;) so you
 	    can just type <command>mount /mnt</command> in the
 	    future:</para>
 
 	  <programlisting>/dev/da0p1 /mnt ufs rw,noauto 0 0</programlisting>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="mount-cd-superblock">
 	  <para>Why do I get <errorname>Incorrect super
 	      block</errorname> when mounting a CD?</para>
 	</question>
 
 	<answer>
 	  <para>The type of device to mount must be specified.  This
 	    is described in the Handbook section on <link
 	      xlink:href="&url.books.handbook;/creating-cds.html#mounting-cd">Using
 	      Data CDs</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="cdrom-not-configured">
 	  <para>Why do I get <errorname>Device not
 	      configured</errorname> when mounting a CD?</para>
 	</question>
 
 	<answer>
 	  <para>This generally means that there is no CD in the
 	    drive, or the drive is not visible on the bus.
 	    Refer to the <link
 	      xlink:href="&url.books.handbook;/creating-cds.html#mounting-cd">Using
 	      Data CDs</link> section of the Handbook for a detailed
 	    discussion of this issue.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="cdrom-unicode-filenames">
 	  <para>Why do all non-English characters in filenames show up
 	    as <quote>?</quote> on my CDs when mounted in &os;?</para>
 	</question>
 
 	<answer>
 	  <para>The CD probably uses the <quote>Joliet</quote>
 	    extension for storing information about files and
 	    directories.  This is discussed in the Handbook section on
 	   <link
 	      xlink:href="&url.books.handbook;/creating-cds.html#mounting-cd">Using
 	      Data CD-ROMs</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="burncd-isofs">
 	  <para>A CD burned under &os; cannot be read
 	    under any other operating system.  Why?</para>
 	</question>
 
 	<answer>
 	  <para>This means a raw file was burned to the CD, rather
 	    than creating an ISO&nbsp;9660 file system.  Take a look
 	    at the Handbook section on <link
 	      xlink:href="&url.books.handbook;/creating-cds.html#mounting-cd">Using
 	      Data <acronym>CD</acronym>s</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="copy-cd">
 	  <para>How can I create an image of a data CD?</para>
 	</question>
 
 	<answer>
 	  <para>This is discussed in the Handbook section on <link
 	      xlink:href="&url.books.handbook;/creating-cds.html#mkisofs">Writing
 	      Data to an <acronym>ISO</acronym> File System</link>.
 	    For more on working with CD-ROMs, see the <link
 	      xlink:href="&url.books.handbook;/creating-cds.html">Creating
 	      CDs Section</link> in the Storage chapter in the
 	    Handbook.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="mount-audio-CD">
 	  <para>Why can I not <command>mount</command> an audio
 	    CD?</para>
 	</question>
 
 	<answer>
 	  <para>Trying to mount an audio CD will produce an error
 	    like <errorname>cd9660: /dev/cd0: Invalid
 	      argument</errorname>.  This is because
 	    <command>mount</command> only works on file systems.
 	    Audio CDs do not have file systems; they just have data.
 	    Instead, use a program that reads audio CDs, such as the
 	    <package>audio/xmcd</package> package or port.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="multi-session-CD">
 	  <para>How do I <command>mount</command> a multi-session
 	    CD?</para>
 	</question>
 
 	<answer>
 	  <para>By default, &man.mount.8; will attempt to mount the
 	    last data track (session) of a CD.  To
 	    load an earlier session, use the
 	    <option>-s</option> command line argument.  Refer to
 	    &man.mount.cd9660.8; for specific examples.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="user-floppymount">
 	  <para>How do I let ordinary users mount CD-ROMs, DVDs,
 	    USB drives, and other removable media?</para>
 	</question>
 
 	<answer>
 	  <para>As <systemitem class="username">root</systemitem> set
 	    the sysctl variable <varname>vfs.usermount</varname> to
 	    <literal>1</literal>.</para>
 
 	  <screen>&prompt.root; <userinput>sysctl vfs.usermount=1</userinput></screen>
 
 	  <para>To make this persist across reboots, add the line
 	    <literal>vfs.usermount=1</literal> to
 	    <filename>/etc/sysctl.conf</filename> so that it is reset
 	    at system boot time.</para>
 
 	  <para>Users can only mount devices they have read
 	    permissions to.  To allow users to mount a device
 	    permissions must be set in
 	    <filename>/etc/devfs.conf</filename>.</para>
 
 	  <para>For example, to allow users to mount the first USB
 	    drive add:</para>
 
 	  <programlisting># Allow all users to mount a USB drive.
 	    own       /dev/da0       root:operator
 	    perm      /dev/da0       0666</programlisting>
 
 	  <para>All users can now mount devices they could read onto a
 	    directory that they own:</para>
 
 	  <screen>&prompt.user; <userinput>mkdir ~/my-mount-point</userinput>
 &prompt.user; <userinput>mount -t msdosfs /dev/da0 ~/my-mount-point</userinput></screen>
 
 	  <para>Unmounting the device is simple:</para>
 
 	  <screen>&prompt.user; <userinput>umount ~/my-mount-point</userinput></screen>
 
 	  <para>Enabling <varname>vfs.usermount</varname>, however,
 	    has negative security implications.  A better way to
 	    access &ms-dos; formatted media is to use the
 	    <package>emulators/mtools</package> package in the Ports
 	    Collection.</para>
 
 	  <note>
 	    <para>The device name used in the previous examples must
 	      be changed according to the configuration.</para>
 	  </note>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="du-vs-df">
 	  <para>The <command>du</command> and <command>df</command>
 	    commands show different amounts of disk space available.
 	    What is going on?</para>
 	</question>
 
 	<answer>
 	  <para>This is due to how these commands actually work.
 	    <command>du</command> goes through the directory tree,
 	    measures how large each file is, and presents the totals.
 	    <command>df</command> just asks the file system how much
 	    space it has left.  They seem to be the same thing, but a
 	    file without a directory entry will affect
 	    <command>df</command> but not
 	    <command>du</command>.</para>
 
 	  <para>When a program is using a file, and the file is
 	    deleted, the file is not really removed from the file
 	    system until the program stops using it.  The file is
 	    immediately deleted from the directory listing, however.
 	    As an example, consider a file large enough
 	    to affect the output of
 	    <command>du</command> and <command>df</command>.  A
 	    file being viewed with <command>more</command> can be
 	    deleted wihout causing an error.
 	    The entry is
 	    removed from the directory so no other program or user can
 	    access it.  However, <command>du</command> shows that it
 	    is gone as it has walked the directory tree and the
 	    file is not listed.  <command>df</command> shows that it
 	    is still there, as the file system knows that
 	    <command>more</command> is still using that space.  Once
 	    the <command>more</command> session ends,
 	    <command>du</command> and <command>df</command> will
 	    agree.</para>
 
 	  <para>This situation is common on web servers.  Many people
 	    set up a &os; web server and forget to rotate the log
 	    files.  The access log fills up <filename>/var</filename>.
 	    The new administrator deletes the file, but the system
 	    still complains that the partition is full.  Stopping and
 	    restarting the web server program would free the file,
 	    allowing the system to release the disk space.  To prevent
 	    this from happening, set up &man.newsyslog.8;.</para>
 
 	  <para>Note that Soft Updates can delay the freeing of disk
 	    space and it can take up to 30 seconds for the
 	    change to be visible.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="add-swap-space">
 	  <para>How can I add more swap space?</para>
 	</question>
 
 	<answer>
 	  <para>This section <link
 	      xlink:href="&url.books.handbook;/adding-swap-space.html">of
 	      the Handbook</link> describes how to do this.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="manufacturer-disk-size">
 	  <para>Why does &os; see my disk as smaller than the
 	    manufacturer says it is?</para>
 	</question>
 
 	<answer>
 	  <para>Disk manufacturers calculate gigabytes as a billion
 	    bytes each, whereas &os; calculates them as
 	    1,073,741,824&nbsp;bytes each.  This explains why, for
 	    example, &os;'s boot messages will report a disk that
 	    supposedly has 80&nbsp;GB as holding
 	    76,319&nbsp;MB.</para>
 
 	  <para>Also note that &os; will (by default) <link
 	      linkend="disk-more-than-full">reserve</link> 8% of the
 	    disk space.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="disk-more-than-full">
 	  <para>How is it possible for a partition to be more than
 	    100% full?</para>
 	</question>
 
 	<answer>
 	  <para>A portion of each UFS partition (8%, by default) is
 	    reserved for use by the operating system and the
 	    <systemitem class="username">root</systemitem> user.
 	    &man.df.1; does not count that space when calculating the
 	    <literal>Capacity</literal> column, so it can exceed 100%.
 	    Notice that the <literal>Blocks</literal>
 	    column is always greater than the sum of the
 	    <literal>Used</literal> and <literal>Avail</literal>
 	    columns, usually by a factor of 8%.</para>
 
 	  <para>For more details, look up <option>-m</option> in
 	    &man.tunefs.8;.</para>
 	</answer>
       </qandaentry>
 
     </qandaset>
   </chapter>
 
   <chapter xml:id="all-about-zfs">
     <title>ZFS</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="how-much-ram-for-zfs">
 	  <para>What is the minimum amount of RAM one should have to
 	    run ZFS?</para>
 	</question>
 
 	<answer>
 	  <para>A minimum of 4GB of RAM is required for comfortable
 	    usage, but individual workloads can vary widely.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="what-is-zil">
 	  <para>What is the ZIL and when does it get used?</para>
 	</question>
 
 	<answer>
 	  <para>The <acronym>ZIL</acronym> (<acronym>ZFS</acronym>
 	    intent log) is a write log used to implement posix write
 	    commitment semantics across crashes.  Normally writes are
 	    bundled up into transaction groups and written to disk
 	    when filled (<quote>Transaction Group Commit</quote>).
 	    However syscalls like &man.fsync.2; require a commitment
 	    that the data is written to stable storage before
 	    returning.  The ZIL is needed for writes that have been
 	    acknowledged as written but which are not yet on disk as
 	    part of a transaction.  The transaction groups are
 	    timestamped.  In the event of a crash the last valid
 	    timestamp is found and missing data is merged in from the
 	    ZIL.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="need-ssd-for-zil">
 	  <para>Do I need a SSD for ZIL?</para>
 	</question>
 
 	<answer>
 	  <para>By default, ZFS stores the ZIL in the pool with all
 	    the data.  If an application has a heavy write load,
 	    storing the ZIL in a separate device that has very fast
 	    synchronous, sequential write performance can improve
 	    overall system performance.  For other workloads, a SSD
 	    is unlikely to make much of an improvement.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="what-is-l2arc">
 	  <para>What is the L2ARC?</para>
 	</question>
 
 	<answer>
 	  <para>The <acronym>L2ARC</acronym> is a read cache stored on
 	    a fast device such as an <acronym>SSD</acronym>.  This
 	    cache is not persistent across reboots.  Note that RAM is
 	    used as the first layer of cache and the L2ARC is only
 	    needed if there is insufficient RAM.</para>
 
 	  <para>L2ARC needs space in the ARC to index it.  So,
 	    perversely, a working set that fits perfectly in the ARC
 	    will not fit perfectly any more if a L2ARC is used because
 	    part of the ARC is holding the L2ARC index, pushing part
 	    of the working set into the L2ARC which is slower than
 	    RAM.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="should-enable-dedup">
 	  <para>Is enabling deduplication advisable?</para>
 	</question>
 
 	<answer>
 	  <para>Generally speaking, no.</para>
 
 	  <para>Deduplication takes up a significant amount of RAM and
 	    may slow down read and write disk access times.  Unless
 	    one is storing data that is very heavily duplicated, such
 	    as virtual machine images or user backups, it is possible
 	    that deduplication will do more harm than good.  Another
 	    consideration is the inability to revert deduplication
 	    status.  If data is written when deduplication is enabled,
 	    disabling dedup will not cause those blocks which were
 	    deduplicated to be replicated until they are next
 	    modified.</para>
 
 	  <para>Deduplication can also lead to some unexpected
 	    situations.  In particular, deleting files may become much
 	    slower.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="zpool-fully-full">
 	  <para>I cannot delete or create files on my ZFS pool.  How
 	    can I fix this?</para>
 	</question>
 
 	<answer>
 	  <para>This could happen because the pool is 100% full.  ZFS
 	    requires space on the disk to write transaction metadata.
 	    To restore the pool to a usable state, truncate the file
 	    to delete:</para>
 
 	  <screen>&prompt.user; <userinput>truncate -s 0 unimportant-file</userinput></screen>
 
 	  <para>File truncation works because a new transaction is not
 	    started, new spare blocks are created instead.</para>
 
 	  <note>
 	    <para>On systems with additional ZFS dataset tuning, such
 	      as deduplication, the space may not be immediately
 	      available</para>
 	  </note>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="zfs-ssd-trim">
 	  <para>Does ZFS support TRIM for Solid State Drives?</para>
 	</question>
 
 	<answer>
 	  <para>ZFS TRIM support was added to &os;&nbsp;10-CURRENT
 	    with revision r<revnumber>240868</revnumber>.  ZFS TRIM
 	    support was added to all &os;-STABLE branches in
 	    r<revnumber>252162</revnumber> and
 	    r<revnumber>251419</revnumber>, respectively.</para>
 
 	  <para>ZFS TRIM is enabled by default, and can be turned off
 	    by adding this line to
 	    <filename>/etc/sysctl.conf</filename>:</para>
 
 	  <programlisting>vfs.zfs.trim.enabled=0</programlisting>
 
 	  <note>
 	    <para>ZFS TRIM may not work with all configurations, such
 	      as a ZFS filesystem on a GELI-backed device.</para>
 	  </note>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="admin">
     <title>System Administration</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="startup-config-files">
 	  <para>Where are the system start-up configuration
 	    files?</para>
 	</question>
 
 	<answer>
 	  <para>The primary configuration file is
 	    <filename>/etc/defaults/rc.conf</filename> which is
 	    described in &man.rc.conf.5;.  System startup scripts
 	    such as <filename>/etc/rc</filename> and
 	    <filename>/etc/rc.d</filename>, which are described in
 	    &man.rc.8;, include this file.  <emphasis>Do not edit this
 	      file!</emphasis>  Instead, to edit an entry in
 	    <filename>/etc/defaults/rc.conf</filename>, copy the line
 	    into <filename>/etc/rc.conf</filename> and change it
 	    there.</para>
 
 	  <para>For example, if to start &man.named.8;, the
 	    included DNS server:</para>
 
