dvd player*s* show twice same half screen
Hi, I installed ogle and videolan client, and both suffer from the same illnes: I see only half the image, and that half is kind of displayed twice. I am using RH8.0, and the following relevant packages are installed: aalib-1.4rc4-fr2.1 alsa-lib-0.9.0rc3 libdvdcss-1.2.3-fr1 libdvdread-0.9.3-fr1.1 lirc-0.6.5-fr3 ogle-0.8.5-fr3 ogle_gui-0.8.5-fr2 videolan-client-0.4.5-fr1 Any idea why this trouble? Arie -- It is absurd to seek to give an account of the matter to a man who cannot himself give an account of anything; for insofar as he is already like this, such a man is no better than a vegetable. -- Book IV of Aristotle's Metaphysics = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X-Chat 1.9.3 with built-in Bidi(Pango) and AA works nice.
On Thursday 31 October 2002 02:17, Barak Kaufman wrote: > supplimental apparently its something with the connection to the server > itself because if i delete the /.xchat2 dir and run xchat i get the server > connection dialogue and when i try to connect it craches. > i woudl still appretiate any ideas > p.s. 1.8.9 works :) > Well, I still wouldn't be sure it's not a font related issue, since it doesn't try to use the font you choose in xchat.conf until the server tab is shown(the server list uses some other font for that, I think). Furthermore, it seems rather far-fetched to me that the network code itself is faulty. If it segfaults because of some bad socket, it would have been immediately noticed by all 1.9.3 users and fixed promptly. I do recall having a similar situation in one of my tries. I suggest you start off by giving it the default font that it wants. which means, installing the appropriate deb for it, of course. just search for the font name in packages.debian.org, and install the package it's in(I did that as well). Also, you should probably try and compile from the xchat-20021024.tar.bz2 package on X-Chat's site. That's what I used when I actually got it to work yesterday. Lastly, because I still think it's a font issue, you might want to try and compile it with Pango, and then directly with Xft, and see if it exhibits the same behaviour. This can give more accurate information where the problem resides. Hope this helps, Amir. To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Debian Mirror
Quoth Official Flamer/Cabal NON-Leader: > I have played a bit with my disks and as a result I switched the 'ole > Debian mirror to a 20 gigger. Therefore, I fulfill my long-standing > promise and am adding the arm architechture to the mirror. E... I got as far as xserver-xfree86 and am now with 59MB free disk space ;-)... But it is more or less done. Marc -- ---OFCNL This is MY list. This list belongs to ME! I will flame anyone I want. Official Flamer/Cabal NON-Leader [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: increasing the keyboard's responsiveness
On Tuesday 29 October 2002 14:02, Ilya Konstantinov wrote: > "xset r rate" in X. > > e.g. > > xset r rate 250 30 > > is my preferred setting (repeat delay 250, repeat rate 30). This sets the autorepeat rate. But does this influence the delay between different keystrokes? When I use the arrow keys to get around, I often find that the effect is way too slow. Is that a sign of an aging computer or is that, too, influenced by your suggestion? Arie = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: upcoming java ssh2?
Get ready to a long lecture(just felt like writing a novel, but instead I wrote a smartass kinda letter): this just show how naive are administrators today. anyway, as u know or not know u don't have to be a hacker today to do what the hell u want. if I wanna surf whatever the bleeping I want, I can do it and be sure every person who know how to operate a computer. I have a dozen ways in mind. well, its pretty twisted as security guys goes but that's not saying it can't be done. your system can be hacked and any security system in the world can be hacked with a butter knife. in fact there isn't a security system safe from a little creative thinking by your usual or not usual cracker or hacker. the former is what you gotta watch out from. I am telling you, from a security point of view(POV) you must dump this thinking right now or you are gonna get burned, or at least loose face with your boss (if you are the boss then disregard). Anyway, seeing hackers 2 with the script writers taking their creative liberties to new heights doesn't make you a security expert. Even if this movie is making an actual description of reality I would beg the differ it have something to do to this discussion. mitnick is what you call a social engineering dude. these guys have evolved from the gentlemen hasslers of the 18 century. they use their brains to mess with yours, and actualyhave limited understanding of what goes beneath. the problem with mitnick is that: a) he is not a gentlemen, maybe a moron + but thatsthat. b) has what we call narcissism++. this is why he was caught. but mitnick or even crackers are not, I repeat not your real problem. they are a transient beings who seldom attack your system, especially if they are not going to profit on you. and the hackers are harmless, just cursing for some publicity. what you REALLY really watch out from is the disgruntled worker who knows he is gonna get fired. you know what's the dumbest thing to do with a worker you just fired? giving him 2 weeks or even worse 1 month notice. I don't know what is your backup policy but most of the attacks that damaged companies came from their own employees. you say, what are these nice and silent guys are gonna do. let me give you a realization of the situation: 1) if your company is doing long term calculations, the disgruntled employee can just mess up a few bits or two at the start of the calculation and mess up a month work. 2) if you have a 2 weeks / month of backup cycle, the worker can put an encryption on some or all of the material with a pretext and then when he leaves he can make the private keys disappear. 