Re: Reply-to-all or reply-to-list again (was: https_port)

[Gene Heskett]

On Friday 09 June 2017 10:47:29 Nicolas George wrote:

> Le primidi 21 prairial, an CCXXV, Charlie Kravetz a écrit :
> > When replying to the mailing list, hit reply. Do not use "Reply to
> > All", since that sends individual emails to the person you are
> > answering.
>
> This recommendation is unsustainable and should be eliminated from the
> guidelines. It only exists because the mailing-list server is not
> configured correctly.
>
> The reply-to-list feature is flawed because it requires the user to
> give special attention each time "am I replying to a personal mail or
> to a mailing-list"? The correct behaviour should be the default,
> always, because that is the only way to minimize mistakes. This is
> what happens with mailing-list servers properly configured.
>
> When replying to a mail, any mail, use reply-to-all, unless you
> actively know you want to reply to an unusual subset of recipients.
> (But heed the reply-to headers, of course.)
>
> If somebody complain, tell them to set up their mail headers, just as
> I did mine.
>
> Regards,

Or use an email agent that does properly support a "reply to mailing 
list" function.  Such as this old kmail still included as part of the 
tde (trinity) desktop.

I do not use the reply-all format unless I am aware the OP is not 
subscribed. Those mailing lists I am subscribed to that do not require 
the poster to be subscribed are also flooded with spam.  And debian-user 
is one such list, and because of that, and my ISP's reject policy, I get 
threats from bendel of being unsubscribed because of bounces. It will 
never happen because when I get the bounce msg from bendel, its obvious 
why mail.shentel.net rejected it.  IMO debian needs to fix that, but its 
been made very clear that they will not go to a subscription required to 
post model.  Ever.  Sigh  It is what it is.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Reply-to-all or reply-to-list again (was: https_port)

[Fungi4All]

UTC Time: June 9, 2017 2:47 PM
From: geo...@nsup.org
To: Charlie Kravetz 
debian-user@lists.debian.org

Le primidi 21 prairial, an CCXXV, Charlie Kravetz a écrit :
> When replying to the mailing list, hit reply. Do not use "Reply to
> All", since that sends individual emails to the person you are
> answering.

This recommendation is unsustainable and should be eliminated from the
guidelines. It only exists because the mailing-list server is not
configured correctly.

The reply-to-list feature is flawed because it requires the user to give
special attention each time "am I replying to a personal mail or to a
mailing-list"? The correct behaviour should be the default, always,
because that is the only way to minimize mistakes. This is what happens
with mailing-list servers properly configured.

right before I replied to xorriso Thomas and the reply went personal. I hit 
reply
to this message and it is going to the list. So I agree with you, it is always
easier to delete the unwanted than to edit an addition and/or both.

When replying to a mail, any mail, use reply-to-all, unless you actively
know you want to reply to an unusual subset of recipients. (But heed the
reply-to headers, of course.)

I think it seems affected by the post of each member and transmits some
but not all headers for threading. I can't explain it otherwise.
Even if the list was misconfigured it should have been consistent for all
messages and all recipients. Here we have supernatural evidence of ghost
in the machine.
Whatever happened to bounce instead of forward? Is it illegal now? Is this
list utilizing this action, bouncing instead of trimming and forwarding?

If somebody complain, tell them to set up their mail headers, just as I
did mine.

and some laxatives for side dish.

Regards,
Nicolas George

Reply-to-all or reply-to-list again (was: https_port)

[Nicolas George]

Le primidi 21 prairial, an CCXXV, Charlie Kravetz a écrit :
> When replying to the mailing list, hit reply. Do not use "Reply to
> All", since that sends individual emails to the person you are
> answering.

This recommendation is unsustainable and should be eliminated from the
guidelines. It only exists because the mailing-list server is not
configured correctly.

The reply-to-list feature is flawed because it requires the user to give
special attention each time "am I replying to a personal mail or to a
mailing-list"? The correct behaviour should be the default, always,
because that is the only way to minimize mistakes. This is what happens
with mailing-list servers properly configured.

When replying to a mail, any mail, use reply-to-all, unless you actively
know you want to reply to an unusual subset of recipients. (But heed the
reply-to headers, of course.)

