RE: [vox-tech] Seeking: HD box, ethernet cable.
Sorry about missing the meeting. Someone else planned something for me I was unaware of . I work in Rancho Cordova and live in Elk Grove. If either of these locations is convienient for you let me know and we can arrange to meet. If not, email me and we can arrange something else. Yes, HD shipping boxes have plenty of foam and anti-static bags.. :) -sp > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, June 04, 2002 3:46 PM > To: [EMAIL PROTECTED] > Subject: Re: [vox-tech] Seeking: HD box, ethernet cable. > > > On Tue, Jun 04, 2002 at 12:11:14PM -0700, [EMAIL PROTECTED] wrote: > > I have a shipping box that you can have. At this > > point, I am on schedule to make the meeting tonight. > > Thanks. The letters will not mater, the IBM has dimensions > that the box and form needs to exceed... I don't have them > handy right now. > > Does it come with foam padding? > > Will you bring it to the meeting tonight? > > TTFN, > Mike ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
Bill Broadley writes: > On Tue, Jun 04, 2002 at 09:39:32PM -0700, Micah Cowan wrote: > > This is really picky of course, but the other criteria for "secure use > > of Xor", in addition to having a key at least as long as your data, > > is: > > > > 1. That it be a random sequence - *truly* random. This rules out > > using "passphrases" and the like. *All* passphrases or passwords > > are extremely insecure for Xor, regardless of length. > > Correct, a passphrase would violate the xor sequence longer then the data > rule. Passing PID or time as a seed to random would also be a very > bad idea. Md5 checksums of random noise (transistors, radio reception > of static, radioactive decay etc) is the level of randomness that is > idea. Right. But even if it didn't violate the "key must be longer than the data" rule, it's still too insecure - for instance, if someone wrote a 50-page essay to encrypt a 25-page something-or-other. The strength of the Vernam cipher is that, because it is *truly* random, the probability that the encrypted message is one thing is exactly the same as every other thing (of the same length). With other encryption schemes, the probability is typically much less evenly spread, often you can prove that it could *not* be certain things. However, if you don't use a random source, then you can have a lot of problems. If an atttacker can guess at words that might appear in the key (say, "significance"), he can try XOR-ing that key against the text at various places, until he finds a spot where intelligible data seems to result. There's no way to prove mathematically that you've recovered a portion of text, but it is much easier to find several possible candidates, and rule out candidates which are decidedly unlikely. Especially in situations where, e.g., you know that both the key and the message are textual data. > If anyone claims it's so secure that they are going to run a cracking > contest beware, for more info: > http://www.counterpane.com/crypto-gram-9812.html#contests AFAIK, they haven't even done that. Actually, cracking contests are a great way to find out if your algorithm is as good as you think it is; but using successful contests as a means of *proving* that an algorithm is secure is faulty (as the URL you pointed out says). > > Now, having said that, I'll protect my butt by pointing out that their > > technology *could* still be unbreakable, but not for the reasons they > > claim. They don't seem to have published their algorithms; their > > Another large warning sign, see the above url. I agree. But it is unfortunately commonplace. Still, I would never trust my data to an algorithm I can't touch, see, taste, hear and smell :) There are many graveyards of those foolish enough to claim to have discovered an "unbreakable" encryption mechanism. There are many more graveyards of people who think they've discovered something new, when it is actually some variant of XOR, the *least* secure of encryption algorithms (when it's not a one-time pad). I don't want to give people here the impression I'm some sort of expert on cryptography, considering how much I've been running my mouth on the subject - I have never really done anything interesting in the field, don't spend time analysing algorithms, etc. - any information I have is based on readily available stuff I've read (I highly recommend Bruce Schneier's "Applied Cryptography", BTW). So I could never tell anybody if some new algorithm seems to be secure - but I sure can pick off some of the stragglers and figure out that they're *not* secure. > > "Technical White Paper" (http://www.prescient.net/pdf/e2Sec.pdf) > > claims that the keys generated are undeterministic; but I'm rather > > skeptical as to how they could be generated, and understood by another > > host across the 'Net, if they were not undeterministic - unless of > > course their server simply sends the key across the 'Net in the clear > > ;) I'm not a cryptanalyst, and even if I were, I couldn't debunk their > > Sounds just like another crappy system with good PR. I'm inclined to agree. :) Micah ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
On Tuesday 04 June 2002 10:33 pm, Bill Broadley wrote: > On Tue, Jun 04, 2002 at 09:39:32PM -0700, Micah Cowan wrote: > > This is really picky of course, but the other criteria for "secure use > > of Xor", in addition to having a key at least as long as your data, > > is: > > > > 1. That it be a random sequence - *truly* random. This rules out > > using "passphrases" and the like. *All* passphrases or passwords > > are extremely insecure for Xor, regardless of length. > > Correct, a passphrase would violate the xor sequence longer then the data > rule. Passing PID or time as a seed to random would also be a very > bad idea. Md5 checksums of random noise (transistors, radio reception > of static, radioactive decay etc) is the level of randomness that is > idea. Hey, now there's an idea... I could use my TV tuner to gather data for the kernel entropy pool when I'm not watching tv with it. Anyone know of something to do that? It'd be cool to play with. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
On Tuesday 04 June 2002 10:03 pm, Bill Broadley wrote: > > I thought the 5th amendment would prevent that. Am I just ignorant? > > I've talked to people with more then a passing familiarity with > said laws and the basic conclusion was, no. Your password is not > protected under the 5th amendment. What about the "I can't remember it" line? ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
On Tue, Jun 04, 2002 at 09:39:32PM -0700, Micah Cowan wrote: > This is really picky of course, but the other criteria for "secure use > of Xor", in addition to having a key at least as long as your data, > is: > > 1. That it be a random sequence - *truly* random. This rules out > using "passphrases" and the like. *All* passphrases or passwords > are extremely insecure for Xor, regardless of length. Correct, a passphrase would violate the xor sequence longer then the data rule. Passing PID or time as a seed to random would also be a very bad idea. Md5 checksums of random noise (transistors, radio reception of static, radioactive decay etc) is the level of randomness that is idea. > 2. That it be used only one time, and then discarded - never to be > used again. And discarded very carefully, burn it and stir the ashes type careful. rm OTP.key isn't necessarily enough. > > Which is why you should get extremely skeptical when a company called > Prescient claims to have created a "virtually unbreakable" encryption If anyone claims it's so secure that they are going to run a cracking contest beware, for more info: http://www.counterpane.com/crypto-gram-9812.html#contests > Now, having said that, I'll protect my butt by pointing out that their > technology *could* still be unbreakable, but not for the reasons they > claim. They don't seem to have published their algorithms; their Another large warning sign, see the above url. > "Technical White Paper" (http://www.prescient.net/pdf/e2Sec.pdf) > claims that the keys generated are undeterministic; but I'm rather > skeptical as to how they could be generated, and understood by another > host across the 'Net, if they were not undeterministic - unless of > course their server simply sends the key across the 'Net in the clear > ;) I'm not a cryptanalyst, and even if I were, I couldn't debunk their Sounds just like another crappy system with good PR. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
> When you want to keep something from being subpoenaed, I think your best > defense is to have a zero knowledge file system. My understanding of > this is a little weak, but from what I remember each file password > combination get equally distributed on the file system. I think that > the prosecution has to ask for something specific, but again IANAL. My understanding of zero knowledge proof is basically an algorithm to prove you have data (a password, an answer to a complex question, an account number, etc. ) without revealing anything useful about the number. Sometimes refered to as minimal disclosure. Quite handy to prove for instance that you have a password, without revealing the plaintext to whoever is challanging your possession of said password. I've no idea how that (or related ideas) would apply usefully to a filesystem. -- Bill Broadley Mathematics/Institute of Theoretical Dynamics UC Davis ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
