> Due to the fact that this IIS server is exposed to the internet, we
> obviously need to secure it as best we can.
apt-cache show pound
This is a tool built specifically for such purpose.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
re might be some race
condition there, because I've seen similiar errors during peek load.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
r samba fileserver is not as easy as with ftp servers (this
is party because of protocol nature, but not that much ).
btw, I'd be very interested if someone knew solution to this that does not
require modifying samba source and then maintaining your own packages...
--
Dariush Pietrzak,
Key f
> filesystems into the chroot you want to rsync. Since Linux does not
> support read-only loopback mounts, this leaves them open not only for
> reading but also for writing...
It does support read-only bind mounts though.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8
d mount extensions/bme'
project here: http://www.13thfloor.at/patches/
and now they're part of vserver project, http://linux-vserver.org/
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
9 UTC 2006 i686
GNU/Linux
Package: linux-image-2.6.18-3-vserver-686
Priority: optional
Section: admin
Installed-Size: 49716
Maintainer: Debian Kernel Team
Architecture: i386
> builds? After first packaging them as a Debian kernel patch package? I
are you attacking me for not being annoying
Uh, i lost that mail, but: Re: vrrpd.
there is another nice thing going for vrrpd -> it works not only on linux,
I had a cluster set up between freebsd and linux.
--
Dariush Pietrzak,
"Who are we helping? - the girl. - Typical."
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 B
u can't, can you.. )
The task here is fairly simple, why do I need to set up so many different
tools?
If anyone decides to start writing monitoring tool, I'd be happy to join
the team.
--
Dariush Pietrzak,
"Who are we helping? - the girl. - Typical."
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
project ( vide early days of big-brother/big-sister ) )
regards,
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
his data?
Actually I believe rrd is a wonderfull tool and a work of art, it's just
it's not applicable to ANY situation and people seem to do that.
Goes like this:
what is some tool and plot graphs...
Why it's mrtg/rrdtool.
It's great. But there is no alternative. And th
thread?
only usefull thing I see is addedd check for 'is_dumpable' in
ptrace_check_attach, and is_dumpable macro that checks tsk and also tsk->mm
for 'is_dumpable'.
Is this ok?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
k magazine articles )
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
l is to
force cracker to search memory to find entry points.
That's like hiding key to your door under your doormat.
> Security-by-obscurity refers to securing things by relying on the
> obscurity of the _processes and functionality_ behind the security system,
that fits this descripti
hear about it.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
re routers using ipsec, and ppp/ssh is
more of a toy/temporary solution.
regards,
--
Dariush Pietrzak,
She swore and she cursed, that she never would deceive me
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
n the DMZ. Is that
And then there is pound, which does exactly that.
I've got it packaged and hope to upload soon.
It's also fairly easy to write something like this in DIY manner, i'm
currently using such solution written in perl.
--
Dariush Pietrzak,
She swore and she curs
> is there a package available (similar to the ftp-package which can be
> found in the pear-lib) to use ftp with ssl? I'm not looking for SFTP
> (SSH-filetransfer) but SSL with "AUTH SSL" at the beginning of the
for server - proftpd, for client - for example lftp.
-
server that would provide password. It would go something like this
- machines boots, ask your server about password, decrypts the data.
This way unplugging machine brings no immediate results.
But if someone takes control of the machine they can fool you into providing
them with a password.
--
> accesses the HD can do it as well. btw, what does SOL mean?
So Out of Luck?
--
Dariush Pietrzak,
She swore and she cursed, that she never would deceive me
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
> do you happen to have XFS patched onto that kernel? :) and what was the
> order of the patching?
I used to use wolk patchset, it contains both grsec and xfs.
Unfortunatelly wolk no longer comes with patchset so you must accept it
with all the bugs and non-server-grade code.
--
D
y around and compile
special shell... there is no scp-shell in woody, there is one in sid.
Is it safe enough? Who knows ).
With ftp users need no shell, need no nothing. I create unlimited number
of users and worry not
--
Dariush Pietrzak,
I ain't the sharpest tool in a shed.
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
W site via FTP, DAV or HTTP(GNOME
> version)
> libwww-ssl-dev - The W3C WWW library - development files (SSL support)
> libwww-ssl0 - The W3C-WWW library (SSL support)
> libssl09 - SSL shared libraries (old version)
> libssl095a - SSL shared libraries (old version)
> lynx-ssl - Tex
really, really have to.
Well, I use ftp all day long...
OpenBSD uses ftp all year long...
Why do you think there's anything wrong with ftp?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
your system for every person
who wants to transfer files, specification is clean and simple.
