Re: Multi-NIC routing...

[Marc Evans]

You can statically configure more then one default gateway. In you
particular case, you would probably want to have a higher metric on the
default that you only want to be used during problem conditions.

Advanced uses may require that you use the iproute2 facility to implement
policy based routing. There is a pretty good howto available for that, and
is probably the right place to go for this.

- Marc

On Fri, 5 Jul 2002, Ken Ambrose wrote:

> Howdy, all.  I'm moderately knowledgeable in routing, but I'm banging my
> head against the wall in this case: I've got a RH 7.2 box that has two
> NICs in it; one goes to our T-1 subnet, and the other to a cable modem --
> we've got it set up to act as a backup mail gateway if/when the T1 takes a
> hit.  Works like a charm.  HOWEVER, I can't seem to figure out how to get
> both interfaces to be "visible" at the same time from non-local hosts,
> thusly:
>
> /\/\
> |Internet||Internet|
> \/\/
> | |
>  1.2.3.1 (router)  2.3.4.1 (Linksys behind cable modem)
> | |
>  1.2.3.2 (eth0)2.3.4.2 (eth1)
>\ /
> \   /
>  \ /
>   -
>   |  mailhost |
>   -
>
> Now I understand that having more than one default gateway is... weird,
> and, usually, means that you're running a routing protocol such as IGRP or
> somesuch.  But what if you're not?  Is there any way to say something like
> "if traffic originates on eth0, reply to it from eth0; if it comes from
> eth1, then use eth1", and go from there?
>
> Any hints/suggestions/etc., would be much appreciated.
>
> Thanks!
>
> -Ken
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: High-speed connectivity in NH (was http://www.whizwireless.com/)

[Marc Evans]

Starband filled chapter 11 this week
(http://dc.internet.com/news/article.php/1181181).

My experiences with Starband deteriorated to the point that I have
disconnected the service. If anyone wishes to acquire the equipment for
Starband, I can provide a "deal" ;-)

- Marc

On Wed, 5 Jun 2002, Jerry Feldman wrote:

> Another satellite vendor is Starband.  Starband is 2-way. A friend of mine
> in Holland, Ma loves it. He can't get a local dialup, no cable, no DSL.
> Satellite is affected by the weather. My friend PAMs his antenna in the
> winter. Marc Evans also has Starband. Marc initially used it with either
> Linux or BSD, but he mentioned lately that some of there more recent
> patches are Windows. I know several people who have DirecPC and regret it.
>
>
> On 4 Jun 2002 at 17:12, Brian Chabot wrote:
>
> > On Tue, 4 Jun 2002, Ken Ambrose wrote:
> >
> > > NH (Dublin, to be precise)
> >
> > > Alas, I've been unable to find any reasonably-priced high-speed solutions
> > > for Dublin.  VITTS had offered service out there, but nobody is, now, that
> > > I can tell.  So, suggestions?  Satellite?  DSL providers with which I'm
> > > unacquainted?  Cheap fractional T-1?
> >
> > I have a friend in Dublin who used satelite.  DirectPC I think.  It's
> > the only way that far in the "sticks".
>
> --
> Jerry Feldman <[EMAIL PROTECTED]>
> Associate Director
> Boston Linux and Unix user group
> http://www.blu.org PGP key id:C5061EA9
> PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>



*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: SLOC question

[Marc Evans]

XFree86 version 4.2.0:

- 21,153 files under CVS management.
- 7,786,515 lines of code as counted by a simple "wc -l".

- Marc

On Wed, 29 May 2002 [EMAIL PROTECTED] wrote:

>
> Hi all,
>
> I'm curious if anyone knows the approximate number of SLOC in popular
> Free/Open Source projects kept under CVS control?  I'm looking for
> "impressive numbers" to show management :)
>
> In other words, I want to say something like:
>
>   - Apache uses CVS and they have 2.3 billion lines of code.
>   - Samba uses CVS, and they have 4.2 billion lines of code (3.8
> of which are work arounds for MS bug compatability ;)
>
> etc.
>
> Anyone know where I can find information like this?
>
> Thanks,
>
> --
>
> Seeya,
> Paul
>
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>



*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Not that this is any surprise...

[Marc Evans]

On Tue, 7 May 2002 [EMAIL PROTECTED] wrote:

>   - Saved it in Gnumeric XML format
> 
> Here are the results:
> 
>   -rw-r--r--  1 pll  pll 16384 May 7 08:26 sync_wr_performance1.xls.orig
>   -rw-r-  1 pll  pll 15360 May 7 08:26 sync_wr_performance1-nosheets.xls
>   -rw-r--r--  1 pll  pll  2718 May 7 08:21 sync_wr_performance1.gnumeric
> 
> So, using Gnumeric just removing the 2 blank sheets from this file reduced
> the size of the file by over 1k.  Further, saving it as an XML file further 
> reduced it to 2.7k! That's slightly more than 1/6 the original size, 
> that's what, roughly an 84% reduction?!

The default xml format is zipped for gnumeric. I'd be willing to bet that
the majority of th esavings are due to the zipping...

- Marc



*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: I need a date!

[Marc Evans]

The let command believes that you are tryin gto use an octal value
(leading zero). However octal values can't contain the 9. One could say it
could try to be smarter, or that it is being too smart. Try this instead:

date +%j -d 04/01/2002 | sed 's/^0*//'

- Marc

On Thu, 18 Apr 2002, Thomas M. Albright wrote:

> Can anyone tell me why this is happening?
>
> [tom@littlefear tom]$ date +%j -d 04/01/2002
> 091
> [tom@littlefear tom]$ let due=`date +%j -d 04/01/2002` ; echo $due
> bash: let: due=091: value too great for base (error token is "091")
> 100
>
> [tom@littlefear tom]$ date +%j -d 01/31/2002
> 031
> [tom@littlefear tom]$ let due=`date +%j -d 01/31/2002` ; echo $due
> 25
>
> --
> TARogue (Linux user number 234357)
>  You can make it illegal, but you can't make it unpopular.
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Telecom dereg, and "I want my (home-brewed) DSL..."

[Marc Evans]

On 28 Feb 2002, Ken D'Ambrosio wrote:

> > In seperate news, the NHISPA won a long time battle at the NH PUC
> > regarding access to dry copper. Verizon was ordered to provide a retail
> > dry copper product, which to the knowledge of everyone I have spoken with,
> > is the first in the nation. Those of you that want to build dry copper
> > networks will now have access to the raw materials to do so...
>
> *VERY* interesting.  Two questinos:
>
> 1) Who would one contact at Verizon to talk about getting this?

I don't know for certain, but the business (not residential) office will
probably the place to start. Chances are that unless you know the precise
product ID to use, they will not know what you are referring to, since
this is a very recent ruling. I believe that the PUC web site referenced
the series 1000 product.

> 2) Speaking of raw materials, do you know what DSL equipment would be
>appropriate, and where one might look into obtaining same?

I have the best success with SDSL equipment. There are several options
available on the market. In fact, I bet you can find some on ebay, from
people that are dropping their xDSL line. The key is to select the product
that best fits your needs. For example, there are vendors that claim to
work on loops as long as 26000 feet, but others that will go above 2Mbps
on lines shorter then 5000 feet. Also, you *may* want ADSL, though my
experience suggests that this is not usually a wise decision.

Inexpensive (well sortof) devices include FlowPoint (aka Cabletron I
believe now) and Net2Net (a Cabletron spinoff in the seacoast region).

Note, you DON'T need a DSLAM with many of the devices. Simply hook them
back-to-back.

- Marc

> Thanks,
>
> -Ken


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Call to NH-ites re: telecom deregulation.

[Marc Evans]

The NH ISP Association (www.nhispa.org) lobbied Sununu extensively to get
his vote. My understanding is that attempts to lobby Bass fell on deaf ears.

In seperate news, the NHISPA won a long time battle at the NH PUC
regarding access to dry copper. Verizon was ordered to provide a retail
dry copper product, which to the knowledge of everyone I have spoken with,
is the first in the nation. Those of you that want to build dry copper
networks will now have access to the raw materials to do so...

- Marc

On 28 Feb 2002, Ken D'Ambrosio wrote:

> Well... bad news, and some somewhat-less-bad news.  First and foremost,
> the bill did pass, alas.  And Charlie Bass voted for it... but John
> Sununu did not (see below link).  It's nice to know that at least one of
> our representatives is willing to see the light of reason.
>
> http://clerkweb.house.gov/cgi-bin/vote.exe?year=2002&rollnumber=45
>
> -Ken
>
> P.S.  I have to say that the primary agenda item for last night's
> meeting was a roaring success.  Oh, yeah: and the wireless networking
> was fun, too.
>
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Satelite systems

[Marc Evans]

On Mon, 18 Feb 2002, Benjamin Scott wrote:

> On Mon, 18 Feb 2002, Marc Evans wrote:
> >>   How far are you from your CO (or DLC/SLIC box)?  If you are over 18,000
> >> feet or so, DSL is out-of-the-question, regardless.
> >
> > The DLC/SLC issue is a far bigger problem ...
>
>   It can also be an advantage.  I live something like 9 miles (almost 50,000
> feet) from the CO.  However, my lines come out of a SLIC hut less than 6,000
> feet from my house.  When Vitts Networks was still in business, they used
> something they called IDSL.  It was apparently an ISDN line hacked into
> working like DSL.  It was limited to 144 kilobits/sec, but it was much
> cheaper than standard ISDN, and it did not require any special equipment at
> the SLIC station (other than a standard ISDN card).

Correct. The 2 B channels (64k each) and the D channel (16k) are passed
through the SLC just like they would be for ISDN, but on the ends the
equipment doesn't require any ISDN signaling. Some companies will offer
PPP through this, which with compression (both VJ and payload) can result
in a very nice line configuration.

- Marc


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Satelite systems

[Marc Evans]

On Mon, 18 Feb 2002, Benjamin Scott wrote:

> On Mon, 18 Feb 2002, Marc Evans wrote:
> > Starband has their uplink in Georgia. The results of 60 seconds of 80 byte
> > ping packets without BST to the nearest pingable router are:
> >
> > round-trip min/avg/max = 660.2/1054.0/2046.2 ms
>
>   For satellite, I believe the nearest pingable router is in orbit, so that
> does not include the trip back to Earth, or the return journey.  (I could be
> wrong on this.)

In the case of starband, the (minimal) routing that can be done in the sky
is highly filtered. In fact, it is more like layer-2 switching. My
experiment actually is believed to be hitting the third router that the
packet passes through, based on TTL. All others closer are highly
filtered.

>   Can you provide more information on BST?  Or links to same?  Since we do
> have a client stuck with it, I am interested.  All I could discover about
> their proprietary software was that it was very proprietary.  :-/

There is a draft RFC for the protocol. The Win32 version is known to run
to some semi-useful degree under WINE. Looking through the starband news
groups on dejanews can be somewhat useful.

As for your customer, a quick and dirty solution would be to setup their
gateway as a SOCKS proxy that sends everything through a UDP connection to
a proxy-like server that you place at a colo space. Avoid TCP. For bonus
points, use forward error correction, payload compression, and IP header
compression. Essentially, anything to make the data "stream" instead of
"chat", and reduce payload size and retransmits.

- Marc

> --
> Ben Scott <[EMAIL PROTECTED]>
> | The opinions expressed in this message are those of the author and do not |
> | necessarily represent the views or policy of any other person, entity or  |
> | organization.  All information is provided without warranty of any kind.  |
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Satelite systems

[Marc Evans]

On Mon, 18 Feb 2002, Benjamin Scott wrote:

> On Mon, 18 Feb 2002, Marc Evans wrote:
> > This isn't an answer to make things happen "quickly", but a well written
> > complaint to the NH Public Utility Commision ...
>
>   Hah!  Through sad, hard personal experience, I know that the NH PUC
> doesn't give two turds in a box about individual subscribers.

I too have been parts of battles through the NH PUC over several years
now. While I agree that _individuals_ are not often heard, the system does
pay good attension to larger groups. It doesn't happen quickly, and the
end result is usually not what any one of the parties desired. Getting the
Office of Consumer Advocate working with your group can be a big win.
Remember, this is a political arena, and you need to play it as such...

- Marc


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Satelite systems

[Marc Evans]

On Mon, 18 Feb 2002, Benjamin Scott wrote:

>   How far are you from your CO (or DLC/SLIC box)?  If you are over 18,000
> feet or so, DSL is out-of-the-question, regardless.

True for Verizon ADSL. There are however manufacturers of xDSL equipment
that is working to 26000 feet today, that other providers may be willing
and able to utilize. The DLC/SLC issue is a far bigger problem, because
from a cost of deployment prespective for the provider, the more of these
devices that they need to work through, the lower their rate of investment
return, in many cases. That is changing though.

- Marc


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Satelite systems

[Marc Evans]

On Mon, 18 Feb 2002, Bayard Coolidge USG wrote:

>
> Benjamin Scott <[EMAIL PROTECTED]> said:
>
> >>>  Geosynchronous orbit is roughly 22,000 miles straight up.
>
> >>> Your request has to go 22,000 miles into space, turn around
> >>> and go 22,000 miles...
>
> Actually, it's more like 22,400 miles straight up from the _equator_.
> The slant range from our neck of the woods (i.e. 42-43 degrees or so
> north latitude) is going to be significantly greater than that! I'll
> leave the exact calculations to someone else, but the point is that
> it's actually going to be a lot worse than Ben's already gloomy news.
> (OK, granted DirecTV/DirecPC's uplinks might be in south Florida or
> Colorado or wherever, but those latitudes, and ours, still have to
> be factored in... In any case, it's not a pretty picture...)

Starband has their uplink in Georgia. The results of 60 seconds of 80 byte
ping packets without BST to the nearest pingable router are:

round-trip min/avg/max = 660.2/1054.0/2046.2 ms

> I prefer a non-RF approach, generally speaking. One, I'm a ham and the
> noise floor on our microwave bands is going to get worse as time goes
> on, and second, it means that fewer people can listen in on my packets :-)

Hey Bayard, you mean that you don't like the NSA filter being integral on
your ISP feed? ;-)

- Marc

>
> Bayard
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Satelite systems

[Marc Evans]

This isn't an answer to make things happen "quickly", but a well
written complaint to the NH Public Utility Commision by as many people as
possible, that have been explicitely turned down by Verizon as not being
loop qualified, will probably help. There is currently at least two
dockets open in the PUC that this would act as fuel for, and the
commisioners would probably like to hear from you.

Also, supporting ISPs that are members of the NH ISP Association
(www.nhispa.org) may help too, as they are actively fighting through the
PUC and other venues to gain access to be able to better provide broadband
within the state.

