Re: [vox-tech] Need help securing a simple perl CGI

2002-02-20 Thread Brian Lavender 

My bad, you are correct. You could install a handler that does
it. Apache Modules in PERL and C by Lincoln Stein. Right off
the top of my head, I couldn't tell you, but it shouldn't be
that hard. 

On Wed, Feb 20, 2002 at 08:28:38PM -0800, Mark K. Kim wrote:
> Isn't it the browser that does that?
> 
> -Mark
> 
> On Wed, 20 Feb 2002, Brian Lavender wrote:
> 
> > On Wed, Feb 20, 2002 at 05:16:42PM -0800, Ryan wrote:
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA1
> > >
> > > I have re-writen this script so that it does not take in the file name directly, 
>but instead reads in a number and gets the file name from an external config file.
> > >
> > > I still need to figure out how to get it to work with non-html mime types.
> > >
> > >
> > >
> > > #!/usr/bin/perl
> > >
> > > # Perl CGI script to decompress gzip'd html files on-the-fly to
> > > # save disk space on the server. This will likely slow things
> > > # a bit...
> >
> > Most web servers do this already. Take a look at the docs on one
> > of mine.
> >
> > http://debian.brie.com/doc/libc6/
> >
> > See all those gzip'ed files? Click on one, and the web server gunzips
> > it, figures out the mime type, and then it will send to you.

-- 
Brian Lavender
http://www.brie.com/brian/
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Need help securing a simple perl CGI

2002-02-20 Thread Ryan 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


> Most web servers do this already. Take a look at the docs on one
> of mine.

doesn't work for me

> http://debian.brie.com/doc/libc6/
>
> See all those gzip'ed files? Click on one, and the web server gunzips
> it, figures out the mime type, and then it will send to you.
>
> brian

- -- 
No Microsoft products were used in any way for the creation of this message.
PGP Public key at http://mother.com/~ryan/ryan_at_mother_dot_com.asc
It is also on the servers: Key ID 0x72177BC7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8dH2DEd9E83IXe8cRAhrMAKCbFmaSsvZyotbd9+3NU4xIfB4h+wCgm39O
BITUohSB8CJK0QMbDT9ZzC4=
=Vdp2
-END PGP SIGNATURE-
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Need help securing a simple perl CGI

2002-02-20 Thread Mark K. Kim 

Isn't it the browser that does that?

-Mark

On Wed, 20 Feb 2002, Brian Lavender wrote:

> On Wed, Feb 20, 2002 at 05:16:42PM -0800, Ryan wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > I have re-writen this script so that it does not take in the file name directly, 
>but instead reads in a number and gets the file name from an external config file.
> >
> > I still need to figure out how to get it to work with non-html mime types.
> >
> >
> >
> > #!/usr/bin/perl
> >
> > # Perl CGI script to decompress gzip'd html files on-the-fly to
> > # save disk space on the server. This will likely slow things
> > # a bit...
>
> Most web servers do this already. Take a look at the docs on one
> of mine.
>
> http://debian.brie.com/doc/libc6/
>
> See all those gzip'ed files? Click on one, and the web server gunzips
> it, figures out the mime type, and then it will send to you.
>
> brian
> --
> Brian Lavender
> http://www.brie.com/brian/
> ___
> vox-tech mailing list
> [EMAIL PROTECTED]
> http://lists.lugod.org/mailman/listinfo/vox-tech
>

--
Mark K. Kim
http://www.cbreak.org/mark/
PGP key available upon request.

___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Need help securing a simple perl CGI

2002-02-20 Thread Ryan 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Doesn't work for me...

On Wednesday, February 20 2002 05:38 pm, Brian Lavender wrote:
> On Wed, Feb 20, 2002 at 05:16:42PM -0800, Ryan wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > I have re-writen this script so that it does not take in the file name
> > directly, but instead reads in a number and gets the file name from an
> > external config file.
> >
> > I still need to figure out how to get it to work with non-html mime
> > types.
> >
> >
> >
> > #!/usr/bin/perl
> >
> > # Perl CGI script to decompress gzip'd html files on-the-fly to
> > # save disk space on the server. This will likely slow things
> > # a bit...
>
> Most web servers do this already. Take a look at the docs on one
> of mine.
>
> http://debian.brie.com/doc/libc6/
>
> See all those gzip'ed files? Click on one, and the web server gunzips
> it, figures out the mime type, and then it will send to you.
>
> brian