3) he can mess up some of the database that are used to doing statistical inference, and cost the company a huge amount of money by miss prediction. 4)... and on and on, as there are endless ways in a twisted mind to destroy some else's creation. well, that's it folks, I had enough lecturing for one day. * - * - * Tzahi Fadida [EMAIL PROTECTED] Technion Email: [EMAIL PROTECTED] My Cool Site: HTTP://WWW.My2Nis.Com * - * - * - * - * - * - * - * - * - * WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html > -Original Message- > From: Robert Wallner [mailto:robert@;elinux.eu.org] > Sent: Wednesday, October 30, 2002 10:03 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: upcoming java ssh2? > > > On Wednesday 30 October 2002 17:20, Tzahi Fadida wrote: > > i disagree, since as long that there will be free access to internet > > I don't think corporate employees using their windoze box to > run kazaa and > other crap can be called "free internet access" > AAMOF, I run several networks full of idiots trying to bypass > network's and > company's policies. I don't give a dime about them screwing > their beloved > crappy desktop, but I care when a dumb ass chews up all > available bandwith > using a service he isn't supposed to > > > so what i am trying to say is that there is no way to > restrict a person > > while working on the internet if he doesn't want to be > restricted, short > > of arresting that man > > As long as you are connected behind a decent network > administrator's filtering > gateway, there is always a way to restrict what you can do > and what you > can't > > > ...(i.e: if you can find him:) > > I also saw "Hackers 2", but they finnaly caught him :) > > Regards, > Robert Wallner > > > > = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X-Chat 1.9.3 with built-in Bidi(Pango) and AA works nice.
supplimental apparently its something with the connection to the server itself because if i delete the /.xchat2 dir and run xchat i get the server connection dialogue and when i try to connect it craches. i woudl still appretiate any ideas p.s. 1.8.9 works :) On Wednesday 30 October 2002 20:57, Amir Sela wrote: > Personally, I've been wanting to ditch ksirc for ages now in favor of > X-Chat, but I missed my AA'ed fonts too much. It seems that X-Chat 1.9.3 > compiles fine, and the hebrew Bidi support works as well(No need for > --enable-hebrew). > > To enable the Bidi support just replace "#define USE_XFT 1" with > "#define USE_PANGO 1" in config.h and compile. (Thanks DCoder) > > To use AA : export GDK_USE_XFT=1 before running xchat(It seems that X-Chat > doesn't use Pango to actually render the text with Xft or ft2, so this is > relevant). > > This probably comes as old news to some of you, but I decided to post this > on the off-chance that others have wanted to use it as much as I did, and > maybe I can save some trouble to others trying to achieve the same thing. > > A few bugs that can be worked-around : > 1) If it fails to load because of some font it can't find (It looked for > some obscure font that was not present on my Debian Sid installation until > I apt-get'ed some font-pack package), manually change the "text_font =" > line in ~/.xchat2/xchat.conf to whatever font you want. Here it's > "text_font = Arial 12". > 2) Changing the font within the GUI _does_ work, it simply needs a restart > of X-Chat. Ignore the error and just restart X-Chat. > > Hope this will help, > Amir. > > > To unsubscribe, send mail to > [EMAIL PROTECTED] with the word "unsubscribe" in the message > body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] -- Barak Kaufman To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X-Chat 1.9.3 with built-in Bidi(Pango) and AA works nice.
on my machine (debian sid as well) the compile went smooth but when i try to run it - first it doesnt find fonts when i change it to arial 9 like u said it just segfaults out with no errors on the console. i am a kde user so i might have some misconfiguration issues with gnome althought when i open gnome i can see hebrew in the menus. any ideas ? On Wednesday 30 October 2002 20:57, Amir Sela wrote: > Personally, I've been wanting to ditch ksirc for ages now in favor of > X-Chat, but I missed my AA'ed fonts too much. It seems that X-Chat 1.9.3 > compiles fine, and the hebrew Bidi support works as well(No need for > --enable-hebrew). > > To enable the Bidi support just replace "#define USE_XFT 1" with > "#define USE_PANGO 1" in config.h and compile. (Thanks DCoder) > > To use AA : export GDK_USE_XFT=1 before running xchat(It seems that X-Chat > doesn't use Pango to actually render the text with Xft or ft2, so this is > relevant). > > This probably comes as old news to some of you, but I decided to post this > on the off-chance that others have wanted to use it as much as I did, and > maybe I can save some trouble to others trying to achieve the same thing. > > A few bugs that can be worked-around : > 1) If it fails to load because of some font it can't find (It looked for > some obscure font that was not present on my Debian Sid installation until > I apt-get'ed some font-pack package), manually change the "text_font =" > line in ~/.xchat2/xchat.conf to whatever font you want. Here it's > "text_font = Arial 12". > 2) Changing the font within the GUI _does_ work, it simply needs a restart > of X-Chat. Ignore the error and just restart X-Chat. > > Hope this will help, > Amir. > > > To unsubscribe, send mail to > [EMAIL PROTECTED] with the word "unsubscribe" in the message > body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] -- Barak Kaufman To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Open Source in the DoD
On the Perl Advocacy list, the following article was mentioned about the use of Open Source software in DoD (Department of Defense ?) http://www.egovos.org/pdf/dodfoss.pdf Though it has a probably flawed skew in favor of Perl and probably that is due to the way the survey was conducted the article might be still usefull in general Open Source Advocay here in Israel too. -- Gabor = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: upcoming java ssh2?