- Marc

On Mon, 18 Feb 2002, Paul Lussier wrote:

>
> In a message dated: Mon, 18 Feb 2002 15:53:18 EST
> Benjamin Scott said:
>
> >  We don't normally think of TCP as an interactive application.  Believe me,
> >when you've got latency like that, it is.  Web browsing is agonizing.
> >Forget anything like Telnet, SSH, IRC, VoIP, etc.
> >
> >  Also, the service is very heavily centered around MS-Windows, and they do
> >some goofy things with routing (like hand out default routes which are
> >unreachable without manual routing table updates).
>
> So what I'm hearing is, stay with dial-up :(
>
> Okay, next question then, anyone have any ideas on how to get Verizon
> or AT&T to get off their collective behinds and get either DSL or
> cable-modem access into a town?  I currently can not get either
> service (local CO is *not* equipped for DSL by *anyone* and AT&T is
> not offering cable modem access in my town, which is a former
> cablevision town!).
>
>
> Seeya,
> Paul (who is starving for high-speed internet access)
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Satelite systems

[Marc Evans]

I have posted to this ist before on the topic, so you may want to look
through the archives.

I have use StarBand (aka Dish) for over a year. Throughput has gotten
progressively worse as subscribership has climbed. Latency is always at
least 600ms.

If you aren't running win32 you should think twice. The service providers
are forcing this more and more in their accelerator technology, and as
hard as I have tried to penetrate their developement group to help with
their BST protocol, I have not succeeded. I have however created my own
BST-like replacement.

In general I'd say that it has served my needs sufficiently, but at this
stage, unless I see something change in their scaling model soon, I would
not recommend people consider it. Your modem will have better throughput
unless you are using the BST protocol, and even then, interactive sessions
may not be tollerable.

I would instead recommend a grass-roots effort to get an 802.11[ab] coop
operating in the region. Anyone _seriously_ interrested in making this
happen is invited to contact me, and I will introduce you to others that I
am working with to make this a reality.

- Marc

On Mon, 18 Feb 2002, Paul Lussier wrote:

>
> Hey,
>
> With all the talk about about DSL throughput, I'm wondering if anyone
> out there has any experience with either Dish Network's or DirecTV's
> satellite internet connectivity offerings.
>
> Evidently DirecTV is partnering with the likes of Earthlink, and
> they're offering *seems* cheaper than Dish Network's.
>
> They advertise 400K down/128K up with 1/2 second of latency.
> How does that compare with DSL/Cable modem? (I know it beats my 56K dialup :)
>
> The down side is that it costs a little more than I want it to:
>
>   $399up front satellite dish cost
>   $199installation costs
>   $69.95/monthservice charge
>
> Currently I'm paying $21.95/month for 56K dial-up service + $23.xx
> for a second phone line.  So even after the up front costs of buying
> a dish and installation, I'd still be paying $25/month more than I am
> now :(  Of course, $25/month extra would probably be worth it for the
> "always on" capability.
>
> Does anyone have satellite access out there?  If so, what do you
> think about it?
>
>
> --
>
> Seeya,
> Paul
> 
>
> God Bless America!
>
>If you're not having fun, you're not doing it right!
>
>   ...we don't need to be perfect to be the best around,
>   and we never stop trying to be better.
>  Tom Clancy, The Bear and The Dragon
>
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Throughput of DSL Internet

[Marc Evans]

Well, for the engineering types, there is a tool known as "sting" that can
be used to characterize many interresting aspects of your transit link(s).

http://www.cs.washington.edu/homes/savage/sting/

This is far from point-and-click and not recommended for people that
aren't comfortable working with source code.

- Marc

Jack Hodgson wrote:
> So the (implied) original question: How DO we measure the "speed" of
> our connectivity?


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Who can repair my Monitor?

[Marc Evans]

In general I have found that repairing monitors is often more then the
cost of getting a good replacement monitor. For example, I have found CEC
Enterprises, 25 Depot Street, Marrimack, NH, 603 424 8300, to be a really
good place to locate such replacement equipment, AND they will properly
dispose of your old equipment rather then sending it to a landfill.

- Marc


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

iptables and policy routing

[Marc Evans]

Hi -

Is there anyone that has done policy routing with iproute2 on this list?
If so, I am having problems with the traceroute command, such that packets
originated from from a host that has many interfaces and different
policies for each. Other commands such as ping, apache, and others seem to
work fine.

Specifics. Consider 4 interfaces 192.168.1.{1,2,3,4}/24 represented by
eth0, eth0:{1,2,3} respectively. The rules I have are:

0:  from all lookup local
32761:  from 192.168.1.1 lookup path1
32762:  from 192.168.1.2 lookup path2
32763:  from 192.168.1.3 lookup path3
32764:  from 192.168.1.4 lookup path4
32766:  from all lookup main
32767:  from all lookup default

The table specific routes are defined by:

path1:  default via 192.168.1.251 dev eth0
path2:  default via 192.168.1.252 dev eth0
path3:  default via 192.168.1.253 dev eth0
path4:  default via 192.168.1.254 dev eth0

If I sniff the wire and run "ping -I eth0:3 hostname" the policy route
appears to be used. Likewise, if I point my browser at http://192.168.1.4/
again the policy seems fine. Unfortunately, when I run the command
"traceroute -s 192.168.1.4 hostname" the policy is NOT used. Changing to
"traceroute -I -s 192.168.1.4 hostname" has no effect either.

Does anyone have suggestions about how I might rectify this? Answers like
"change to freebsd and use ipfw" sadly aren't acceptable, though yes, I
have proven that it does in fact work fine.

Thanks in advance - Marc


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: PGP question

[Marc Evans]

Maybe he should contact the FBI:

SECTION III - CYBER INTELLIGENCE

FBI MAGIC LANTERN -- According to media reporting, the FBI recently was
forced to reveal another part of its Cyber-Knight project, an effort by
the Bureau to monitor Internet communications. The new FBI program,
called Magic Lantern, is described as key logger software designed to
steal the pass phrase used to start the popular encryption program PGP,
or Pretty Good Privacy. A key logger program is designed to capture
keystrokes - what a user keys in - and then store the data in a separate
location for later retrieval by a hacker. The FBI plans to use Magic
Lantern to capture PGP information to crack encrypted e-mail and
intercept Internet data. Magic Lantern is reported to have flaws. It is
allegedly sent in a fashion similar to several virus programs, either as
an attachment via e-mail or downloaded from an infected Web site.
However, the Magic Lantern program may also be mistaken for a virus
program, or as a "system upgrade."  The sudden discovery of Magic Lantern
caused a flurry of activity from computer software producers. Anti-virus
software maker McAfee Associates denied a recent report that it was
working with the FBI to ensure its software would not stop the Magic
Lantern program. Magic Lantern is also not perfect. Magic Lantern is not
designed to stop other popular computer encryption programs such as
Softwar Pcypher and Mystx public key encryption systems. These encryption
software utilities do not use pass-phrase technology and are immune to
Magic Lantern-type attacks. E-mail and data scrambling is done with the
mouse using data keys that can be stored on offline diskettes, zip drives
or CD disks. Last year the FBI was forced by privacy advocates to reveal
that it had a software program called Carnivore designed to monitor
Internet e-mail. The Carnivore system (now re-named) is reportedly
installed on Internet Service Provider computers, allowing the agency to
siphon off data from suspected customers.

- Marc

On 28 Dec 2001, Kevin D. Clark wrote:

>
> Benjamin Scott <[EMAIL PROTECTED]> writes:
>
> >   You are pretty much out of luck, then.  The whole point behind things like
> > PGP is that they aim to provide unbreakable encryption.  If you lose your
> > passphrase, you effectively become an attacker.  If they made it easy for
> > you, they would make it easy for the attacker.  Your only option would be to
> > brute force the key -- you might crack it in a few billion years.
>
> This is all pretty much false.
>
> Paul has lost the passphrase that protects his cryptographic keys.
> He's *does* have the cryptographic keys though.
>
> Paul needs some way of recovering the passphrase.  If this is Really
> Important, Paul can recover his passphrase, if he wants to devote
> sufficient resources and/or resources to this task.  However, let me
> categorize this further:  it probably won't take thousands of years of
> computing time to recover the passphrase.
>
>
> Suggestion:
>
> http://www.accessdata.com/Product00_Download.htm?ProductNum=00
>
>
> --kevin
> --
> "There was no way in hell Bill Gosper was going to work under a man
>  who did not know why the logarithm of the sum was not the sum of the
>  logarithms."
> -- Steven Levy, _Hackers_
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>





*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Shell scripting question

[Marc Evans]

On 19 Dec 2001, Kevin D. Clark wrote:

>
> Marc Evans <[EMAIL PROTECTED]> writes:
>
> > Since I also have the constraint that this same script must work on common
> > Linux platforms, I have to come up with an alternative to the script
> > command. So I think, maybe this will work:
> >
> > [ "$LOG" = '' ] && \
> >   { export LOG=mylog.`date +%Y%m%d%H%M%S` ; exec bash -c "$0 $* 2>&1 | tee 
>/tmp/$LOG" ; }
> >
> > Yeah, I loose the logging of input information, but it largely
> > works.
>
> Would you be willing to use something less portable if it also
> preserved user input?  Like Expect or by utilizing a Perl module...
>
> (damn, "script" is useless without that feature...)

Sadly, the constraints that I am under won't allow the use of perl,
expect or other "layered" tools.

> > #!/bin/bash
> >
> > [ "$LOG" = '' ] && \
> >   { export LOG=mylog.`date +%Y%m%d%H%M%S` ; exec bash -c "$0 $* 2>&1 | tee 
>/tmp/$LOG" ; }
>
> This looks reasonable.  I recall doing something like this once.
>
> Out of curiosity, what happens if you do {something like} this instead:
>
> [ "$LOG" = '' ] && \
>   ( LOG=mylog.`date +%Y%m%d%H%M%S` ; export LOG ; "$0" "${@}" 2>&1 | tee /tmp/$LOG ; 
>)
>
> [ "$LOG" = '' ] && exit $?
>
>
> Yes, this uses more sub-shells, but it might prod this into working.

Thanks for the suggestion. I just tried it and sadly it has no noticable
effect.

> > So, my question becomes, has anyone had to do anything similiar in their
> > own scripts, and if so what mechanism did you use? Does anyone see
> > anything obviously wrong in my approach and/or do you know of any issues
> > that might cause the non-termination of the program when it is made more
> > complex then the last example?
>
> Are any of the  that you are eliding in your example doing
> anything weird with the terminal?  Just wondering.

In my opinion, no. The commands include scp, md5sum, tar, mkfs, mount,
umount,echo, read, grep, kill, rm, and so forth. I guess that maybe the
use of "echo -n" and "read" is the closest to that in the script.

- Marc


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Shell scripting question

[Marc Evans]

Hello -

I need to create a bash script (yes, only bash), that logs everything that
it outputs and all user interaction to a file. On the surface I think that
this should be trivial, and on the first line of the script do this:

[ "$LOG" = '' ] && \
  { export LOG=gralog.`date +%Y%m%d%H%M%S` ; exec script -k /tmp/$LOG $0 $* 2>&1 ; }

Unfortunately, I discover that the script command on linux seems to lag
far behind that on the *BSD platforms, in that the usage on each are:

Linux:  script [-a] [file]
BSD:script [-a] [-k] [-q] [-t time] [file] [command ...]

Since I also have the constraint that this same script must work on common
Linux platforms, I have to come up with an alternative to the script
command. So I think, maybe this will work:

[ "$LOG" = '' ] && \
  { export LOG=mylog.`date +%Y%m%d%H%M%S` ; exec bash -c "$0 $* 2>&1 | tee /tmp/$LOG" 
; }

Yeah, I loose the logging of input information, but it largely works. All
except for one thing, which is that after the several hundred lines of
script execution it finall hits "exit 0" but I don't return to the command
prompt. I do see the line just before the exit in the log file and on the
tty. So I experiment with simplistic variations on the theme above, and
they all terminate as I would expect, i.e.:

#!/bin/bash

[ "$LOG" = '' ] && \
  { export LOG=mylog.`date +%Y%m%d%H%M%S` ; exec bash -c "$0 $* 2>&1 | tee /tmp/$LOG" 
; }

ls -l /tmp

echo -n "prompt: "
read response
echo "You entered '$response'"

# In the real-world case, many more lines of script are here.
# When there are many more lines, the exit below doesn't return to the prompt

exit 0


So, my question becomes, has anyone had to do anything similiar in their
own scripts, and if so what mechanism did you use? Does anyone see
anything obviously wrong in my approach and/or do you know of any issues
that might cause the non-termination of the program when it is made more
complex then the last example?

Thanks in advance - Marc


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Where to get old machines

[Marc Evans]

Try CEC Enterprises in North Chelmsford, MA.

- Marc

On Tue, 4 Dec 2001, Todd Littlefield wrote:

> On the off chance that replies only go to you, could you summarize
> the responses for the list?  I've been looking for just such a place
> myself, since EP went out of business.
>
> Thanks.
>
> CmdrRoot wrote:
> >
> > My friends and I are about ready to put up a beowulf cluster out of
> > semi-old pentium based machines. We have one small problem.the
> > meachines. With the demise of Electronic Planet (by the Kinko's in
> > Nashua) we can't find a place that sells older computers with
> > same/similar specs cheaply.
> >
> > If anyone has found a place to replace Electronic Planet please let me
> > know.
> >
> > Thanks,
> >
> > CmdrRoot
> >
> > *
> > To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> > with the text 'unsubscribe gnhlug' in the message body.
> > *
>
> --
>
>   +
>   ||||   ||
>   || Todd Littlefield   ||SPECTRUM Apps Group||
>   || Aprisma Mgmt. Tech.||  - Focus Division ||
>   || [EMAIL PROTECTED]  ||- C, C++, Perl ||
>   || (603) 334-2593 ||- HTML, CGI, Java  ||
>   ||||   ||
>   +
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: How do you whois a domain not tracked by InterNIC?

[Marc Evans]

Sadly, no central whois registry for the .us zone has ever been created.
There are pieces that have whois servers running, but that doesn't really
help if it isn't broadly supported.

- Marc

On Thu, 15 Nov 2001, Paul Lussier wrote:

>
> In a message dated: Thu, 15 Nov 2001 15:35:48 EST
> Marc Evans said:
>
> >One method is :
> >
> >$ nslookup -ty=soa state.nh.us
>
> Ahhh, soa, now why didn't I think of that :)
>
> Thanks!  Though shouldn't there be a way to whois these domains?
> --
>
> Seeya,
> Paul
> 
>
> God Bless America!
>
>   ...we don't need to be perfect to be the best around,
>   and we never stop trying to be better.
>  Tom Clancy, The Bear and The Dragon
>
>


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: How do you whois a domain not tracked by InterNIC?