> I thought the 5th amendment would prevent that. Am I just ignorant? I've talked to people with more then a passing familiarity with said laws and the basic conclusion was, no. Your password is not protected under the 5th amendment. I would happy to find out otherwise, but I'm not optimistic. Alas, common sense if often wrong where US law is concerned. -- Bill Broadley Mathematics/Institute of Theoretical Dynamics UC Davis ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
On Tue, 4 Jun 2002, Micah Cowan wrote: > > Which is why you should get extremely skeptical when a company called > Prescient claims to have created a "virtually unbreakable" encryption > system called e2sec, which claims to be a Vernam Cipher, yet its proud > creators say that rather than having to store and pass around large > keys, they pass around mathematical functions from which the keys are > generated. Which means that the keys are *not* random - and therefore, > by definition, *not* a Vernam Cipher. And therefore, not proven to be > virtually unbreakable, as they claim. It's amazing the self-deception these kind of companies are capable of. I remember Prof. Bishop telling me about another company he'd heard of, claiming--you guessed it--mathematically unbreakable secure communications using OTP. You crypto-knowledgeable people know that the trouble with OTP (with any symmetric cipher, actually) is key exchange--you have to get the key to the guy at the other end. So Bishop asked how the pads were tranferred. Why, they were sent across the same wire, encrypted; effectively, the security of the message now rested in the encryption of the key, only they STILL thought it was "mathematically unbreakable". D'oh! :) One of these days we should have a crypto talk or something; nothing fancy, maybe just outlining what it can and can't do, and how to recognize snake oil pitches. --nicole twn *** "Every jumbled pile of person has a thinking part that wonders what the part that isn't thinking isn't thinking of."--They Might Be Giants Visit Nicolopolis! http://wwwcsif.cs.ucdavis.edu/~carlsonn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
Bill Broadley writes: > Xor is 100% secure if your key is as long as your data, otherwise known > as the otp = one time pad. If it's less, it is indeed rather easy to break. This is really picky of course, but the other criteria for "secure use of Xor", in addition to having a key at least as long as your data, is: 1. That it be a random sequence - *truly* random. This rules out using "passphrases" and the like. *All* passphrases or passwords are extremely insecure for Xor, regardless of length. 2. That it be used only one time, and then discarded - never to be used again. The combination of those three requirements (counting yours), is what makes something a one-time pad, or "Vernam Cipher". (I know you know this stuff, Bill - but I'm pointing it out for any who don't). Which is why you should get extremely skeptical when a company called Prescient claims to have created a "virtually unbreakable" encryption system called e2sec, which claims to be a Vernam Cipher, yet its proud creators say that rather than having to store and pass around large keys, they pass around mathematical functions from which the keys are generated. Which means that the keys are *not* random - and therefore, by definition, *not* a Vernam Cipher. And therefore, not proven to be virtually unbreakable, as they claim. The story about this technology appeared in slashdot: http://slashdot.org/article.pl?sid=02/03/28/1959249&mode=thread&tid=93 You can find it at: http://www.prescient.net/Solutions_e2Sec.htm Now, having said that, I'll protect my butt by pointing out that their technology *could* still be unbreakable, but not for the reasons they claim. They don't seem to have published their algorithms; their "Technical White Paper" (http://www.prescient.net/pdf/e2Sec.pdf) claims that the keys generated are undeterministic; but I'm rather skeptical as to how they could be generated, and understood by another host across the 'Net, if they were not undeterministic - unless of course their server simply sends the key across the 'Net in the clear ;) I'm not a cryptanalyst, and even if I were, I couldn't debunk their claims for the simple reason that I can't find any detailed explanation of their technology. But if I were betting my company's security, and my livelihood, on an encryption solution, you can be damn sure I wouldn't use theirs without a heluva lot more info. Sorry 'bout the tangent... Micah ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] tar question
On Tuesday 04 June 2002 04:07 pm, you wrote: [snip] > i'm shocked that the bug exists. you'd think that someone, somewhere > would've stumbled across this data corruption bug and reported it. i've been looking at the source for a bit, and it's not trivial code (not hard, but not trivial). one observation i have is that there are only two very simple regression checks for the delete option, yet there's an entire source file (120 lines of C) devoted to it. IOW, the regression checks are on the sparse side. > guess not too many people use the --delete option! prolly because it's > so unintuitive. or maybe people just got tired of having their archives > corrupted. lol! :-) i think this is correct. as i mentioned, this option did not exist on the major unices. it's unusual for a tar file to be any kind of "living" file. how often would you manipulate it file-by-file? it's usually used to capture state, move it or hold it, and possibly restore it. shawn. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
On Tue, Jun 04, 2002 at 04:12:28PM -0700, Ryan wrote: > On Tuesday 04 June 2002 10:03 am, Joel Baumert wrote: > > > > > I'm able to memorize fairly long passwords of random garbage... My > > > > > password for stuff I want secure (pgp private key, disks) is over 200 > > > > > bits of random garbage (counting 6.5 bits per char) > > > > > > > > Sounds great, although if someone throws your ass in jail till you > > > > give up your key, you will have a difficult choice. To easily destroy > > > > the key in a unrecoverable way makes it harder to be held in contempt > > > > of course since you can't get the key back even if you want to. > > > > > > I thought the 5th amendment would prevent that. Am I just ignorant? > > > > There are two problems with that argument. First, it does not protect you > > in a civil trial where you did not necessarily break the law, but you are > > being sued (or harassed) for something non-criminal. > > > > Second, I'm not sure, but I think that the password can be subpoenaed from > > you even in criminal matters because it probably is not directly criminal. > > I guess you could claim your 5th amendment rights by having a password > > like "I killed Nicole Simpson" and if you were OJ you might be protected. > > > > Even then they could probably give you transactional immunity on the > > password or firewall the password from the prosecution and either make > > you tell it or hold you in contempt. > > > > Wasn't that part of the Mitnick trial??? You would have to ask a lawyer > > about the second one. > > > > When you want to keep something from being subpoenaed, I think your best > > defense is to have a zero knowledge file system. My understanding of > > this is a little weak, but from what I remember each file password > > combination get equally distributed on the file system. I think that > > the prosecution has to ask for something specific, but again IANAL. > > It seems to me that asking for a password is about the same as asking where > somethings been hidden, or asking what's in a safe/wanting something from a > safe, except that the 'safe' provided by encryption isn't crackable in a > reasonable amount of time. If they just wanted some records (say, logs of > what that script kiddie that used my box as a proxy was doing) they don't > need my password, just the data. You cannot ask for what is in the safe, but I think the prosecution could have search warrant for specific items in a safe and a judge could command you to produce the key/combo. I don't think your fifth amendment rights protect you in a civil trial unless you can argue that you are in criminal jeopardy for something. I am more worried about a civil trial than a criminal trial. I think it is more likely that I would develop software that would cause a company to sue me than do something on the computer that is criminal. Dunno, maybe I'm naive. As our Russian friend found out, the DMCA does have criminal penalties. Joel ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