- -- 
No Microsoft products were used in any way for the creation of this message.
PGP Public key at http://mother.com/~ryan/ryan_at_mother_dot_com.asc
It is also on the servers: Key ID 0x72177BC7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8dFiAEd9E83IXe8cRAq8EAKDBrRrNvTMT7Tu1stCOCVT+rDA4AACfeijk
EjiLIWRIB64btaYGlBJWPuY=
=BtQs
-END PGP SIGNATURE-
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Need help securing a simple perl CGI

2002-02-20 Thread Brian Lavender 

On Wed, Feb 20, 2002 at 05:16:42PM -0800, Ryan wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> I have re-writen this script so that it does not take in the file name directly, but 
>instead reads in a number and gets the file name from an external config file.
> 
> I still need to figure out how to get it to work with non-html mime types.
> 
> 
> 
> #!/usr/bin/perl
> 
> # Perl CGI script to decompress gzip'd html files on-the-fly to
> # save disk space on the server. This will likely slow things
> # a bit...

Most web servers do this already. Take a look at the docs on one 
of mine.

http://debian.brie.com/doc/libc6/

See all those gzip'ed files? Click on one, and the web server gunzips
it, figures out the mime type, and then it will send to you.

brian
-- 
Brian Lavender
http://www.brie.com/brian/
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Clock drift bad, HULK SMASH!

2002-02-20 Thread Ryan 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> I actually know that Linux ignores the HW clock (oddly enough), UNLESS you
> tell it to go off the HW clock which is an option on Mandrake's install I
> think.
>
> -sp

I have checked, my HW clock is fine.

> ___
> vox-tech mailing list
> [EMAIL PROTECTED]
> http://lists.lugod.org/mailman/listinfo/vox-tech

- -- 
No Microsoft products were used in any way for the creation of this message.
PGP Public key at http://mother.com/~ryan/ryan_at_mother_dot_com.asc
It is also on the servers: Key ID 0x72177BC7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8dEtCEd9E83IXe8cRAmO2AJ48udQJtQxsdzid5WgZD3dBrkRKtQCeO0Vi
pK1vOnWZbfJlVjQ9SB/TgMQ=
=0/rM
-END PGP SIGNATURE-
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Clock drift bad, HULK SMASH!

2002-02-20 Thread Ryan 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I can't get NTP at school, and at home I'm running Mandrake's firewall 
package, which I can't figure out how to get ntp through.
- -- 
No Microsoft products were used in any way for the creation of this message.
PGP Public key at http://mother.com/~ryan/ryan_at_mother_dot_com.asc
It is also on the servers: Key ID 0x72177BC7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8dEr0Ed9E83IXe8cRAh0VAKDHj+R8cYRYuzDiLkZzbLxZZMAykgCguAhZ
cnAvzH9ieQ20+P19fhj3L0A=
=9/iR
-END PGP SIGNATURE-
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Need help securing a simple perl CGI

2002-02-20 Thread Ryan 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I have re-writen this script so that it does not take in the file name directly, but 
instead reads in a number and gets the file name from an external config file.

I still need to figure out how to get it to work with non-html mime types.



#!/usr/bin/perl

# Perl CGI script to decompress gzip'd html files on-the-fly to
# save disk space on the server. This will likely slow things
# a bit...

# Edit line 13 to if needed. files.lst should contain one file name per line, with
# path relitive to $filepath. The first entry is called with 'decomp.pl?filenum=0',
# the second with 'decomp.pl?filenum=1', etc. First entry shoul be an error page.

use CGI::Carp qw(fatalsToBrowser);  # Tell user if we crap out.

my $filepath = "/var/home/ryan/WWW/";   # Set to your web directory

my $request;

if ($ENV{'REQUEST_METHOD'} eq "GET") {  # Was this 'GET' request?
$request = $ENV{'QUERY_STRING'};# Store query string
$request =~ s/\+/ /g;   # undo encoding
$request =~ s/%(..)/pack("c",hex($1))/ge;   # ditto
} else {
$request = ;# Handle a POST request
}

open(FILES, 'files.lst')# open the file list
or die "Can't open files.lst: $!";  # whine and die if fail

my %data = split (/=/, $request);   # Turn the request into a hash
my @filelist = ;# Put file list into array
my $pagenum = $data{'page'};# What file num does user want?
my $filename = $filelist[$pagenum]; # Get the needed entry
my $filename = "$filepath"."$filename"; # Merge root path into file 
name
# There ought to be error 
handling here

print "Content-Type: text/html\n\n";# Tell browser to render html
print `zcat $filename`; # Decompress and output the 
file