[Marc Evans]

One method is :

$ nslookup -ty=soa state.nh.us
state.nh.us
origin = oldman.state.nh.us.
mail addr = jsoller.admin.state.nh.us.
serial = 243140
refresh = 43200
retry = 900
expire = 864000
minimum = 86400

and then make use of the 'mail addr' field, such that

nslookup -ty=soa state.nh.us | grep mail | sed 's/\./@/'

yields a usable address.

- Marc

On Thu, 15 Nov 2001, Paul Lussier wrote:

>
> I'm drawing a blank on this on, Neal and I are trying to track down
> the owner of a .us domain.
>
> Anyone remember how to do this?  Ben? ;)
>
>
> --
>
> Seeya,
> Paul
> 
>
> God Bless America!
>
>   ...we don't need to be perfect to be the best around,
>   and we never stop trying to be better.
>  Tom Clancy, The Bear and The Dragon
>
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: NHPR bitcasts

[Marc Evans]

I don't have the specific experience that you are asking for, but I
believe that the answer is that you and others that are knowledgable and
capable should volunteer to go to the NHPR station, propose exactly how
you will provide equipment and software to create your solution, and then
once approved, implement and provide continued support for said solution.
This is precisely what Rob Lembree did back before they had any web
presense.

- Marc

On Tue, 6 Nov 2001, Randy Edwards wrote:

> A couple of months ago I wrote to NHPR 
> complaining that I couldn't listen to their online bitcasts because they
> broadcast using only Windows' bitcasting software.  I expressed some
> surprise that they weren't supporting all listeners and by their choice
> were supporting a company convicted of enforcing a monopoly, blah, blah, blah.
>
> I got a reply back that they had few complaints about their Microsoft
> bitcasting software, and that they would look into the matter.
>
> Yesterday I received a combination pledge request/answer.  They wrote:
>
> - - - snip - - -
> At some point in the past 6 months or so you sent us a request that we
> offer the Real Audio option for our live stream.  We'd like to deliver.
> We offer Real and Windows Media for our archived audio; it makes sense to
> do the same for our live stream.
>
> The only catch is a fairly modest amount of money.  Steve Bothwick, our IT
> guy, and I figure that it will cost us at least $2,000 to set this up.
> That includes the charges we would pay to Public Interactive, the firm
> that provides our streaming, and our set-up costs here at NHPR, both
> internally and on our web site. The $2,000 is a one-time fee.
>
> I don't know if all of the people on the Real Audio list gave during the
> most recent membership drive but I hope you will see the Real Audio issue
> as the thing apart because quite frankly, we've only received about 20
> requests for Real Audio live streaming.
>
> What I'd like to propose is some very targeted giving.  Please let me know
> if you would be willing to contribute to this specific goal of offering
> Real Audio live streaming.  Let me know how much you would be able to give
> and whether you would want to pass this note along to others whom you
> think share your interest in Real Audio.
>
> If I see that the response is strong enough, I'll get back to you and we
> will make this happen.  If the response falls short, I'll get back to you
> and let you know that as well.
>
> If you can think of a better way to handle this, feel free to let me know.
>
> Regards,
>
> Jon Greenberg
> Senior Editor/Dir. of New Media
> - - - snip - - -
>
> Now, the way I see it, the problem is two-fold: First, I don't like
> the fact that I can't listen to NHPR because I run GNU/Linux.  But
> secondly, there's the entire concept of broadcasting this in a proprietary
> format -- IMHO, Real Audio is only a small improvement over the Windows
> bitcasting.
>
> Does anyone have an experience with bitcasting with IceCast, the Ogg
> Vorbis-embraced bitcasting software?
>
> --
>   Regards, | Need help with educational technology?
>   .|
>   Randy| Stop by 
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Obtaining IP addr of a given interface

[Marc Evans]

time ifconfig | awk '(/inet/) {print substr($2,6)}'
172.17.156.23
127.0.0.1

real0m0.006s
user0m0.000s
sys 0m0.000s

On Wed, 24 Oct 2001, Paul Lussier wrote:

>
> In a message dated: Wed, 24 Oct 2001 13:03:01 EDT
> Benjamin Scott said:
>
> >ifconfig $IFACE | perl -ne 'print "$1\n" if m/inet addr:([0-9.]*)/;'
> >
> >  (or something like it) is what I usually use.
>
> Or another variation on the same theme without the overhead of perl:
>
>   ifconfig eth0 | grep inet | awk -F: '{print $2}' | cut -f1 -d' '
>
> Though I think Ben's idea is actually faster:
>
>   $ time ifconfig eth0 | grep inet | awk -F: '{print $2}' | cut -f1 -d' '
>   10.1.8.94
>
>   real0m0.021s
>   user0m0.000s
>   sys 0m0.010s
>
>   $ time ifconfig eth0 | perl -ne 'print "$1\n" if m/inet addr:([0-9.]*)/;'
>   10.1.8.94
>
>   real0m0.015s
>   user0m0.000s
>   sys 0m0.010s
>
> You can tighten this up a little too:
>
>   ifconfig eth0 | perl -ne 'print "$1\n" if /addr:([0-9.]*)/;'
>
> but all it saves are a couple keystrokes :)
>
> --
>
> Seeya,
> Paul
> 
>
> God Bless America!
>
>   ...we don't need to be perfect to be the best around,
>   and we never stop trying to be better.
>  Tom Clancy, The Bear and The Dragon
>
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: GNHLUG 3rd Quarter meeting

[Marc Evans]

Hi Jerry -

Is it the end of the world if I am somewhat late? I have a conflict
meeting in Pelham at 7:00PM that shoul dbe over by 7:10 or 7:15, putting
me in Nashua by 7:30. The alternative for me is to leave Nashua by 8:00PM
to be in Pelham by 8:15.

Please advise your recommendations.

Thanks - Marc

On Mon, 1 Oct 2001, Jerry Kubeck wrote:

> Hello everyone,
>
> Don't forget that our 3rd quarter GNHLUG meeting is tomorrow night at
> Martha's Exchange in Nashua.
>
> Good panel to discuss the changes that havae taken place over the
> past 10 years of the Linux OS. And a small informal party celebratign
> the 10 yr Linux Anniversary afterwards.
>
> RSVP dinner (6 pm) to Paul Lussier at: Paul Lussier <[EMAIL PROTECTED]>
>
> See you there.
>
> Jerry
> --
> -
> Jerry Kubeck  Customer Support Appropriate Solutions, Inc.
> [EMAIL PROTECTED]   www.AppropriateSolutions.com
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug-announce
> **
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: General Question

[Marc Evans]

Yes, they are different, but again, are often used together. I have not
used them specifically with Linux though. I have often used them with
Cisco and Juniper routers. In Cisco-speek, this is often referred to as
a PortChannel in the configuration system.

I will probably need to look this up now that people have me thinking...

- Marc

On 28 Aug 2001, Kevin D. Clark wrote:

>
> [EMAIL PROTECTED] (Kevin D. Clark) writes:
>
> > Marc Evans <[EMAIL PROTECTED]> writes:
> >
> > > I *think* that this may be covered in the 802.11Q VLAN software available
> > > for Linux. I am not certain, as I have not actually tried to use it in
> > > this fashion, but I do recall seeing discussion of it...
> >
> > I don't see how VLANs (pick your standard; IEEE 802.1Q or whatever)
> > and any sort of trunking (pick your standard; IEEE 802.3ad, Cisco,
> > whatever) has a direct relationship.
> >
> > So I find this to be a little bit weird.
>
> Wait, I think I know what Marc is referring to.
>
> In VLAN terminology, there's a concept of a trunk (traffic from
> multiple VLANs can easily travel over such a link).
>
> Port aggregation schemes also refer to something called a "trunk".
>
> However, these two "trunks" are different.  Port aggregation
> technology is different from VLAN technology.
>
> --kevin
> --
> Kevin D. Clark (cetaceannetworks.com!kclark)  |   Will hack Perl for
> Cetacean Networks, Inc.   |  fine food, good beer,
> Portsmouth, N.H. (USA)|   or fun.
> alumni.unh.edu!kdc (PGP Key Available)|
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: General Question

[Marc Evans]

The only relationship is that VLANs are frequently used in conjunction
with trunking. Clearly neither of them requires this.

- Marc

On 28 Aug 2001, Kevin D. Clark wrote:

>
> Marc Evans <[EMAIL PROTECTED]> writes:
>
> > I *think* that this may be covered in the 802.11Q VLAN software available
> > for Linux. I am not certain, as I have not actually tried to use it in
> > this fashion, but I do recall seeing discussion of it...
>
> I don't see how VLANs (pick your standard; IEEE 802.1Q or whatever)
> and any sort of trunking (pick your standard; IEEE 802.3ad, Cisco,
> whatever) has a direct relationship.
>
> So I find this to be a little bit weird.
>
> --kevin
> --
> Kevin D. Clark (CetaceanNetworks.com!kclark)  |
> Cetacean Networks, Inc.   |   Give me a decent UNIX
> Portsmouth, N.H. (USA)|  and I can move the world
> alumni.unh.edu!kdc (PGP Key Available)|
>
>
>
>
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: General Question

[Marc Evans]

I *think* that this may be covered in the 802.11Q VLAN software available
for Linux. I am not certain, as I have not actually tried to use it in
this fashion, but I do recall seeing discussion of it...

- Marc

On Tue, 28 Aug 2001 [EMAIL PROTECTED] wrote:

> Well, if you're talking about what I think you're talking about, it's not
> quite that simple: you also need an ethernet switch that can support what
> Cisco refers to as "trunking".  If you can trunk 'em together, then you
> can get their aggregate throughput -- it's quite nice (I even did this on
> my PC back when I worked at Cisco).  I suggest a google search, under the
> "Linux" section, under "advanced search" (or somesuch), for trunking.
> Trunking, in addition to aggregating your throughput, also has one other
> nifty feature: it's fault-tolerant.  One goes down, your connection is
> still live, but with n-1 aggregate throughput.
>
> (Here's the link to trunking on Google:
> http://www.google.com/linux?site=search&restrict=linux&hl=en&safe=off&q=trunking )
>
> -Ken
>
> On Tue, 28 Aug 2001, a.w.gaunt wrote:
>
> >
> > I would like to learn more about 'ganging' multiple NICs
> > on a network to act as "one" for the sake of performance.
> > I know this is being done somewhere, somehow. Does anyone
> > on this list know of a good reference I can read on the Web?
> >
> >
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: mod_ssl, php4.0 and apache 1.3.19

[Marc Evans]

Yes, I have, but I use the Apachetoolbox compilation kit to help me to
avoid figuring out all of the intricacies. See
http://freshmeat.net/projects/apachetoolbox/ for more details.

- Marc

On Sun, 19 Aug 2001, Bruce Dawson wrote:

> Has anyone been able to successfully get these 3 software systems to
> play together?
>
> I'm becoming very frustrated with the documentation in the
> mod_ssl-2.8.3-1.3.19 tree - it doesn't appear to match reality (all
> modules are DSO'ed in my apache configuration), and the instructions
> just don't work (for instance, no Makfefile has a "certificate" target.)
>
> I have been able to get a libssl.so created in the apache tree, and even
> got apache to load it, but I can't seem to get the 'apachectl startssl'
> (mentioned in the documentation) to work - apachectl just complains that
> 'startssl' is an unrecognized option. So it looks like some part of the
> installation is missing (but I followed all of the steps in the
> documentation - or so I think.
>
> Anyone have any ideas what I did wrong?
>
> --Bruce
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: OT: Switch suggestion

[Marc Evans]

I personally like the HP ProCurve switch series. I have also had good
success with the Intel switches.

- Marc

On Mon, 16 Jul 2001, Cole Tuininga wrote:

>
> Apologies for the off topic post.
>
> We need to replace our network switch.  What we're looking for is
> something that has 16 ports, height <= 2U (rack mountable), manageable
> (prefer ssh, but can live if it's just a serial interface), and
> preferably can mirror all data to a port.
>
> What would folks suggest?
>
> --
> I have gone to look for myself.
> If I should return before I get back, please keep me here.
>
> Cole Tuininga
> Network Admin
> Code Energy, Inc
> [EMAIL PROTECTED]
> (603) 766-2208
> PGP Key ID: 0x43E5755D
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Fw: Windows XP to redesign YOUR web sites...

[Marc Evans]

I thought readers of this list would appreciate bashing M$, given the
recent history/direction the list has taken.

- Marc

- Original Message -
From: "Ronald Kushner" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 07, 2001 11:53 AM
Subject: Windows XP to redesign YOUR web sites...


>
> Was sent this link by a friend... Pretty scarry. Imagine MSN putting
> links all over YOUR website.
>
> -Ron
>
> http://public.wsj.com/sn/y/SB991862595554629527.html
>
> 
> One key test of Windows XP will be whether its features do more to
> benefit consumers or Microsoft's business plan. Another will be whether
> the operating system favors Microsoft services over those of other
> companies. The company has said its software won't discriminate against
> others selling Web-based services.
>
> But even though Windows XP is still in development, I've already
> encountered one proposed feature, in a "beta," or test, version, that
> shows Microsoft may well flunk both these tests. The feature, which
> hasn't yet been made public, allows Microsoft's Internet Explorer Web
> browser -- included in Windows XP -- to turn any word on any Web site
> into a link to Microsoft's own Web sites and services, or to any other
> sites Microsoft favors.
> 
>
> Microsoft's Internet Explorer Smart Tags are something new and
> dangerous. They mean that the company that controls the Web browser is
> using that power to actually alter others' Web sites to its own
> advantage. Microsoft has a perfect right to sell services. But by using
> its dominant software to do so, it will be tilting the playing field and
> threatening editorial integrity.
>
>
>
> __  The ISP-CEO Discussion List  _
> To Join: mailto:[EMAIL PROTECTED]
> To Remove: mailto:[EMAIL PROTECTED]
> Archives: http://isp-lists.isp-planet.com/isp-ceo/archives/
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Multiple webservers under NAT

[Marc Evans]

No, DNS cannot do that. It can only provide the IPv4 or IPv6 host address.
The protocol and port numbers are application specific.

- Marc

On Thu, 7 Jun 2001, Kenneth E. Lussier wrote:

> I'm sure someone will correct me if I am wrong, which I probably am. I
> don't have the BIND book in front of me, so I can't look this up, but
> can this be accomplished through DNS? Have both domains point to one
> IP address, but on different ports? For example,
> https://www.mydomain1.com points to 111.111.111.111:443 and
> https://www.mydomain2.com points to 111.111.111.111:4433.
>
> Kenny
>
> Larry Cook wrote:
>
> > I apologize for not adding my friends specifics.  He's not looking for load
> > balancing or redundancy.  He just want's to host multiple domains and keep
> > them on different servers.  His plan was to have multiple IP address but his
> > ISP will only give him one.  He's looking at various options, including one
> > big honking machine that will use the virtual hosting feature.  One issue he
> > still has is that they are e-commerce sites and he tells me that when using
> > SSL each domain has to have its own IP address.
>
> --
> ---
>  Kenneth E. Lussier
>  Geek by nature, Linux by choice
>  PGP KeyID 0xD71DF198
>  Public key available @ http://pgp.mit.edu
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Multiple webservers under NAT

[Marc Evans]

He could probably get by OK by using non-standard ports for each of the
SSL virtual hosts, and mapping them through to the appropriate service on
the actual server. That would avoid the need for multiple addresses.