 	  <screen>&prompt.root; <userinput>echo 'named_enable="YES"' &gt;&gt; /etc/rc.conf</userinput></screen>
 
 	  <para>To start up local services, place shell scripts in the
 	    <filename>/usr/local/etc/rc.d</filename> directory.  These
 	    shell scripts should be set executable, the default file
 	    mode is <literal>555</literal>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="adding-users">
 	  <para>How do I add a user easily?</para>
 	</question>
 
 	<answer>
 	  <para>Use the &man.adduser.8; command, or the &man.pw.8;
 	    command for more complicated situations.</para>
 
 	  <para>To remove the user, use the &man.rmuser.8; command or,
 	    if necessary, &man.pw.8;.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="root-not-found-cron-errors">
 	  <para>Why do I keep getting messages like <errorname>root:
 	      not found</errorname> after editing
 	    <filename>/etc/crontab</filename>?</para>
 	</question>
 
 	<answer>
 	  <para>This is normally caused by editing the system crontab.
 	    This is not the correct way to do things as the system
 	    crontab has a different format to the per-user crontabs.
 	    The system
 	    crontab has an extra field, specifying which user to run
 	    the command as.  &man.cron.8; assumes this user is the
 	    first word of the command to execute.  Since no such
 	    command exists, this error message is displayed.</para>
 
 	  <para>To delete the extra, incorrect crontab:</para>
 
 	  <screen>&prompt.root; <userinput>crontab -r</userinput></screen>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="su-wheel-group">
 	  <para>Why do I get the error, <errorname>you are not in the
 	      correct group to su root</errorname> when I try to
 	    <command>su</command> to <systemitem
 	      class="username">root</systemitem>?</para>
 	</question>
 
 	<answer>
 	  <para>This is a security feature.  In order to
 	    <command>su</command> to
 	    <systemitem class="username">root</systemitem>, or any
 	    other account with superuser privileges, the user account
 	    must be a member of the
 	    <systemitem class="groupname">wheel</systemitem> group.
 	    If this feature were not there, anybody with an
 	    account on a system who also found out <systemitem
 	      class="username">root</systemitem>'s password would be
 	    able to gain superuser level access to the system.</para>
 
 	  <para>To allow someone to <command>su</command> to
 	    <systemitem class="username">root</systemitem>, put
 	    them in the <systemitem
 	      class="groupname">wheel</systemitem> group using
 	    <command>pw</command>:</para>
 
 	  <screen>&prompt.root; <userinput>pw groupmod wheel -m lisa</userinput></screen>
 
 	  <para>The above example will add user <systemitem
 	      class="username">lisa</systemitem> to the group
 	    <systemitem class="groupname">wheel</systemitem>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="rcconf-readonly">
 	  <para>I made a mistake in <filename>rc.conf</filename>, or
 	    another startup file, and now I cannot edit it because the
 	    file system is read-only.  What should I do?</para>
 	</question>
 
 	<answer>
 	  <para>Restart the system using <userinput>boot
 	      -s</userinput> at the loader prompt to enter single-user
 	    mode.  When prompted for a shell pathname, press
 	    <keycap>Enter</keycap> and run <command>mount -urw
 	      /</command> to re-mount the root file system in
 	    read/write mode.  You may also need to run <command>mount
 	      -a -t ufs</command> to mount the file system where your
 	    favorite editor is defined.  If that editor is on a
 	    network file system, either configure the network manually
 	    before mounting the network file systems, or use an editor
 	    which resides on a local file system, such as
 	    &man.ed.1;.</para>
 
 	  <para>In order to use a full screen editor such as
 	    &man.vi.1; or &man.emacs.1;, run
 	    <command>export TERM=xterm</command>
 	    so that these editors can load the correct data from the
 	    &man.termcap.5; database.</para>
 
 	  <para>After performing these steps, edit
 	    <filename>/etc/rc.conf</filename> to
 	    fix the syntax error.  The error message displayed
 	    immediately after the kernel boot messages should indicate
 	    the number of the line in the file which is at
 	    fault.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="printer-setup">
 	  <para>Why am I having trouble setting up my printer?</para>
 	</question>
 
 	<answer>
 	  <para>See the <link
 	      xlink:href="&url.books.handbook;/printing.html">Handbook
 	      entry on printing</link> for troubleshooting
 	    tips.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="keyboard-mappings">
 	  <para>How can I correct the keyboard mappings for my
 	    system?</para>
 	</question>
 
 	<answer>
 	  <para>Refer to the Handbook section on <link
 	      xlink:href="&url.books.handbook;/using-localization.html">using
 	      localization</link>, specifically the section on <link
 	      xlink:href="&url.books.handbook;/using-localization.html#setting-console">console
 	      setup</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="user-quotas">
 	  <para>Why can I not get user quotas to work properly?</para>
 	</question>
 
 	<answer>
 	  <orderedlist>
 	    <listitem>
 	      <para>It is possible that the kernel is not configured
 		to use quotas.  In this case,
 		add the following line to the kernel configuration
 		file and recompile the kernel:</para>
 
 	      <programlisting>options QUOTA</programlisting>
 
 	      <para>Refer to the <link
 		  xlink:href="&url.books.handbook;/quotas.html">Handbook
 		  entry on quotas</link> for full details.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Do not turn on quotas on
 		<filename>/</filename>.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Put the quota file on the file system that the
 		quotas are to be enforced on:</para>
 
 	      <informaltable frame="none" pgwide="1">
 		<tgroup cols="2">
 		  <thead>
 		    <row>
 		      <entry>File System</entry>
 
 		      <entry>Quota file</entry>
 		    </row>
 		  </thead>
 
 		  <tbody>
 		    <row>
 		      <entry><filename>/usr</filename></entry>
 
 		      <entry><filename>/usr/admin/quotas</filename></entry>
 		    </row>
 
 		    <row>
 		      <entry><filename>/home</filename></entry>
 
 		      <entry><filename>/home/admin/quotas</filename></entry>
 		    </row>
 
 		    <row>
 		      <entry>&hellip;</entry>
 
 		      <entry>&hellip;</entry>
 		    </row>
 		  </tbody>
 		</tgroup>
 	      </informaltable>
 	    </listitem>
 	  </orderedlist>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="sysv-ipc">
 	  <para>Does &os; support System V IPC primitives?</para>
 	</question>
 
 	<answer>
 	  <para>Yes, &os; supports System V-style IPC, including
 	    shared memory, messages and semaphores, in the
 	    <filename>GENERIC</filename> kernel.  With a custom
 	    kernel, support may be loaded with the
 	    <filename>sysvshm.ko</filename>,
 	    <filename>sysvsem.ko</filename> and
 	    <filename>sysvmsg.ko</filename> kernel modules, or
 	    enabled in the custom kernel by adding the following lines
 	    to the kernel configuration file:</para>
 
 	  <programlisting>options    SYSVSHM          # enable shared memory
 options    SYSVSEM          # enable for semaphores
 options    SYSVMSG          # enable for messaging</programlisting>
 
 	  <para>Recompile and install the kernel.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="sendmail-alternative">
 	  <para>What other mail-server software can I use instead of
 	    <application>Sendmail</application>?</para>
 	</question>
 
 	<answer>
 	  <para>The <link
 	      xlink:href="http://www.sendmail.org/"><application>Sendmail</application></link>
 	    server is the default mail-server software for &os;, but
 	    it can be replaced with another
 	    MTA installed from the Ports Collection.  Available ports
 	    include <package>mail/exim</package>,
 	    <package>mail/postfix</package>, and
 	    <package>mail/qmail</package>.  Search the mailing lists
 	    for discussions regarding the advantages and disadvantages
 	    of the available MTAs.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="forgot-root-pw">
 	  <para>I have forgotten the <systemitem
 	      class="username">root</systemitem> password!  What do I
 	    do?</para>
 	</question>
 
 	<answer>
 	  <para>Do not panic!  Restart the system, type
 	    <userinput>boot -s</userinput> at the
 	    <literal>Boot:</literal> prompt to enter single-user mode.
 	    At the question about the shell to use, hit
 	    <keycap>Enter</keycap> which will display a
 	    &prompt.root; prompt.  Enter <command>mount
 	      -urw /</command> to remount the root file system
 	    read/write, then run <command>mount -a</command> to
 	    remount all the file systems.  Run <command>passwd
 	      root</command> to change the <systemitem
 	      class="username">root</systemitem> password then run
 	    &man.exit.1; to continue booting.</para>
 
 	  <note>
 	    <para>If you are still prompted to give the <systemitem
 		class="username">root</systemitem> password when
 	      entering the single-user mode, it means that the console
 	      has been marked as <literal>insecure</literal> in
 	      <filename>/etc/ttys</filename>.  In this case, it will
 	      be required to boot from a &os; installation disk,
 	      choose the <guimenuitem>Live CD</guimenuitem> or
 	      <guimenuitem>Shell</guimenuitem> at the beginning of the
 	      install process and issue the commands mentioned above.
 	      Mount the specific partition in this
 	      case and then chroot to it.  For example, replace
 	      <command>mount -urw /</command> with
 	      <command>mount /dev/ada0p1 /mnt; chroot /mnt</command>
 	      for a system on
 	      <replaceable>ada0p1</replaceable>.</para>
 	  </note>
 
 	  <note>
 	    <para>If the root partition cannot be mounted from
 	      single-user mode, it is possible that the partitions are
 	      encrypted and it is impossible to mount them without the
 	      access keys.  For more information see the section
 	      about encrypted disks in the &os; <link
 		xlink:href="&url.books.handbook;/disks-encrypting.html">Handbook</link>.</para>
 	  </note>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="CAD-reboot">
 	  <para>How do I keep <keycombo
 	      action="simul"><keycap>Control</keycap><keycap>Alt</keycap><keycap>Delete</keycap></keycombo>
 	    from rebooting the system?</para>
 	</question>
 
 	<answer>
 	  <para>When using &man.syscons.4;, the default console
 	    driver, build and install a new kernel with this line in
 	    the configuration file:</para>
 
 	  <programlisting>options SC_DISABLE_REBOOT</programlisting>
 
 	  <para>This can also be done by setting the following
 	    &man.sysctl.8; which does not require a reboot or kernel
 	    recompile:</para>
 
 	  <screen>&prompt.root; <userinput>sysctl hw.syscons.kbd_reboot=0</userinput></screen>
 
 	  <note>
 	    <para>The above two methods are exclusive:  The
 	      &man.sysctl.8; does not exist if the kernel is compiled
 	      with <literal>SC_DISABLE_REBOOT</literal>.</para>
 	  </note>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="dos-to-unix-txt">
 	  <para>How do I reformat DOS text files to &unix;
 	    ones?</para>
 	</question>
 
 	<answer>
 	  <para>Use this &man.perl.1; command:</para>
 
 	  <screen>&prompt.user; <userinput>perl -i.bak -npe 's/\r\n/\n/g' file(s)</userinput></screen>
 
 	  <para>where <replaceable>file(s)</replaceable> is one or
 	    more files to process.  The modification is done in-place,
 	    with the original file stored with a
 	    <filename>.bak</filename> extension.</para>
 
 	  <para>Alternatively, use &man.tr.1;:</para>
 
 	  <screen>&prompt.user; <userinput>tr -d '\r' &lt; dos-text-file &gt; unix-file</userinput></screen>
 
 	  <para><replaceable>dos-text-file</replaceable> is the file
 	    containing DOS text while
 	    <replaceable>unix-file</replaceable> will contain the
 	    converted output.  This can be quite a bit faster than
 	    using <command>perl</command>.</para>
 
 	  <para>Yet another way to reformat DOS text files is to use
 	    the <package>converters/dosunix</package> port from the
 	    Ports Collection.  Consult its documentation about the
 	    details.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="reread-rc">
 	  <para>How do I re-read <filename>/etc/rc.conf</filename> and
 	    re-start <filename>/etc/rc</filename> without a
 	    reboot?</para>
 	</question>
 
 	<answer>
 	  <para>Go into single-user mode and then back to multi-user
 	    mode:</para>
 
 	  <screen>&prompt.root; <userinput>shutdown now</userinput>
 &prompt.root; <userinput>return</userinput>
 &prompt.root; <userinput>exit</userinput></screen>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="release-candidate">
 	  <para>I tried to update my system to the latest
 	    <emphasis>-STABLE</emphasis>, but got
 	    <emphasis>-BETA<replaceable>x</replaceable></emphasis>,
 	    <emphasis>-RC</emphasis> or
 	    <emphasis>-PRERELEASE</emphasis>!  What is going
 	    on?</para>
 	</question>
 
 	<answer>
 	  <para>Short answer: it is just a name.
 	    <emphasis>RC</emphasis> stands for <quote>Release
 	      Candidate</quote>.  It signifies that a release is
 	    imminent.  In &os;, <emphasis>-PRERELEASE</emphasis> is
 	    typically synonymous with the code freeze before a
 	    release.  (For some releases, the
 	    <emphasis>-BETA</emphasis> label was used in the same way
 	    as <emphasis>-PRERELEASE</emphasis>.)</para>
 
 	  <para>Long answer: &os; derives its releases from one of two
 	    places.  Major, dot-zero, releases, such as 9.0-RELEASE
 	    are branched from the head of the development stream,
 	    commonly referred to as <link
 	      linkend="current">-CURRENT</link>.  Minor releases, such
 	    as 6.3-RELEASE or 5.2-RELEASE, have been snapshots of the
 	    active <link linkend="stable">-STABLE</link> branch.
 	    Starting with 4.3-RELEASE, each release also now has its
 	    own branch which can be tracked by people requiring an
 	    extremely conservative rate of development (typically only
 	    security advisories).</para>
 
 	  <para>When a release is about to be made, the branch from
 	    which it will be derived from has to undergo a certain
 	    process.  Part of this process is a code freeze.  When a
 	    code freeze is initiated, the name of the branch is
 	    changed to reflect that it is about to become a release.
 	    For example, if the branch used to be called 6.2-STABLE,
 	    its name will be changed to 6.3-PRERELEASE to signify the
 	    code freeze and signify that extra pre-release testing
 	    should be happening.  Bug fixes can still be committed to
 	    be part of the release.  When the source code is in shape
 	    for the release the name will be changed to 6.3-RC to
 	    signify that a release is about to be made from it.  Once
 	    in the RC stage, only the most critical bugs found can be
 	    fixed.  Once the release (6.3-RELEASE in this example) and
 	    release branch have been made, the branch will be renamed
 	    to 6.3-STABLE.</para>
 