- -- 
No Microsoft products were used in any way for the creation of this message.
PGP Public key at http://mother.com/~ryan/ryan_at_mother_dot_com.asc
It is also on the servers: Key ID 0x72177BC7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8dEqFEd9E83IXe8cRAjofAKCm6zmlrVXJFOehhpVx397aeK3MIQCeLsIH
kUY3Lll0uB9p4gE4HpyK4Zs=
=pjee
-END PGP SIGNATURE-
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] attention installfest attendees: X woes on laptops

2002-02-20 Thread Peter Jay Salzman 

begin Peter Jay Salzman <[EMAIL PROTECTED]> 
> 
> also, if anyone knows where redhat, suse, mandrake, etc keep a copy of X
> 4.2.* rpm's (if they exist), please save me from hunting for them all by
> emailing urls directly to me (rather than the list).
  ^^^

folks, not to crimp anyone's style, but it's time to check your cc: field.

pete
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] attention installfest attendees: X woes on laptops

2002-02-20 Thread Mark K. Kim 

On Wed, 20 Feb 2002, Peter Jay Salzman wrote:

> also, if anyone knows where redhat, suse, mandrake, etc keep a copy of X
> 4.2.* rpm's (if they exist), please save me from hunting for them all by
> emailing urls directly to me (rather than the list).  i keep my own
> installfest disk that i bring.  i'll burn them and their dependencies on
> my disk.

RedHat and Mandrake have "Update" subdirectories on each respective
version (ie - 6.0) directories on their FTP mirrors.

-Mark

--
Mark K. Kim
http://www.cbreak.org/mark/
PGP key available upon request.

___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] attention installfest attendees: X woes on laptops

2002-02-20 Thread Rod Roark 

On Wednesday 20 February 2002 15:27, Peter Jay Salzman wrote:
> unfortunately, afaics, debian sid still uses 4.1.0.  if anyone knows of
> someone packaging a more recent X for debian, i'd like to know about it.
> ...

Look up the CheckInstall project on freshmeat.  I expect you can install X 
manually and use InstallWatch to build the corresponding .deb.

If you do this, let me know how it went.  :-)

-- Rod
   http://www.sunsetsystems.com/
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] attention installfest attendees: X woes on laptops

2002-02-20 Thread Roland (Rusty) Minden 

ftp://ftp.suse.com/pub/suse/i386/supplementary/X/

Rusty


On Wednesday 20 February 2002 15:27, you wrote:
> begin nbs <[EMAIL PROTECTED]>
>
> > On Wed, Feb 20, 2002 at 03:11:58PM -0800, Peter Jay Salzman wrote:
> > 
> >
> > > if anyone here is aware of any distributions that carry 4.2.*, i'd like
> > > to make a list for my own personal knowledge.  please post your info.
> > >
> > > :)
> >
> > If possible, it might be useful just to burn a CDROM every couple of
> > months which contains Debian packages and RPMs (possibly numerous ones...
> > one for SuSE, one for RedHat, one for Mandrake, etc.) of the latest XF86
> > 4.x, and possible even have a copy of the absolute latest source
> > tarball...
> >
> > Just a suggestion :)
>
> unfortunately, afaics, debian sid still uses 4.1.0.  if anyone knows of
> someone packaging a more recent X for debian, i'd like to know about it.
>
> also, if anyone knows where redhat, suse, mandrake, etc keep a copy of X
> 4.2.* rpm's (if they exist), please save me from hunting for them all by
> emailing urls directly to me (rather than the list).  i keep my own
> installfest disk that i bring.  i'll burn them and their dependencies on
> my disk.
>
> pete
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] attention installfest attendees: X woes on laptops

2002-02-20 Thread Roland (Rusty) Minden 

SuSE 7.3 does and I have it on CD along with the 2.4.16 kernal. I don't have 
it for any other distro though.

