Back to RedHat and RPM. How to install PHP-4.2.2

[David Harel]

Greetings.

After avoiding RH solutions as much as I could I now have to deal with 
RHEL 5 Server. My customer insists on PHP-4.2.2 but when I try to 
install it I get:

# yum install php-4.2.2
Loading "security" plugin
Loading "rhnplugin" plugin
This system is not registered with RHN.
RHN support will be disabled.
DVD   100% |=| 1.3 kB
00:00
Setting up Install Process

Parsing package install arguments
No package php-4.2.2 available.
Nothing to do

So I downloaded the php rpm file:

# ls
anaconda-ks.cfg  install.log krb5-libs-1.2.7-10.i386.rpm  scsrun.log
Desktop  install.log.syslog  php-4.2.2-17.2.i386.rpm

and then I did:]# yum install php-4.2.2-17.2.i386.rpm
Loading "security" plugin
Loading "rhnplugin" plugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Parsing package install arguments
Examining php-4.2.2-17.2.i386.rpm: php - 4.2.2-17.2.i386
Marking php-4.2.2-17.2.i386.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package php.i386 0:4.2.2-17.2 set to be updated
--> Processing Dependency: httpd-mmn = 20020628 for package: php
--> Processing Dependency: libcom_err.so.3 for package: php
--> Processing Dependency: libcrypto.so.4 for package: php
--> Processing Dependency: libcurl.so.2 for package: php
--> Processing Dependency: libdb-4.0.so for package: php
--> Processing Dependency: libgd.so.1.8 for package: php
--> Processing Dependency: libgmp.so.3 for package: php
--> Processing Dependency: libltdl.so.3 for package: php
--> Processing Dependency: libpspell-modules.so.1 for package: php
--> Processing Dependency: libpspell.so.4 for package: php
--> Processing Dependency: libssl.so.4 for package: php
--> Processing Dependency: libttf.so.2 for package: php
--> Running transaction check
---> Package libtool-ltdl.i386 0:1.5.22-6.1 set to be updated
---> Package gmp.i386 0:4.1.4-10.el5 set to be updated
---> Package openssl097a.i386 0:0.9.7a-9 set to be updated
---> Package php.i386 0:4.2.2-17.2 set to be updated
--> Processing Dependency: httpd-mmn = 20020628 for package: php
--> Processing Dependency: libcom_err.so.3 for package: php
--> Processing Dependency: libcurl.so.2 for package: php
--> Processing Dependency: libdb-4.0.so for package: php
--> Processing Dependency: libgd.so.1.8 for package: php
--> Processing Dependency: libpspell-modules.so.1 for package: php
--> Processing Dependency: libpspell.so.4 for package: php
--> Processing Dependency: libttf.so.2 for package: php
--> Finished Dependency Resolution
Error: Missing Dependency: libcom_err.so.3 is needed by package php
Error: Missing Dependency: libpspell.so.4 is needed by package php
Error: Missing Dependency: libpspell-modules.so.1 is needed by package php
Error: Missing Dependency: libdb-4.0.so is needed by package php
Error: Missing Dependency: libgd.so.1.8 is needed by package php
Error: Missing Dependency: libttf.so.2 is needed by package php
Error: Missing Dependency: httpd-mmn = 20020628 is needed by package php
Error: Missing Dependency: libcurl.so.2 is needed by package php


--
Thanks.

David Harel,

==

Home office +972 77 7657645
Fax:+972 77 7657645
Cellular:   +972 54 4534502
Snail Mail: Amuka
   D.N Merom Hagalil
   13802
   Israel
Email:  [EMAIL PROTECTED]

Re: Back to RedHat and RPM. How to install PHP-4.2.2

[Noam Rathaus]

Hi David,

I don't know specifically on RHEL5 but from experience it is hard to get new 
updates for unmaintained versions of Redhat (I had issues finding packages 
for RedHat 7 which is now ancient :) ).

As PHP is fairly easy to compile, have you tried compiling it, I have been 
able to do it 'quite' easily (it took some time - but it worked) using the 
online guides.

On Sunday 21 September 2008 10:56:06 David Harel wrote:
> Greetings.
>
> After avoiding RH solutions as much as I could I now have to deal with
> RHEL 5 Server. My customer insists on PHP-4.2.2 but when I try to
> install it I get:
> # yum install php-4.2.2
> Loading "security" plugin
> Loading "rhnplugin" plugin
> This system is not registered with RHN.
> RHN support will be disabled.
> DVD   100% |=| 1.3 kB
> 00:00
> Setting up Install Process
> Parsing package install arguments
> No package php-4.2.2 available.
> Nothing to do
>
> So I downloaded the php rpm file:
>
> # ls
> anaconda-ks.cfg  install.log krb5-libs-1.2.7-10.i386.rpm 
> scsrun.log Desktop  install.log.syslog  php-4.2.2-17.2.i386.rpm
>
> and then I did:]# yum install php-4.2.2-17.2.i386.rpm
> Loading "security" plugin
> Loading "rhnplugin" plugin
> This system is not registered with RHN.
> RHN support will be disabled.
> Setting up Install Process
> Parsing package install arguments
> Examining php-4.2.2-17.2.i386.rpm: php - 4.2.2-17.2.i386
> Marking php-4.2.2-17.2.i386.rpm to be installed
> Resolving Dependencies
> --> Running transaction check
> ---> Package php.i386 0:4.2.2-17.2 set to be updated
> --> Processing Dependency: httpd-mmn = 20020628 for package: php
> --> Processing Dependency: libcom_err.so.3 for package: php
> --> Processing Dependency: libcrypto.so.4 for package: php
> --> Processing Dependency: libcurl.so.2 for package: php
> --> Processing Dependency: libdb-4.0.so for package: php
> --> Processing Dependency: libgd.so.1.8 for package: php
> --> Processing Dependency: libgmp.so.3 for package: php
> --> Processing Dependency: libltdl.so.3 for package: php
> --> Processing Dependency: libpspell-modules.so.1 for package: php
> --> Processing Dependency: libpspell.so.4 for package: php
> --> Processing Dependency: libssl.so.4 for package: php
> --> Processing Dependency: libttf.so.2 for package: php
> --> Running transaction check
> ---> Package libtool-ltdl.i386 0:1.5.22-6.1 set to be updated
> ---> Package gmp.i386 0:4.1.4-10.el5 set to be updated
> ---> Package openssl097a.i386 0:0.9.7a-9 set to be updated
> ---> Package php.i386 0:4.2.2-17.2 set to be updated
> --> Processing Dependency: httpd-mmn = 20020628 for package: php
> --> Processing Dependency: libcom_err.so.3 for package: php
> --> Processing Dependency: libcurl.so.2 for package: php
> --> Processing Dependency: libdb-4.0.so for package: php
> --> Processing Dependency: libgd.so.1.8 for package: php
> --> Processing Dependency: libpspell-modules.so.1 for package: php
> --> Processing Dependency: libpspell.so.4 for package: php
> --> Processing Dependency: libttf.so.2 for package: php
> --> Finished Dependency Resolution
> Error: Missing Dependency: libcom_err.so.3 is needed by package php
> Error: Missing Dependency: libpspell.so.4 is needed by package php
> Error: Missing Dependency: libpspell-modules.so.1 is needed by package php
> Error: Missing Dependency: libdb-4.0.so is needed by package php
> Error: Missing Dependency: libgd.so.1.8 is needed by package php
> Error: Missing Dependency: libttf.so.2 is needed by package php
> Error: Missing Dependency: httpd-mmn = 20020628 is needed by package php
> Error: Missing Dependency: libcurl.so.2 is needed by package php


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Back to RedHat and RPM. How to install PHP-4.2.2

[Hetz Ben Hamo]

David,

If you want to roll PHP 4.2.2 on RHEL 5 (or CentOS), you have 2 options:

1. Either grab the SRPMS from RHEL 4 and recompile them on RHEL 5
based machines (be prepared to modify the SPEC file a bit)
2. Grab the latest 4.2.x PHP source code, recompile, play with the
"configure" parameters.

Thanks,
Hetz

On Sun, Sep 21, 2008 at 10:56 AM, David Harel <[EMAIL PROTECTED]> wrote:
> Greetings.
>
> After avoiding RH solutions as much as I could I now have to deal with RHEL
> 5 Server. My customer insists on PHP-4.2.2 but when I try to install it I
> get:
> # yum install php-4.2.2
> Loading "security" plugin
> Loading "rhnplugin" plugin
> This system is not registered with RHN.
> RHN support will be disabled.
> DVD   100% |=| 1.3 kB
> 00:00
> Setting up Install Process
> Parsing package install arguments
> No package php-4.2.2 available.
> Nothing to do
>
> So I downloaded the php rpm file:
>
> # ls
> anaconda-ks.cfg  install.log krb5-libs-1.2.7-10.i386.rpm  scsrun.log
> Desktop  install.log.syslog  php-4.2.2-17.2.i386.rpm
>
> and then I did:]# yum install php-4.2.2-17.2.i386.rpm
> Loading "security" plugin
> Loading "rhnplugin" plugin
> This system is not registered with RHN.
> RHN support will be disabled.
> Setting up Install Process
> Parsing package install arguments
> Examining php-4.2.2-17.2.i386.rpm: php - 4.2.2-17.2.i386
> Marking php-4.2.2-17.2.i386.rpm to be installed
> Resolving Dependencies
> --> Running transaction check
> ---> Package php.i386 0:4.2.2-17.2 set to be updated
> --> Processing Dependency: httpd-mmn = 20020628 for package: php
> --> Processing Dependency: libcom_err.so.3 for package: php
> --> Processing Dependency: libcrypto.so.4 for package: php
> --> Processing Dependency: libcurl.so.2 for package: php
> --> Processing Dependency: libdb-4.0.so for package: php
> --> Processing Dependency: libgd.so.1.8 for package: php
> --> Processing Dependency: libgmp.so.3 for package: php
> --> Processing Dependency: libltdl.so.3 for package: php
> --> Processing Dependency: libpspell-modules.so.1 for package: php
> --> Processing Dependency: libpspell.so.4 for package: php
> --> Processing Dependency: libssl.so.4 for package: php
> --> Processing Dependency: libttf.so.2 for package: php
> --> Running transaction check
> ---> Package libtool-ltdl.i386 0:1.5.22-6.1 set to be updated
> ---> Package gmp.i386 0:4.1.4-10.el5 set to be updated
> ---> Package openssl097a.i386 0:0.9.7a-9 set to be updated
> ---> Package php.i386 0:4.2.2-17.2 set to be updated
> --> Processing Dependency: httpd-mmn = 20020628 for package: php
> --> Processing Dependency: libcom_err.so.3 for package: php
> --> Processing Dependency: libcurl.so.2 for package: php
> --> Processing Dependency: libdb-4.0.so for package: php
> --> Processing Dependency: libgd.so.1.8 for package: php
> --> Processing Dependency: libpspell-modules.so.1 for package: php
> --> Processing Dependency: libpspell.so.4 for package: php
> --> Processing Dependency: libttf.so.2 for package: php
> --> Finished Dependency Resolution
> Error: Missing Dependency: libcom_err.so.3 is needed by package php
> Error: Missing Dependency: libpspell.so.4 is needed by package php
> Error: Missing Dependency: libpspell-modules.so.1 is needed by package php
> Error: Missing Dependency: libdb-4.0.so is needed by package php
> Error: Missing Dependency: libgd.so.1.8 is needed by package php
> Error: Missing Dependency: libttf.so.2 is needed by package php
> Error: Missing Dependency: httpd-mmn = 20020628 is needed by package php
> Error: Missing Dependency: libcurl.so.2 is needed by package php
>
>
> --
> Thanks.
>
> David Harel,
>
> ==
>
> Home office +972 77 7657645
> Fax:+972 77 7657645
> Cellular:   +972 54 4534502
> Snail Mail: Amuka
> D.N Merom Hagalil
> 13802
> Israel
> Email:  [EMAIL PROTECTED]
>
>



-- 
Skepticism is the lazy person's default position.
my blog (hebrew): http://benhamo.org

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Back to RedHat and RPM. How to install PHP-4.2.2

[Oron Peled]

On Sunday, 21 בSeptember 2008, David Harel wrote:
> After avoiding RH solutions as much as I could I now have to deal with 
> RHEL 5 Server. My customer insists on PHP-4.2.2 
> but when I try to install it I get:
> # yum install php-4.2.2
> ...
> No package php-4.2.2 available.

As you can easily check, RHEL5 is shipping with php-5.1.6
(ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS)
So obviously no php-4.2.2 is bundled for it.

> # yum install php-4.2.2-17.2.i386.rpm
> Error: Missing Dependency: libcom_err.so.3 is needed by package php
> ...

Pretty obvious, as this is totally different version and have
different dependencies.

Alternatives:
 * Try to rebuild an old php-4.2.2 SRPM against the new RHEL.
   My feeling is that it won't be easy.
   The version gap 4.2.2 <-> 5.1.6 is significant and I'm almost
   sure there is a lot of API breakage between these versions.

 * Make your customer switch to an older platform (older RHEL/Centos
   or an old Debian, etc.) -- This is not a very wise decision (IMO)
   since it is bound to create harder maintenance problems as time
   progresses (new hardware support, other applications etc.)

 * Make your customer switch to a newer php -- while this may be
   hard, it is the best choice on many fronts:
   - There is a big push to drop old php-4.x support. Sticking with
 it will narrow their options down the road.

   - Having important infrastructure package like php sync'ed with
 your distro is very important (security updates etc.)

   - With all the disadvantages of "enterprise" distors, one of the
 biggest advantages is that you have a long term support promise
 for the *provided* software. This means your customer won't have
 to make the same hard decision two years from now (as long as they
 choose to stay with RHEL/Centos 5.x and not upgrade to RHEL-6.x
 which will surely be another hard decision ;-)

There's no silver bullet, but I hope it clarifies the tradeoffs.

-- 
Oron Peled Voice/Fax: +972-4-8228492
[EMAIL PROTECTED]  http://www.actcom.co.il/~oron
Ignore Your Rights And They'll Go Away

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Back to RedHat and RPM. How to install PHP-4.2.2

[Tzafrir Cohen]

On Sun, Sep 21, 2008 at 12:00:23PM +0300, Oron Peled wrote:

>  * Make your customer switch to an older platform (older RHEL/Centos
>or an old Debian, etc.)

Debian includes a php4 package (alongside php5) in the current Stable
release (4.0, Etch). Upcoming version (5.0, Lenny) will no longer have
it. Thus it will be officially supported for a year after the release of
Lenny.

>  * Make your customer switch to a newer php -- while this may be
>hard, it is the best choice on many fronts:
>- There is a big push to drop old php-4.x support. Sticking with
>  it will narrow their options down the road.

I agree with that.

BTW: why is there a requirement for PHP 4.2.2 specifically? What is the
exact problem with newer versions?

-- 
Tzafrir Cohen | [EMAIL PROTECTED] | VIM is
http://tzafrir.org.il || a Mutt's
[EMAIL PROTECTED] ||  best
ICQ# 16849754 || friend

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Back to RedHat and RPM. How to install PHP-4.2.2

[Oron Peled]

On Sunday, 21 בSeptember 2008, Noam Rathaus wrote:
> I don't know specifically on RHEL5 but from experience it is hard to get new 
> updates for unmaintained versions of Redhat (I had issues finding packages 
> for RedHat 7 which is now ancient :) ).

Seems like you mix RHEL5 (Mar 2007) with old Red Hat Linux 5 (Nov 1997).

David referred to RHEL5, which like its predecessors will be
supported (in different support levels) for 7 years.

It's latest update is RHEL5.2 (released 21 May, 2008)

-- 
Oron Peled Voice/Fax: +972-4-8228492
[EMAIL PROTECTED]  http://www.actcom.co.il/~oron
Linux: Opening doors and shattering Windows.

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

no webmin in hardy reposirories. is it outdated ? what is it's successor ?

[Erez D]

hi

i have just installed a hardy server. i wanted to add easy web-based
configuration, but webmin was not found in the repositories ...

is there a new preferred software instead of it for ubuntu ?


10x,
erez.

Re: no webmin in hardy reposirories. is it outdated ? what is it's successor ?

[Noam Rathaus]

Hi Erez,

Webmin is 'dead' it became 'oldstable' under debian.

I do not know why.

But happily enough the guys built their own deb, which you can use:
http://prdownloads.sourceforge.net/webadmin/webmin_1.430_all.deb

I know its more 'maintained', and since webmin is mainly scripts, there is no 
dangers of conflicts

On Sunday 21 September 2008 14:25:05 Erez D wrote:
> hi
>
> i have just installed a hardy server. i wanted to add easy web-based
> configuration, but webmin was not found in the repositories ...
>
> is there a new preferred software instead of it for ubuntu ?
>
>
> 10x,
> erez.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: no webmin in hardy reposirories. is it outdated ? what is it's successor ?

[Tzafrir Cohen]

On Sun, Sep 21, 2008 at 02:42:25PM +0300, Noam Rathaus wrote:
> Hi Erez,
> 
> Webmin is 'dead' it became 'oldstable' under debian.
> 
> I do not know why.

Its maintainer did not have time anymore, and nobody stepped in.

> 
> But happily enough the guys built their own deb, which you can use:
> http://prdownloads.sourceforge.net/webadmin/webmin_1.430_all.deb
> 
> I know its more 'maintained', and since webmin is mainly scripts, there is no 
> dangers of conflicts

Hopefully. The upstream deb pakage is strangely made. furthermore,
webmin is a package that messes with the configuration of your system,
and thus can easily cause conflicts :-)

-- 
Tzafrir Cohen | [EMAIL PROTECTED] | VIM is
http://tzafrir.org.il || a Mutt's
[EMAIL PROTECTED] ||  best
ICQ# 16849754 || friend

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: no webmin in hardy reposirories. is it outdated ? what is it's successor ?

[Erez D]

thanks all for replying

i found some sw called ebox
which someone wrote is ubuntu's official replacement for webmin ...
well, after 'apt-get install ebox ebox-network etc ...' - it seems nice ...


10x
erez.

On Sun, Sep 21, 2008 at 3:24 PM, Tzafrir Cohen <[EMAIL PROTECTED]>wrote:

> On Sun, Sep 21, 2008 at 02:42:25PM +0300, Noam Rathaus wrote:
> > Hi Erez,
> >
> > Webmin is 'dead' it became 'oldstable' under debian.
> >
> > I do not know why.
>
> Its maintainer did not have time anymore, and nobody stepped in.
>
> >
> > But happily enough the guys built their own deb, which you can use:
> > http://prdownloads.sourceforge.net/webadmin/webmin_1.430_all.deb
> >
> > I know its more 'maintained', and since webmin is mainly scripts, there
> is no
> > dangers of conflicts
>
> Hopefully. The upstream deb pakage is strangely made. furthermore,
> webmin is a package that messes with the configuration of your system,
> and thus can easily cause conflicts :-)
>
> --
> Tzafrir Cohen | [EMAIL PROTECTED] | VIM is
> http://tzafrir.org.il || a Mutt's
> [EMAIL PROTECTED] ||  best
> ICQ# 16849754 || friend
>
> =
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
>
>

Re: Security question - Clipperz anyone?

[sara fink]

Hi amos

I checked a little bit about clipperz.com.

The fact that it's open source it doesn't make it secure. The passwd is
saved on their server (even though it's encrypted). Encrypted data is
reversible. No matter what.

This raises few questions: 1. How much you trust them. Dictionary attack,
brute force attack, rainbow hash tables are just a few to mention in this
case.

2. A potential hacker will be attracted to their site. How long it will take
to hack it? See this
http://www.downloadsquad.com/2007/03/27/a-1-second-reminder-why-you-should-use-better-passwords/

3. Key loggers? They have 1 time passphrase?

4. My 2 cents thoughts, they keep your passphrase and hide it as useful
software.

5. What happens if they are DOS attacked?  there are many more aspects to
this, but you get the idea.

6. Security disk linux (backdoor and written by nsa). If you check the code,
you can change it, but how many people will do that?

Personally, I wouldn't trust them.


On Wed, Sep 17, 2008 at 3:45 AM, Amos Shapira <[EMAIL PROTECTED]>wrote:

> Hello,
>
> I just heard about Clipperz (clipperz.com), a free, open-source based
> online encrypted password vault which promises that your passwords
> never leave your browser in cleartext when sent to them.
>
> It looks appealing for use both privately and for my work. Currently I
> use pwman3 for both but this means that:
> 1. If I'm away from home I don't have access to all my passwords (and
> I use individual passwords to all the sensitive sites like eBay,
> PayPal, banks, google etc). I already remember by heart many of the
> different passwords but not all.
> 2. When I'm outside the office and need a rarely used password to
> access a server, I have to be able to VPN+ssh back and access the
> computer with the pwman3 database in order to retrieve passwords
> relating to work (e.g. remotley hosted server passwords, which I
> hardly use because I relay on public ssh keys, but sometimes that's
> not available).
>
> Using clipperz.com sounds like a good solution for both situations. I
> heard at least about one commercial company which uses their online
> service to "host" their passwords.
>
> They also provides all sorts of ways to backup the data so in case
> they are gone, there is still their code and the user's data around to
> retrieve it.
>
> Since it's open source, I'm thinking to start with a local server on
> the internal network but the hosted service sounds appealing.
>
> My question - has any of the security experts here heard about them,
> their technology or maybe code they base their project on and can give
> a quick, at least semi-informed, "thumbs up/down" about what they
> think about this service?
>
> Thanks,
>
> --Amos
>
> =
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
>
>

Telling libtool/automake to be less anal

[Shachar Shemesh]

Hi all,

Libtool is a great tool, and it fits nicely with automake and autoconf, 
making it extremely simple to just take a new project, write a few (less 
than 10) lines to instructions, and get a project that already builds 
static and shared libraries, including support for cross build, out of 
tree builds, make install/uninstall, strip and even packaging the 
sources into a distribution tar ball. Just great.


Except...

I have a problem. The libtool/automake duo, in an attempt to educate the 
developer crowed, forces you to create a library of the form 
"libsomething.so.v.v.v" (where the v's are version numbers). It has no 
other form. As far as standard libraries go, this is not such a huge 
problem. It does become a problem in some border cases.


Case in point: You want to develop a mozilla plugin. It is harmless but 
makes no sense to have the plug-in's name begin with "lib". Also, if the 
plugin's name does not end in ".so", Mozilla will refuse to load it. 
Worse, Mozilla explicitly resolves symbolic links, so merely putting the 
file name as libtool created it (libplugin.so.0.1.2) and placing a 
symbolic link to it will not work. The file has to actually be called 
"libplugin.so".


Here's the question - is it possible to tell the duo to not be so anal 
about the whole thing? I want to create a project that will allow me to 
use automake and libtool to create shared objects, but not force me to 
name them with "lib" at the beginning and the API version number at the 
end. Is it possible?


Alternatively, I would like to use only automake, let go of using 
libtool, and do the same. Problem is, automake has several types of 
programs it builds. These are PROGRAMS for executables, LIBRARIES for 
static libraries, DATA for just data, LTLIBRARIES for libraries built 
through libtool, and a few other non-built files. It does not have ANY 
support for custom build types. The closest I got was:


plugindir = $(libdir)/mozilla/plugins
plugin_LIBRARIES = plugin.so

plugin_so_SOURCES = plugin.c
plusing_so_CFLAGS = -fpic

plugin.so: $(plugin_so_OBJECTS) $(plugin_so_DEPENDENCIES)
   -rm -f plugin.so
   $(CC) -shared $(plugin_so_OBJECTS) -o $@


While not horrible, that last rule is a clean copy of the same rule as 
automake would have created, replacing the static library build rule 
with a shared library build rule. It works, but each time anything is 
updated I get the error:

Makefile.am:3: `plugin.so' is not a standard library name
Makefile.am:3: did you mean `libplugin.a'?


Again, the question is whether there is a way to make automake less anal 
about the whole thing?


Thanks,
Shachar

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Security question - Clipperz anyone?

[Moish]

sara fink wrote:

Hi amos

I checked a little bit about clipperz.com .

The fact that it's open source it doesn't make it secure. The passwd is 
saved on their server (even though it's encrypted). Encrypted data is 
reversible. No matter what.


This raises few questions: 1. How much you trust them. Dictionary 
attack, brute force attack, rainbow hash tables are just a few to 
mention in this case. 

2. A potential hacker will be attracted to their site. How long it will 
take to hack it? See this 
http://www.downloadsquad.com/2007/03/27/a-1-second-reminder-why-you-should-use-better-passwords/


3. Key loggers? They have 1 time passphrase?

4. My 2 cents thoughts, they keep your passphrase and hide it as useful 
software.


5. What happens if they are DOS attacked?  there are many more aspects 
to this, but you get the idea.


6. Security disk linux (backdoor and written by nsa). If you check the 
code, you can change it, but how many people will do that?


Personally, I wouldn't trust them.


On Wed, Sep 17, 2008 at 3:45 AM, Amos Shapira <[EMAIL PROTECTED] 
> wrote:


Hello,

I just heard about Clipperz (clipperz.com ), a
free, open-source based
online encrypted password vault which promises that your passwords
never leave your browser in cleartext when sent to them.

It looks appealing for use both privately and for my work. Currently I
use pwman3 for both but this means that:
1. If I'm away from home I don't have access to all my passwords (and
I use individual passwords to all the sensitive sites like eBay,
PayPal, banks, google etc). I already remember by heart many of the
different passwords but not all.
2. When I'm outside the office and need a rarely used password to
access a server, I have to be able to VPN+ssh back and access the
computer with the pwman3 database in order to retrieve passwords
relating to work (e.g. remotley hosted server passwords, which I
hardly use because I relay on public ssh keys, but sometimes that's
not available).

Using clipperz.com  sounds like a good solution
for both situations. I
heard at least about one commercial company which uses their online
service to "host" their passwords.

They also provides all sorts of ways to backup the data so in case
they are gone, there is still their code and the user's data around to
retrieve it.

Since it's open source, I'm thinking to start with a local server on
the internal network but the hosted service sounds appealing.

My question - has any of the security experts here heard about them,
their technology or maybe code they base their project on and can give
a quick, at least semi-informed, "thumbs up/down" about what they
think about this service?

Thanks,

--Amos


Download the community verion and install on your own server.
Works ok. Still rough UI and hickups here and there but serves
roaming needs.
One time passphrase is a great idea.
I don't have the skills to check their security concept in depth
but is seems ok.

Moish



=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Clustering/Failover Project

[Noam Rathaus]

Hi,

We are looking for someone to implement a warm-failover, where our existing 
MySQL, Apache and Linux based system will have complete and immediate 
failover (two identical servers either working in parallel or one kicking 
into action when the second one fails, all the while replicating).

Objective:
 * Our system is based on a Linux, MySQL and Apache
 * We want to allow the failure of one server, due to some hardware or
network failure or a manual decision, to turn over all responsibilities to the
second server

Requirements:
 * Failover must synchronize all the data stored in MySQL and be transparent
and seamless - possibly only up to the last few minutes before the failure
 * Has to be implemented into an existing Debian based system
 * No additional hardware should be added unless absolutely required
 * You will need to provide a full guide to the implementation, in addition to 
Perl based scripts to support the failover, a control script to monitor 
status, initiate failover, and recover from failover
 * You need to allow failover to work across an IP based network, where the 
two server are physically distant from each other


I am not looking for general commentary about my project design, philosophical 
comments about failovers or non-topic replies. I'm also not interested in 
replies telling me there's a project that does exactly that (and only 
requires a few tiny customizations that will take days). I'm only looking for 
people who would like to be paid to develop the project and give it to 
us "turnkey", even it is only to customize an existing project that does it.

Please contact me off list with a short description of your experience and 
availability.

-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Telling libtool/automake to be less anal

[Oron Peled]

On Sunday, 21 בSeptember 2008, Shachar Shemesh wrote:
> I have a problem. The libtool/automake duo, in an attempt to educate the 
> developer crowed, forces you to create a library of the form 
> "libsomething.so.v.v.v" (where the v's are version numbers). It has no 
> other form. As far as standard libraries go, this is not such a huge 
> problem. It does become a problem in some border cases.
> 
> Case in point: You want to develop a mozilla plugin. It is harmless but 
> makes no sense to have the plug-in's name begin with "lib". Also, if the 
> plugin's name does not end in ".so"

It's basically the same case as any dlopen'ed module, where the
application may elect any name it likes, but with a (platform
dependent) suffix (.so in the Linux case)

Libtool has a standard '-module' option for this which is used during
linking (--mode=link) and weirdly enough is passed as an argument *after*
the gcc argument (but parsed and handled by libtool... hmmm).

For the details you'd want to look at:
 info libtool dlopen building

Hope it helps,

-- 
Oron Peled Voice/Fax: +972-4-8228492
[EMAIL PROTECTED]  http://www.actcom.co.il/~oron
Promises are like babies: fun to make, but hell to deliver.
   -- Nadav Har'El

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Clustering/Failover Project

[Oleg Goldshmidt]

Noam Rathaus <[EMAIL PROTECTED]> writes:

> I'm also not interested in replies telling me there's a project that
> does exactly that (and only requires a few tiny customizations that
> will take days).

Well, how about a couple of hours, including RTFM? LinuxHA (heartbeat,
http://www.linux-ha.org) + DRBD (http://www.drbd.org,
http://linux-ha.org/DRBD) is the most common linux HA solution, works
great with MySQL (http://www.mysql.com/products/enterprise/drbd.html),
comes with most linux distros [1,2], and thus is likely already
installed on your system.

Anyway, I am not available for this gig, so feel free to pay whoever
does this for you. If I were you, I would insist on hearing real hard
arguments before deciding on a competing solution.

One such argument may be "we absolutely cannot move MySQL data onto a
separate partition, because (a really good argument goes here)".

[1] Debian included
[2] RedHat is the only exception I know of, I suppose because they 
have their own clustering product - of course RPMs are there.

Hope this helps,

-- 
Oleg Goldshmidt | [EMAIL PROTECTED]

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Clustering/Failover Project

[Michael Tewner]

I've set up a system just like this and it's been up for over a year happily
chugging along...

On Mon, Sep 22, 2008 at 12:44 AM, Oleg Goldshmidt <[EMAIL PROTECTED]>wrote:

> Noam Rathaus <[EMAIL PROTECTED]> writes:
>
> > I'm also not interested in replies telling me there's a project that
> > does exactly that (and only requires a few tiny customizations that
> > will take days).
>
> Well, how about a couple of hours, including RTFM? LinuxHA (heartbeat,
> http://www.linux-ha.org) + DRBD (http://www.drbd.org,
> http://linux-ha.org/DRBD) is the most common linux HA solution, works
> great with MySQL (http://www.mysql.com/products/enterprise/drbd.html),
> comes with most linux distros [1,2], and thus is likely already
> installed on your system.
>
> Anyway, I am not available for this gig, so feel free to pay whoever
> does this for you. If I were you, I would insist on hearing real hard
> arguments before deciding on a competing solution.
>
> One such argument may be "we absolutely cannot move MySQL data onto a
> separate partition, because (a really good argument goes here)".
>
> [1] Debian included
> [2] RedHat is the only exception I know of, I suppose because they
>have their own clustering product - of course RPMs are there.
>
> Hope this helps,
>
> --
> Oleg Goldshmidt | [EMAIL PROTECTED]
>
> =
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
>
>