- Marc

On Thu, 7 Jun 2001 [EMAIL PROTECTED] wrote:

>
> > I apologize for not adding my friends specifics.  He's not looking for load
> > balancing or redundancy.  He just want's to host multiple domains and keep
> > them on different servers.  His plan was to have multiple IP address but his
> > ISP will only give him one.  He's looking at various options, including one
> > big honking machine that will use the virtual hosting feature.  One issue he
> > still has is that they are e-commerce sites and he tells me that when using
> > SSL each domain has to have its own IP address.
>
> Load balancing was merely an artifact.  If he needs multiple IP addrs
> he needs a new ISP.
>
> ccb
>
>
> --
> Charles C. Bennett, Jr.   VA LiNUX Systems
> Systems Engineer, Northeast US25 Burlington Mall Rd., Suite 300
> +1 617 543-6513   Burlington, MA 01803-4145
> [EMAIL PROTECTED]   www.valinux.com
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Starband info?

[Marc Evans]

I have made the suggested change to netscape on a linux box which doesn't
use the Starband proxy to access the net. I am not perceiving any
performance differences when browsing the web.

- Marc

On Tue, 5 Jun 2001, Karl J. Runge wrote:

> On Tue, 05 Jun 2001, Farrell Woods <[EMAIL PROTECTED]> wrote:
> >
> > Having said all that...  The problem with Starband is latency.  Where
> > this nails you big-time is precisely with bursty, itinerant stuff
> > like web/http traffic.
>
> I don't know if this will help much but if you increase your
> web browser's number of simultaneous connections it could lessen
> the effect of network latency WRT web browsing somewhat.
>
> I do this for netscape via a line:
>
> user_pref("network.max_connections", 16);
>
> in ~/.netscape/preferences.js
>
> I'm guessing the default is 4? Think of the limit of setting it to 1.
> Then the waiting could be almost all latency (as opposed to data xfer).
>
> If you have starband and if you try this I'd be interested if it helped things
> or not.
>
> Karl
>
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Starband info?

[Marc Evans]

I regularly use IPSec through my Starband feed without any problems.

- Marc

On Tue, 5 Jun 2001, Greg Kettmann wrote:

> Another negative of Starband (or DirectPC) is that they both use (to the
> best of my knowledge) a VPN.  That is they encrypt and then decrypt all
> traffic to and from your site.  Your connection is actually to their
> encrypt/decrypt server farm.  This precludes any VPN's of your own (if you
> use them).  I do use a VPN and so any VPN traffic would have failed since
> you can't tunnel within a tunnel.  This according to their FAQ's and from
> phone calls I made.
>
> Does someone with the service know if this also restricts your ports?
> They say in the FAQ's you can't play interactive online games, but I
> assume that's because of latency, not a port issue.
>
> Farrell Woods wrote:
>
> > [EMAIL PROTECTED] wrote:
> > >
> > > People,
> > >
> > > I know a couple of you had mentioned using Starband,
> > > (If you haven't left due to flamewars).
> > > I was wondering if it uses internal PIC(?) boards, or an
> > > external box, similar to a cable modem.
> >
> > Depends on who you get it from.
> >
> > If you get it from Rat Shack then it's internal; works with windoze
> > only.  If you get it from the Dish people then you get a box that's
> > a bit bigger than the average VCR.  The box contains the sattelite
> > transceiver; out the other end it's USB (!).  Also on the back
> > of the box is a TP Ethernet connector, but it's dormant.  Their
> > software package also works only with windoze.  But there's
> > a glimmer of hope.
> >
> > Now...the trick is that if you open the box (thus voiding the
> > warranty) you'll quickly discover that the USB connection is
> > actually a little daughter card that can be removed.  Removing
> > the daughtercard re-activates the previously dormant TP connector,
> > which you then hook to your Linux box.
> >
> > Having said all that...  The problem with Starband is latency.  Where
> > this nails you big-time is precisely with bursty, itinerant stuff
> > like web/http traffic.  Latencies via sattelite run at best around
> > 250ms (not counting latencies through the 'net itself.)  That adds
> > up real fast, so part of the software package from Starband is
> > a elaborate proxy, part of which runs on your PC and the other
> > part at their NOC.  The proxy has the effect of squashing multiple
> > requests/connections so you don't take as much of a beating going
> > through the sattelite.
> >
> > Anyway, there's a lot more interesting info out there.  I'd suggest
> > taking a look at http://www.starbandusers.com.  They just posted
> > some instructions on how to make Starband work with Linux (Mandrake 8)
> > Dunno if this includes anything on the caching proxy software...
> > Starbandusers also has instructions on how to remove the USB
> > card and reactivate the RJ45 jack.
> >
> > FYI I'm not a Starband user myself but I've been looking at it
> > as an alternative to Adelphia or DSL (Dark Side Link) after my
> > house is built.
> >
> > Hth,
> >
> > -- Farrell
> >
> > **
> > To unsubscribe from this list, send mail to
> > [EMAIL PROTECTED] with the following text in the
> > *body* (*not* the subject line) of the letter:
> > unsubscribe gnhlug
> > **
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Starband info?

[Marc Evans]

It uses an external box that can have either USB or 10BaseT ethernet
interfaces.

- Marc

On Tue, 5 Jun 2001 [EMAIL PROTECTED] wrote:

> People,
>
> I know a couple of you had mentioned using Starband,
> (If you haven't left due to flamewars).
> I was wondering if it uses internal PIC(?) boards, or an
> external box, similar to a cable modem.
>
> TIA,
> Bob Sparks
> Linux guru wannabe
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: ipfilter bugs

[Marc Evans]

You may find this interesting / helpful as you venture into the netfilter
functionality:

http://www.linuxsecurity.com/feature_stories/kernel-netfilter.html

- Marc

On Tue, 17 Apr 2001, Kenneth E. Lussier wrote:

> Has anyone out there used ipfilter yet? I'm interested in peoples
> impressions of it. I've been reading up on some of the bugs, and on face
> value, I would consider it to be unstable and too insecure for a
> production firewall. However, I haven't actually used ipfilter, so I
> don't know first hand. What are peoples thoughts?
>
> Kenny


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

PGP and NSA link arms to create secure Linux version (fwd)

[Marc Evans]

-- Forwarded message --
Date: Mon, 9 Apr 2001 12:22:07 -0400
From: Declan McCullagh <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: FC: PGP and NSA link arms to create secure Linux version

[Bet y'all didn't see this coming, say, five years ago. --Declan]

http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/04-09-2001/0001464825&EDATE=

PGP Security's NAI Labs Partner With National Security Agency to
Develop Secure Linux

Contract Will Ensure Secure Open Source Operating System for Business
Critical Internet Infrastructures

SANTA CLARA, Calif., April 9 /PRNewswire/ -- NAI Labs, a division of
PGP Security, a Network Associates, Inc. (Nasdaq: NETA) company, today
announced they are joining with the National Security Agency (NSA) and its
other partners to further develop the NSA's Security-Enhanced Linux (SELinux)
prototype.  The $1.2 million will be paid over the life of the two-year
contract, and the work will focus on research and development to improve the
security of open-source operating system platforms, the core of Internet
infrastructures that have become business critical in today's economy.
The work will reduce the threat of security breaches caused by flawed or
even malicious applications.  The contract builds upon NSA's prior work in
developing a set of new security controls for the Linux kernel and NAI Labs'
prior work in developing an example security policy configuration for these
controls and several additional kernel controls.
 "NAI Labs continues to work with the government to ensure secure Internet
infrastructure.  The President's National Coordinator for Security and the
President's Information Technology Advisory Committee have called for
increasing the federal government's role as both a user and contributor of
open source software," said Terry Benzel, Vice President, Advanced Security
Research and Director of NAI Labs.  "Open source platforms provide the basis
for developing online communication and business strategies, and our work
ensures that the building blocks are secure."
Operating systems provide the foundation for system security, yet
mainstream operating systems lack critical security features needed to enforce
security policies.  NSA and NAI Labs have recognized the need to improve the
security of operating systems.  Linux was chosen by the NSA because its
growing success and open development environment provided an opportunity to
demonstrate that the security functionality added by SELinux can be successful
in a mainstream operating system.  NAI Labs will work with the NSA and its
other partners to develop additional security controls, configure the security
policy and represent the security enhancements to the Linux community.
SELinux includes security enhancements to the operating system that can
enforce the separation of information based on the confidentiality and
integrity requirements.
The security mechanisms of SELinux provide flexible support that allows
customization for a wide range of security policies in order to meet various
security requirements.  Support for security policies is required in order to
protect data on end systems; however, needs are different for every company
and every industry.  Flexible support for policies is required, since an
organization must be able to tailor the policy to meet its particular security
requirements and threat environment.  NAI Labs' and NSA's efforts will improve
the security of open source operating systems so that they can be effectively
applied to protect corporate data.
NAI Labs is an industry leading security research organization with
100 dedicated researchers in four research facilities throughout the
United States and is a founding member of the Security Research Alliance.
NAI Labs is a multi-discipline research organization with world-renowned
expertise in the areas of network security, applied cryptographic
technologies, secure execution environments, security infrastructure, adaptive
network defenses, distributed systems security, and information assurance.  In
addition to its prominent role in the security research community, all
unclassified network and cryptographic research is shared with Network
Associates' product development and support organizations to enable superior
solutions for Network Associates customers.
PGP Security, a Network Associates company, is a worldwide leader in
products and services focusing on solving privacy and data confidentiality
issues, and has a strong history of setting security industry standards.
PGP Security's breadth of security products, including firewall, encryption,
intrusion detection, risk assessment and VPN technologies, address the full
range of security and privacy issues, anywhere information is transmitted or
stored.  PGP Security's products secure over seven million users and include
several of the industry's well-known security brands, including Gauntlet
Firewall and VPN, PGP Data Security, Cy

Re: Need sources.

[Marc Evans]

I highly recommend discontinuing the use of rpm's and instead use the
Apache Toolbox:

http://freshmeat.net/projects/apachetoolbox/

- Marc

On Tue, 27 Mar 2001, Charles Farinella wrote:

> I am trying to install mod_perl on a computer where Apache has been
> installed from an RPM.  During the process it asks where my Apache
> sources are, and I don't have them.  What do I need to do?  I've had this
> kind of thing happen before, it's time I learn to fix it.
>
> thanks,
>
> --charlie
>
> --
> Charles Farinella
> [EMAIL PROTECTED]
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Vitts. (Was Re: ongoing: First Lan)

[Marc Evans]

Yes, you can use a box like the LinkSys.

- Marc

On Tue, 20 Mar 2001, Mark Rousseau wrote:

> Has any one on this list used  one of  broadband routers with these dish
> solutions?   I know I can use a linux box as the router box/firewall but
> I'm lazy.
>
> -mark
>
> Paul Lussier wrote:
>
> > In a message dated: Tue, 20 Mar 2001 09:55:35 EST
> > Marc Evans said:
> >
> > >It is true two-way satelite (vsat return @ 128k or 1256k optionally).
> >
> > Any idea what the performance is like?  They quote upto 500k
> > downstream connection, but what about latency?
> >
> > Speed is great, but it's the latency that'll kill you.  I.e., don't
> > underestmate the bandwidth of a C-5 Galaxy loaded with magnetic tape
> > :)
> > --
> >
> > Seeya,
> > Paul
> > 
> > It may look like I'm just sitting here doing nothing,
> >but I'm really actively waiting for all my problems to go away.
> >
> >  If you're not having fun, you're not doing it right!
> >
> > **
> > To unsubscribe from this list, send mail to
> > [EMAIL PROTECTED] with the following text in the
> > *body* (*not* the subject line) of the letter:
> > unsubscribe gnhlug
> > **
>
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: More first LAN

[Marc Evans]

Thanks for the correction. I took my color codes from the T568A spec,
whereas you quote the T568B spec. Clearly either will work, though the one
you quoted is probably more commonly used.

- Marc

On Tue, 20 Mar 2001, Dana S. Tellier wrote:

> Hey, all--
>
>   I know this is a picky thing, but the pinouts-to-colors you've
> described (to my knowledge) aren't what I've seen to be the
> "standard".  Generally, I've seen a straight-through as:
>
> 1 white/orange
> 2 orange
> 3 white/green
> 4 blue
> 5 white/blue
> 6 green
> 7 white/brown
> 8 brown
>
>
>   The actual pinouts you've described are completely accurate, but
> (being picky) most people I've met from networking companies attempt to
> keep this color scheme just to *attempt* some sort of standard.
>Then, the cross-over cable (these are only for Ethernet, of
> course, as token ring, FDDI, T1, ATM, etc. cross-overs utilize different
> wires for transmit and receive) has one end which is the same as above,
> while the other end has the scheme you mentioned:
>
> 1 white/green
> 2 green
> 3 white/orange
> 4 blue
> 5 white/blue
> 6 orange
> 7 white/brown
> 8 brown
>
>
>   Just thought I'd clarify the correct color scheming.  Any problems
> or disagreements, feel free to fire away. ;-)
>
>  - Dana
>
>
>
> --
> Dana S. Tellier   Email [EMAIL PROTECTED]
> Student Engineer  University of New Hampshire
> InterOperability Lab  7 Leavitt Ln Durham, NH 03824
> ATM Consortium603-862-4626 FAX: 603-862-4181
>
> http://www.distributed.net/   Put wasted CPU cycles to use!
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Vitts. (Was Re: ongoing: First Lan)

[Marc Evans]

I regularly see 400k real inbound throughput. Latency is usually around
800ms. I do use ssh through it regularly, and find no problems with the
latency. If you are a game player though, the latency will be a
show-stopper.