On Wednesday 30 October 2002 17:20, Tzahi Fadida wrote: > i disagree, since as long that there will be free access to internet I don't think corporate employees using their windoze box to run kazaa and other crap can be called "free internet access". AAMOF, I run several networks full of idiots trying to bypass network's and company's policies. I don't give a dime about them screwing their beloved crappy desktop, but I care when a dumb ass chews up all available bandwith using a service he isn't supposed to. > so what i am trying to say is that there is no way to restrict a person > while working on the internet if he doesn't want to be restricted, short > of arresting that man As long as you are connected behind a decent network administrator's filtering gateway, there is always a way to restrict what you can do and what you can't. > ...(i.e: if you can find him:) I also saw "Hackers 2", but they finnaly caught him :) Regards, Robert Wallner To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: upcoming java ssh2?
regarding the "They started this thinking that this will make them unfilterable. I expect they will soon find out that they were wrong, and the race will really be on." i disagree, since as long that there will be free access to internet nodes, i.e: unlike some cellular companies that provide WAP services do(they only allow you to surf their internal wap pages). you can find a way to access these resources, since inside the definition of "allow a b c" you allow side effects to infiltrate which is at the heart of the internet technology makeup. i will give you a small example, if you will block any kind of encapsulation inside http/s (i.e if you can really do that) i can use what is defined as fair usage to embed the information like in steganography, but not restricted to it. the only way to possibly try to restrict me is to use pattern recognition or AI that will profile my internet usage(there is one in the making right now, but it will be very crude and restricted to packet filtering). so what i am trying to say is that there is no way to restrict a person while working on the internet if he doesn't want to be restricted, short of arresting that man(i.e: if you can find him:) * - * - * Tzahi Fadida [EMAIL PROTECTED] Technion Email: [EMAIL PROTECTED] My Cool Site: HTTP://WWW.My2Nis.Com * - * - * - * - * - * - * - * - * - * WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html > -Original Message- > From: [EMAIL PROTECTED] > [mailto:linux-il-bounce@;cs.huji.ac.il]On Behalf Of Shachar Shemesh > Sent: Wednesday, October 30, 2002 6:22 PM > To: Aviram Jenik > Cc: 'Oron Peled'; 'Yedidyah Bar-David'; [EMAIL PROTECTED] > Subject: Re: upcoming java ssh2? > > > > > Aviram Jenik wrote: > > >The main idea behind a firewall is not to prevent rogue outgoing > >communication (this is usually pointless; you can do full IP > tunneling > >over ICMP packets if you wish) but to prevent incoming traffic to > >various services. For example, you may have an Intranet web > server that > >should only be accessible from inside the network, but > nobody from the > >outside should access it > > > A FW is a tool to enforce coorporate policy on people who may > or may not > wish to abide by it. It is not the only tool, and there are > other tools > designed to help with that aim. The most recommended, but hard to > maintain, is keeping only the services that need to run running > > >The fact that administrators (ab)use it to block various > services from > >internal users (and then those users find "clever" ways to > bypass these > >restrictions) is another topic altogether > > > It's a matter of users deciding not to abide by these > policies. Some of > the reasons for doing so are understandable (China example), some are > less (employees using corporate network to download Kaza > movies, or open > security holes in ICQ) > > >- but the ones that are > >overloading services on port 80 are not the corporates, but > rather than > >client-side utilities which want to bypass f/w restrictions > > > But that's another strange concept > > Lets look at it for a second: > Why do clients like ICQ use HTTP? Because they want to be > useable even > if the admins don't want their users to have it. I'll repeat > that - ICQ > wants to bypass the corporate policy! > > What do admins do about it? Well, whatever their FWs allow > them to do. > Slowly, FWs start to look at HTTP as a layer 5 protocol, over which > further inspection needs to be done. The race has begun. So far, the > clients are far ahead, but the distance is slowly being closed. Check > Point FW-1 NG FP3 (recently released) has an option of > blocking Kaza and > such > > Who's the loser? Admins and end users. The former because > they have to > keep upgrading, and because these checks are far more performance > intensive than packet matching and filtering. The former > because as the > inspections done become more and more intensive, performance > drops and > costs rise > > Who's winning? Well, the security companies obviously can't complain > (they can, and they do, but still). The client companies are > also in the > mix. They started this thinking that this will make them > unfilterable. I > expect they will soon find out that they were wrong, and the > race will > really be on. You will start seeing iterations of changing > clients, and > changing firewalls and proxies trying to catch up. All I can > really say > about that is "been there, done that, no winners" > > >Thanks, > >Aviram Jenik > >Beyond Security Ltd > >http://www.BeyondSecurity.com > >http://www.SecuriTeam.com > > > Theoretically, if people in corporates did not try to use > these tools to > bypass corporate policies, the need for layer 6 filtering > would not have > been big enough to justify security device companies diving into this > market, leaving the real important uses (Free surfing out of China) > without an answer. Sadly, people are too short sighted to > understand th
X-Chat 1.9.3 with built-in Bidi(Pango) and AA works nice.
