Re: Full Disc Encryption - i want your opinions
According to Seagate, the password is set using the normal ATA any link HOW such ata command look? In the end it is always a cost/benefit (effort/threat) decision... don't overdo it. i am not paranoid :)
Re: Full Disc Encryption - i want your opinions
Being realistic however, if you offered 1000 random people a $1000 prize to get into your system, using the BIOS AES disk encryption, it's unlikely any of them would pull it off. With softraid, I am only lacking rootkit protection, by doing a sha1sum on my /altroot partition, from the encrypted system, during boot, which is simple enough to set up, but I have no reason to. On Fri, Jul 20, 2012 at 9:12 PM, Robert Connolly < robertconnolly1...@gmail.com> wrote: > I have been using softraid full disk encryption, with the exception of the > /altroot partition, on my laptop. I have no real threat. I just want it so > that if someone wants to go through my laptop, they can't without my > permission. With OpenBSD's full disk encryption, and a locking screen > saver, there is no known way into my system, with any amount of resources > available. The overhead isn't a problem unless I'm copying huge amounts of > data, which is rare. > > The very first thing that occurred to me when reading about your BIOS > level AES disk encryption is what is the weakest link in it. Cracking the > AES is the last thing anyone would want to do, assuming it's genuine. > Unless the implementation is open source, you could have something like a > password utility that only accepts 4 characters, even if you type 50, uses > the bios version for entropy, or other serious issues. There are > underground folks who will use all their resources to look for and find > such vulnerabilities, and we don't really know one way or the other if the > implementation is good, unless of course it is open source. > > > On Fri, Jul 20, 2012 at 2:12 AM, Wojciech Puchar < > woj...@wojtek.tensor.gdynia.pl> wrote: > >> Many today SSD and some magnetic disks have AES-128/256 encryption >> builtin. >> >> If BIOS supports it, it ask for password then send it to hard disk after >> which it decodes it's AES key so it start to work. >> >> No software crypto overhead, everything fine. >> >> My question - how secure it really is. >> >> One extremity is to assume it is certainly well done. >> Another - that there are encryption at all, just simple password check. >> >> Both are possible as there is no way to check. >> >> I want your opinions. Software encryption would make quite a bit overhead >> for my setup.
Curso de "Ortografía y Redacción para Ejecutivos" Cierre de reservaciones
Si no puede visualizar correctamente este correo, le pedimos que lo arrastre a su Bandeja de Entrada Apreciable Ejecutivo: TIEM de México Empresa Líder en Capacitación y Actualización de Capital Humano Le recuerda que el curso de: Ortografía y Redacción para Ejecutivos Esta programado en la Ciudad de México para el día 26 de Julio de 2012 Una parte importante de la imagen y la personalidad es la facilidad o dificultad con la cual nos expresamos y logramos despertar el interés de nuestro interlocutor o lector. Este importante seminario le ofrece la oportunidad de desarrollar habilidades y técnicas que le permitirán tener una comunicación escrita eficaz para expresarse correctamente con claridad, fluidez y precisión, en los diferentes tipos de documentos que se requieran en su área de trabajo. Tu participación te permitirá: 1. Obtener un aprendizaje significativo de los acentos y las letras. 2. Valorar la lectura como el medio para mejorar la ortografía y la redacción. 3. Saber cómo desarrollar un estilo de redacción. 4. Tips para actualizar y modernizar los escritos administrativos. 5. Aprender a realizar escritos concisos y sencillos. 6. Facilitar la tarea de trasmitir las ideas. 7. Saber cómo utilizar correctamente los diferentes documentos. 8. Evitar la repetición o la corrección de errores. Para mayor información, favor de responder este correo con los siguientes datos: Empresa: Nombre: Ciudad: Teléfono: o si lo prefiere comuníquese a los teléfonos: Del DF al 5611-0969 con 10 líneas Interior del País Lada sin Costo 01 800 900 TIEM (8436) Aceptamos todas las TDC y Débito. Promoción: 3 meses sin Intereses pagando con American Express ®Todos los Derechos Reservados ©2011 TIEM Talento e Innovación Empresarial de México Este Mensaje le ha sido enviado como usuario de TIEM de México o bien un usuario le refirió para recibir este boletín. Como usuario de TIEM de México, en este acto autoriza de manera expresa que TIEM de México le puede contactar vía correo electrónico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de él y reporte su cuenta respondiendo este correo con el subject BAJABD Tenga en cuenta que la gestión de nuestras bases de datos es de suma importancia y no es intención de la empresa la inconformidad del receptor.
Re: Full Disc Encryption - i want your opinions
I have been using softraid full disk encryption, with the exception of the /altroot partition, on my laptop. I have no real threat. I just want it so that if someone wants to go through my laptop, they can't without my permission. With OpenBSD's full disk encryption, and a locking screen saver, there is no known way into my system, with any amount of resources available. The overhead isn't a problem unless I'm copying huge amounts of data, which is rare. The very first thing that occurred to me when reading about your BIOS level AES disk encryption is what is the weakest link in it. Cracking the AES is the last thing anyone would want to do, assuming it's genuine. Unless the implementation is open source, you could have something like a password utility that only accepts 4 characters, even if you type 50, uses the bios version for entropy, or other serious issues. There are underground folks who will use all their resources to look for and find such vulnerabilities, and we don't really know one way or the other if the implementation is good, unless of course it is open source. On Fri, Jul 20, 2012 at 2:12 AM, Wojciech Puchar < woj...@wojtek.tensor.gdynia.pl> wrote: > Many today SSD and some magnetic disks have AES-128/256 encryption builtin. > > If BIOS supports it, it ask for password then send it to hard disk after > which it decodes it's AES key so it start to work. > > No software crypto overhead, everything fine. > > My question - how secure it really is. > > One extremity is to assume it is certainly well done. > Another - that there are encryption at all, just simple password check. > > Both are possible as there is no way to check. > > I want your opinions. Software encryption would make quite a bit overhead > for my setup.