- Marc

On Tue, 20 Mar 2001, Paul Lussier wrote:

> In a message dated: Tue, 20 Mar 2001 09:55:35 EST
> Marc Evans said:
>
> >It is true two-way satelite (vsat return @ 128k or 1256k optionally).
>
> Any idea what the performance is like?  They quote upto 500k
> downstream connection, but what about latency?
>
> Speed is great, but it's the latency that'll kill you.  I.e., don't
> underestmate the bandwidth of a C-5 Galaxy loaded with magnetic tape
> :)
> --
>
> Seeya,
> Paul
> 
>   It may look like I'm just sitting here doing nothing,
>but I'm really actively waiting for all my problems to go away.
>
>If you're not having fun, you're not doing it right!
>
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Vitts. (Was Re: ongoing: First Lan)

[Marc Evans]

That is a typo on my part, it should have said "256k". You can get that
through starband. Those of you looking for a high-ly skilled dealer, I
highly recommend the folks at Northern Systems in Wales MA (800-725-4525).
As for the pricing breakdown:

$149.00 Basic TV receiver (not required for Internet)
$399.00 Internet transceiver
$199.00 Installation
-$99.00 Installation rebate (may not be offered still)

 $99.00 Monthly charge for 150 TV channels plus Internet
I *think* Internet alone is $69.00

- Marc

On Tue, 20 Mar 2001, Mark Rousseau wrote:

> Who is offering the 1256K return speed?  I haven't seen that with starband
> and directv's newest system isn't quite released yet.
>
> -mark
>
> Marc Evans wrote:
>
> > It is true two-way satelite (vsat return @ 128k or 1256k optionally).
> >
> > - Marc
> >
> > On Tue, 20 Mar 2001, Paul Lussier wrote:
> >
> > > In a message dated: Mon, 19 Mar 2001 17:08:23 EST
> > > "Hartnett" said:
> > >
> > > >Dish Network does offer two way satellite Internet.
> > >
> > > Is it true 2-way satellite or is it a telco-return?  Most of these
> > > (Direct PC) used to be satellite downstream feed and a telco return.
> > > Kind of defeating the purpose IMO.
> > > --
> > >
> > > Seeya,
> > > Paul
> > > 
> > >   It may look like I'm just sitting here doing nothing,
> > >but I'm really actively waiting for all my problems to go away.
> > >
> > >If you're not having fun, you're not doing it right!
> > >
> > >
> > >
> > > **
> > > To unsubscribe from this list, send mail to
> > > [EMAIL PROTECTED] with the following text in the
> > > *body* (*not* the subject line) of the letter:
> > > unsubscribe gnhlug
> > > **
> > >
> >
> > **
> > To unsubscribe from this list, send mail to
> > [EMAIL PROTECTED] with the following text in the
> > *body* (*not* the subject line) of the letter:
> > unsubscribe gnhlug
> > **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Vitts. (Was Re: ongoing: First Lan)

[Marc Evans]

It is true two-way satelite (vsat return @ 128k or 1256k optionally).

- Marc

On Tue, 20 Mar 2001, Paul Lussier wrote:

> In a message dated: Mon, 19 Mar 2001 17:08:23 EST
> "Hartnett" said:
>
> >Dish Network does offer two way satellite Internet.
>
> Is it true 2-way satellite or is it a telco-return?  Most of these
> (Direct PC) used to be satellite downstream feed and a telco return.
> Kind of defeating the purpose IMO.
> --
>
> Seeya,
> Paul
> 
>   It may look like I'm just sitting here doing nothing,
>but I'm really actively waiting for all my problems to go away.
>
>If you're not having fun, you're not doing it right!
>
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: HP Direct Jet

[Marc Evans]

There is a project on sourceforge that could address your questions:

http://hpoj.sourceforge.net/

I am using this with a HP OfficeJet G85 through a Jet Direct 170X on the
LAN. It seems to serve my needs fine, though not all of the features of
the G85 are available through the software yet.

- Marc

On Sat, 17 Mar 2001, Hartnett wrote:

> I was thinking about getting a HP direct jet unit and plug my printer
> into that and put it onto my network.
> How well does Linux play with these units, if anyone knows?
>
>
>   Thanks
>   Sean
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: More first LAN

[Marc Evans]

*Usually* today 10BaseT and 100BaseT cables are made from the same cable,
Catagory 5. In earlier times, 10BaseT was often made from Catagory 3
cable, which isn't spec'ed to be able to carry 100Mbps signals reliably.

Yes, both use RJ45 connectors and have the same pinouts. A strait-through
cable would be defined by the following pins being connected on both ends:

1   white/green 1
2   green   2
3   white/orange3
4   blue4
5   white/blue  5
6   orange  6
7   white/brown 7
8   brown   8

In reality, only pins 1, 2, 3 and 6 are used in a full-duplex
configuration. The others are not used in ethernet applications.

A cross-over cable is one which connects the receive ends to the transmit
ends, thereby eliminating the need for a hub in the middle. The pine would
be connected as follows:

1   white/green 3
2   green   6
3   white/orange1
4   blue7
5   white/blue  8
6   orange  2
7   white/brown 4
8   brown   5

- Marc

On Sat, 17 Mar 2001, Tom Rauschenbach wrote:

>
>
>
> Are 10 base T and 100 base T cables the same ?  Do they both use RJ45
> connectors ?  What's a 10BT/100BT crossover cable ?
>
> TIA
>
>
> TomR
>
>
>   --
> ---
> Tom Rauschenbach[EMAIL PROTECTED]
> All your base are belong to us
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: NSA Secure Linux

[Marc Evans]

You must be trolling for flames. Having followed the developement rather
closely, and running it on a few systems here, I can safely say that the
changes that are coming from this project are far from a "joke". Oh, I
also have OpenBSD and several other OSes here, and regularly contrast and
cross-polinate between them...

- Marc

On Thu, 15 Mar 2001, Kurth Bemis wrote:

> Anyone seen this?  What a joke!  Well for the Government i suppose that
> this is the best that they can do with 1.2 billion-trillion tax dollars.  I
> mean if you want something secure use OpenBSD or MacOS!! anyway - check
> it out
>
> http://www.nsa.gov/selinux/download.html
>
> I like their use of wu-FTP as their "secure ftp server. :-)
>
> ~kurth
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: colocation services?

[Marc Evans]

Locally, consider MV Communication (www.mv.com).

If you want something closer to a fort-knox style facility, consider
UUnet.

- Marc

On Mon, 5 Mar 2001, Tony Lambiris wrote:

> Can anyone recommend any colocation services? If you can also include
> any personal experience if it applies as well. You can send all
> responses off the mailing list to me, unless you want everyone to know
> how you feel, which Im guessing everyone will do.;)
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: StarBand

[Marc Evans]

On Thu, 15 Feb 2001, Hartnett wrote:

> Supposedly if you open up the modem and remove the USB daughter board
> in the unit, the RJ-45 ethernet port will function fine.

That is correct. There is a USB/ethernet bridge daughter board that when
unplugged allows the RJ45 ethernet interface to be used. The use of the
term "modem" is probably a stretch, in that the box appears to be a rather
complete router/bridge, that happens to have a satelite driver as one of
its interfaces.

- Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: StarBand

[Marc Evans]

On Thu, 15 Feb 2001, Thomas Charron wrote:

> Had a friend look at it.  Coupla ick things about it :
>
> 1) You need a 10 degree veiw of the horizon.  In most cases up here,
> spec in the boonies, trees get in the way of having it at such a low
> angle./.

Mine is set at 32 degrees. I don't believe that there are any birds down
that low (10 degrees).

> 2) *WIN32* only.  There are two ways of connecting.  One is to use a USB
> based 'Satallite' modem.  Another is to have a Satallite interface card.  To
> my knowledge, there are no drivers for these that will run correctly under
> Linux.  I could be incorrect, but when I searched, I came up empty.

Not true. See my prior post on the topic.

> 3) Decent bandwidth, but from looking at a live system in Mass working,
> it has crap latency.

Yes, latency is an issue, particularly if you are a game player.

- Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: StarBand

[Marc Evans]

Yeah, I have it. If DSL and Cable are viable options, I consider Starband
a fine alternative. The latency is somewhat high (800 ms typical), but the
throughput is good (400k or better in most cases, inbound). I have this
hooked up to a SPARC running Linux-2.4.1 as a firewall. If you want to see
the latency issues, try pinging 148.75.225.142, or ssh there and see what
happens when you type something to the login prompt.

If you desire, I can be more verbose.

Oh also, I highly recommend that people in New England consider using
Northern Systems as your retailer. They have many years of experience with
Satelite technology and stand behind their installations. You can find
more information at www.northernsys.com.

- Marc

On Thu, 15 Feb 2001, Mark Rousseau wrote:

> Has anyone on this list tried the two satellite service from Starband?
> I'm interested in it since I live in the boonies and it seems like it
> will be cold day in hell before DSL is an option.
>
> thanks,
>Mark Rousseau


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

unsubscribe

[Marc Evans]

unsubscribe


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Vitts news

[Marc Evans]

You might want to review PUC docket 99-020 wherein the NHISPA is fighting
for access to Verizon infrastructure to be able to provide xDSL to
locations like Peterborough (and many others throughout the state).
Granted that this isn't an immediate solution for you, but it is something
that the user community could get involved in to help be part of the
broader solution, i.e. send a letter to the PUC and DRED explaining your
needs. The more people that do this, the more the impact (squeeky wheel
syndrom).

- Marc

On Tue, 23 Jan 2001, Ken D'Ambrosio wrote:

> But none of 'em have DSL for my area (Peterborough).  I'm afraid I'm
> doomed to go back to analog.  *sigh*  I haven't been analog in over five
> years; it's gonna hurt.  Unless, of course, someone gets smart and says to
> themselves, "Hmmm.  Extant infrastructure at firesale prices.  Gonna get
> me some of that."
>
> -Ken


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Vitts news

[Marc Evans]

Well, the NH ISP Association (http://www.nhispa.org) was contacted by the
NH Department of Resource and Economic Development (DRED) and asked what
could be done to help people that will be directly effected by this. All
of the ISP's are preparing to try to handle the needs of these people. You
may want to investigate the association member ISPs:

http://www.nhispa.org/ispmembers.shtml

- Marc

On Tue, 23 Jan 2001, Randy Edwards wrote:

>While not GNU/Linux specific, I'm surprised I haven't read anything in
> GNHLUG about Vitts' closing.  Anyone scrambling to arrange Internet
> service?
>
> --
>  Regards, | "The ultimate result is that some innovations that would
>  .| truly benefit consumers never occur for the sole reason
>  Randy| that they do not coincide with Microsoft's self-interest."
>   | -- Judge Thomas Penfield Jackson, U.S. District Judge


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: 2.4.0 kernel compilation on SPARC

[Marc Evans]

Just to followup on my own message, upgrading to modutils-2.3.9-6 fixes
the problem.

- Marc

On Sat, 6 Jan 2001, Marc Evans wrote:

> Hi -
>
> I have just encountered the following on a SPARC system that has RH 6.1
> installed. I suspect that this simply means that I need to update the
> tools, but thought that I would pass this along in case anyone else is
> embarking on a similiar exercise.
>
> find kernel -path '*/pcmcia/*' -name '*.o' | xargs -i -r ln -sf ../{} pcmcia
> if [ -r System.map ]; then /sbin/depmod -ae -F System.map  2.4.0; fi
> /sbin/depmod: invalid option -- F
> Usage: depmod [-e -s -v ] -a [FORCED_KERNEL_VER]
>depmod [-e -s -v ] MODULE_1.o MODULE_2.o ...
>
> - Marc
>
>
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
>



**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

2.4.0 kernel compilation on SPARC

[Marc Evans]

Hi -

I have just encountered the following on a SPARC system that has RH 6.1
installed. I suspect that this simply means that I need to update the
tools, but thought that I would pass this along in case anyone else is
embarking on a similiar exercise.

find kernel -path '*/pcmcia/*' -name '*.o' | xargs -i -r ln -sf ../{} pcmcia
if [ -r System.map ]; then /sbin/depmod -ae -F System.map  2.4.0; fi
/sbin/depmod: invalid option -- F
Usage: depmod [-e -s -v ] -a [FORCED_KERNEL_VER]
   depmod [-e -s -v ] MODULE_1.o MODULE_2.o ...

- Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Starband two-way satelite internet via linux?

[Marc Evans]

Hello -

I am looking at the possibility of using starband (http://www.starband.com)
for network access for a vacation home I have in the middle of knowhere NH.
Has anyone seen/heard/experienced this system? If yes, do you have any
knowledge with how it may work with Linux/FreeBSD/non-win32 systems? I see
a thread in the Kansas Linux Users Group archive from back in November 2000
but there are no conclusions posted.

Thanks in advance - Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Building 2.2.17 kernel on Redhat 7.0

[Marc Evans]

The key appears to be to edit the Makefile at the top of the source tree
and change the definition of CC to use egcs. I should note that I did NOT
find running "make CC=egcs" or similiar variants sufficient.

- Marc



**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Building 2.2.17 kernel on Redhat 7.0

[Marc Evans]

Hi -

Has anyone attempted to build the 2.2.17 kernel sources on a system
installed with Redhet 7.0? I am encountering errors in cpp macro expansion
while processing checksum.S and the code there seems fine...

Thanks in advance - Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: reverse DNS

[Marc Evans]

Use this command:

$ whois [EMAIL PROTECTED]
[whois.arin.net]
Performance Systems International (NET-PSINETA)
   510 Huntmar Park Drive
  Herndon, VA  22070

   Netname: PSINETA
   Netblock: 38.0.0.0 - 38.255.255.255
   Maintainer: PSI

   Coordinator:
  PSINet,Inc.  (PSI-NISC-ARIN)  [EMAIL PROTECTED]
  (518) 283-8860

   Domain System inverse mapping provided by:

   NS.PSI.NET   38.8.48.2
   NS2.PSI.NET  38.8.50.2
   NS5.PSI.NET  38.8.5.2

   Record last updated on 11-Nov-1998.
   Database last updated on 28-Nov-2000 07:49:03 EDT.

- Marc

On Tue, 28 Nov 2000, Tom Rauschenbach wrote:

> 
> 
> 
> Does anybody know how to find out who "owns" and IP address ?  I've got
> portsentry installed and it just warned me that I was probed by  38.164.94.1
> and I'm wondering who that is.  Traceroute and ping don't help (unless they
> options I don't know about.  I know that there is a sort of reverse DNS but
> I don't know how to use it.
> 
> 
> 
> TomR
> 
> --  Standard is better than better.  If your web
> page cares what browser I'm using it's broken. [EMAIL PROTECTED]
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: undelete files still open by a running process

[Marc Evans]

Thanks Jeff.

I had already embarked on using the wonders of debugfs, and now have lots
of details 8-)

- Marc

On Mon, 20 Nov 2000, Jeff Dike wrote:

> I think you'll be able to access through /proc//fd.  Below, I created 
> ~/foo (from a kernel Makefile), ran more on it to get it open, deleted it, and 
> looked at it through the /proc entry of more.
> 
>   Jeff
> 
> % ps uax|grep more
> jdike 1752  0.0  0.3  1108  416 pts/4S10:08   0:00 more ~/foo
> % cd /proc/1752/fd
> % ls -al
> total 0
> [snip]
> lr-x--   1 jdikejdike  64 Nov 20 10:08 3 -> /home/dike/foo
> % rm ~/foo
> % ls -al
> [snip]
> lr-x--   1 jdikejdike  64 Nov 20 10:08 3 -> /home/dike/foo 
> (deleted)
> 
> % more 3
> VERSION = 2
> PATCHLEVEL = 4
> SUBLEVEL = 0
> EXTRAVERSION = -test11
> ...
> 
> 
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: undelete files still open by a running process

[Marc Evans]

Yes, ext2fs.