On Tuesday 04 June 2002 10:03 am, Joel Baumert wrote: > > > > I'm able to memorize fairly long passwords of random garbage... My > > > > password for stuff I want secure (pgp private key, disks) is over 200 > > > > bits of random garbage (counting 6.5 bits per char) > > > > > > Sounds great, although if someone throws your ass in jail till you > > > give up your key, you will have a difficult choice. To easily destroy > > > the key in a unrecoverable way makes it harder to be held in contempt > > > of course since you can't get the key back even if you want to. > > > > I thought the 5th amendment would prevent that. Am I just ignorant? > > There are two problems with that argument. First, it does not protect you > in a civil trial where you did not necessarily break the law, but you are > being sued (or harassed) for something non-criminal. > > Second, I'm not sure, but I think that the password can be subpoenaed from > you even in criminal matters because it probably is not directly criminal. > I guess you could claim your 5th amendment rights by having a password > like "I killed Nicole Simpson" and if you were OJ you might be protected. > > Even then they could probably give you transactional immunity on the > password or firewall the password from the prosecution and either make > you tell it or hold you in contempt. > > Wasn't that part of the Mitnick trial??? You would have to ask a lawyer > about the second one. > > When you want to keep something from being subpoenaed, I think your best > defense is to have a zero knowledge file system. My understanding of > this is a little weak, but from what I remember each file password > combination get equally distributed on the file system. I think that > the prosecution has to ask for something specific, but again IANAL. It seems to me that asking for a password is about the same as asking where somethings been hidden, or asking what's in a safe/wanting something from a safe, except that the 'safe' provided by encryption isn't crackable in a reasonable amount of time. If they just wanted some records (say, logs of what that script kiddie that used my box as a proxy was doing) they don't need my password, just the data. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] tar question
i don't know if most of us are qualified to do this. file util programming can be very tricky. as proof, if you come to tonight's meeting, i'm going to talk about a *very* interesting race condition with rm. pete "i have as much free time as mark, perhaps less" salzman begin Mark K. Kim <[EMAIL PROTECTED]> > It's a chance for someone to contribute to OSS... someone go for it. > > -Mark "no-time" Kim > > On Tue, 4 Jun 2002, Shawn P. Neugebauer wrote: > > > On Tuesday 04 June 2002 02:23 pm, you wrote: > > > On Tuesday 04 June 2002 12:54 pm, you wrote: > > > [snip] > > > > > > > it _sucks royally_ that tar seems to destroy the archive when you delete > > > > an unknown file: > > > > > > > >p@satan% file test.tar > > > >test.tar: GNU tar archive > > > >p@satan% tar f test.tar --delete "test/biteme" > > > >tar: test/biteme: Not found in archive > > > >tar: Error exit delayed from previous errors > > > >p@satan% file test.tar > > > >test.tar: data > > > > > > it also deletes the archive if you don't list a file (or files). yes, this > > > is weird and were it not consistent i would call it a bug, but it's > > > probably some kind of "feature." > > > > well, this *is* a bug! i noticed it when testing stuff to answer pete's > > question, but ignored it. then we pete mentioned it again, i started > > poking around. can't find any mention of it anywhere. however, the > > tar man/info page at gnu.org says > > "if you list no member names, nothing will be deleted" > > and this is clearly violated. as pete noticed, it also destroys the > > archive if a member name is not actually a member. > > > > i reported this to bugzilla.redhat.com for version 7.1 and got a > > quick reply that "it works in 7.3." however, i just tested it with 7.3 > > and it's broken there, too; i added a comment to this. > > > > FYI, this is tar-1.13.19-4 on RH 7.1 and tar-1.13.25-4 on RH 7.3. > > > > shawn. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] tar question
It's a chance for someone to contribute to OSS... someone go for it. -Mark "no-time" Kim On Tue, 4 Jun 2002, Shawn P. Neugebauer wrote: > On Tuesday 04 June 2002 02:23 pm, you wrote: > > On Tuesday 04 June 2002 12:54 pm, you wrote: > > [snip] > > > > > it _sucks royally_ that tar seems to destroy the archive when you delete > > > an unknown file: > > > > > >p@satan% file test.tar > > >test.tar: GNU tar archive > > >p@satan% tar f test.tar --delete "test/biteme" > > >tar: test/biteme: Not found in archive > > >tar: Error exit delayed from previous errors > > >p@satan% file test.tar > > >test.tar: data > > > > it also deletes the archive if you don't list a file (or files). yes, this > > is weird and were it not consistent i would call it a bug, but it's > > probably some kind of "feature." > > well, this *is* a bug! i noticed it when testing stuff to answer pete's > question, but ignored it. then we pete mentioned it again, i started > poking around. can't find any mention of it anywhere. however, the > tar man/info page at gnu.org says > "if you list no member names, nothing will be deleted" > and this is clearly violated. as pete noticed, it also destroys the > archive if a member name is not actually a member. > > i reported this to bugzilla.redhat.com for version 7.1 and got a > quick reply that "it works in 7.3." however, i just tested it with 7.3 > and it's broken there, too; i added a comment to this. > > FYI, this is tar-1.13.19-4 on RH 7.1 and tar-1.13.25-4 on RH 7.3. > > shawn. > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech > -- Mark K. Kim http://www.cbreak.org/ PGP key available upon request. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] tar question
begin Shawn P. Neugebauer <[EMAIL PROTECTED]> > On Tuesday 04 June 2002 02:23 pm, you wrote: > > On Tuesday 04 June 2002 12:54 pm, you wrote: > > > > > it _sucks royally_ that tar seems to destroy the archive when you delete > > > an unknown file: > > > > > >p@satan% file test.tar > > >test.tar: GNU tar archive > > >p@satan% tar f test.tar --delete "test/biteme" > > >tar: test/biteme: Not found in archive > > >tar: Error exit delayed from previous errors > > >p@satan% file test.tar > > >test.tar: data > > > > it also deletes the archive if you don't list a file (or files). yes, this > > is weird and were it not consistent i would call it a bug, but it's > > probably some kind of "feature." > > well, this *is* a bug! i noticed it when testing stuff to answer pete's > question, but ignored it. then we pete mentioned it again, i started > poking around. can't find any mention of it anywhere. however, the > tar man/info page at gnu.org says > "if you list no member names, nothing will be deleted" > and this is clearly violated. as pete noticed, it also destroys the > archive if a member name is not actually a member. > > i reported this to bugzilla.redhat.com for version 7.1 and got a > quick reply that "it works in 7.3." however, i just tested it with 7.3 > and it's broken there, too; i added a comment to this. > > FYI, this is tar-1.13.19-4 on RH 7.1 and tar-1.13.25-4 on RH 7.3. i filed a bug report with debian about an hour ago. hopefully it'll find its way upstream. i'm shocked that the bug exists. you'd think that someone, somewhere would've stumbled across this data corruption bug and reported it. guess not too many people use the --delete option! prolly because it's so unintuitive. or maybe people just got tired of having their archives corrupted. lol! :-) i'll post any results i get from the debian tar package manager. pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
On Tuesday 04 June 2002 12:41 pm, Shawn P. Neugebauer wrote: > On Monday 03 June 2002 10:25 pm, you wrote: > [snip] > > > > > Why bother encrypting my swap? Losta passwords go in there in > > > > plaintext, easily recoverable with a boot disk. > > > > > > Hrm, I'd argue that this isn't true. Many applications specifically > > > pin pages so they aren't swappable (I.e. ssh). Not to mention a > > > healthy linux box shouldn't be swapping bins out to disk while they are > > > being actively used. Have you ever found a password there? > > > > Yea, I grep'ed it for fragments of several passwords I use and found > > them. > > I'm a little skeptical. What size fragment? Statistically, you may find > an arbitrary sequence if it's short enough. Did you actually try this > after having booted with a boot disk? I did it on an unused swap partition. My root password is over 12 chars long, and it found it twice before i stopped it. > In short, I think one has to be severely paranoid to want to pay the > costs (performance, physical security, time, labor, risk of data > loss--forgetting password--etc.) associated with this. A cost/benefit > analysis is called for. No risk of data loss, (it's setup as a loopback device encrypted with a random password, then a new swap filesytem is created on it) and the proformance loss isn't noticable. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] tar question
On Tuesday 04 June 2002 02:23 pm, you wrote: > On Tuesday 04 June 2002 12:54 pm, you wrote: > [snip] > > > it _sucks royally_ that tar seems to destroy the archive when you delete > > an unknown file: > > > >p@satan% file test.tar > >test.tar: GNU tar archive > >p@satan% tar f test.tar --delete "test/biteme" > >tar: test/biteme: Not found in archive > >tar: Error exit delayed from previous errors > >p@satan% file test.tar > >test.tar: data > > it also deletes the archive if you don't list a file (or files). yes, this > is weird and were it not consistent i would call it a bug, but it's > probably some kind of "feature." well, this *is* a bug! i noticed it when testing stuff to answer pete's question, but ignored it. then we pete mentioned it again, i started poking around. can't find any mention of it anywhere. however, the tar man/info page at gnu.org says "if you list no member names, nothing will be deleted" and this is clearly violated. as pete noticed, it also destroys the archive if a member name is not actually a member. i reported this to bugzilla.redhat.com for version 7.1 and got a quick reply that "it works in 7.3." however, i just tested it with 7.3 and it's broken there, too; i added a comment to this. FYI, this is tar-1.13.19-4 on RH 7.1 and tar-1.13.25-4 on RH 7.3. shawn. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Seeking: HD box, ethernet cable.