If somebody complain, tell them to set up their mail headers, just as I
did mine.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: https_port

[Charlie Kravetz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 08 Jun 2017 11:51:35 -0700
"Adiel Plasencia Herrera"  wrote:

>I  just do not understand how to 
>respond in the list, maybe I did wrong  and that's why they are confused, I 
>beg my apologies if it is so.
>
>I'm not talking about NTP, in fact I do not know what it is.
>
>Yesterday  I sent my question hbaia with the subject https_port but 
>when I  answered I did not know how it was to respond again and what I did 
>was  create an email and send it to the list with the subject Re: 
>https_port.
>
>This was the one that wanted to respond
>
>Http://lists.squid-cache.org/pipermail/squid-users/2017-June/015565.html 
>[http://lists.squid-cache.org/pipermail/squid-users/2017-June/015565.html]
>
>
>-Original Message-
>
>From: Darac Marjal 
>
>To: debian-user@lists.debian.org
>
>Date: Thu, 8 Jun 2017 16:43:57 +0100
>
>Subject: Re: https_port
>
>
>
>
>On Thu, Jun 08, 2017 at 11:34:20AM -0400, Greg Wooledge wrote:
>
>>On Thu, Jun 08, 2017 at 04:25:11PM +0100, Darac Marjal wrote:  
>
>>> On Thu, Jun 08, 2017 at 11:18:16AM -0700, Adiel Plasencia Herrera wrote:  
>
>>> >  Hello,  
>
>>> >  I do not look for security, is that having no real internet ip in my  
>
>>> >  company I need certain programs to go to the internet and for that I  
>
>>> >  use proxycap (http://www.proxycap.com/ [http://www.proxycap.com/])   
>that makes me this function
>
>>> >  perfectly through the proxy . What happens is that with HTTP does not  
>
>>> >  work and I need to pass my squid to use HTTPS authentication for the  
>
>>> >  program (proxycap) to work well.  
>
>>>  
>
>>> I don't think squid works with NTP at all, but it's been a few years  
>
>>> since I played with Squid, so maybe someone else will be able to give  
>
>>> better advice.  
>
>>  
>
>>I don't think he's *asking* about NTP at all.  
>
>>  
>
>
>
>Ah. You mean he's a politician (replying to a topic by introducing one's
>
>own, unrelated, topic)?
>
>
>
>
>

When replying to the mailing list, hit reply. Do not use "Reply to
All", since that sends individual emails to the person you are
answering. Most people are members of the mailing list, and do not want
individual emails. If there is a "Reply to mailing list", it is okay to
use that. The subject should fill itself in.

When asking a question on the mailing list, hit "New Message" or
"Compose". Use a statement in the Subject to describe what you are
asking, and tell us in the message body what you need. The more
information you give, the better the answers you will get.

- -- 
Charlie Kravetz
Linux Registered User Number 425914
[http://linuxcounter.net/user/425914.html]
Never let anyone steal your DREAM.   [http://keepingdreams.com]
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEG5QK93YKrQMH22ZTiq6LjqbJ0IAFAlk6rGoACgkQiq6LjqbJ
0IB6+Qf/T5wybVTiO8ufwMJcuh6lRBahGFpA3RhUzUjkZC2EAqtqlgGC6JUcSbug
SCab9tZ2PU8AuFvXn43tUOXxcS3pFQY7Nw8hqekBam0n1xwe0dBe7pJATvhAu9WG
IEBlf5DaFit0lffbsyWcR9EozmU9QMr3NT/HpUoifNIlroiXE/twNiu+GQiY4fVJ
LSpfharxwYvGjBbvZ1y6DjOrZ0JfzWE2B0BJNcirwLHqVhKOiQtN2duhyBZD6Aox
Kkeg4AfR1zUmhat2llhr1vJN/jbA4BVKBuU2Lgh8351ec1ISy81A9hizZz4+irdI
geGVopHkYSXXSMG464UGuc6PTeATKg==
=VTXc
-END PGP SIGNATURE-

Re: https_port

[Jim Ohlstein]

Hello,

On Thu, 2017-06-08 at 11:51 -0700, Adiel Plasencia Herrera wrote:
> I just do not understand how to respond in the list, maybe I did
> wrong and that's why they are confused, I beg my apologies if it is
> so.
> I'm not talking about NTP, in fact I do not know what it is.
> Yesterday I sent my question hbaia with the subject https_port but
> when I answered I did not know how it was to respond again and what I
> did was create an email and send it to the list with the subject Re:
> https_port.
> This was the one that wanted to respond
> Http://lists.squid-cache.org/pipermail/squid-users/2017-
> June/015565.html

While you're figuring out how to use a mailing list, please also set
the clock on your computer correctly.