Personally, I've been wanting to ditch ksirc for ages now in favor of X-Chat, but I missed my AA'ed fonts too much. It seems that X-Chat 1.9.3 compiles fine, and the hebrew Bidi support works as well(No need for --enable-hebrew). To enable the Bidi support just replace "#define USE_XFT 1" with "#define USE_PANGO 1" in config.h and compile. (Thanks DCoder) To use AA : export GDK_USE_XFT=1 before running xchat(It seems that X-Chat doesn't use Pango to actually render the text with Xft or ft2, so this is relevant). This probably comes as old news to some of you, but I decided to post this on the off-chance that others have wanted to use it as much as I did, and maybe I can save some trouble to others trying to achieve the same thing. A few bugs that can be worked-around : 1) If it fails to load because of some font it can't find (It looked for some obscure font that was not present on my Debian Sid installation until I apt-get'ed some font-pack package), manually change the "text_font =" line in ~/.xchat2/xchat.conf to whatever font you want. Here it's "text_font = Arial 12". 2) Changing the font within the GUI _does_ work, it simply needs a restart of X-Chat. Ignore the error and just restart X-Chat. Hope this will help, Amir. To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: upcoming java ssh2?
Aviram Jenik wrote: The main idea behind a firewall is not to prevent rogue outgoing communication (this is usually pointless; you can do full IP tunneling over ICMP packets if you wish) but to prevent incoming traffic to various services. For example, you may have an Intranet web server that should only be accessible from inside the network, but nobody from the outside should access it. A FW is a tool to enforce coorporate policy on people who may or may not wish to abide by it. It is not the only tool, and there are other tools designed to help with that aim. The most recommended, but hard to maintain, is keeping only the services that need to run running. The fact that administrators (ab)use it to block various services from internal users (and then those users find "clever" ways to bypass these restrictions) is another topic altogether It's a matter of users deciding not to abide by these policies. Some of the reasons for doing so are understandable (China example), some are less (employees using corporate network to download Kaza movies, or open security holes in ICQ). - but the ones that are overloading services on port 80 are not the corporates, but rather than client-side utilities which want to bypass f/w restrictions. But that's another strange concept. Lets look at it for a second: Why do clients like ICQ use HTTP? Because they want to be useable even if the admins don't want their users to have it. I'll repeat that - ICQ wants to bypass the corporate policy! What do admins do about it? Well, whatever their FWs allow them to do. Slowly, FWs start to look at HTTP as a layer 5 protocol, over which further inspection needs to be done. The race has begun. So far, the clients are far ahead, but the distance is slowly being closed. Check Point FW-1 NG FP3 (recently released) has an option of blocking Kaza and such. Who's the loser? Admins and end users. The former because they have to keep upgrading, and because these checks are far more performance intensive than packet matching and filtering. The former because as the inspections done become more and more intensive, performance drops and costs rise. Who's winning? Well, the security companies obviously can't complain (they can, and they do, but still). The client companies are also in the mix. They started this thinking that this will make them unfilterable. I expect they will soon find out that they were wrong, and the race will really be on. You will start seeing iterations of changing clients, and changing firewalls and proxies trying to catch up. All I can really say about that is "been there, done that, no winners". Thanks, Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com Theoretically, if people in corporates did not try to use these tools to bypass corporate policies, the need for layer 6 filtering would not have been big enough to justify security device companies diving into this market, leaving the real important uses (Free surfing out of China) without an answer. Sadly, people are too short sighted to understand that. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Timezone GMT+2 and Date behavior
The sun still rises from the east in our part of the globe:) The definition is straightforward: "specifies the time value to be added to the LOCAL TIME to get Coordinated Universal Time (UTC).". The "official" reference is the local time while the "street" reference is UTC (GMT). So, "correct" representation is IST - 2 == UTC while most of us use UTC + 2 = IST - Original Message - From: "Nadav Har'El" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, October 30, 2002 10:56 AM Subject: Re: Timezone GMT+2 and Date behavior > On Wed, Oct 30, 2002, [EMAIL PROTECTED] wrote about "Timezone GMT+2 and Date behavior": > > I set the same timezone GMT+2 in three different machines, running the following O/S: > > (note that you usually use "XYZ+2", where XYZ is the name you're going to > call the timezone; Calling it "GMT" is valid, but confusing) > > > in all the three machines, and suprisingly, the UTC time in Linux and Solaris 8 is two hours MORE then the GMT+2 time. > > The Tru64 results with correct values (UTC time is two hours LESS then the GMT+2 time). > > The Linux and Solaris behavior you describe is correct. > > GMT+2 is two hours west of UTC, i.e., UTC is two hours more than it. > This is exactly what is described in the manual says (see tzset(3)): > >"... The offset string immediately follows std and specifies the time > value to be added to the local time to get Coordinated Universal Time > (UTC). The offset is positive if the local time zone is west of the Prime > Meridian and negative if it is east." > > This is the way I always remember it being it on UNIX; West of England (e.g., > the USA) was positive offsets, east (e.g., Israel) was negative. > > If you were looking for Israeli time, you meant to use "GMT-2", not GMT+2. > > I don't know why Tru64 gave you the opposite behavior... > > > -- > Nadav Har'El| Wednesday, Oct 30 2002, 24 Heshvan 5763 > [EMAIL PROTECTED] |- > Phone: +972-53-245868, ICQ 13349191 |He who has more is not happier than he > http://nadav.harel.org.il |who wants less. > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: upcoming java ssh2?
