Re: [SLUG] [Job: Syd] Java Coder wanted
Howdy Mark, I stand corrected - I shall forward to the appropriate list then. Cheers, Umar. On Thu, Feb 26, 2004, Umar Goldeli wrote: Greetings all, Something you may be interested in yourself or know someone who may be interested.. and yes, one of the target platforms is Linux. :) Hi Umar, We discourage people from sending job ads to the slug list -- you might want to send to [EMAIL PROTECTED] instead. -Mary -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] [Job: Syd] Java Coder wanted
Greetings all, Something you may be interested in yourself or know someone who may be interested.. and yes, one of the target platforms is Linux. :) Thanks.. //umar. Java Coder Wanted: Can you code beautiful Java? Are you self-motivated and don't need direct supervision? Don't want to go to the office every day? We are looking for a Java coder to join a small and specialized team working on Security and Defence related projects. The company is a startup with extremely good opportunities and contacts and has just signed a deal across the Asia Pacific region with a leading multinational hardware/software vendor for co-marketing opportunities and distribution. All coding will be done from home, and checked in via VPN. With face-to-face meetings as-required. Needless to say - there will be times when other skills will be required - support, sysadmin, consulting, all-round IT skills - but this is almost entirely a coding position. The candidate MUST be self-motivated, reliable and organized. Direct supervision will be minimal. Technical skills required: * Java, J2EE, EJB * Swing/GUI Java work * XML * Solaris/*nix * Networking skills/understanding of IP and associated protocols * Security and encryption general concepts * Understanding of carrier/ISP environments Personal skills/attributes: * Good communicator * Team player * Reliable * Committed * Motivated Provided that you have excellent Java skills, are a fast learner, willing/able/keen to learn new concepts/technologies and are willing to RTFM - the rest can be picked up along the way. The idea is that the successful candidate will become an integral part of the team and critical to the success of the project. You will be exposed to various interesting methods, technologies and legal frameworks of various countries - so this will certainly be rewarding and interesting. This is a challenging position - commitment and hard work is critical to success. Candidate must be able to keep to deadlines and must be extremely reliable. If you are used to always submitting deliverables slightly late - do not apply. The successful candidate may also be required to undergo a Security Clearance - please bear this in mind. Various benefits and bonus schemes are available. Sydney-based applicants eligible to work in Australia only at this stage please. Please send your cover letter, resume, date of availability and expected level of remuneration to [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] SD Card support under Linux/DRM
Actually I've also heard that the people working on the Zaurus project have got this working as well - but don't give out their code etc.. Apparantly you have to sign away your life to get access to the doco from the SD manufacturers and can't pass it on afterwards. //umar. I believe that SD cards are working on at least some models of the iPAQ running Familiar Linux. Check http://familiar.handhelds.org/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] SD Card support under Linux/DRM
Howdy Scott, Yep - been there.. doesn't work.. and the other thing is that having to use only one particular program on one particular OS offends me as well. Eek. It's interesting that Panasonic have opted down this path though.. other SD based players allow you to just mount and copy files across.. bah. //umar. Have you tried installing Jukebox under wine? Chances are it won't work, but it would be worth a try. http://www.winehq.org Cheers, Scott -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] SD Card support under Linux/DRM
Greetings All, Quick question - I was wondering whether there was a Linux/OS version of some utils to transfer mp3 files to a SD card based mp3 player with what appears to be DRM of some sort? As it stands, I bought a Panasonic SV-SD80 - thinking that I could just mount the SD card, and just copy files across to it - however, Panasonic in all their Customer Focused Wisdom(tm) appear to require some horrid windows only program called Real Player Jukebox to be able to use this device at all... As I am not very keen on installing windows just to run a silly program, I am stuck here with an $800 piece of shiny plastic which does nothing. :\ Very nice of them to mention nothing on the packaging either.. otherwise I would certainly not have bought it.. *groan* Thanks in advance.. //umar. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Tcpdump - multiple filters to multiple files?
Howdy, How are we all? :) Here's an interesting question that I'm looking for a solution to - quite simply, is there a way to run tcpdump to capture different ip addresses and output them to different files without running multiple copies of tcpdump? Specifically - something along these lines: * A single tcpdump process captures packets with source or dest IP: 1.2.3.4 and outputs the results to 1.2.3.4.log whilst at the same time doing the same for 2.3.4.5 and 2.3.4.5.log respectively. Ideally - this scales to the 100 mark or so.. and FAST. I'm pretty sure this can't be done with tcpdump/libpcap - but is there another utility? If none exists - how hard would it be to code such a beast? Also - could it be coded portably so it could compile/run on Solaris etc? Looking forward to hearing your replies... Thanks in advance. :) Cheers, Umar. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Tcpdump - multiple filters to multiple files?
Howdy, I don't know any way to do this with existing tools, but it would presumably not be a particularly difficult task for a c programmer to modify tcpdump for this purpose. Know any good ones? :) Depending how much speed you really need, this could also be done in perl using Net::Pcap. Nope - it has to be done in C/C++.. no perl on the platform. :\ snort might also be of interest. I'm not particularly familiar with it, but it seems like the sort of thing I'd want it to do. That's not a bad idea - I'll have a poke around snort.. hmm.. but I think it uses libpcap as well.. danke.. //umar. tcpflow splits trafic by tcp stream. Not sure if that's useful to you. Andrew On Mon, 23 Jun 2003, Umar Goldeli wrote: Date: Mon, 23 Jun 2003 20:01:17 +1000 (EST) From: Umar Goldeli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SLUG] Tcpdump - multiple filters to multiple files? Howdy, How are we all? :) Here's an interesting question that I'm looking for a solution to - quite simply, is there a way to run tcpdump to capture different ip addresses and output them to different files without running multiple copies of tcpdump? Specifically - something along these lines: * A single tcpdump process captures packets with source or dest IP: 1.2.3.4 and outputs the results to 1.2.3.4.log whilst at the same time doing the same for 2.3.4.5 and 2.3.4.5.log respectively. Ideally - this scales to the 100 mark or so.. and FAST. I'm pretty sure this can't be done with tcpdump/libpcap - but is there another utility? If none exists - how hard would it be to code such a beast? Also - could it be coded portably so it could compile/run on Solaris etc? Looking forward to hearing your replies... Thanks in advance. :) Cheers, Umar. -- No added Sugar. Not tested on animals. If irritation occurs, discontinue use. --- Andrew McNaughton In Sydney Working on a Product Recommender System [EMAIL PROTECTED] Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Tcpdump - multiple filters to multiple files?
Howdy, The bottom of this is the fact that the packet filtering using tcpdump on linux is not done by tcpdump itself nor by the libpcap, but by the BPF filtering capability of the kernel (read: the kernel only send the appropriate packets to the userland side). To solve your problem, you dont need tcpdump at all: tcpdump is basically a pcap format interpreter. You can do it by opening 100 sockets filtered for one host or 1 socket et filter yourself; obvously, the second one is the only one to scale properly. The amount of code to do that would be small if you only want to dump that to a file. that's the kind of thing I was thinking of - getting some kind of packet stream frmo the kernel and filtering it myself - mayeb a hash table of sorts with the filters in them etc etc.. alas, I haven't played with C for quite some time now and I've been converted to the Dark Side(tm) (Perl. ;) - so for me it would be quite impossible.. However, if this is indeed a simple task - I'd be willing to pay someone to put it together for me.. ? //umar. JeF On Mon, Jun 23, 2003 at 08:01:17PM +1000, Umar Goldeli wrote: Howdy, How are we all? :) Here's an interesting question that I'm looking for a solution to - quite simply, is there a way to run tcpdump to capture different ip addresses and output them to different files without running multiple copies of tcpdump? Specifically - something along these lines: * A single tcpdump process captures packets with source or dest IP: 1.2.3.4 and outputs the results to 1.2.3.4.log whilst at the same time doing the same for 2.3.4.5 and 2.3.4.5.log respectively. Ideally - this scales to the 100 mark or so.. and FAST. I'm pretty sure this can't be done with tcpdump/libpcap - but is there another utility? If none exists - how hard would it be to code such a beast? Also - could it be coded portably so it could compile/run on Solaris etc? Looking forward to hearing your replies... Thanks in advance. :) Cheers, Umar. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Tcpdump - multiple filters to multiple files?
Howdy, Thanks for this - but this runs multiple copies of tcpdump etc which tends to lose packets and slows down miserably after about 5 instances or so.. Cheers, Umar. Have you considered doing a: # tcpdump -i interface | grep 1.2.3.4 1.2.3.4.log # tcpdump -i interface | grep 2.3.4.5 2.3.4.5.log Of course, you may wish to refine the grep regexp if you are getting other stray lines in your log files. Never underestimate the power of the simple axioms that already exist. :) Warmest regards -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
To add to this, and looking at it from a few steps back, one can summarize the base functionality of a firewall as something which sits in between various areas of a network (or networks) with differing levels of trust and enforces the semantics of these levels. //umar. A firewall is not so much a product or a feature as an architecture. You can build a firewall on one system, or you can build it out of a number of systems. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Need to lease an IP block.
Don't forget the ~$5k/year membership fees (In USD of course). //umar. Hmm ... that'll be tough - APNIC will gladly give you a minimum of a /20. Justifying 4.96 IP's isn't gonna be easy though :) -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Anyone know of a free(ish) Software RAIT solution?