I have generated a copy of the entire raw device, on which I can
operate. I have also captured the details of the inode and related
information.

This site seems to have some information that looks like it may do what I
am looking for:

http://hinux.hin.no/linux/LDP/HOWTO/mini/Ext2fs-Undeletion.html

Still, any other pointers would be appreciated.

- Marc

On Mon, 20 Nov 2000, Kevin D. Clark wrote:

> 
> [EMAIL PROTECTED] writes:
> 
> > Does anyone know of an undelete mechanism that may be usable in this case?
> 
> What kind of filesystem are we talking about here?
> 
> ext2fs?
> 
> Hey, while this system is still up, write down everything you can
> about those files, including any inode information you can glean.
> 
> --kevin
> -- 
> Kevin D. Clark ([EMAIL PROTECTED]) |
> Cetacean Networks, Inc.|   Give me a decent UNIX
> Portsmouth, N.H. (USA) |  and I can move the world
> [EMAIL PROTECTED] (PGP Key Available)   |
> 
> 
> 
> 
> 



**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

undelete files still open by a running process

[Marc Evans]

Hi -

I have a Linux system that was root compromised very recently. The person
that did this when trying to clean up overlooked telling syslogd and httpd
to close/reopen the log files they had deleted (i.e. /var/log/messages). I
can see the information about these files through the use of lsof, but now
am puzzled with what is the best way to recapture that information?

Does anyone know of an undelete mechanism that may be usable in this case?

Thanks in advance - Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Perl CGI (again)

[Marc Evans]

This is a function of the browser. A review of the HTTP standard reveals
that there is currently no official standard (to my knowledge) for the
server to inform the browser of the filename for a stream it sends. There
is however a fairly broadly accepted method, which I involves sending
lines as part of the headers, as in:

print "Content-type: $TYPE\n";
print "Content-Disposition: attachment; filename=\"$FILENAME\"\n\n";

You will need to set $TYPE and $FILENAME appropriately.

- Marc

On Tue, 17 Oct 2000, Derek Martin wrote:

> 
>   Ok so finally I got my page working, and it works for everyone except
> one of our junior administrators, who, rather than seeing the output of
> the perl script, gets a file box asking him to save the .pl file.
> 
> ???
> 
>   
> -- 
> Derek Martin
> Senior System Administrator
> Mission Critical Linux
> [EMAIL PROTECTED] 
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Booting from a DPT 3334 RAID?

[Marc Evans]

Is anyone that reads this list using a DPT 3334 (or similiar) controller
to control the boot device? If so, I would like to exchange some e-mail
with you to try to figure out why I can't seem to get this functioning,
failing with:

kmod: failed to exec /sbin/modprobe -s -k block-major-8, errno=2
VFS: Cannot open root device 08:05

I am doing this on a Dell 2300 with Mandrake 7.1 just installed. All
hardware has previously been running BSDi quite successfully, and the
installation process seems to use the device quite happily. Mandrake
support is proving quite useless in trying to hunt down the issue. Any
suggestions appreciated.

- Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: The virus thread

[Marc Evans]

I know that there are several people on this list that disagree with me
about the ability for the recent virus(es) to infect systems even without
executing the VB program manually. Below is a message that I have received
from a reputable source that supports my assertions that in fact there is
a variation running around that will infect systems in the manner that I
suggest. This is really just intended to help those disbelievers be
aware. I really don't care to prolong the thread...

- Marc

**
From: Alan for the SANS NewsBites service
Re:   May 10 SANS NewsBites

*

SANS Alert! 
Windows Users. Please act to fix and protect your systems this week.
Email viruses are now spreading WITHOUT THE USER OPENING ANY ATTACHMENT.
Details in the first story in this issue.

*

SANS conferences are adding programs for newcomers as well as seasoned
professionals.  First opportunity: Washington, DC in July
(http://www.sans.org/dc2000.htm).

  AP

**

 SANS NEWSBITES

  The SANS Weekly Security News Overview

Volume 2, Number 19   May 10, 2000

Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray,
 Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz
  <[EMAIL PROTECTED]>

*

10 May 2000  Email viruses are now spreading WITHOUT THE USER 
 OPENING ANY ATTACHMENT
 8 May 2000  ILOVEYOU Virus Suspect Arrested
 7 May 2000  ISP Cooperation Helps Target Suspect
 6 May 2000  Mutations Circumvent Virus Protection
 4 May 2000  How the Virus Works, and What to Do About It
 7 May 2000  Spam and E-Mail Worms/Viruses Share Characteristics
 6 May 2000  Deutch Case to be Investigated Again
 5 May 2000  Apache Site Attacked
 5 May 2000  Diligence, Not Legislation, Needed to Stop Attacks
 3 May 2000  International Cybercrime Proposal
 1 May 2000  Cyberstalking Legislation Pending
 5 May 2000  Seventeen Charged in Piracy Scheme
 3 May 2000  New DDoS Tool Found "In the Wild"
 3 May 2000  Federal Agencies Trailing Private Industry in 
 "Cyberspace Race"
 3 May 2000  Microsoft Integrating Biometric Technology 
 2 May 2000  Supreme Court Rejects ISP Liability Appeal

* This week's sponsor:  VeriSign - The Internet Trust Company 

Running a server farm? If you're managing multiple servers in your
organization, securing all of them can quickly become complicated. But
now, you can learn how to simplify security administration through a
single point of management - with a valuable new guide from VeriSign.

Request the FREE Guide "Securing Intranet and Extranet Servers" at:
http://www.verisign.com/cgi-bin/go.cgi?a=n016105080151000

**

-- 10 May 2000  Email viruses are now spreading WITHOUT THE USER
OPENING ANY ATTACHMENT.
Personal computers running Internet Explorer (IE) version 5.0 and/or
Microsoft Office 2000 are vulnerable to virus attacks using most email
systems, even if the email recipient opens no attachments.  You don't
even have to use IE; just have it installed with the default security
settings.  If you have not closed the hole, you can receive viruses (and
spread them) by viewing or previewing malicious email without opening
any attachment, or by visiting a malicious web site. The problem is
caused by a programming bug in an Internet Explorer ActiveX control
called scriptlet.typelib.  This is by far the fastest growing virus
distribution problem and ripe for a hugely destructive event - at least
as large as the ILOVEYOU virus.  Updating your virus detection software,
while important, is not an effective solution for this problem. You must
also close the hole.  The hole can be closed in five minutes or less
using tools available at Microsoft's security site:
http://www.microsoft.com/security/bulletins/ms99-032.asp 
The correction script may be run directly from:
http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
Editor's Note: Thanks to Jimmy Kuo of Network Associates and Nick
FitzGerald of Computer Virus Consulting Ltd. for raising the visibility
of this dangerous problem.

-- 8 May 2000  ILOVEYOU Virus Suspect Arrested
Officers from the Philippine National Bureau of Investigation have
arrested a man in connection with the ILOVEYOU virus that ran rampant
through e-mail systems worldwide last week.
http://www.usatoday.com/life/cyber/tech/cth864.htm
http://www.zdnet.com/zdnn/stories/news/0,4586,2564627,00.html?chkpt=zdhpnews01

-- 7 May 2000  ISP Cooperation Helps Target Suspect
Two Philippine Internet service providers (ISPs) helped track down a
suspect in the ILOVEYOU virus outbr

Job Posting, Hanover NH

[Marc Evans]

Hello -

I am posting this for a collegue. Please, principals only respond. Please
followup via e-mail to Ron Boehm <[EMAIL PROTECTED]>.

- Marc

ValleyNet Systems Administrator Job Description
5/11/2000

The ValleyNet Senior Systems Administrator is responsible for network
operations and design.  Duties and responsibilities include implementing
network modifications, server operations, performing scheduled
maintenance, overseeing database integration and custom programming to
integrate billing and administrative functions. This individual works
closely with business and educational clients to design and implement IT
solutions.   The range of these solutions varies from providing
high-speed data connections to web server solutions.  Experience in UNIX,
Linux, TCP/IP, BGP routing protocols and PERL is required. Experience
with JAVA is a strong plus.  This is a permanent full-time salaried
position with excellent benefits.  The senior systems administrator needs
to work effectively with the entire ValleyNet team and reports to the
director of ValleyNet.

Excellent verbal and written communication skills are required for system
documentation and client contact.  The individual should have exceptional
organizational skills and will work with minimal supervision in a variety
of physical locations in the Upper Valley.  He/she will manage a team of
assistants to accomplish ValleyNet's mission.

Specific duties include:
- Mail and web server operations and maintenance.
- Specifying and purchasing new equipment from vendors and maintenance
  suppliers.
- Planning and implementing routing and back-haul operations to the
  Internet.
- Performing and supervising on-site installations of high-speed data
  services.
- Creating and maintaining documentation for maintenance procedures and
  disaster recovery plans.
- Managing, recruiting and training support staff including the assistant
  systems administrators and student interns.

The senior administrator should have BS in engineering or computer
science and three years recent experience in administering LAN/WAN
environments or similar experience at an Internet Service Provider.

Benefits include holiday time, generous earned time off, sick leave,
medical insurance, dental insurance, life insurance, and a
403(b)-retirement plan with contributions from ValleyNet.  ValleyNet is a
non-profit educational organization with administrative offices in
Norwich, VT and Hanover, NH.  We are the oldest and largest independent
ISP in the Upper Valley.  ValleyNet is an equal opportunity employer and
seeks applicants who desire to serve the Upper Valley community as part
of their career choice.


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

RE: Today's reason not to run Windows

[Marc Evans]

See http://www.zdnet.com/tlkbck/comment/22/0,7056,88759-421762,00.html to
support my assertions.

- Marc

On Thu, 4 May 2000, Jerry Eckert wrote:

> Marc Evans wrote:
> >
> >I beg to differ, but this is hadly the forum. The VB file attached is
> >immediately executed upon retrieval from the POP box. The user does not
> >have to open the message in any fashion, if the preview feature is
> >enabled.
> 
> Why is it that none of the information releases from the antivirus vendors
> have mentioned this?
> 
> As a test I just sent myself an E-mail with a .vbs file attached.  When the
> message was opened in the Outlook 98 preview pane the message body was
> displayed along with the standard attachment indicator.  When I clicked on
> the attachment and selected it to open I then got an error from the VBS
> compiler (it was a bogus file since I don't have a real VBS script handy).
> 
> Jerry
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Today's reason not to run Windows

[Marc Evans]

I beg to differ, but this is hadly the forum. The VB file attached is
immediately executed upon retrieval from the POP box. The user does not
have to open the message in any fashion, if the preview feature is
enabled.

To make some reasonable use of this bandwidth at least, below you will
find some general rules that can be applied to a 8.9.* or 8.10.* sendmail
configuration, to help eliminate the propogation of the message.

HSubject: $>Check_Subject
F{MPat} /etc/mail/virus_list
D{MMsg} This message may contains a virus.
SCheck_Subject
R$* $={MPat} $* $#error $: 553 ${MMsg}

Then put lines commonly found in the virus messages, one per line, into
the /etc/mail/virus_list file. In the case of today's virus, a line
containing "ILOVEYOU" would be entered.

- Marc

On Thu, 4 May 2000, Thomas Charron wrote:

> > On Thu, 4 May 2000, Thomas Charron wrote:
> > >   You know, all of this bashing on why Outlook does this and that, not
> one
> > > has mentioned that *IT'S the DUMMIES WHO RAN IT*'s fault.  It didn't run
> > > itself.  Someone had to open it..  This is a question of intelligence,
> which
> > > has *NOTHING* do with Operating systems..  A properly secured NT box..
> > I wish this were true, but it sadly is not. The MS Outlook program has a
> > "feature" which previews messages. Anyone who has that feature turned on,
> > which I believe it is by default, would become infected simply by
> > retrieving messages from theie pop/imap/whatever box.
> 
>   This particular virus was a file *atachment*.  It did not use the
> bug^M^M^Mfeature your speaking of..  :-P
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Today's reason not to run Windows

[Marc Evans]

On Thu, 4 May 2000, Thomas Charron wrote:

>   You know, all of this bashing on why Outlook does this and that, not one
> has mentioned that *IT'S the DUMMIES WHO RAN IT*'s fault.  It didn't run
> itself.  Someone had to open it..  This is a question of intelligence, which
> has *NOTHING* do with Operating systems..  A properly secured NT box..

I wish this were true, but it sadly is not. The MS Outlook program has a
"feature" which previews messages. Anyone who has that feature turned on,
which I believe it is by default, would become infected simply by
retrieving messages from theie pop/imap/whatever box.

- Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Derek's been hacked

[Marc Evans]

On Mon, 24 Apr 2000, Benjamin Scott wrote:

> On Mon, 24 Apr 2000, Jerry Callen wrote:
> > FWIW, here's a list of setuid programs from an old RH 5.2 system:
> >
> [snip] 
> > 
> > This is a lot of programs, and there are some I was surprised to see 
> > (like xterm).
> 
>   xterm is SUID-root because it has the option of updating the utmp and wtmp
> files to record logins and logouts.  (This is, IMNSHO, a design flaw in Unix.)
> 
>   What I want to know is, why the heck is ping SUID-root?

To generate various ICMP packets, you require root privs.

- Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: compromised system

[Marc Evans]

The biggest problem that you *may* encounter depending upon your
configuration is going to be log/status/debug files. Of course, if you
ever decide to be a slave for anything, your problems will be more
complex.

- Marc

On Sun, 23 Apr 2000, Derek Martin wrote:

> Today, Marc Evans gleaned this insight:
> 
> > People should really consider running daemons like named in a chroot'ed
> > environemnt (see http://www.psionic.com/papers/dns/ for example). You
> > should also consult the INSTALL file in the source distribution, which
> > discusses the -u, -g and -t options:
> > 
> > User and Group ID
> > 
> > Specifying "-u" followed by a username or numeric user id on the
> > "named" command line will cause the server to give up all
> > privileges and become that user after the initial load of the
> > configuation file is complete.  "-g" may be used similarly to set
> > the group id.  If "-u" is specified but "-g" is not, the group
> > used will be the given user's primary group.
> > 
> > Chroot
> > 
> > "-t" followed by a directory path on the "named" command line will
> > cause the server to chroot() to that directory before it starts
> > loading the configuration file.
> > 
> 
> Cool.  I didn't know you could do this.  I new this was possible in theory
> but I didn't know the code was already in there. I've got named running as
> user named now, and named has no ownership of any files on the system.  
> Does anyone know of any potential implications of this (i.e. named not
> being able to write to files it needs to write to)?
> 
> This is a master server only, so I am not requesting any zone transfers.
> Therefore I don't need to worry about being able to write to slave zone
> files.  But are there others that it may need to write to (i.e. to which
> it does not already have access prior to changing user)?
> 
> Preliminary testing suggests that this is working fine.
> 
> Thanks for the tip Marc.
> 
> 
> -- 
> PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
> --
> Derek D. Martin  |  Unix/Linux Geek
> [EMAIL PROTECTED]  |  [EMAIL PROTECTED]
> --
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: system compromised

[Marc Evans]

I recommend reading what is driving bind version 9:

http://www.isc.org/products/BIND/plans.html

- Marc

On Sun, 23 Apr 2000, Kenneth E. Lussier wrote:

> BIND has been around longer than I have, so most of my knowledge on the subject
> is in retrospect. However, from everything that I have read and heard from
> people, there hasn't been a version of bind yet that hasn't had some sort of
> major security vulnerability. I'm not sure if it is because the crackers are
> better, the systems are more powerful, or if it is the simple fact that DNS (as
> well as most internet-based services) were designed with openness in mind, not
> security. Most services were meant to be used by large numbers of nameless,
> faceless users, and to make them as easily accessible as possible, they were
> left wide open. Now that we depend op things like DNS, it's hard to implement a
> new way of doing things with security in mind. We can build on what we have,
> but if the basic building blocks are vulnerable, then all you can do is tighten
> it as much as possible, and assess the risk of what is left.
> Just my $.01,
> Kenny
> 
> Jeff Macdonald wrote:
> 
> > I've been cracked via bind 4 times over the past year. Each bind was a
> > different version. The last time was my workstation on a LAN at work. Yes,
> > the LAN should of been firewalled, but more important is to not run
> > services that you don't really need. For workstations, use the workstation
> > install, and you'll get less services started automatically. Add those that
> > you need by hand after the install.
> >
> > One last thing, does Redhat 6.2 configure bind to not run as root? Wouldn't
> > that keep buffer overflows from doing to much damage?
> >
> > At 03:10 PM 4/22/00 -0400, Derek Martin wrote:
> >
> > >I believe I have identified how my system was compromized.  CERT has
> > >released this advisory regarding BIND 8.2:
> > >
> > >   http://www.cert.org/advisories/CA-99-14-bind.html
> > >
> > >If you are running BIND on an Internet accessible RH6.1 machine, go get
> > >the updates NOW!
> > >
> > >--
> > >PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
> > >--
> > >Derek D. Martin  |  Unix/Linux Geek
> > >[EMAIL PROTECTED]  |  [EMAIL PROTECTED]
> > >--
> > >
> > >
> > >**
> > >To unsubscribe from this list, send mail to
> > >[EMAIL PROTECTED] with the following text in the
> > >*body* (*not* the subject line) of the letter:
> > >unsubscribe gnhlug
> > >**
> >
> > **
> > To unsubscribe from this list, send mail to
> > [EMAIL PROTECTED] with the following text in the
> > *body* (*not* the subject line) of the letter:
> > unsubscribe gnhlug
> > **
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: compromised system

[Marc Evans]

People should really consider running daemons like named in a chroot'ed
environemnt (see http://www.psionic.com/papers/dns/ for example). You
should also consult the INSTALL file in the source distribution, which
discusses the -u, -g and -t options:

User and Group ID

Specifying "-u" followed by a username or numeric user id on the
"named" command line will cause the server to give up all
privileges and become that user after the initial load of the
configuation file is complete.  "-g" may be used similarly to set
the group id.  If "-u" is specified but "-g" is not, the group
used will be the given user's primary group.

Chroot

"-t" followed by a directory path on the "named" command line will
cause the server to chroot() to that directory before it starts
loading the configuration file.

- Marc

On Sun, 23 Apr 2000, Derek Martin wrote:

> 
> I deleted the message before I could reply to it, but someone just asked
> if RH configures named to run as a non-root user.  The named daemon binds
> to port 53, which is a "reserved" port, and requires root priviledges for
> this operation.
> 
> There's no other reason that I'm aware of that named couldn't be
> configured to run on a non-reserved port so that it can run as a non-root
> user, other than the fact that there are already thousands of DNS servers
> across the internet that expect your DNS server will answer querries on
> port 53.
> 
> 
> -- 
> PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
> --
> Derek D. Martin  |  Unix/Linux Geek
> [EMAIL PROTECTED]  |  [EMAIL PROTECTED]
> --
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Derek's been hacked

[Marc Evans]

yes

On Sat, 22 Apr 2000, Tom Rauschenbach wrote:

> 
> 
> 
> Um, I just decided to check and I noticed that my /bin/sh is suid.  
> -rwsr-xr-x   1 root root20164 Apr 17  1999 /bin/login  
> 
> 
> 
> Should I be freaking out ?
> 
> 
> 
> --
> Standard is better than better.  If your web page cares what browser I'm using
> it's broken.
> [EMAIL PROTECTED]
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: 5+ port 10/100 *switch* options

[Marc Evans]

On Sat, 22 Apr 2000, Benjamin Scott wrote:

> On Fri, 21 Apr 2000, Rodent of Unusual Size wrote:
> > It turns out to have been a sub-optimal choice; the collision rate is
> > phenomenal (not surprising) ...
> 
>   Keep in mind that on regular, shared ethernet, collision rates as high as
> 80% are not unheard of.  It is sub-optimal, as you say, but then, so is the
> rest of ethernet.  If you want optimal, use FDDI.  ;-)

Nah, if you want optimal, use IP over SONET. 8-)

- Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: ntp2.usno.navy.mil

[Marc Evans]

Consider switching to ntp...

- Marc

On Fri, 21 Apr 2000, Tom Rauschenbach wrote:

>  
> 
> 
> 
> 
> Lately I've been getting connection refused from  ntp2.usno.navy.mil .
> Does anyone know of any other reliable sources for rdate service ?
> 
> TIA
> 
> TomR
> 
> 
> 
> 
> --
> Standard is better than better.  If your web page cares what browser I'm using
> it's broken.
> [EMAIL PROTECTED]
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: ezmlm ->

[Marc Evans]

Have you looked here:

http://www.qmail.org/top.html#ezmlm

If you are encountering problems, I suggest that you contact Fred Lindberg
directly. He is usually pretty responsive...

- Marc

On Wed, 19 Apr 2000, cdowns wrote:

> does anyone know where the ezmlm mailing list that works is? the
> documentation is scarce as far as ezmlm-web.cgi go. thanks, chris
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Time Keeping

[Marc Evans]

You are looking for NTP:

http://www.eecis.udel.edu/~ntp/

- Marc

On Wed, 19 Apr 2000, Kurth Bemis wrote:

> I know that this program must exist somewhere.  I'm looking for a console 
> app that will set my system clock with the navy clock...the one on 
> Colorado.  I checked of freshmeat and can't seem to find anything related 
> to my search.  any help given will be welcomed...
> 
> ~kurth
> Kurth Bemis
> Senior Unix/Linux Network/Server Administrator, USAExpress.net
> 
> [EMAIL PROTECTED]
> http://www.usaexpress.net/kurth
> ICQ UIN - 6624050
> Callsign - N1TYW
> PGP Key Available - ask
> 
> Fight Weak Encryption!  Donate Your Wasted CPU Cycles To distributed.net.
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Booting from AHA-2910Ai / AIC-7855

[Marc Evans]

Hello -

Does anyone on this list have experience in getting *any* version of Linux
to boot from a drive attached to an AHA-2910Ai / AIC-7855 (BIOS 1.24)? I
have encountered one of these that I am unsuccessfully getting it to
boot. When trying to boot I get "LI" on the top left of the screen, and
nothing more. I can boot off the CD and floppy fine.

I have searched through the majority of the resouces that I can find on
the net and am not finding anything related to this. Does anyone have any
references that they can forward?

[ As a side note, FreeBSD boots from the configuration fine, so I believe
  that the boot sectors and other hardware is operating properly. ]

Thanks in advance - Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

RPM discussion

[Marc Evans]

Hello -

A coworker pointed this article out to me, which I though people on this
list may find interresting, given the recent RPM discussions.

http://www.32bitsonline.com/forum.php3?forum=issues/23/bsdports&message=5

- Marc



**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

RE: Has anyone tried VMWARE?

[Marc Evans]

Yes, the more RAM the better. I have 256M on my laptop, and find that I
can run between 3 and 4 sessions, depending upon the workload of each. I
should note that I sometimes run u*ix within a session, particularly if I
am doing any serious debugging. It's much nicer to crash a virtual
computer 8-)

- Marc

On Wed, 1 Mar 2000, Jamie Blondin wrote:

> I've used it, love it.  I would suggest having lots (128MB) of RAM, though,
> so you can make sure that NT gets access to 64 MB when you run it in a
> VMWare window, and your Linux side isn't bogging down.  NT 4.0, at least,
> gets pissy when it doesn't get its RAM.
> 
> -Jamie Blondin
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> > Behalf Of Taylor, Chris
> > Sent: Wednesday, March 01, 2000 12:24 PM
> > To: GNHLUG (E-mail)
> > Subject: Has anyone tried VMWARE?
> >
> >
> > I know some of you must work in a mixed Windows/Linux environment and have
> > tried several methods to make this environment work.
> >
> > Recently I learned about a product called VMWARE (www.vmware.com) that
> > allows you to run an NT or Win 9x session inside of Linux, or with their
> > other product run a Linux session inside of NT/Win 9x.
> >
> > This appears to solve the problem of having to waste hard drive space
> > through partitioning etc and eliminiate the need to re-boot every time I
> > want to use a feature that works better in one O/S than the other.
> >
> > Has anyone tried this product?  Does it live up to expectations?
> >
> >  - Chris S. Taylor
> >
> > **
> > To unsubscribe from this list, send mail to
> > [EMAIL PROTECTED] with the following text in the
> > *body* (*not* the subject line) of the letter:
> > unsubscribe gnhlug
> > **
> >
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Has anyone tried VMWARE?

[Marc Evans]

I use it regularly, and highly recommend it.

- Marc

On Wed, 1 Mar 2000, Taylor, Chris wrote:

> I know some of you must work in a mixed Windows/Linux environment and have
> tried several methods to make this environment work.
> 
> Recently I learned about a product called VMWARE (www.vmware.com) that
> allows you to run an NT or Win 9x session inside of Linux, or with their
> other product run a Linux session inside of NT/Win 9x.
> 
> This appears to solve the problem of having to waste hard drive space
> through partitioning etc and eliminiate the need to re-boot every time I
> want to use a feature that works better in one O/S than the other.
> 
> Has anyone tried this product?  Does it live up to expectations?
> 
>  - Chris S. Taylor
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: RAID/Mirroring options

[Marc Evans]

Since you are talking more about data replication and inexpensive
mirroring, maybe your should consider using rsync (http://www.rsync.org).
I personally believe that the price of a hardware RAID is worth every
penny in cnotrast to software solutions, and I rarely ever configure
anything less then RAID-5. Those are personal preferences though...

- Marc

On 23 Feb 2000, Adam Johnson wrote:

> I'm starting to look for mirroring or RAID options for a linux box I'm going to
> upgrade at work.
> 
> I'm trying to keep this pretty economical.
> 
> I'd love to be able to build the new box on one drive, and once it's ready to
> move into place,  take the drive from the box that's currently in service and
> make it a mirror of the new drive in the new machine.
> 
> >From what I remember of Linux's software mirroring, that wouldn't work so well. 
> If things have changed, I'd love a pointer to info along these lines.
> 
> Are there hardware mirroring/RAID controller options that could do something
> like this?  Are any of them inexpensive enough that it would make sense to
> re-use the hard drives I already have? (2 4.3 Gb SCSI drives)
> 
> I read a review a while ago in Linux Journal of a really nice-sounding RAID
> controllers with great Linux support, but they cost over $1000, and I'm
> building this box out of existing hardware otherwise.
> 
> advTHANKSance,
> Adam Johnson
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: OS Issues

[Marc Evans]

OK, I will give it a try... For background, I have been actively using and
contributing toward the development of several OpenSource projects for
many years. I have enjoyed experimenting with the variety of OSes, often
times contrasting them to each other and to other commercial products. In
addition I have been lucky enough to regularly be retained by a variety of
companies to perform work such as performance characterizing and tuning of
various aspects of the systems. All of this has resulted in the opinions
that I make on this list, and other places that I am involved.

To the specific points of your inquiry though, I should probably refer to
the history of how the 3 primary OpenSource *BSD projects have come to
exist (FreeBSD, NetBSD, and OpenBSD). All of them have some fairly good
background on their web pages. As a summary statement though, you will
find that all three of the projects had closely related roots, and to this
day continue to have a considerable amount of cross-pollunation with their
developers. For example, look at the source code for the Digtial Ethernet
drivers in the source pools. Or alternatively, look at the change logs and
you will see many comments about integrating changes originated in one and
then carried to the other OS(es).

The above should help to explain a bit of why I characterize the OSes as
being similiar. That said, there are definitely differences too. For
example, the security provided by the encrypted swap mechanism in OpenBSD
is currently not something that you find in other OSes. For fun, launch a
"nmap -O" probe against each of FreeBSD, NetBSD, OpenBSD, Linux, and if
you have it handy, B1 or C2 secured Digital Unix. Pay particular attention
to the "Difficulty" value and the OS it believes it has detected. You may
be supprised at the results. Of course, this is just one small aspect of
looking at the security of an OS.

As for performance, my last serious pass through network performance was
in October/November 1999, and at that time I found that FreeBSD-current
was able to achieve higher peak untilization levels on the network
adapters I was testing (100M and 1G ethernet), and used less system
resources then what was available during that same timeframe and of
a similuar bloody development level in the other OpenSource OSes. My
particular tests forcused largely on caching as a target application.

Does this help? If there are particular things that you would like me to
try to expand upon, I would be happy to try...

- Marc

On Thu, 17 Feb 2000, Paul Courchene wrote:

> Marc Evans said:
> 
> >>(tests) I have run indicate that FreeBSD probably has the
> fastest network functionality.
> 
> >>The security in FreeBSD tracks very closely
> to OpenBSD too...
> 
> Since I know that you have "heavy duty expertise" in the above,
> would you expand on these "one-liners" so that those of us
> with general interest in (Linux and)
> Operating Systems per se', may learn more (???)
> 
> thanks
> 
> paulc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: openBSD.

[Marc Evans]

The experiments that I have run indicate that FreeBSD probably has the
fastest network functionality. The security in FreeBSD tracks very closely
to OpenBSD too...