Quoting Eli Marmor, from the post of Wed, 30 Oct: > There are actually 3 methods, and not one. > > The main one doesn't work well with some of the proxies, and is > probably exactly what you guessed. > > I don't speak about black-magics, well, do share, and stop talking in riddles like you invented the moon? I have no idea how a webserver can tell the client something asynchronously (not as an answer to a request), and if you don't end the reply of the server (i.e. keep sending more info), the client can't make new requests. the only way that comes to mind is opening one connection, recieving a cookie, opening a second connection, quoting the cookie, have the webserver tie the two sessions together, and then the client sends requests on one (and gets simple empty replies fpr HTTP compliance) and the real replies come down the other connection as a long neverending "reply". the problems you still face are impatiant proxies closing the connection, or simply not supporting HTTP 1.1 -- Significant other Ira Abramov http://ira.abramov.org/email/ This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal. To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: upcoming java ssh2?
> > What you describe just proves how clueless many corporations are. > First they overload any concievable service on port 80 (what happend > to the other 16K tcp/udp ports?) than they find that they need > to make content filtering so only "good" http goes in. > The main idea behind a firewall is not to prevent rogue outgoing communication (this is usually pointless; you can do full IP tunneling over ICMP packets if you wish) but to prevent incoming traffic to various services. For example, you may have an Intranet web server that should only be accessible from inside the network, but nobody from the outside should access it. The fact that administrators (ab)use it to block various services from internal users (and then those users find "clever" ways to bypass these restrictions) is another topic altogether - but the ones that are overloading services on port 80 are not the corporates, but rather than client-side utilities which want to bypass f/w restrictions. Thanks, Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com Know that you're safe: http://www.AutomatedScanning.com = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: upcoming java ssh2?
check out GNU httptunnel, see if you can compile it to run as a java applet inside a browser, the other end can stay the same since it can run on the server. also, maybe there are already some implementations on the libraries that are ready for use, search sourceforge. http://www.nocrew.org/software/httptunnel.html * - * - * Tzahi Fadida [EMAIL PROTECTED] Technion Email: [EMAIL PROTECTED] My Cool Site: HTTP://WWW.My2Nis.Com * - * - * - * - * - * - * - * - * - * WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Eli Marmor > Sent: Wednesday, October 30, 2002 9:33 AM > To: Linux-IL mailing list > Subject: Re: upcoming java ssh2? > > > Tzafrir Cohen wrote: > > > > >From the creators of WeirdX: > > > > http://www.jcraft.com/jsch/ > > > > version 0.0.6 of a java implementation of ssh2 > > I think it's great that these people port to Java applets any > client of > any client-server protocol (X, SSH, etc.) > > But there is still something that concerns me: It is known to any Java > professional that the ideal protocol for Java applets (to communicate > with a remote server) is HTTP (or HTTPS). SOAP was invented for this > purpose. Web services are based on this rule. Even ICQ ships such an > applet > > The reason: Contrary to typical client-server sessions (which are used > typically in LAN's and Intranets), Java applets are used by > "far" users > who connect to the server from the Internet; You don't have any idea > where do they come from, what routers and firewalls they had to pass, > etc > > Yes, the backend servers still use non-HTTP protocols, but this is > usually resolved by servers (or should I say proxies) that are put in > the middle, access the backends as "clients", while serving those > applets as "HTTP servers". Usually, these servers are even a part of > the backend (so the backend serves both - its own original protocol, > AND HTTP) > > Sometimes, all these proxies have to do is to "tunnel" the original > protocol through HTTP/HTTPS > > > So the big question: Why, when it comes to important protocols such as > SSH, X, IRC, VNC, etc., the applets must speak those > protocols directly > with the backend, and can't speak it over HTTP/HTTPS? > > Or it's possible? If yes, then how? > > -- > Eli Marmor > [EMAIL PROTECTED] > CTO, Founder > Netmask (El-Mar) Internet Technologies Ltd > __ > Tel.: +972-9-766-1020 8 Yad-Harutzim St > Fax.: +972-9-766-1314 P.O.B. 7004 > Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > > > = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: upcoming java ssh2?