> 
>  
> -Original Message-
> From: Darac Marjal 
> To: debian-user@lists.debian.org
> Date: Thu, 8 Jun 2017 16:43:57 +0100
> Subject: Re: https_port
> 
> On Thu, Jun 08, 2017 at 11:34:20AM -0400, Greg Wooledge wrote:
> >On Thu, Jun 08, 2017 at 04:25:11PM +0100, Darac Marjal wrote:
> >> On Thu, Jun 08, 2017 at 11:18:16AM -0700, Adiel Plasencia Herrera
> wrote:
> >> >  Hello,
> >> >  I do not look for security, is that having no real internet ip
> in my
> >> >  company I need certain programs to go to the internet and for
> that I
> >> >  use proxycap (http://www.proxycap.com/) that makes me this
> function
> >> >  perfectly through the proxy . What happens is that with HTTP
> does not
> >> >  work and I need to pass my squid to use HTTPS authentication
> for the
> >> >  program (proxycap) to work well.
> >>
> >> I don't think squid works with NTP at all, but it's been a few
> years
> >> since I played with Squid, so maybe someone else will be able
> to  give
> >> better advice.
> >
> >I don't think he's *asking* about NTP at all.
> >
> 
> Ah. You mean he's a politician (replying to a topic by introducing
> one's
> own, unrelated, topic)?
> 
> 
> -- 
> For more information, please reread.
-- 
Jim Ohlstein
Professional Mailman Hosting
https://mailman-hosting.com/


signature.asc
Description: This is a digitally signed message part

Re: https_port

[Adiel Plasencia Herrera]

I  just do not understand how to 
respond in the list, maybe I did wrong  and that's why they are confused, I 
beg my apologies if it is so.

I'm not talking about NTP, in fact I do not know what it is.

Yesterday  I sent my question hbaia with the subject https_port but 
when I  answered I did not know how it was to respond again and what I did 
was  create an email and send it to the list with the subject Re: 
https_port.

This was the one that wanted to respond

Http://lists.squid-cache.org/pipermail/squid-users/2017-June/015565.html 
[http://lists.squid-cache.org/pipermail/squid-users/2017-June/015565.html]


-Original Message-

From: Darac Marjal 

To: debian-user@lists.debian.org

Date: Thu, 8 Jun 2017 16:43:57 +0100

Subject: Re: https_port




On Thu, Jun 08, 2017 at 11:34:20AM -0400, Greg Wooledge wrote:

>On Thu, Jun 08, 2017 at 04:25:11PM +0100, Darac Marjal wrote:

>> On Thu, Jun 08, 2017 at 11:18:16AM -0700, Adiel Plasencia Herrera wrote:

>> >  Hello,

>> >  I do not look for security, is that having no real internet ip in my

>> >  company I need certain programs to go to the internet and for that I

>> >  use proxycap (http://www.proxycap.com/ [http://www.proxycap.com/]) 
that makes me this function

>> >  perfectly through the proxy . What happens is that with HTTP does not

>> >  work and I need to pass my squid to use HTTPS authentication for the

>> >  program (proxycap) to work well.

>>

>> I don't think squid works with NTP at all, but it's been a few years

>> since I played with Squid, so maybe someone else will be able to give

>> better advice.

>

>I don't think he's *asking* about NTP at all.

>



Ah. You mean he's a politician (replying to a topic by introducing one's

own, unrelated, topic)?





-- 

For more information, please reread.

Re: https_port

[Darac Marjal]

On Thu, Jun 08, 2017 at 11:34:20AM -0400, Greg Wooledge wrote:

On Thu, Jun 08, 2017 at 04:25:11PM +0100, Darac Marjal wrote:

On Thu, Jun 08, 2017 at 11:18:16AM -0700, Adiel Plasencia Herrera wrote:
>  Hello,
>  I do not look for security, is that having no real internet ip in my
>  company I need certain programs to go to the internet and for that I
>  use proxycap (http://www.proxycap.com/) that makes me this function
>  perfectly through the proxy . What happens is that with HTTP does not
>  work and I need to pass my squid to use HTTPS authentication for the
>  program (proxycap) to work well.

I don't think squid works with NTP at all, but it's been a few years
since I played with Squid, so maybe someone else will be able to give
better advice.


I don't think he's *asking* about NTP at all.



Ah. You mean he's a politician (replying to a topic by introducing one's
own, unrelated, topic)?


--
For more information, please reread.


signature.asc
Description: PGP signature

Re: https_port

[Greg Wooledge]

On Thu, Jun 08, 2017 at 04:25:11PM +0100, Darac Marjal wrote:
> On Thu, Jun 08, 2017 at 11:18:16AM -0700, Adiel Plasencia Herrera wrote:
> >  Hello,
> >  I do not look for security, is that having no real internet ip in my
> >  company I need certain programs to go to the internet and for that I
> >  use proxycap (http://www.proxycap.com/) that makes me this function
> >  perfectly through the proxy . What happens is that with HTTP does not
> >  work and I need to pass my squid to use HTTPS authentication for the
> >  program (proxycap) to work well.
> 
> I don't think squid works with NTP at all, but it's been a few years
> since I played with Squid, so maybe someone else will be able to give
> better advice.

I don't think he's *asking* about NTP at all.

Re: https_port

[Darac Marjal]

On Thu, Jun 08, 2017 at 11:18:16AM -0700, Adiel Plasencia Herrera wrote:

  Hello,
  I do not look for security, is that having no real internet ip in my
  company I need certain programs to go to the internet and for that I
  use proxycap (http://www.proxycap.com/) that makes me this function
  perfectly through the proxy . What happens is that with HTTP does not
  work and I need to pass my squid to use HTTPS authentication for the
  program (proxycap) to work well.


I don't think squid works with NTP at all, but it's been a few years
since I played with Squid, so maybe someone else will be able to give
better advice.



  A friend told me that for https_port to work I needed validated
  certificates, not self-generated ones. I do not know to what extent
  this has to be so because the configuration I need is customized for
  me only and would be internal to my company that does not have
  visibility to the internet because this squid is a child of another
  that is the one that has the real internet ip .

  I need the help to correctly create those certificates and the
  options to put in the line https_port.

  I am very novice in squid and linux.

  Thank you

-Original Message-
From: Henrique de Moraes Holschuh 
To: debian-user@lists.debian.org
Date: Thu, 8 Jun 2017 11:55:38 -0300
Subject: Re: https_port

On Thu, 08 Jun 2017, Darac Marjal wrote:
> On Thu, Jun 08, 2017 at 08:41:14AM -0700, Adiel Plasencia Herrera
wrote:
> >How to generate the certificate and the key to make a very
> >basic  configuration of the https connection.
>
> NTP doesn't use HTTPS. It uses its own port, it's own protocol
and
> implements standard cryptography in a manner more suited to the
> protocol.
>
> See [1]https://www.eecis.udel.edu/~mills/ntp/html/autokey.html
for more
> details.

Don't bother with autokey, it is not worth the pain.  If you can
use ntp
symmetric key authentication, that one should take care of your
servers
well enough.

There is no security for anything that is based on SNTP, though
(that
"S" is for Simple, not Secure), you'd have to do it in a lower
layer
(local firewall, IPSEC AH, whatever).

--
  Henrique Holschuh

References

  Visible links
  1. https://www.eecis.udel.edu/~mills/ntp/html/autokey.html


--
For more information, please reread.


signature.asc
Description: PGP signature

Re: https_port

[Adiel Plasencia Herrera]

Hello,
I 
do not look for security, is that having no real internet ip in my 
company I need certain programs to go to the internet and for that I use
 proxycap (http://www.proxycap.com/) that makes me this function 
perfectly through the proxy . What happens is 
that with HTTP does not work and I need to pass my squid to use HTTPS 
authentication for the program (proxycap) to work well.