Como Eficientar el Presupuesto Acotado y Recortado
© 2012 Conference Corporativo S.C. Incluye Temas Críticos Sobre: Cierre de Gestión, Observaciones y Responsabilidades Asista a los 45 Mejores Cursos en México de la Serie: CONTABILIDAD Y FINANZAS Cursos, Contenidos y Metodologías Desarrollados en Alianza con las Mejores Universidades Europeas con Calidad ISO 9000. Haga click para desplegar información Curso 1 Solventar Observaciones. (NUEVO) Curso 2 Libro Blanco y las Memorias Documentales del Sector Público Mexicano. (NUEVO) Curso 3 Elaboración Puntual de las Memorias Documentales. (NUEVO) Curso 4 Acta de Entrega Recepción y Rendición de Cuentas. (NUEVO) Curso 5 Servicio Profesional de Carrera. Curso 6 Defensa Estratégica de los Servidores Públicos. Curso 7 Cómo Enfrentar con Éxito Auditorías Gubernamentales. Curso 8 Ley Federal de Responsabilidades Administrativas. Curso 9 (Nueva)Ley Federal Anticorrupción. Curso 10 Derecho Laboral Burocrático. Curso 11 Matriz de Administración de Riesgos (MAR). Curso 12 Lineamientos sobre Indicadores para Medir los Avances Físicos Financieros y la MIR. Curso 13 Cómo Ejecutar Adecuaciones Presupuestarias. Curso 14 Contabilidad Gubernamental en la Transparencia de las Finanzas Públicas (Incluye Ley). Curso 15 Análisis Integral de las Disposiciones del CONAC. Curso 16 Clasificador por Objeto del Gasto. Curso 17 Ley Federal de Presupuesto y Responsabilidad Hacendaria y su Reglamento. Curso 18 Contabilidad Gubernamental en la Armonización Contable y el Nuevo Plan Nacional de Cuentas. Curso 19 Normas de Información Financiera Generales y Gubernamentales (NIF 2012). Curso 20 Manual de Contabilidad Gubernamental. Curso 21 (Nueva) Ley de la Firma Electrónica Avanzada para Servidores Públicos. Curso 22 Presupuesto Basado en Resultados (PBR) Curso 23 Manual Administrativo de Aplicación General en Materia de Recursos Financieros. (Incluye IMPLEMENTACIÓN TOTAL) Curso 24 Marco Lógico para la Evaluación del PBR. Curso 25 (Nueva)Investigación de Mercados y los Criterios de Evaluación para Adquisiciones. Curso 26 Archivonomía Gubernamental. Curso 27 Almacenes e Inventarios Gubernamentales. Curso 28 COMPRANET 5.0 (Licitaciones Electrónicas de las Adquisiciones). Curso 29 COMPRANET 5.0 (Licitaciones Electrónicas de las Obras Públicas). Curso 30 Ley de Adquisiciones. Curso 31 Ley de Obras Públicas. Curso 32 Licitaciones y Contrataciones de las Adquisiciones. Curso 33 Licitaciones y Contrataciones de las Obras Públicas. Curso 34 Criterios de Evaluación de Propuestas Económicas en Obra Pública. Curso 35 Manual Administrativo de Aplicación General en Materia de Adquisiciones. (Incluye IMPLEMENTACIÓN TOTAL) Curso 36 Manual Administrativo de Aplicación General en Materia de Obras Públicas. (Incluye IMPLEMENTACIÓN TOTAL) Curso 37 Manual Administrativo de Recursos Materiales y Servicios Generales. (Incluye IMPLEMENTACIÓN TOTAL) Curso 38 Manual Administrativo de Recursos Humanos. (Incluye IMPLEMENTACIÓN TOTAL) Curso 39 Manual Administrativo Sobre Tecnologías de la Información y Comunicaciones (TIC). Curso 40 Disposiciones en Materia de Control Interno y su Manual Administrativo.(Incluye IMPLEMENTACIÓN TOTAL) Curso 41 (Nuevo)Manual del Servicio Profesional de Carrera para el Gobierno Federal Mexicano. Curso 42 Manual de Transparencia.(Incluye IMPLEMENTACIÓN TOTAL) Curso 43 Capítulo 1000 y el Nuevo Manual De Percepciones de los Servidores Públicos. Curso 44 Auditorías, Revisiones y Visitas de Inspección. Curso 45 (Nueva)Ley de Asociaciones Público-Privadas (LAPP). Curso 46 (Nueva)Ley Federal de Archivos Atención Ejecutiva Centro de Atención Telefónica: DF y Área Metropolitana (55) 91 40 30 30 Lada sin costo: (01 800) 439 66 66 Correo dirigido a: ESTE MAIL CUMPLE CON LAS POLíTICAS ANTISPAM INTERNACIONALES Y LOCALES. Para darse de baja sólo haga click aquí
Contato,sexta-feira, 20 de julho de 2012
Contato Site Assunto: OrcamentoNome: Marcos S SousaEmail: macossousa.compras@gmail.comTelefone: (11) 3904- 1478Mensagem: Bom dia gostaria de um orcamento sobre alguns itens,que necessito com urgencia. Orcamento-doc.pdf 78K Visualizar Baixar
Re: Full Disc Encryption - i want your opinions
On Fri, 20 Jul 2012 21:55:52 +0200 (CEST)
Wojciech Puchar wrote:
> > There are certain Seagate Momentus disks that do AES encryption in
> > hardware. This means that they use an AES key to encrypt the data, and
> > you need a ("BIOS"-)password to unlock this key at boot. So whenever you
> > change the password, it's just that - the AES key stays the same. You
>
> that's how all "FDE" drives work. Already a problem as only BIOS can
> activate password, there are no command line tool.
>
> And no idea how would it work if more than one disk with FDE is installed
> on system.
According to Seagate, the password is set using the normal ATA
commands. So I *assume* that you can use the atactl tool for this. The
BIOS does nothing else...
> > Yes and no. Again, what threat are you looking at. If your adversary can
> > get physical access to your machine ("evil maid attack"), he can
> > install a root kit or key logger - which would defeat any software
>
> no concern on "evil maid" really.
>
> But simple theft from outside is definitely possible, and DID happened
> long in the past in spite of some control.
>
> Possibility of theft done for data, not machine is very likely.
>
> So lets narrow question - can such thief, with help of some kind of
> specialist - recover data from FDE encrypted drive without password?
>
> to install a boot-time key logger you would need to get here twice, once
> to shutdown server and install keylogger (which cannot be unnoticed!!!)
> and second time to actually steal it.
*) If someone can get in once unnoticed, he can do it twice. Or the
root kit sends the data out as part of other network traffic. Etc.
*) A power failure can be simulated. Or a hardware failure.
But again, then you are looking at a sophisticated attacker. They might
also have other means (how much does your admin earn? your security
guy? can he be bribed? blackmailed? threatened?).
You probably just want to protect against someone breaking into your
server room and stealing the HDs. In this case do a normal system
install (unencrypted), and encrypt the data disks. Make the admin type
in the password after reboot, via SSH or the console. Don't store the
keys on the system disk ;)
> checking out that unencrypted part didn't change after unplanned reboot is
> good idea. thanks!
You would have to do this in another system, since you can't trust this
system anymore. This is lots of manual work - is it worth in your
situation?
Some other idea: remove the local system disk. Create a read only system
on a CD (+ ramdisk for /tmp, send logs to another server) and boot from
this. Or boot it from the (protected, physically separated server-)LAN.