- Marc

On Thu, 17 Feb 2000, Kurth Bemis wrote:

> At 06:36 AM 2/17/2000 , you wrote:
> 
> well we don't get anywhere near that many requests. in a second.  what 
> Opensource OS has the best network code?  i heard that FreeBSD didbut 
> i'm looking for something secure:-)
> 
> ~kurth
> 
> >I have OpenBSD installed on a few systems, and I find it to be a very good
> >OS. I believe that it is one of the best suited for shell accounts. For
> >serving pages (I presume http) and mail, it should be adequate, though if
> >this is a heavily accessed system (say more then 100 http requests per
> >second), you may find the network code to be no as efficient as some of
> >the other OpenSource OS's.
> >
> >- Marc
> >
> >On Wed, 16 Feb 2000, Kurth Bemis wrote:
> >
> > > Just a quick question.
> > >
> > > what does everybody think of openBSD?  i know that a remote root exploit
> > > hasn't been found in nearly 3 years.  i'm looking into a new OS for our 
> > new
> > > server.  would it be suitable for shells, serving pages, and mail.  just
> > > want to know your thoughts.
> > >
> > > also.  if anyone has any old computers that ther throwing away in the
> > > charlestown, claremont, newport and surronding areas...let me know.
> > >
> > >
> > >
> > > Kurth Bemis
> > > Senior UNIX Systems/Network Administrator, USAExpress.net LLC
> > >
> > > USAExpress.net
> > > Fast, Friendly Service
> > > http://www.usaexpress.net
> > > 1.877.499.LINK
> > >
> > >
> > > **
> > > To unsubscribe from this list, send mail to
> > > [EMAIL PROTECTED] with the following text in the
> > > *body* (*not* the subject line) of the letter:
> > > unsubscribe gnhlug
> > > **
> > >
> >
> >
> >**
> >To unsubscribe from this list, send mail to
> >[EMAIL PROTECTED] with the following text in the
> >*body* (*not* the subject line) of the letter:
> >unsubscribe gnhlug
> >**
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Virtual Hosting

[Marc Evans]

On Thu, 17 Feb 2000, Rich Payne wrote:
> 
> I know for ftp you can use Proftpd, that handles virtual hosts (I don't
> think wu-ftpd does). As for mail, we've used qmail for that, but I didn't
> set it up so I can't really comment on it. It seems to work OK, though
> things are a little different if you are familiar with sendmail.

Both support virtual hosting, based on IP address. In my opinion, proftpd
is more feature rich and a better piece of software in general. A third
option is war-ftpd.

I will second the suggestion about using qmail. I personally find it
better suited to virtual hosting then sendmail.

If DNS is a consideration, I suggest that bind version 8 works well,
particularly if you make use of the "include" directive in the named.conf
file. That allows you to keep each customers information seperated, and
potentially maintainable by the customer.

- Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: openBSD.

[Marc Evans]

I have OpenBSD installed on a few systems, and I find it to be a very good
OS. I believe that it is one of the best suited for shell accounts. For
serving pages (I presume http) and mail, it should be adequate, though if
this is a heavily accessed system (say more then 100 http requests per
second), you may find the network code to be no as efficient as some of
the other OpenSource OS's.

- Marc

On Wed, 16 Feb 2000, Kurth Bemis wrote:

> Just a quick question.
> 
> what does everybody think of openBSD?  i know that a remote root exploit 
> hasn't been found in nearly 3 years.  i'm looking into a new OS for our new 
> server.  would it be suitable for shells, serving pages, and mail.  just 
> want to know your thoughts.
> 
> also.  if anyone has any old computers that ther throwing away in the 
> charlestown, claremont, newport and surronding areas...let me know.
> 
> 
> 
> Kurth Bemis
> Senior UNIX Systems/Network Administrator, USAExpress.net LLC
> 
> USAExpress.net
> Fast, Friendly Service
> http://www.usaexpress.net
> 1.877.499.LINK
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: anyone know a good listserver?

[Marc Evans]

On Wed, 16 Feb 2000, cdowns wrote:

> > does anyone know a good stable listserver for RH6.1 running  apache
> > webserver?  if you have a link or any info would be great, thanks chris

qmail combined with ezmlm is my favorite...

- Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Web based e-mail relay

[Marc Evans]

Carefully read the license. I know that not long ago mailman was available
for education and personal use without charge.

Also, you might find it useful to look through the PHP examples, which
includes a POP interface.

- Marc

On Sun, 13 Feb 2000, Kenneth E. Lussier wrote:

> I have MailMan from Endymion running right now. Unfortunatly it expires
> after 30 days unless you get the licensed copy for $250. If I were
> planning on using this for work, then I would get the licensed copy, but
> it is only for personal access, and I don't have $250 to blow on
> convience. 
>   This may, however, be the inspiration I needed to learn Perl better so
> I can write my own. The html isn't hard, it's the backend scripting that
> I'll need to figure out. 
> Kenny 
> Marc Evans wrote:
> > 
> > There is a package called "mailman" that works pretty well for
> > this. If you can't find a URL, let me know and I will try to
> > locate it.
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Web based e-mail relay

[Marc Evans]

There is a package called "mailman" that works pretty well for this. If
you can't find a URL, let me know and I will try to locate it.

- Marc

On Sun, 13 Feb 2000, Kenneth E. Lussier wrote:

> All,
>   I am looking for a web-based e-mal relay system. Basically, what I'm
> looking to do is set up something on my web server that I (or other
> people) can plug in the names of the pop and smtp servers, username and
> password, and it goes out and gets the mail and displays it on a web
> front-end. I have looked at MUMail and MailMan, bu the former is
> unstable and only works for one or two messages and the latter costs
> $$$. Does anyone have any suggestions? 
> TIA,
> Kenny
> PS I am also thinking that this might be the perfect reason to learn
> Perl better and brush up on my HTML.
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: perl/scripting problems

[Marc Evans]

On Sat, 12 Feb 2000, A Page in the Life of ... wrote:

> -=> I've got two related but separate things I need to do.
> -=> 1) Recursivly assend into a directory and remove files that are under a certain
> -=> size (lets just say 5k)
> -=> 2) Recursivly assend into a directory and move all the files of a certain
> -=> pattern (*.html) to one directory 
> 
> man find
> 
> for the first try:
> 
> find /foo -size 5k -print
> 
> if it lists the files you want try:
> 
> find /foo -size 5k -exec rm {}\;
> 
> for the second it is: 
> find /foo -name \*.html -exec rm {}\;

Usin the "exec" functionality of the find command is often not very
efficient. Instead, it is common to use the "xargs" command in a pipe
instead. For example:

find /foo -size 5k -print | xargs rm

The second example provided doesn't really do what was requested. I would
suggest that instead of using the rm command that you do somethin like
this:

find /foo -name \*.html -print | while read file ; do \
mv $file /other/directory ; done

- Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: DDoS detector (fwd)

[Marc Evans]

> http://www.fbi.gov/nipc/trinoo.htm

Only binaries there, but a newer version with
source is here: http://staff.washington.edu/dittrich/misc/ddos_scan.tar
(I haven't tried it, yet.)

> Over the last month or so I have also been utilizing snort, which you too
> may find useful:
> 
> http://www.clark.net/~roesch/security.html
> 
> - Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: DDoS detector

[Marc Evans]

People interrested in these types of tools will probably find this
interresting too:

http://www.clark.net/~roesch/security.html

Over the last month plus I have been having good success in detecting and
shutting down improper activities flowing through destek.net...

- Marc

On Thu, 10 Feb 2000, John Abreau wrote:

> On Thu, 10 Feb 2000, Mike Spenard wrote:
> 
> > has everyone here seen this? 
> > 
> > http://www.fbi.gov/nipc/trinoo.htm
> > 
> >  Mike Spenard
> >  Systems Engineer
> >  Networqs.net
> 
> I notice they have binaries for Solaris/sparc, Solaris/Intel, and
> Linux/Intel, but no sources. The README file explains that the tool must
> be run as root. 
> 
> --
> John Abreau / Executive Director, Boston Linux & Unix 
> Email: [EMAIL PROTECTED] / URL: http://www.blu.org
> ICQ#28611923 / AIM abreauj
> ---
> "Working with NT is like trying to tune a watch wearing oven mitts.
>  You can't get your fingers inside like you can with UNIX.
> ---
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: apache 1.3.11

[Marc Evans]

as root do something like this:

cd /etc/rc.d/init.d
cp lpd apache
vi apache
# change the file to do the right-thing using "apachectl"
cd /etc/rc.d
ln -s ../init.d/apache rc3.d/S99apache
ln -s ../init.d/apache rc2.d/K01apache
ln -s ../init.d/apache rc1.d/K01apache
ln -s ../init.d/apache rc0.d/K01apache

If you use any of the other run levels, you will need to make similiar sym
links for them too.

- Marc

On Thu, 10 Feb 2000, Ray Bowles wrote:

> I just setup apache 1.3.11 with php and mysql support. I'm just a
> little stumped on how to get it to start at run time. Anyone know where
> I could find this info?  I already looked in the README, configure and
> INSTALL docs and found nothing. Apache's website was non help either. I
> know..It's a new guy. Not really, I just gave up on rpm's and
> started using the tarballs.
> This is my first posting. I sure hope, I will one day have something
> to offer to the group. I can't wait to attend my fist meeting.
> Thanks a lot,
> Ray
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Off topic ? mmap timings

[Marc Evans]

Have you looked at the Xv extension?

- Marc

On Thu, 10 Feb 2000, Ferenc Tamas Gyurcsan wrote:

> Hi,
> >Look at version 3.9.17* of XFree86 for speedups
> The important stuff is how I draw on X actually. I'm using Qt, and now I'm
> gonna implement an MIT-SHM X drawing thing. This seems to be the fastest so far
> because it doesn't need a socket call for every single Pixmap operation I do.
> Even if it's just an image2pixmap operation, it's still too expensive,
> especially compared to how I generate the Image with a beowulf.
> Ferenc
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Off topic ? mmap timings

[Marc Evans]

On Thu, 10 Feb 2000, Ferenc Tamas Gyurcsan wrote:

> experiment with this. It was interesting, but now let's speed-up the X:-).

Look at version 3.9.17* of XFree86 for speedups

- Marc


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: Off topic ?

[Marc Evans]

I have personally found that using mmap is less intense on the overall
system performance then the open/fopen alternatives. This is particularly
true if you are doing random I/O (seeking back and forth). Sadly, OS
portability is a bit of an issue, which may impact your development plans.

- Marc

On Wed, 9 Feb 2000, tom r wrote:

> 
> Please excuse a "not necessarily linux" question, but who wants to share
> opinions/experience on the virtues of mmap ing a file as opposed to opening it
> ? I'm about to start work on a project where the local custom is to mmap input
> files and I'm not so sure that's a good idea (the files and 100s of meg).  Are
> page faults really that much faster than reads ?
> 
> TIA
> 
> TomR
> 
> 
> 
> 
> --
> email me at  [EMAIL PROTECTED]
> Approach love and cooking with reckless abandon.
> (Isn't that a cool thought ?)
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**

Re: general scripting question

[Marc Evans]

Here is a quick, non optomized perl script:

while (<>) {
  next unless (/^HCA/);
  print $_;
  while (<>) {
last unless (/^I[XY]\d\d\d\d\d/);
print $_;
  }
}

There are more efficient ways to do this then the above perl, but that is
sufficient...

- Marc

On Wed, 9 Feb 2000, Matt Tilley wrote:

> Sorry for the long post, but tried to include enough info so that people can
> help.
> 
> Also, there is probably a better group to post to, but a quick search for
> "script" in newsgroups didn't turn up anything that led me to believe that the
> question would be better directed to another group (if I'm wrong - please just
> point me in the right direction, I'll post there and sorry for the bother).
> 
> OK, here goes.  My problem stems from dealing with a file that contains
> lines.  Some of the lines I want to keep, while I want to discard others
> (based on the value of the field of the first column).  It seems that the
> nutshell book deals more with files than with variables (this could just be a
> stumbling block of mine)
> 
> I am looking for groups of lines that belong together - for instance, whenever
> a line starts with "HCA" I want to save that line to a file and append the
> following lines as long as they begin with IX? or IY? (the "?" are
> place markers - I know that I will have a five digit number there).  As soon
> as the next HCA comes along, I want to do the same thing again.
> 
> Again, there are some lines that contain starting characters different than
> those above (or just blank lines) that I just want to discard.
> 
> Here is a quick example of the file that I want to work with:
> 
> START:
> 
> Garbage line that I want to discard
> 
> More garbage
> 
> HCA would like to keep this line
> IY45678 - and keep this line under the one above it (once I get the structure
> I can do more)
> IX89374 - with the rest.
> 
> More garbage that isn't wanted
> HCA would like to also keep this line, appending it to those above
> IX84956 - but preferably separated by a line
> IY74658 - this should be simple but I'm having a mental block. Once over the
> block
> IY34567 - I feel like a mental switch will close and I will begin to be more
> productive
> IX84755 - with my scripts (otherwise they seem way to simple (almost like a
> batch file)
> 
> END!
> 
> BTW, I would like to use ksh for this (will look into other ways (such as
> perl) after I close my knowledge gap in places like this).  My thoughts on
> this were this (just to at least show that I've been thinking about it):
> 
> cat myfile | while read line
>  do
> for i in $line
>   do
> if [ [ $i = IX? || IY? || HCA ] ]
> # would like to exit if true to the while loop and dump the line
> # to a file - possibly setting a flag to indicate that HCA is true
> (i.e., hcaflag)
> # as soon as another HCA or an unwanted word is encountered
> # print a blank line, discard unwanted line or start process over
> # again
> then  exit to while loop if true
> 
> else  discard line and get next line from myfile
> fi
> 
> if [ hcaflag ]
> then if [ [ $i = IX? || IY? ] ]
> then  echo line to file, etc.
> 
> Is this the right way to go about this (or haven't I explained it in enough
> detail to understand my problem?).
> 
> I'm not in scripting school (although I've been through one a while back), and
> I'm not doing this for anyone else but me (just to help me with my scripting
> skills).  I'm willing to put some time into this, but feel as if there maybe
> an easier way that I'm overlooking (am I making this way too difficult?).  The
> purpose behind this is to expedite the handling of large files indicating the
> fileset status on my AIX boxes (yes, I know that this isn't an AIX list, but
> I'm always monitoring this list because of my interest in Linux (have one
> P-166 running RH6.0 and on/off luck with running RH on my Dec Alpha (both at
> home)).
> 
> Sorry for the long message, but wanted to be sure that I gave enough
> information (hoping that I achieved this).
> 
> TIA
> 
> - Matt
> 
> 
> 
> 
> **
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **
> 


**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**