A friend told me that for https_port to work I needed validated 
certificates, not self-generated ones. I
 do not know to what extent this has to be so because the configuration I
 need is customized for me only and would be internal to my company that
 does not have visibility to the internet because this squid is a child 
of another that is the one that has the real internet ip .

I need the help to correctly create those certificates and the options to 
put in the line https_port.

I am very novice in squid and linux.

Thank you


-Original Message-

From: Henrique de Moraes Holschuh 

To: debian-user@lists.debian.org

Date: Thu, 8 Jun 2017 11:55:38 -0300

Subject: Re: https_port




On Thu, 08 Jun 2017, Darac Marjal wrote:

> On Thu, Jun 08, 2017 at 08:41:14AM -0700, Adiel Plasencia Herrera wrote:

> >How to generate the certificate and the key to make a very

> >basic  configuration of the https connection.

> 

> NTP doesn't use HTTPS. It uses its own port, it's own protocol and

> implements standard cryptography in a manner more suited to the

> protocol.

> 

> See https://www.eecis.udel.edu/~mills/ntp/html/autokey.html 
[https://www.eecis.udel.edu/~mills/ntp/html/autokey.html] for more

> details.



Don't bother with autokey, it is not worth the pain.  If you can use ntp

symmetric key authentication, that one should take care of your servers

well enough.



There is no security for anything that is based on SNTP, though (that

"S" is for Simple, not Secure), you'd have to do it in a lower layer

(local firewall, IPSEC AH, whatever).



-- 

  Henrique Holschuh

Re: https_port

[Henrique de Moraes Holschuh]

On Thu, 08 Jun 2017, Darac Marjal wrote:
> On Thu, Jun 08, 2017 at 08:41:14AM -0700, Adiel Plasencia Herrera wrote:
> >How to generate the certificate and the key to make a very
> >basic  configuration of the https connection.
> 
> NTP doesn't use HTTPS. It uses its own port, it's own protocol and
> implements standard cryptography in a manner more suited to the
> protocol.
> 
> See https://www.eecis.udel.edu/~mills/ntp/html/autokey.html for more
> details.

Don't bother with autokey, it is not worth the pain.  If you can use ntp
symmetric key authentication, that one should take care of your servers
well enough.

There is no security for anything that is based on SNTP, though (that
"S" is for Simple, not Secure), you'd have to do it in a lower layer
(local firewall, IPSEC AH, whatever).

-- 
  Henrique Holschuh

Re: https_port

[Darac Marjal]

On Thu, Jun 08, 2017 at 08:41:14AM -0700, Adiel Plasencia Herrera wrote:

How to generate the certificate and the key to make a very
basic  configuration of the https connection.


NTP doesn't use HTTPS. It uses its own port, it's own protocol and
implements standard cryptography in a manner more suited to the
protocol.

See https://www.eecis.udel.edu/~mills/ntp/html/autokey.html for more
details.



As
basic as possible.
regards






On 08/06/17 03:28, Adiel Plasencia Herrera wrote:
> > Hello, > > They would help me with a
configuration of my squid that I want to  > implement. >
> My proxy passes all traffic to a parent proxy and I want clients
to  > connect to my proxy via https. > > Can
you help me how to implement the connection to my proxy via https?
> > To better explain what I want attached 2 pictures. The
image with  > 1.jpg name shows my proxy configuration with type
HTTp that connects  > well to internet. > >
What I want is for the connection to my proxy to be by the form of the
> 2.jpg image that uses the HTTPS type. > > Or if
it is possible then leave the 2 forms.
What operating system are you using, and what applications are you
wanting to use this proxy connection?

The normal configuration is simply to add an https_port line with cert=
parameter to your squid.conf. More details on that below.


> > > This is my current configuration: >
 acl trabajadores src 10.5.7.3 10.5.7.5 > 
> > http_access allow trabajadores > http_access
deny !Safe_ports > http_access deny CONNECT !SSL_ports
You custom http_access rules ("allow trabajadores") should be down
here
after the basic security checks.

> http_access deny all > > > http_port
3128

Date: Thu, 8 Jun 2017 01:04:31 +1200
From: Amos Jeffries 
To: squid-us...@lists.squid-cache.org
Subject: Re: [squid-users] https_port
Message-ID: <764ecd5f-6f6c-0eb5-90b4-5591ab5e1...@treenet.co.nz
>
Content-Type: text/plain; charset=utf-8; format=flowed
The above port is for receiving plain-text connections to the proxy.
Most software supports this, with a few exceptions (usually Java apps).


To accept TLS connections to the proxy (not HTTPS *over* the proxy),
what you do is add an https_port line here. That https_port line needs a
cert= parameter containing the proxy server certificate. You may need
other TLS/SSL parameters to fine tune what the TLS does, but just start
with getting that basic setup to work.
  <
[1]http://www.squid-cache.org/Doc/config/https_port/>

For example:
   https_port 3129 cert=/etc/squid/proxy.pem

(the proxy.pem file here contains both the public server cert and
private server key for that cert).

Many GUI applications (most notably browsers) do not support this type
of connection to a proxy (or not well if they do). Which is where the
Q's about your OS and applications come in. You may need to setup
environment variables or PAC files to get the applications to work.


Note that this is *very* different situation to intercepting port 443
traffic. Much more different than port 3128 vs. intercepted port 80.
HTTPS traffic goes through these TLS proxy connections with
double-layered encryption, so this setup does *not* magically make the
proxy able to see inside HTTPS if that is what you are really after.

Amos

References

  Visible links
  1. http://www.squid-cache.org/Doc/config/https_port/


--
For more information, please reread.


signature.asc
Description: PGP signature

Re: https_port

[Adiel Plasencia Herrera]

How to generate the certificate and the key to make a very basic 
configuration of the https connection.

As basic as possible.
regards






On 08/06/17 03:28, Adiel Plasencia Herrera wrote:
>>Hello,>>They would help me with a configuration of my squid that I want 
to>implement.>>My proxy passes all traffic to a parent proxy and I want 
clients to>connect to my proxy via https.>>Can you help me how to implement 
the connection to my proxy via https?>>To better explain what I want 
attached 2 pictures. The image with>1.jpg name shows my proxy configuration 
with type HTTp that connects>well to internet.>>What I want is for the 
connection to my proxy to be by the form of the>2.jpg image that uses the 
HTTPS type.>>Or if it is possible then leave the 2 forms.
What operating system are you using, and what applications are you 
wanting to use this proxy connection?

The normal configuration is simply to add an https_port line with cert= 
parameter to your squid.conf. More details on that below.


>>>This is my current configuration:>acl trabajadores src 10.5.7.3 
10.5.7.5>
>>http_access allow trabajadores>http_access deny !Safe_ports>http_access 
deny CONNECT !SSL_ports
You custom http_access rules ("allow trabajadores") should be down here 
after the basic security checks.

>http_access deny all>>>http_port 3128

Date: Thu, 8 Jun 2017 01:04:31 +1200
From: Amos Jeffries 
To: squid-us...@lists.squid-cache.org
Subject: Re: [squid-users] https_port
Message-ID: <764ecd5f-6f6c-0eb5-90b4-5591ab5e1...@treenet.co.nz>
Content-Type: text/plain; charset=utf-8; format=flowed

The above port is for receiving plain-text connections to the proxy. 
Most software supports this, with a few exceptions (usually Java apps).


To accept TLS connections to the proxy (not HTTPS *over* the proxy), 
what you do is add an https_port line here. That https_port line needs a 
cert= parameter containing the proxy server certificate. You may need 
other TLS/SSL parameters to fine tune what the TLS does, but just start 
with getting that basic setup to work.
  <http://www.squid-cache.org/Doc/config/https_port/ 
[http://www.squid-cache.org/Doc/config/https_port/]>

For example:
   https_port 3129 cert=/etc/squid/proxy.pem

(the proxy.pem file here contains both the public server cert and 
private server key for that cert).

Many GUI applications (most notably browsers) do not support this type 
of connection to a proxy (or not well if they do). Which is where the 
Q's about your OS and applications come in. You may need to setup 
environment variables or PAC files to get the applications to work.


Note that this is *very* different situation to intercepting port 443 
traffic. Much more different than port 3128 vs. intercepted port 80. 
HTTPS traffic goes through these TLS proxy connections with 
double-layered encryption, so this setup does *not* magically make the 
proxy able to see inside HTTPS if that is what you are really after.

Amos