 	  <para>For more information on version numbers and the
 	    various Subversion branches, refer to the <link
 	      xlink:href="&url.articles.releng;/article.html">Release
 	      Engineering</link> article.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="kernel-chflag-failure">
 	  <para>I tried to install a new kernel, and the
 	    &man.chflags.1; failed.  How do I get around this?</para>
 	</question>
 
 	<answer>
 	  <para>Short answer: the security level is
 	    greater than 0.  Reboot directly to single-user mode to
 	    install the kernel.</para>
 
 	  <para>Long answer: &os; disallows changing system flags at
 	    security levels greater than 0.  To check the current
 	    security level:</para>
 
 	  <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
 
 	  <para>The security level cannot be lowered in multi-user
 	    mode, so boot to single-user mode to install the kernel,
 	    or change the security level in
 	    <filename>/etc/rc.conf</filename> then reboot.  See the
 	    &man.init.8; manual page for details on
 	    <literal>securelevel</literal>, and see
 	    <filename>/etc/defaults/rc.conf</filename> and the
 	    &man.rc.conf.5; manual page for more information on
 	    <filename>rc.conf</filename>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="kernel-securelevel-time">
 	  <para>I cannot change the time on my system by more than one
 	    second!  How do I get around this?</para>
 	</question>
 
 	<answer>
 	  <para>Short answer: the system is at a security level
 	    greater than 1.  Reboot directly to single-user mode to
 	    change the date.</para>
 
 	  <para>Long answer: &os; disallows changing the time by more
 	    that one second at security levels greater than 1.  To
 	    check the security level:</para>
 
 	  <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
 
 	  <para>The security level cannot be lowered in multi-user
 	    mode.  Either boot to single-user mode to change the date
 	    or change the security level in
 	    <filename>/etc/rc.conf</filename> and reboot.  See the
 	    &man.init.8; manual page for details on
 	    <literal>securelevel</literal>, and see
 	    <filename>/etc/defaults/rc.conf</filename> and the
 	    &man.rc.conf.5; manual page for more information on
 	    <filename>rc.conf</filename>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="statd-mem-leak">
 	  <para>Why is <command>rpc.statd</command> using 256&nbsp;MB
 	    of memory?</para>
 	</question>
 
 	<answer>
 	  <para>No, there is no memory leak, and it is not using
 	    256&nbsp;MB of memory.  For convenience,
 	    <command>rpc.statd</command> maps an obscene amount of
 	    memory into its address space.  There is nothing terribly
 	    wrong with this from a technical standpoint; it just
 	    throws off things like &man.top.1; and &man.ps.1;.</para>
 
 	  <para>&man.rpc.statd.8; maps its status file (resident on
 	    <filename>/var</filename>) into its address space; to save
 	    worrying about remapping the status file later when it
 	    needs to grow, it maps the status file with a generous
 	    size.  This is very evident from the source code, where
 	    one can see that the length argument to &man.mmap.2; is
 	    <literal>0x10000000</literal>, or one sixteenth of the
 	    address space on an IA32, or exactly 256&nbsp;MB.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="unsetting-schg">
 	  <para>Why can I not unset the <literal>schg</literal> file
 	    flag?</para>
 	</question>
 
 	<answer>
 	  <para>The system is running at securelevel greater than 0.
 	    Lower the securelevel and try again.  For more
 	    information, see <link linkend="securelevel">the
 	      <acronym>FAQ</acronym> entry on securelevel</link> and
 	    the &man.init.8; manual page.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="vnlru">
 	  <para>What is <literal>vnlru</literal>?</para>
 	</question>
 
 	<answer>
 	  <para><literal>vnlru</literal> flushes and frees vnodes when
 	    the system hits the <varname>kern.maxvnodes</varname>
 	    limit.  This kernel thread sits mostly idle, and only
 	    activates when there is a huge amount of RAM and users are
 	    accessing tens of thousands of tiny files.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="top-memory-states">
 	  <para>What do the various memory states displayed by
 	    <command>top</command> mean?</para>
 	</question>
 
 	<!-- Provided by John Dyson via Usenet -->
 	<answer>
 	  <itemizedlist>
 	    <listitem>
 	      <para><literal>Active</literal>: pages recently
 		statistically used.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para><literal>Inactive</literal>: pages recently
 		statistically unused.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para><literal>Cache</literal>: (most often) pages that
 		have percolated from inactive to a status where they
 		maintain their data, but can often be immediately
 		reused (either with their old association, or reused
 		with a new association).  There can be certain
 		immediate transitions from <literal>active</literal>
 		to <literal>cache</literal> state if the page is known
 		to be clean (unmodified), but that transition is a
 		matter of policy, depending upon the algorithm choice
 		of the VM system maintainer.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para><literal>Free</literal>: pages without data
 		content, and can be immediately used in certain
 		circumstances where cache pages might be ineligible.
 		Free pages can be reused at interrupt or process
 		state.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para><literal>Wired</literal>: pages that are fixed
 		into memory, usually for kernel purposes, but also
 		sometimes for special use in processes.</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>Pages are most often written to disk (sort of a VM
 	    sync) when they are in the inactive state, but active
 	    pages can also be synced.  This depends upon the CPU
 	    tracking of the modified bit being available, and in
 	    certain situations there can be an advantage for a block
 	    of VM pages to be synced, whether they are active or
 	    inactive.  In most common cases, it is best to think of
 	    the inactive queue to be a queue of relatively unused
 	    pages that might or might not be in the process of being
 	    written to disk.  Cached pages are already synced, not
 	    mapped, but available for immediate process use with their
 	    old association or with a new association.  Free pages are
 	    available at interrupt level, but cached or free pages can
 	    be used at process state for reuse.  Cache pages are not
 	    adequately locked to be available at interrupt
 	    level.</para>
 
 	  <para>There are some other flags (e.g., busy flag or busy
 	    count) that might modify some of the described
 	    rules.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="free-memory-amount">
 	  <para>How much free memory is available?</para>
 	</question>
 
 	<!-- Provided by John Dyson via Usenet -->
 	<answer>
 	  <para>There are a couple of kinds of <quote>free
 	      memory</quote>.  One kind is the amount of memory
 	    immediately available without paging anything else out.
 	    That is approximately the size of cache queue + size of
 	    free queue (with a derating factor, depending upon system
 	    tuning).  Another kind of <quote>free memory</quote> is
 	    the total amount of <acronym>VM</acronym> space.  That can
 	    be complex, but is dependent upon the amount of swap space
 	    and memory.  Other kinds of <quote>free memory</quote>
 	    descriptions are also possible, but it is relatively
 	    useless to define these, but rather it is important to
 	    make sure that the paging rate is kept low, and to avoid
 	    running out of swap space.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="var-empty">
 	  <para>What is <filename>/var/empty</filename>?</para>
 	</question>
 
 	<answer>
 	  <para><filename>/var/empty</filename> is a directory that
 	    the &man.sshd.8; program uses when performing privilege
 	    separation.  The <filename>/var/empty</filename>
 	    directory is empty, owned by <systemitem
 	      class="username">root</systemitem> and has the
 	    <literal>schg</literal> flag set.  This directory should
 	    not be deleted.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="newsyslog-expectations">
 	  <para>I just changed
 	    <filename>/etc/newsyslog.conf</filename>.  How can I check
 	    if it does what I expect?</para>
 	</question>
 
 	<answer>
 	  <para>To see what &man.newsyslog.8; will do, use the
 	    following:</para>
 
 	  <screen>&prompt.user; <userinput>newsyslog -nrvv</userinput></screen>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="timezone">
 	  <para>My time is wrong, how can I change the
 	    timezone?</para>
 	</question>
 
 	<answer>
 	  <para>Use &man.tzsetup.8;.</para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="x">
     <title>The X Window System and Virtual Consoles</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="whatis-X">
 	  <para>What is the X Window System?</para>
 	</question>
 
 	<answer>
 	  <para>The X Window System (commonly <literal>X11</literal>)
 	    is the most widely available windowing system capable of
 	    running on &unix; or &unix;&nbsp;like systems, including
 	    &os;.  <link xlink:href="http://www.x.org/wiki/">The X.Org
 	      Foundation</link> administers the <link
 	      xlink:href="http://en.wikipedia.org/wiki/X_Window_System_core_protocol">X
 	      protocol standards</link>, with the current reference
 	    implementation, version 11 release &xorg.version;, so
 	    references are often shortened to
 	    <literal>X11</literal>.</para>
 
 	  <para>Many implementations are available for different
 	    architectures and operating systems.  An implementation of
 	    the server-side code is properly known as an <literal>X
 	      server</literal>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="running-X">
 	  <para>I want to run &xorg;, how do I go about it?</para>
 	</question>
 
 	<answer>
 	  <para>To install &xorg; do one of the following:</para>
 
 	  <para>Use the <package>x11/xorg</package>
 	    meta-port, which builds and installs every &xorg;
 	    component.</para>
 
 	  <para>Use <package>x11/xorg-minimal</package>, which builds
 	    and installs only the necessary &xorg; components.</para>
 
 	  <para>Install &xorg; from &os; packages:</para>
 
 	  <screen><userinput>&prompt.root; pkg install xorg</userinput></screen>
 
 	  <para>After the installation of &xorg;, follow the
 	    instructions from the <link
 	      xlink:href="&url.books.handbook;/x-config.html">X11
 	      Configuration</link> section of the &os;
 	    Handbook.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="running-X-securelevels">
 	  <para>I <emphasis>tried</emphasis> to run X, but I get a
 	    <errorname>No devices detected.</errorname> error when I
 	    type <command>startx</command>.  What do I do now?</para>
 	</question>
 
 	<answer>
 	  <para>The system is probably running at a raised
 	    <literal>securelevel</literal>.  It is not possible to
 	    start X at a raised <literal>securelevel</literal> because
 	    X requires write access to &man.io.4;.  For more
 	    information, see at the &man.init.8; manual page.</para>
 
 	  <para>There are two solutions to the problem: set the
 	    <literal>securelevel</literal> back down to zero or run
 	    &man.xdm.1; (or an alternative display manager) at boot
 	    time before the <literal>securelevel</literal> is
 	    raised.</para>
 
 	  <para>See <xref linkend="xdm-boot"/> for more information
 	    about running &man.xdm.1; at boot time.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="x-and-moused">
 	  <para>Why does my mouse not work with X?</para>
 	</question>
 
 	<answer>
 	  <para>When using &man.syscons.4;, the default console
 	    driver, &os; can be configured to support a mouse pointer
 	    on each virtual screen.  To avoid conflicting with X,
 	    &man.syscons.4; supports a virtual device called
 	    <filename>/dev/sysmouse</filename>.  All mouse events
 	    received from the real mouse device are written to the
 	    &man.sysmouse.4; device via &man.moused.8;.  To use the
 	    mouse on one or more virtual consoles,
 	    <emphasis>and</emphasis> use X, see <xref
 	      linkend="moused" remap="another section"/> and set up
 	    &man.moused.8;.</para>
 
 	  <para>Then edit <filename>/etc/X11/xorg.conf</filename> and
 	    make sure the following lines exist:</para>
 
 	  <programlisting>Section "InputDevice"
    Option          "Protocol" "SysMouse"
    Option          "Device" "/dev/sysmouse"
 .....</programlisting>
 
 	  <para>Starting with &xorg; version 7.4, the
 	    <literal>InputDevice</literal> sections in
 	    <filename>xorg.conf</filename> are ignored in favor of
 	    autodetected devices.  To restore the old behavior, add
 	    the following line to the <literal>ServerLayout</literal>
 	    or <literal>ServerFlags</literal> section:</para>
 
 	  <programlisting>Option "AutoAddDevices" "false"</programlisting>
 
 	  <para>Some people prefer to use
 	    <filename>/dev/mouse</filename> under X.  To make this
 	    work, <filename>/dev/mouse</filename> should be linked
 	    to <filename>/dev/sysmouse</filename> (see
 	    &man.sysmouse.4;) by adding the following line to
 	    <filename>/etc/devfs.conf</filename> (see
 	    &man.devfs.conf.5;):</para>
 
 	  <programlisting>link    sysmouse    mouse</programlisting>
 
 	  <para>This link can be created by restarting &man.devfs.5;
 	    with the following command (as <systemitem
 	      class="username">root</systemitem>):</para>
 
 	  <screen>&prompt.root; <userinput>service devfs restart</userinput></screen>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="x-and-wheel">
 	  <para>My mouse has a fancy wheel.  Can I use it in X?</para>
 	</question>
 
 	<answer>
 	  <para>Yes, if X is configured for a 5 button mouse.  To
 	    do this, add the lines <literal>Buttons 5</literal>
 	    and <literal>ZAxisMapping 4 5</literal> to the
 	    <quote>InputDevice</quote> section of
 	    <filename>/etc/X11/xorg.conf</filename>, as seen in this
 	    example:</para>
 
 	  <programlisting>Section "InputDevice"
    Identifier      "Mouse1"
    Driver          "mouse"
    Option          "Protocol" "auto"
    Option          "Device" "/dev/sysmouse"
    Option          "Buttons" "5"
    Option          "ZAxisMapping" "4 5"
 EndSection</programlisting>
 
 	    <para>The mouse can be enabled in
 	      <application>Emacs</application>by adding these
 	      lines to <filename>~/.emacs</filename>:</para>
 
 	    <programlisting>;; wheel mouse
 (global-set-key [mouse-4] 'scroll-down)
 (global-set-key [mouse-5] 'scroll-up)</programlisting>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="x-and-synaptic">
 	  <para>My laptop has a Synaptics touchpad.  Can I use it in
 	    X?</para>
 	</question>
 
 	<answer>
 	  <para>Yes, after configuring a few things to make
 	    it work.</para>
 
 	  <para>In order to use the Xorg synaptics driver,
 	    first remove <literal>moused_enable</literal> from
 	    <filename>rc.conf</filename>.</para>
 
 	  <para>To enable synaptics, add the following line to
 	    <filename>/boot/loader.conf</filename>:</para>
 
 	  <programlisting>hw.psm.synaptics_support="1"</programlisting>
 
 	  <para>Add the following to
 	    <filename>/etc/X11/xorg.conf</filename>:</para>
 
 	  <programlisting>Section "InputDevice"
 Identifier  "Touchpad0"
 Driver      "synaptics"
 Option      "Protocol" "psm"
 Option      "Device" "/dev/psm0"
 EndSection</programlisting>
 
 	  <para>And be sure to add the following into the
 	    <quote>ServerLayout</quote> section:</para>
 
 	  <programlisting>InputDevice    "Touchpad0" "SendCoreEvents"</programlisting>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="no-remote-x11">
 	  <para>How do I use remote X displays?</para>
 	</question>
 
 	<answer>
 	  <para>For security reasons, the default setting is to not
 	    allow a machine to remotely open a window.</para>
 
 	  <para>To enable this feature, start
 	    <application>X</application> with the optional
 	    <option>-listen_tcp</option> argument:</para>
 
 	  <screen>&prompt.user; <userinput>startx -listen_tcp</userinput></screen>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="virtual-console">
 	  <para>What is a virtual console and how do I make
 	    more?</para>
 	</question>
 
 	<answer>
 	  <para>Virtual consoles provide
 	    several simultaneous sessions on the same machine without
 	    doing anything complicated like setting up a network or
 	    running X.</para>
 
 	  <para>When the system starts, it will display a login prompt
 	    on the monitor after displaying all the boot messages.
 	    Type in your login name and password to
 	    start working on the first virtual
 	    console.</para>
 
 	  <para>To start another
 	    session, perhaps to look at documentation for a program
 	    or to read mail while waiting for an
 	    FTP transfer to finish,
 	    hold down <keycap>Alt</keycap> and press
 	    <keycap>F2</keycap>.  This will display the login prompt
 	    for the second virtual
 	      console.  To go back to the
 	    original session, press <keycombo
 	      action="simul"><keycap>Alt</keycap><keycap>F1</keycap></keycombo>.</para>
 
 	  <para>The default &os; installation has eight virtual
 	    consoles enabled.  <keycombo
 	      action="simul"><keycap>Alt</keycap><keycap>F1</keycap></keycombo>,
 	    <keycombo
 	      action="simul"><keycap>Alt</keycap><keycap>F2</keycap></keycombo>,
 	    <keycombo
 	      action="simul"><keycap>Alt</keycap><keycap>F3</keycap></keycombo>,
 	    and so on will switch between these virtual
 	    consoles.</para>
 
 	  <para>To enable more of virtual consoles, edit
 	    <filename>/etc/ttys</filename> (see &man.ttys.5;) and add
 	    entries for <filename>ttyv8</filename> to
 	    <filename>ttyvc</filename>, after the comment on
 	    <quote>Virtual terminals</quote>:</para>
 
 	  <programlisting># Edit the existing entry for ttyv8 in /etc/ttys and change
 # "off" to "on".
 ttyv8   "/usr/libexec/getty Pc"         xterm  on secure
 ttyv9   "/usr/libexec/getty Pc"         xterm  on secure
 ttyva   "/usr/libexec/getty Pc"         xterm  on secure
 ttyvb   "/usr/libexec/getty Pc"         xterm  on secure</programlisting>
 
 	  <para>The more virtual
 	    terminals, the more resources that are used.  This can be
 	    problematic on systems with 8&nbsp;MB RAM or less.
 	    Consider changing <literal>secure</literal> to
 	    <literal>insecure</literal>.</para>
 
 	  <important>
 	    <para>In order to run an X server, at least one virtual
 	      terminal must be left to <literal>off</literal> for it
 	      to use.  This means that only eleven of the Alt-function
 	      keys can be used as virtual consoles so that one is left
 	      for the X server.</para>
 	  </important>
 
 	  <para>For example, to run X and eleven virtual consoles, the
 	    setting for virtual terminal 12 should be:</para>
 
 	  <programlisting>ttyvb   "/usr/libexec/getty Pc"         xterm  off secure</programlisting>
 
 	  <para>The easiest way to activate the
 	    virtual consoles is to reboot.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="vty-from-x">
 	  <para>How do I access the virtual consoles from X?</para>
 	</question>
 
 	<answer>
 	  <para>Use <keycombo
 	      action="simul"><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>F<replaceable>n</replaceable></keycap></keycombo>
 	    to switch back to a virtual console.  Press <keycombo
 	      action="simul"><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>F1</keycap></keycombo>
 	    to return to the first virtual console.</para>
 
 	  <para>Once at a text console, use
 	    <keycombo
 	      action="simul"><keycap>Alt</keycap><keycap>F<replaceable>n</replaceable></keycap></keycombo>
 	    to move between them.</para>
 
 	  <para>To return to the X session, switch to the
 	    virtual console running X.  If X was started from the
 	    command line using <command>startx</command>,
 	    the X session will attach to the next unused virtual
 	    console, not the text console from which it was invoked.
 	    For eight active virtual terminals, X will
 	    run on the ninth, so use <keycombo
 	      action="simul"><keycap>Alt</keycap><keycap>F9</keycap></keycombo>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="xdm-boot">
 	  <para>How do I start <application>XDM</application> on
 	    boot?</para>
 	</question>
 
 	<answer>
 	  <para>There are two schools of thought on how to start
 	    &man.xdm.1;.  One school starts <command>xdm</command>
 	    from <filename>/etc/ttys</filename> (see &man.ttys.5;)
 	    using the supplied example, while the other runs
 	    <command>xdm</command> from
 	    <filename>rc.local</filename> (see &man.rc.8;) or from an
 	    <filename>X</filename> script in
 	    <filename>/usr/local/etc/rc.d</filename>.  Both are
 	    equally valid, and one may work in situations where the
 	    other does not.  In both cases the result is the same: X
 	    will pop up a graphical login prompt.</para>
 
 	  <para>The &man.ttys.5; method has the advantage of
 	    documenting which vty X will start on and passing the
 	    responsibility of restarting the X server on logout to
 	    &man.init.8;.  The &man.rc.8; method makes it easy to
 	    <command>kill</command> <command>xdm</command> if there is
 	    a problem starting the X server.</para>
 
 	  <para>If loaded from &man.rc.8;, <command>xdm</command>
 	    should be started without any arguments.
 	    <command>xdm</command> must start
 	    <emphasis>after</emphasis> &man.getty.8; runs, or else
 	    <command>getty</command> and <command>xdm</command> will
 	    conflict, locking out the console.  The best way around
 	    this is to have the script sleep 10 seconds or so then
 	    launch <command>xdm</command>.</para>
 
 	  <para>When starting <command>xdm</command> from
 	    <filename>/etc/ttys</filename>, there still is a chance of
 	    conflict between <command>xdm</command> and &man.getty.8;.
 	    One way to avoid this is to add the <literal>vt</literal>
 	    number in
 	    <filename>/usr/local/lib/X11/xdm/Xservers</filename>:</para>
 
 	  <programlisting>:0 local /usr/local/bin/X vt4</programlisting>
 
 	  <para>The above example will direct the X server to run in
 	    <filename>/dev/ttyv3</filename>.  Note the number is
 	    offset by one.  The X server counts the vty from one,
 	    whereas the &os; kernel numbers the vty from zero.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="xconsole-failure">
 	  <para>Why do I get <errorname>Couldn't open
 	      console</errorname> when I run
 	    <command>xconsole</command>?</para>
 	</question>
 
 	<answer>
 	  <para>When <application>X</application> is started with
 	    <command>startx</command>, the permissions on
 	    <filename>/dev/console</filename> will
 	    <emphasis>not</emphasis> get changed, resulting in things
 	    like <command>xterm -C</command> and
 	    <command>xconsole</command> not working.</para>
 
 	  <para>This is because of the way console permissions are set
 	    by default.  On a multi-user system, one does not
 	    necessarily want just any user to be able to write on the
 	    system console.  For users who are logging directly onto a
 	    machine with a VTY, the &man.fbtab.5; file exists to solve
 	    such problems.</para>
 
 	  <para>In a nutshell, make sure an uncommented line of the
 	    form is in <filename>/etc/fbtab</filename> (see
 	    &man.fbtab.5;):</para>
 
 	  <programlisting>/dev/ttyv0 0600 /dev/console</programlisting>
 
 	  <para>It will ensure that whomever logs in on
 	    <filename>/dev/ttyv0</filename> will own the
 	    console.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="ps2-x">
 	  <para>Why does my PS/2 mouse misbehave under X?</para>
 	</question>
 
 	<answer>
 	  <para>The mouse and the mouse driver may have become out of
 	    synchronization.  In rare cases, the driver may also
 	    erroneously report synchronization errors:</para>
 
 	  <programlisting>psmintr: out of sync (xxxx != yyyy)</programlisting>
 
 	  <para>If this happens, disable the synchronization check
 	    code by setting the driver flags for the PS/2 mouse driver
 	    to <literal>0x100</literal>.  This can be easiest achieved
 	    by adding <literal>hint.psm.0.flags="0x100"</literal> to
 	    <filename>/boot/loader.conf</filename> and
 	    rebooting.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="mouse-button-reverse">
 	  <para>How do I reverse the mouse buttons?</para>
 	</question>
 
 	<answer>
 	  <para>Type
 	    <command>xmodmap -e "pointer = 3 2 1"</command>.  Add this
 	    command to <filename>~/.xinitrc</filename> or
 	    <filename>~/.xsession</filename> to make it happen
 	    automatically.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="install-splash">
 	  <para>How do I install a splash screen and where do I find
 	    them?</para>
 	</question>
 
 	<answer>
 	  <para>The detailed answer for this question can be found in
 	    the <link
 	      xlink:href="&url.books.handbook;/boot-splash.html">Boot
 	    Time Splash Screens</link> section of the &os;
 	    Handbook.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="windows-keys">
 	  <para>Can I use the <keycap>Windows</keycap> keys on my
 	    keyboard in X?</para>
 	</question>
 
 	<answer>
 	  <para>Yes.  Use &man.xmodmap.1; to
 	    define which functions the keys should perform.</para>
 
 	  <para>Assuming all Windows keyboards are
 	    standard, the keycodes for these three keys are the
 	    following:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para><keycode>115</keycode> &mdash;
 		<keycap>Windows</keycap> key, between the left-hand
 		<keycap>Ctrl</keycap> and <keycap>Alt</keycap>
 		keys</para>
 	    </listitem>
 
 	    <listitem>
 	      <para><keycode>116</keycode> &mdash;
 		<keycap>Windows</keycap> key, to the right of
 		<keycap>AltGr</keycap></para>
 	    </listitem>
 
 	    <listitem>
 	      <para><keycode>117</keycode> &mdash;
 		<keycap>Menu</keycap>, to the left of the right-hand
 		<keycap>Ctrl</keycap></para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>To have the left <keycap>Windows</keycap> key print a
 	    comma, try this.</para>
 
 	  <screen>&prompt.root; <userinput>xmodmap -e "keycode 115 = comma"</userinput></screen>
 
 	  <para>To have the <keycap>Windows</keycap> key-mappings
 	    enabled automatically every time X is started, either put
 	    the <command>xmodmap</command> commands in
 	    <filename>~/.xinitrc</filename> or, preferably, create
 	    a <filename>~/.xmodmaprc</filename> and include the
 	    <command>xmodmap</command> options, one per line, then add
 	    the following line to
 	    <filename>~/.xinitrc</filename>:</para>
 
 	  <programlisting>xmodmap $HOME/.xmodmaprc</programlisting>
 
 	  <para>For example, to map the 3 keys to be
 	    <keycap>F13</keycap>, <keycap>F14</keycap>, and
 	    <keycap>F15</keycap>, respectively.  This would make it
 	    easy to map them to useful functions within applications
 	    or the window manager.</para>
 
 	  <para>To do this, put the following in
 	    <filename>~/.xmodmaprc</filename>.</para>
 
 	  <programlisting>keycode 115 = F13
 keycode 116 = F14
 keycode 117 = F15</programlisting>
 
 	  <para>For the <package>x11-wm/fvwm2</package> desktop
 	    manager, one could map the keys so that
 	    <keycap>F13</keycap> iconifies or de-iconifies the
 	    window the cursor is in, <keycap>F14</keycap> brings the
 	    window the cursor is in to the front or, if it is already
 	    at the front, pushes it to the back, and
 	    <keycap>F15</keycap> pops up the main Workplace
 	    menu even if the cursor is not on the
 	    desktop, which is useful when no part of
 	    the desktop is visible.</para>
 
 	  <para>The following entries in
 	    <filename>~/.fvwmrc</filename> implement the
 	    aforementioned setup:</para>
 
 	  <programlisting>Key F13        FTIWS    A        Iconify
 Key F14        FTIWS    A        RaiseLower
 Key F15        A        A        Menu Workplace Nop</programlisting>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="x-3d-acceleration">
 	  <para>How can I get 3D hardware acceleration for
 	    &opengl;?</para>
 	</question>
 
 	<answer>
 	  <para>The availability of 3D acceleration depends on the
 	    version of &xorg; and the type of video
 	    chip.  For an nVidia chip, use
 	    the binary drivers provided for &os; by installing one of
 	    the following ports:</para>
 
 	  <para>The latest versions of nVidia cards are supported
 	    by the <package>x11/nvidia-driver</package>
 	    port.</para>
 
 	  <para>Older drivers are available as
 	    <package>x11/nvidia-driver-<replaceable>###</replaceable></package></para>
 
 	  <para>nVidia provides detailed information on which
 	    card is supported by which driver on their web site: <uri
 	      xlink:href="http://www.nvidia.com/object/IO_32667.html">http://www.nvidia.com/object/IO_32667.html</uri>.</para>
 
 	  <para>For Matrox&nbsp;G200/G400, check the
 	    <package>x11-drivers/xf86-video-mga</package>
 	    port.</para>
 
 	  <para>For ATI&nbsp;Rage&nbsp;128 and Radeon see
 	    &man.ati.4x;, &man.r128.4x; and &man.radeon.4x;.</para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="networking">
     <title>Networking</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="diskless-booting">
 	  <para>Where can I get information on <quote>diskless
 	      booting</quote>?</para>
 	</question>
 
 	<answer>
 	  <para><quote>Diskless booting</quote> means that the &os;
 	    box is booted over a network, and reads the necessary
 	    files from a server instead of its hard disk.  For full
 	    details, see <link
 	      xlink:href="&url.books.handbook;/network-diskless.html">the
 	      Handbook entry on diskless booting</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="router">
 	  <para>Can a &os; box be used as a dedicated network
 	    router?</para>
 	</question>
 