Rusty

On Wednesday 20 February 2002 15:14, you wrote:
> On Wed, Feb 20, 2002 at 03:11:58PM -0800, Peter Jay Salzman wrote:
> 
>
> > if anyone here is aware of any distributions that carry 4.2.*, i'd like
> > to make a list for my own personal knowledge.  please post your info.
> >
> > :)
>
> If possible, it might be useful just to burn a CDROM every couple of months
> which contains Debian packages and RPMs (possibly numerous ones... one
> for SuSE, one for RedHat, one for Mandrake, etc.) of the latest XF86 4.x,
> and possible even have a copy of the absolute latest source tarball...
>
> Just a suggestion :)
>
> -bill!
> ___
> vox-tech mailing list
> [EMAIL PROTECTED]
> http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] attention installfest attendees: X woes on laptops

2002-02-20 Thread Peter Jay Salzman 

begin nbs <[EMAIL PROTECTED]> 
> On Wed, Feb 20, 2002 at 03:11:58PM -0800, Peter Jay Salzman wrote:
>  
> > if anyone here is aware of any distributions that carry 4.2.*, i'd like
> > to make a list for my own personal knowledge.  please post your info.
> > :)
> 
> If possible, it might be useful just to burn a CDROM every couple of months
> which contains Debian packages and RPMs (possibly numerous ones... one
> for SuSE, one for RedHat, one for Mandrake, etc.) of the latest XF86 4.x,
> and possible even have a copy of the absolute latest source tarball...
> 
> Just a suggestion :)
 
unfortunately, afaics, debian sid still uses 4.1.0.  if anyone knows of
someone packaging a more recent X for debian, i'd like to know about it.

also, if anyone knows where redhat, suse, mandrake, etc keep a copy of X
4.2.* rpm's (if they exist), please save me from hunting for them all by
emailing urls directly to me (rather than the list).  i keep my own
installfest disk that i bring.  i'll burn them and their dependencies on
my disk.

pete

-- 
Enron..safe legal abortion..civil liberty..repealing ICBM treaty..deficit..
What's worse?  Screwing an intern or screwing an entire country?

PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

[vox-tech] php wonders. (was on vox)

2002-02-20 Thread nbs 


On Wed, Feb 20, 2002 at 11:58:10PM -0500, Erik Mullinix wrote:
> Hello.
> While working on learning PHP. I have been having problems getting the ability to do 
>php off of apache.
> SuSE 7.3, Apache 1.3.20 with php 4.0.6
> 
> I get the method POST is not supported.

Is this when submitting a form?  (eg, clicking on the 'type=submit' form
widget on a form with 'method=post')

Or is it simply when you try to load a PHP file (eg, asking the browser
to fetch http://somedomain/somefile.php) ?

-bill!
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] attention installfest attendees: X woes on laptops

2002-02-20 Thread nbs 

On Wed, Feb 20, 2002 at 03:11:58PM -0800, Peter Jay Salzman wrote:
 
> if anyone here is aware of any distributions that carry 4.2.*, i'd like
> to make a list for my own personal knowledge.  please post your info.
> :)

If possible, it might be useful just to burn a CDROM every couple of months
which contains Debian packages and RPMs (possibly numerous ones... one
for SuSE, one for RedHat, one for Mandrake, etc.) of the latest XF86 4.x,
and possible even have a copy of the absolute latest source tarball...

Just a suggestion :)

-bill!
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

[vox-tech] attention installfest attendees: X woes on laptops

2002-02-20 Thread Peter Jay Salzman 

the past 2 installfests have been plagued by people who haven't been
able to get X working "just right" or at all.  *particularly* with
newish laptops.  a common problem is when X, try as you might play with
xvidtune or mode timings, can't seem to cover the entire laptop screen.
we've seen this a bunch of times.

if you're working on a system, particularly a laptop, that looks new,
ask the person you're helping when the laptop was manufactured (they
prolly won't know) or when they bought the laptop.

then compare it with the build date of xfree86.  you can get that
information using X -probeonly 2> X.log  -or-  by looking at a copy of
the X log somewhere in /var/log.

if the computer is newer than the build of X (particularly for a laptop),
there is a good chance that the video chipset is not officially
supported by X.  if their X works, it'll be mostly by accident.  their
chipset is "close enough" to get it "kind of" working.

from here, you need to upgrade X 4.2* if you're using X 4.1.*.   in every
case we tried, upgrading X almost always worked (on laptops).  alot of work
has been done on:

1. ati cards
2. laptop video chipsets

between 4.1.* and 4.2.*.   i happen to know that the recent mandrake
beta carries 4.2.

if anyone here is aware of any distributions that carry 4.2.*, i'd like
to make a list for my own personal knowledge.  please post your info.
:)

thanks,
pete

-- 
Enron..safe legal abortion..civil liberty..repealing ICBM treaty..deficit..
What's worse?  Screwing an intern or screwing an entire country?

PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Need help securing a simple perl CGI

2002-02-20 Thread Brian Lavender 

I highly recommend the CGI perl module. You can do all
of what you want to do in one line.

#!/usr/local/bin/perl -Tw

use strict
use CGI qw(:standard);

my $query = new CGI; # Class method to instantiate object
 # Black magic all occurs in background

print header, 
  start_html;

print h1($query->param('foo'));

print end_html;

To find out more about the CGI module, take a look at

$ perldoc CGI

Also, check the World Wide Web Security FAQ
http://www.w3.org/Security/Faq/

And Lincoln Stein's web page:
http://stein.cshl.org/~lstein/

And Randal Schwartz's columns:

http://www.stonehenge.com/merlyn/
http://www.stonehenge.com/merlyn/WebTechniques/

brian

On Sun, Feb 17, 2002 at 10:26:28PM -0800, Ryan wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> This is a perl cgi script I wrote to allow me to have large html files on my 
> web host without exceeding my storage quota.
> 
> I'd like it looked at, _I_ can no longer abuse it to run random commands or 
> go where I shouldn't, but that doesn't mean others can'.
> 
> Any other feedback would also be great.
> 
> #!/usr/bin/perl
> #Let users transparently access files that are gzipped server-side
> #Useful only to keep under my storage quota ;-)
> 
> my $in = $ENV{'QUERY_STRING'};# Handle CGI calls
> $in =~ s/\+/ /g;  # Replace '+' with ' '
> $in =~ s/%(..)/pack("c",hex($1))/ge;  # Undo URL quoting
> 
> $in =~ s/\.\.//g; # Foil Nasty h4x0rz trying to desend
>   # directories
> $in =~ s/\\//g;   # There is no need for backslashes!
> $in =~ s/\'//g;   # prevent h4x0rz from
>   # running commands like
>   # zcat.cgi?file=foo.html.gz';rm -rf *'
> 
> my %data = split (/=/, $in);  # Make an array
> 
> my $file = $data{'file'}; # get the name of the requested file
> 
> print "Content-Type: text/html\n\n";
> # print `echo '$file'`;   # debugging
> print `zcat ~/WWW/'$file'`;   # quotes prevent nastys.
> 
> - -- 
> No Microsoft products were used in any way for the creation of this message.
> PGP Public key at http://mother.com/~ryan/ryan_at_mother_dot_com.asc
> It is also on the servers: Key ID 0x72177BC7
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD4DBQE8cJ6cEd9E83IXe8cRAq5qAJ9+/mIZVuwdV/uCwIzU4Cz1/Kp3bQCYrHty
> tRBI7Iewb8CvWNC/kQE2DA==
> =WHOW
> -END PGP SIGNATURE-
> ___
> vox-tech mailing list
> [EMAIL PROTECTED]
> http://lists.lugod.org/mailman/listinfo/vox-tech

-- 
Brian Lavender
http://www.brie.com/brian/
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Clock drift bad, HULK SMASH!

2002-02-20 Thread speck 

There was at one time a bug on one of the IBM desktop systems.  When the system went 
to power save, the clock would slowly lose count over time.  This was why I sugested a 
BIOS flash.  It affected the way power was sent to chips on the mother board, which 
affected cycles performed whichetc.  SO you still might want to update your BIOS.

I actually know that Linux ignores the HW clock (oddly enough), UNLESS you tell it to 
go off the HW clock which is an option on Mandrake's install I think.

-sp

On Wed, 20 February 2002, Henry House wrote:

> 
> On Wed, Feb 20, 2002 at 08:20:40AM -0800, Peter Jay Salzman wrote:
> [...]
> > ryan, you tell the firewall what services you want to run...the
> > firewall isn't supposed to tell you!
> 
> He may be referring to the facist firewall at the high school, using his
> notebook.
> 
> Ryan: if this is a home firewall, can you tell us about it? Is it Seawall or
> a similar packaged script? Or a custom bunch or ipchains or iptables calls?
> It should not be difficult to poke a hole in the firewall to let NTP through.
> The hole need be opened only to the NTP servers, no to the entire net, so the
> security impact is minimal.
> 
> -- 
> Henry House
> The attached file is a digital signature. See 
> for information.  My OpenPGP key: .