In the end it is always a cost/benefit (effort/threat) decision...
don't overdo it.
kind regards,
Robert
Re: Full Disc Encryption - i want your opinions
There are certain Seagate Momentus disks that do AES encryption in
hardware. This means that they use an AES key to encrypt the data, and
you need a ("BIOS"-)password to unlock this key at boot. So whenever you
change the password, it's just that - the AES key stays the same. You
that's how all "FDE" drives work. Already a problem as only BIOS can
activate password, there are no command line tool.
And no idea how would it work if more than one disk with FDE is installed
on system.
Yes and no. Again, what threat are you looking at. If your adversary can
get physical access to your machine ("evil maid attack"), he can
install a root kit or key logger - which would defeat any software
no concern on "evil maid" really.
But simple theft from outside is definitely possible, and DID happened
long in the past in spite of some control.
Possibility of theft done for data, not machine is very likely.
So lets narrow question - can such thief, with help of some kind of
specialist - recover data from FDE encrypted drive without password?
to install a boot-time key logger you would need to get here twice, once
to shutdown server and install keylogger (which cannot be unnoticed!!!)
and second time to actually steal it.
checking out that unencrypted part didn't change after unplanned reboot is
good idea. thanks!
Re: Full Disc Encryption - i want your opinions
On Fri, 20 Jul 2012 17:33:26 +0200 (CEST)
Wojciech Puchar wrote:
> > As your disk is probably not 'open source' (?), you don't
> > know if there is a really encryption, or if there is a secret
> > password (as for some bios) that permits to access data.
>
> thats exactly what i fear about. it is even possible that there are no
> encryption at all.
There are certain Seagate Momentus disks that do AES encryption in
hardware. This means that they use an AES key to encrypt the data, and
you need a ("BIOS"-)password to unlock this key at boot. So whenever you
change the password, it's just that - the AES key stays the same. You
need to make sure that your BIOS also has an option to reset the AES
key (e.g. the Thinkpad laptops can do this with an official BIOS
patch). Otherwise you rely on the manufacturer that he doesn't keep a
list of the default AES keys ;)
> > Keep in memory that, whatever you do, if a guy has money
> > and WANTS your data, he can get these.
> >
> > So, as long as you're not a terrorist,
> No i am not a terrorist yet ;)
ACK. What kind of threat do you want to counter, who is your
adversary... [1], [2]
> So final conclusion - just use software encryption.
> Thank you.
Yes and no. Again, what threat are you looking at. If your adversary can
get physical access to your machine ("evil maid attack"), he can
install a root kit or key logger - which would defeat any software
crypto. In this case you need full disk encryption AND make it difficult
to flash the BIOS or replace hardware parts (how about an identical
keyboard with a built-in sniffer?).
The average user should protect himself against unwanted data disclosure
(e.g. stolen laptop or lost USB disk). Software crypto is perfectly
fine for this.
kind regards,
Robert
[1] http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
[2] http://xkcd.com/538/
Re: kvm and Openbsd 5.1
Second that! Works great =) > I have 5.0 and 5.1 working well, with 2 vCPU, on my ESXi 5. > > Cheers, > Jo
Taller de "Coaching Ejecutivo"
Apreciable Ejecutivo: TIEM de México Empresa Líder en Capacitación y Actualización de Capital Humano Ponemos a su disposición este excelente taller denominado: Coaching Ejecutivo Ciudad de México, el día 27 de Julio de 2012 Inscríbase 5 días antes de la fecha del Curso y obtenga un descuento del 15% con Inversión Inmediata No deje pasar esta oportunidad e Invierta en su Desarrollo Personal y Profesional No vienes a aprender de nosotros, vas a aprender de ti mismo El coaching es un proceso personal que se lleva a través de una metodología de acompañamiento personal o grupal en donde tu mismo encontraras los resultados que estas buscando llevando tu potencial al máximo en el desarrollo de habilidades y cumplimiento de objetivos además del mejoramiento en el desempeño profesional. En el coaching encontraras: Auto conocimiento Maximizar tus capacidades de aprendizaje Maximizar tu desempeño Establecer metas y objetivos claros y medibles Identificar tus propios obstáculos Explorar tus propias oportunidades Dirigido a: Toda persona interesada en mejorar sus habilidades Gerenciales y de Supervisión Personas que tengan responsabilidad de dirigir personas y equipos Empresarios, Directores, Gerentes, Supervisores y Líderes con personal a su cargo Duración: 05 horas Guía Temática: Organización y personas Beneficios del coaching Definiciones de coaching Personas vs organización Disciplinas: cambio remediativo y cambio generativo Roles del coaching Proceso del coaching Análisis de los diferentes tipos del coaching Modelo de competencias Análisis y valoración de resultados Para mayor información, favor de responder este correo con los siguientes datos: Empresa: Nombre: Ciudad: Teléfono: O si lo prefiere comuníquese a los teléfonos: Del DF al 5611-0969 con 10 líneas Interior del País Lada sin Costo 01 800 900 TIEM (8436) Aceptamos todas las TDC y Débito. **Promoción: 3 meses sin Intereses pagando con American Express **Aplica solo con Inversión Normal ®Todos los Derechos Reservados ©2011 TIEM Talento e Innovación Empresarial de México Este Mensaje le ha sido enviado como usuario de TIEM de México o bien un usuario le refirió para recibir este boletín. Como usuario de TIEM de México, en este acto autoriza de manera expresa que TIEM de México le puede contactar vía correo electrónico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de él y reporte su cuenta respondiendo este correo con el subject BAJABD Tenga en cuenta que la gestión de nuestras bases de datos es de suma importancia y no es intención de la empresa la inconformidad del receptor.
Re: kvm and Openbsd 5.1
Hi, Le 20 juil. 2012 à 19:29, Alessandro Baggi a écrit : > Hi list, > today I've installed OpenBSD 5.1 amd64 on a kvm (linux slackware) kvm version is 1.0.1. > > Starting machine with 4 core, and bsd.mp it crash. > Disabling mpbios see only one core and not smp. > > Then, I've updated kvm to 1.1.1 but the results are the same. > > > There is someone that has started obsd on kvm and avoid this problem? > > This problem is kvm related? > > Another, someone has tried obsd 5.1 on ESX? I have 5.0 and 5.1 working well, with 2 vCPU, on my ESXi 5. Cheers, Jo
kvm and Openbsd 5.1
Hi list, today I've installed OpenBSD 5.1 amd64 on a kvm (linux slackware) kvm version is 1.0.1. Starting machine with 4 core, and bsd.mp it crash. Disabling mpbios see only one core and not smp. Then, I've updated kvm to 1.1.1 but the results are the same. There is someone that has started obsd on kvm and avoid this problem? This problem is kvm related? Another, someone has tried obsd 5.1 on ESX? Thanks in advance.
Re: NFS and mounted dirs by hotplug-diskmount
available through my local network) those mounted by hotplug-diskmount are missing. I can't see any of this dirs. If I export these dirs in /etc/exports for NFS, then I see this dirs but no content is shown inside them. NFS AFAIK will never work this way. reload mountd after mounting new device. try to automate it. Still - no idea if NFS can server from non-unix partitions. NFS is very tightly bound to unix filesystem internals IMHO, unlike say samba or ftpd. you may try userspace nfs server too.