its all in the eye of the beholder, read ahead. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:linux-il-bounce@;cs.huji.ac.il]On Behalf Of Oron Peled > Sent: Wednesday, October 30, 2002 12:42 PM > To: Yedidyah Bar-David > Cc: [EMAIL PROTECTED] > Subject: Re: upcoming java ssh2? > > > On Wed, 30 Oct 2002 10:25:31 +0200 > Yedidyah Bar-David <[EMAIL PROTECTED]> wrote: > > Sometimes you'd rather that over nothing. I know at least two places > > (and guess there are thousands) that do not permit any > outgoing traffic > > except http over their proxy (so that running sshd on port 80 won't > > work either). If you had a way to run such a http<->ssh proxy, even > > a slow and non-responsive one, you would use it when you had to > > What you describe just proves how clueless many corporations are > First they overload any concievable service on port 80 (what happend > to the other 16K tcp/udp ports?) than they find that they need > to make content filtering so only "good" http goes in there are no good nor bad, every company determines for itself what is good or bad. > > This is completely braindamaged, as various web services schemes > demonstrate that with appropriate methodology, you can overload > http with everything you want why not, its just 1/0 whats wrong with doing whatever the hell u want to do with it. free speech often accompanied by bad practicies, nontheless its still free speech. > > What will be the next level in their content filtering strategies? > Searching for "bad patterns"? (reminds me of the stupid AntiVirus > products I used in my old DOS days...) they already do that. ie IDS like snort, etc... > > Of course people could start encoding their protocols with > steganographic > methods over http... should be interesting to see corporates try to > block this they already do, and its good that it is possible so people, for example, in china could see site like cnn, etc.. > > > Oron Peled Voice/Fax: +972-4-8228492 > [EMAIL PROTECTED] http://www.actcom.co.il/~oron > > 3Com only purchased rights to the numbers '3' '5' and '9', Intel > owns '4', '8', '6', and '2'. '0' and '1' are still in the public > domain ;-) > -Donald Becker > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > > > = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: upcoming java ssh2?
On Wed, 30 Oct 2002 10:25:31 +0200 Yedidyah Bar-David <[EMAIL PROTECTED]> wrote: > Sometimes you'd rather that over nothing. I know at least two places > (and guess there are thousands) that do not permit any outgoing traffic > except http over their proxy (so that running sshd on port 80 won't > work either). If you had a way to run such a http<->ssh proxy, even > a slow and non-responsive one, you would use it when you had to. What you describe just proves how clueless many corporations are. First they overload any concievable service on port 80 (what happend to the other 16K tcp/udp ports?) than they find that they need to make content filtering so only "good" http goes in. This is completely braindamaged, as various web services schemes demonstrate that with appropriate methodology, you can overload http with everything you want. What will be the next level in their content filtering strategies? Searching for "bad patterns"? (reminds me of the stupid AntiVirus products I used in my old DOS days...). Of course people could start encoding their protocols with steganographic methods over http... should be interesting to see corporates try to block this. Oron Peled Voice/Fax: +972-4-8228492 [EMAIL PROTECTED] http://www.actcom.co.il/~oron 3Com only purchased rights to the numbers '3' '5' and '9', Intel owns '4', '8', '6', and '2'. '0' and '1' are still in the public domain ;-) -Donald Becker = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Timezone GMT+2 and Date behavior
On Wed, Oct 30, 2002, Oleg Goldshmidt wrote about "Re: Timezone GMT+2 and Date behavior": > "Nadav Har'El" <[EMAIL PROTECTED]> writes: > > > This is the way I always remember it being it on UNIX; West of > > England (e.g., the USA) was positive offsets, east (e.g., Israel) > > was negative. > > The confusion is, apparently, due to the fact that the normal time > reporting lists time as UTC + offset, with the offset positive to > the *East* of Prime Meridian: > > $ date +%z > +0200 > $ date > Wed Oct 30 11:27:21 IST 2002 > $ date -u > Wed Oct 30 09:27:24 UTC 2002 I never thought about that before. Yeah, it's really confusing :( -- Nadav Har'El| Wednesday, Oct 30 2002, 24 Heshvan 5763 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |You do not need a parachute to skydive. http://nadav.harel.org.il |You only need one to skydive twice. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: upcoming java ssh2?