I think AMANDA did tape striping, but I could be wrong... //umar. RAIT = Redundant Array of Inexpensive Tapes.. Ie RAID for Tapes. Im looking for some code that will do RAIT in software.. Has anyone seen anything like that about in the free or GPL space? -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] OT - Job advertisement
Fear leads to consultants, consultants lead to NT, NT leads to suffering I'm going to have to bite on this one.. consultants should be defined further - clueless consultants perhaps.. :) //umar (consultant who breaks out in hives when M$ products are mentioned) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Asynchronous I/O
I have no idea about the function calls themselves, but I would assume that you have to mount the filesystem that you're working on ayncio - it's a mount option. $0.02. //umar. hello, this is kiran. I am using Red Hat linux version 7.0. kernel version is 2.2.16-22. i want to know does this support POSIX aio(aysnchrounous io calls). He has given header file /usr/include/aio.h but when i use the functions aio_read or aio_write it is giving in compilation saying undefined reference. and i tried to find out the library for this aio. but i am not able to. so if any one knows about this please tell me, whether this is having aio support or how to make it work. with regards, kiran -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Re: Linux Instructor - what about jobs wanted?
James, Being an old hand at being a professional slut and having dealt with many pimps and even once been shafted 35%, I think I'll save you some pain and give you a little advice. :) Quite simply - pimps are tools. Some of them are nice, some are not, some you may even become friends with after being pimped by them.. However, never, ever consider taking a contract at a place that's not close to home without at least 2 weeks of cash in your pocket and a return ticket home by some means. If you did the work and they didn't pay you - you can pull out a lawyer or call a friend (hell, email SLUG and you'll get a dozen replies!) who will point you to a variety of organizations that deal with nasty pimps.. In terms of finding work - as I said, if you don't have a reputation in the industry - then pimps are your best bet. But use the following ruleset when dealing with pimps: 1. Have a professional resume - nobody wants to know that you got a merit certificate in primary school and worked at McDonalds when you were 14. Put it in a format pimps understand - keywords with your skillset etc.. Make sure you leave your age out - for some jobs the pimp will think you're too young, for some, they might think you're too old. Let your client decide - not the pimp. 2. Check out Jobnet - search for suitable jobs - pick a bunch of positions from at least 5 pimps - and send your resume in regards to those particular positions or similar. Make sure you believe you can do those jobs. 3. Unless you have shitloads of time to kill and nothing better to do - make sure you don't turn up to pimp interviews - you don't need to see the pimp if you're good for the job.. you want to see the client. 4. Sell yourself! Make sure you talk with a set of balls like Schwarzenegger. Be firm. Know what you want. Show no weakness. 5. Avoid the larger agencies who have bulk deals with larger players like [EMAIL PROTECTED] they will screw you down with all their might. And other larger ones like Morgan/Banks will offend you with their we are the best attitude and shaft you more than the smaller players. 6. Make absolutely sure that you know your stuff (relative to the clients' requirements) :) 7. If the concept of a pimp offends you - don't hesitate to call the client direct - do some research on a few companies and find out what their corporate structure looks like, ask around and find the manager who would need someone like you and call/email them.. Large corporations (especially carriers) love hiring enthusiastic grads etc.. 8. Good luck. :) //umar I am a young programmer looking for work and I welcome genuine job postings. I am very clueful indeed, but clueful in programming and not anything else. I didn't know about the jobs on linux.org.au until today. I am not stupid by any stretch of the imagination, however I have no idea where to look for a Linux job other than on this list (and today as I found out, on linux.org.au). I agree about agencies however. I don't like them - wouldn't trust them as far as I could spit. I got burned by an agency at just 19. They left me in Melbourne with no money for 5 weeks, refusing to pay me early on. I had to beg for money just to buy food. This was insulting and I will never recover from the experience. This agency was called Peoplebank, in Bourke Street, Melbourne. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] OFFTOPIC: Re: Linux Instructor - what about jobs wanted?
Rick, The way I think of pimps is as a service - otherwise you'll be pissed off to the point of combustion everytime you send an invoice. For example - my current position: I sourced it myself (they called me actually) - and I stated a rate and got it.. however since they're a large corporation, they won't deal with a person or an unapproved resource provider - so HR forced me through a pimp.. that's fine.. I get what I want - and the pimp charges them a premium just to resell me.. since the *pimp* didn't find me, they charge them less.. I'm not paying for it so I don't care.. but if I start thinking about it as money that I *could* be receiving - i.e. an extra $150/day - then I'd be pissed off.. but remember it's a service, I get what I want - and I think of them as a convenient party to invoice weekly (the larger corporates don't pay their bills on time - so pimps are useful for this as well). Actually, this is a good point to elaborate on.. for example, if you work for a large carrier such as Optus - and you went direct to them.. and invoiced them weekly.. if you started work on the 1st of Jan, your first receipt of payment would be around March'ish.. their official payment cycles are 60 days if I remember correctly.. if it didn't get paid in that cycle.. then you have to chase them up.. this is all too hard.. let the pimp do it for you. So, from the pimp's perspective - they have to pay you for roughly two months' worth without receiving a cent from their client.. that's a shitload of money to cover while awaiting payment! So then they factor in timing differences and interest and other bits and pieces, and they come up with their Official Shafting Margin(tm) - which is generally less than what you see as the Oh Shit Look at What I'm Being Shafted Figure(tm).. Anyway... On the other hand - if the pimp finds you a job, then the $x/hour you bleed is your payment for them to find the job. And remember - if you don't have a strong social circle in terms of work and can't ask a friend hey, know anyone who's hiring Widget Specialists? - then pimps are your best option - they spend all day, every day schmoozing and bribing clients with squishy toys and umbrellas.. and they find out where the esoteric requirements are. Finding contracts by word of mouth is the best though. Always. But there's always the pimp as backup. //umar. I hear ya, mate. Avoid them at all costs. They cost you big $$$ as well, since they pay you (or your company), and pocket the difference, which can be $10 or $15/hr above what you are getting paid. You are paying through the nose for their George St high-rise offices, golf afternoons and champagne tastes. Always go the extra mile and use the 'net and other media to find jobs. There are enough resources out there to find a job on your own without the help of the parasites. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] OFFTOPIC: Re: Linux Instructor - what about jobs wanted?
Finding contracts by word of mouth is the best though. Always. But there's always the pimp as backup. If you can't find a real job, go ask the pimp? :) Close. :) If all pimps get squishy toys and umbrellas, I want to be a pimp. The clients get the squishy toys.. pimps supply them.. so you'd have to be on the commission paying side.. :) (...and the contractor gets to do the work) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] E-Commerce...what do I need.
Chris, It appears that everybody has suggested the shopping bit - but you'll find that you'll also need something to talk to the bank.. this is the hard bit (as by your question, I'm assuming that you want realtime transaction approval etc..) In 99% of situations, you have to write bits of custom code using some form of middleware.. check out: www.aba.net.au for a start (as they have a free SDK etc and reasonable merchant fees..) other names to look for are Camtech and some other which I can't remember off the top of my head in the morning.. Quite simply, if you want a manual system - any Acme Shopping cart will do - and email you (encrypted) card details etc which you later process etc... but a proper one as per se, will indeed cost you time and money.. As Rick said... call me.. call me Now.. ;) //umar. Also, how does it all work together? I mean once the user has submitted their request how does the credit card information get sent or received to or from the bank...or is there a completely different way of doing this. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] list broken?
Well, I'm gettign two of everything.. may I'm getting your share... *smirk* //umar. On Thu, 17 May 2001, DaZZa wrote: Testingtesting...one two three. Is this thing on? Do we have a badly broken list, or has everyone just run out of problems? I haven't seen slug mail in several days. DaZZa -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Getting a dial in up to speed
If your ISP has analogue lines or no digital access server or you have a crap phone line, you'll get a max connection of 33.6k (except if it's cos you've got a crap line, then you might get somewhere between 33.6 - about 50 odd). Just being the devil's advocate - Tel$tra actually only guarantees data xfer rates of 9.6k.. so if you get your 9.6k - everything is to spec.. anything more is a bonus.. *blech* //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Studying Programming
Mr. Squirrel, Best way to learn how to code is to sit down, think about a project that needs to be done, and do it in the language of your choice (after deciding on the suitability of that language for your task). If you're relatively bright, this is the *only* way to learn. ;) Code a few more projects... then come back to your first project and review the code and pick out the nasties and perhaps rewrite it.. perhaps in another language altogether or with a completely different structure. Uni will teach you methodology - not code.. and even so, comp sci at uni is a bit of a luxury, you can learn *almost* everything at home from books and your own development platform.. you will miss out on different approaches and the peer review process (i.e. other kids laughing at your code) though.. however with the OS model, especially working on public projects, you'll get plenty of input from other coders soon enough! ;) If you're considering uni for this, then consider a double degree like Electrical Engineering/Comp Sci... because you'll find out quite soon that manufacturing semiconductors in your bedroom doesn't work all that well.. not to mention that with Elec Eng, you should at least have a solid physics/chem background (and these too - at high levels - are not easy to learn without explanation).. So quite simply, learning to code at home is feasible, neurosurgery/photovoltaics development/biomed engineering/insert disciplines which require specialist equipment etc here aren't. Oh, and you'll learn to drink beer on campus too. //umar (who has gone back to uni part-time to do a hobby Economics/Accounting degree which he will never ever utilize in the workforce.. but hey, the environment is fun and it has nothing to do with what I actually do for a living! ;) Hello, What does everyone here think of getting professional training in programming (and programming in general) vs self study ? I'm considering taking a 40h course or similar to learn how to program the right way and get help in the mean time. Who might offer such services ? I'm having difficulty finding companies that offer this, i've tried Spherion for example - there programming courses are pathetic. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux viruses
Note the keywords: worm .. not virus.. A dodgy script that exploits a known vulnerability and perpetuates itself by the same method is not worthy of the label virus.. By the same token, some moron who writes a bit of cheap VBS and sends it to other morons who double click everything they see, has not created a virus per se, but has created a cheap-arse trojan for Dummies(tm). //umar. Go to http://vil.nai.com/vil/ and do a search for Linux. You will come up with 12 viruses For instance, Ramen Worm: http://vil.nai.com/vil/dispVirus.asp?virus_k=98975 I think it's a decent idea to add a virus scan to your daily cron job/ security check scripts. Gives you an extra little bit of protection that will hopefully never be needed :-) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux Geeks Printing
2) I have a network, email and the web; what the hell do I need a printer for? So you can give dead trees with bits of carbon on it to management types to make them feel secure. :) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] Free: HP Draftmaster A0 Plotter.