 	<answer>
 	  <para>Yes.  Refer to the Handbook entry on <link
 	      xlink:href="&url.books.handbook;/advanced-networking.html">advanced
 	      networking</link>, specifically the section on <link
 	      xlink:href="&url.books.handbook;/network-routing.html">routing
 	      and gateways</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="natd">
 	  <para>Does &os; support NAT or Masquerading?</para>
 	</question>
 
 	<answer>
 	  <para>Yes.  For instructions on how to use NAT over a PPP
 	    connection, see the <link
 	      xlink:href="&url.books.handbook;/userppp.html">Handbook
 	      entry on PPP</link>.  To use NAT over
 	    some other sort of network connection, look at the
 	    <link
 	      xlink:href="&url.books.handbook;/firewalls-ipfw.html#network-natd">natd</link>
 	    section of the Handbook.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="ethernet-aliases">
 	  <para>How can I set up Ethernet aliases?</para>
 	</question>
 
 	<answer>
 	  <para>If the alias is on the same subnet as an address
 	    already configured on the interface, add
 	    <literal>netmask 0xffffffff</literal> to this
 	    command:</para>
 
 	  <screen>&prompt.root; <userinput>ifconfig <replaceable>ed0</replaceable> alias <replaceable>192.0.2.2 </replaceable>netmask 0xffffffff</userinput></screen>
 
 	  <para>Otherwise, specify the network address and
 	    netmask as usual:</para>
 
 	  <screen>&prompt.root; <userinput>ifconfig <replaceable>ed0</replaceable> alias <replaceable>172.16.141.5</replaceable> netmask 0xffffff00</userinput></screen>
 
 	  <para>More information can be found in the &os; <link
 	      xlink:href="&url.books.handbook;/configtuning-virtual-hosts.html">Handbook</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="nfs-linux">
 	  <para>Why can I not NFS-mount from a &linux; box?</para>
 	</question>
 
 	<answer>
 	  <para>Some versions of the &linux; NFS code only accept
 	    mount requests from a privileged port; try to issue the
 	    following command:</para>
 
 	  <screen>&prompt.root; <userinput>mount -o -P linuxbox:/blah /mnt</userinput></screen>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="exports-errors">
 	  <para>Why does <command>mountd</command> keep telling me it
 	    <errorname>can't change attributes</errorname> and that I
 	    have a <errorname>bad exports list</errorname> on my &os;
 	    NFS server?</para>
 	</question>
 
 	<answer>
 	  <para>The most frequent problem is not understanding the
 	    correct format of <filename>/etc/exports</filename>.
 	    Review &man.exports.5; and the <link
 	      xlink:href="&url.books.handbook;/network-nfs.html">NFS</link>
 	    entry in the Handbook, especially the section on <link
 	      xlink:href="&url.books.handbook;/network-nfs.html#configuring-nfs">configuring
 	      NFS</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="ip-multicast">
 	  <para>How do I enable IP multicast support?</para>
 	</question>
 
 	<answer>
 	  <para>Install the <package>net/mrouted</package> package
 	    or port and add
 	    <literal>mrouted_enable="YES"</literal> to
 	    <filename>/etc/rc.conf</filename> start this service at
 	    boot time.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="fqdn-hosts">
 	  <para>Why do I have to use the FQDN for hosts on my
 	    site?</para>
 	</question>
 
 	<answer>
 	  <para>See the answer in the &os; <link
 	      xlink:href="&url.books.handbook;/mail-trouble.html">Handbook</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="network-permission-denied">
 	  <para>Why do I get an error, <errorname>Permission
 	      denied</errorname>, for all networking
 	    operations?</para>
 	</question>
 
 	<answer>
 	  <para>If the kernel is compiled with the
 	    <literal>IPFIREWALL</literal> option, be aware
 	    that the default policy is to deny all packets that are
 	    not explicitly allowed.</para>
 
 	  <para>If the firewall is unintentionally misconfigured,
 	    restore network operability by
 	    typing the following as <systemitem
 	      class="username">root</systemitem>:</para>
 
 	  <screen>&prompt.root; <userinput>ipfw add 65534 allow all from any to any</userinput></screen>
 
 	  <para>Consider setting
 	    <literal>firewall_type="open"</literal> in
 	    <filename>/etc/rc.conf</filename>.</para>
 
 	  <para>For further information on configuring this
 	    firewall, see the <link
 	      xlink:href="&url.books.handbook;/firewalls-ipfw.html">Handbook
 	      chapter</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="ipfw-fwd">
 	  <para>Why is my <command>ipfw</command> <quote>fwd</quote>
 	    rule to redirect a service to another machine not
 	    working?</para>
 	</question>
 
 	<answer>
 	  <para>Possibly because network address translation (NAT) is
 	    needed instead of just forwarding packets.  A
 	    <quote>fwd</quote> rule only forwards packets, it does not
 	    actually change the data inside the packet.  Consider this
 	    rule:</para>
 
 	  <screen>01000 fwd <replaceable>10.0.0.1</replaceable> from any to <replaceable>foo 21</replaceable></screen>
 
 	  <para>When a packet with a destination address of
 	    <replaceable>foo</replaceable> arrives at the machine with
 	    this rule, the packet is forwarded to
 	    <replaceable>10.0.0.1</replaceable>, but it still has the
 	    destination address of <replaceable>foo</replaceable>.
 	    The destination address of the packet is
 	    not changed to
 	    <replaceable>10.0.0.1</replaceable>.  Most machines would
 	    probably drop a packet that they receive with a
 	    destination address that is not their own.  Therefore,
 	    using a <quote>fwd</quote> rule does not often work the
 	    way the user expects.  This behavior is a feature and not
 	    a bug.</para>
 
 	  <para>See the <link
 	      linkend="service-redirect"><acronym>FAQ</acronym> about
 	      redirecting services</link>, the &man.natd.8; manual, or
 	    one of the several port redirecting utilities in the <link
 	      xlink:href="&url.base;/ports/index.html">Ports
 	      Collection</link> for a correct way to do this.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="service-redirect">
 	  <para>How can I redirect service requests from one machine
 	    to another?</para>
 	</question>
 
 	<answer>
 	  <para>FTP and other service requests can be redirected with
 	    the <package>sysutils/socket</package> package or port.
 	    Replace the entry for the service in
 	    <filename>/etc/inetd.conf</filename> to call
 	    <command>socket</command>, as seen in this example for
 	    <application>ftpd</application>:</para>
 
 	  <programlisting>ftp stream tcp nowait nobody /usr/local/bin/socket socket <replaceable>ftp.example.com</replaceable> <replaceable>ftp</replaceable></programlisting>
 
 	  <para>where <replaceable>ftp.example.com</replaceable> and
 	    <replaceable>ftp</replaceable> are the host and port to
 	    redirect to, respectively.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="bandwidth-mgr-tool">
 	  <para>Where can I get a bandwidth management tool?</para>
 	</question>
 
 	<answer>
 	  <para>There are three bandwidth management tools available
 	    for &os;.  &man.dummynet.4; is integrated into &os; as
 	    part of &man.ipfw.4;.  <link
 	      xlink:href="http://www.sonycsl.co.jp/person/kjc/programs.html">ALTQ</link>
 	    has been integrated into &os; as part of &man.pf.4;.
 	    Bandwidth Manager from <link
 	      xlink:href="http://www.etinc.com/">Emerging
 	      Technologies</link> is a commercial product.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="bpf-not-configured">
 	  <para>Why do I get <errorname>/dev/bpf0: device not
 	      configured</errorname>?</para>
 	</question>
 
 	<answer>
 	  <para>The running application requires the Berkeley
 	    Packet Filter (&man.bpf.4;), but it was removed from a
 	    custom kernel.  Add this to the kernel config file and
 	    build a new kernel:</para>
 
 	  <programlisting>device bpf        # Berkeley Packet Filter</programlisting>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="mount-smb-share">
 	  <para>How do I mount a disk from a &windows; machine that is
 	    on my network, like smbmount in &linux;?</para>
 	</question>
 
 	<answer>
 	  <para>Use the <application>SMBFS</application> toolset.  It
 	    includes a set of kernel modifications and a set of
 	    userland programs.  The programs and information are
 	    available as &man.mount.smbfs.8; in the base
 	    system.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="icmp-response-bw-limit">
 	  <para>What are these messages about: <errorname>Limiting
 	      icmp/open port/closed port response</errorname> in my
 	    log files?</para>
 	</question>
 
 	<answer>
 	  <para>This kernel message indicates that some activity is
 	    provoking it to send a large amount of ICMP or TCP reset
 	    (RST) responses.  ICMP responses are
 	    often generated as a result of attempted connections to
 	    unused UDP ports.  TCP resets are generated as a result of
 	    attempted connections to unopened TCP ports.  Among
 	    others, these are the kinds of activities which may cause
 	    these messages:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>Brute-force denial of service (DoS) attacks (as
 		opposed to single-packet attacks which exploit a
 		specific vulnerability).</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Port scans which attempt to connect to a large
 		number of ports (as opposed to only trying a few
 		well-known ports).</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>The first number in the message indicates how many
 	    packets the kernel would have sent if the limit was not in
 	    place, and the second indicates the limit.  This limit
 	    is controlled using
 	    <varname>net.inet.icmp.icmplim</varname>.  This example
 	    sets the limit to <literal>300</literal>
 	    packets per second:</para>
 
 	  <screen>&prompt.root; <userinput>sysctl net.inet.icmp.icmplim=300</userinput></screen>
 
 	  <para>To disable these messages
 	    without disabling response
 	    limiting, use
 	    <varname>net.inet.icmp.icmplim_output</varname>
 	    to disable the output:</para>
 
 	  <screen>&prompt.root; <userinput>sysctl net.inet.icmp.icmplim_output=0</userinput></screen>
 
 	  <para>Finally, to disable response limiting completely,
 	    set <varname>net.inet.icmp.icmplim</varname> to
 	    <literal>0</literal>.  Disabling response limiting is
 	    discouraged for the reasons listed above.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="unknown-hw-addr-format">
 	  <para>What are these <errorname>arp: unknown hardware
 	      address format</errorname> error messages?</para>
 	</question>
 
 	<answer>
 	  <para>This means that some device on the local Ethernet is
 	    using a MAC address in a format that &os; does not
 	    recognize.  This is probably caused by someone
 	    experimenting with an Ethernet card somewhere else on the
 	    network.  This is most commonly seen on cable modem
 	    networks.  It is harmless, and should not affect the
 	    performance of the &os; system.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="arp-wrong-iface">
 	  <para>Why do I keep seeing messages like:
 	    <errorname>192.168.0.10 is on
 	      fxp1 but got reply from 00:15:17:67:cf:82 on
 	      rl0</errorname>, and how do I disable it?</para>
 	</question>
 
 	<answer>
 	  <para>Because a packet is coming from outside the network
 	    unexpectedly.  To disable them, set
 	    <varname>net.link.ether.inet.log_arp_wrong_iface</varname>
 	    to <literal>0</literal>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="ipv6-only">
 	  <para>How do I compile an IPv6 only kernel?</para>
 	</question>
 
 	<answer>
 	  <para>Configure your kernel with these settings:
 
 	    <screen>include GENERIC
 ident GENERIC-IPV6ONLY
 makeoptions MKMODULESENV+="WITHOUT_INET_SUPPORT="
 nooptions INET
 nodevice gre</screen></para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="security">
     <title>Security</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="sandbox">
 	  <para>What is a sandbox?</para>
 	</question>
 	<answer>
 	  <para><quote>Sandbox</quote> is a security term.  It can
 	    mean two things:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>A process which is placed inside a set of virtual
 		walls that are designed to prevent someone who breaks
 		into the process from being able to break into the
 		wider system.</para>
 
 	      <para>The process is only able to run inside the walls.
 		Since nothing the process does in regards to executing
 		code is supposed to be able to breach the walls, a
 		detailed audit of its code is not needed in order to
 		be able to say certain things about its
 		security.</para>
 
 	      <para>The walls might be a user ID, for example.
 		This is the definition used in the &man.security.7;
 		and &man.named.8; man pages.</para>
 
 	      <para>Take the <literal>ntalk</literal> service, for
 		example (see &man.inetd.8;).  This service used to run
 		as user&nbsp;ID <systemitem
 		  class="username">root</systemitem>.  Now it runs as
 		user&nbsp;ID <systemitem
 		  class="username">tty</systemitem>.  The <systemitem
 		  class="username">tty</systemitem> user is a sandbox
 		designed to make it more difficult for someone who has
 		successfully hacked into the system via
 		<literal>ntalk</literal> from being able to hack
 		beyond that user&nbsp;ID.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>A process which is placed inside a simulation of
 		the machine.  It means that someone who is able to
 		break into the process may believe that he can break
 		into the wider machine but is, in fact, only breaking
 		into a simulation of that machine and not modifying
 		any real data.</para>
 
 	      <para>The most common way to accomplish this is to build
 		a simulated environment in a subdirectory and then run
 		the processes in that directory chrooted so that
 		<filename>/</filename> for that process is this
 		directory, not the real <filename>/</filename> of the
 		system).</para>
 
 	      <para>Another common use is to mount an underlying file
 		system read-only and then create a file system layer
 		on top of it that gives a process a seemingly
 		writeable view into that file system.  The process may
 		believe it is able to write to those files, but only
 		the process sees the effects &mdash; other processes
 		in the system do not, necessarily.</para>
 
 	      <para>An attempt is made to make this sort of sandbox so
 		transparent that the user (or hacker) does not realize
 		that he is sitting in it.</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>&unix; implements two core sandboxes.  One is at the
 	    process level, and one is at the userid level.</para>
 
 	  <para>Every &unix; process is completely firewalled off from
 	    every other &unix; process.  One process cannot modify the
 	    address space of another.</para>
 
 	  <para>A &unix; process is owned by a particular userid.  If
 	    the user&nbsp;ID is not the <systemitem
 	      class="username">root</systemitem> user, it serves to
 	    firewall the process off from processes owned by other
 	    users.  The user&nbsp;ID is also used to firewall off
 	    on-disk data.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="securelevel">
 	  <para>What is securelevel?</para>
 	</question>
 
 	<answer>
 	  <para><literal>securelevel</literal> is a security
 	    mechanism implemented in the kernel.  When the securelevel
 	    is positive, the kernel restricts certain tasks; not even
 	    the superuser (<systemitem
 	      class="username">root</systemitem>) is allowed to do
 	    them.  The securelevel mechanism limits the ability
 	    to:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>Unset certain file flags, such as
 		<literal>schg</literal> (the system immutable
 		flag).</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Write to kernel memory via
 		<filename>/dev/mem</filename> and
 		<filename>/dev/kmem</filename>.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Load kernel modules.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Alter firewall rules.</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>To check the status of the securelevel on a running
 	    system:</para>
 
 	  <screen>&prompt.root; <userinput>sysctl -n kern.securelevel</userinput></screen>
 
 	  <para>The output contains the current value of the
 	    securelevel.  If it is greater than 0, at
 	    least some of the securelevel's protections are
 	    enabled.</para>
 
 	  <para>The securelevel of a running system cannot be lowered
 	    as this would defeat its purpose.  If a task requires that
 	    the securelevel be non-positive, change the
 	    <varname>kern_securelevel</varname> and
 	    <varname>kern_securelevel_enable</varname> variables in
 	    <filename>/etc/rc.conf</filename> and reboot.</para>
 
 	  <para>For more information on securelevel and the specific
 	    things all the levels do, consult &man.init.8;.</para>
 
 	  <warning>
 	    <para>Securelevel is not a silver bullet; it has many
 	      known deficiencies.  More often than not, it provides a
 	      false sense of security.</para>
 
 	    <para>One of its biggest problems is that in order for it
 	      to be at all effective, all files used in the boot
 	      process up until the securelevel is set must be
 	      protected.  If an attacker can get the system to execute
 	      their code prior to the securelevel being set (which
 	      happens quite late in the boot process since some things
 	      the system must do at start-up cannot be done at an
 	      elevated securelevel), its protections are invalidated.
 	      While this task of protecting all files used in the boot
 	      process is not technically impossible, if it is
 	      achieved, system maintenance will become a nightmare
 	      since one would have to take the system down, at least
 	      to single-user mode, to modify a configuration
 	      file.</para>
 
 	    <para>This point and others are often discussed on the
 	      mailing lists, particularly the &a.security;.
 	      Search the archives <link
 		xlink:href="&url.base;/search/index.html">here</link>
 	      for an extensive discussion.  A more fine-grained
 	      mechanism is preferred.</para>
 	  </warning>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="toor-account">
 	  <para>What is this UID 0 <systemitem
 	      class="username">toor</systemitem> account?  Have I been
 	    compromised?</para>
 	</question>
 
 	<answer>
 	  <para>Do not worry.  <systemitem
 	      class="username">toor</systemitem> is an
 	    <quote>alternative</quote> superuser account, where toor
 	    is root spelled backwards.  It is intended to be used with
 	    a non-standard shell so the default shell for <systemitem
 	      class="username">root</systemitem> does not need to
 	    change.  This is important as shells which are not part of
 	    the base distribution, but are instead installed from
 	    ports or packages, are installed in
 	    <filename>/usr/local/bin</filename> which, by default,
 	    resides on a different file system.  If <systemitem
 	      class="username">root</systemitem>'s shell is located in
 	    <filename>/usr/local/bin</filename> and the
 	    file system
 	    containing <filename>/usr/local/bin</filename>) is not
 	    mounted, <systemitem
 	      class="username">root</systemitem> will not be able to
 	    log in to fix a problem and will have to reboot into
 	    single-user mode in order to enter the path to a
 	    shell.</para>
 
 	  <para>Some people use <systemitem
 	      class="username">toor</systemitem> for day-to-day
 	    <systemitem class="username">root</systemitem> tasks with
 	    a non-standard shell, leaving <systemitem
 	      class="username">root</systemitem>, with a standard
 	    shell, for single-user mode or emergencies.  By default, a
 	    user cannot log in using <systemitem
 	      class="username">toor</systemitem> as it does not have a
 	    password, so log in as <systemitem
 	      class="username">root</systemitem> and set a password
 	    for <systemitem class="username">toor</systemitem> before
 	    using it to login.</para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="serial">
     <title>Serial Communications</title>
 
     <para>This section answers common questions about serial
       communications with &os;.</para>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="serial-console-prompt">
 	  <para>How do I get the boot: prompt to show on the serial
 	    console?</para>
 	</question>
 
 	<answer>
 	  <para>See <link
 	      xlink:href="&url.books.handbook;/serialconsole-setup.html">this
 	      section of the Handbook</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="found-serial">
 	  <para>How do I tell if &os; found my serial ports or modem
 	    cards?</para>
 	</question>
 
 	<answer>
 	  <para>As the &os; kernel boots, it will probe for the serial
 	    ports for which the kernel is configured.
 	    Either watch the boot messages closely
 	    or run this command after the system is up and
 	    running:</para>
 
 	  <screen>&prompt.user; <userinput>grep -E '^(sio|uart)[0-9]' &lt; /var/run/dmesg.boot</userinput>
 sio0: &lt;16550A-compatible COM port&gt; port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
 sio0: type 16550A
 sio1: &lt;16550A-compatible COM port&gt; port 0x2f8-0x2ff irq 3 on acpi0
 sio1: type 16550A</screen>
 
 	  <para>This example shows two serial ports.  The first is on
 	    IRQ4, port address
 	    <literal>0x3f8</literal>, and has a 16550A-type UART chip.
 	    The second uses the same kind of chip but is on
 	    IRQ3 and is at port address
 	    <literal>0x2f8</literal>.  Internal modem cards are
 	    treated just like serial ports, except that they
 	    always have a modem attached to the
 	    port.</para>
 
 	  <para>The <filename>GENERIC</filename> kernel includes
 	    support for two serial ports using the same IRQ and port
 	    address settings in the above example.  If these settings
 	    are not right for the system, or if there are more modem
 	    cards or serial ports than the kernel is
 	    configured for, reconfigure using the instructions in
 	    <link linkend="make-kernel">building a kernel</link>
 	    for more details.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="access-serial-ports">
 	  <para>How do I access the serial ports on &os;? (x86-specific)</para>
 	</question>
 
 	<answer>
 	  <para>The third serial port, <filename>sio2</filename>,
 	    or <filename>COM3</filename>,
 	    is on <filename>/dev/cuad2</filename> for dial-out
 	    devices, and on <filename>/dev/ttyd2</filename> for
 	    dial-in devices.  What is the difference between these two
 	    classes of devices?</para>
 
 	  <para>When
 	    opening <filename>/dev/ttydX</filename> in blocking mode,
 	    a process will wait for the corresponding
 	    <filename>cuadX</filename> device to become inactive, and
 	    then wait for the carrier detect line to go active.  When
 	    the <filename>cuadX</filename> device is opened, it makes
 	    sure the serial port is not already in use by the
 	    <filename>ttydX</filename> device.  If the port is
 	    available, it steals it from the
 	    <filename>ttydX</filename> device.  Also, the
 	    <filename>cuadX</filename> device does not care about
 	    carrier detect.  With this scheme and an auto-answer
 	    modem, remote users can log in and local users can still
 	    dial out with the same modem and the system will take care
 	    of all the conflicts.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="enable-multiport-serial">
 	  <para>How do I enable support for a multi-port serial
 	    card?</para>
 	</question>
 
 	<answer>
 	  <para>The section on kernel configuration provides
 	    information about configuring the kernel.  For a
 	    multi-port serial card, place an &man.sio.4; line for each
 	    serial port on the card in the &man.device.hints.5; file.
 	    But place the IRQ specifiers on only one of the entries.
 	    All of the ports on the card should share one IRQ.  For
 	    consistency, use the last serial port to specify the IRQ.
 	    Also, specify the following option in the kernel
 	    configuration file:</para>
 
 	  <programlisting>options COM_MULTIPORT</programlisting>
 
 	  <para>The following <filename>/boot/device.hints</filename>
 	    example is for an AST 4-port serial card on
 	    IRQ&nbsp;12:</para>
 
 	  <programlisting>hint.sio.4.at="isa"
 hint.sio.4.port="0x2a0"
 hint.sio.4.flags="0x701"
 hint.sio.5.at="isa"
 hint.sio.5.port="0x2a8"
 hint.sio.5.flags="0x701"
 hint.sio.6.at="isa"
 hint.sio.6.port="0x2b0"
 hint.sio.6.flags="0x701"
 hint.sio.7.at="isa"
 hint.sio.7.port="0x2b8"
 hint.sio.7.flags="0x701"
 hint.sio.7.irq="12"</programlisting>
 
 	  <para>The flags indicate that the master port has minor
 	    number <literal>7</literal> (<literal>0x700</literal>),
 	    and all the ports share an IRQ
 	    (<literal>0x001</literal>).</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="default-serial-params">
 	  <para>Can I set the default serial parameters for a
 	    port?</para>
 	</question>
 
 	<answer>
 	  <para>See the <link
 	      xlink:href="&url.books.handbook;/serial.html#serial-hw-config">Serial
 	      Communications</link> section in the &os;
 	    Handbook.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="cannot-tip">
 	  <para>Why can I not run <command>tip</command> or
 	    <command>cu</command>?</para>
 	</question>
 
 	<answer>
 	  <para>The built-in &man.tip.1; and
 	    &man.cu.1; utilities can only access the
 	    <filename>/var/spool/lock</filename> directory via user
 	    <systemitem class="username">uucp</systemitem> and group
 	    <systemitem class="groupname">dialer</systemitem>.
 	    Use the <systemitem
 	      class="groupname">dialer</systemitem> group to control
 	    who has access to the modem or remote systems by adding
 	    user accounts to <systemitem
 	      class="groupname">dialer</systemitem>.</para>
 
 	  <para>Alternatively, everyone can be configured to run
 	    &man.tip.1; and &man.cu.1; by typing:</para>
 
 	  <screen>&prompt.root; <userinput>chmod 4511 /usr/bin/cu</userinput>
 &prompt.root; <userinput>chmod 4511 /usr/bin/tip</userinput></screen>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="misc">
     <title>Miscellaneous Questions</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="more-swap">
 	  <para>&os; uses a lot of swap space even when the computer
 	    has free memory left.  Why?</para>
 	</question>
 
 	<answer>
 	  <para>&os; will proactively move entirely idle, unused pages
 	    of main memory into swap in order to make more main memory
 	    available for active use.  This heavy use of swap is
 	    balanced by using the extra free memory for
 	    caching.</para>
 
 	  <para>Note that while &os; is proactive in this regard, it
 	    does not arbitrarily decide to swap pages when the system
 	    is truly idle.  Thus, the system will not be all
 	    paged out after leaving it
 	    idle overnight.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="top-freemem">
 	  <para>Why does <command>top</command> show very little free
 	    memory even when I have very few programs running?</para>
 	</question>
 
 	<answer>
 	  <para>The simple answer is that free memory is wasted
 	    memory.  Any memory that programs do not actively
 	    allocate is used within the &os; kernel as disk cache.
 	    The values shown by &man.top.1; labeled as
 	    <literal>Inact</literal> and <literal>Laundry</literal>
 	    are cached data at different
 	    aging levels.  This cached data means the system does not
 	    have to access a slow disk again for data it has accessed
 	    recently, thus increasing overall performance.  In
 	    general, a low value shown for <literal>Free</literal>
 	    memory in &man.top.1; is good, provided it is not
 	    <emphasis>very</emphasis> low.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="chmod-symlinks">
 	  <para>Why will <command>chmod</command> not change the
 	    permissions on symlinks?</para>
 	</question>
 
 	<answer>
 	  <para>Symlinks do not have permissions, and by default,
 	    &man.chmod.1; will follow symlinks to change the
 	    permissions on the source file, if possible.  For
 	    the file, <filename>foo</filename> with a symlink named
 	    <filename>bar</filename>, this command
 	    will always succeed.</para>
 
 	  <screen>&prompt.user; <userinput>chmod g-w bar</userinput></screen>
 
 	  <para>However, the permissions on <filename>bar</filename>
 	    will not have changed.</para>
 
 	  <para>When changing modes of the file hierarchies rooted in
 	    the files instead of the files themselves, use
 	    either <option>-H</option> or <option>-L</option> together
 	    with <option>-R</option> to make this work.  See
 	    &man.chmod.1; and &man.symlink.7; for more
 	    information.</para>
 
 	  <warning>
 	    <para><option>-R</option> does a
 	      <emphasis>recursive</emphasis> &man.chmod.1;.  Be
 	      careful about specifying directories or symlinks to
 	      directories to &man.chmod.1;.  To change the
 	      permissions of a directory referenced by a symlink, use
 	      &man.chmod.1; without any options and follow the symlink
 	      with a trailing slash (<filename>/</filename>).  For
 	      example, if <filename>foo</filename> is a symlink to
 	      directory <filename>bar</filename>, to
 	      change the permissions of <filename>foo</filename>
 	      (actually <filename>bar</filename>), do
 	      something like:</para>
 
 	    <screen>&prompt.user; <userinput>chmod 555 foo/</userinput></screen>
 
 	    <para>With the trailing slash, &man.chmod.1; will follow
 	      the symlink, <filename>foo</filename>, to change the
 	      permissions of the directory,
 	      <filename>bar</filename>.</para>
 	  </warning>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="dos-binaries">
 	  <para>Can I run DOS binaries under &os;?</para>
 	</question>
 
 	<answer>
 	  <para>Yes.  A DOS emulation program,
 	    <package>emulators/doscmd</package>, is available in the
 	    &os; Ports Collection.</para>
 
 	  <para>If <application>doscmd</application> will not suffice,
 	    <package>emulators/pcemu</package>
 	    emulates an 8088 and enough BIOS services to run many DOS
 	    text-mode applications.  It requires the X Window
 	    System.</para>
 
 	  <para>The Ports Collection also has
 	    <package>emulators/dosbox</package>.  The main focus of
 	    this application is emulating old DOS games using the
 	    local file system for files.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="translation">
 	  <para>What do I need to do to translate a &os; document into
 	    my native language?</para>
 	</question>
 
 	<answer>
 	  <para>See the <link
 	      xlink:href="&url.books.fdp-primer;/translations.html">Translation
 	      <acronym>FAQ</acronym></link> in the &os; Documentation
 	    Project Primer.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="freebsd-mail-bounces">
 	  <para>Why does my email to any address at <systemitem
 	      class="fqdomainname">FreeBSD.org</systemitem>
 	    bounce?</para>
 	</question>
 
 	<answer>
 	  <para>The <systemitem
 	      class="fqdomainname">FreeBSD.org</systemitem> mail
 	    system implements some <application>Postfix</application>
 	    checks on incoming mail and rejects mail that is either
 	    from misconfigured relays or otherwise appears likely to
 	    be spam.  Some of the specific requirements are:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>The IP address of the SMTP client must
 		"reverse-resolve" to a forward confirmed
 		hostname.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>The fully-qualified hostname given in the
 		SMTP conversation (either HELO or EHLO) must resolve
 		to the IP address of the client.</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>Other advice to help mail reach its destination
 	    include:</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>Mail should be sent in plain text, and messages
 		sent to mailing lists should generally be no more than
 		200KB in length.</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>Avoid excessive cross posting.  Choose
 		<emphasis>one</emphasis> mailing list which seems most
 		relevant and send it there.</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para>If you still have trouble with email infrastructure at
 	    <systemitem class="fqdomainname">FreeBSD.org</systemitem>,
 	    send a note with the details to
 	    <email>postmaster@freebsd.org</email>;  Include a
 	    date/time interval so that logs may be reviewed &mdash;
 	    and note that we only keep one week's worth of mail logs.
 	    (Be sure to specify the time zone or offset from
 	    UTC.)</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="free-account">
 	  <para>Where can I find a free &os; account?</para>
 	</question>
 
 	<answer>
 	  <para>While &os; does not provide open access to any of
 	    their servers, others do provide open access &unix;
 	    systems.  The charge varies and limited services may be
 	    available.</para>
 
 	  <para><link xlink:href="http://www.arbornet.org/">Arbornet,
 	      Inc</link>, also known as <emphasis>M-Net</emphasis>,
 	    has been providing open access to &unix; systems since
 	    1983.  Starting on an Altos running System III, the site
 	    switched to BSD/OS in 1991.  In June of 2000, the site
 	    switched again to &os;.  <emphasis>M-Net</emphasis> can be
 	    accessed via <application>telnet</application> and
 	    <application>SSH</application> and provides basic access
 	    to the entire &os; software suite.  However, network
 	    access is limited to members and patrons who donate to the
 	    system, which is run as a non-profit organization.
 	    <emphasis>M-Net</emphasis> also provides an bulletin board
 	    system and interactive chat.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="daemon-name">
 	  <para>What is the cute little red guy's name?</para>
 	</question>
 
 	<answer>
 	  <para>He does not have one, and is just called <quote>the
 	      BSD daemon</quote>.  If you insist upon using a name,
 	    call him <quote>beastie</quote>.  Note that
 	    <quote>beastie</quote> is pronounced
 	    <quote>BSD</quote>.</para>
 
 	  <para>More about the BSD daemon is available on his <link
 	      xlink:href="http://www.mckusick.com/beastie/index.html">home
 	      page</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="use-beastie">
 	  <para>Can I use the BSD daemon image?</para>
 	</question>
 
 	<answer>
 	  <para>Perhaps.  The BSD daemon is copyrighted by Marshall
 	    Kirk McKusick.  Check his <link
 	      xlink:href="http://www.mckusick.com/beastie/mainpage/copyright.html">Statement
 	      on the Use of the BSD Daemon Figure</link> for detailed
 	    usage terms.</para>
 
 	  <para>In summary, the image can be used in a tasteful
 	    manner, for personal use, so long as appropriate credit
 	    is given.  Before using the logo commercially, contact
 	    &a.mckusick.email; for permission.  More details are
 	    available on the <link
 	      xlink:href="http://www.mckusick.com/beastie/index.html">BSD
 	      Daemon's home page</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="daemon-images">
 	  <para>Do you have any BSD daemon images I could use?</para>
 	</question>
 
 	<answer>
 	  <para>Xfig and eps drawings are available under
 	    <filename>/usr/share/examples/BSD_daemon/</filename>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="glossary">
 	  <para>I have seen an acronym or other term on the mailing
 	    lists and I do not understand what it means.  Where should
 	    I look?</para>
 	</question>
 
 	<answer>
 	  <para>Refer to the <link
 	      xlink:href="&url.books.handbook;/freebsd-glossary.html">&os;
 	      Glossary</link>.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="bikeshed-painting">
 	  <para>Why should I care what color the bikeshed is?</para>
 	</question>
 
 	<answer>
 	  <para>The really, really short answer is that you should
 	    not.  The somewhat longer answer is that just because you
 	    are capable of building a bikeshed does not mean you
 	    should stop others from building one just because you do
 	    not like the color they plan to paint it.  This is a
 	    metaphor indicating that you need not argue about every
 	    little feature just because you know enough to do so.
 	    Some people have commented that the amount of noise
 	    generated by a change is inversely proportional to the
 	    complexity of the change.</para>
 
 	  <para>The longer and more complete answer is that after a
 	    very long argument about whether &man.sleep.1; should take
 	    fractional second arguments, &a.phk.email; posted a long
 	    message entitled <quote><link
 	      xlink:href="http://www.bikeshed.com">A
 	      bike shed (any color will do) on greener
 	      grass...</link></quote>.  The appropriate portions of
 	    that message are quoted below.</para>
 
 	  <blockquote>
 	    <attribution>&a.phk.email; on &a.hackers.name;, October 2,
 	      1999</attribution>
 
 	    <para><quote>What is it about this bike shed?</quote>
 	      Some of you have asked me.</para>
 
 	    <para>It is a long story, or rather it is an old story,
 	      but it is quite short actually.  C. Northcote Parkinson
 	      wrote a book in the early 1960s, called
 	      <quote>Parkinson's Law</quote>, which contains a lot of
 	      insight into the dynamics of management.</para>
 
 	    <para><emphasis>[snip a bit of commentary on the
 		book]</emphasis></para>
 
 	    <para>In the specific example involving the bike shed, the
 	      other vital component is an atomic power-plant, I guess
 	      that illustrates the age of the book.</para>
 
 	    <para>Parkinson shows how you can go into the board of
 	      directors and get approval for building a multi-million
 	      or even billion dollar atomic power plant, but if you
 	      want to build a bike shed you will be tangled up in
 	      endless discussions.</para>
 
 	    <para>Parkinson explains that this is because an atomic
 	      plant is so vast, so expensive and so complicated that
 	      people cannot grasp it, and rather than try, they fall
 	      back on the assumption that somebody else checked all
 	      the details before it got this far.  Richard P. Feynmann
 	      gives a couple of interesting, and very much to the
 	      point, examples relating to Los Alamos in his
 	      books.</para>
 
 	    <para>A bike shed on the other hand.  Anyone can build one
 	      of those over a weekend, and still have time to watch
 	      the game on TV.  So no matter how well prepared, no
 	      matter how reasonable you are with your proposal,
 	      somebody will seize the chance to show that he is doing
 	      his job, that he is paying attention, that he is
 	      <emphasis>here</emphasis>.</para>
 
 	    <para>In Denmark we call it <quote>setting your
 		fingerprint</quote>.  It is about personal pride and
 	      prestige, it is about being able to point somewhere and
 	      say <quote>There!  <emphasis>I</emphasis> did
 		that.</quote> It is a strong trait in politicians, but
 	      present in most people given the chance.  Just think
 	      about footsteps in wet cement.</para>
 	  </blockquote>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="funnies">
     <title>The &os; Funnies</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="very-very-cool">
 	  <para>How cool is &os;?</para>
 	</question>
 
 	<answer>
 	  <para>Q.  Has anyone done any temperature testing while
 	    running &os;?  I know &linux; runs cooler than DOS, but
 	    have never seen a mention of &os;.  It seems to run really
 	    hot.</para>
 
 	  <para>A.  No, but we have done numerous taste tests on
 	    blindfolded volunteers who have also had 250 micrograms of
 	    LSD-25 administered beforehand.  35% of the volunteers
 	    said that &os; tasted sort of orange, whereas &linux;
 	    tasted like purple haze.  Neither group mentioned any
 	    significant variances in temperature.  We eventually had
 	    to throw the results of this survey out entirely anyway
 	    when we found that too many volunteers were wandering out
 	    of the room during the tests, thus skewing the results.
 	    We think most of the volunteers are at Apple now, working
 	    on their new <quote>scratch and sniff</quote> GUI.  It is
 	    a funny old business we are in!</para>
 
 	  <para>Seriously, &os; uses the <acronym>HLT</acronym> (halt)
 	    instruction when the system is idle thus lowering its
 	    energy consumption and therefore the heat it generates.
 	    Also if you have <acronym>ACPI</acronym> (Advanced
 	    Configuration and Power Interface) configured, then &os;
 	    can also put the CPU into a low power mode.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="letmeoutofhere">
 	  <para>Who is scratching in my memory banks??</para>
 	</question>
 
 	<answer>
 	  <para>Q.  Is there anything <quote>odd</quote> that &os;
 	    does when compiling the kernel which would cause the
 	    memory to make a scratchy sound?  When compiling (and for
 	    a brief moment after recognizing the floppy drive upon
 	    startup, as well), a strange scratchy sound emanates from
 	    what appears to be the memory banks.</para>
 
 	  <para>A.  Yes!  You will see frequent references to
 	    <quote>daemons</quote> in the BSD documentation, and what
 	    most people do not know is that this refers to genuine,
 	    non-corporeal entities that now possess your computer.
 	    The scratchy sound coming from your memory is actually
 	    high-pitched whispering exchanged among the daemons as
 	    they best decide how to deal with various system
 	    administration tasks.</para>
 
 	  <para>If the noise gets to you, a good <command>fdisk
 	      /mbr</command> from DOS will get rid of them, but do not
 	    be surprised if they react adversely and try to stop you.
 	    In fact, if at any point during the exercise you hear the
 	    satanic voice of Bill Gates coming from the built-in
 	    speaker, take off running and do not ever look back!
 	    Freed from the counterbalancing influence of the BSD
 	    daemons, the twin demons of DOS and &windows; are often
 	    able to re-assert total control over your machine to the
 	    eternal damnation of your soul.  Now that you know, given
 	    a choice you would probably prefer to get used to the
 	    scratchy noises, no?</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="changing-lightbulbs">
 	  <para>How many &os; hackers does it take to change a
 	    lightbulb?</para>
 	</question>
 
 	<answer>
 	  <para>One thousand, one hundred and sixty-nine:</para>
 
 	  <para>Twenty-three to complain to -CURRENT about the lights
 	    being out;</para>
 
 	  <para>Four to claim that it is a configuration problem, and
 	    that such matters really belong on -questions;</para>
 
 	  <para>Three to submit PRs about it, one of which is misfiled
 	    under doc and consists only of <quote>it's
 	      dark</quote>;</para>
 
 	  <para>One to commit an untested lightbulb which breaks
 	    buildworld, then back it out five minutes later;</para>
 
 	  <para>Eight to flame the PR originators for not including
 	    patches in their PRs;</para>
 
 	  <para>Five to complain about buildworld being broken;</para>
 
 	  <para>Thirty-one to answer that it works for them, and they
 	    must have updated at a bad time;</para>
 
 	  <para>One to post a patch for a new lightbulb to
 	    -hackers;</para>
 
 	  <para>One to complain that he had patches for this three
 	    years ago, but when he sent them to -CURRENT they were
 	    just ignored, and he has had bad experiences with the PR
 	    system; besides, the proposed new lightbulb is
 	    non-reflexive;</para>
 
 	  <para>Thirty-seven to scream that lightbulbs do not belong
 	    in the base system, that committers have no right to do
 	    things like this without consulting the Community, and
 	    WHAT IS -CORE DOING ABOUT IT!?</para>
 
 	  <para>Two hundred to complain about the color of the bicycle
 	    shed;</para>
 
 	  <para>Three to point out that the patch breaks
 	    &man.style.9;;</para>
 
 	  <para>Seventeen to complain that the proposed new lightbulb
 	    is under GPL;</para>
 
 	  <para>Five hundred and eighty-six to engage in a flame war
 	    about the comparative advantages of the GPL, the BSD
 	    license, the MIT license, the NPL, and the personal
 	    hygiene of unnamed FSF founders;</para>
 
 	  <para>Seven to move various portions of the thread to -chat
 	    and -advocacy;</para>
 
 	  <para>One to commit the suggested lightbulb, even though it
 	    shines dimmer than the old one;</para>
 
 	  <para>Two to back it out with a furious flame of a commit
 	    message, arguing that &os; is better off in the dark than
 	    with a dim lightbulb;</para>
 
 	  <para>Forty-six to argue vociferously about the backing out
 	    of the dim lightbulb and demanding a statement from
 	    -core;</para>
 
 	  <para>Eleven to request a smaller lightbulb so it will fit
 	    their Tamagotchi if we ever decide to port &os; to that
 	    platform;</para>
 
 	  <para>Seventy-three to complain about the SNR on -hackers
 	    and -chat and unsubscribe in protest;</para>
 
 	  <para>Thirteen to post <quote>unsubscribe</quote>,
 	    <quote>How do I unsubscribe?</quote>, or <quote>Please
 	      remove me from the list</quote>, followed by the usual
 	    footer;</para>
 
 	  <para>One to commit a working lightbulb while everybody is
 	    too busy flaming everybody else to notice;</para>
 
 	  <para>Thirty-one to point out that the new lightbulb would
 	    shine 0.364% brighter if compiled with TenDRA (although it
 	    will have to be reshaped into a cube), and that &os;
 	    should therefore switch to TenDRA instead of GCC;</para>
 
 	  <para>One to complain that the new lightbulb lacks
 	    fairings;</para>
 
 	  <para>Nine (including the PR originators) to ask <quote>what
 	      is MFC?</quote>;</para>
 
 	  <para>Fifty-seven to complain about the lights being out two
 	    weeks after the bulb has been changed.</para>
 
 	  <para><emphasis>&a.nik.email; adds:</emphasis></para>
 
 	  <para><emphasis>I was laughing quite hard at
 	      this.</emphasis></para>
 
 	  <para><emphasis>And then I thought, <quote>Hang on,
 	      shouldn't there be '1 to document it.' in that list
 	      somewhere?</quote></emphasis></para>
 
 	  <para><emphasis>And then I was enlightened
 	      :-)</emphasis></para>
 
 	  <para><emphasis>&a.tabthorpe.email;</emphasis> says:
 	    <quote>None, <emphasis>real</emphasis> &os; hackers are
 	      not afraid of the dark!</quote></para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="dev-null">
 	  <para>Where does data written to
 	    <filename>/dev/null</filename> go?</para>
 	</question>
 
 	<answer>
 	  <para>It goes into a special data sink in the CPU where it
 	    is converted to heat which is vented through the heatsink
 	    / fan assembly.  This is why CPU cooling is increasingly
 	    important; as people get used to faster processors, they
 	    become careless with their data and more and more of it
 	    ends up in <filename>/dev/null</filename>, overheating
 	    their CPUs.  If you delete <filename>/dev/null</filename>
 	    (which effectively disables the CPU data sink) your CPU
 	    may run cooler but your system will quickly become
 	    constipated with all that excess data and start to behave
 	    erratically.  If you have a fast network connection you
 	    can cool down your CPU by reading data out of
 	    <filename>/dev/random</filename> and sending it off
 	    somewhere; however you run the risk of overheating your
 	    network connection and <filename>/</filename> or angering
 	    your ISP, as most of the data will end up getting
 	    converted to heat by their equipment, but they generally
 	    have good cooling, so if you do not overdo it you should
 	    be OK.</para>
 
 	  <para><emphasis>Paul Robinson adds:</emphasis></para>
 
 	  <para>There are other methods.  As every good sysadmin
 	    knows, it is part of standard practice to send data to the
 	    screen of interesting variety to keep all the pixies that
 	    make up your picture happy.  Screen pixies (commonly
 	    mis-typed or re-named as <quote>pixels</quote>) are
 	    categorized by the type of hat they wear (red, green or
 	    blue) and will hide or appear (thereby showing the color
 	    of their hat) whenever they receive a little piece of
 	    food.  Video cards turn data into pixie-food, and then
 	    send them to the pixies &mdash; the more expensive the
 	    card, the better the food, so the better behaved the
 	    pixies are.  They also need constant stimulation &mdash;
 	    this is why screen savers exist.</para>
 
 	  <para>To take your suggestions further, you could just throw
 	    the random data to console, thereby letting the pixies
 	    consume it.  This causes no heat to be produced at all,
 	    keeps the pixies happy and gets rid of your data quite
 	    quickly, even if it does make things look a bit messy on
 	    your screen.</para>
 
 	  <para>Incidentally, as an ex-admin of a large ISP who
 	    experienced many problems attempting to maintain a stable
 	    temperature in a server room, I would strongly discourage
 	    people sending the data they do not want out to the
 	    network.  The fairies who do the packet switching and
 	    routing get annoyed by it as well.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="punk-my-friend">
 	  <para>My colleague sits at the computer too much, how
 	    can I prank her?</para>
 	</question>
 
 	<answer>
 	  <para>Install <package role="port">games/sl</package> and
 	    wait for her to mistype <userinput>sl</userinput> for
 	    <command>ls</command>.</para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="advanced">
     <title>Advanced Topics</title>
 
     <qandaset>
       <qandaentry>
 	<question xml:id="learn-advanced">
 	  <para>How can I learn more about &os;'s internals?</para>
 	</question>
 
 	<answer>
 	  <para>See the <link
 	      xlink:href="&url.books.arch-handbook;">&os;
 	      Architecture Handbook</link>.</para>
 
 	  <para>Additionally, much general &unix; knowledge is
 	    directly applicable to &os;.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="how-to-contribute">
 	  <para>How can I contribute to &os;?  What can I do to
 	    help?</para>
 	</question>
 
 	<answer>
 	  <para>We accept all types of contributions: documentation,
 	    code, and even art.  See the article on <link
 	      xlink:href="&url.articles.contributing;/article.html">Contributing
 	      to &os;</link> for specific advice on how to do
 	    this.</para>
 
 	  <para>And thanks for the thought!</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="define-snap-release">
 	  <para>What are snapshots and releases?</para>
 	</question>
 
 	<answer>
 	  <para>There are currently &rel.numbranch; active/semi-active
 	    branches in the &os; <link
 	      xlink:href="http://svnweb.FreeBSD.org/base/">Subversion
 	      Repository</link>.  (Earlier branches are only changed
 	    very rarely, which is why there are only &rel.numbranch;
 	    active branches of development):</para>
 
 	  <itemizedlist>
 	    <listitem>
 	      <para>&rel2.releng; AKA
 		&rel2.stable;</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>&rel.releng; AKA
 		&rel.stable;</para>
 	    </listitem>
 
 	    <listitem>
 	      <para>&rel.head.releng; AKA
 		<emphasis>-CURRENT</emphasis> AKA
 		&rel.head;</para>
 	    </listitem>
 	  </itemizedlist>
 
 	  <para><literal>HEAD</literal> is not an actual branch tag.
 	    It is a symbolic constant for
 	    the current, non-branched development
 		stream known as
 	    <emphasis>-CURRENT</emphasis>.</para>
 
 	  <para>Right now, <emphasis>-CURRENT</emphasis> is the
 	    &rel.head.relx; development stream; the &rel.stable;
 	    branch, &rel.releng;, forked off from
 	    <emphasis>-CURRENT</emphasis> in &rel.relengdate; and the
 	    &rel2.stable; branch, &rel2.releng;, forked off from
 	    <emphasis>-CURRENT</emphasis> in &rel2.relengdate;.</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="kernel-panic-troubleshooting">
 	  <para>How can I make the most of the data I see when my
 	    kernel panics?</para>
 	</question>
 
 	<answer>
 	  <para>Here is typical kernel panic:</para>
 
 	  <programlisting>Fatal trap 12: page fault while in kernel mode
 fault virtual address   = 0x40
 fault code              = supervisor read, page not present
 instruction pointer     = 0x8:0xf014a7e5
 stack pointer           = 0x10:0xf4ed6f24
 frame pointer           = 0x10:0xf4ed6f28
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 80 (mount)
 interrupt mask          =
 trap number             = 12
 panic: page fault</programlisting>
 
 	  <para>This message is not enough.  While the instruction
 	    pointer value is important, it is also configuration
 	    dependent as it varies depending on the kernel image.
 	    If it is a <filename>GENERIC</filename> kernel
 	    image from one of the snapshots, it is possible for
 	    somebody else to track down the offending function, but
 	    for a custom kernel, only you can tell us where the fault
 	    occurred.</para>
 
 	  <para>To proceed:</para>
 
 	  <procedure>
 	    <step>
 	      <para>Write down the instruction pointer value.  Note
 		that the <literal>0x8:</literal> part at the beginning
 		is not significant in this case: it is the
 		<literal>0xf0xxxxxx</literal> part that we
 		want.</para>
 	    </step>
 
 	    <step>
 	      <para>When the system reboots, do the following:</para>
 
 	      <screen>&prompt.user; <userinput>nm -n kernel.that.caused.the.panic | grep f0xxxxxx</userinput></screen>
 
 	      <para>where <literal>f0xxxxxx</literal> is the
 		instruction pointer value.  The odds are you will not
 		get an exact match since the symbols in the kernel
 		symbol table are for the entry points of functions and
 		the instruction pointer address will be somewhere
 		inside a function, not at the start.  If you do not
 		get an exact match, omit the last digit from the
 		instruction pointer value and try again:</para>
 
 	      <screen>&prompt.user; <userinput>nm -n kernel.that.caused.the.panic | grep f0xxxxx</userinput></screen>
 
 	      <para>If that does not yield any results, chop off
 		another digit.  Repeat until there is some sort of
 		output.  The result will be a possible list of
 		functions which caused the panic.  This is a less than
 		exact mechanism for tracking down the point of
 		failure, but it is better than nothing.</para>
 	    </step>
 	  </procedure>
 
 	  <para>However, the best way to track down the cause of a
 	    panic is by capturing a crash dump, then using
 	    &man.kgdb.1; to generate a stack trace on the crash
 	    dump.</para>
 
 	  <para>In any case, the method is this:</para>
 
 	  <procedure>
 	    <step>
 	      <para>Make sure that the following line is included in
 		the kernel configuration file:</para>
 
 	      <programlisting>makeoptions     DEBUG=-g          # Build kernel with gdb(1) debug symbols</programlisting>
 	    </step>
 
 	    <step>
 	      <para>Change to the <filename>/usr/src</filename>
 		directory:</para>
 
 	      <screen>&prompt.root; <userinput>cd /usr/src</userinput></screen>
 	    </step>
 
 	    <step>
 	      <para>Compile the kernel:</para>
 
 	      <screen>&prompt.root; <userinput>make buildkernel KERNCONF=<replaceable>MYKERNEL</replaceable></userinput></screen>
 	    </step>
 
 	    <step>
 	      <para>Wait for &man.make.1; to finish compiling.</para>
 	    </step>
 
 	    <step>
 	      <screen>&prompt.root; <userinput>make installkernel KERNCONF=MYKERNEL</userinput></screen>
 	    </step>
 
 	    <step>
 	      <para>Reboot.</para>
 	    </step>
 	  </procedure>
 
 	  <note>
 	    <para>If <varname>KERNCONF</varname> is not included,
 	      the <filename>GENERIC</filename> kernel will instead
 	      be built and installed.</para>
 	  </note>
 
 	  <para>The &man.make.1; process will have built two kernels.
 	    <filename>/usr/obj/usr/src/sys/MYKERNEL/kernel</filename>
 	    and
 	    <filename>/usr/obj/usr/src/sys/MYKERNEL/kernel.debug</filename>.
 	    <filename>kernel</filename> was installed as
 	    <filename>/boot/kernel/kernel</filename>, while
 	    <filename>kernel.debug</filename> can be used as the
 	    source of debugging symbols for &man.kgdb.1;.</para>
 
 	  <para>To capture a crash dump, edit
 	    <filename>/etc/rc.conf</filename> and set
 	    <literal>dumpdev</literal> to point to either the swap
 	    partition or <literal>AUTO</literal>.  This will cause the
 	    &man.rc.8; scripts to use the &man.dumpon.8; command to
 	    enable crash dumps.  This command can also be run
 	    manually.  After a panic, the crash dump can be recovered
 	    using &man.savecore.8;; if <literal>dumpdev</literal> is
 	    set in <filename>/etc/rc.conf</filename>, the &man.rc.8;
 	    scripts will run &man.savecore.8; automatically and put
 	    the crash dump in <filename>/var/crash</filename>.</para>
 
 	  <note>
 	    <para>&os; crash dumps are usually the same size as
 	      physical RAM.  Therefore, make sure there is enough
 	      space in <filename>/var/crash</filename> to hold the
 	      dump.  Alternatively, run &man.savecore.8; manually
 	      and have it recover the crash dump to another directory
 	      with more room.  It is possible to limit the
 	      size of the crash dump by using <literal>options
 		MAXMEM=N</literal> where
 	      <replaceable>N</replaceable> is the size of kernel's
 	      memory usage in KBs.  For example, for 1&nbsp;GB
 	      of RAM, limit the kernel's memory usage to
 	      128&nbsp;MB, so that the crash dump size
 	      will be 128&nbsp;MB instead of 1&nbsp;GB.</para>
 	  </note>
 
 	  <para>Once the crash dump has been recovered , get a
 	    stack trace as follows:</para>
 
 	  <screen>&prompt.user; <userinput>kgdb /usr/obj/usr/src/sys/MYKERNEL/kernel.debug /var/crash/vmcore.0</userinput>
 <prompt>(kgdb)</prompt> <userinput>backtrace</userinput></screen>
 
 	  <para>Note that there may be several screens worth of
 	    information.  Ideally, use &man.script.1; to
 	    capture all of them.  Using the unstripped kernel image
 	    with all the debug symbols should show the exact line of
 	    kernel source code where the panic occurred.  The stack
 	    trace is usually read from the bottom up to trace
 	    the exact sequence of events that lead to the crash.
 	    &man.kgdb.1; can also be used to print out the contents of
 	    various variables or structures to examine the system
 	    state at the time of the crash.</para>
 
 	  <tip>
 	    <para>If a second computer is available, &man.kgdb.1; can
 	      be configured to do remote debugging, including setting
 	      breakpoints and single-stepping through the kernel
 	      code.</para>
 	  </tip>
 
 	  <note>
 	    <para>If <literal>DDB</literal> is enabled and the
 	      kernel drops into the debugger, a panic
 	      and a crash dump can be forced by typing
 	      <literal>panic</literal> at the <literal>ddb</literal>
 	      prompt.  It may stop in the debugger again during the
 	      panic phase.  If it does, type
 	      <literal>continue</literal> and it will finish the crash
 	      dump.</para>
 	  </note>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="dlsym-failure">
 	  <para>Why has <function>dlsym()</function> stopped working
 	    for ELF executables?</para>
 	</question>
 
 	<answer>
 	  <para>The ELF toolchain does not, by default, make the
 	    symbols defined in an executable visible to the dynamic
 	    linker.  Consequently <function>dlsym()</function>
 	    searches on handles obtained from calls to
 	    <function>dlopen(NULL, flags)</function> will fail to find
 	    such symbols.</para>
 
 	  <para>To search, using
 	    <function>dlsym()</function>, for symbols present in the
 	    main executable of a process, link the
 	    executable using the <option>--export-dynamic</option>
 	    option to the ELF linker (&man.ld.1;).</para>
 	</answer>
       </qandaentry>
 
       <qandaentry>
 	<question xml:id="change-kernel-address-space">
 	  <para>How can I increase or reduce the kernel address space
 	    on i386?</para>
 	</question>
 
 	<answer>
 	  <para>By default, the kernel address space is 1&nbsp;GB
 	    (2&nbsp;GB for PAE) for i386.  When running a
 	    network-intensive server or using
 	    ZFS, this will probably not be
 	    enough.</para>
 
 	  <para>Add the following line to the kernel configuration
 	    file to increase available space and rebuild the
 	    kernel:</para>
 
 	  <programlisting>options KVA_PAGES=<replaceable>N</replaceable></programlisting>
 
 	  <para>To find the correct value of
 	    <replaceable>N</replaceable>, divide the desired address
 	    space size (in megabytes) by four.  (For example, it is
 	    <literal>512</literal> for 2&nbsp;GB.)</para>
 	</answer>
       </qandaentry>
     </qandaset>
   </chapter>
 
   <chapter xml:id="acknowledgments">
     <title>Acknowledgments</title>
 
     <para>This innocent little Frequently Asked Questions document has
       been written, rewritten, edited, folded, spindled, mutilated,
       eviscerated, contemplated, discombobulated, cogitated,
       regurgitated, rebuilt, castigated, and reinvigorated over the
       last decade, by a cast of hundreds if not thousands.
       Repeatedly.</para>
 
     <para>We wish to thank every one of the people responsible, and we
       encourage you to <link
 	xlink:href="&url.articles.contributing;/article.html">join
 	them</link> in making this <acronym>FAQ</acronym> even
       better.</para>
   </chapter>
 </book>