NFS and mounted dirs by hotplug-diskmount
Hi all: I have one computer acting as NFS server for some directories. One of these directories is /vol, where the hotplug-diskmount daemon mounts external disks (usually FAT32). The problem is that whereas NFS is working well (rest of dirs are available through my local network) those mounted by hotplug-diskmount are missing. I can't see any of this dirs. If I export these dirs in /etc/exports for NFS, then I see this dirs but no content is shown inside them. Any idea about this? I suspect it's something related to the hotplug-diskmount internals but maybe there's a solution... Thanks in advance, Jes
Re: Full Disc Encryption - i want your opinions
As your disk is probably not 'open source' (?), you don't know if there is a really encryption, or if there is a secret password (as for some bios) that permits to access data. thats exactly what i fear about. it is even possible that there are no encryption at all. Keep in memory that, whatever you do, if a guy has money and WANTS your data, he can get these. So, as long as you're not a terrorist, No i am not a terrorist yet ;) So final conclusion - just use software encryption. Thank you.
Re: Re : Apache won't start after pecl-imagick installation
Hello Otto, I was confused if I could start it manually or not. There was indeed a little mistake in the configuration regarding the paths of the certificate. It's now solved. Thank you to both of you - Mail original - > De : Otto Moerbeek > À : Mik J > Cc : "misc@openbsd.org" > Envoyé le : Vendredi 20 juillet 2012 14h22 > Objet : Re: Re : Apache won't start after pecl-imagick installation > > On Fri, Jul 20, 2012 at 12:20:38PM +0100, Mik J wrote: > >> Hello David, >> Yes I did create it, if there is a configuration problem then I >> don't see anything in the logs. >> I'm wondering how to debug this. > > Start apache on the command line as httpd and you'll probably see the error. > > > -Otto > > >> >> >> >> - Mail >> original - >> > De?: David Diggles >> > ??: >> misc@openbsd.org >> > Cc?: >> > Envoy? le : Vendredi 20 juillet 2012 11h07 >> > >> Objet?: Re: Re : Apache won't start after pecl-imagick installation >> > >> > Maybe >> a stupid question, but did you create the certificate the steps in the >> > FAQ? >> > >> > http://www.openbsd.org/faq/faq10.html#HTTPS >> > >> > On Fri, Jul 20, 2012 at >> 09:23:53AM +0100, Mik J wrote: >> >> Hello, >> >> >> >> I'm coming back with this >> Apache startup that works fine but yesterday >> >> I added the -DSSL option in >> /etc/rc.conf but Apache won't start >> >> # >> >> /etc/rc.d/httpd start >> >> >> httpd(failed) >> >> >> >> I've looked at all the logs I could find >> >> but >> couldn't see why it failed. Is Apache SSL with lpthread supposed to >> > work ? >> >> - Mail original - >> >> > De?: Mik J >> >> > ??: >> >> "misc@openbsd.org" >> >> > Cc?: >> >> > Envoy? le : Mardi >> 8 mai 2012 >> >> 22h08 >> >> > Objet?: Re : Apache won't start after pecl-imagick >> installation >> >> > >> >> >Thank you for your answer. >> >> > I did use apachectl >> but after your email I >> >> followed your suggestions and it works. >> >> > I >> have notice now that the command >> >> apachectl doesn't work at all now, >> >> > >> when I read your email I thought that it >> >> wouldn't work for the first time >> only. >> >> > I'm wondering if the apachectl >> >> command will end >> >> > being >> deprecated if it doesn't allow apache to restart >> >> without us wondering >> >> >> > if it has to pre load some libraries or not. >> >> > Have a >> >> good day >> >> > >> >> > - Mail >> >> > original - >> >> >>? De : Stuart Henderson >> >> >> >> >> >>? @ : >> >> > misc@openbsd.org >> >> >>? Cc : >> >> >>? >> Envoyi le : >> >> Mardi 8 mai 2012 16h06 >> >> >>? Objet : Re: >> >> > Apache won't >> start after pecl-imagick >> >> installation >> >> >> >> >> >>? On 2012-05-08, Mik J >> >> > wrote: >> >> >>> ? >> >> Hello, >> >> >>> >> >> >>> >> >> >> >>> ? I'm reinstalling my system >> >> > from 4.9 to 5.1 >> >> >>> ? I >> >> have >> installed >> >> >>> ? pecl-imagick and stopped/started >> >> > Apache but I have a >> >> seg fault (core >> >> >>? dumped). >> >> >>> ? If I uninstall this >> >> > >> package Apache >> >> stops/starts nicely. >> >> >>> >> >> >>> ? I have read this >> page >> >> >>> >> >> > >> >> http://www.openbsd.org/faq/upgrade50.html#Pkgup >> >> >> >>> ? The last point talks >> >> about >> >> > my >> >> >>> ? problem and advices to >> add in /etc/login.conf >> >> >>> ? httpd:\ >> >> >>> >> >> > >> :setenv=LD_PRELOAD=/usr/lib/libpthread.so:\ >> >> >>> ? :tc=daemon: >> >> >>> >> >> >> >>> >> >> ? This >> >> > doesn't help, >> >> >>> ? I still have the same problem >> with Apache. >> >> >> >> >> >> >> >> How did you >> >> > start Apache? You will need >> to use "/etc/rc.d/httpd >> >> >> >> >> restart" >> >> >>? (or reboot) >> >> > so it's >> started from the system rc scripts for this >> >> to take >> >> >>? effect, >> >> > >> "apachectl" does not handle this. >> >> >> >> >> >>> ? Also >> >> >> /usr/lib/libpthread.so doesn't >> >> >>> ? exist so I replaced it with >> >> >> /usr/lib/libpthread.so.13.3 but still no >> >> >> >> >> > success. >> >> >> >> >> >> >>? No the >> >> instructions are correct, use /usr/lib/libpthread.so
Re: load now over 1.00 all the time (i386, MP)
well... every problem has its solution -- eventually. i have noticed first that if i dont start an xsession (as in only xdm is on), the load can go under 1.00 but the reason couldnt be Xorg, as that is running already if xdm is started. so i started suspecting the programs in my .xsession. and indeed, after killing gkrellm, the mysterious >1.00 load disappeared. start it again: creeps up to 1.00 again. i thought it might be my .gkrellm2 configuration, but starting afresh produces the same result. none of the gkrellm users see this? i am running -current all the time... -f ps. crossposting to ports@ -- climate is what you expect. weather is what you get.
Re: Re : Apache won't start after pecl-imagick installation
On Fri, Jul 20, 2012 at 12:20:38PM +0100, Mik J wrote: > Hello David, > Yes I did create it, if there is a configuration problem then I > don't see anything in the logs. > I'm wondering how to debug this. Start apache on the command line as httpd and you'll probably see the error. -Otto > > > > - Mail > original - > > De?: David Diggles > > ??: > misc@openbsd.org > > Cc?: > > Envoy? le : Vendredi 20 juillet 2012 11h07 > > > Objet?: Re: Re : Apache won't start after pecl-imagick installation > > > > Maybe > a stupid question, but did you create the certificate the steps in the > > FAQ? > > > > http://www.openbsd.org/faq/faq10.html#HTTPS > > > > On Fri, Jul 20, 2012 at > 09:23:53AM +0100, Mik J wrote: > >> Hello, > >> > >> I'm coming back with this > Apache startup that works fine but yesterday > >> I added the -DSSL option in > /etc/rc.conf but Apache won't start > >> # > >> /etc/rc.d/httpd start > >> > httpd(failed) > >> > >> I've looked at all the logs I could find > >> but > couldn't see why it failed. Is Apache SSL with lpthread supposed to > > work ? > >> - Mail original - > >> > De?: Mik J > >> > ??: > >> "misc@openbsd.org" > >> > Cc?: > >> > Envoy? le : Mardi > 8 mai 2012 > >> 22h08 > >> > Objet?: Re : Apache won't start after pecl-imagick > installation > >> > > >> >Thank you for your answer. > >> > I did use apachectl > but after your email I > >> followed your suggestions and it works. > >> > I > have notice now that the command > >> apachectl doesn't work at all now, > >> > > when I read your email I thought that it > >> wouldn't work for the first time > only. > >> > I'm wondering if the apachectl > >> command will end > >> > being > deprecated if it doesn't allow apache to restart > >> without us wondering > >> > > if it has to pre load some libraries or not. > >> > Have a > >> good day > >> > > >> > - Mail > >> > original - > >> >>? De : Stuart Henderson > >> > > >> >>? @ : > >> > misc@openbsd.org > >> >>? Cc : > >> >>? > Envoyi le : > >> Mardi 8 mai 2012 16h06 > >> >>? Objet : Re: > >> > Apache won't > start after pecl-imagick > >> installation > >> >> > >> >>? On 2012-05-08, Mik J > >> > wrote: > >> >>> ? > >> Hello, > >> >>> > >> >>> > >> > >>> ? I'm reinstalling my system > >> > from 4.9 to 5.1 > >> >>> ? I > >> have > installed > >> >>> ? pecl-imagick and stopped/started > >> > Apache but I have a > >> seg fault (core > >> >>? dumped). > >> >>> ? If I uninstall this > >> > > package Apache > >> stops/starts nicely. > >> >>> > >> >>> ? I have read this > page > >> >>> > >> > > >> http://www.openbsd.org/faq/upgrade50.html#Pkgup > >> > >>> ? The last point talks > >> about > >> > my > >> >>> ? problem and advices to > add in /etc/login.conf > >> >>> ? httpd:\ > >> >>> > >> > > :setenv=LD_PRELOAD=/usr/lib/libpthread.so:\ > >> >>> ? :tc=daemon: > >> >>> > >> > >>> > >> ? This > >> > doesn't help, > >> >>> ? I still have the same problem > with Apache. > >> >> > >> >> > >> How did you > >> > start Apache? You will need > to use "/etc/rc.d/httpd > >> >> > >> restart" > >> >>? (or reboot) > >> > so it's > started from the system rc scripts for this > >> to take > >> >>? effect, > >> > > "apachectl" does not handle this. > >> >> > >> >>> ? Also > >> > /usr/lib/libpthread.so doesn't > >> >>> ? exist so I replaced it with > >> > /usr/lib/libpthread.so.13.3 but still no > >> >> > >> > success. > >> >> > >> > >>? No the > >> instructions are correct, use /usr/lib/libpthread.so
Re: Re : Apache won't start after pecl-imagick installation
Hello David, Yes I did create it, if there is a configuration problem then I don't see anything in the logs. I'm wondering how to debug this. - Mail original - > De : David Diggles > À : misc@openbsd.org > Cc : > Envoyé le : Vendredi 20 juillet 2012 11h07 > Objet : Re: Re : Apache won't start after pecl-imagick installation > > Maybe a stupid question, but did you create the certificate the steps in the > FAQ? > > http://www.openbsd.org/faq/faq10.html#HTTPS > > On Fri, Jul 20, 2012 at 09:23:53AM +0100, Mik J wrote: >> Hello, >> >> I'm coming back with this Apache startup that works fine but yesterday >> I added the -DSSL option in /etc/rc.conf but Apache won't start >> # >> /etc/rc.d/httpd start >> httpd(failed) >> >> I've looked at all the logs I could find >> but couldn't see why it failed. Is Apache SSL with lpthread supposed to > work ? >> - Mail original - >> > De?: Mik J >> > ??: >> "misc@openbsd.org" >> > Cc?: >> > Envoy? le : Mardi 8 mai 2012 >> 22h08 >> > Objet?: Re : Apache won't start after pecl-imagick installation >> > >> >Thank you for your answer. >> > I did use apachectl but after your email I >> followed your suggestions and it works. >> > I have notice now that the command >> apachectl doesn't work at all now, >> > when I read your email I thought that it >> wouldn't work for the first time only. >> > I'm wondering if the apachectl >> command will end >> > being deprecated if it doesn't allow apache to restart >> without us wondering >> > if it has to pre load some libraries or not. >> > Have a >> good day >> > >> > - Mail >> > original - >> >> De : Stuart Henderson >> >> >> @ : >> > misc@openbsd.org >> >> Cc : >> >> Envoyi le : >> Mardi 8 mai 2012 16h06 >> >> Objet : Re: >> > Apache won't start after pecl-imagick >> installation >> >> >> >> On 2012-05-08, Mik J >> > wrote: >> >>> ? >> Hello, >> >>> >> >>> >> >>> ? I'm reinstalling my system >> > from 4.9 to 5.1 >> >>> ? I >> have installed >> >>> ? pecl-imagick and stopped/started >> > Apache but I have a >> seg fault (core >> >> dumped). >> >>> ? If I uninstall this >> > package Apache >> stops/starts nicely. >> >>> >> >>> ? I have read this page >> >>> >> > >> http://www.openbsd.org/faq/upgrade50.html#Pkgup >> >>> ? The last point talks >> about >> > my >> >>> ? problem and advices to add in /etc/login.conf >> >>> ? httpd:\ >> >>> >> > :setenv=LD_PRELOAD=/usr/lib/libpthread.so:\ >> >>> ? :tc=daemon: >> >>> >> >>> >> ? This >> > doesn't help, >> >>> ? I still have the same problem with Apache. >> >> >> >> >> How did you >> > start Apache? You will need to use "/etc/rc.d/httpd >> >> >> restart" >> >> (or reboot) >> > so it's started from the system rc scripts for this >> to take >> >> effect, >> > "apachectl" does not handle this. >> >> >> >>> ? Also >> /usr/lib/libpthread.so doesn't >> >>> ? exist so I replaced it with >> /usr/lib/libpthread.so.13.3 but still no >> >> >> > success. >> >> >> >> No the >> instructions are correct, use /usr/lib/libpthread.so
Re: Polish encoding on console in x window
Thx its working on 5.1 but insted /etc/kbdtype pl i did /etc/wsconsctl keyboard.encoding=pl On Fri, 20 Jul 2012 12:24:07 +0200, Adam Bryt wrote: > On Thu, Jul 19, 2012 at 08:51:49PM +0200, Tomasz Marszal wrote: >> Hi Group. >> I have a question to polish users how to set up polish encoding in >> terminal >> in x windows in Open BSD 5.1 i386. >> LC_ALL and LC_LOCALE didnt work (works only in bash and i get strange >> signs >> instead of polish dialect signs. Setting wsconsctl keyboard.encoding=pl >> also dont give wanted result. >> >> Best Regards >> Tomek Marszal >> > > Hi, > > I do not have 5.1 i386, but in 5.2-beta amd64 this setting is working: > > /etc/kbdtype > pl > > ~/.xsession > export LC_CTYPE=pl_PL.UTF-8 > > ~/.profile > export LC_CTYPE=pl_PL.UTF-8 > > ~/.Xdefaults > XTerm*font:-misc-fixed-medium-r-normal--14-130-75-75-c-70-iso10646-1 > > In ksh i can type polish signs in filenames (but 'ls' dont display it > correctly). > > Adam
Re: Full Disc Encryption - i want your opinions
Le 20/07/2012 11:12, Wojciech Puchar a écrit : > Many today SSD and some magnetic disks have AES-128/256 encryption > builtin. > > If BIOS supports it, it ask for password then send it to hard disk > after which it decodes it's AES key so it start to work. > > No software crypto overhead, everything fine. > > My question - how secure it really is. > > One extremity is to assume it is certainly well done. > Another - that there are encryption at all, just simple password check. > > Both are possible as there is no way to check. > > I want your opinions. Software encryption would make quite a bit > overhead for my setup. > > As your disk is probably not 'open source' (?), you don't know if there is a really encryption, or if there is a secret password (as for some bios) that permits to access data. If I was you, I would prefer to use a software-based encryption (luks, softraid, ...), even if it has some disadvantages. Keep in memory that, whatever you do, if a guy has money and WANTS your data, he can get these. So, as long as you're not a terrorist, I think you can sleep quietly without take care of the CIA spy under your bed. But if you are, this spy just has to obtain the encryption method (or the global password, if there is) by giving $$ to the manufacturer of your disk, and then crack it. Some of the books I have are very funny at this point... I think that as long as it's not open source it's unsecure. This is me, and I could be wrong. In all cases, encrypt disk is more secure than not to encrypt disk. Maxime
Re: Polish encoding on console in x window
* Adam Bryt [120720 10:56]: > In ksh i can type polish signs in filenames (but 'ls' dont display it > correctly). Install colorls or use ls | cat. -- Alexander Polakov | plhk.ru
Re: Polish encoding on console in x window
On Thu, Jul 19, 2012 at 08:51:49PM +0200, Tomasz Marszal wrote: > Hi Group. > I have a question to polish users how to set up polish encoding in terminal > in x windows in Open BSD 5.1 i386. > LC_ALL and LC_LOCALE didnt work (works only in bash and i get strange signs > instead of polish dialect signs. Setting wsconsctl keyboard.encoding=pl > also dont give wanted result. > > Best Regards > Tomek Marszal > Hi, I do not have 5.1 i386, but in 5.2-beta amd64 this setting is working: /etc/kbdtype pl ~/.xsession export LC_CTYPE=pl_PL.UTF-8 ~/.profile export LC_CTYPE=pl_PL.UTF-8 ~/.Xdefaults XTerm*font:-misc-fixed-medium-r-normal--14-130-75-75-c-70-iso10646-1 In ksh i can type polish signs in filenames (but 'ls' dont display it correctly). Adam
Full Disc Encryption - i want your opinions
Many today SSD and some magnetic disks have AES-128/256 encryption builtin. If BIOS supports it, it ask for password then send it to hard disk after which it decodes it's AES key so it start to work. No software crypto overhead, everything fine. My question - how secure it really is. One extremity is to assume it is certainly well done. Another - that there are encryption at all, just simple password check. Both are possible as there is no way to check. I want your opinions. Software encryption would make quite a bit overhead for my setup.
Re: Re : Apache won't start after pecl-imagick installation
Maybe a stupid question, but did you create the certificate the steps in the FAQ? http://www.openbsd.org/faq/faq10.html#HTTPS On Fri, Jul 20, 2012 at 09:23:53AM +0100, Mik J wrote: > Hello, > > I'm coming back with this Apache startup that works fine but yesterday > I added the -DSSL option in /etc/rc.conf but Apache won't start > # > /etc/rc.d/httpd start > httpd(failed) > > I've looked at all the logs I could find > but couldn't see why it failed. Is Apache SSL with lpthread supposed to work ? > - Mail original - > > De?: Mik J > > ??: > "misc@openbsd.org" > > Cc?: > > Envoy? le : Mardi 8 mai 2012 > 22h08 > > Objet?: Re : Apache won't start after pecl-imagick installation > > > >Thank you for your answer. > > I did use apachectl but after your email I > followed your suggestions and it works. > > I have notice now that the command > apachectl doesn't work at all now, > > when I read your email I thought that it > wouldn't work for the first time only. > > I'm wondering if the apachectl > command will end > > being deprecated if it doesn't allow apache to restart > without us wondering > > if it has to pre load some libraries or not. > > Have a > good day > > > > - Mail > > original - > >> De : Stuart Henderson > > >> @ : > > misc@openbsd.org > >> Cc : > >> Envoyi le : > Mardi 8 mai 2012 16h06 > >> Objet : Re: > > Apache won't start after pecl-imagick > installation > >> > >> On 2012-05-08, Mik J > > wrote: > >>> ? > Hello, > >>> > >>> > >>> ? I'm reinstalling my system > > from 4.9 to 5.1 > >>> ? I > have installed > >>> ? pecl-imagick and stopped/started > > Apache but I have a > seg fault (core > >> dumped). > >>> ? If I uninstall this > > package Apache > stops/starts nicely. > >>> > >>> ? I have read this page > >>> > > > http://www.openbsd.org/faq/upgrade50.html#Pkgup > >>> ? The last point talks > about > > my > >>> ? problem and advices to add in /etc/login.conf > >>> ? httpd:\ > >>> > > :setenv=LD_PRELOAD=/usr/lib/libpthread.so:\ > >>> ? :tc=daemon: > >>> > >>> > ? This > > doesn't help, > >>> ? I still have the same problem with Apache. > >> > >> > How did you > > start Apache? You will need to use "/etc/rc.d/httpd > >> > restart" > >> (or reboot) > > so it's started from the system rc scripts for this > to take > >> effect, > > "apachectl" does not handle this. > >> > >>> ? Also > /usr/lib/libpthread.so doesn't > >>> ? exist so I replaced it with > /usr/lib/libpthread.so.13.3 but still no > >> > > success. > >> > >> No the > instructions are correct, use /usr/lib/libpthread.so
HIPNOTERAPIA ERICKSONIANA Y PSICOLOGÍA POSITIVA
ESCUELA SISTÉMICA ARGENTINASEMINARIO TALLERAgosto / Septiembre 2012 HIPNOTERAPIA ERICKSONIANA Y PSICOLOGÍA POSITIVA CONSTRUYENDO EL ESTADO POSITIVO SUSTENTABLE EN PSICOTERAPIA HIPNOSIS ERICKSONIANA y PSICOLOGÍA POSITIVA: LOS APORTES DE LA INVESTIGACIÓN EN PSICOTERAPIA, RESILIENCIA, TERAPIA ORIENTADA A LAS SOLUCIONES, NARRATIVISMO, POSMODERNISMO, ONTOLOGÍA DEL LENGUAJE Y NEUROCIENCIAS AL SERVICIO DEL CAMBIO SUSTENTABLE Docente: Lic. Claudio DES CHAMPS (*) Modalidad Regular:Inicio: 09 de agosto (7 clases de 2 horas) / Fechas: 09, 16, 23 y 30 y de agosto y 06, 13 y 20 de SeptiembreHorarios: El mismo seminario será dado a 2 grupos, a elección de los participantes: * Primer grupo: de 13 a 15 hs; * Segundo grupo: de 19 a 21 hs Modalidad Intensiva: Inicio: Viernes 14 y Sábado 15 de Septiembre. Horario: 9 a 17 hs (Cada día) Toda persona es un individuo. Por lo tanto, la psicoterapia debería ser formulada de manera que responda a la particularidad de las necesidades de la persona, en vez de obligarla a ajustarse a una teoría hipotética de la conducta humana (J. Zeig y S.Gilligan.)¿Cree que su pasado determina su futuro? No se trata de una pregunta filosófica superficial. Según en qué medida consideremos que el pasado determina el futuro tenderemos o no, a ser un navío pasivo, incapaz de cambiar de trayecto de forma activa. Tales creencias son las culpables de la extrema inercia de muchas personas (Martin Seligman). Los datos neurológicos nos hacen enfocar la cuestión de un modo diferente: la sensación de ser feliz o desdichado depende probablemente de la connotación afectiva que le atribuya nuestro aparato de percibir el mundo. (Boris Cyrulnik)El objetivo de la Psicología Positiva es generar un viraje en la visión de la psicología, poniendo el foco no sólo en reparar sino especialmente, en construir recursos y desplegar cualidades positivas y elaborar guiones esperanzadores para el desarrollo y bienestar sustentable de los seres humanos. (C. Des Champs) HIPNOSIS ERICKSONIANA Y PSICOLOGÍA POSITIVA 2012 Propuesta: Presentar a la Hipnosis Ericksoniana , es decir a la psicoterapia creada por Milton Erickson desde sus principios y abordajes originarios, como fundadora de la psicoterapia sistémica y como pionera, inspiradora y plenamente vigente en el marco de las psicoterapias actuales y especialmente del abordaje de la Psicología Positiva. Objetivos: La materia tiene por objetivo, promover el conocimiento de los fundamentos teóricos y los principios básicos de la hipnosis ericksoniana, es decir del abordaje psicoterapéutico del reconocido terapeuta norteamericano, Milton Erickson. Se introducirán los conceptos esenciales y las múltiples técnicas derivadas de tales conceptos y de la cosmovisión, aspectos neurocientíficos, valores y filosofía de dicha práctica clínica. Dicha psicoterapia se presentará en primer lugar, como pionera y fundadora de la terapia estratégica sistémica en particular y de la práctica psicoterapéutica sistémica general, incluyendo los modelos y abordajes más recientes como el narrativismo y todos aquellos posmodernistas derivados de la epistemología constructivista, construccionista social y de la ontología del lenguaje. Y en segundo lugar, como fundadora, inspiradora y estimuladora del viraje en la psicología actual en general y en la psicoterapia en particular, encarnado en la propuesta de la Psicología Positiva y en sus antecesores, entre ellos, la logoterapia de Víctor Frankl, la Resiliencia, los aportes de las neurociencias y los conclusiones mas recientes de la investigación en psicoterapia, como por ejemplo la Alianza Terapéutica, conclusiones que atraviesan los modelos y teorías de las distintas escuelas psicoterapéuticas. Se introduce así al profesional en la innovadora y pionera propuesta psicoterapéutica de Milton Erickson, actualizándola con fundamentos de los avances en distintas áreas de la ciencia articulados entre sí, conectándolo de esta manera, con la esencia de las prácticas actuales en psicoterapia y especialmente, con el viraje propuesto por la Psicología Positiva. (*) El Lic. Des Champs es Psicólogo (UBA), psicoterapeuta de individuos, parejas y familia. Ex Coordinador del equipo de atención de Crisis del hospital de San isidro y del área de familia de operadas de mama del L. A. L. C. E. C . Docente universitario de grado y posgrado, introdujo y coordinó materias sistémicas y cognitivas e impartió seminarios de terapia familiar sistémica en la UBA, Universidad J. F. Kennedy y en el Instituto de Drogadependencia de la Universidad del Salvador dependiente de la Secretaría de Adicciones de la provincia de Buenos Aires, de la cual fue asesor en su especialidad. Ex profesor adjunto de la Carrera de Psicología de la Universidad Maimónides, a cargo de las materias Modelo Sistémico I y II. Profesor invitado a la es
Re: Re : Apache won't start after pecl-imagick installation
Hello, I'm coming back with this Apache startup that works fine but yesterday I added the -DSSL option in /etc/rc.conf but Apache won't start # /etc/rc.d/httpd start httpd(failed) I've looked at all the logs I could find but couldn't see why it failed. Is Apache SSL with lpthread supposed to work ? - Mail original - > De : Mik J > À : "misc@openbsd.org" > Cc : > Envoyé le : Mardi 8 mai 2012 22h08 > Objet : Re : Apache won't start after pecl-imagick installation > >Thank you for your answer. > I did use apachectl but after your email I followed your suggestions and it works. > I have notice now that the command apachectl doesn't work at all now, > when I read your email I thought that it wouldn't work for the first time only. > I'm wondering if the apachectl command will end > being deprecated if it doesn't allow apache to restart without us wondering > if it has to pre load some libraries or not. > Have a good day > > - Mail > original - >> De : Stuart Henderson >> @ : > misc@openbsd.org >> Cc : >> Envoyi le : Mardi 8 mai 2012 16h06 >> Objet : Re: > Apache won't start after pecl-imagick installation >> >> On 2012-05-08, Mik J > wrote: >>> Hello, >>> >>> >>> I'm reinstalling my system > from 4.9 to 5.1 >>> I have installed >>> pecl-imagick and stopped/started > Apache but I have a seg fault (core >> dumped). >>> If I uninstall this > package Apache stops/starts nicely. >>> >>> I have read this page >>> > http://www.openbsd.org/faq/upgrade50.html#Pkgup >>> The last point talks about > my >>> problem and advices to add in /etc/login.conf >>> httpd:\ >>> > :setenv=LD_PRELOAD=/usr/lib/libpthread.so:\ >>> :tc=daemon: >>> >>> This > doesn't help, >>> I still have the same problem with Apache. >> >> How did you > start Apache? You will need to use "/etc/rc.d/httpd >> restart" >> (or reboot) > so it's started from the system rc scripts for this to take >> effect, > "apachectl" does not handle this. >> >>> Also /usr/lib/libpthread.so doesn't >>> exist so I replaced it with /usr/lib/libpthread.so.13.3 but still no >> > success. >> >> No the instructions are correct, use /usr/lib/libpthread.so
Re: Speeding up scp over 10GigE, suggestions?
The previous tests were reading from striped disks 4 spindles, writing to /dev/null This is the best so far, with fetching 4 compressed 500MB files on a remote ramdisk, local output going to /dev/null All on 10GigE in the same room. OUTDIR: [/dev/null] SSH Options: [-o Ciphers=arcfour128 -o MACs=umac...@openssh.com] 254.72636815920398009950 MB/s 225.55066079295154185022 MB/s 222.60869565217391304347 MB/s 237.03703703703703703703 MB/s Here is a test scp read from remote ramdisk, write to mounted cluster filesystem (over the same 10GigE link). OUTDIR: [/scatch/tmp] SSH Options: [-o Ciphers=arcfour128 -o MACs=umac...@openssh.com] 73.03851640513552068473 MB/s 72.72727272727272727272 MB/s 68.63270777479892761394 MB/s 68.35781041388518024032 MB/s I have compiled hpn-ssh but not yet tested it locally or over the wan. On Fri, Jul 20, 2012 at 05:33:33PM +1000, David Diggles wrote: > Thanks Christian > > Specifying the MAC you suggested makes a big jump in performance. > > SSH Options: [-o Ciphers=arcfour128 -o MACs=umac...@openssh.com] > 98.65026953028924143858 MB/s > 94.75118186708754888342 MB/s > 93.67964795503113387533 MB/s > 77.35326700132979443792 MB/s > > SSH Options: [-o Ciphers=arcfour128] > 63.50306913748638001067 MB/s > 63.09124016939771183475 MB/s > 61.51859822693993063534 MB/s > 52.67600175573777350882 MB/s > > On Thu, Jul 19, 2012 at 11:51:50AM +, Christian Weisgerber wrote: > > David Diggles wrote: > > > > > I am looking for ways to speed up scp over 10GigE. > > > With parallel transfer of 4x 8GB files, I get > > > the following test results with various ciphers. > > > > > > These tests maxed out 4 cores with encryption overhead. > > > > Assuming that crypto actually is your bottleneck, here are a few > > hints: > > > > First, use a faster MAC: -m umac...@openssh.com > > > > > SSH Options: [-o Cipher=arcfour] > > > SSH Options: [-o Cipher=blowfish] > > > > These only apply to the SSH1 protocol and are ignored otherwise. > > > > > SSH Options: [-o Ciphers=arcfour] > > > SSH Options: [-o Ciphers=blowfish-cbc] > > > SSH Options: [-o Ciphers=aes256-ctr] > > > SSH Options: [-o Ciphers=3des-cbc] > > > > There are really three interesting ciphers: aes128-ctr, aes128-cbc, > > and arcfour128. > > > > aes128-ctr is the default and already plenty fast. > > > > aes128-cbc used to be the default until a security problem with the > > way CBC mode is used in the SSH2 protocol was discovered. In > > principle it isn't any faster than aes128-ctr, but in practice it > > may be since it uses OpenSSL's optimized EVP_aes_128_cbc() function > > while aes128-ctr relies on calls to the low-level AES_encrypt() > > primitive. > > > > arcfour128 is the fastest cipher supported. (Plain "arcfour" may > > be a tad faster, but has known security problems.) > > > > -- > > Christian "naddy" Weisgerber na...@mips.inka.de
Re: Speeding up scp over 10GigE, suggestions?
Thanks Christian Specifying the MAC you suggested makes a big jump in performance. SSH Options: [-o Ciphers=arcfour128 -o MACs=umac...@openssh.com] 98.65026953028924143858 MB/s 94.75118186708754888342 MB/s 93.67964795503113387533 MB/s 77.35326700132979443792 MB/s SSH Options: [-o Ciphers=arcfour128] 63.50306913748638001067 MB/s 63.09124016939771183475 MB/s 61.51859822693993063534 MB/s 52.67600175573777350882 MB/s On Thu, Jul 19, 2012 at 11:51:50AM +, Christian Weisgerber wrote: > David Diggles wrote: > > > I am looking for ways to speed up scp over 10GigE. > > With parallel transfer of 4x 8GB files, I get > > the following test results with various ciphers. > > > > These tests maxed out 4 cores with encryption overhead. > > Assuming that crypto actually is your bottleneck, here are a few > hints: > > First, use a faster MAC: -m umac...@openssh.com > > > SSH Options: [-o Cipher=arcfour] > > SSH Options: [-o Cipher=blowfish] > > These only apply to the SSH1 protocol and are ignored otherwise. > > > SSH Options: [-o Ciphers=arcfour] > > SSH Options: [-o Ciphers=blowfish-cbc] > > SSH Options: [-o Ciphers=aes256-ctr] > > SSH Options: [-o Ciphers=3des-cbc] > > There are really three interesting ciphers: aes128-ctr, aes128-cbc, > and arcfour128. > > aes128-ctr is the default and already plenty fast. > > aes128-cbc used to be the default until a security problem with the > way CBC mode is used in the SSH2 protocol was discovered. In > principle it isn't any faster than aes128-ctr, but in practice it > may be since it uses OpenSSL's optimized EVP_aes_128_cbc() function > while aes128-ctr relies on calls to the low-level AES_encrypt() > primitive. > > arcfour128 is the fastest cipher supported. (Plain "arcfour" may > be a tad faster, but has known security problems.) > > -- > Christian "naddy" Weisgerber na...@mips.inka.de