Greetings, Due to space restrictions.. I must whittle my hoard somewhat. :( I have a lovely A0 sized, HP Draftmaster.. a big-arse 8-pen plotter.. *sob* I will give it away to a loving home. You may need to fiddle with it (i.e. make/buy a new serial cable), but as far as I know, it works fine.. It is roughly 1.4m high and roughly as wide (and weighs quite a bit).. so bring a ute, straps and padding. I would really prefer this to go to an architecture student - so if you know of any that are somewhat geeky as well - please let them know. (Or alternatively, if you know of any hideously underfunded Universities who can't afford a plotter and want to set one up in the architectural students' common room etc.. you get the idea..) Oh - as for the "why post it on SLUG" bit: it understands HPGL - so you can use it under Linux as follows: `cat hpgldrawingfile.txt /dev/ttyS0` *grin* I'm in the Sydney metro area.. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] FC: Australian government wants to ban Net-gambling (fwd)
Anyway, to let out another secret about myself, I am an ex-gambler. At one stage I used to put all my earnings, after paying my rent and food bills c. through the Poker machines. I reformed myself and managed to wean myself off them. I personally think gambling is Evil Incarnate. Well, at one stage, I had a roulette habit too. Which was easily fixed - my bank account went to $0 and I stopped. :) Secondly, he doesn't have the right to determine what mature adults should be able to do for entertainment or how they spend their money. Bingo. Thirdly as a technically adept person, we all know how difficult it would be to enforce this law in much the same way as the moronic porn laws. Also there is the question of innovation and production of new net technologies where there is revenue to be drawn. Like all things, in moderation, gambling can be fun but there needs to be some sort of regulation to allow those who wish to participate to do so in some sort of structured environment so they are not ripped off or end up losing their house/car/pets c. rant If anything, there should be educational campaigns - regulation in any form is evil. "Buyer beware" is my motto. I am sick to death of the Australian government (note the intentional lowercase g) handholding the population in *every* situation. And the population gets more and more careless whilst losing those valuable three or four collective brain cells. Hell, I don't have to think before I buy anything! Research before buying a product? Bugger it! - The government will protect me from my own stupidity and shaft the supplier. I don't have to read contracts and fine print which is there for a reason - the government will protect me from my own stupidity - call in the Dept of Fair Trading, the buyer was too stupid to read the T C - give him a refund! It's getting to the point where even the way toilet paper rolls are mounted is legislated - up or down? Compulsory this, compulsory that, legal this, illegal that.. hell, I'd like to make my own decisions thanks. On another note - has anybody noticed that hardware stores can't sell any form of blade to under 16's? That pisses me off to no end - when I was roughly 7 years old, I was using surgical scalpels to build models - my parents showed me how to use them without lopping off fingers and they trusted my ability - quite simple. By 16, I had powertools, chainsaws, access to welders and oxy torches etc.. Now if I turned back the clock and was 16'ish again, I wouldn't be able to go into HardwareHouse and buy a Stanley blade? Excuse me? Is this so the little Homies who hang outside Hoyts, look "cool" and try to mug people don't have easy access to blades at my expense!? Rubbish. Just more handholding and "fluffy feel good" tactics. Hasn't anybody noticed that the general populace is slowly being led into a "don't worry be happy" frame of mind (if they're not already) - don't think - don't use your judgement. We'll tax the crap out of you.. it's OK.. the footy is still on.. what's there to worry about? /rant The labour viewpoint of regulating net gambling is probably the best balanced approach and the lesser of two evils as people will gamble no matter what the law says and regulation at least stops those who cannot help their compulsion from having their life savings syphoned off by the mafia or yakuza or triads or whatever. The whole reason for banning net gambling is that they can't tax offshore gambling sites. Not for any ethical or moral reason. Hell - anybody can still go to Star City and gamble their kidneys away to their heart's content.. if you're going to ban gambling online - then demolish the Casinos as well.. oh, but they can't do that can they? Because Star City is owned by "reputable people" - oh, and Johhny is good friends with them, and Alston gets his high grade smack from the owner of the Crown in Melbourne.. so we'll forget about the bricks and mortar casinos.. throw some FUD at the populace about the perverts on the 'net and then mention "online gambling".. that'll fix'em. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] FC: Australian government wants to ban Net-gambling (fwd)
Sure this does not necessarily directly relate to Linux - but as geeks, this should concern you. Your Government is fucking both the economy, and the IT industry. If there is anything else that can be done to fuck a country, I'd be quite impressed if it isn't already being done here in the "clever country". As a certified geek, I can safely say that Australia smells for me, my industry and most probably my kind. `cat flames /dev/null` //umar. -- Forwarded message -- Date: Tue, 27 Mar 2001 11:43:47 -0500 From: Declan McCullagh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: FC: Australian government wants to ban Net-gambling Other recent articles: http://www.kcstar.com/item/pages/business.pat,business/37753a2e.325,.html Congress needs to regulate Internet gambling 2001-03-27 05:53:09 http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-88-93_STO58996,00.html Wireless industry sees need for self-regulation of 'wireless vice' 2001-03-27 04:56:50 http://www.newsbytes.com/news/01/163672.html Australian Government Set To Ban Net Gambling Services 2001-03-27 05:35:05 ** From: "Dave McClure" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Interactive gambling ban - Media Release Date: Tue, 27 Mar 2001 11:02:40 -0500 Message-ID: 002301c0b6d7$5a1da510$0ace94cd@dave MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal Here is the news release from Sen. Richard Alston, Minister for communications, information technology and the arts, announcing a new effort to ban gambling in Australia. http://www.dcita.gov.au/nsapi-graphics/?MIval=dca_dispdocpathid=5602 ** [text of press release follows. --DBM] Interactive gambling ban The Federal Government will shortly introduce legislation to prohibit Australian gambling service providers from providing online and interactive gambling and wagering services to people located in Australia, the Minister for Communications, Information Technology and the Arts, Senator Richard Alston announced today. 'The prohibition will apply to all gaming and wagering services, including poker machines, casino games, sports betting and lotteries, that are offered on a commercial basis over the Internet or through online delivery systems such as interactive television and advanced mobile phone technologies,' Senator Alston said. 'However, it will not apply to Australian gambling service providers offering such new interactive services to people who are physically located overseas. While it is a matter for other countries to decide how they will approach online gambling, Australia's status as one of the world's leading problem gambling nations demands that we take decisive action to protect the most vulnerable in our community. 'Importantly the regime will not place any obligation on Internet Service Providers (ISPs) to filter or to block prohibited interactive gambling sites. Instead, the legislation will place the onus on gambling service providers to determine whether users are physically located in Australia and, if they are, to prevent them from accessing the gambling site. 'In relation to gambling service providers located offshore, the Government will apply a similar regime to the online content regime whereby ISPs are required to inform and make available to their customers relevant user-based filters. While this aspect of the regime will be complaints based as is the case with online content, it will be administered pro-actively through the early identification of the finite number of overseas gambling sites which will then be passed on to filter manufacturers. 'The regime will not result in any reduction in Internet performance. However, the Coalition Government does not resile from its social responsibility to ensure that the Internet is a safe and secure place for all Australians to enjoy and to use as a beneficial social, educational and business tool. 'The regime will not apply to long-established forms of interactive gambling such as telephone betting. Nor will it apply to non-commercial activities such as office footy tipping competitions or Melbourne Cup sweeps when they are conducted over the Internet. Of course, the regime will not apply to Internet share trading.' Senator Alston said that the Government had taken heed of a recent report by the National Office for the Information Economy (NOIE) which investigated the feasibility and consequences of banning interactive gambling. The report found that the growth of interactive gambling has the potential for negative social consequences for Australia because of the greatly increased accessibility of gambling services. 'In 1999, the Productivity Commission found that there were some 290,000 problem gamblers in Australia with 130,000 classified as 'severe' problem gamblers,' Senator Alston said. 'In
Re: [SLUG] UPS serial cable
On another note, have you tried to email them yet? Every single address on their contact list bounces.. :( //umar. On Mon, 26 Mar 2001, Michael Still wrote: On Thu, 22 Mar 2001, Dave Fitch wrote: I noticed second hand UPS' for sale at www.pcrecyclers.net (checking out those HP machines Simon was looking at). They're Sola 510 600VA models and look quite good for $149. They'll add the serial cable as well for an extra $18, so my question is: are they special cables? (I remember hearing something about UPS' taking special cables before?) Cos if they're standard ones I can dig up an old one off a modem and save $18. They are not normally standard serial cables. The pinouts are weel dinfied (usually), so you could just make your own... The batteries are quite heavy for a good UPS, so shipping might make the exercise a little expensive. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Sun optical mice
is that supposed to work?! (printing it out) I just assumed the Sun mats had some kind of "depth" (like the way CDs work). It's just a grid.. a shiny one mind you, but still a grid.. so it should work.. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Hacking of my box
Peter, I'm assuming you don't want to do any serious forensics on it.. and this is just for "fun" so: 1. Unplug. 2. Assuming not a very sophisticated cracker (the git looks like he forgot to trojan ps, or didn't setup the config files properly *sigh* and you discovered it pretty easily), mount a cdrom with statically compiled fileutils (e.g. find) and use that binary to search for whatever file you're looking for. 3. Failing that, if you're absolutely positive that you *really* want to find bindname.log - strings /dev/hda[1-x] or wherever.. | grep bind. Don't forget to do that to your swap as well.. Once you've found the slice with it in there, pull out TCT and play with grave-robber etc (if it has been deleted). Or alternatively, grab a statically compiled version of lsof and run it from CD to find the process and strace it etc... there's no prescriptive definite.. it all depends on how much "fun" you want to have and what you consider "fun".. 3a. For more fun, you may want to poke around /dev etc and look for dodgy directory entries like ".. " etc.. 4. Once you've had enough fun. Rebuild the box completely (you may want to save the bind binary that is being run for later analysis for more fun if you like.. but remember, we're assuming "fun" here - not forensics, because we've already ruined our evidence.. :) 5. netstat -an |grep LIST on the newly built box and shutdown every single damn thing that you don't specifically need/want and make sure they don't come back back after a reboot! 6. For those services which you do want/need - upgrade their packages. 7. Reboot. 8. netstat -an|grep LIST - is this the output you want? 9. Plug the box back into the network. 10. There always has to be a step 10 in instructions right? .. so yeah.. step 10.. noop(); Needless to say, I'm not taking into account other boxes that are on your network and whether you ftp/telnet etc between them or not - if so, assume that he was also running a sniffer and has done other naughty things, so verify all your boxen are healthy and change all your passwords etc.. and if not already, use ssh/scp etc.. If you kept private keys on the box, you may also want to change them too.. //umar. root 21835 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind 208.130.87.63 -v r as well as root 21297 0.0 0.6 1088 380 ? S N 11:22 0:00 tail -f bindname.log but I am unable to locater any file called bindname.log on my system ?? -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Slugs
Slug Libido Understanding Group ? //umar. On Thu, 22 Mar 2001, Howard Lowndes wrote: Arn't they hermaphodite anyway -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Slugs
My comment segfaulted... *grin* //umar. Slug Libido Understanding Group ? //umar. Gotta love those recursive acronyms :-) Dan. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] XMPS - sound but no video..
So you ended up using avifile? Or can you use the windows dll's with xmps as well? As long as I don't have to physically *boot* that dirty OS, I'm more than happy to use the DLL's.. :) //umar. On Fri, 16 Mar 2001, Jeff Waugh wrote: quote who="Umar Goldeli" Fire it up, open a video.. and whammo.. I've got sound, but I've got no video - no little playing screen, nothing.. The interface itself gets drawn etc.. but the video itself doesn't want to play.. the sound's great though.. :) I had the same trouble with OpenDivX... I ended up copping out and using the Windows DLLs and the plugin for them (which worked quite well, but I'm told that OpenDivX does too when it behaves). I suck, but Office Space was very funny! ;) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] XMPS - sound but no video..
Greetings, I've just downloaded a whole pile of libraries, installed them and finally got xmps-0.2.0 compiled and installed.. I then installed the opendivx plugin.. Fine. Fire it up, open a video.. and whammo.. I've got sound, but I've got no video - no little playing screen, nothing.. The interface itself gets drawn etc.. but the video itself doesn't want to play.. the sound's great though.. :) Any pointers would be greatly appreciated. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] Perl Help - reply..
Oops.. I deleted the email before I got to reply to it.. but I think it was a Bronwyn that asked the question about cookies + perl... :) Anyway, something along these lines: ncftpget \ ftp://mirror.aarnet.edu.au/CPAN/modules/by-module/CGI/CGI.pm-2.752.tar.gz tar -zxvf CGI.pm-2.752.tar.gz cd CGI.pm-2.752 perl Makefile.PL make make install perldoc CGI /cookie /cookie /cookie (until you get to the bits about cookies) - #!/usr/bin/perl use CGI; :) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
filtered, but that won't stop them. If a cracker wants to spend time rooting
the firewall I wish them well, at least while they are trying to get root on
the firewall, they aren't trying to attack other hosts.
This has nothing to do with man pages anymore but as an aside, you're
assuming that he wants to attack other boxes.. what about if he wants to
sit and sniff.. and later collect his goodies? How many admins check their
segments regularly for promisc interfaces (use switches to mitigate risks
please!)? It could be months before someone realises... and by then
they're most probably gone without a trace. Especially if they're looking
for something specific, in which case his strange tcpdump
big-arse-nasty-filter|grep combo won't output much at all and he'll
output it to "/dev/pty2345" which won't grow beyond 2k in months etc..
Anyway, he'll need root to put ethx into promisc mode.. Or what if he
wants to modify data going through the firewall for his own purposes with
netsed or similar? Think of how many thousands upon thousands of
applications are poorly coded and will quite happily accept packets
modified in transit.. think online banking, think shopping apps, think
live stock feeds etc... sit there and modify the share price of BHP down
or up by 10% for a day.. and then switch it around the next day.. confuse
the hell out of people and cause them to make silly mistakes.. or fiddle
with the data feed of a large merchant bank you've taken the firewall
of.. hey, you can make money out of this..
Of course we're assuming lots and lots and lots of things here, but you
get the drift..
There are a myriad of scenarious here. Any time an attacker spends on
*any* of your boxes is Bad Karma(tm).
Correct. As well as seemingly harmles binaries like "uname" and even the
layout of the filesystem.
Removing uname isn't going to buy me much.
find /proc -exec less {} \;
/proc is bad, mmmkay.
*grin*
I've never tried to run a box without proc, I might give it a go.
Bad Karma(tm) if you're using the box as a "multiuser" box.. if you're
just running it as a firewall with no actual users doing stuff on the box
- you should be fine.. just don't try anything exciting.. :)
You bring up a good point about ntp auth, obviously ntp will be
filtered, but that won't stop forged packets (and unfortunately,
neither will some of our routers (yet)). I wonder if someone could
send bogus ntp packets and shift the time on the firewall?
If you're running the xntpd as a "brodcastclient" (which I've seen a lot
of people do, as they get the router on the segment to be an ntp master
and get it to broadcast).. then yes, very easy to set the time remotely.
However, if you're logging elsewhere, and they change your time, it
doesn't really matter, as the logs you'll have elsewhere will show that
the time looks "strange" (in fact the syslog on the remote
logging box will timestamp it itself and the box that doing the logging
won't offer a timestamp at all)..
However if you're strange/paranoid/etc you can get syslog to "mark" every
x minutes etc.. and gauge it that way.
(note that these aren't ideal situations, but ideas to aid).
//umar.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
Theres no c compiler (but they could upload bin's I suppose) but there is
perl, I'll have to check if perl is needed.
Uploading a compiler is hard.. why not upload a binary straigt away? :)
But remember - if there are no ready tools, they'll find it very difficult
to readily suck a binary down in the first place.
Unforunately, at the moment it has a proxy running.
Eek. Put a proxy behind the firewall?
Agreed throughly about the turn of all listening services bit. :)
Sorry, did you say something?
When you're first setting up the box, make sure you Detonate(tm) all
listening services that you don't specifically want. The less ports
listening, the better ("none" is good. :)
Printers run out of paper (printer DoS), with some printers you can reverse
I like this one.. I can see a script kiddy doing that now.. :)
the paper back and write over stuff making it unreadable.
Well the men in green have appropriate printers for the job with lackeys
always watching the paper etc.. but hey, this is not my ideal solution.. I
like trees.
//umar.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
Or try two part authentication, ala secureid.. or at least SNK (challenge response) as a minimum.. it doesn't fix the problem, but makes it more difficult. //umar. the problem is not so much the key being in memory (it needs to get into memory if it's ever gonna go through the cpu) but that when that memory gets paged to disk it can potentially be read by someone else later; you don't want that key you've taken pains to put on CD to be sitting in the swap space of every box you use. the software that accesses the data has to handle this. see mlock(2) Conrad. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
You just missed Alan Cox by a few weeks I believe! :) //umar. What sort of time/date/places do the Linux gurus, or those who others might consider to be gurus anticipate being around. I anticipate I might have some beer money with me (8-) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
Hence why you use stateful inspection firewalls, not ipchains. ipchains is completely unflexible in this regard. It works, but even so, let's face it, stateful inspection in regards to UDP is still a kludge. ;) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: Security Breaches
Bollocks. Yes it's true that your kernel is suspect, but when you arrive at the scene and want to preserve forensic data in a useful state, the last thing you want to do is reboot. It's a tradeoff. The main thing is to get a disk image. And chances are that your statically compiled "dd" will work happily. Then you run cryogenic or similar. If you're really keen, you get dumps of ram and other goodies for some even keener person to fiddle with later. After you have preserved your data, ten you can think of rebooting.. in fact, let me rephrase that, you don't reboot. You pull the plug. A lot of the time, systems are triggered to hide traces etc if rebooted or shutdown cleanly. However, your course of action depends entirely on what your goals are.. do you want to analyze data? Or do you just want to get back in production in a clean state? If it's the latter - you can ignore the CD anyway, because you need to blow away the box WHOLE anyway. It can't be trusted anymore. //umar. Umar Goldeli [EMAIL PROTECTED] wrote: Every admin should also have a statically compiled set of tools on CD btw. Not only can binaires be trojaned, but so can libraries. But the same thing can happen to the kernel... Time to reboot with the CD. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: Security Breaches
dd will not affect the atimes on the files on the filesystem. dd is your friend. //umar. Oh one more thing - it will alter the atime on /dev/sdb1 (or whatever) - but that's not exactly going to be useful anyway. If your backup software didn't preserve the atime then perhaps it's time to use something a little bit more sophisticated. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
Stateful inspection is the only way to come remotely close to securing UDP without stepping to the point of not using it at all. UDP == evil. *grin* (but this is getting way OT ;) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report - advice. :)
We were advised to turn sshd PasswordAuthentication off because it allows clear text passwords. hey? That doesn't sound right. pass PasswordAuthentication allows the use of an account even if you don't have a key on the box.. i.e. all you have to know is a username and password.. and you're in. The best way to do this is using keys - this also makes access control easier on the box. So in effect, you should have a separate /etc/passwd user per admin and in ~/.ssh/authorized_keys (ssh1) you should have the public key of the admin. PasswordAuthentication should be set to no, and PermitRootLogin should be set to no. This way, if someone ssh's in, not only must they have the private key component belonging to the account, but they must also have the passphrase to decrypt it. Once they're in, they should su to root. This way, you have a much more robust authentication scheme and it will also leave an audit trail of which admin su'd to root etc. Mount partitions read only where possible. I guess this is a good idea, but in what situation would this add security? You need to be root to be able to write to the partitions that I could mount read only, and if someone gets root, they can remount partitions read write. Two assumptions/problems: 1: you're assuming that they eventually get root access. This is not always true. Most remote exploits allow an attacked to only get a non-priv user on the box. From there, they must get root. Run all daemons (where possible) as non-priv users. 2: Forensics: unmounting, remounting, fiddling and generally playing with filesystems leaves marks. The more you fiddle, the longer you're on the box and liable to be caught. The more you fiddle, the more a chance that you'll leave a trail of sorts. If you have to leave in a hurry and you've left the system in a non-original state (i.e. mounted rw instead of ro) after you've trojaned the binaries, there will be a much greater chance of it being noticed. Remove man pages. Again, I can't see the harm in doing this, but I can't see the point. If you don't know what to do, why are you fiddling with box. Basically, if someone gets in, man pages help them know the particular variety of your box. Just makes it harder for script kiddies, dorfs, staff wanting to create ICQ holes, etc to fiddle. Remove anything nd everything that doesn't serve a purpose on the box, including libraries, and config files not needed by what needs to run. Everything on your system is info for an attacker. This is especially true if the box has been "inherited" or if it has been setup by someone else who used an "easy install methodology" which asks you a bunch of questions like "your mail server", "nameservers" etc etc.. if I'm on your box and I don't know your environment, and I don't want to immediately portscan your subnet and put your eth into promisc mode, I can always poke around in /etc/*/* and look for config files which will point me to other boxes on your network perhaps.. or I may be able to find implicit trust relationships which will aid me in my next step of taking your network. Remove unnecessary binaries. A good idea no doubt, but the firewall doesn't allow shell access, and the way I see it is if someone gets shell access they can upload their own bin's. Yes, but they still have to upload them, which takes time, which increase the chances of discovery, etc. If you don't need it, then it shouldn't be there. Absolutely. As above - remove anything and everything that isn't needed specifically! Think of it this way, I'm on your box, I have a shell as user "named" (sound familiar anyone? :P ) .. what's my next step? The next step depends on what I want to do.. let's assume I want root.. ok - I'm named and I need tools. Ok, let's assume I'm a script kiddy.. the first thing I'm going to do is to perhaps wget the LRK (linux root kit) or ftp it down.. or perhaps figure out exactly what kernel I'm running etc or scan through your pacages and libs to find known vulnerable ones.. then I'm going to most probably download an exploit.. How do I progress if there isn't a /bin/ftp or a /usr/bin/wget? There are other ways to get your tools down, but remember, most of your adversaries are clueless script kiddies who will most probably give up when they realize that they can't get their root kit or exploits down.. Every additional thing you have on the box is an extra tool for an attacker. Don't give them any more help. It doesn't mention it in the report, but would mounting /home, /tmp and /var with noexec help? It might stop a non root user from running their own programs, but it won't stop root. Again, you're assuming that they *initially* get root access. If you're in as user "squid" chrooted to /cache with only access to /cache/cache1 and /cache/cache2 which are mounted noexec and nosuid, what next? //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info:
Re: [SLUG] Firewall security audit report
I concurr with Howard - but their suggestion is legitimate - but for a different reason. PasswordAuthentication means you're relying upon users to pick sensible passwords. Its actually best to make sure nobody but your administrators have access to your firewall systems Unfortunately, nothing can fix this, PKI or Password Auth, both require passphrases/passwords.. nothing can substitute good education. At least with PKI - the damn key has to be on the box and the attacker has to posses the private key before (s)he can start brute forcing. It adds no real security IMO. It just makes things a little more awkward, both for admins and for people breaking in - but it doesn't grant you any great gains. It does. See previous post. You are assuming initial root access. Security through obscurity. Bleh. Get lost. Obscurity doesn't gain any security. It does. Especially whne you consider that most of your attackers are going to be 7337 script kiddies. Imagine a script kiddy on a box with no commands to run except for the shell built ins and no man pages in a chroot environment.. $kiddy-go_home(); Removing binaries just means the attackers have to get them in via some other means. Indeed. You're buying time. Time is good. If your attacker can't readily telnet, ftp, ssh, scp, rcp, wget, lynx etc - he's going to have to try much harder. And what also happens if there's no compiler on the box? And better yet, your border router acls do not allow connections ORIGINATING from your firewall outbound? Better yet... Shut down *ALL* listening services. Log to a remote system behind your firewall, make sure you can only log into the console, etc. The best way to protect a system is with the minimum footprint approach. You can't compromise a service that just isn't running. Agreed throughly about the turn of all listening services bit. :) And those services which are listening - bind them to specific IP addreses (preferably on the "inside") and make sure they're running non-priv. As for logging - the safest way to keep logs is to have a serial printer attached to your console and dumpit all on to paper and focus on physical secrity of the box. Do what the military does... not veyr practical, but once written, your logs are there forever. ;) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
The good old firewall audit... Yet to find an auditor who returns a worthwhile report... It is only too true... most "auditors" are not very useful.. *sigh* Of course, you could just upload something into a different partition which is read-write (/etc maybe?), but given that we're talking about a firewall, every little bit helps! The fact that some script kiddie can't just run But Scott, then you mount /etc noexec. ;) In particular, you should make sure you have as few suid/sgid programs installed. Even programs which normally need SUID to run can probably have it dropped - it just means you need to run them as root. There are pros and cons of this - there is very little on a firewall that needs to run as root when you think about it. The one binary in particular that shits me is ssh - remove the SUID bit on it..*sigh* Also, mount anything and everythig you can nosuid. Doing all of the above might mean that your firewall is now (say) 2% more secure. If this was any other machine, you probably wouldn't be to worried by such a small improvement, but when you're talking about a firewall, every last thing helps! Indeed. A lot of people say security through obscurity is not worth it - but it is - it buys you time.. whether it's a week or 10 seconds - it's time.. well worth it. (There are actual formulae whihc can help you with cost/benefit/risk analysis, but these aren't exactly too useful). Some of the above may fit into the security-by-obsecurity category, but as far as I'm concerned, security by obsecurity never hurts - as long as you're not relying on it as your primary defence. We live in a world where exploits to the latest bugs are in the hands of the "hackers" of the world within hours of the bugs being found. If your extra security measures mean that the default exploit fails on your machine because /usr is mounted read-only, or because /usr/bin/lpr isn't install on your machine then they will move onto the next machine - even if yours is still vulnerable to the bug using a different exploit! Hopefully by the time a "real" "hacker" decides to try your box, you'll have had time to fix the hole. Absolutely! Our standard Solaris build for a server which sits on the internet (not actually a firewall, but similar) contains about 50 megs total. It listens on a single port (ssh, but not on port 22), has two SUID binaries (su, and something else which i forget), has /usr mounted readonly and every other partition mounted nosuid, and only runs about a dozen processes (plus any for whatever the machine is for of course :) Sounds like a good plan.. I see way too many companies without a standard tightened build for unix boxen.. it also makes life easier for admins. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
Non root users can't write to it because of file permissions, root users
can remount it read write. You haven't convinced me. Reading other peoples
responses I can see some value in it.
You've said it yourself - root can remount rw.. again, you're assuming
initial root access. :)
Are you talking about syslog out a serial port?
Is that a trick?
It's an oldie but a goodie. Or alternatively encrypted syslog to another
machineor a compromise with cron jobs and scp etc... it depends on your
environment.
I've even seen a box with a cd writer and a cron job whch writes
multisession disks every hour or so (can't remember exactly) and they
change disks once a day.. :)
temporary files in ram,
I guess I should check the archives for this one.
Bad karma. Volatile logs are not good.
boot off CD,
If someone has physical access there is little that you can
do to stop them getting in. You could slow them down but thats all.
ie password protect the bios, disable booting off removable media,
password protect lilo, etc. But that still doesn't protect the box
from physical access. And if someone has physical access, why bother
with the firewall at all? Just disconnect the firewall and plug a laptop
in.
First rule of security - if it's not physically protected, you can ignore
the rest. Don't bother. I can do anytihng I want to your box, password
protected, whatever.. just give me time. And as you said, if I want access
to your network, and a little subterfuge is ok, just plug in a laptop ora
smaller machine and hide it and put an "any, any, any" rule on it..
A lot of security is handled by the "three B's": "Burglary, Bribery,
Blackmail" (phrase courtesty of some ex-NSA person whose name I can't
remember.. :)
I may not know as much as someone like yourself, but that is the reason we got
the security audit.
Remember, as long as you're trying, you're in the right direction. It may
take time and it may be complicated, but every bit helps. Fiddle to your
hearts content, and ask for advice often. :)
if someone gets in, man pages help them know the particular variety of
your box.
Are you serious? if someone gets in the game is over, they already know enough
about the box, wouldn't you say?
The above statement is not exactly correct, but yes they do know about the
box somewhat, and even if the man pages help them for 30 seconds, it's too
much.
There are bigger give aways than man pages though.
less /var/lib/dpkg/status, and I assume a similar way for redhat.
Correct. As well as seemingly harmles binaries like "uname" and even the
layout of the filesystem.
Yes, but they still have to upload them, which takes time, which
increase the chances of discovery, etc. If you don't need it, then it
shouldn't be there.
I agree, but really, you're over stating how hard it is to upload files.
It's piss easy to suck down a root kit onto your average firewall that
you've broken into and have a shell of some sort.Especially since every
forgets about outbound rules and concentrates on inbound rules only.
Users can't get an interactive shell on the firewall, at least thats the aim.
We are in the near future going to remove X forwarding via ssh and remove the
need for having user accounts on the firewall.
We have been advised to run ntp on the firewall so log time stamps are in
sync. Another potential access point.
Bind ntp to a particular interface and only allow port 123 from your ntp
server, also turn on the funky auth features (or you could do ipsec to
your ntp box ;) Or another method I've seen is to have a private network
(a separate nic just for ntp and syslog traffic - but remember, this
becomes another layer to secure and protect etc..)
But yes,timestamps are extremely important.
Even on the inodes themselves.
shameless_plug();
sub shameless_plug {
print EOF;
Speaking of inodes and forensics, I'm currently in the process of writing
a forensics package which will generate a full report on the box after a
compromise, normalize and sanitize the data as evidence to aid in
prosecution/analysis etc..
Coming soon (err.. well in a few months anyway.. :)
EOF
}
//umar.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
*Every*time. :) And the procedure is pulled form an outdated copy of the ACS "audit questions guide" or simply the output of: /bin/satan-like-product address-range :) //umar. On Wed, 28 Feb 2001, Howard Lowndes wrote: How many times is this a service provided by a large accounting firm using green behind the ears accounting grads with a minor in IT. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report - advice. :)
mounting noexec and nosuid? man mount also, mount it "nodev" as well for flavour. :) //umar. On Wed, 28 Feb 2001, Howard Lowndes wrote: OK, next question. What's the RTFM for this? -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Security Breach
Feb 28 01:53:07 emu portmap[12152]: connect from 202.157.133.184 to getport(status): request from unauthorized host Why are you rnning the portmapper? Turn it off if youdon't specifically need it. a "netstat -an | grep LISTEN" will show you "evilthings(tm)" ;) If you don't recognize it as something you specifically need - turn it off. :) Either way, chances are that this is not how they got in - he probably did an rpcinfo -p yourip or similar and your config recognized that he wasn't allowed. As above - if you don't need portmap, turn it off. Has anyone come across something similar? I've no idea whether this is the result of a trojan, or whether someone managed to gain access to my machine (although if they did gain root access, why mail out a passwd file?). Any thoughts? Remember - root access is generally the *eventual* goal... just because he got in as userx, doesn't mean he has root, or even a shell for that matter. It could be as simple as a buffer oveflow with something like "/bin/mailx /etc/passwd [EMAIL PROTECTED]" etc.. (or somehting like that).. It could be anything.. either way - you know that something has happened. Make an executive decision to decide if it has (I think it has) and pull the box from production, rebuild it, secure it, patch it, then change all user passwords (if any). If you can, pull the box out of prod and put in a new box while you examine the compromised one. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
RE: [SLUG] Security Breach
"netstat -ean" will tell you which uid is listening on those ports. //umar. On Wed, 28 Feb 2001, [iso-8859-1] Bernhard LĂĽder wrote: Hi, In this context. What is port 587 and 1024. I couldn't find these in /etc/services tcp0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:10240.0.0.0:* LISTEN -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: Security Breaches
a "netstat -an | grep LISTEN" will show you "evilthings(tm)" ;) Not necessarily. Some rootkits have nobbled the "netstat", "ps" and other system binaries, so that they don't show up suspicious processes/listening ports/logged in users. Agreed thoroughly. But remember, this is assuming you have made the executive decision and considered your box compromised. Every admin should also have a statically compiled set of tools on CD btw. Not only can binaires be trojaned, but so can libraries. If anyone has managed to get access illegally, you _MUST_ assume that they have root access. There is no way you can assume that they got in as a normal user, and managed to find a way to access privileged information. I agree with you. However it really depends on your motives and your course of action. This discussion is academic. It could be anything.. either way - you know that something has happened. Make an executive decision to decide if it has (I think it has) and pull the box from production, rebuild it, secure it, patch it, then change all user passwords (if any). If possible it would be good to pull the box out, and compare the system to the distribution RPMS - you can compare the RPMS and see if anything has changed. That way, you can send information to AusCERT and CERT. Bollocks. Before even *thinking* of doing analysis, dump the filesystems with dd onto tape, make two copies and impound the compromised box. Start a log in a notebook (paper) and note exactly what you do and who has which tapes to preserve the "chain of custody". Then take one tape as your analysis copy and remount those filesystems on loopback (ro) on another box. Then and only then should you analyze. Remember boys and girls, the instant you do a cat /etc/shadow or anything - you are destroying evidence. You are modifying the atime records on the inodes at the very least. There is no chance in hell you will prosecute after this. Maintaining integrity of forensic data is an art form (especially if you wish to prosecute - well your CIO will want to anyway). Then you rebuild from distribution media. I wouldn't rely on backups, as you don't know exactly when they managed to hack into your machine. I agree with Rebecca here in regards to not trusting backups. But this brings me to another point.. well argued with many people.. why backup whole filesystems at all? Especially in a secure/firewalled environment.. I tend to believe in backing up config files only - no binaries.. as you may see, there are pros and cons of doing this.. but it depends on your environment and requirements. And you expect them to give you any clues? You should assume that they broke in, and removed most traces of the hack. A casual inspection would most likely not show anything to be amiss. They have already left many clues. /etc/inetd.conf is a big one. ;) However, if you have Tripwire or something similar, you can determine which files have been changed. You'd have better luck with Veracity. Another thing to consider is to use IP Chains or IP Tables or something to provide some form of defense against portscans and stuff. It's not going to stop them cold, but it can help slow them down. Portscans are fine. Everybody gets portscanned everyday. The important thing is to not have any vulnerable services or a vulnerable kernel. Use ipchains etc to only accept packets destined to services which you intend to provide. Don't forget your outbound acl's on your border router! Also - don't forget to protect your routers.. and also use them to protect you. Perhaps we should have another SLUG meeting on security with a QA session or a BOF session (or even a BOFH session ;) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: Security Breaches
...or keep this discussion on list for those who cannot get to SLUG meetings. Or both.. I'd be happy to do a presentation or a QA session on security if anyone's interested.. and consdering that a lot of people on this list are admins or working in IT - it'd be quite good to keep it on methodology as opposed to specific products/tools.. this way general solaris admins or network engineers could also benefit..? BTW, when you do a backup to tape, would that not alter the atime? Note - not "backup" - a "dd" - atime only changes if you access the inode directly - a dd will use the device (e.g. /dev/sdb1) as opposed to the separate files on that filesystem. dd is your friend.. I always have a statically compiled version handy when going on-site.. don't use the dd on the compromised box if you can help it! And if at all possible, try not to touch the keyboard much when you get to the scene.. take a photo beforehand if possible and maintain a log of who comes in/out of the area where the compromised box is. Remember - you can't prosecute unless you have perfect details which aren't "questionable" - be surgically precise. The only problem with atime records is when you're playing with squid etc and a lot of people put their cache partition in /var/cache or similar and mount /var noatime - which sucks for forensics, but will certainly make your squid fly. ;) (you should whack squid elsewhere btw! :) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: Security Breaches
BTW, when you do a backup to tape, would that not alter the atime? Oh one more thing - it will alter the atime on /dev/sdb1 (or whatever) - but that's not exactly going to be useful anyway. With the /dev tree - mainly you're concerned with dodgy devices - a lot of people make a /dev/rpty123 or some other unixy sounding device filename to hide things.. One of the things that Umar's Dodgy Forensics Package(tm) will do is go through /dev and yell if it sees plain files that should be there.. I'm thinking of having an option like "Lookfordodgythings" and allowing various levels of paranoia.. but I want to keep the tool out of the analysis side of things and keep it purely for reporting/sanitization etc.. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] deltree equivalent
Yep, equivalent is: cd / rm -rf * Oh S***T! //umar. Hi, Is there an equivalent in Linux to the DOS deltree, that will remove folders, files and .files without confirmation? Such a fun command on a Windows system, generally goes like: cd / deltree * Oh S***T! -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Why do all mail servers suck? (Maildir + POP3)
Err... why not just use vpopmail (from the same people who wrote Courier-IMAP) - www.inter7.com :) It's fantastic - will also auth from MySQL etc... very funky. //umar. quote who="Andrew Reilly" I thought that the server daemons were really nice, but all the IMAP _clients_ sucked... Heh. They're getting better. Slowly. What's the problem? Doesn't it compile without the rest of the qmail stuff? I'm looking for other avenues before using qmail-pop3d, as I'm not fond of the license, and for various reasons I'd prefer something supported by my distribution. What server are you using with maildirs if not qmail? Courier-IMAP (which is very nice so far), with postfix as MTA. - Jeff -- [EMAIL PROTECTED] --- http://linux.conf.au/ -- The Unix Way: Everything is a file. The Linux Way: Everything is a filesystem. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] BIND vulnerability.
I'm not sure whether this was mentioned on SLUG, but all versions of Bind below 8.2.3-REL are vulnerable to a remote root exploit - already available in Script Kiddy Format(tm). The Redhat packages are already avaiable at mirror.aarnet - as is the source at www.isc.org Please tell your fellow admins, because the last time this happened with bind, there were whole piles of rootshells created all over the 'net. Oh, and don't forget to hide your version.bind in your chaos class for a bit of obscurity. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] LARGE files...
Greetings, My brain may have stopped, but is there a way to create files under Linux (on a 32 bit platform) greater than 2Gb? If I were to take a dd of /dev/hda1 and dump it to a file to mount later via loopback and the /dev/hda1 slice is larger than 2Gb.. what does one do? Danke muchly.. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Fixed frequency monitor
I don't knwo about your monitor in particular, but I managed to get a really old 19" Sun moniotr happening with X... fixed freq - not video card (using standard VGA card).. The trick is to pull it open and play with it until you get the hsync and vsync right.. the larger monitors will usually work if your card is driving at 1280x1024 and you fiddle enough (look at the specs of your monitor to be sure).. Mind you, it will *only* work when in graphics mode (i.e. X) .. whne you're booting you'll just see fuzz. :) //umar. I've been given a cornerstone 21/76 monitor and a graphics card to go with it (an ImageAccel 2)... can I get it to work in X? best I could do is unsupported vga - a bit of a waste. I suppose I could give it to the kids to use on a winbox.. hope not Extremely unlikely. The Cornerstone web site has drivers for the IA2 for WindoZe 3.1, 95, NT 3.51/40. and OS/2 2.11 and 3.0, as well as BIOS updates. Gertting these things working under WindoZe is difficult at best. Getting them running under X is most likely impossible. As far as I can tell, not even Metro-X supports this card, so I'm guessing you're shit out of luck. DaZZa P.S. Cornerstone is at http://www.bigmonitors.com - maybe you can send a product request and ask. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] nsa developes secure version of linux
There's no "pestering" about it. They flat out demand it. The NSA is the sole reason it was so fscking hard to get a 128 bit browser outside the USA for years. And that pretty much suggests that they're comforable with breaking it now.. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Learning to program
I have a mate who swears Miranda is fantastic. It would be pretty hard to get a job writing it, though :-). Mind you, it would probably be at a university somewhere, so it could be the best job in the world! I think Miranda only exists in Unis... :) I don't think perl is a BAD language, just that so much bad code is written in it. All those funny symbols and the fact that people tend to treat everything as a one-off and not document it well. I can't remember ever seeing a perl program I was able to understand well within a reasonable amount of time ... other than the ones I've written, of course :-). Don't get me wrong.. I LOVE Perl!!! .. *smooch* .. If written neatly, I find it very readily understandable.. but then again - that goes for *any* language.. it's the coder, not the language that makes code bad. :) (with the exception of some inherently leperous languages of course.. no names mentioned! :) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Learning to program
I would have thought that the "fruit" of that one was evident! *grin* Seriously though.. teaching kids at uni languages that are completely and utterly useless (and UNSW still does this - Haskall (sp?) - a Miranda replacement or somehting.. is a complete and tter waste of time.. I mean what use is a functionally orientated language which can't do much apart from using it in a mathematical context? Why do a grade of 300 comp sci students have to be put through this so that perhaps 2 will be interested enough to pursue a career in mathematical coding? Why not make it an elective? On another note - comp sci is ust getting stupid nowadays anyway - you can actually get through a degree without touching anything but silly macroturd things.. and M$ Access to be a "DBA"... *blech* //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Poland taxes GNU/opensource/freebeer
Just hope the ATO doesn't see this thread...:-( Well if it makes you feel any better... Big Brother *IS* watching... I was recently (a few months back) asked for advice from the ATO regarding tracking any and every online transactions/sales/commerce etc etc.. I did my best to instill the concept of "bugger off, don't bother - the data you need will be provided by the banks ultimately anyway".. but we'll see. Australia = Overregulated Police State. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Net Slowness... Telstra Dirty Tricks?
telstra's backbone for the a slice of the reduced capacity. if bigpond is getting preferential treatment, all the other ISPs should be kicking up a fuss... Bigpond undoubtedly gets preferential treatment, and the ISPs certainly have been complaining.. But what can you do against a monolith with a legal budget which is larger than their tech budget, which in turn is greater than the GDP of some countries. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] bandwidth co-op... really!
This is a legal landmine.. especially if it is for commercial purposes... you may need a carrier license. If in doubt, ask the ACA.. they'll know how to shaft^H^H^H^H^Hhelp you. Welcome to the Overregulated Country. www.aca.gov.au and also the Telecommunications Act.. thousands of pages of crap. Good luck. //umar. I know this is off topic but it comes up now and then... and yet I can't find an email on it in the archive :-( Is anyone familiar with the legal issues with sharing a regular (not cable where special conditions are written in) internet connection over say a wireless link? Is there a resource on the web? -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] bandwidth co-op... really!
JUst stick a firewall in, and they won't know...:-) Ahhh.. if you mean encrypt the data.. then that's illegal. If you look hard enough at the legislation, you'll see that even amateur radio links (i.e. packet radio etc) aren't allowed to be encrypted. Please fork out $100k+ for an application for a carrier license and feed the "needy" bloated fsckers^H^H^H^H^H^H^Hgovernment. *blech* I hope someone will point out that I'm wrong.. but I wanted to use packet radio to get some data down to Melbourne from Sydney and I had a chat with a few people and they said "encryption = evil, you will get shafted on your amateur license". In fact, strictly legally speaking, your ISP can't offer you a point to point 2.4Gz spread spectrum link even if you're across the road from them, unless they have a carrier license of sorts. (This was discussed at length on "OZ-ISP" some months ago.. so if you're interested, have a poke through the archives..) "...for we are young and free..." - bollocks. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] bandwidth co-op... really!
It's my understanding that 2.4Ghz below a certain power level is completely unrestricted. (http://www.air.net.au) and links thereof. This power level certainly could be applied to line of sight links of a few kilometers. I'd be interested in evidence to the contrary. If you're carrying third party/commercial data however, everything changes.. I can't give you a URL or anything, but have a poke through the OZ-ISP archives - there was a huge argument after a "networking vendor" spam-faxed all ISPs with "become a WISP (Wireless ISP)" garbage. IIRC, the outcome was that it was a "no no" for ISPs without a carrier-license.. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: bandwidth co-op (was:web hosting)
unreliable. If I'm paying for hosting, I want it to work for everyone, not just IT PHD's. Or Windows users for that matter. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: Netscrape 6 is here
I've yet to install it. I'll let the list know if it trashes my machine ;^) I wouldn't bother.. not unless you like having hundreds of "Shop at Netscape.com" buttons and other cruft all over the place... They've even included a horrible "addition" to the "Print" button.. it pops up two options: "Print" or... (wait for it...) "Print Plus" (takes your browser to netscape printing merchants and printing supplies etc).. It's sad really. Go for a Mozilla nightly build... be happy. :) www.mozilla.org //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: Netscrape 6 is here
Perhaps with a bit of fiddling, the cruft can be opted "off". I'd be interested to find out too.. but I tried and failed.. Would anyone know if it is easy to backoff the Netscape 6 release? Yep. :) rm -rf /usr/local/netscape //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] multiple POP-3 servers on one machine
Then what does apache virtual hosting do? It looks at the HTTP "Host:" header in the request. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] multiple POP-3 servers on one machine
Certainly sounds better than my theory, that's for sure. :) Nah. For each Listen ip:port as configured in httpd.conf, the parent Apache process bind()s a socket to that ip and port and hangs a listen() on it. As many as you have specified. Whenever a request comes in on a ip,port it is farmed off to a child task to process, and another bind()/listen() is done to listen for the next incoming request on THAT IP AND PORT. If you've done any pre-forking/multi-ip-port server code, the above methodology will be familiar. For those who want to learn more, there are some excellenet chapters on this very topic in "The Perl Cookbook", towards the end of the book. So all I really want is a preforking multi-IP highly configurable POP-3 server that functions basically the same way that Apache does. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] multiple POP-3 servers on one machine
Unless you are doing IP address based virtual hosting, which is what I am using. In which case I can't tell you *exactly* what apache does - but I can give you a feasible method.. :) Basically in terms of a threaded application, you can always get one process to bind to port 80 and listen. Everytime a request comes in to that particular port (since there is only one port, regardless of the IP it will go to that port anyhow) the process can look at the connection struct which will include (amongst other things) source port, dest port, source ip, dest ip for that that particular stream.. it would then be a trivial task for the process to serve the appropriate site based on the dst ip. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Redundant Email systems
places when the other box comes up and you would have to find a pop client that would deal with that. Unless you have a third box which NFS servers /var/spool/mail then you could setup both boxes as primary MX's and allow either of them to deliver. But you need to make sure you get locking right. Locking? Qmail. Need I say more? :) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Routing Book
A friend of mine actually just bought a book called "Linux Routers" (I think) - a had a quick flick through it, and it had everything from LRP to which WAN cards worked best etc... it's hardcover and definitely lives at tech Dymocks in the city... have a look.. :) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
RE: [SLUG] remote printing acorss Internet, possible ??
Doesn't lpr or lprng work over the internet? Can't the clients just insert a hostname and then print to that, as long as the permissions are ok then it should work right? It will - but are the people running the lpd on the printhost happy to open gaping holes in their firewall? ... in fact are they happy to place their server in their dmz fullstop? :) On another note - what is the priority in question - data privacy or avoiding the possibility of lpd and the printhost being exploited? A vpn is a Good Thing(tm) - although you have to have two compatible firewalls (and/or routers) that speak the same "vpn method" - one at each end - if you want to do it "properly".. it really all depends on what kind of networks are on each end and how sophisticated and paranoid they are. If you have a really simple network and not much in the way of network layering and firewalls etc and don't have ungodly amounts of paranoia, then it could be as simple as installing "free s/wan" on each box and pointing them at each other or setting up ipsec between the routers at each location (this is piss easy with most routers providing you have the right features).. but I still wouldn't call the network hideously safe if you can happily point boxes at each other with no silly firewalls or other "nuisances" in between. :) //umar. we have a scanner that could send directly to an IP address. Is it possible to make it print to a printer across the Internet and behind a firewall ?? Yes it can be done - However if you want it done safely it is involved. In brief: You have to have a ssl (VPN) tunnel between the two gateways. Then you can do whatever you like over it. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
RE: [SLUG] remote printing acorss Internet, possible ??
Remember, you are trying to print over the internet BEHIND a firewall. If you desire to get rid of the firewall (effectively) and deal with the NAT problem then yes it will work. I missed the beginning of the thread, but *are they* NATting or are they using real addresses behind the fw? Another question is - does the person in question have access to restructure the network fullstop? :) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Daemons, RH, from Security Portal
I'd have thought it would be better to keep the daemon and just ensure that it works properly... Very true. As long as it functions properly, there isn't much of a problem with it running, it is simply a personal preference i have to disable things. Actually - your "personal preference" will dramatically increase your system's security. :) Any daemon that isn't started is one less that could have been otherwise exploited. In short - if you don't *desperately* need it, trash it. //Mr. Paranoid -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
RE: [SLUG] CD Burners vs CDROMs
Is there a way to convince dd to copy the disk bad secotry and all ? Or you can do what I did and have a hated 200 Meg M$ partition and boot it for the sole use of one program: CDRWIN - http://www.goldenhawk.com/ It'll do the job. On another note - if anyone can point me to something Linux based that will do the same - please do - so I can free my 200 Megs and get rid of my sole Macroturd dependency. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] More Anti-Linux Olympic madness!
This is quite sad when people can't make such an important site work on This *is* IBM we're talking about - the most incompetent fools I've ever dealt with.. expect the worst. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] Quake3 on Linux?
Greetings Gentlefolk, I've just gone out and bought myself Q3 for Linux - and am trying to setup a q3 server.. the only problem is that the usual backgrounding and tty dissociation methods don't seem to be working.. On RH6.2 - in /etc/rc.d/init.d/quake3 - under start I have: /bin/su -c "/usr/bin/nohup /opt/quake3/q3ded +set dedicated 1 +s et com_hunkmegs 16 " quake which should theoretically work right? but it doesn't... Similarly, /bin/su -c "/opt/quake3/q3ded +set dedicated 1 +set com_hunkmegs 16 /dev/null 21 " quake doesn't seem to work either.. Does anyone have a /etc/rc.d/init.d/quake3 file that I can have - and/or can someone tell me why this isn't working? The ps -uaxw output is: quake12229 78.0 1.3 29864 1780 pts/2R17:11 0:03 /opt/quake3/q3ded +set dedicated 1 +set com_hunkmegs 16 note the 78% cpu - (strace shows that it looks like it's in a loop of some sort) - when run manually from the command line as: ./q3ded +dedicated 1 +set com_hunkmegs 16 things work fine.. Thanks in advance... Cheers, Umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] Redhat printtool.
Greetings,
Being new to the world of squirting ink onto dead trees - I am currently
fiddling with the latest version of ghostscript/rhs-printfilters and other
miscellany..
Firstly - the printers in question aren't postscript capable.. secondly, I
would prefer not to have X on this machine.
It appears that the only simple('ish) way to setup non-PS printers is to
use the silly printtool - but it's X only... or is it?
Assuming that I don't want to use printtool or it is X only - how does one
setup the appropriate "filters" for a particular printcap entry? Is there
a site where one can find a collection of files per particular printer, or
specs per printer - or is it "bugger around until the damn thing works"?
Danke muchly..
//umar.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Redhat printtool.
I ended up installing lprng, apsfilter and all the other goodies neccessary... it all generally works beautifully now, apart from remote printing - but I'll figure that out eventually. Danke all.. :) //umar. There's another alternative: apsfilter. This is especially good when your sysadmin has installed lprng, this making it difficult to use printtool. It comes with a console tool for defining queues in printcap that can automatically determine (in most cases) the type of file being printed and invoke the right filter chain. I was lazy and just whacked the SuSE RPM onto the work RH system and it worked. But it's not hard to build from source. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] vgetty add-ons/voice menus.
Goodmorning, After having spent the past few hours following dead links and generally unproductive efforts,I have decided to post here in the hope that some has done this before and can tell me all about it. :) In short, I would like to create a DTMF (IVR) menu system - I know vgetty has hooks for it - but I believe that there are other applications out there for Linux that make Life Easier(tm) ... for example, something called "Calltree" (which I would have loved to look at, but it seems that their homepage doesn't exist anymore *sigh*). Oh, and ideally this piece of software also records messages as well. Have any of you done this? Any ideas? Pointers to where Calltree's new home is? Danke muchly. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] vgetty add-ons/voice menus.
Check out MVM: http://www-internal.alphanet.ch/~schaefer/mvm/ It looks like it'll do quite a bit - or at the very least, serve as a codebase of sorts for hack'n'slash :) //umar. On Fri, 25 Aug 2000, Rodos wrote: * VModem attached to phone line and Linux box * Will answer phone after n rings * Checks caller id of call, might not answer if its a certain number etc * Custom welcome messages if it recognises the number. "Hi Jamie they aren't home but you can leave a message". * Give an option of people to leave a message for. "Press 1 for Rod, 2 for Amanda or 3 if you are trying to sell something." * For certain users email them the recorded message. * Maybe have an LCD display interface for checking missed calls and for listening to messages. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] vgetty add-ons/voice menus.
I found calltree at ftp://spoon.beta.com/pub/voice/calltreeB2.tgz If you managed to suck down the tarball, I'd greatly appreciate it if you could email it to me as I've been trying to connect to that site all day... it appears dead.. in fact, I can't even pull an A record out from their NS for www.beta.com But the description sounds like exactly what I need. :) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
RE: [SLUG] To write good perl, you should know assembly
It's always interesting being on a mailing list of supposedly intelligent people arguing over whether the earth is held up by elephants or turtles. It's actually both - four elephants on top of a giant turtle named the Great A'Tuin. This is important - get your facts straight. :P //umar (currently reading "Mort" :) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Linux Certification
Please excuse me, I think I just threw up... I can't believe people actually waste precious oxygen doing an MCSE. Although, a handy hint for anyone thinking about wasting money on certs: it will get you into your *first* job. After that, nobody really cares about your certs - only that your resume is 23 pages long and says that you have been in the industry for 823 years and that you know 43 languages, and you have worked for multinational companies A through to Z. In fact, after a while they don't even care about what skills you have, but which places you've worked, how much you were last paid, how much you want now and roughly what you last did. This is after you build up some rapport with the pimps that look after your niche of the market (security? net design? coding? coffee making?) (so it is in the lucrative Meat Market(tm) anyway) //umar. according to MS: "The Microsoft Certified Systems Engineer credential is the premier certification for professionals who analyze the business requirements and design and implement the infrastructure for business solutions based on the Windows® 2000 platform and Microsoft server software. Implementation responsibilities include installing, configuring, and troubleshooting network systems." -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Linux Certification
Please excuse me, I think I just threw up... I can't believe people actually waste precious oxygen doing an MCSE. Although, a handy hint for anyone thinking about wasting money on certs: it will get you into your *first* job. After that, nobody really cares about your certs - only that your resume is 23 pages long and says that you have been in the industry for 823 years and that you know 43 languages, and you have worked for multinational companies A through to Z. In fact, after a while they don't even care about what skills you have, but which places you've worked, how much you were last paid, how much you want now and roughly what you last did. This is after you build up some rapport with the pimps that look after your niche of the market (security? net design? coding? coffee making?) (so it is in the lucrative Meat Market(tm) anyway) //umar. according to MS: "The Microsoft Certified Systems Engineer credential is the premier certification for professionals who analyze the business requirements and design and implement the infrastructure for business solutions based on the Windows 2000 platform and Microsoft server software. Implementation responsibilities include installing, configuring, and troubleshooting network systems." -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] re: ipchains and dns server
You'll also want to make sure your named is bound to port 53 for it's query-source - otherwise it'll pick a random source port, and make it nigh on impossible to do your firewall rules to allow it back in.. Not neccessarily - remember that all your queries will *go* to a port 53 of the other dns servers.. so you can define an inbound rule of dest port = 53. To let that stream continue happily. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: Linux Certification
The people sending .doc files were definately at a disadvantage, however the format of their CV was not the determining factor in choosing who got the job. But you're a well-informed engineer type. :) The only little addition that I'd make is that - when dealing with *pimps* (not directly with employers) - regardless of the *format* of the document - a *document* generally must be sent to all pimps. A link generally doesn't suffice, as most pimps take your document and stuff it into a database of sorts. Needless to say, a web-based CV would cause the majority of pimps a huge technical headache to (oh my gosh!) .. download it and save the file somewhere. You'll also find that most pimps do simple pattern matching on their CV databases for their "recruiters" to make the initial contact with you (which is why in some cases you get calls by people who ask you if you know ASC2 format or a programming language called TCP/IP). //umar. PhD. Pimpology and Contractorism (U.N.S.W.) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Select and kill running process
Slightly simplified version is:
ps -uaxw|grep process|awk '{print $2}'|xargs kill -9
(adjust $2 with regards to the args on ps)
//umar.
seems to work for me.
kill takes the PID afaik, which is the first argument of ps axf.
The pid is right justified so I strip the spaces off the front, and then use
cut to get the first field (being the PID).
This works, _BUT_ I'm sure there is another (probably better) way of doing
it.
Cheers,
Benno
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Select and kill running process
Just don't try it on Solaris. :) ( yes there is a killall, but it kills.. *ALL* ) $grin$ //umar. $ killall netscape-communicator $ killall -9 netscape-communicator -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] multi-link PPP
As for ISDN being easier - the investment in TE is probably equal to dialups, byt tyhe provision for abuse in downloading is _much_ higher, given that ISDN connections are usually permanent, and dialups can be dropped off if they're abusing. Most ISP's nowadays use the same gear for their normal dialups as well as their ISDN connections - in fact - if they support 56k - they most definitely already have the gear for supporting isdn. The term "permanent" with respects to isdn - is not really correct - it's always semi-perm - due to the nature of isdn - i.e. a call must be made - i.e. it's not "hardwired" like services such as DDS Fastway or a Megalink for example. Hence, the procedure for disconnecting an isdn call is exactly the same as for bumping a normal dialin user. (btw - I'm talking about modern integrated access platforms like cisco 5260's, Ericsson Tigri etc etc.. not the old fashioned, grab a TA220 and stick it into a 2501 method - but even so, the above still applies :) //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] multi-link PPP
But if you, as an ISP, were only going to support customers connecting via ISDN you'd buy a simpler/cheaper access server. Those cisco ones with 60 x 56k modems cost a fortune compared to say a 25xx/26xx router. Bingo. (just maybe not the 25xx bit :) But yes, for example, you can get a *huge* 11-slot Tigris chassis loaded with about 1000 B channels worth of ISDN controllers for about the same price as the same chassis loaded with only a handful of DSP cards. //umar. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