Nadav Har'El wrote: > Does your trick work well over HTTP proxies? > > Some HTTP proxies (e.g., consider Apache's proxy, Squid, etc.) aren't > as "generic" as your trick might assume. They may not work full-duplex > (e.g., when the proxy is reading the response from the server it doesn't > try to read requests, so you'll need to use very short requests and > responses), they might not support keepalive (e.g., Apache's proxy) or > not guarantee it, they may wrongly cache stuff even if you tell them > not to, may refuse the CONNECT method, or otherwise mess with your traffic. > > If your trick is not 100% certain to work over HTTP proxies, it may not > be as useful as you think. (but not knowing what trick you refer to, > I can't really say). It seems that you know more than you think you know. There are actually 3 methods, and not one. The main one doesn't work well with some of the proxies, and is probably exactly what you guessed. But it is noticeable immediately by the server. So then it can fallback to the other methods, one of them is specific to IE, and the other to Netscape/Mozilla (don't know about Konq/etc.). I don't speak about black-magics, but about popular tricks that are used by many respective companies (like ICQ - IIRC) Maybe somebody (I?) should start a SourceForge project to develop a library that will implement all these tricks, instead of the current situation when anybody has to re-invent the wheel. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Timezone GMT+2 and Date behavior
"Nadav Har'El" <[EMAIL PROTECTED]> writes: > This is the way I always remember it being it on UNIX; West of > England (e.g., the USA) was positive offsets, east (e.g., Israel) > was negative. The confusion is, apparently, due to the fact that the normal time reporting lists time as UTC + offset, with the offset positive to the *East* of Prime Meridian: $ date +%z +0200 $ date Wed Oct 30 11:27:21 IST 2002 $ date -u Wed Oct 30 09:27:24 UTC 2002 -- Oleg Goldshmidt | [EMAIL PROTECTED] First binary search algorithm - J. Mauchly, 1946 First correct binary search algorithm - D.H.Lehmer, 1960 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: upcoming java ssh2?
On Wed, Oct 30, 2002, Eli Marmor wrote about "Re: upcoming java ssh2?": > But your response answered my question. I asked why all those Java > applets use only their own protocol instead of using HTTP/HTTPS, and > thanks to your response I know the answer: Their developer just don't > know this trick. Does your trick work well over HTTP proxies? Some HTTP proxies (e.g., consider Apache's proxy, Squid, etc.) aren't as "generic" as your trick might assume. They may not work full-duplex (e.g., when the proxy is reading the response from the server it doesn't try to read requests, so you'll need to use very short requests and responses), they might not support keepalive (e.g., Apache's proxy) or not guarantee it, they may wrongly cache stuff even if you tell them not to, may refuse the CONNECT method, or otherwise mess with your traffic. If your trick is not 100% certain to work over HTTP proxies, it may not be as useful as you think. (but not knowing what trick you refer to, I can't really say). -- Nadav Har'El| Wednesday, Oct 30 2002, 24 Heshvan 5763 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |You do not need a parachute to skydive. http://nadav.harel.org.il |You only need one to skydive twice. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Timezone GMT+2 and Date behavior
On Wed, Oct 30, 2002, [EMAIL PROTECTED] wrote about "Timezone GMT+2 and Date behavior": > I set the same timezone GMT+2 in three different machines, running the following O/S: (note that you usually use "XYZ+2", where XYZ is the name you're going to call the timezone; Calling it "GMT" is valid, but confusing) > in all the three machines, and suprisingly, the UTC time in Linux and Solaris 8 is >two hours MORE then the GMT+2 time. > The Tru64 results with correct values (UTC time is two hours LESS then the GMT+2 >time). The Linux and Solaris behavior you describe is correct. GMT+2 is two hours west of UTC, i.e., UTC is two hours more than it. This is exactly what is described in the manual says (see tzset(3)): "... The offset string immediately follows std and specifies the time value to be added to the local time to get Coordinated Universal Time (UTC). The offset is positive if the local time zone is west of the Prime Meridian and negative if it is east." This is the way I always remember it being it on UNIX; West of England (e.g., the USA) was positive offsets, east (e.g., Israel) was negative. If you were looking for Israeli time, you meant to use "GMT-2", not GMT+2. I don't know why Tru64 gave you the opposite behavior... -- Nadav Har'El| Wednesday, Oct 30 2002, 24 Heshvan 5763 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |He who has more is not happier than he http://nadav.harel.org.il |who wants less. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: upcoming java ssh2?
Shachar Shemesh wrote: > It's certanly possible, but I believe you are missing some important > point here. The purpose of these applets is not to get easy access to > the machine using a new and innovative technique. The purpose is to > provide clientless SSH. > > For example, I am one of the admins on the now notorious fiasco server. > We have a Fiasco member that usually connects from internet cafe's from > around the world. That does not stop him from wanting to use SSH to > connect. Well, guess what? The internet Cafe didn't install SSH. A > crying oversight, no doubt, but a sad reality nontheless. > > By installing this Java applet, I can give him a URL that will allow him > to SSH to the machine. no need to install anything on the client. I fully agree. But everything you wrote, is right also when the connection between the Java applet and the SSHD is done over HTTP/HTTPS. Ira Abramov wrote in another response: > Eli, you have been doing HTTP work in the past, can't you see the > problems? HTTP works only one way - client asks, server answers. there > is no way for the server to shove information asynchronously to the > user, how can such interactive protocols work? you really want to load > the line with 1 second polls from the client, or see screen updates only > after you type or move a mouse? Actually, there is a simple trick to do it under a standard HTTP/HTTPS (without using any non-standard extension). Out of the scope for this list. But your response answered my question. I asked why all those Java applets use only their own protocol instead of using HTTP/HTTPS, and thanks to your response I know the answer: Their developer just don't know this trick. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: upcoming java ssh2?
Quoting Yedidyah Bar-David, from the post of Wed, 30 Oct: > Sometimes you'd rather that over nothing. I know at least two places > (and guess there are thousands) that do not permit any outgoing > traffic except http over their proxy (so that running sshd on port 80 > won't work either). If you had a way to run such a http<->ssh proxy, > even a slow and non-responsive one, you would use it when you had to. in such a case you will either have to ask the original developers to change their specs and support a polling mode (better luck with VNC than with X or SSH), or build your own sophisticated SSH-to-HTTP gateway (and another for X) to fake interaction with the server until the client polls again and gets the accumulated updates. it's a guaranteed brain damage, and causes much annoyance to the poor end users. some tools were not meant for all tasks. if your company refuses you interactive ssh connections, I guess they really don't want you to have ssh connections, direct or over http. trying to re-engineer good technology to accomodate twisted mindsets of organisms makes sense only up to a certain point. -- Wild thing Ira Abramov http://ira.abramov.org/email/ This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal. msg22973/pgp0.pgp Description: PGP signature
Re: upcoming java ssh2?
On Wed, Oct 30, 2002 at 10:04:36AM +0200, Ira Abramov wrote: > Quoting Eli Marmor, from the post of Wed, 30 Oct: > > So the big question: Why, when it comes to important protocols such as > > SSH, X, IRC, VNC, etc., the applets must speak those protocols > > directly with the backend, and can't speak it over HTTP/HTTPS? > > Eli, you have been doing HTTP work in the past, can't you see the > problems? HTTP works only one way - client asks, server answers. there > is no way for the server to shove information asynchronously to the > user, how can such interactive protocols work? you really want to load > the line with 1 second polls from the client, or see screen updates only > after you type or move a mouse? Sometimes you'd rather that over nothing. I know at least two places (and guess there are thousands) that do not permit any outgoing traffic except http over their proxy (so that running sshd on port 80 won't work either). If you had a way to run such a http<->ssh proxy, even a slow and non-responsive one, you would use it when you had to. > > polling may be OK on a local bus or LAN, not over WAN and dialup. the > other (and major) problem is that encapsulation can bloat protocols, and > in ssh/X you want quick response, without the overhead of unpacking, > repacking, and parsing. compression is the most you want. (hence > TightVNC, X compressors and the built-in compression in ssh) > > -- > Now playing for the Denver Broncos > Ira Abramov > > http://ira.abramov.org/email/ This post is encrypted twice with ROT-13. > Documenting or attempting to crack this encryption is illegal. > Didi = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: upcoming java ssh2?
Quoting Eli Marmor, from the post of Wed, 30 Oct: > So the big question: Why, when it comes to important protocols such as > SSH, X, IRC, VNC, etc., the applets must speak those protocols > directly with the backend, and can't speak it over HTTP/HTTPS? Eli, you have been doing HTTP work in the past, can't you see the problems? HTTP works only one way - client asks, server answers. there is no way for the server to shove information asynchronously to the user, how can such interactive protocols work? you really want to load the line with 1 second polls from the client, or see screen updates only after you type or move a mouse? polling may be OK on a local bus or LAN, not over WAN and dialup. the other (and major) problem is that encapsulation can bloat protocols, and in ssh/X you want quick response, without the overhead of unpacking, repacking, and parsing. compression is the most you want. (hence TightVNC, X compressors and the built-in compression in ssh) -- Now playing for the Denver Broncos Ira Abramov http://ira.abramov.org/email/ This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal. msg22971/pgp0.pgp Description: PGP signature
Re: Debian Mirror - a silly question...
Quoth Oleg Kobets: > I am asking for Alpha and Sparc ! :-) SPARC _IS_ on the mirror. Alpha is not. I used to have Alpha, until my own died. Ok, I'll make an effort to get it back on. -- ---OFCNL This is MY list. This list belongs to ME! I will flame anyone I want. Official Flamer/Cabal NON-Leader [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: upcoming java ssh2?
Eli Marmor wrote: Tzafrir Cohen wrote: From the creators of WeirdX: http://www.jcraft.com/jsch/ version 0.0.6 of a java implementation of ssh2. I think it's great that these people port to Java applets any client of any client-server protocol (X, SSH, etc.). .. So the big question: Why, when it comes to important protocols such as SSH, X, IRC, VNC, etc., the applets must speak those protocols directly with the backend, and can't speak it over HTTP/HTTPS? Or it's possible? If yes, then how? It's certanly possible, but I believe you are missing some important point here. The purpose of these applets is not to get easy access to the machine using a new and innovative technique. The purpose is to provide clientless SSH. For example, I am one of the admins on the now notorious fiasco server. We have a Fiasco member that usually connects from internet cafe's from around the world. That does not stop him from wanting to use SSH to connect. Well, guess what? The internet Cafe didn't install SSH. A crying oversight, no doubt, but a sad reality nontheless. By installing this Java applet, I can give him a URL that will allow him to SSH to the machine. no need to install anything on the client. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