There ARE scenarios where scp/sftp would fit better - for example you want
authentication based on private/public key. Support for that is very stable
with ssh, with ftp you would be pressed hard to find server tha
On Tue, Sep 23, 2003 at 04:13:02PM -0500, Jeff Bender wrote:
> Thanks. Do you happen to have a link where this might be posted?
Well.. Advisory talks about version higher then the one in woody.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
I found ftp protocol trivial to implement for programmer. Show me transfer
method that easier to implement.
greetings,
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
t. Data from apt-get.org suggests that
www.debian.org/~aurel32/BACKPORTS would be the best source, is that
correct?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
stem
administrators who would like to provide access to remote users to
both read and write local files without providing any remote
execution priviledges. Functionally, it is best described as a
wrapper to the mostly trusted suite of ssh applications.
installed-size: 80
--
Dariush Pietrz
On Tue, Oct 14, 2003 at 11:31:10AM -0700, Yogesh Sharma wrote:
> Can't SSH run in chroot ?
not easily with priviliege separation turned on?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
commend proftpd with tls, but it does not fullfill your
certificate-only login ( at least the version from woody does not, there
are quite many options there that you could check.. but you'd probably end
up having to recompile it ), you could use some web-based system, that
would be trivial to
#x27;t work, you'll need to use sudo or suid bit,
and that's a bit messy.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
> 'su -s /bin/bash -c "cmd" user '
>
> sounds like a very bs argument
Do you understand the term 'breakage' ?
How about the idea that changing something in the system may force to you
to rewrite parts of code?
--
Dariush Pietrzak,
Key fingerprint = 4
On Wed, Oct 22, 2003 at 07:41:33PM +1000, Russell Coker wrote:
> On Wed, 22 Oct 2003 19:27, Dariush Pietrzak wrote:
> > > 'su -s /bin/bash -c "cmd" user '
> > >
> > > sounds like a very bs argument
> >
> > Do you understand the ter
27;t get it, what do you accomplish by hiding real IP address of
something? Incoming-blocking firewalling is just a byproduct of NAT,
wouldn't you prefer the real thing?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
now the answers. So I think this is a perfect time for
post-mortem.
> To speculate is to do a disservice. Trust the debian security team;
> they do their job well and you should know that security is never guranteed.
Well, latest events seem to suggest that debian still lacks paranoia.
it can't replace
debian.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
> file with a command line tool?
You could use PAM for that - create pam setting with alternative location
for files, and point your passwd to that pam ( /etc/pam.d/passwd ).
But in general, I'd like to hear the answer to that question.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB
> operations (that includes even checking the password at login) either
> complete with a great delay, or time out with connection reset by peer.
It looks like someone is shaping traffic ( sftp packets run with 'Bulk
Transfer' bit enabled, ssh go with 'Low Latency Requir
tive sessions ).
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
> 2.2 series of kernels, sincee they're apparently vulnerable too?
You can find the patch on bugtraq/isec/etc, attached is a peek at it
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--- linux/mm/mremap.c.security Sun Mar 25 20:31:03 2001
+++
integrit it's very convienient - and convenience comes with a
price - in default mode of operation it updates your md5sums, so you can
run it and get incremental notifies about what changes in your system.
That might not be want you want.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 99
> samhain (in unstable, should be easy to backport) which has some
> interesting features.
And those interesting features should make you cautious before you deploy
samhain in production environment. I find it rather intrusive.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 732
y ignore
additional load, but one should always be carefull with 'extra features'.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
an based network and want to upgrade to
2.4.25 you're out of luck with free s/wan - they migrated to 2.x with never
kernel, and it means you need to upgrade your userland tools, and probably
tune configuration a bit. Openswan works nicely with upgrades ).
--
Dariush Pietrzak,
Key fingerprint
> FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as
> such it does not work with 2.6.
That is untrue.
1.x branch works with 2.4.x kernels, 2.x branch works with 2.6.x
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
> What is Racoon like in terms of configuration ease? I've used FreeSWAN and
> wilst it's not the easiest to set up, once you've got your head around it,
> it does make sense.
Racoon makes sense from the start;)
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7
> It's a pity.
It's not a pity.
I, for one, welcome our new openswan overlords.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
with
having competent maintainer on top. I wouldn't recommend 2.4.x wolk since
it's not very well tested and is non-free in spirit. Go with 2.6.x though.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
depressing )...?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
, gentoo or
redhat(especially for databases), or you decide to roll you own.
