Re: [pfSense Support] 1.2.2 released
It's base 64 encoded, which is easily reversible without SSL. More info: http://en.wikipedia.org/wiki/Basic_access_authentication Thanks. This is very helpful. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.2 released
On Sun, Jan 11, 2009 at 6:02 PM, Karl Fife wrote: > > So to clarify, that would be to say auth IS sent in clear text across the > network, when using HTTP web admin ? > It's base 64 encoded, which is easily reversible without SSL. More info: http://en.wikipedia.org/wiki/Basic_access_authentication - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.2 released
On Sun, Jan 11, 2009 at 5:02 PM, Karl Fife wrote: >> Tell them to use a worthwhile browser. The reason the SVG graphs don't >> work is because IE is the only browser that doesn't come with SVG >> integrated and for whatever reason the plugin has issues if you force >> authentication with HTTPS. See the 1.2.2 release announcement for >> details. This is a known problem with IE, and the only way to fix it >> is to not require authentication to see the graphs. We're not going to >> do that for the sake of supporting IE. > > Sound reasoning. I agree that it's the right choice. > >>> Am I correct in my >>> understanding that the auth is NOT sent across the network in clear text >>> even when using HTTP? > >> No. > > So to clarify, that would be to say auth IS sent in clear text across the > network, when using HTTP web admin ? Yes > > Thanks & keep up the outstanding work! > > > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.2 released
Tell them to use a worthwhile browser. The reason the SVG graphs don't work is because IE is the only browser that doesn't come with SVG integrated and for whatever reason the plugin has issues if you force authentication with HTTPS. See the 1.2.2 release announcement for details. This is a known problem with IE, and the only way to fix it is to not require authentication to see the graphs. We're not going to do that for the sake of supporting IE. Sound reasoning. I agree that it's the right choice. Am I correct in my understanding that the auth is NOT sent across the network in clear text even when using HTTP? No. So to clarify, that would be to say auth IS sent in clear text across the network, when using HTTP web admin ? Thanks & keep up the outstanding work! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.2 released
On Sun, Jan 11, 2009 at 2:19 PM, Chris Buechler wrote: > On Sun, Jan 11, 2009 at 11:22 AM, Karl Fife wrote: >> I want to say that I recall a move to IPTables was >> anticipated at some point. Has that happened? >> > > What?! hah Never. Wow, the chance of anyone with a commit bit even > remotely considering iptables is beyond absurd. No, no, no, no. And would require either a port of iptables from linux to freebsd, or a port of pfsense from freebsd to linux. As Chris says, nobody with commit access to our repo has any sort of desire to see either happen. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.2 released
On Sun, Jan 11, 2009 at 11:22 AM, Karl Fife wrote: > Just upgraded to 1.2.2 this morning > > 1 > Tested SVG Graphing on both IE 6 & 7 works on HTTP, but not HTTPS. Nice > work. As documented, I understand the non-support for IE on https if it's > not conforming to de-facto or canonical standards. The HTTP-only support at > least avoids the problem of hearing from clients "What kind of product are > you selling me--It doesn't even work with IE!". Tell them to use a worthwhile browser. The reason the SVG graphs don't work is because IE is the only browser that doesn't come with SVG integrated and for whatever reason the plugin has issues if you force authentication with HTTPS. See the 1.2.2 release announcement for details. This is a known problem with IE, and the only way to fix it is to not require authentication to see the graphs. We're not going to do that for the sake of supporting IE. > Am I correct in my > understanding that the auth is NOT sent across the network in clear text > even when using HTTP? > No. > 2 > Question: Is the traffic shaper the same between 1.2 and 1.2.1 & 1.2.2 Not a single thing in the RELENG_1_2 branch with the shaper has changed since before 1.2. > Is 1.2.2 > Still using PF? Of course. > I want to say that I recall a move to IPTables was > anticipated at some point. Has that happened? > What?! hah Never. Wow, the chance of anyone with a commit bit even remotely considering iptables is beyond absurd. No, no, no, no. > 3 > Is the non-appearance of the system temperature on the Soekris 5501 (as > compared to the 4801) a device issue (as in 'device is not present') or is > it just a driver issue as in 'driver is not present' in this version of BSD? The application that was used was specific to the 4801. I believe it was removed entirely between 1.2 and 1.2.1, but I don't recall details. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.2 released
:-) -Karl (der Käfer) - Original Message - From: "Rainer Duffner" To: Sent: Sunday, January 11, 2009 10:29 AM Subject: Re: [pfSense Support] 1.2.2 released Am 11.01.2009 um 17:22 schrieb Karl Fife: Just upgraded to 1.2.2 this morning 2 Question: Is the traffic shaper the same between 1.2 and 1.2.1 & 1.2.2 I was 'beating' on the shaper & VOIP this morning. Upwards of 15 simultaneous G.711 calls (no packet-loss concealment features like g.726) while simultaneously 'pegging' the nominal maximum of the pipe as configured in the shape. I couldn't introduce any human- perceptible jitter. Is 1.2.2 Still using PF? I want to say that I recall a move to IPTables was anticipated at some point. Has that happened? I don't think you can form a positive sentence with "iptables" and "sense". ;-) Besides, iptables is linux-only. Just like pf is BSD-only. (Well, strictly speaking, there seems to be Core Force: http://force.coresecurity.com/index.php?module=base&page=about - but I don't know how well it's maintained and I don't use Windows at all anyway...) Rainer - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.2 released
Am 11.01.2009 um 17:22 schrieb Karl Fife: Just upgraded to 1.2.2 this morning 2 Question: Is the traffic shaper the same between 1.2 and 1.2.1 & 1.2.2 I was 'beating' on the shaper & VOIP this morning. Upwards of 15 simultaneous G.711 calls (no packet-loss concealment features like g.726) while simultaneously 'pegging' the nominal maximum of the pipe as configured in the shape. I couldn't introduce any human- perceptible jitter. Is 1.2.2 Still using PF? I want to say that I recall a move to IPTables was anticipated at some point. Has that happened? I don't think you can form a positive sentence with "iptables" and "sense". ;-) Besides, iptables is linux-only. Just like pf is BSD-only. (Well, strictly speaking, there seems to be Core Force: http://force.coresecurity.com/index.php?module=base&page=about - but I don't know how well it's maintained and I don't use Windows at all anyway...) Rainer - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.2 released
Just upgraded to 1.2.2 this morning 1 Tested SVG Graphing on both IE 6 & 7 works on HTTP, but not HTTPS. Nice work. As documented, I understand the non-support for IE on https if it's not conforming to de-facto or canonical standards. The HTTP-only support at least avoids the problem of hearing from clients "What kind of product are you selling me--It doesn't even work with IE!". Am I correct in my understanding that the auth is NOT sent across the network in clear text even when using HTTP? 2 Question: Is the traffic shaper the same between 1.2 and 1.2.1 & 1.2.2 I was 'beating' on the shaper & VOIP this morning. Upwards of 15 simultaneous G.711 calls (no packet-loss concealment features like g.726) while simultaneously 'pegging' the nominal maximum of the pipe as configured in the shape. I couldn't introduce any human-perceptible jitter. Is 1.2.2 Still using PF? I want to say that I recall a move to IPTables was anticipated at some point. Has that happened? 3 Is the non-appearance of the system temperature on the Soekris 5501 (as compared to the 4801) a device issue (as in 'device is not present') or is it just a driver issue as in 'driver is not present' in this version of BSD? I've always been curious about that. We've got a number of soekris boards in the field Great work! -Karl - Original Message - From: "Chris Buechler" To: Sent: Thursday, January 08, 2009 11:24 PM Subject: [pfSense Support] 1.2.2 released see http://blog.pfsense.org/?p=351 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org