___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Need help securing a simple perl CGI

2002-02-20 Thread Henry House 

On Sun, Feb 17, 2002 at 10:26:28PM -0800, Ryan wrote:
> This is a perl cgi script I wrote to allow me to have large html files on my 
> web host without exceeding my storage quota.
> 
> I'd like it looked at, _I_ can no longer abuse it to run random commands or 
> go where I shouldn't, but that doesn't mean others can'.
> 
> Any other feedback would also be great.

This is not a direct comment on your script, but will help in such
situations. My suggestion: use perl's taint mode, which turns on a paranoid
security system within the perl interpreter. Unsafe operations (such as
opening a file whose name came from CGI input) remain possible, but must be
specifically cleared by calls to the taint mechanism, which minimizes
accidental security breaches. Highly recommended. See perlsec(1).

-- 
Henry House
The attached file is a digital signature. See 
for information.  My OpenPGP key: .



msg01550/pgp0.pgp
Description: PGP signature

Re: [vox-tech] Clock drift bad, HULK SMASH!

2002-02-20 Thread Henry House 

On Wed, Feb 20, 2002 at 08:20:40AM -0800, Peter Jay Salzman wrote:
[...]
> ryan, you tell the firewall what services you want to run...the
> firewall isn't supposed to tell you!

He may be referring to the facist firewall at the high school, using his
notebook.

Ryan: if this is a home firewall, can you tell us about it? Is it Seawall or
a similar packaged script? Or a custom bunch or ipchains or iptables calls?
It should not be difficult to poke a hole in the firewall to let NTP through.
The hole need be opened only to the NTP servers, no to the entire net, so the
security impact is minimal.

-- 
Henry House
The attached file is a digital signature. See 
for information.  My OpenPGP key: .



msg01549/pgp0.pgp
Description: PGP signature

Re: [vox-tech] Clock drift bad, HULK SMASH!

2002-02-20 Thread Peter Jay Salzman 

begin Ryan <[EMAIL PROTECTED]> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Tuesday, February 19 2002 11:42 pm, Bill Broadley wrote:
> > On Tue, Feb 19, 2002 at 11:02:52PM -0800, Ryan wrote:
> > > Um, anyhow, anyone know what I can do about clock drift? NTP is not an
> > > option sadly,
> >
> > Why?  Never connect to the net?
> 
> Can't get it to work bwhind my firewall.
 
ryan, you tell the firewall what services you want to run...the
firewall isn't supposed to tell you!

pete
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Clock drift bad, HULK SMASH!

2002-02-20 Thread Ryan 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tuesday, February 19 2002 11:42 pm, Bill Broadley wrote:
> On Tue, Feb 19, 2002 at 11:02:52PM -0800, Ryan wrote:
> > Um, anyhow, anyone know what I can do about clock drift? NTP is not an
> > option sadly,
>
> Why?  Never connect to the net?

Can't get it to work bwhind my firewall.

>
> > and I'd prefer to fix the drift rather then repetedly correct it. I
>
> NTP models the drift when you run it long enough, and adjusts the kernels
> idea of a second gradually over time.  This insures cron jobs
> don't get skipped becuase you changed 1:59:59 to 2:00:01 in a step.
>
> If configured correctly ntp will write the drift to /etc/ntp/drift or
> similar so if can pick up where it left off.
>
> > know there's adjtimex, by I have no idea what how to use it
> >
> > My drift is pretty bad, about a second or two per hour
>Can't
> What's wrong with NTP?
>
> > --
> > No Microsoft products were used in any way for the creation of this
> > message. PGP Public key at
> > http://mother.com/~ryan/ryan_at_mother_dot_com.asc It is also on the
> > servers: Key ID 0x72177BC7
> > ___
> > vox-tech mailing list
> > [EMAIL PROTECTED]
> > http://lists.lugod.org/mailman/listinfo/vox-tech

- -- 
No Microsoft products were used in any way for the creation of this message.
PGP Public key at http://mother.com/~ryan/ryan_at_mother_dot_com.asc
It is also on the servers: Key ID 0x72177BC7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8c7/7Ed9E83IXe8cRAhOXAJ9ZKHp4+h5hkQUBm1Vp8l2sg03LLQCfXPv9
QFJlOvcKlqjHxmp0QG+eruA=
=iAnc
-END PGP SIGNATURE-
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech