et
known by all your web servers. This is not a new concept, nor a
difficult one. It can even be implemented using PHP, though a C apache
module is smarter.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/
--
ports. 1000baseT works, take advantage of it.
I hope you'll think about a solution other than mysql for this problem,
though. It's not the right tool for session management on such a scale.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Ele
a router and does several mbits/sec
24x7, and that packet loss affected all the TCP sessions going over it,
limiting them to around 400Kbits/sec throughput due to TCP backoff :-(
I hope this is helpful.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elem
ully complete an HTTP/1.1 request.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/
signature.asc
Description: This is a digitally signed message part
See ISC.ORG for information on new BIND vulnerabilities. Current bind
package in woody is 8.3.3, which is an affected version. Patches are
not available yet, it seems.
http://www.isc.org/products/BIND/bind-security.html
--
Jeff S Wheeler [EMAIL PROTECTED]
Software Development
pooky
software than known-to-be-exploitable software :-)
Thanks for the suggestion, Sonny.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/
On Tue, 2002-11-12 at 13:53, Sonny Kupka wrote:
> Why not use Bin
apparent differences and I'd be happy to whip up a Perl
script and post it to the debian-isp list. We have hundreds of zones as
well, and if it there had been a file format problem, I would had to
have done so in order to make the upgrade work.
--
Jeff S Wheeler <[EMAIL PROTECTED]>
O
that would allow binary distribution, or distribution of
patched sources, is well-intentioned, but I cannot agree with it.
--
Jeff S Wheeler <[EMAIL PROTECTED]>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tue, 2003-01-14 at 17:15, Jan V wrote:
> If you want to know the compile-options for eg cowsay: 'apt-get source
> cowsay' then go to the debian dir that has been created
/ I enjoyed your cowsay reference. It is \
\ very popular on EFnet.
I am concerned that might slow down packet forwarding, but I
can probably live with that.
Has anyone on the list encountered similar problems? If so, is this the
approach you took to solve them or did you do something else?
Thanks,
--
Jeff S Wheeler <[EMAIL PROTECTED]>
[EMAIL PROTECTED]
32 0 21348
622244
-/+ buffers/cache: 220556 812824
Swap: 497972 0 497972
[EMAIL PROTECTED]:~#
--
Jeff S Wheeler <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
I'm guessing he would have to compile something in order to apply that
patch.
- jsw
-Original Message-
From: Robert Davidson [mailto:[EMAIL PROTECTED] Behalf Of
Robert Davidson
Sent: Monday, February 26, 2001 6:09 PM
To: Michelle Konzack
Cc: debian-isp
Subject: Re: isdn4linux
On Sat, F
I would guess that their intention is to discourage folks from running it on
big iron Sun / IBM boxes that have the ability to run linux or linux
applications on top of another OS. I imagine they want you to pay them for
that. :)
- jsw
-Original Message-
From: Przemyslaw Wegrzyn [mailto
don't grok ethernet, so below is that message for the benefit of everyone.
-Original Message-
From: Jeff S Wheeler [mailto:[EMAIL PROTECTED]
Sent: Friday, March 16, 2001 11:44 PM
To: Mike Fedyk
Subject: RE: arpwatch and more
An ethernet switch won't send frames to "multiple po
ot;conflict". Thats it. Thats all it said (oh how helpful). This is a Cisco
switch btw.
Please... ANY suggestions and help would be greatly appreciated.
Sincerely,
Jason Lim
- Original Message -
From: "Jeff Waugh" <[EMAIL PROTECTED]>
To: "Jason Lim" <[EMAI
Duehr
Sent: Tuesday, April 17, 2001 12:24 AM
To: Jeff S Wheeler
Cc: Jason Lim; debian-isp@lists.debian.org
Subject: Re: Auto 10/100Mb card fallback from 100 to 10 on 100Mb network
On Sun, Apr 15, 2001 at 05:09:55PM -0400, Jeff S Wheeler wrote:
> I suggest you spend 39$ on an Intel eepro100
I stayed in the Philadelphia Central City Marriott a little while ago, and
they had a great third-party provided product called STSN(?). It was a
little box with an ethernet port that worked instantly with no difficulties.
It could assign settings to you based on DHCP if your laptop required that,
s/ports/packets/; If "ethernet frame" isn't a better term, which it probably
was given the potential to confuse IP packets and ethernet packets, or
frames.
- jsw
-Original Message-
From: Jeff S Wheeler [mailto:[EMAIL PROTECTED]
Sent: Sunday, April 22, 2001 10:30 PM
Computone makes several products that might suit your need, and their boxes
range in configuration from a fixed 16 port configuration to their
PowerRack, which has been renamed to Something2000. It'll support 64 ports
and has various marketspeak things. You can also load a handy-dandy linux
kerne
The header size is not so fixed, actually. If you use cookies on your site
the client will send them to you upon each request. You might have CGIs and
such that update cookies frequently as well, which would reduce your
efficiency yet more. There are a lot of factors here, but the real issue is
Are your DSL uplinks from different ISPs, or from the same IP provider? If
they are differing providers, there is no way you can feasably implement
BGP. If they are redundant paths to the same ISP you could ask them to
issue you a reserved ASN (65512 - 65535) and announce your /28 into their
netw
ginal Message-
From: Mike Fedyk [mailto:[EMAIL PROTECTED] Behalf Of Mike Fedyk
Sent: Saturday, May 26, 2001 4:35 PM
To: Jeff S Wheeler
Cc: debian-isp@lists.debian.org; debian-firewall@lists.debian.org
Subject: Re: Multiple DSLs, and switching incoming route upon failure?
On Fri, May 25, 2001
I have a 2.4.4 machine with two Pentium III 833MHz CPUs and an AcceleRAID
170/64MB with a pair of IBM Ultra160 disks on it, all on a Tyan Thunder 2500
LE3(?) motherboard. It has on-board SCSI as well, symbios 53c1010 chipset,
and everything works okay. I can't get the controller's cache to read a
ied to do so. Does
anyone else use CCBill, and if so have you had differing experiences? How
about with other companies that provide similar products?
---
Jeff S Wheeler [EMAIL PROTECTED]
Software Development Five Elements, Inc.
http://www.five-elements.com/~jsw/ 502-339-3527 Office
Since we're on the topic of colocation space this morning, I thought I would
post and ask if anyone has colocation cabinet space available at a Level(3)
or similar facility. Currently we colocate with a small ISP and are very
happy with their service, but we would like to be able to offer better
p
What is the DUL?
- jsw
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Doug Alcorn
Sent: Thursday, June 07, 2001 11:28 PM
To: Debian ISP List
Subject: Re: Have you been hacked by f*ck PoizonBOx?
Michelle Konzack <[EMAIL PROTECTED]> writes:
> America Onli
Also, stock 2.4.x series kernel limits supplementary groups to 32. There
would be a per-process penalty for increasing that limit. You could patch
apache to include the supplemental groups when it forks children (if it does
not do this already..), but overall that is a bad solution.
See NGROUPS
Quite frankly, it's dumb as hell to try to half-ass a redundancy solution
when you evidently need as close to 100% uptime as you can get. You need to
either spend the bucks on leased lines from tier-1 carriers and run BGP
(contracting with someone for assistance if you don't have the know-how
yet)
I have been reading this thread and noticed no one has suggested the MAC
address filtering capabilities in Linux 2.4's new ip tables subsystem. I
hear there are serious problems with using 2.4.x series kernels as a
firewall, though; what are they?
- jsw
-Original Message-
From: Gerard M
bring their laptop in
and hop on napster at 100Mbit.
- jsw
-Original Message-
From: Gerard MacNeil [mailto:[EMAIL PROTECTED]
Sent: Monday, July 02, 2001 5:39 AM
To: debian-isp@lists.debian.org
Subject: Re: users bypassing shaper limitation
On Sun, 1 Jul 2001 15:59:34 -0400, "Jef
:[EMAIL PROTECTED] Behalf Of Holger
Lubitz
Sent: Tuesday, July 03, 2001 9:08 AM
To: debian-isp@lists.debian.org
Subject: Re: users bypassing shaper limitation
Jeff S Wheeler proclaimed:
> cards around. If I do not, they will grumble and/or disable the ethernet
> ports that unknown MAC addresses
You can use the hdparm utility to discover what mode your disks are
operating in. Notice the second-to-last line that begins with 'DMA modes:'.
The '*' next to udma4 indicates it is operating in that mode, which equates
to something commonly called ATA/66. :-)
intrepid:/home/jsw# hdparm -i /dev/
The 3ware cards work really well. www.3ware.com and check out the Escalade
6200/6400? or 7xxx series if you have 64-bit PCI slots.
- jsw
-Original Message-
From: Andrew Kaplan [mailto:[EMAIL PROTECTED]
Sent: Monday, November 05, 2001 5:20 PM
To: Debian-Isp
Subject: hardware raid
I'm l
Yes, please visit 3ware's web site. Their Escalade controller takes ATA/66
and ATA/100 disks, and provides a SCSI interface to the OS. Drivers for
linux and various Windows platforms are available. I've had good
experiences with their controllers and use them in production.
- jsw
-Origina
You probably want to use the SCSI Tape driver for that. As I understand,
pretty much all SCSI tape drives have a similar set of commands and
features. Your Compaq EOD003 probably operates similarly to my HP 88980,
which is an ancient 9-track drive :-)
The mt(1) program can be used to position th
I'd also be interested to know what other folks are doing for this. We use
webalizer, but we keep seperate stats & reports per each web site. I then
have a program that reads the webalizer.hist file for each site and updates
an SQL table with information for each site. If someone needed more dat
We do all our log processing as a user called "stats" on one of our
machines. The root accounts on all our web servers have their ssh public
keys in the stats user's authorized_keys file, and they run a nifty log
rotation program that uploads the log data to the box we do all our log
analysis/etc
>>However, I have noticed something strange. I must keep "outbound" traffic
>>flowing or they forget their ARP table for some strange reason. I keep an
AFAIK that ethernet chipset is not particularly advanced. ARP is not a
function of the card itself, nor the low-level driver. ARP resolution wor
mailing list, but I always hear that
Debian as an organization is often too burdened with internal bickering
and politics to move forward with big changes. Is that the case here?
Just curious, not trying to start a flame war.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software Develop
ap a bit more
than I usually do. What do other folks on this list do? Zero swap? As
much swap as physical memory? More? Why? Can you change the swapper's
priority, and does this help when your machine starts swapping heavily?
Thanks for the opinions.
--
Jeff S Wheeler [
Packet
> routing, filtering, masquerading really doesn't require much CPU
> horsepower.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/
IOS doesn't have protected memory, is that not correct? It's like old
multitasking systems where you didn't have virtual memory. :/
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/
et
known by all your web servers. This is not a new concept, nor a
difficult one. It can even be implemented using PHP, though a C apache
module is smarter.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/
--
ports. 1000baseT works, take advantage of it.
I hope you'll think about a solution other than mysql for this problem,
though. It's not the right tool for session management on such a scale.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Ele
e copy of libc, but it seems workable.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
er and does several mbits/sec
24x7, and that packet loss affected all the TCP sessions going over it,
limiting them to around 400Kbits/sec throughput due to TCP backoff :-(
I hope this is helpful.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elem
successfully deploy BGP, and your two ISPs may not
even be staffed or equipped to deliver BGP sessions to you. If you want
to undertake it anyway, I strongly urge you to contract a consultant who
can help you and possibly your ISPs through the process.
I hope this helps.
--
Jeff S Wheeler
e the
general Internet is accessing services at your site, you would be _far_
smarter to colocate one or more PCs with a colocation supplier, than to
try to do fail-over with DNS. It's a bad solution, won't work all the
time, you'll have TTL issues, etc. etc. but it is possible.
s not very smart, and will do a DNS
lookup on every request even if you are trying to block by IP. If the
IP route null0 method ever fails me, I will patch apache to fix this.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-el
-hand information only, please.
--
Jeff S Wheeler <[EMAIL PROTECTED]>
-Forwarded Message-
From: CERT(R) Coordination Center <[EMAIL PROTECTED]>
To: nanog@merit.edu
Cc: CERT(R) Coordination Center <[EMAIL PROTECTED]>
Subject: VU#210321
Date: 10 Sep 2002 10:16:14 -0400
-B
ully complete an HTTP/1.1 request.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/
signature.asc
Description: This is a digitally signed message part
See ISC.ORG for information on new BIND vulnerabilities. Current bind
package in woody is 8.3.3, which is an affected version. Patches are
not available yet, it seems.
http://www.isc.org/products/BIND/bind-security.html
--
Jeff S Wheeler [EMAIL PROTECTED]
Software Development
pooky
software than known-to-be-exploitable software :-)
Thanks for the suggestion, Sonny.
--
Jeff S Wheeler [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/
On Tue, 2002-11-12 at 13:53, Sonny Kupka wrote:
> Why not use Bin
apparent differences and I'd be happy to whip up a Perl
script and post it to the debian-isp list. We have hundreds of zones as
well, and if it there had been a file format problem, I would had to
have done so in order to make the upgrade work.
--
Jeff S Wheeler <[EMAIL PROTECTED]>
O
I am concerned that might slow down packet forwarding, but I
can probably live with that.
Has anyone on the list encountered similar problems? If so, is this the
approach you took to solve them or did you do something else?
Thanks,
--
Jeff S Wheeler <[EMAIL PROTECTED]>
[EMAIL PROTECTED]
32 0 21348
622244
-/+ buffers/cache: 220556 812824
Swap: 497972 0 497972
[EMAIL PROTECTED]:~#
--
Jeff S Wheeler <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
rwhoisd.
Does anyone else on the list run an RWHOIS server, and if so, which one?
An apt-cache search revealed little, as did a freshmeat.net query. If
other on the list are in the same boat I am, perhaps we could put our
heads together and come up with a free-as-in-debian alternative.
--
Jeff S
m but I suppose it is feasable. It
would be better to check other options first. Incidentally I am running
2.4.20 on my home NFS server and have no similar problems. I have not
upgraded to 2.4.20 on any of my NFS clients yet.
--
Jeff S Wheeler
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
boards with several of these
chipsets on-board. I have a number of Tyan mainboards with as many as 3
on-board Intel-based ethernet ports.
--
Jeff S Wheeler <[EMAIL PROTECTED]>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
this is a helpful start. You'll need to do some configuration
work on OSPF and Zebra itself as well, but we'll need to look at more
specifics of your setup to do that.
--
Jeff S Wheeler <[EMAIL PROTECTED]>
Five Elements, Inc.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
r flaps, in which case zebra consumes a lot of
CPU power reconfiguring the FIB. It's a shame that the Linux kernel
doesn't make the FIB structures accessible directly via an interface
similar to /dev/kmem so zebra could simply mmap(2) it in and make large
writes instead of small ioctl(
ng the Intel
e100/e1000 drivers, are superb. I suspect the 3c59x driver is not quite
so modern, and the kernel is preempted by NIC interrupts frequently when
new frames come in under your existing bridge configuration.
--
Jeff S Wheeler <[EMAIL PROTECTED]>
Five Elements, Inc.
--
To UNSUB
seems another poster had similar trouble
in Dec'02, but there were no apparent follow-up posts. Google has also
been less than revealing on this topic. All suggestions entertained.
--
Jeff
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble?
restrictions on their office or ISP mail server.
--
Jeff
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
every operation. You already spent a
lot of money on that server. I suggest you buy more disks for RAID 10.
--
Jeff
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ards to work.
--
Jeff
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Sat, 2004-02-21 at 14:50, charlie derr wrote:
> > 5. Drive usage control (i.e. user only get 10M for mail and 15M for web)
>
> We have quotas implemented on the web and mail servers. This is a daily
>task though (raising quotas of people who've exceeded their default)
You could automate
t to issue the gdb command `backtrace`, and send that output
to the mailing list. Just issue `q` after you've got that to detach.
What version of Apache are you running, and with what modules?
--
Jeff
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
sh the PHP CGI stuff worked right, as if it did, we would opt to use
that instead of the Apache PHP module. It may be slower, but at least
that would limit what users can fuck up with third-party PHP scripts. :(
I hope this helps!
--
Jeff S Wheeler
--
To UNSUBSCRIBE, email to [EMAIL P
Regarding that mail filtering message, that seems to have come from some
third party who reads the list. I guess it is not mailing list aware.
On Sat, 2004-02-28 at 15:14, Marty Landman wrote:
> Jeff, do you think that the apps are trying to flock the file? I'm curious
> what th
hardware like vmware.
--
Jeff
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
tack has set DF?
Kind thanks,
--
Jeff S Wheeler <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
rwhoisd.
Does anyone else on the list run an RWHOIS server, and if so, which one?
An apt-cache search revealed little, as did a freshmeat.net query. If
other on the list are in the same boat I am, perhaps we could put our
heads together and come up with a free-as-in-debian alternative.
--
Jeff S
this is a helpful start. You'll need to do some configuration
work on OSPF and Zebra itself as well, but we'll need to look at more
specifics of your setup to do that.
--
Jeff S Wheeler <[EMAIL PROTECTED]>
Five Elements, Inc.
r flaps, in which case zebra consumes a lot of
CPU power reconfiguring the FIB. It's a shame that the Linux kernel
doesn't make the FIB structures accessible directly via an interface
similar to /dev/kmem so zebra could simply mmap(2) it in and make large
writes instead of small ioctl(
ng the Intel
e100/e1000 drivers, are superb. I suspect the 3c59x driver is not quite
so modern, and the kernel is preempted by NIC interrupts frequently when
new frames come in under your existing bridge configuration.
--
Jeff S Wheeler <[EMAIL PROTECTED]>
Five Elements, Inc.
seems another poster had similar trouble
in Dec'02, but there were no apparent follow-up posts. Google has also
been less than revealing on this topic. All suggestions entertained.
--
Jeff
restrictions on their office or ISP mail server.
--
Jeff
every operation. You already spent a
lot of money on that server. I suggest you buy more disks for RAID 10.
--
Jeff
ards to work.
--
Jeff
hardware like vmware.
--
Jeff
I'm guessing he would have to compile something in order to apply that
patch.
- jsw
-Original Message-
From: Robert Davidson [mailto:[EMAIL PROTECTED]]On Behalf Of
Robert Davidson
Sent: Monday, February 26, 2001 6:09 PM
To: Michelle Konzack
Cc: debian-isp
Subject: Re: isdn4linux
On Sa
I would guess that their intention is to discourage folks from running it on
big iron Sun / IBM boxes that have the ability to run linux or linux
applications on top of another OS. I imagine they want you to pay them for
that. :)
- jsw
-Original Message-
From: Przemyslaw Wegrzyn [mailt
don't grok ethernet, so below is that message for the benefit of everyone.
-Original Message-
From: Jeff S Wheeler [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 16, 2001 11:44 PM
To: Mike Fedyk
Subject: RE: arpwatch and more
An ethernet switch won't send frames to "
lict". Thats it. Thats all it said (oh how helpful). This is a Cisco
switch btw.
Please... ANY suggestions and help would be greatly appreciated.
Sincerely,
Jason Lim
- Original Message -
From: "Jeff Waugh" <[EMAIL PROTECTED]>
To: "Jason Lim" <[EMAIL PROTE
Nate
Duehr
Sent: Tuesday, April 17, 2001 12:24 AM
To: Jeff S Wheeler
Cc: Jason Lim; [EMAIL PROTECTED]
Subject: Re: Auto 10/100Mb card fallback from 100 to 10 on 100Mb network
On Sun, Apr 15, 2001 at 05:09:55PM -0400, Jeff S Wheeler wrote:
> I suggest you spend 39$ on an Intel eepro100 (z-buy.
I stayed in the Philadelphia Central City Marriott a little while ago, and
they had a great third-party provided product called STSN(?). It was a
little box with an ethernet port that worked instantly with no difficulties.
It could assign settings to you based on DHCP if your laptop required that
s/ports/packets/; If "ethernet frame" isn't a better term, which it probably
was given the potential to confuse IP packets and ethernet packets, or
frames.
- jsw
-Original Message-
From: Jeff S Wheeler [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 22, 2001 10:3
Computone makes several products that might suit your need, and their boxes
range in configuration from a fixed 16 port configuration to their
PowerRack, which has been renamed to Something2000. It'll support 64 ports
and has various marketspeak things. You can also load a handy-dandy linux
kern
The header size is not so fixed, actually. If you use cookies on your site
the client will send them to you upon each request. You might have CGIs and
such that update cookies frequently as well, which would reduce your
efficiency yet more. There are a lot of factors here, but the real issue is
201 - 290 of 290 matches
Mail list logo
