thought you would find this interesting...
I get a LOT of political spam on one of my mails due to hosting a
political site once.
I have been slowly blacklisting the bulk companies and 'the net' of
private people
pushing political spam.
There is one guy who has been sending me stuff for years a
On Mon, Apr 2, 2012 at 7:33 PM, Adam Tauno Williams
wrote:
> On Mon, 2012-04-02 at 09:59 -0500, Les Mikesell wrote:
>> On Mon, Apr 2, 2012 at 9:39 AM, Peter Eckel wrote:
>> > When there really is a requirement that the external server allows
>> only a single address to access it and that can't b
On Mon, 2012-04-02 at 11:11 -0400, Stephen Harris wrote:
> On Mon, Apr 02, 2012 at 04:39:17PM +0200, Peter Eckel wrote:
> > network. Security-wise there is no difference as you'll never get smaller
> > allocations than /64 per site anyway, so what with respect to filterin
> *gigglefit
> One of my p
On Mon, 2012-04-02 at 09:59 -0500, Les Mikesell wrote:
> On Mon, Apr 2, 2012 at 9:39 AM, Peter Eckel wrote:
> > When there really is a requirement that the external server allows
> only a single address to access it and that can't be changed, you
> could resort to using a proxy.
> What is typical
On Mon, Apr 2, 2012 at 2:04 PM, Boris Epstein wrote:
> Hello listamates,
>
> Has anyone tried 6.2? How good is it? Should I specifically download it to
> install on a new server I am configuring - or is 6.0 good enough in your
> opinion?
CentOS 6.2 is just a CentOS 6.0 install with all the update
Hello listamates,
Has anyone tried 6.2? How good is it? Should I specifically download it to
install on a new server I am configuring - or is 6.0 good enough in your
opinion?
Thanks.
Boris.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.
On Mon, 2012-04-02 at 10:43 -0400, Lamar Owen wrote:
> On Saturday, March 31, 2012 06:29:49 PM John Stanley wrote:
> > On Sat, 2012-03-31 at 12:38 -0400, Lamar Owen wrote:
> > > On Wednesday, March 28, 2012 06:29:12 AM Karanbir Singh wrote:
> > > > you can still run a vnc install from the netinstal
On Mon, Apr 2, 2012 at 10:52 AM, Lamar Owen wrote:
> On Monday, April 02, 2012 11:27:54 AM John Doe wrote:
>> ...self-compiled...
>
> As Jamie Hyneman would say, "well, there's your problem."
Isn't most of the point of running servers to provide a unique service?
--
Les Mikesell
lesmike
On Fri, Mar 30, 2012 at 01:33:10PM -0700, Aaron Blew wrote:
> UPDATE
>
> I rolled a new kernel that's identical to the stock CentOS 2.6.32-220.el6
> kernel with the exception of the new idmapper being enabled. Unfortunately
> there's been no improvement.
>
> Did you get a chance to try the RHEL
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ..
Ned Slider wrote:
> On 02/04/12 15:10, Lamar Owen wrote:
>> On Monday, April 02, 2012 08:51:46 AM Les Mikesell wrote:
>>> Another statistic I'd like to see is how much admin time this costs on
>>> the average to learn and implement.
>>
>> No more than proper firewalling techniques cost, really.
>>
Hi Les (sorry for calling you 'Lee' before),
> What is typical or reasonable for source address restrictions? That
> is, if there are 2 global organizations, and one wants to increase
> the security on access to a service by limiting to the source
> addresses that might come from the other, is th
On Monday, April 02, 2012 10:34:58 AM Les Mikesell wrote:
> So at least another grumpy, overworked full-time administrator for a
> typical company?
Perhaps. It depends upon how willing the existing admins are to learn
something new, and on how overworked they are.
I'm as overworked as anyone; i
On Monday, April 02, 2012 11:27:54 AM John Doe wrote:
> ...self-compiled...
As Jamie Hyneman would say, "well, there's your problem."
Having said that, I run Plone on a few sites, and the only way to run Plone
reliably on CentOS is to use the Plone-distributed unified installer, which
compiles
On Monday, April 02, 2012 11:11:29 AM Stephen Harris wrote:
> One of my providers gave me a single(!) IPv6 address. Another one has
> subdivided a /64 into multiple /96's (one for each customer).
>
> You might want to rethink the /64 concept!
Subscribe to the NANOG list, and let that group know
On Mon, Apr 02, 2012 at 05:30:57PM +0200, Peter Eckel wrote:
> Hi Stephen,
> > Another one has subdivided a /64 into multiple /96's (one for each
> > customer).
>
> Yuck. That doesn't make sense at all.
>
> SLAAC won't work, Privacy Extensions won't work ... you're stuck with static
> addres
On 02/04/12 15:10, Lamar Owen wrote:
> On Monday, April 02, 2012 08:51:46 AM Les Mikesell wrote:
>> Another statistic I'd like to see is how much admin time this costs on
>> the average to learn and implement.
>
> No more than proper firewalling techniques cost, really.
>
>> Has anyone really measu
Hi Stephen,
> *gigglefit*
>
> One of my providers gave me a single(!) IPv6 address.
Actually that's at least something the IETF has thought of ... if it is certain
that one and only one device will be connected. I'm not actually sure what use
case there is for such a connection, but at least
From: Lamar Owen
> On Monday, April 02, 2012 08:51:46 AM Les Mikesell wrote:
>> Another statistic I'd like to see is how much admin time this costs on
>> the average to learn and implement.
> No more than proper firewalling techniques cost, really.
Depends...
Takes me 1mn to open a www port
On Mon, Apr 02, 2012 at 04:39:17PM +0200, Peter Eckel wrote:
> network. Security-wise there is no difference as you'll never get smaller
> allocations than /64 per site anyway, so what with respect to filtering
*gigglefit*
One of my providers gave me a single(!) IPv6 address. Another one has
su
On Sun, Apr 1, 2012 at 12:43 PM, Eero Volotinen wrote:
> 2012/3/30 Les Mikesell :
>> What is different about the initial startup of iptables than 'service
>> iptables restart' (and different from C5)? I want to use iptables
>> port redirection to send port 80 to 8080 so a java web service doesn
On Mon, Apr 2, 2012 at 9:39 AM, Peter Eckel wrote:
>
>> So what does that mean for a client application (http/ftp,etc.) where
>> you might have local firewalls permitting things for internal-subnet
>> source ranges but you also have external targets that only accept
>> pre-configured static source
On Saturday, March 31, 2012 06:29:49 PM John Stanley wrote:
> On Sat, 2012-03-31 at 12:38 -0400, Lamar Owen wrote:
> > On Wednesday, March 28, 2012 06:29:12 AM Karanbir Singh wrote:
> > > you can still run a vnc install from the netinstall emdia and get the
> > > complete installer going.
> >
> >
Hi Lee,
> So what does that mean for a client application (http/ftp,etc.) where
> you might have local firewalls permitting things for internal-subnet
> source ranges but you also have external targets that only accept
> pre-configured static sources?
Are you referring to the situation where you
On Mon, Apr 2, 2012 at 9:10 AM, Lamar Owen wrote:
> On Monday, April 02, 2012 08:51:46 AM Les Mikesell wrote:
>> Another statistic I'd like to see is how much admin time this costs on
>> the average to learn and implement.
>
> No more than proper firewalling techniques cost, really.
>
So at least
On 04/02/2012 01:59 PM, Ljubomir Ljubojevic wrote:
> On 03/15/2012 02:13 PM, Patrick Lists wrote:
>> Hi,
>>
>> My Google foo came up empty. Does anyone know where I can find a Grails
>> 1.3.x (S)RPM?
>>>
> I do not see any rpm past history of once existing 1.0.4 version back in
> 2008.
Thanks Lju
On Monday, April 02, 2012 08:51:46 AM Les Mikesell wrote:
> Another statistic I'd like to see is how much admin time this costs on
> the average to learn and implement.
No more than proper firewalling techniques cost, really.
> Has anyone really measured this?
Probably not.
> Are there tra
Les Mikesell wrote:
> On Mon, Apr 2, 2012 at 5:28 AM, Johnny Hughes wrote:
>>>
>>> Just wondering if there is any statiscs report of selinxu usages in
>>> production environment? I know some still turn it off.
>>
>> If you have machines purposely serving things to the masses on the
>> Internet
On Mon, Apr 2, 2012 at 5:28 AM, Johnny Hughes wrote:
>>
>> Just wondering if there is any statiscs report of selinxu usages in
>> production environment? I know some still turn it off.
>
> If you have machines purposely serving things to the masses on the
> Internet, you should take the time t
On Mon, Apr 2, 2012 at 5:28 AM, Peter Eckel wrote:
>
> Routing tables won't do much for you when you have several different IP
> addresses (stateless autocnfigured, privacy extension and static) within the
> same network on the same physical interface - they'll all use the same route.
> The lon
On 03/15/2012 02:13 PM, Patrick Lists wrote:
> Hi,
>
> My Google foo came up empty. Does anyone know where I can find a Grails
> 1.3.x (S)RPM?
>
I do not see any rpm past history of once existing 1.0.4 version back in
2008.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Eur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Adam,
> Typically the routing table does a lot of work. Much like 127.0.0.0/8
> the mask of a link-local will make it unprefered by 'public' traffic.
> There is also a syntax for specifying the outbound interface for
> traffic.
Routing tables w
On 03/31/2012 10:31 PM, Min Wang wrote:
> hi
>
> Just wondering if there is any statiscs report of selinxu usages in
> production environment? I know some still turn it off.
If you have machines purposely serving things to the masses on the
Internet, you should take the time to make SELinux w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Adam,
> You can explicitly turn in off on every type of client. Then wait till
> you want to do it.
agreed. The problem is that you can, and you actually *must* do it. Doing
nothing leaves v6 on by default on most modern operating systems.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Adam,
> Or you assign the rule to the interface, rather than the address.
> Nothing new, that is how firewalls work on DHCP clients today.
that will be pretty difficult on the perimeter router ...
Best regards,
Peter.
-BEGIN PGP SIGNAT
On Sat, 2012-03-31 at 16:38 -0500, Les Mikesell wrote:
> On Sat, Mar 31, 2012 at 3:24 PM, Peter Eckel wrote:
> > 1. Each interface on an IPv6 enabled machine has several addresses.
> > 2. Except for the Privacy Extension address(es), auto-configured a
> How do applications choose the correct outbo
On Sat, 2012-03-31 at 15:06 +0200, Peter Eckel wrote:
> Hi Adam,
> > And recent computer or distributions is sitting their quietly waiting
> > for it's IPv6 address to arrive - probably automatically, via auto
> > discovery. Clients are trivial.
> ... and that is EXACTLY the biggest problem with
On Sat, 2012-03-31 at 19:52 +0200, Tilman Schmidt wrote:
> Am 31.03.2012 17:37, schrieb Les Mikesell:
> > On Sat, Mar 31, 2012 at 8:06 AM, Peter Eckel wrote:
> >> So, before you do anything else, set up proper incoming and outgoing IPv6
> >> port filtering rules on your perimeter routers. It will
Dear Natraj, Thank you very much for your response, this is really greate
solution and I did not know about it.
Very good stuff indeed. I love it.
Thanks Natraj, for your greate advice.
Prabhpal
> On 04/01/2012 09:06 AM, Prabhpal S. Mavi wrote:
>> Dear Friends Greetings,
>>
>> i wish to setup SPF
39 matches
Mail list logo