On Tue, Jun 04, 2002 at 12:11:14PM -0700, [EMAIL PROTECTED] wrote: > I have a shipping box that you can have. At this > point, I am on schedule to make the meeting tonight. Thanks. The letters will not mater, the IBM has dimensions that the box and form needs to exceed... I don't have them handy right now. Does it come with foam padding? Will you bring it to the meeting tonight? TTFN, Mike ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] tar question
On Tuesday 04 June 2002 12:54 pm, you wrote: [snip] > it _sucks royally_ that tar seems to destroy the archive when you delete > an unknown file: > >p@satan% file test.tar >test.tar: GNU tar archive >p@satan% tar f test.tar --delete "test/biteme" >tar: test/biteme: Not found in archive >tar: Error exit delayed from previous errors >p@satan% file test.tar >test.tar: data it also deletes the archive if you don't list a file (or files). yes, this is weird and were it not consistent i would call it a bug, but it's probably some kind of "feature." shawn. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] no dev file for newly installed HD
Your bootloader might be passing "hdf=ide-scsi" parameter. *If* that is the case, take the following measures: - If you are using LILO: 1. Edit /etc/lilo.conf as root. (change the line that says "hdf=ide-scsi" to "hdg=ide-scsi") 2. Run `lilo` as root. - If you are using Grub: 1. I don't know -- I don't use Grub :) You *may* also need to change some settings so your CD programs see the new device name for your CD drive, but it may or may not be necessary. It may also depend from program to program. -Mark Linux: Too many choices... makes it too confusing for the beginner... and those helping them out... On Tue, 4 Jun 2002, Kai Harris wrote: > I just installed a new 100GB Western Digital HD. It is recognized in BIOS and > it appears in dmesg. However, there is no device file in /dev. My other > hard drive is /dev/hde which is actually a sym link to > /dev/ide/host2/bus0/target0/lun0/disc. I would think that my second hard > drive (which is on the same ide controller) would be in > /dev/ide/host2/bus0/target1/lun0. However, there are no device files in this > directory either. > here is all the output from dmesg that has anything to do with ide controllers > or a hard drive: > > Kernel command line: BOOT_IMAGE=linux ro root=210a devfs=mount hdf=ide-scsi > ide_setup: hdf=ide-scsi > > Uniform Multi-Platform E-IDE driver Revision: 6.31 > ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx > PDC20265: IDE controller on PCI bus 00 dev 70 > PDC20265: chipset revision 2 > PDC20265: not 100% native mode: will probe irqs later > PDC20265: (U)DMA Burst Bit ENABLED Primary PCI Mode Secondary PCI Mode. > ide0: BM-DMA at 0xd400-0xd407, BIOS settings: hda:pio, hdb:DMA > ide1: BM-DMA at 0xd408-0xd40f, BIOS settings: hdc:pio, hdd:DMA > VP_IDE: IDE controller on PCI bus 00 dev 89 > PCI: No IRQ known for interrupt pin A of device 00:11.1. Please try using > pci=bi > osirq. > VP_IDE: chipset revision 6 > VP_IDE: not 100% native mode: will probe irqs later > VP_IDE: VIA vt8233 (rev 00) IDE UDMA100 controller on pci00:11.1 > ide2: BM-DMA at 0xd800-0xd807, BIOS settings: hde:DMA, hdf:DMA > ide3: BM-DMA at 0xd808-0xd80f, BIOS settings: hdg:DMA, hdh:pio > hde: FUJITSU MPF3102AT, ATA DISK drive > hdf: WDC WD1000BB-00CAA1, ATA DISK drive > hdg: 4X4X32, ATAPI CD/DVD-ROM drive > ide2 at 0x1f0-0x1f7,0x3f6 on irq 14 > ide3 at 0x170-0x177,0x376 on irq 15 > hde: 20015856 sectors (10248 MB) w/512KiB Cache, CHS=1245/255/63, UDMA(33) > hdg: ATAPI 32X CD-ROM CD-R/RW drive, 1024kB Cache, DMA > Uniform CD-ROM driver Revision: 3.12 > Partition check: > /dev/ide/host2/bus0/target0/lun0: p1 < p5 p6 p7 p8 p9 p10 p11 > p2 p4 > > so it seems weird that the kernel is being passed a command that tells it (I > think) that hdf should be emulated as a scsi drive. It seems to me that hdg > (my cd writer) should be the one with scsi emulation. Before installing this > HD, my cd writer worked fine. however, now it doesn't. > > cdrecord -scanbus shows: > > Cdrecord 1.11a19 (i586-mandrake-linux-gnu) Copyright (C) 1995-2002 Jörg > Schilling > cdrecord: No such file or directory. Cannot open '/dev/pg*'. Cannot open SCSI > driver. > cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are > root. > > And just to be complete, this is my fstab file (though I haven't added hdf to > it because I can't find hdf): > > /dev/hde10 / ext3 defaults 1 1 > /dev/hde5 /boot ext3 defaults 1 2 > /dev/hde6 /boot_backup ext3 defaults 1 2 > none /dev/pts devpts mode=0620 0 0 > none /dev/shm tmpfs defaults 0 0 > /dev/hde11 /home ext3 defaults 1 2 > /dev/hde4 /home/share ext3 defaults 1 2 > /mnt/cdrom /mnt/cdrom supermount > dev=/dev/scd0,fs=iso9660,ro,--,iocharset=iso885 > 9-1 0 0 > /mnt/floppy /mnt/floppy supermount > dev=/dev/fd0,fs=vfat,--,iocharset=iso8859-1,s > ync,codepage=850 0 0 > none /proc proc defaults 0 0 > /dev/hde8 /tmp ext3 defaults 1 2 > /dev/hde9 /usr ext3 defaults 1 2 > /dev/hde7 /var ext3 defaults 1 2 > /dev/hde2 swap swap defaults 0 0 > > I have two onboard ide controllers. Before installing this hard drive, i was > only using one of them. My first hard drive was master and my cdwriter was > slave. Now, i'm using both. On the primary controller, my first hard drive > is master and the new one is slave. The cd writer is set to master on the > secondary controller. It seems like somewhere linux still thinks that my > cdwriter is still slave on the primary driver (thus the ide-scsi kernel > commands). How do I go about fixing this? Ideas? Suggestions? > Thanks! > Kai Harris > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech > -- Mark K. Kim http://www.cbreak.org/ PGP key available upon request. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] no dev file for newly installed HD
I just installed a new 100GB Western Digital HD. It is recognized in BIOS and it appears in dmesg. However, there is no device file in /dev. My other hard drive is /dev/hde which is actually a sym link to /dev/ide/host2/bus0/target0/lun0/disc. I would think that my second hard drive (which is on the same ide controller) would be in /dev/ide/host2/bus0/target1/lun0. However, there are no device files in this directory either. here is all the output from dmesg that has anything to do with ide controllers or a hard drive: Kernel command line: BOOT_IMAGE=linux ro root=210a devfs=mount hdf=ide-scsi ide_setup: hdf=ide-scsi Uniform Multi-Platform E-IDE driver Revision: 6.31 ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx PDC20265: IDE controller on PCI bus 00 dev 70 PDC20265: chipset revision 2 PDC20265: not 100% native mode: will probe irqs later PDC20265: (U)DMA Burst Bit ENABLED Primary PCI Mode Secondary PCI Mode. ide0: BM-DMA at 0xd400-0xd407, BIOS settings: hda:pio, hdb:DMA ide1: BM-DMA at 0xd408-0xd40f, BIOS settings: hdc:pio, hdd:DMA VP_IDE: IDE controller on PCI bus 00 dev 89 PCI: No IRQ known for interrupt pin A of device 00:11.1. Please try using pci=bi osirq. VP_IDE: chipset revision 6 VP_IDE: not 100% native mode: will probe irqs later VP_IDE: VIA vt8233 (rev 00) IDE UDMA100 controller on pci00:11.1 ide2: BM-DMA at 0xd800-0xd807, BIOS settings: hde:DMA, hdf:DMA ide3: BM-DMA at 0xd808-0xd80f, BIOS settings: hdg:DMA, hdh:pio hde: FUJITSU MPF3102AT, ATA DISK drive hdf: WDC