Middle-ground does not exist, the best you can do is go some route that
makes rolling you own easier ( like picking patches from some greater
patchset, or carefully chosing features you need(to avoid conflicting
featuer) )
Uh, i lost that mail, but: Re: vrrpd.
there is another nice thing going for vrrpd -> it works not only on linux,
I had a cluster set up between freebsd and linux.
--
Dariush Pietrzak,
"Who are we helping? - the girl. - Typical."
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 B
u can't, can you.. )
The task here is fairly simple, why do I need to set up so many different
tools?
If anyone decides to start writing monitoring tool, I'd be happy to join
the team.
--
Dariush Pietrzak,
"Who are we helping? - the girl. - Typical."
Key fingerprint = 40D0 9FFB 9939
project ( vide early days of big-brother/big-sister ) )
regards,
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
his data?
Actually I believe rrd is a wonderfull tool and a work of art, it's just
it's not applicable to ANY situation and people seem to do that.
Goes like this:
what is some tool and plot graphs...
Why it's mrtg/rrdtool.
It's great. But there is no alternative. And th
thread?
only usefull thing I see is addedd check for 'is_dumpable' in
ptrace_check_attach, and is_dumpable macro that checks tsk and also tsk->mm
for 'is_dumpable'.
Is this ok?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
T
k magazine articles )
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
l is to
force cracker to search memory to find entry points.
That's like hiding key to your door under your doormat.
> Security-by-obscurity refers to securing things by relying on the
> obscurity of the _processes and functionality_ behind the security system,
that fits this descripti
hear about it.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
that would provide password. It would go something like this
- machines boots, ask your server about password, decrypts the data.
This way unplugging machine brings no immediate results.
But if someone takes control of the machine they can fool you into providing
them with a password.
--
Dar
> accesses the HD can do it as well. btw, what does SOL mean?
So Out of Luck?
--
Dariush Pietrzak,
She swore and she cursed, that she never would deceive me
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
> do you happen to have XFS patched onto that kernel? :) and what was the
> order of the patching?
I used to use wolk patchset, it contains both grsec and xfs.
Unfortunatelly wolk no longer comes with patchset so you must accept it
with all the bugs and non-server-grade code.
--
D
y around and compile
special shell... there is no scp-shell in woody, there is one in sid.
Is it safe enough? Who knows ).
With ftp users need no shell, need no nothing. I create unlimited number
of users and worry not
--
Dariush Pietrzak,
I ain't the sharpest tool in a shed.
Key finger
ite via FTP, DAV or HTTP(GNOME version)
> libwww-ssl-dev - The W3C WWW library - development files (SSL support)
> libwww-ssl0 - The W3C-WWW library (SSL support)
> libssl09 - SSL shared libraries (old version)
> libssl095a - SSL shared libraries (old version)
> lynx-ssl - Text-m
really, really have to.
Well, I use ftp all day long...
OpenBSD uses ftp all year long...
Why do you think there's anything wrong with ftp?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
your system for every person
who wants to transfer files, specification is clean and simple.
There ARE scenarios where scp/sftp would fit better - for example you want
authentication based on private/public key. Support for that is very stable
with ssh, with ftp you would be pressed hard to find server tha
On Tue, Sep 23, 2003 at 04:13:02PM -0500, Jeff Bender wrote:
> Thanks. Do you happen to have a link where this might be posted?
Well.. Advisory talks about version higher then the one in woody.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
I found ftp protocol trivial to implement for programmer. Show me transfer
method that easier to implement.
greetings,
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
t. Data from apt-get.org suggests that
www.debian.org/~aurel32/BACKPORTS would be the best source, is that
correct?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe"
stem
administrators who would like to provide access to remote users to
both read and write local files without providing any remote
execution priviledges. Functionally, it is best described as a
wrapper to the mostly trusted suite of ssh applications.
installed-size: 80
--
Dariush Pietrz
On Tue, Oct 14, 2003 at 11:31:10AM -0700, Yogesh Sharma wrote:
> Can't SSH run in chroot ?
not easily with priviliege separation turned on?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
commend proftpd with tls, but it does not fullfill your
certificate-only login ( at least the version from woody does not, there
are quite many options there that you could check.. but you'd probably end
up having to recompile it ), you could use some web-based system, that
would be trivial to
#x27;t work, you'll need to use sudo or suid bit,
and that's a bit messy.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 'su -s /bin/bash -c "cmd" user '
>
> sounds like a very bs argument
Do you understand the term 'breakage' ?
How about the idea that changing something in the system may force to you
to rewrite parts of code?
--
Dariush Pietrzak,
Key fingerprint = 4
On Wed, Oct 22, 2003 at 07:41:33PM +1000, Russell Coker wrote:
> On Wed, 22 Oct 2003 19:27, Dariush Pietrzak wrote:
> > > 'su -s /bin/bash -c "cmd" user '
> > >
> > > sounds like a very bs argument
> >
> > Do you understand the ter
27;t get it, what do you accomplish by hiding real IP address of
something? Incoming-blocking firewalling is just a byproduct of NAT,
wouldn't you prefer the real thing?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email t
now the answers. So I think this is a perfect time for
post-mortem.
> To speculate is to do a disservice. Trust the debian security team;
> they do their job well and you should know that security is never guranteed.
Well, latest events seem to suggest that debian still lacks paranoia.
it can't replace
debian.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> file with a command line tool?
You could use PAM for that - create pam setting with alternative location
for files, and point your passwd to that pam ( /etc/pam.d/passwd ).
But in general, I'd like to hear the answer to that question.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB
> operations (that includes even checking the password at login) either
> complete with a great delay, or time out with connection reset by peer.
It looks like someone is shaping traffic ( sftp packets run with 'Bulk
Transfer' bit enabled, ssh go with 'Low Latency Requir
tive sessions ).
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 2.2 series of kernels, sincee they're apparently vulnerable too?
You can find the patch on bugtraq/isec/etc, attached is a peek at it
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--- linux/mm/mremap.c.security Sun Mar 25 20:31:03 2001
+++
integrit it's very convienient - and convenience comes with a
price - in default mode of operation it updates your md5sums, so you can
run it and get incremental notifies about what changes in your system.
That might not be want you want.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 99
> samhain (in unstable, should be easy to backport) which has some
> interesting features.
And those interesting features should make you cautious before you deploy
samhain in production environment. I find it rather intrusive.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 732
y ignore
additional load, but one should always be carefull with 'extra features'.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
an based network and want to upgrade to
2.4.25 you're out of luck with free s/wan - they migrated to 2.x with never
kernel, and it means you need to upgrade your userland tools, and probably
tune configuration a bit. Openswan works nicely with upgrades ).
--
Dariush Pietrzak,
Key fingerprint
> FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as
> such it does not work with 2.6.
That is untrue.
1.x branch works with 2.4.x kernels, 2.x branch works with 2.6.x
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75
> What is Racoon like in terms of configuration ease? I've used FreeSWAN and
> wilst it's not the easiest to set up, once you've got your head around it,
> it does make sense.
Racoon makes sense from the start;)
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7
> It's a pity.
It's not a pity.
I, for one, welcome our new openswan overlords.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
with
having competent maintainer on top. I wouldn't recommend 2.4.x wolk since
it's not very well tested and is non-free in spirit. Go with 2.6.x though.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EM
depressing )...?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
, gentoo or
redhat(especially for databases), or you decide to roll you own.
Middle-ground does not exist, the best you can do is go some route that
makes rolling you own easier ( like picking patches from some greater
patchset, or carefully chosing features you need(to avoid conflicting
featuer) )
> Due to the fact that this IIS server is exposed to the internet, we
> obviously need to secure it as best we can.
apt-cache show pound
This is a tool built specifically for such purpose.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
re might be some race
condition there, because I've seen similiar errors during peek load.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
r samba fileserver is not as easy as with ftp servers (this
is party because of protocol nature, but not that much ).
btw, I'd be very interested if someone knew solution to this that does not
require modifying samba source and then maintaining your own packages...
--
Dariush Pietrzak,
Key f
> /dev/kmem unusable. That, he says, will break lilo (I can't use GRUB as
> it doesn't support booting off RAID devices properly)
Strange... I've been booting off raid with grub and it seems to work.
What do you mean by 'properly' ?
--
Dariush Pietrzak,
Key fi
would suggest updating one's knowledge at least every ~5 years or so...
(it's easy for me to say, because i'm still learning, maybe people with
decades of IT experience find it more difficult to follow development of
standards)
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 73
disagree with you on that point. But I think we've already
driffted offtopic...
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
I and
this way check server's certificate.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ding goes - AFAIK if you're setup is like you
describe, then your ssh does not request X-forwarding, thus, there's no way
for remote server to force this upon you.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--
To UNSUBSCRIBE, email to [EMAI
> Nope. It is true. Copy the appropriate /tmp/ssh* directory, chown
> it, set SSH_AUTH_SOCKET appropriately, and ssh away.
hmm, but in /tmp/ssh* there's just a socket... so when agent is gone, what
good is that file?
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294
1 - 100 of 103 matches
Mail list logo