WD1000BB-00CAA1, ATA DISK drive hdg: 4X4X32, ATAPI CD/DVD-ROM drive ide2 at 0x1f0-0x1f7,0x3f6 on irq 14 ide3 at 0x170-0x177,0x376 on irq 15 hde: 20015856 sectors (10248 MB) w/512KiB Cache, CHS=1245/255/63, UDMA(33) hdg: ATAPI 32X CD-ROM CD-R/RW drive, 1024kB Cache, DMA Uniform CD-ROM driver Revision: 3.12 Partition check: /dev/ide/host2/bus0/target0/lun0: p1 < p5 p6 p7 p8 p9 p10 p11 > p2 p4 so it seems weird that the kernel is being passed a command that tells it (I think) that hdf should be emulated as a scsi drive. It seems to me that hdg (my cd writer) should be the one with scsi emulation. Before installing this HD, my cd writer worked fine. however, now it doesn't. cdrecord -scanbus shows: Cdrecord 1.11a19 (i586-mandrake-linux-gnu) Copyright (C) 1995-2002 Jörg Schilling cdrecord: No such file or directory. Cannot open '/dev/pg*'. Cannot open SCSI driver. cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are root. And just to be complete, this is my fstab file (though I haven't added hdf to it because I can't find hdf): /dev/hde10 / ext3 defaults 1 1 /dev/hde5 /boot ext3 defaults 1 2 /dev/hde6 /boot_backup ext3 defaults 1 2 none /dev/pts devpts mode=0620 0 0 none /dev/shm tmpfs defaults 0 0 /dev/hde11 /home ext3 defaults 1 2 /dev/hde4 /home/share ext3 defaults 1 2 /mnt/cdrom /mnt/cdrom supermount dev=/dev/scd0,fs=iso9660,ro,--,iocharset=iso885 9-1 0 0 /mnt/floppy /mnt/floppy supermount dev=/dev/fd0,fs=vfat,--,iocharset=iso8859-1,s ync,codepage=850 0 0 none /proc proc defaults 0 0 /dev/hde8 /tmp ext3 defaults 1 2 /dev/hde9 /usr ext3 defaults 1 2 /dev/hde7 /var ext3 defaults 1 2 /dev/hde2 swap swap defaults 0 0 I have two onboard ide controllers. Before installing this hard drive, i was only using one of them. My first hard drive was master and my cdwriter was slave. Now, i'm using both. On the primary controller, my first hard drive is master and the new one is slave. The cd writer is set to master on the secondary controller. It seems like somewhere linux still thinks that my cdwriter is still slave on the primary driver (thus the ide-scsi kernel commands). How do I go about fixing this? Ideas? Suggestions? Thanks! Kai Harris ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] tar question
begin Shawn P. Neugebauer <[EMAIL PROTECTED]> > On Tuesday 04 June 2002 11:56 am, you wrote: > > I think what you need is tar --delete --file test.tar b > > > > (i.e. put the list of files to delete at the end of the command line) > > note: "b" must *exactly* match the file you wish to remove. this > can often cause problems and confusion. for example, if i create > a tar file with: > tar cvf tarfile.tar ./somedirectory > then if i want to remove the file somedirectory/b from the archive, > i must use: > tar f tarfile.tar --delete "./somedirectory/b" > in other words, whatever tar displays (e.g., "./b") is what you must > specify. this was it. matt...shawn, thanks! p@satan% tar cv test/ > test.tar test/ test/a test/b p@satan% tar f test.tar --delete "test/b" p@satan% tar tf test.tar test/ test/a it _sucks royally_ that tar seems to destroy the archive when you delete an unknown file: p@satan% file test.tar test.tar: GNU tar archive p@satan% tar f test.tar --delete "test/biteme" tar: test/biteme: Not found in archive tar: Error exit delayed from previous errors p@satan% file test.tar test.tar: data bleah! pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] book recommendation: php
I don't have the pocket reference to compare, but after glancing through the online reference, I think the pocket reference might be the printed, smaller version of the online reference :) -Mark On Tue, 4 Jun 2002, Peter Jay Salzman wrote: > i think i might go with just using the online reference, but also > picking up the o'reilly pocket reference from nerdbooks.com for off-line > reading. > > using the online manual, i was able to whip this up in just a few > *minutes*. it's quite a good manual! > > http://www.dirac.org/p/crypto/index.php3 > > basically, it takes a string and encrypts it using a single substitution > cipher. eventually, i'd like to turn this into an interactive > cryptogram site. > > php is _cool_. > > ok, curiosity satified. going back to real work... > > pete > > > > > begin David Margolis <[EMAIL PROTECTED]> > > > > I second Rod's opinion. Of the two PHP books I've tried (Professional > > PHP by Wrox and the PHP Blackbook) I've found the content to jump from > > basic programming to not-very-helpful-yet-complecated examples. I started > > mostly with the manual, and I still use it every day. The only downside > > of the manual is that if you don't know it exists, you don't know to go > > looking for it, and you might find it easier in a good "in a nutshell" > > style book ... > > > > Here's an example. I spent way more time than I needed to writing a > > string parsing routine that stipped ascii returns and replaced them with > > ("\n" to ""). After struggling with it not quite doing what I > > wanted, I found that php has a function that does just that. > > > > So it all depends on how you work/search. > > > > Dave > > > > > > On Tue, 4 Jun 2002, Rod Roark wrote: > > > > > I've always just used their on-line manual. It's very good. > > > > > > http://www.php.net/manual/en/ > > > > > > -- Rod > > >http://www.sunsetsystems.com/ > > > > > > On Tuesday 04 June 2002 08:49 am, Peter Jay Salzman wrote: > > > > if i were to have just *one* book on php, what would people recommend? > > > > > > > > i'd prefer to have a book that assumes i know what a if/else do/while > > > > constructs are. i know what arrays and strings are; i just want to > > > > know how to do them with php. :) > > > > > > > > so maybe a good reference book. i've found o'reilly's html book to be > > > > precisely what i'm looking for (for html). > > > > > > > > any recommendations for php? > > > > > > > > pete > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech > -- Mark K. Kim http://www.cbreak.org/ PGP key available upon request. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
On Monday 03 June 2002 10:25 pm, you wrote: [snip] > > > Why bother encrypting my swap? Losta passwords go in there in > > > plaintext, easily recoverable with a boot disk. > > > > Hrm, I'd argue that this isn't true. Many applications specifically pin > > pages so they aren't swappable (I.e. ssh). Not to mention a healthy > > linux box shouldn't be swapping bins out to disk while they are being > > actively used. Have you ever found a password there? > > Yea, I grep'ed it for fragments of several passwords I use and found them. I'm a little skeptical. What size fragment? Statistically, you may find an arbitrary sequence if it's short enough. Did you actually try this after having booted with a boot disk? Even assuming it is a potential problem, has anyone done some simple web research? This *cannot* be a new concern. Before people start throwing around possible solutions, fixes, patches, etc. it would be good to look around for what is already known here, and it's certain to be quite a bit. Here are a two interesting references I found in 30 seconds: http://www.citi.umich.edu/u/provos/papers/swapencrypt.ps.gz http://mail-index.netbsd.org/tech-kern/2001/06/04/0013.html In short, I think one has to be severely paranoid to want to pay the costs (performance, physical security, time, labor, risk of data loss--forgetting password--etc.) associated with this. A cost/benefit analysis is called for. shawn. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] tar question
pete, matt's syntax is correct; try the procedure from the beginning. you may have already inadvertently deleted the archive (try "tar tf test.tar" to find out). remember, whatever tar displays as the filename (e.g., using "tar tf") is what you must specify, and should probably get in the habit of surrounding it with double quotes. shawn. On Tuesday 04 June 2002 12:07 pm, you wrote: > hi matt, are you sure? > >p@satan% file test.tar >test.tar: GNU tar archive > >p@satan% tar --delete --file test.tar b >tar: b: Not found in archive >tar: Error exit delayed from previous errors > >p@satan% file test.tar >test.tar: data > > not only doesn't it remove b from my tar file, it seems to destroy the > tar file! ick! > > pete > > > > begin Matt Roper <[EMAIL PROTECTED]> > > > I think what you need is tar --delete --file test.tar b > > > > (i.e. put the list of files to delete at the end of the command line) > > > > > > Matt > > > > On Tue, Jun 04, 2002 at 11:45:58AM -0700, Peter Jay Salzman wrote: > > > how do you delete a file from an archive? i did: > > > > > > mkdir test > > > cd test > > > echo "hello" > a > > > echo "hello" > b > > > cd .. > > > tar cv test > test.tar > > > > > > then: > > > > > > tar --delete b --file test.tar > > > tar --delete test/b --file test.tar > > > > > > both time i get > > > > > > tar: b: Not found in archive > > > > > > > > > how do i delete a file from a tar archive? without doing something > > > dumb like untarring, deleting and retarring. > > > > > > pete > > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] tar question
On Tuesday 04 June 2002 11:56 am, you wrote: > I think what you need is tar --delete --file test.tar b > > (i.e. put the list of files to delete at the end of the command line) yes. alternately, tar f test.tar --delete "b" fyi: i often use "tar cvf tarfile.tar ./somedirectory" to create, verbosely, a tar file containing all the stuff in somedirectory, rather than using redirection to create the file. add a "z" (i.e., cvfz) to compress it. note: "b" must *exactly* match the file you wish to remove. this can often cause problems and confusion. for example, if i create a tar file with: tar cvf tarfile.tar ./somedirectory then if i want to remove the file somedirectory/b from the archive, i must use: tar f tarfile.tar --delete "./somedirectory/b" in other words, whatever tar displays (e.g., "./b") is what you must specify. shawn. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Seeking: HD box, ethernet cable.
I have a shipping box that you can have. At this point, I am on schedule to make the meeting tonight. It does have Compaq in big letters on it, but that's kind of a moot point now. -sp [EMAIL PROTECTED] wrote > > Morning, > > HD Box: > I'm looking to borrow a box to ship a standard 3.5" hard drive, need > foam padding box, included. To ship a IBM drive back for replacement. > If you don't want the return box back afterwards that's okay. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] tar question
hi matt, are you sure? p@satan% file test.tar test.tar: GNU tar archive p@satan% tar --delete --file test.tar b tar: b: Not found in archive tar: Error exit delayed from previous errors p@satan% file test.tar test.tar: data not only doesn't it remove b from my tar file, it seems to destroy the tar file! ick! pete begin Matt Roper <[EMAIL PROTECTED]> > I think what you need is tar --delete --file test.tar b > > (i.e. put the list of files to delete at the end of the command line) > > > Matt > > On Tue, Jun 04, 2002 at 11:45:58AM -0700, Peter Jay Salzman wrote: > > how do you delete a file from an archive? i did: > > > > mkdir test > > cd test > > echo "hello" > a > > echo "hello" > b > > cd .. > > tar cv test > test.tar > > > > then: > > > > tar --delete b --file test.tar > > tar --delete test/b --file test.tar > > > > both time i get > > > > tar: b: Not found in archive > > > > > > how do i delete a file from a tar archive? without doing something dumb > > like untarring, deleting and retarring. > > > > pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Seeking: HD box, ethernet cable.
On Tue, Jun 04, 2002 at 02:37:21PM -0400, [EMAIL PROTECTED] wrote: > Morning, > > HD Box: > I'm looking to borrow a box to ship a standard 3.5" hard drive, need > foam padding box, included. To ship a IBM drive back for replacement. > If you don't want the return box back afterwards that's okay. > > Ethernet cable: > If anyone has a spool of Ethernet cable and a crimper that they would > consider loaning out please let me know. I'd like to do a two day > wiring project... I doubt I need more than 30 meters of cable but I'll > compensate for the supplies (cable, tips). > > TTFN, > Mike You can borrow my crimper. ACE hardware has ethernet cable for 20 dents IIRC. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Seeking: HD box, ethernet cable.
[EMAIL PROTECTED] wrote: >Morning, > >HD Box: > I'm looking to borrow a box to ship a standard 3.5" hard drive, need >foam padding box, included. To ship a IBM drive back for replacement. >If you don't want the return box back afterwards that's okay. > >Ethernet cable: > If anyone has a spool of Ethernet cable and a crimper that they would >consider loaning out please let me know. I'd like to do a two day >wiring project... I doubt I need more than 30 meters of cable but I'll >compensate for the supplies (cable, tips). > >TTFN, > Mike > > Hi Mike, I actually have both a box and cable. The hard drive box is labled Maxtor all over it (retail package). You may want to just use the foam from it though and put it in another box. The cable is blue cat5 cable. Crimper is just a simple Radio Shack model (I misplaced my high end Amp model) and I think I may have a few RJ45 connectors. Stephen ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] tar question
I think what you need is tar --delete --file test.tar b (i.e. put the list of files to delete at the end of the command line) Matt On Tue, Jun 04, 2002 at 11:45:58AM -0700, Peter Jay Salzman wrote: > how do you delete a file from an archive? i did: > > mkdir test > cd test > echo "hello" > a > echo "hello" > b > cd .. > tar cv test > test.tar > > then: > > tar --delete b --file test.tar > tar --delete test/b --file test.tar > > both time i get > > tar: b: Not found in archive > > > how do i delete a file from a tar archive? without doing something dumb > like untarring, deleting and retarring. > > pete > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech -- * * Matt Roper <[EMAIL PROTECTED]>* * http://www.mattrope.com * * PGP Key: http://www.mattrope.com/mattrope.asc * * ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] tar question
how do you delete a file from an archive? i did: mkdir test cd test echo "hello" > a echo "hello" > b cd .. tar cv test > test.tar then: tar --delete b --file test.tar tar --delete test/b --file test.tar both time i get tar: b: Not found in archive how do i delete a file from a tar archive? without doing something dumb like untarring, deleting and retarring. pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Seeking: HD box, ethernet cable.
Morning, HD Box: I'm looking to borrow a box to ship a standard 3.5" hard drive, need foam padding box, included. To ship a IBM drive back for replacement. If you don't want the return box back afterwards that's okay. Ethernet cable: If anyone has a spool of Ethernet cable and a crimper that they would consider loaning out please let me know. I'd like to do a two day wiring project... I doubt I need more than 30 meters of cable but I'll compensate for the supplies (cable, tips). TTFN, Mike Ob tech thing: Those IBM 75GXP drives that start making noises and losing data, are interesting. Back on April 1, I started having bad noises coming out of one of these, and powered the drive off for a few weeks. I had one very large (70 Gig) ext3 filesystem on the drive, and in the end about 16 unreadable blocks... I don't notice any of the important files missing from the filesystem. If anyone needs to recover a filesystem from a bad drive I recommend the following steps: 1 - Get a drive that is bigger than the largest partition on the bad drive. Repeat the following for each partition. 2 - Get "dd_rescue" (1) and give it a few passes at the partition. Once you are tired of the bad noises, stop. 3 - Fsck the resulting file... 4 - loopback mount the file... 5 - copy your data out of the loopback mount to some safe place. 6 - unmount and nuke the file. 7 - Wipe drive (with badblocks -svw) 8 - Contact the vendor of drive, get RMA and box, then ship drive. Also IBM provides a "hard drive fitness test" program, which comes in the form of a bootable floppy disk image, and can be used to test the drive for problems, reallocate bad sectors, and reformat the drive. This program appears to work on other makes of drives, not just IBM and not just IDE. The drive test failed with error code 0x70, the reallocate bad sectors failed with 0x70, but the drive format worked (unfortunately). So now I have a 80-ish Gig hard drive that when badblocks runs over it (I did three -w passes) shows no signs of problems. I'm not sure if I'm going to be able to RMA it now... but I'll worry about that after I have shipping materials. 1) http://www.garloff.de/kurt/linux/ddrescue/ >* dd_rescue does not abort on errors on the input file, unless you > specify a maximum error number. Then dd_rescue will abort when > this number is reached. >* dd_rescue does not truncate the output file, unless asked to. >* You can tell dd_rescue to start from the end of a file and move > backwards. >* It uses two block sizes, a large (soft) block size and a small > (hard) block size. In case of errors, the size falls back to the > small one and is promoted again after a while without errors. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] book recommendation: php
i think i might go with just using the online reference, but also picking up the o'reilly pocket reference from nerdbooks.com for off-line reading. using the online manual, i was able to whip this up in just a few *minutes*. it's quite a good manual! http://www.dirac.org/p/crypto/index.php3 basically, it takes a string and encrypts it using a single substitution cipher. eventually, i'd like to turn this into an interactive cryptogram site. php is _cool_. ok, curiosity satified. going back to real work... pete begin David Margolis <[EMAIL PROTECTED]> > > I second Rod's opinion. Of the two PHP books I've tried (Professional > PHP by Wrox and the PHP Blackbook) I've found the content to jump from > basic programming to not-very-helpful-yet-complecated examples. I started > mostly with the manual, and I still use it every day. The only downside > of the manual is that if you don't know it exists, you don't know to go > looking for it, and you might find it easier in a good "in a nutshell" > style book ... > > Here's an example. I spent way more time than I needed to writing a > string parsing routine that stipped ascii returns and replaced them with > ("\n" to ""). After struggling with it not quite doing what I > wanted, I found that php has a function that does just that. > > So it all depends on how you work/search. > > Dave > > > On Tue, 4 Jun 2002, Rod Roark wrote: > > > I've always just used their on-line manual. It's very good. > > > > http://www.php.net/manual/en/ > > > > -- Rod > >http://www.sunsetsystems.com/ > > > > On Tuesday 04 June 2002 08:49 am, Peter Jay Salzman wrote: > > > if i were to have just *one* book on php, what would people recommend? > > > > > > i'd prefer to have a book that assumes i know what a if/else do/while > > > constructs are. i know what arrays and strings are; i just want to > > > know how to do them with php. :) > > > > > > so maybe a good reference book. i've found o'reilly's html book to be > > > precisely what i'm looking for (for html). > > > > > > any recommendations for php? > > > > > > pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] book recommendation: php
I second Rod's opinion. Of the two PHP books I've tried (Professional PHP by Wrox and the PHP Blackbook) I've found the content to jump from basic programming to not-very-helpful-yet-complecated examples. I started mostly with the manual, and I still use it every day. The only downside of the manual is that if you don't know it exists, you don't know to go looking for it, and you might find it easier in a good "in a nutshell" style book ... Here's an example. I spent way more time than I needed to writing a string parsing routine that stipped ascii returns and replaced them with ("\n" to ""). After struggling with it not quite doing what I wanted, I found that php has a function that does just that. So it all depends on how you work/search. Dave On Tue, 4 Jun 2002, Rod Roark wrote: > I've always just used their on-line manual. It's very good. > > http://www.php.net/manual/en/ > > -- Rod >http://www.sunsetsystems.com/ > > On Tuesday 04 June 2002 08:49 am, Peter Jay Salzman wrote: > > if i were to have just *one* book on php, what would people recommend? > > > > i'd prefer to have a book that assumes i know what a if/else do/while > > constructs are. i know what arrays and strings are; i just want to > > know how to do them with php. :) > > > > so maybe a good reference book. i've found o'reilly's html book to be > > precisely what i'm looking for (for html). > > > > any recommendations for php? > > > > pete > > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech > ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
> > > I'm able to memorize fairly long passwords of random garbage... My > > > password for stuff I want secure (pgp private key, disks) is over 200 > > > bits of random garbage (counting 6.5 bits per char) > > > > Sounds great, although if someone throws your ass in jail till you > > give up your key, you will have a difficult choice. To easily destroy > > the key in a unrecoverable way makes it harder to be held in contempt of > > course since you can't get the key back even if you want to. > > I thought the 5th amendment would prevent that. Am I just ignorant? There are two problems with that argument. First, it does not protect you in a civil trial where you did not necessarily break the law, but you are being sued (or harassed) for something non-criminal. Second, I'm not sure, but I think that the password can be subpoenaed from you even in criminal matters because it probably is not directly criminal. I guess you could claim your 5th amendment rights by having a password like "I killed Nicole Simpson" and if you were OJ you might be protected. Even then they could probably give you transactional immunity on the password or firewall the password from the prosecution and either make you tell it or hold you in contempt. Wasn't that part of the Mitnick trial??? You would have to ask a lawyer about the second one. When you want to keep something from being subpoenaed, I think your best defense is to have a zero knowledge file system. My understanding of this is a little weak, but from what I remember each file password combination get equally distributed on the file system. I think that the prosecution has to ask for something specific, but again IANAL. Joel ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] book recommendation: php
I was about to suggest the PDF at http://www.php.net/download-docs.php, but it's 1932 pages... ;-) -- Rod http://www.sunsetsystems.com/ On Tuesday 04 June 2002 09:03 am, Peter Jay Salzman wrote: > wow -- that *is* a good manual. > > if i can get this in print so i can read it while i'm away from the > computer, i'm sold! > > pete > > > begin Rod Roark <[EMAIL PROTECTED]> > > > I've always just used their on-line manual. It's very good. > > > > http://www.php.net/manual/en/ > > > > -- Rod > >http://www.sunsetsystems.com/ > > > > On Tuesday 04 June 2002 08:49 am, Peter Jay Salzman wrote: > > > if i were to have just *one* book on php, what would people recommend? > > > > > > i'd prefer to have a book that assumes i know what a if/else do/while > > > constructs are. i know what arrays and strings are; i just want to > > > know how to do them with php. :) > > > > > > so maybe a good reference book. i've found o'reilly's html book to be > > > precisely what i'm looking for (for html). > > > > > > any recommendations for php? > > > > > > pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Which cipher to use?
On Monday 03 June 2002 10:41 pm, Bill Broadley wrote: > On Mon, Jun 03, 2002 at 10:25:23PM -0700, Ryan wrote: > > > Hrm, I'd test them yourself, I've seen numerous benchmarks, > > > particularly in sci.crypt. It depends quite a bit on your > > > implementation and hardware. > > > > > > I'd guess blowfish would be fastest since it was designed to be fast > > > with 32 bit cpu's, avoiding things like the DES proclivity for bit ops. > > > > I poked around a bit, and it looks like AES and twofish use the fewest > > CPU cycles. > > Interesting, I found a AES comparison, but it didn't include blofish. blowfish wasn't even considered for becoming the AES standard. It's slower then the current AES standard. > > > A much faster method might be to zero out your swap on shutdown. > > > > Wouldn't be zeroed out on a dirty shutdown. > > True, linux can usually avoid those, at least with a UPS to insure > someone doesn't cut power to achieve that end. Doesn't stop someone from flipping the power switch or unpluging it > > I'm able to memorize fairly long passwords of random garbage... My > > password for stuff I want secure (pgp private key, disks) is over 200 > > bits of random garbage (counting 6.5 bits per char) > > Sounds great, although if someone throws your ass in jail till you > give up your key, you will have a difficult choice. To easily destroy > the key in a unrecoverable way makes it harder to be held in contempt of > course since you can't get the key back even if you want to. I thought the 5th amendment would prevent that. Am I just ignorant? ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] book recommendation: php
Check out "PHP and MySQL Web Development" by Welling and Thomson, published by Sams Publishing (www.samspublishing.com). -- Tim Riley Peter Jay Salzman wrote: > if i were to have just *one* book on php, what would people recommend? > > i'd prefer to have a book that assumes i know what a if/else do/while > constructs are. i know what arrays and strings are; i just want to > know how to do them with php. :) > > so maybe a good reference book. i've found o'reilly's html book to be > precisely what i'm looking for (for html). > > any recommendations for php? > > pete > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] book recommendation: php
wow -- that *is* a good manual. if i can get this in print so i can read it while i'm away from the computer, i'm sold! pete begin Rod Roark <[EMAIL PROTECTED]> > I've always just used their on-line manual. It's very good. > > http://www.php.net/manual/en/ > > -- Rod >http://www.sunsetsystems.com/ > > On Tuesday 04 June 2002 08:49 am, Peter Jay Salzman wrote: > > if i were to have just *one* book on php, what would people recommend? > > > > i'd prefer to have a book that assumes i know what a if/else do/while > > constructs are. i know what arrays and strings are; i just want to > > know how to do them with php. :) > > > > so maybe a good reference book. i've found o'reilly's html book to be > > precisely what i'm looking for (for html). > > > > any recommendations for php? > > > > pete > > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] book recommendation: php
PHP Pocket Reference by O'Reilly. It's very concise (and cheap! -- $9.95 cover price, or $6.07 Nerdbooks.com) and explains the PHP-ism in terms of C/PERL/BASH-isms in the first twenty or thirty pages or so, and the rest is function reference. The more up-to-date reference is, of course, online. Haven't had the need for any other PHP book. -Mark On Tue, 4 Jun 2002, Peter Jay Salzman wrote: > if i were to have just *one* book on php, what would people recommend? > > i'd prefer to have a book that assumes i know what a if/else do/while > constructs are. i know what arrays and strings are; i just want to > know how to do them with php. :) > > so maybe a good reference book. i've found o'reilly's html book to be > precisely what i'm looking for (for html). > > any recommendations for php? > > pete > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech > -- Mark K. Kim http://www.cbreak.org/ PGP key available upon request. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] book recommendation: php
I've always just used their on-line manual. It's very good. http://www.php.net/manual/en/ -- Rod http://www.sunsetsystems.com/ On Tuesday 04 June 2002 08:49 am, Peter Jay Salzman wrote: > if i were to have just *one* book on php, what would people recommend? > > i'd prefer to have a book that assumes i know what a if/else do/while > constructs are. i know what arrays and strings are; i just want to > know how to do them with php. :) > > so maybe a good reference book. i've found o'reilly's html book to be > precisely what i'm looking for (for html). > > any recommendations for php? > > pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] book recommendation: php
On Tue, Jun 04, 2002 at 08:49:30AM -0700, Peter Jay Salzman wrote: > > any recommendations for php? If you can wait until July, you can ask the author of PHP himself. ;) Of course, he's also the author of O'Reilly's "Programming PHP," so he might be just a BIT biased. ;) -bill! ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] book recommendation: php
if i were to have just *one* book on php, what would people recommend? i'd prefer to have a book that assumes i know what a if/else do/while constructs are. i know what arrays and strings are; i just want to know how to do them with php. :) so maybe a good reference book. i've found o'reilly's html book to be precisely what i'm looking for (for html). any recommendations for php? pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] ssh tunneling
[bloom@cat-in-the-hat ~]% ssh -L 12345:green.ucdavis.edu:143 [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Last login: Tue Jun 4 00:26:10 2002 from d23-115.tercero NOTICE: this host, pop12, is a special server NOTICE: interactive logins are not allowed NOTICE: kabloom is not authorized to use this host NOTICE: for information on checking email, go to NOTICE: http://scg.ucdavis.edu/email/checking.html Connection to green.ucdavis.edu closed. [bloom@cat-in-the-hat ~]% ssh -L 12345:green.ucdavis.edu:143 [EMAIL PROTECTED] -N [EMAIL PROTECTED]'s password: Killed by signal 2. [bloom@cat-in-the-hat ~]% ssh -L 12345:localhost:143 [EMAIL PROTECTED] -N [EMAIL PROTECTED]'s password: Killed by signal 2. "Killed by signal 2" means I hit Ctrl-C when it became eminently clear that the green.ucdavis.edu wasn't about to complain that I wasn't authorized to use their system. So if the error message from the first run is what you were seeing, then try adding the -N option. [bloom@cat-in-the-hat ~]% head .muttrc # imap and ssl settings set certificate_file=~/.mutt_certificates set imap_user=kabloom set imap_force_ssl=yes set spoolfile=imap://green.ucdavis.edu/INBOX set folder=imap://green.ucdavis.edu/ mailboxes imap://green.ucdavis.edu/INBOX /var/spool/mail/bloom # use `mutt -y` to be able to view local mail Considering that this snippet of my .muttrc works fine for me, I would say that campus does support SSL. > ---ORIGINAL MESSAGE--- > Date: Mon, 3 Jun 2002 18:14:57 -0700 (PDT) > From: Gabriel Rosa <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: [vox-tech] ssh tunneling > Reply-To: [EMAIL PROTECTED] > > > hey all, > > I'm trying to set up an encrypted imap tunnel to campus using ssh. > However, when I try to do: > > ssh -L 12345:localhost:143 purple.ucdavis.edu > > it tells me i'm not allowed to log in to purple.ucdavis.edu > > Campus doesn't handle imap over ssl, and if I can't log in to the server > via interactive shell, I don't think I can tunnel with ssh. > > is this hopeless? any ideas? > > thanks, > -Gabe ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech