From sage-members-owner@usenix.org Mon Jan 1 14:33:17 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f01MMqR07605 for sage-members-outgoing; Mon, 1 Jan 2001 14:22:52 -0800 (PST) Received: from mail.ben-tech.com (colo-204-186-59-225.dejazzd.com [204.186.59.225]) by usenix.org (8.11.0/8.11.0) with SMTP id f01MMou07601 for ; Mon, 1 Jan 2001 14:22:50 -0800 (PST) Received: (qmail 20762 invoked from network); 1 Jan 2001 20:35:42 -0000 Received: from unknown (HELO kensei) (192.168.253.1) by 192.168.253.3 with SMTP; 1 Jan 2001 20:35:42 -0000 Message-Id: <4.2.0.58.20010101152035.009d0500@mail.ben-tech.com> X-Sender: brs@mail.ben-tech.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Mon, 01 Jan 2001 15:31:25 -0500 To: sage-members@usenix.org From: Bennett Samowich Subject: Palm devices Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-sage-members@usenix.org Precedence: bulk Greetings, First off, let me wish everyone very Happy New Year... I have been contemplating the purchase of some sort of palm device to replace my paper day runner. However, I am torn between the PDA's and Palm Tops. My interpretation of the two is that PDA's are pretty much an electronic day runner and the Palm Tops run more of an operating system (e.g. Windows or Linux). I also realize that intended use greatly affects the decision process so here goes. My primary job function is that of a network administrator. As such I have quite a few contacts and field notes that get used when calling tech support. My laptop is outfitted with most of the usual network admin utilities for connection to routers and troubleshooting servers. I thought that it might be nice to have some of that same functionality in the palm device. Can palms do SSH or connect to a network and such? I would be interested in hearing any experiences or insights with these "palm thingys". Cheers, - Bennett From sage-members-owner@usenix.org Mon Jan 1 19:45:19 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f023ess08421 for sage-members-outgoing; Mon, 1 Jan 2001 19:40:54 -0800 (PST) Received: from godzilla.monsters.org (IDENT:root@godzilla.monsters.org [204.180.109.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f023epu08417 for ; Mon, 1 Jan 2001 19:40:52 -0800 (PST) Received: from zero.monsters.org (IDENT:root@zero.monsters.org [208.191.248.1]) by godzilla.monsters.org (8.9.3/8.9.3) with ESMTP id VAA05398 for ; Mon, 1 Jan 2001 21:40:24 -0600 Received: from zero.monsters.org (IDENT:sjohnson@localhost [127.0.0.1]) by zero.monsters.org (8.9.3/8.9.3) with ESMTP id VAA09349 for ; Mon, 1 Jan 2001 21:40:24 -0600 Message-Id: <200101020340.VAA09349@zero.monsters.org> X-Mailer: exmh version 2.0.3 To: sage-members@usenix.org Subject: Re: Palm devices In-Reply-To: Your message of "Mon, 01 Jan 2001 15:31:25 EST." <4.2.0.58.20010101152035.009d0500@mail.ben-tech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 01 Jan 2001 21:40:23 -0600 From: Stephen L Johnson Sender: owner-sage-members@usenix.org Precedence: bulk On Jan 1, Bennett Samowich wrote: > Greetings, > > First off, let me wish everyone very Happy New Year... > > > I have been contemplating the purchase of some sort of palm device to > replace my paper day runner. However, I am torn between the PDA's and Palm > Tops. My interpretation of the two is that PDA's are pretty much an > electronic day runner and the Palm Tops run more of an operating system > (e.g. Windows or Linux). Actually it's more like what kind of hardware is under the hood. A lot of the cheaper PDA's are just electronic day runners. You can't do very much with them beyond their basic functionality. Where as Palm devices (Palms and Visors), Pocket PC's and Palm PC's can more capable. They both have a lot of third party programs and applications that can be installed and run. And depending on the manufacturer and model, you can install various distributions of Linux and BSD. > I also realize that intended use greatly affects the decision process so > here goes. My primary job function is that of a network administrator. As > such I have quite a few contacts and field notes that get used when calling > tech support. My laptop is outfitted with most of the usual network admin > utilities for connection to routers and troubleshooting servers. I thought > that it might be nice to have some of that same functionality in the palm > device. Can palms do SSH or connect to a network and such? > > I would be interested in hearing any experiences or insights with these > "palm thingys". I haven't use any WinCE devices so I can't comment on them. But I have used a Palm (Pilot) device on one type or another for the past serveral years. In my experience you can almost get rid your laptop. Palms can connect to the network using PPP via it's serial port or IR port. There are telnet and ssh1 applications available. There are several web browsers available. There are communication programs you can use to connect to the console ports of your network equipment. Other programs that I can found useful are an IP calculator for figuring subnet masks or ranges of IP addresses for a given subnet mask. And a project management program. There are several database applications available. You can take your master IP address and subnet databases with you. You can every update the databases and hot sync the updates into you main databases. You can take your documentations with your on your Palm. There are a couple of compressed document formats and viewers available. You can take a surprising amount of compressed documents in 8 Megs of memory. The document converters can deal with text, PDF, postscript and even HTML files with graphics. There are even Word and Excel viewers now available for the Palm. And with the built in applications your can store all of your contact information, your todo lists, and take down notes and memos. A Palm VIIx with the builtin wireless networking, adding a whole new dimension. There are Web Clipping Apps that give you access to basic Internet tools, ping, traceroute, NS lookup, finger, whois, Host Info, etc. There are POP and IMAP mail applications so your can access your e-mail from most anywhere. There are web browsing applications that can work like the Lynx browser with HTTPS and cookie support. And if your need it there are WAP browsers that you get, also. I'm a Unix Systems Administrator and by using a Palm device, I'm been able to hold out from getting a (bulky :) laptop. I've used my Palm III with it's cradle to access the console port of RAID controls to configure them and diagnose problems. I upgraded to a Palm V it is lighter and thinner. The built in LIon battery is very nice. But I recently got a Palm VIIx which I'll never give up. I used my Palm VII extensively at the recent LISA 2000 conference. I kept tabs on the status of my servers with my WAP browser and I accessed my personal and business e-mail via my IMAP e-mail application. And I followed the all of the news about the presidential election. My Palm VII wireless usage exceeded 3 megabytes for the month of December. That a whole lot considering I did it in 1-8K chunks. ;> I hope I've enlighten you a bit on what you can accomplish with a lowly handheld. Happy Holidays, Stephen L Johnson From sage-members-owner@usenix.org Tue Jan 2 02:28:59 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f02ANpd09021 for sage-members-outgoing; Tue, 2 Jan 2001 02:23:51 -0800 (PST) Received: from mail.snert.net (mail.snert.net [195.5.195.101]) by usenix.org (8.11.0/8.11.0) with ESMTP id f02ANnu09017 for ; Tue, 2 Jan 2001 02:23:49 -0800 (PST) Received: from snert.com ([195.10.32.65]) by mail.snert.net (8.11.1/8.11.1) with ESMTP id f02AeBE09631; Tue, 2 Jan 2001 11:40:11 +0100 Message-ID: <3A51AC08.412645CC@snert.com> Date: Tue, 02 Jan 2001 11:23:04 +0100 From: Anthony Howe Organization: Snert X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: Re: Palm devices References: <200101020340.VAA09349@zero.monsters.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Stephen L Johnson wrote: > > On Jan 1, Bennett Samowich wrote: Ditto to what Stephen said. I have a Palm IIIxe (the 8MB AAA battery variety) and it is wonderful. While on the road I've read books, have language dictionaries, developed C code, e-wallets (passwords and codes for things), etc. I'm not yet purchased the 33.6 modem, cause I'm still looking for a GSM modem attachment and/or GSM phone w/ IR modem I could use in combination with the Palm. Still, that combined with my laptop, I have all I need. Visit one of several sites for Palm software. http://www.pdacentral.com/ http://palmgear.com/ http://mobile.yahoo.com/pda/home http://mobile.yahoo.com/wireless/downloads?.mcb=&type=palm -- Anthony C Howe 1489 Ch. des Collines, 06110 Le Cannet, France +33 (0)6 1189 7378 (p) +33 (0)4 9346 8901 (f) ICQ# 7116561 mailto:achowe@snert.com http://www.snert.com/ From sage-members-owner@usenix.org Tue Jan 2 06:55:28 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f02ErOc09497 for sage-members-outgoing; Tue, 2 Jan 2001 06:53:24 -0800 (PST) Received: from amber.ccs.neu.edu (root@amber.ccs.neu.edu [129.10.116.51]) by usenix.org (8.11.0/8.11.0) with ESMTP id f02ErMu09493 for ; Tue, 2 Jan 2001 06:53:22 -0800 (PST) Received: from shangri-la.ccs.neu.edu (root@shangri-la.ccs.neu.edu [129.10.116.69]) by amber.ccs.neu.edu (8.10.0.Beta10/8.10.0.Beta10) with ESMTP id f02EqtX07662 for ; Tue, 2 Jan 2001 09:52:55 -0500 (EST) Received: from shangri-la.ccs.neu.edu (jay@localhost [127.0.0.1]) by shangri-la.ccs.neu.edu (8.10.0.Beta10/8.10.0.Beta10) with ESMTP id f02ErG628966 for ; Tue, 2 Jan 2001 09:53:17 -0500 (EST) Message-Id: <200101021453.f02ErG628966@shangri-la.ccs.neu.edu> To: sage-members@usenix.org Subject: Re: Palm devices From: Jay Sekora Organization: Northeastern University CCS Systems Group Date: Tue, 02 Jan 2001 09:53:14 -0500 Sender: owner-sage-members@usenix.org Precedence: bulk If you decide on a PalmOS device, you might want to consider the TRGpro (http://www.trgpro.com/). It's basically identical to a Palm III, except that it takes CompactFlash cards (like many WinCE devices and digital cameras), and the speaker is loud enough to dial a phone with and you can hear the alarm from inside your luggage in the next room. You can back up to and restore from the CF card (and can keep multiple backups, which would mean it would be fairly easy for two people to use the device for completely different data), can copy individual databases/apps to/from CF, can play .wav files from CF (which you need to have gotten there on a laptop or something), and can run apps out of CF if they don't need read/write access to their own code. (A TRGpro also comes with FlashPro, which is TRGs tool for moving apps and backing up data into the spare flash that's used for the OS, so you can have, say, DateBk4 or your SSH app available, or even a backup of your address book, available after you discover the batteries died a week ago. :-) You can do much or all of that with a Handspring Visor and appropriate modules, but I think the TRGpro is a bit more versatile (in terms of memory/flash usage), and I like the fact that I can share CF cards among my digital camera, my laptop, and my Palm clone (and a WinCE device if I ever have to use one), and I like the loud speaker. OTOH, with a Visor you can get colour if you want it. One very minor caveat: the TRGpro is a mm or so thicker at the top than a Palm III, so a few very snugly-fitting accessories for the III might not work with it. I had to use velcro rather than the included clip when I used it with a Minstrel wireless modem, and I'd have my doubts about that clip-on GPS. The keyboard and most other hardware accessories I've heard about work fine. And another caveat: A PalmOS device is *not* a laptop replacement, primarily because of the tiny screen (and lack of keyboard unless you have an add-on one). A well-designed app will accomplish a lot on a 160x160 pixel screen, but it isn't anything like the same experience as a laptop. Still, in conjunction with an IR-capable mobile phone with integrated modem, it means I have net anywhere I have phone connectivity. FWIW, -j. From sage-members-owner@usenix.org Tue Jan 2 07:56:25 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f02FtdQ09659 for sage-members-outgoing; Tue, 2 Jan 2001 07:55:39 -0800 (PST) Received: from superconductor.rush.net (IDENT:lynch@superconductor.rush.net [208.9.155.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f02Ftcu09655 for ; Tue, 2 Jan 2001 07:55:38 -0800 (PST) Received: from localhost (lynch@localhost) by superconductor.rush.net (8.9.3/8.9.3) with ESMTP id KAA00996; Tue, 2 Jan 2001 10:55:01 -0500 (EST) Date: Tue, 2 Jan 2001 10:55:00 -0500 (EST) From: Pat Lynch X-Sender: lynch@superconductor.rush.net To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: Palm devices In-Reply-To: <4.2.0.58.20010101152035.009d0500@mail.ben-tech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk I have a Handspring Visor (Palm OS), its been pretty nice, it does do IP and dials in, has an SSH client for it (top gun ssh), some neat travel tools, a bunch of module add-ons you can buy, including a camera, wireless internet access, etc. The base package is like 200 bucks, and after that you pay for the modules , I find it much more expandable than an actual palm. I only got it the other day, but I can see endless uses for it as I start to get used to it. -Trish On Mon, 1 Jan 2001, Bennett Samowich wrote: > Greetings, > > First off, let me wish everyone very Happy New Year... > > > I have been contemplating the purchase of some sort of palm device to > replace my paper day runner. However, I am torn between the PDA's and Palm > Tops. My interpretation of the two is that PDA's are pretty much an > electronic day runner and the Palm Tops run more of an operating system > (e.g. Windows or Linux). > > I also realize that intended use greatly affects the decision process so > here goes. My primary job function is that of a network administrator. As > such I have quite a few contacts and field notes that get used when calling > tech support. My laptop is outfitted with most of the usual network admin > utilities for connection to routers and troubleshooting servers. I thought > that it might be nice to have some of that same functionality in the palm > device. Can palms do SSH or connect to a network and such? > > I would be interested in hearing any experiences or insights with these > "palm thingys". > > Cheers, > - Bennett > -- Pat Lynch lynch@bsdunix.net FreeBSD The Power to Serve Andover.net pat@andover.net VA Linux Systems bsdpat@valinux.com Open Source Developers Network pat@osdn.com From sage-members-owner@usenix.org Tue Jan 2 11:25:41 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f02JNSY11233 for sage-members-outgoing; Tue, 2 Jan 2001 11:23:28 -0800 (PST) Received: from brimir.heronetwork.com (artra.oz.net [216.39.144.142]) by usenix.org (8.11.0/8.11.0) with ESMTP id f02JNRC11228 for ; Tue, 2 Jan 2001 11:23:27 -0800 (PST) Received: from u.washington.edu (IDENT:root@localhost [127.0.0.1]) by brimir.heronetwork.com (8.9.3/8.9.3) with ESMTP id LAA12412 for ; Tue, 2 Jan 2001 11:22:52 -0800 Message-ID: <3A522A85.6D7F04E2@u.washington.edu> Date: Tue, 02 Jan 2001 11:22:45 -0800 From: Leeland Artra Organization: Cell Systems Initiative, UW MBT X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: sage-members@usenix.org Subject: Wearable Computers Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Greetings, While we are on the subject of small computing devices some of my projects want to use a bit more computing power than a palm device (which I have and use all the time). Has anyone seen a production wearable computer? I remember seeing some news blips about a very small belt loop computer with a eyeglasses heads up type display and a hand glove keyboard. I haven't found a production unit available yet... If anyone else is interested I'll build a summary of responses and email it to interested parties (just let me know). Cheers, Leeland // Leeland Artra Box 357730 // Director of Systems R&D Seattle, Washington 98195-7730 // Cellworks Project, UW phone:206.616.7233 fax:206.732.6033 // mailto:leeland@u.washington.edu http://cellworks.washington.edu/ From sage-members-owner@usenix.org Tue Jan 2 12:17:22 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f02KGh911725 for sage-members-outgoing; Tue, 2 Jan 2001 12:16:43 -0800 (PST) Received: from trinity.skynet.be (trinity.skynet.be [195.238.2.38]) by usenix.org (8.11.0/8.11.0) with ESMTP id f02KGgC11720 for ; Tue, 2 Jan 2001 12:16:42 -0800 (PST) Received: from [10.0.1.3] (dialup903.brussels2.skynet.be [194.78.238.71]) by trinity.skynet.be (Postfix) with ESMTP id 0A066182DB; Tue, 2 Jan 2001 21:16:13 +0100 (MET) Mime-Version: 1.0 X-Sender: blk@pop.skynet.be Message-Id: In-Reply-To: <200101021453.f02ErG628966@shangri-la.ccs.neu.edu> References: <200101021453.f02ErG628966@shangri-la.ccs.neu.edu> Date: Tue, 2 Jan 2001 21:15:13 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Palm devices Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 9:53 AM -0500 2001/1/2, Jay Sekora wrote: > If you decide on a PalmOS device, you might want to consider the TRGpro > (http://www.trgpro.com/). It's basically identical to a Palm III, > except that it takes CompactFlash cards (like many WinCE devices and > digital cameras), and the speaker is loud enough to dial a phone with > and you can hear the alarm from inside your luggage in the next room. I've been thinking long and hard about the TRGpro versus the Handspring Prism versus the Compaq IPaq. I'd like very much to be able to use standard CompactFlash cards and PC Cards, and I'd like very much to have a fast and full-color handheld, but I really don't want to have anything from anyone remotely related to Microsoft -- if nothing else, the connection possibilities to Macintosh will almost certainly suck. I have Lucent WaveLAN cards here in the house I'd like to be able to plug into whatever handheld I have (or otherwise be able to make use of 802.11b 11Mbps wireless networking), and I'd like to be able to simply connect it with a cable to a GSM phone with a built-in modem (over here in Europe) or a tri-mode CDMA phone with a built-in modem (when I'm in the US). Of course, I'd also like for it to have a decent amount of storage, which is why I'd like for it to be able to run everything directly from CompactFlash cards (or other kind of memory expansion). Sigh.... Does anyone know when Psion is planning on coming out with their handheld that is supposed to be something like a Series 7 (or maybe even a Netbook) without a keyboard? -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, || Belgacom Skynet SA/NV Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124 Phone/Fax: +32-2-706.13.11/12.49 || B-1140 Brussels http://www.skynet.be || Belgium "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. From sage-members-owner@usenix.org Tue Jan 2 13:52:59 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f02LpwY12533 for sage-members-outgoing; Tue, 2 Jan 2001 13:51:58 -0800 (PST) Received: from gwyn.tux.org (ident-user@gwyn.tux.org [207.96.122.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f02LpvC12529 for ; Tue, 2 Jan 2001 13:51:57 -0800 (PST) Received: (from jsdy@localhost) by gwyn.tux.org (8.9.3/8.9.1) id QAA25893; Tue, 2 Jan 2001 16:51:19 -0500 Date: Tue, 2 Jan 2001 16:51:19 -0500 From: Joseph S D Yao To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Wearable Computers Message-ID: <20010102165118.A25684@gwyn.tux.org> References: <3A522A85.6D7F04E2@u.washington.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <3A522A85.6D7F04E2@u.washington.edu>; from leeland@u.washington.edu on Tue, Jan 02, 2001 at 11:22:45AM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, Jan 02, 2001 at 11:22:45AM -0800, Leeland Artra wrote: > While we are on the subject of small computing devices some of my projects want > to use a bit more computing power than a palm device (which I have and use all > the time). Has anyone seen a production wearable computer? I remember seeing > some news blips about a very small belt loop computer with a eyeglasses heads up > type display and a hand glove keyboard. I haven't found a production unit > available yet... They're around. A local radio station was discussing them this weekend. I don't remember the names, but there will be a link at one of www.{wtop,wtop2,wtopnews}.com. They're said to be expensive. There was also an article in a not-too-long-ago issue of Linux Journal. [OK, so ALL issues of LJ are not too long ago ... ;-)] -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/ From sage-members-owner@usenix.org Wed Jan 3 00:12:54 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0388te15929 for sage-members-outgoing; Wed, 3 Jan 2001 00:08:55 -0800 (PST) Received: from shell3.ba.best.com (root@shell3.ba.best.com [206.184.139.134]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0388sC15925 for ; Wed, 3 Jan 2001 00:08:54 -0800 (PST) Received: (from bolthole@localhost) by shell3.ba.best.com (8.9.3/8.9.2/best.sh) id AAA09550 for sage-members@usenix.org; Wed, 3 Jan 2001 00:07:30 -0800 (PST) Message-Id: <200101030807.AAA09550@shell3.ba.best.com> Subject: USA-CA-LA: user group meeting on firewalls To: sage-members@usenix.org Date: Wed, 3 Jan 2001 00:07:30 -0800 (PST) From: phil@bolthole.com (Philip Brown) Reply-To: phil@bolthole.com X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk UUASC-LA Unix Users Association of Southern California -- Los Angeles Jan 2001 Meeting ----------------------------------------------- Firewalls (ipchains and ipfilter) ----------------------------------------------- Thursday, Jan. 5th, 7-9 ish pm TRW, Building R2 One Space Park Drive, Redondo Beach ----------------------------------------------- Topic: Firewalls, filtering, and NAT. Presented by Philip Brown (me!) This is a followup to our earlier program, doing filtering with SunScreen. This time around, we'll touch on how to do filtering and NAT with ipfilter and ipchains. ipchains works only with linux. ipfilter works with basically "any UNIX except linux" I'll also try to go more in detail about other paranoia for firewall machines. So this will be an abbreviated "build your own firewall" session. Folks are encouraged to bring either their own ipchains/ipfilter rules, or a description of a network they'd like to firewall. ***PLEASE BE ON TIME*** Location: TRW, Building R2, Room 1177A One Space Park Drive, Redondo Beach, CA. The telephone number to call into the room is 310-812-5607. **You need to call this number to be let into the building** Anyone who arrives late may use the phone in the call box beside the door, and you only need to dial the last five digits (25607). The full phone number is also what folks may want to use if someone needs to get hold of them during the meeting. Directions: Location is TRW, "Building R2", on the ground floor. >From the 105: Exit at Aviation Blvd, and go south for a mile or so. cross Marine, and make a left on One Space Park Drive. turn left at the stop sign, and park in the R2 parking lot, in any spot other than the ones reserved for handicapped parking. use the phone outside, and call 25607. someone will come out and get you. Coming south on the 405: exit at Rosecrans west (says Manhattan Beach on the sign), make a right onto Rosecrans, make a left onto Aviation, cross Marine, and make a left on One Space Park Drive. turn left at the stop sign, and park in the R2 parking lot, in any spot other than those reserved for handicapped parking. use the phone outside, and call 25607. someone will come out and get you. Coming north on the 405: exit at Inglewood, turn north on Inglewood, turn left on Marine, turn left on Aviation, turn left on One Space Park Drive turn left at the stop sign, and park in the R2 parking lot, in any spot other than the ones reserved for handicapped parking. | | ----+--------+---------+---- Marine | | | Avenue | +----+[R3] | | |[R1] | | | | | | | | p | | | a |*[R2] | | r | | | k } | +---+--------------+ Space Park Drive | | | | ----+------------------+---- Manhattan | | Beach Blvd. | | Aviation Redondo Blvd. Beach Blvd. -------------------------------------------------- UUASC is for all persons using UNIX either personally or professionally, or interested in learning more about UNIX. We recognize all varieties of UNIX, including (without prejudice) SCO, Linux, SVr4, Solaris, AIX, HP/UX, and BSD. This is a good place to meet others with similar interests and broaden your skills and knowledge. There are no dues or other membership requirements. More than 100 persons receive our monthly email newsletter. Meeting attendance varies to as high as 40. Volunteers manage the club and more volunteers are always needed. Los Angeles County Chapter meetings are held the first Thursday of each month from 7 to 9:30 pm ( or whenever we feel like stopping ). Generally, meetings include a technical presentation on a hardware or software topic of current interest to the UNIX community and a round-table discussion of current topics of interest to the group. UUASC-LA needs future topic suggestions (and volunteers)!! From sage-members-owner@usenix.org Wed Jan 3 07:47:56 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f03Fk2Q16788 for sage-members-outgoing; Wed, 3 Jan 2001 07:46:02 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f03Fk2m16783 for sage-members@usenix.org; Wed, 3 Jan 2001 07:46:02 -0800 (PST) Received: from mcst.gsfc.nasa.gov (mcst.gsfc.nasa.gov [198.119.44.143]) by usenix.org (8.11.0/8.11.0) with ESMTP id f03DLYC16396 for ; Wed, 3 Jan 2001 05:21:35 -0800 (PST) Received: from aerialist.gsfc.nasa.gov (IDENT:osteiner@aerialist.gsfc.nasa.gov [198.119.44.58]) by mcst.gsfc.nasa.gov (Switch-2.0.6/Switch-2.0.6) with SMTP id f03DL6U23598; Wed, 3 Jan 2001 08:21:06 -0500 (EST) From: Owen Steinert To: sage-members@usenix.org Subject: Re: Wearable Computers Date: Wed, 3 Jan 2001 08:21:06 -0500 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="us-ascii" References: <3A522A85.6D7F04E2@u.washington.edu> <20010102165118.A25684@gwyn.tux.org> In-Reply-To: <20010102165118.A25684@gwyn.tux.org> Cc: sage-members@usenix.org MIME-Version: 1.0 Message-Id: <01010308210601.24338@aerialist.gsfc.nasa.gov> Content-Transfer-Encoding: 8bit Sender: owner-sage-members@usenix.org Precedence: bulk Try browsing to http://www.xybernaut.com. There's at least one other company making wearable computers, but I forget the name/URL. - Owen On Tuesday 02 January 2001 16:51, you wrote: > On Tue, Jan 02, 2001 at 11:22:45AM -0800, Leeland Artra wrote: > > While we are on the subject of small computing devices some of my > > projects want to use a bit more computing power than a palm device (which > > I have and use all the time). Has anyone seen a production wearable > > computer? I remember seeing some news blips about a very small belt loop > > computer with a eyeglasses heads up type display and a hand glove > > keyboard. I haven't found a production unit available yet... > > They're around. A local radio station was discussing them this weekend. > I don't remember the names, but there will be a link at one of > www.{wtop,wtop2,wtopnews}.com. They're said to be expensive. > > There was also an article in a not-too-long-ago issue of Linux Journal. > [OK, so ALL issues of LJ are not too long ago ... ;-)] -- __________________________ Owen Steinert osteinert@t-three.com GPG Key ID: C6C04FF8 From sage-members-owner@usenix.org Wed Jan 3 07:47:56 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f03Fk8v16796 for sage-members-outgoing; Wed, 3 Jan 2001 07:46:08 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f03Fk8216791 for sage-members@usenix.org; Wed, 3 Jan 2001 07:46:08 -0800 (PST) Received: from mail.nano.com (cq-193.themediatc.com [204.143.192.193]) by usenix.org (8.11.0/8.11.0) with ESMTP id f03DqBC16462 for ; Wed, 3 Jan 2001 05:52:15 -0800 (PST) Received: from tosh.nano.com (unknown [192.168.52.14]) by mail.nano.com (Postfix) with ESMTP id 9480963C4 for ; Wed, 3 Jan 2001 08:50:50 -0500 (EST) Date: Wed, 3 Jan 2001 08:48:10 -0500 (EST) From: cdl To: sage-members@usenix.org Subject: Re: Wearable Computers In-Reply-To: <20010102165118.A25684@gwyn.tux.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Interesting article on wearable computers including links at the bottom of page. http://www.techreview.com/articles/may99/mann.htm On Tue, 2 Jan 2001, Joseph S D Yao wrote: >Date: Tue, 2 Jan 2001 16:51:19 -0500 >From: Joseph S D Yao >To: "sage-members@usenix.org" >Cc: "sage-members@usenix.org" >Subject: Re: Wearable Computers > >On Tue, Jan 02, 2001 at 11:22:45AM -0800, Leeland Artra wrote: >> While we are on the subject of small computing devices some of my projects want >> to use a bit more computing power than a palm device (which I have and use all >> the time). Has anyone seen a production wearable computer? I remember seeing >> some news blips about a very small belt loop computer with a eyeglasses heads up >> type display and a hand glove keyboard. I haven't found a production unit >> available yet... > >They're around. A local radio station was discussing them this weekend. >I don't remember the names, but there will be a link at one of >www.{wtop,wtop2,wtopnews}.com. They're said to be expensive. > >There was also an article in a not-too-long-ago issue of Linux Journal. >[OK, so ALL issues of LJ are not too long ago ... ;-)] > > From sage-members-owner@usenix.org Wed Jan 3 07:54:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f03FrmC16850 for sage-members-outgoing; Wed, 3 Jan 2001 07:53:48 -0800 (PST) Received: from gate.mental.com (gate.mental.com [192.31.14.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f03FrkC16845 for ; Wed, 3 Jan 2001 07:53:47 -0800 (PST) Received: (from uucp@localhost) by gate.mental.com (8.8.5/8.8.8/Lobo-20000426) id QAA09479 for ; Wed, 3 Jan 2001 16:53:19 +0100 (CET) Received: from twen-et(172.16.0.5) by gate via smap (V2.0/Lobo-000915) id xma009477; Wed, 3 Jan 01 16:53:10 +0100 Received: (from smap@localhost) by mental.com (8.10.1/8.10.1/Lobo-20001016) id f03FrAr25418 for ; Wed, 3 Jan 2001 16:53:10 +0100 (MET) Received: from twen(172.17.0.5) by twen via smap (V2.0) id xma025414; Wed, 3 Jan 01 16:53:04 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: sage-members@usenix.org Subject: Re: Palm devices In-reply-to: Brad Knowles's message of Tue, 02 Jan 2001 21:15:13 +0100 Organization: mental images GmbH & Co. KG, Berlin, Germany Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 03 Jan 2001 16:53:04 +0100 Message-ID: <25413.978537184@mental.com> From: Alexander Lobodzinski Sender: owner-sage-members@usenix.org Precedence: bulk () I've been thinking long and hard about [...] the Compaq IPaq. () [...] but I really don't want to have anything from anyone remotely () related to Microsoft Played with a friend's IPaq running Linux, and my complaint was that the handwriting recognition didn't like the lowercase 'd' the way I'm used to write it. So if I were to buy a handheld I could choose between adjusting my 'd's and hacking the HCR software - where else do you have that choice? Surely there were less applications than with WinCE, but that may have changed in the weeks since... The display is gorgeous in any case. Unfortunately the price mandatorily includes Windows CE and it may hurt a little to know to have spent $40 or so for a fully colored boot loader that is used exactly once - but why not support a troubled company :-) Ciao, Lobo From sage-members-owner@usenix.org Wed Jan 3 15:06:16 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f03N2tl20372 for sage-members-outgoing; Wed, 3 Jan 2001 15:02:55 -0800 (PST) Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by usenix.org (8.11.0/8.11.0) with ESMTP id f03N2sC20367 for ; Wed, 3 Jan 2001 15:02:54 -0800 (PST) Received: from virtual.net ([63.193.240.161]) by mta6.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G6L00DIEWPXXU@mta6.snfc21.pbi.net> for sage-members@usenix.org; Wed, 3 Jan 2001 13:51:33 -0800 (PST) Date: Wed, 03 Jan 2001 13:57:50 -0800 From: Strata Rose Chalup Subject: fascinating abstract on professionalism in computing To: sage-members@usenix.org Message-id: <3A53A05E.2A24C39C@virtual.net> Organization: VirtualNet Consulting MIME-version: 1.0 X-Mailer: Mozilla 4.76 [en] (Win98; U) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Accept-Language: en Sender: owner-sage-members@usenix.org Precedence: bulk http://fie.engrng.pitt.edu/fie2000/sessions/S3C.htm (abstract is link in PDF form) This is from Frontiers in Education 2000, an ASEE/IEEE sponsored conference. One of their tracks was a panel discussion on "Perspectives on Professionalism in Computing". Unfortunately no transcript of the panel is available that I could find, but the description of the panel neatly summarizes some of the issues we've been debating here and raises additional ones. A serendipitous find while researching something else. Cheers, _Strata -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From sage-members-owner@usenix.org Thu Jan 4 02:44:26 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f04AdJS15876 for sage-members-outgoing; Thu, 4 Jan 2001 02:39:19 -0800 (PST) Received: from neo.skynet.be (neo.skynet.be [195.238.2.53]) by usenix.org (8.11.0/8.11.0) with ESMTP id f04AdHu15872 for ; Thu, 4 Jan 2001 02:39:17 -0800 (PST) Received: from [172.17.1.121] (warp-core.skynet.be [195.238.2.25]) by neo.skynet.be (Postfix) with ESMTP id 5231987AF; Thu, 4 Jan 2001 11:30:37 +0100 (MET) Mime-Version: 1.0 X-Sender: blk@pop.skynet.be Message-Id: In-Reply-To: <25413.978537184@mental.com> References: <25413.978537184@mental.com> Date: Thu, 4 Jan 2001 11:31:54 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Palm devices Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 4:53 PM +0100 2001/1/3, Alexander Lobodzinski wrote: > Played with a friend's IPaq running Linux, and my complaint was > that the handwriting recognition didn't like the lowercase 'd' > the way I'm used to write it. Does anyone know whether or not NetBSD will boot on the iPaq? If so, is there driver support for the Lucent WaveLAN Turbo (Now Orinoco) Silver & Gold 802.11b cards? What about the Nokia Card Phone 2.0? Can you use two sleeves at once, or is there a sleeve with a dual card option, so that you can have a CompactFlash card for memory expansion (maybe even a CFII card), plus a PC Card for communications? Thanks! -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, || Belgacom Skynet SA/NV Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124 Phone/Fax: +32-2-706.13.11/12.49 || B-1140 Brussels http://www.skynet.be || Belgium "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. From sage-members-owner@usenix.org Thu Jan 4 08:07:15 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f04G5ur16911 for sage-members-outgoing; Thu, 4 Jan 2001 08:05:56 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f04G5tU16906 for sage-members@usenix.org; Thu, 4 Jan 2001 08:05:55 -0800 (PST) Received: from ntua.gr (achilles.noc.ntua.gr [147.102.222.210]) by usenix.org (8.11.0/8.11.0) with ESMTP id f04Altu15898 for ; Thu, 4 Jan 2001 02:47:56 -0800 (PST) Received: from theseas.softlab.ece.ntua.gr (theseas.softlab.ece.ntua.gr [147.102.1.1]) by ntua.gr (8.9.3/8.9.3) with ESMTP id MAA03857; Thu, 4 Jan 2001 12:47:27 +0200 (EET) Received: (from zvr@localhost) by theseas.softlab.ece.ntua.gr (8.11.1/8.11.1) id f04AlRM19270; Thu, 4 Jan 2001 12:47:27 +0200 (EET) Date: Thu, 4 Jan 2001 12:47:27 +0200 From: Alexios Zavras To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Palm devices Message-ID: <20010104124727.A18313@theseas.softlab.ece.ntua.gr> References: <200101021453.f02ErG628966@shangri-la.ccs.neu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from blk@skynet.be on 20010102T211513 X-Mail-Address: P.O. Box 24071, GR-111 10 Athens, GREECE X-Home-Address: 24, Th. Anninou St., GR-111 41 Athens, GREECE X-Work-Phone: +30-1-8203163 X-Work-Fax: +30-1-8203135 X-Home-Phone: +30-1-2933369 X-Home-Fax: +30-1-2933369 Sender: owner-sage-members@usenix.org Precedence: bulk Brad Knowles wrote [edited]: > I'd like > very much to have a fast and full-color handheld, but I really don't > want to have anything from anyone remotely related to Microsoft [...] > I have Lucent WaveLAN cards here in the house I'd like to be able > to plug into whatever handheld I have For a project that I'm working on, we are using iPaqs running Linux with Lucent WaveLAN cards for 11Mbps access. The development is being done by cross-compiling on Linux PCs and most of the executables are found by the iPaqs via NFS to a Netapp Filer. And of course, Tcl/Tk is ideal for the front-end applications. It works great. The most annoying thing is that the battery-loading iPaq cradle can not be used when the wavelan card and adapter is in place (it simply won't fit). The hand-written recognition is based (IIRC) on the same principles as the "strokes" library on X, so if you're alreasy using this on your window manager, it's pretty easy stuff. -- -- zvr -- -- +---------------------------+ Alexios Zavras (-zvr-) | H eytyxia den exei enoxes | zvr@pobox.com +-----------------------zvr-+ From sage-members-owner@usenix.org Thu Jan 4 08:07:15 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f04G64c16919 for sage-members-outgoing; Thu, 4 Jan 2001 08:06:04 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f04G63m16914 for sage-members@usenix.org; Thu, 4 Jan 2001 08:06:03 -0800 (PST) Received: from tandu.com (anon@tandu-gw.tandu.com [199.45.131.30]) by usenix.org (8.11.0/8.11.0) with ESMTP id f04Eruu16548 for ; Thu, 4 Jan 2001 06:53:56 -0800 (PST) Received: from mcrosby (helo=localhost) by tandu.com with local-smtp (Exim 3.12 #1 (Debian)) id 14EBlX-0004Hg-00; Thu, 04 Jan 2001 07:53:19 -0700 Date: Thu, 4 Jan 2001 07:53:18 -0700 (MST) From: Matthew Crosby X-Sender: mcrosby@tandu.com To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: Wearable Computers In-Reply-To: <3A522A85.6D7F04E2@u.washington.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, 2 Jan 2001, Leeland Artra wrote: > Greetings, > > While we are on the subject of small computing devices some of my projects want > to use a bit more computing power than a palm device (which I have and use all > the time). Has anyone seen a production wearable computer? I remember seeing > some news blips about a very small belt loop computer with a eyeglasses heads up > type display and a hand glove keyboard. I haven't found a production unit > available yet... > > If anyone else is interested I'll build a summary of responses and email it to > interested parties (just let me know). There's a fair amount of interest and a number of custom models, but no one sells them off the shelf in the config you want by the sound of it. Still, one can get relatively small computers, and a twiddler (chording keyboard), and that just leaves the display, of which there are vartious options (none that I've been happy with myself, but they are getting there). MIT has been doing a lot of work, see http://wearables.www.media.mit.edu/projects/wearables/ for their web site (which has some very useful links and faqs) There's also a mailing list, wear-hard@haven.org which may be able to help you better. From sage-members-owner@usenix.org Thu Jan 4 18:08:38 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f05224D20738 for sage-members-outgoing; Thu, 4 Jan 2001 18:02:04 -0800 (PST) Received: from what.snew.com (what.snew.com [206.136.64.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f05222u20734 for ; Thu, 4 Jan 2001 18:02:03 -0800 (PST) Received: (from chuck@localhost) by what.snew.com (8.11.0/8.10.1) id f0521RZ12624; Thu, 4 Jan 2001 18:01:27 -0800 (PST) Date: Thu, 4 Jan 2001 18:01:26 -0800 From: Chuck Yerkes To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Palm devices Message-ID: <20010104180126.A11800@snew.com> References: <200101021453.f02ErG628966@shangri-la.ccs.neu.edu> <20010104124727.A18313@theseas.softlab.ece.ntua.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20010104124727.A18313@theseas.softlab.ece.ntua.gr>; from zvr@softlab.ece.ntua.gr on Thu, Jan 04, 2001 at 12:47:27PM +0200 Sender: owner-sage-members@usenix.org Precedence: bulk Or convince compaq to built the antenna in and support Airport cards (ala the iBook and current Powerbooks). Quoting Alexios Zavras (zvr@softlab.ece.ntua.gr): > The most annoying thing is that the battery-loading iPaq cradle > can not be used when the wavelan card and adapter is in place > (it simply won't fit). From sage-members-owner@usenix.org Thu Jan 4 18:22:30 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f052KgU20930 for sage-members-outgoing; Thu, 4 Jan 2001 18:20:42 -0800 (PST) Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by usenix.org (8.11.0/8.11.0) with ESMTP id f052Keu20923 for ; Thu, 4 Jan 2001 18:20:40 -0800 (PST) Received: from virtual.net ([63.193.240.161]) by mta6.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G6O00H8M3JE0Y@mta6.snfc21.pbi.net> for sage-members@usenix.org; Thu, 4 Jan 2001 18:14:02 -0800 (PST) Date: Thu, 04 Jan 2001 18:20:17 -0800 From: Strata Rose Chalup Subject: more on "professionalism" To: sage-members@usenix.org Message-id: <3A552F61.A0C7C932@virtual.net> Organization: VirtualNet Consulting MIME-version: 1.0 X-Mailer: Mozilla 4.76 [en] (Win98; U) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Accept-Language: en Sender: owner-sage-members@usenix.org Precedence: bulk It's worth noting that in my deep webdig lately on "professionalism" I am finding that most of the other computing organizations I look at (ACM, IEEE, and similar) seem to treat it as roughly 50% ethics/codes of behavior, 30% - 35% body of knowledge, and 20 - 15% certification. I wonder if we are allocating resources in the correct priority by placing certification above both BoK and ethics development. I don't wish to waste energy already spent getting certification "up to steam" and moving. I do want to make sure that we don't spend ALL our energy on it, though. Check out http://onlineethics.org/, the Online Ethics Center for Engineering and Science for examples of the sorts of material being developed by engineering and computing folks. Lots of realistic examples and case studies, about many real-world events. Cheers, _Strata -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From sage-members-owner@usenix.org Fri Jan 5 06:59:14 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f05EtQ222141 for sage-members-outgoing; Fri, 5 Jan 2001 06:55:26 -0800 (PST) Received: from kodakr.kodak.com (kodakr.kodak.com [192.232.119.69]) by usenix.org (8.11.0/8.11.0) with ESMTP id f05EtPu22137 for ; Fri, 5 Jan 2001 06:55:25 -0800 (PST) Received: from corpmail.kodak.com (corpmail.kodak.com [150.220.10.55]) by kodakr.kodak.com (8.11.1/8.10.0) with ESMTP id f05Et4R10607; Fri, 5 Jan 2001 09:55:04 -0500 (EST) Received: from KO-SITE-W8WXYL3.kodak.com ([150.221.65.122]) by corpmail.kodak.com (Post.Office MTA v3.5.3 release 223 ID# 592-58678U700L2S100V35) with ESMTP id com; Fri, 5 Jan 2001 09:53:15 -0500 Message-Id: <5.0.0.25.2.20010105094827.03887850@corpmail.kodak.com> X-Sender: 124859@corpmail.kodak.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Fri, 05 Jan 2001 09:53:14 -0500 To: sage-members@usenix.org From: Rich Dempsey Subject: Re: more on "professionalism" In-Reply-To: <3A552F61.A0C7C932@virtual.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-sage-members@usenix.org Precedence: bulk Hear! Hear! If one filters out all the static on the misuse of certification, it becomes pretty obvious that BoK is a pre-requisite for a certification program, as well as a bunch of other things, like audits (well I suppose that's really a kind of certification, too). Geoff Halprin has done some marvelous work on this. I'm looking forward to seeing his upcoming short book on the topic. If we get a consensus on a really good definition of the BoK of the field, the certification debate will be majorly tamed, if not history. Rich At 06:20 PM 01/04/2001 -0800, Strata Rose Chalup wrote: >It's worth noting that in my deep webdig lately on "professionalism" I >am finding that most of the other computing organizations I look at >(ACM, IEEE, and similar) seem to treat it as roughly 50% ethics/codes of >behavior, 30% - 35% body of knowledge, and 20 - 15% certification. > >I wonder if we are allocating resources in the correct priority by >placing certification above both BoK and ethics development. I don't >wish to waste energy already spent getting certification "up to steam" >and moving. I do want to make sure that we don't spend ALL our energy >on it, though. > >Check out http://onlineethics.org/, the Online Ethics Center for >Engineering and Science for examples of the sorts of material being >developed by engineering and computing folks. Lots of realistic >examples and case studies, about many real-world events. > >Cheers, >_Strata >-- >======================================================================== >Strata Rose Chalup [KF6NBZ] strata "@" virtual.net >VirtualNet Consulting http://www.virtual.net/ > ** Project Management & Architecture for ISP/ASP Systems Integration ** >========================================================================= -- Richard C. Dempsey email: dempsey@kodak.com Kodak.com pager: 716-975-3539 7th Floor, Bldg 10, KO phone: 716-781-5232 Eastman Kodak Company Rochester, NY 14650-0108 From sage-members-owner@usenix.org Fri Jan 5 07:45:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f05Fj9S22290 for sage-members-outgoing; Fri, 5 Jan 2001 07:45:09 -0800 (PST) Received: from yfandes.cs.wisc.edu (yfandes.cs.wisc.edu [128.105.162.24]) by usenix.org (8.11.0/8.11.0) with ESMTP id f05Fj7u22286 for ; Fri, 5 Jan 2001 07:45:08 -0800 (PST) Received: from yfandes.cs.wisc.edu (localhost [127.0.0.1]) by yfandes.cs.wisc.edu (8.9.2/8.9.2) with ESMTP id JAA28413; Fri, 5 Jan 2001 09:44:39 -0600 (CST) Message-Id: <200101051544.JAA28413@yfandes.cs.wisc.edu> To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: more on "professionalism" In-reply-to: Your message of "Thu, 04 Jan 2001 18:20:17 PST." <3A552F61.A0C7C932@virtual.net> Date: Fri, 05 Jan 2001 09:44:39 -0600 From: David Parter Sender: owner-sage-members@usenix.org Precedence: bulk > > It's worth noting that in my deep webdig lately on "professionalism" I > am finding that most of the other computing organizations I look at > (ACM, IEEE, and similar) seem to treat it as roughly 50% ethics/codes of > behavior, 30% - 35% body of knowledge, and 20 - 15% certification. "Professionalism" is certainly a mix of those three areas, but what do these percentages mean? for each individual? for where the organization puts its effort? > I wonder if we are allocating resources in the correct priority by > placing certification above both BoK and ethics development. I don't > wish to waste energy already spent getting certification "up to steam" > and moving. I do want to make sure that we don't spend ALL our energy > on it, though. I don't think we've put certification above BoK and ethics, but we haven't articulated specific BoK and ethics programs either. We've been doing both, but in a more informal way. We do need to pull them both into a core "professionalism" activity or area, and strengthen some of what we are doing (without preventing the informal work that develops the area). --david From sage-members-owner@usenix.org Fri Jan 5 09:15:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f05HE0922869 for sage-members-outgoing; Fri, 5 Jan 2001 09:14:00 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f05HE0822864 for sage-members@usenix.org; Fri, 5 Jan 2001 09:14:00 -0800 (PST) Received: from mongoose.slip.net (www2.sntccaidc.firstworld.net [216.127.92.130]) by usenix.org (8.11.0/8.11.0) with ESMTP id f04HJnu17575 for ; Thu, 4 Jan 2001 09:19:49 -0800 (PST) Received: from shell.slip.net ([207.171.193.17] helo=bones) by mongoose.slip.net with esmtp (Exim 3.13 #3) id 14EE1M-0003yz-00 for sage-members@usenix.org; Thu, 04 Jan 2001 09:17:48 -0800 From: sauceda@slip.net To: sage-members@usenix.org Date: Thu, 4 Jan 2001 09:18:57 -0800 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Wearable Computers References: <20010102165118.A25684@gwyn.tux.org> In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12a) Message-Id: Sender: owner-sage-members@usenix.org Precedence: bulk On 3 Jan 01, at 8:48, cdl wrote: > Interesting article on wearable computers including > links at the bottom of page. > > http://www.techreview.com/articles/may99/mann.htm The MIT people have been rocking on wearables for a while. Through the links on the page cdl cites you can get to: http://wearables.www.media.mit.edu/projects/wearables/mit-ideo/index.html. This is an excellent case study of some high end beta wearables. Fascinating reading of two everday people's experience. --Ren Katherine "Ren" Sauceda sauceda@slip.net http://www.tetramer.com From sage-members-owner@usenix.org Fri Jan 5 09:52:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f05Hq0w23420 for sage-members-outgoing; Fri, 5 Jan 2001 09:52:00 -0800 (PST) Received: from trinity.skynet.be (trinity.skynet.be [195.238.2.38]) by usenix.org (8.11.0/8.11.0) with ESMTP id f05Hpwu23416 for ; Fri, 5 Jan 2001 09:51:58 -0800 (PST) Received: from [172.17.1.121] (warp-core.skynet.be [195.238.2.25]) by trinity.skynet.be (Postfix) with ESMTP id 841F318588; Fri, 5 Jan 2001 18:51:26 +0100 (MET) Mime-Version: 1.0 X-Sender: blk@pop.skynet.be Message-Id: In-Reply-To: <5.0.0.25.2.20010105094827.03887850@corpmail.kodak.com> References: <5.0.0.25.2.20010105094827.03887850@corpmail.kodak.com> Date: Fri, 5 Jan 2001 18:51:10 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: more on "professionalism" Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 9:53 AM -0500 2001/1/5, Rich Dempsey wrote: > If we get a consensus on a really good definition of the BoK of the field, > the certification debate will be majorly tamed, if not history. Okay, let's assume for the moment that we do have the cart before the horse, and we should be focusing more effort on areas other than certification. Using the guidelines that Strata has discovered about other "computing professional" organizations, the indication is that we should probably also be spending roughly half of our total organizational effort on the matter of ethics and codes of behaviour. While a SAGE booklet was produced on this topic, I really haven't seen much of anything since, and I'd be very curious to know what we may well be missing that we should instead be paying attention to? I'd also be curious to know what kind of efforts these other organizations placed in various areas during their start-up phase, and now that they are established and they can look back and see at least some of the things they'd do differently, what do they think they'd change, and how much effort do they think that they would instead have been better off spending elsewhere, and in what ways? -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, || Belgacom Skynet SA/NV Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124 Phone/Fax: +32-2-706.13.11/12.49 || B-1140 Brussels http://www.skynet.be || Belgium "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. From sage-members-owner@usenix.org Fri Jan 5 10:21:46 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f05IKgW24092 for sage-members-outgoing; Fri, 5 Jan 2001 10:20:42 -0800 (PST) Received: from castle.org (castle.org [64.6.208.200]) by usenix.org (8.11.0/8.11.0) with ESMTP id f05IKeu24088 for ; Fri, 5 Jan 2001 10:20:40 -0800 (PST) Received: from castle.org (nomad@localhost.castle.org [127.0.0.1]) by castle.org (8.11.0/8.11.0) with ESMTP id f05IKCs05808 for ; Fri, 5 Jan 2001 10:20:12 -0800 (PST) Message-Id: <200101051820.f05IKCs05808@castle.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: sage-members@usenix.org Subject: Re: more on "professionalism" In-reply-to: Your message of Fri, 05 Jan 2001 18:51:10 +0100. X-uri: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 05 Jan 2001 10:20:12 -0800 From: Lee Damon Sender: owner-sage-members@usenix.org Precedence: bulk >should probably also be spending roughly half of our total >organizational effort on the matter of ethics and codes of behaviour. >While a SAGE booklet was produced on this topic, I really haven't >seen much of anything since, and I'd be very curious to know what we >may well be missing that we should instead be paying attention to? There have been articles in the recent ;login:s, and will be another one in the next issue, about the Ethics Working Group and the progress we're making. We've also hosted BOF sessions at the last 4+ LISA conferences. The upcoming article will include the draft of the new ethics document and an explanation of where we are in the drafting process. nomad chair, ethics working group ----------- - Lee "nomad" Damon - \ play: nomad@castle.org or castle!nomad \ work: nomad@amazon.com \ /\ Seneschal, Castle PAUS. / \ "Celebrate Diversity" / \ From sage-members-owner@usenix.org Sat Jan 6 12:54:03 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f06Khnj02268 for sage-members-outgoing; Sat, 6 Jan 2001 12:43:49 -0800 (PST) Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by usenix.org (8.11.0/8.11.0) with ESMTP id f06Khm902264 for ; Sat, 6 Jan 2001 12:43:48 -0800 (PST) Received: from virtual.net ([63.193.240.161]) by mta6.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G6R00CTAD9DKS@mta6.snfc21.pbi.net> for sage-members@usenix.org; Sat, 6 Jan 2001 12:36:50 -0800 (PST) Date: Sat, 06 Jan 2001 12:43:05 -0800 From: Strata Rose Chalup Subject: Re: more on professionalism To: sage-members@usenix.org Message-id: <3A578359.9FD97E86@virtual.net> Organization: VirtualNet Consulting MIME-version: 1.0 X-Mailer: Mozilla 4.76 [en] (Win98; U) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Accept-Language: en Sender: owner-sage-members@usenix.org Precedence: bulk I'm glad that folks are interested in this, and I hope it leads to a new surge of volunteers to get involved with the existing efforts. My hope in posting the original message, as well as other materials, is to get people excited about contributing to BoK (body of knowledge) and ethics. I don't necessarily think, as someone put it, that we've "put the cart before the horse". It's more like we've been concentrating so much on the cart and horse that it's easy to lose sight of where it fits in with the rest of the farm. I just want to be clear on that point. I'm one of those who are more resigned than happy about certification, but I absolutely DON'T think that SAGE has been wasting its time and resources in the way that's been proceeding. I DO think there's a large number of folks out there who won't choose to get involved with certification, but who would be happy to be a part of ethics or BoK work. And that we need to provide a natural focus point for those efforts to come together. Lee is already tirelessly doing a great job coordinating the ethics roundup, as well as being a major contributor. But SAGE doesn't have a formal BoK track that I'm aware of right now. There are some efforts taking place in the community, most notably Geoff Helprin's taxonomy and Rob Kolstad's LISA-workshop BoK matrix. With the Body of Knowledge matrix and the taxonomy work, both Geoff and Rob have tried to start the ball rolling and include other interested parties. I think that both the daunting scope of the work and the high regard in which we tend to hold Geoff and Rob have put most of us in the "I'd better wait until I have time to study this before I try to contribute" mode. And of course, time is always our scarcest resource. I'd like to see SAGE provide some framework around which to center the BoK efforts, but without imposing a huge amount of structure and workload in the manner of certification. Certainly there would need to be a formal process for publishing anything as "the SAGE sysadmin BoK". I think the most fruitful approach is likely to be harvesting a BoK from a living body of peer-tested contributions, rather than generating one from scratch in a committee somewhere. There are a lot of innovative community-building tools out there, ranging from advogato to wikis to the "am I hot or not" model of rating postings. I'd like to see SAGE hosting some of these tools to do some of the BoK work, as well as get feedback on the ethics and certification work. It's somewhat ironic that, as an organization of sysadmins, we have limited tools with which to interact as SAGE members. SAGE has done a great job organizing and collecting resources so far, and it's time to take that the next step forward. That includes leveraging the talents of our members more and availing ourselves of some of the great tools that have emerged over the last several years. Now we need to building a process and structure that lets us leverage tools with the reliability that we need but without requiring that SAGE take on a large budgetary responsibility to hire folks to deploy and maintain them. The BayLISA Board is just starting to do this, and we'll keep folks posted on how it turns out. :-) Cheers, _Strata -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From sage-members-owner@usenix.org Sun Jan 7 03:57:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f07Bod003839 for sage-members-outgoing; Sun, 7 Jan 2001 03:50:40 -0800 (PST) Received: from bofh.ucrc.org (susan.camelot.de [195.30.225.207]) by usenix.org (8.11.0/8.11.0) with ESMTP id f07Boa903835 for ; Sun, 7 Jan 2001 03:50:36 -0800 (PST) Received: (from bb@localhost) by bofh.ucrc.org (8.11.1/8.11.1/Debian 8.11.0-6) id f07BolZ25745 for sage-members@usenix.org; Sun, 7 Jan 2001 12:50:47 +0100 Date: Sun, 7 Jan 2001 12:50:46 +0100 From: Gabriel Krabbe To: sage-members@usenix.org Subject: Re: more on professionalism Message-ID: <20010107125046.A10885@bofh.ucrc.org> Mail-Followup-To: sage-members@usenix.org References: <3A578359.9FD97E86@virtual.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <3A578359.9FD97E86@virtual.net>; from strata@virtual.net on Sat, Jan 06, 2001 at 12:43:05PM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk On Sat, 2001-01-06 at 21:43:05 CET Strata Rose Chalup wrote regarding "more on professionalism": > I'm glad that folks are interested in this, and I hope it leads to > a new surge of volunteers to get involved with the existing efforts. > My hope in posting the original message, as well as other materials, > is to get people excited about contributing to BoK (body of knowledge) > and ethics. [...] > I DO think there's a large number of folks out there who won't choose > to get involved with certification, but who would be happy to be a > part of ethics or BoK work. And that we need to provide a natural > focus point for those efforts to come together. [...] > Lee is already tirelessly doing a great job coordinating the ethics > roundup, as well as being a major contributor. But SAGE doesn't > have a formal BoK track that I'm aware of right now. There are some > efforts taking place in the community, most notably Geoff Helprin's > taxonomy and Rob Kolstad's LISA-workshop BoK matrix. [...] > With the Body of Knowledge matrix and the taxonomy work, both Geoff > and Rob have tried to start the ball rolling and include other > interested parties. [...] > I'd like to see SAGE provide some framework around which to center > the BoK efforts, but without imposing a huge amount of structure > and workload in the manner of certification. [...] > There are a lot of innovative community-building tools out there, [...] > It's somewhat ironic that, as an organization of sysadmins, we have > limited tools with which to interact as SAGE members. The tools required are available, it's just that someone with the access and the spirit is required to actually set it up. Sure, in his CFT, so that's way on the back burner. In the meantime, however, I find myself irritated. "The ethics roundup", "BoK matrix" - hey, great, two very worthwhile issues over which there's little, if any, disagreement in principle. Nobody is against the actual existence, at least; details will hopefully be controversial. So there's two areas I'd like to help in. Or at least, where I'd like to know where SAGE currently is, to see whether I have anything to contribute that might be useful. Where is that information? There's a BoK matrix somewhere, but since I wasn't at that workshop, I'll find out any and all details somewhen. Probably at LISA 2001, should I attend the workshop there, if it takes place. Even more interesting the Code of Ethics. A new version exists in a draft version, or so we were told at the mentoring BoF. Mentors and Mentees acknowledge that they support this CoE. And it's nowhere to be found. We have the resources for both - http://www.sage.org/ and/or http://www.usenix.org/sage/ should provide a link. Make it "members only", and never mind the marketing side of things - sorta-HTML-2.0 would be enough to let people know what's actually happening. Either keep the discussion here, where it belongs, or, if you must, create a "sage-bok" and a "sage-ethics" mailing list, putting the entire archives right there with it. Presto, instant information. SAGE may be concentrating hard on BoK and CoE, but if all the information available is along the lines of "we're working on it", and even that only gets passed on every so often by word of mouth, then naturally it will appear that SAGE is concentrating almost all its effort on certification, which gets space both online and in ;login: - which is not the appearance desired, or so I gather. > SAGE has done a great job organizing and collecting resources so > far, and it's time to take that the next step forward. That > includes leveraging the talents of our members more and availing > ourselves of some of the great tools that have emerged over the > last several years. No, the next step at this point is making the information gathered available, to let people know what's been done, what needs doing, and where help is required (everywhere, of course, but what are the priorities?) Advogato, Wiki, Slashcode - interesting tools. But there lies the problem: Putting of the entire publication until such time as somebody is found who has the time and the knowledge to present The Perfect Medium will do more harm than good. Put up what you have, tell SAGE where it is, and maybe then volunteers will arise. Volunteering as such is not something most people readily do, but volunteering for something without the first idea of how much progress has been made and what might be required isn't something very sane. Of course, becoming a sysadmin is pretty much exactly that behaviour, but don't rely on it. > Now we need to building a process and structure that lets us leverage > tools with the reliability that we need but without requiring that SAGE > take on a large budgetary responsibility to hire folks to deploy and > maintain them. No, that's what we need *next*. What we need *now* is above. Had to get that out of my system. It's the main theme of everywhere I've worked so far: If only we knew what we know. Haven't seen much that hurts productivity more, and I don't want that to hurt SAGE. Gabe -- Few women admit their age. Few men act theirs. From sage-members-owner@usenix.org Sun Jan 7 10:49:18 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f07IkHg04270 for sage-members-outgoing; Sun, 7 Jan 2001 10:46:17 -0800 (PST) Received: from proxy2.ba.best.com (root@proxy2.ba.best.com [206.184.139.14]) by usenix.org (8.11.0/8.11.0) with ESMTP id f07IkF904266 for ; Sun, 7 Jan 2001 10:46:15 -0800 (PST) Received: from shell3.ba.best.com (bolthole@shell3.ba.best.com [206.184.139.134]) by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with SMTP id KAA18290 for ; Sun, 7 Jan 2001 10:44:32 -0800 (PST) Received: by shell3.ba.best.com (sSMTP sendmail emulation); Sun, 7 Jan 2001 10:44:32 -0800 From: phil@bolthole.com Date: Sun, 7 Jan 2001 10:44:32 -0800 To: sage-members@usenix.org Subject: Material from firewall presentation Message-ID: <20010107104432.A646@bolthole.com> Mail-Followup-To: sage-members@usenix.org References: <200101021453.f02ErG628966@shangri-la.ccs.neu.edu> <20010104124727.A18313@theseas.softlab.ece.ntua.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010104124727.A18313@theseas.softlab.ece.ntua.gr>; from zvr@softlab.ece.ntua.gr on Thu, Jan 04, 2001 at 12:47:27PM +0200 Sender: owner-sage-members@usenix.org Precedence: bulk Someone asked me to let them know when I put up the information on my firewalls presentation last week. Unfortunately, I lost that person's address. So I'll email here, and hope some other folks get some use out of it as well; http://www.bolthole.com/solaris/firewall.html has a condensed view on how to build a firewall. It gives examples for IP Filter and IPchains. [so, URL notwithstanding, it is NOT limited only to solaris :-)] Comments welcome From sage-members-owner@usenix.org Mon Jan 8 12:19:41 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f08KBE707993 for sage-members-outgoing; Mon, 8 Jan 2001 12:11:14 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f08KBDq07988 for sage-members@usenix.org; Mon, 8 Jan 2001 12:11:13 -0800 (PST) Received: from emis-intl.com ([208.226.242.25]) by usenix.org (8.11.0/8.11.0) with ESMTP id f08Jdm907824 for ; Mon, 8 Jan 2001 11:39:48 -0800 (PST) Received: from rdulnx003.emis-intl.com (rdulnx003.emis-intl.com [10.90.132.28]) by emis-intl.com (8.9.3+Sun/8.9.3) with ESMTP id OAA23193; Mon, 8 Jan 2001 14:39:30 -0500 (EST) Received: (from majordomo@localhost) by rdulnx003.emis-intl.com (8.9.3/8.9.3) id OAA22823 for ncsa-announce-outgoing; Mon, 8 Jan 2001 14:38:27 -0500 X-Authentication-Warning: rdulnx003.emis-intl.com: majordomo set sender to owner-ncsa-announce@networks.com using -f Received: from MIS-NT03.MISNTRDU (rduexch01.emis-intl.com [10.90.132.22]) by rdulnx003.emis-intl.com (8.9.3/8.9.3) with ESMTP id OAA22820 for ; Mon, 8 Jan 2001 14:38:25 -0500 content-class: urn:content-classes:message Subject: nc*sa meetings for jan, feb, mar, & apr '1 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Date: Mon, 8 Jan 2001 14:38:20 -0500 Message-ID: X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: nc*sa meetings for jan, feb, mar, & apr '1 Thread-Index: AcB5qo5t8fZ8nOoASQ+n/1Ejmz4dmg== From: "Stan Briggs" To: sage-members@usenix.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by rdulnx003.emis-intl.com id OAA22821 Sender: owner-sage-members@usenix.org Precedence: bulk This month's meeting of the North Carolina Systems Administrators organization (NC*SA) has been cancelled. We apologize for the short notice. We do have speakers scheduled for the next few meetings: February- EMC2, "EMC CLARiiON IP4700 network-attached storage system", a direct competitor for other entry level network attached storage systems. March- Jason Hendeles, "alternic" [tentative], one of the founders and original backers of alternic talks about it's history, accomplishments, and current efforts. April- Marshall Brain, "HowStuffWorks.com", Marshall discusses his current, very popular, web site and his numerous other accomplishments. More information will soon follow on our web site, www.ncsysadmin.org. Once more, our apologies for the last minute notice about tonight's meeting. We look forward to seeing you at future meetings. Stan Briggs North Carolina Systems Administrator (NC*SA); Secretary www.ncsysadmin.org; 919/653-4043 From sage-members-owner@usenix.org Wed Jan 10 08:31:52 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0AGObo03291 for sage-members-outgoing; Wed, 10 Jan 2001 08:24:37 -0800 (PST) Received: from mcst.gsfc.nasa.gov (mcst.gsfc.nasa.gov [198.119.44.143]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0AGOZ903287 for ; Wed, 10 Jan 2001 08:24:35 -0800 (PST) Received: from aerialist.gsfc.nasa.gov (IDENT:osteiner@aerialist.gsfc.nasa.gov [198.119.44.58]) by mcst.gsfc.nasa.gov (Switch-2.0.6/Switch-2.0.6) with SMTP id f0AGOVU27417 for ; Wed, 10 Jan 2001 11:24:31 -0500 (EST) From: Owen Steinert Organization: NASA/GSFC/MCST To: sage-members@usenix.org Subject: firewall on FDDI: recommendations? Date: Wed, 10 Jan 2001 11:24:32 -0500 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Message-Id: <01011011243201.04078@aerialist.gsfc.nasa.gov> Content-Transfer-Encoding: 8bit Sender: owner-sage-members@usenix.org Precedence: bulk Does anyone have any experience setting up a firewall that runs on two FDDI NICs? If so, what products do you recommend? I was looking at the Phoenix Adaptive Firewall because it seemed to fit the bill, but its makers were just bought by Cobalt, who in turn was recently acquired by Sun Microsystems. I can't seem to find the firewall product anywhere now (is it still available?) Please e-mail me directly and I'll post a summary to the list. Many thanks in advance! -- Owen Steinert Systems Administrator MODIS Characterization Support Team (MCST) GPG Key ID: C6C04FF8 (preferred) PGP Key ID: 0x6A8FE393 From sage-members-owner@usenix.org Fri Jan 12 04:00:42 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0CBmZ515401 for sage-members-outgoing; Fri, 12 Jan 2001 03:48:35 -0800 (PST) Received: from mail.snert.net (mail.snert.net [195.5.195.101]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0CBmW915397 for ; Fri, 12 Jan 2001 03:48:33 -0800 (PST) Received: from snert.com ([195.10.32.89]) by mail.snert.net (8.11.1/8.11.1) with ESMTP id f0CC70200695 for ; Fri, 12 Jan 2001 13:07:00 +0100 Message-ID: <3A5EEF04.FA0300A@snert.com> Date: Fri, 12 Jan 2001 12:48:20 +0100 From: Anthony Howe Organization: Snert X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: sage-members@usenix.org Subject: How to setup SSH+Telent on Linux? Content-Type: multipart/mixed; boundary="------------4703204E1360F96C08403F02" Sender: owner-sage-members@usenix.org Precedence: bulk This is a multi-part message in MIME format. --------------4703204E1360F96C08403F02 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I want to get SSH Telnet finaly going on my Linux server, but cannot find any relavent how-to from http://howto.tucows.com/ Does anyone have a guide for this or can they point be to some URLs or a part issue of Login covering this? -- Anthony C Howe 1489 Ch. des Collines, 06110 Le Cannet, France +33 (0)6 1189 7378 (p) +33 (0)4 9346 8901 (f) ICQ# 7116561 mailto:achowe@snert.com http://www.snert.com/ --------------4703204E1360F96C08403F02 Content-Type: text/x-vcard; charset=us-ascii; name="achowe.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Anthony Howe Content-Disposition: attachment; filename="achowe.vcf" begin:vcard n:Howe;Anthony tel;pager:ICQ 7116561 tel;cell:+33 6 11 89 73 78 tel;fax:+33 4 93 46 91 27 x-mozilla-html:FALSE url:http://www.snert.com/ org:Snert version:2.1 email;internet:achowe@snert.com adr;quoted-printable:;;Villa Magnolia=0D=0A1489 Chemin des Collines;Le Cannet;Alpes-Maritimes;06110;France fn:Anthony Howe end:vcard --------------4703204E1360F96C08403F02-- From sage-members-owner@usenix.org Fri Jan 12 09:23:17 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0CHFDd16040 for sage-members-outgoing; Fri, 12 Jan 2001 09:15:13 -0800 (PST) Received: from vielle.datasys.net (IDENT:root@0.enet.vielle.datasys.net [208.206.129.153]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0CHFB916036 for ; Fri, 12 Jan 2001 09:15:12 -0800 (PST) Received: (from mark@localhost) by vielle.datasys.net (8.11.0/8.11.0) id f0CHJKL14898; Fri, 12 Jan 2001 12:19:20 -0500 Message-Id: <200101121719.f0CHJKL14898@vielle.datasys.net> From: lindsey@acm.org (Mark R. Lindsey) Date: Fri, 12 Jan 2001 12:19:20 -0500 Reply-To: lindsey@acm.org (Mark R. Lindsey) X-Mailer: Mail User's Shell (7.2.6 beta(4) 03/19/98) To: sage-members@usenix.org Subject: Re: How to setup SSH+Telent on Linux? Sender: owner-sage-members@usenix.org Precedence: bulk Anthony Howe wrote: : I want to get SSH Telnet finaly going on my Linux server, but cannot : find any relavent how-to from http://howto.tucows.com/ : : Does anyone have a guide for this or can they point be to some URLs or a : part issue of Login covering this? I don't know what distro you're using, but several of them include SSH packages. Red Hat 7.0 includes openssl-0.9.5a-14 openssh-askpass-gnome-2.2.0p1-5 openssh-askpass-2.2.0p1-5 openssh-clients-2.2.0p1-5 openssh-2.2.0p1-5 openssh-server-2.2.0p1-5 The penultimate package there installs some starter documentation in /usr/share/doc/openssh-2.2.0p1/OVERVIEW If you're not using Red Hat, and cannot use its RPMs, or want more up-to-date information, see http://www.openSSH.com Happy remote-logining. From sage-members-owner@usenix.org Sat Jan 13 12:35:29 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0DKGr220780 for sage-members-outgoing; Sat, 13 Jan 2001 12:16:53 -0800 (PST) Received: from what.snew.com (what.snew.com [206.136.64.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0DKGm920776 for ; Sat, 13 Jan 2001 12:16:49 -0800 (PST) Received: (from chuck@localhost) by what.snew.com (8.11.0/8.10.1) id f0DKGgD12655; Sat, 13 Jan 2001 12:16:42 -0800 (PST) Date: Sat, 13 Jan 2001 12:16:41 -0800 From: Chuck Yerkes To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: How to setup SSH+Telent on Linux? Message-ID: <20010113121641.B12623@snew.com> References: <3A5EEF04.FA0300A@snert.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <3A5EEF04.FA0300A@snert.com>; from achowe@snert.com on Fri, Jan 12, 2001 at 12:48:20PM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk I've never heard of SSH Telnet, but "get [it] going" is sort of vague. Can you not just run the build/installer? Tried www.openssh.com? Hit goodle or similar for info? At the most basic, getting the RPM, installing it and typing "sshd" covers it. Quoting Anthony Howe (achowe@snert.com): > I want to get SSH Telnet finaly going on my Linux server, but cannot > find any relavent how-to from http://howto.tucows.com/ > > Does anyone have a guide for this or can they point be to some URLs or a > part issue of Login covering this? > > -- > Anthony C Howe 1489 Ch. des Collines, 06110 Le Cannet, France > +33 (0)6 1189 7378 (p) +33 (0)4 9346 8901 (f) ICQ# 7116561 > mailto:achowe@snert.com http://www.snert.com/ Content-Description: Card for Anthony Howe From sage-members-owner@usenix.org Sun Jan 14 05:30:54 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0EDKCp22058 for sage-members-outgoing; Sun, 14 Jan 2001 05:20:12 -0800 (PST) Received: from mail.snert.net (mail.snert.net [195.5.195.101]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0EDKA922054 for ; Sun, 14 Jan 2001 05:20:10 -0800 (PST) Received: from snert.com ([195.10.32.79]) by mail.snert.net (8.11.1/8.11.1) with ESMTP id f0EDcdr32729 for ; Sun, 14 Jan 2001 14:38:39 +0100 Message-ID: <3A61A781.278F7DE7@snert.com> Date: Sun, 14 Jan 2001 14:20:01 +0100 From: Anthony Howe Organization: Snert X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: sage-members@usenix.org Subject: SUMMARY: How to setup SSH+Telent on Linux? References: <3A5EEF04.FA0300A@snert.com> <20010113121641.B12623@snew.com> Content-Type: multipart/mixed; boundary="------------78CCE0953ED747BDC6E6D3D5" Sender: owner-sage-members@usenix.org Precedence: bulk This is a multi-part message in MIME format. --------------78CCE0953ED747BDC6E6D3D5 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I'd like to thank all of you answered. I now have SSH up and running. Probably the most useful links that got me started were: http://www.csua.berkeley.edu/ssh-howto.html (a how-to & links) http://www.openssl.org/ (required for OpenSSH) http://www.openssh.com/ (software) For Windows client software, I choose Vandyke's SecureCRT (telnet) and SecureFX (ftp). http://www.vandyke.com/ -- Anthony C Howe 1489 Ch. des Collines, 06110 Le Cannet, France +33 (0)6 1189 7378 (p) +33 (0)4 9346 8901 (f) ICQ# 7116561 mailto:achowe@snert.com http://www.snert.com/ --------------78CCE0953ED747BDC6E6D3D5 Content-Type: text/x-vcard; charset=us-ascii; name="achowe.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Anthony Howe Content-Disposition: attachment; filename="achowe.vcf" begin:vcard n:Howe;Anthony tel;pager:ICQ 7116561 tel;cell:+33 6 11 89 73 78 tel;fax:+33 4 93 46 91 27 x-mozilla-html:FALSE url:http://www.snert.com/ org:Snert version:2.1 email;internet:achowe@snert.com adr;quoted-printable:;;Villa Magnolia=0D=0A1489 Chemin des Collines;Le Cannet;Alpes-Maritimes;06110;France fn:Anthony Howe end:vcard --------------78CCE0953ED747BDC6E6D3D5-- From sage-members-owner@usenix.org Sun Jan 14 08:44:40 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0EGZRA22302 for sage-members-outgoing; Sun, 14 Jan 2001 08:35:28 -0800 (PST) Received: from mail.mirapoint.com (IDENT:mirapoint@mail.mirapoint.com [208.48.74.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0EGZQ922298 for ; Sun, 14 Jan 2001 08:35:27 -0800 (PST) Received: from virtual.net (adsl-63-193-240-161.dsl.snfc21.pacbell.net [63.193.240.161]) by mail.mirapoint.com (Mirapoint) with ESMTP id ABG03510 (AUTH schalup); Sun, 14 Jan 2001 08:35:12 -0800 (PST) Message-ID: <3A61D63D.3B6A99B0@virtual.net> Date: Sun, 14 Jan 2001 08:39:25 -0800 From: Strata Rose Chalup Organization: VirtualNet Consulting X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: At last, the big zamboni hits the playing field Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Microsoft is finally abandoning the zero administration lie. A friend forwarded me a long and highly entertaining post about Windows 2000 and the new "datacenter" versions, high uptime, etc-- a post full of extremely precise language along the lines of "chocolate frosted sugar bombs belongs on the same table with any good breakfast". The "yes!!!" moment came here, though: > To get the highest level of availability from any operating system, > including Windows, requires an IT environment built around sound > operating guidelines and staffed by well-trained employees. There it is, finally, in black and white. Lest that someone think it only applies to their data center versions, they go on to say: > To help > customers build such an environment, Microsoft and third parties offer a > collection of training and support programs suitable for the full range > of businesses, from small one-office companies to distributed global > enterprises. These programs cover operations training, system support, > and for best practices guidelines for system design, installation, and > maintenance. Ah, to have lived this long! I don't carry a grudge against Microsoft itself, unlike a number of colleagues I know. Nonetheless, it has always intensely irritated me to see the "zero administration" lie spread every time (for instance) the sales guys come in to try to Exchange-ify a perfectly healthy mail environment. It's so nice to have something I can actually cite, from Microsoft itself, to combat The Big Lie. _SRC -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From sage-members-owner@usenix.org Sun Jan 14 17:27:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0F1FMf22980 for sage-members-outgoing; Sun, 14 Jan 2001 17:15:22 -0800 (PST) Received: from apoq.skynet.be (apoq.skynet.be [195.238.2.35]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0F1FK922976 for ; Sun, 14 Jan 2001 17:15:20 -0800 (PST) Received: from [10.0.1.3] (dialup19.brussels2.skynet.be [195.238.23.19]) by apoq.skynet.be (Postfix) with ESMTP id 4703310610; Mon, 15 Jan 2001 02:15:04 +0100 (MET) Mime-Version: 1.0 X-Sender: blk@pop.skynet.be Message-Id: In-Reply-To: <3A61D63D.3B6A99B0@virtual.net> References: <3A61D63D.3B6A99B0@virtual.net> Date: Mon, 15 Jan 2001 02:14:37 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: At last, the big zamboni hits the playing field Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 8:39 AM -0800 2001/1/14, Strata Rose Chalup wrote: > Ah, to have lived this long! I don't carry a grudge against Microsoft > itself, unlike a number of colleagues I know. Nonetheless, it has > always intensely irritated me to see the "zero administration" lie > spread every time (for instance) the sales guys come in to try to > Exchange-ify a perfectly healthy mail environment. It's so nice to have > something I can actually cite, from Microsoft itself, to combat The Big > Lie. Of course. Microsoft wants to make money from selling training and consulting just as much as anyone. I'm just surprised that it's taken them this long to write something that directly contradicts their "zero administration" position. Of course, I'm sure they'll find a way to spin it so that they don't sound like they're lying. I'm sure that they'll say something like: That's only for Enterprise customers -- workgroup customers still get the full benefits of 'zero administration', and by re-focussing our energies in this way, we can continue to make that 'zero cost' even lower than it already was. Or some such BS. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, || Belgacom Skynet SA/NV Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124 Phone/Fax: +32-2-706.13.11/12.49 || B-1140 Brussels http://www.skynet.be || Belgium "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. From sage-members-owner@usenix.org Mon Jan 15 08:27:51 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0FGIUf24072 for sage-members-outgoing; Mon, 15 Jan 2001 08:18:30 -0800 (PST) Received: from mail.ben-tech.com (colo-204-186-59-225.dejazzd.com [204.186.59.225]) by usenix.org (8.11.0/8.11.0) with SMTP id f0FGIN924068 for ; Mon, 15 Jan 2001 08:18:24 -0800 (PST) Received: (qmail 23214 invoked from network); 15 Jan 2001 16:17:50 -0000 Received: from unknown (HELO kensei) (207.44.114.65) by 192.168.253.3 with SMTP; 15 Jan 2001 16:17:50 -0000 From: "Bennett Samowich" To: sage-members@usenix.org Subject: Palm Software Date: Mon, 15 Jan 2001 11:17:49 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Sender: owner-sage-members@usenix.org Precedence: bulk Greetings, Previously I had posted inquiring about various handheld devices. I am proud to say that I opted for the Handspring Visor and am pleasantly satisfied with it at this point. When held side-by-side to the Palm IIIc there are a few subtle differences that, I think, make the Visor just a bit better. With that said... the next part of my quest is to get the appropriate modules (e.g. Ethernet, Wireless Network, etc.). This brings me to my next question. Is it possible/is there software that can be run on PalmOS that makes the handheld into a bit of a network diagnostics tool? Thinking ping, traceroute, packet capture, that sort of thing. Perhaps that stuff comes with the module. The thought is to use the Visor to check a new network node installation or debug a faulty one. - Bennett From sage-members-owner@usenix.org Mon Jan 15 09:52:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0FHj9b24417 for sage-members-outgoing; Mon, 15 Jan 2001 09:45:09 -0800 (PST) Received: from merctech.com (brickhouse1.iad1.sitesmith.com [63.94.228.10]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0FHj7924413 for ; Mon, 15 Jan 2001 09:45:08 -0800 (PST) Received: from biber (bergman@localhost) by merctech.com (8.11.1/8.11.1) with ESMTP id f0FHixA05099 for ; Mon, 15 Jan 2001 12:44:59 -0500 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 X-Exmh-Isig-CompType: repl X-Exmh-Isig-Folder: Admin/SAGE To: sage-members@usenix.org From: bergman@merctech.com Subject: managing/filtering/searching security alerts for multiple OS's Date: Mon, 15 Jan 2001 12:44:59 -0500 Message-ID: <5098.979580699@biber> Sender: owner-sage-members@usenix.org Precedence: bulk I'm looking for a solution to correlate the multiple sources of security alerts, such as bugtraq, nt-bugtraq, vendor lists, etc. against the inventory of machines that we manage (linux, bsd, Solaris, NT, Win2K, HP, AIX). We're considering the vulnerability database service offered by eSecurityOnline.com, but we have a number of issues with their product. Does anyone have experience with a comparable vendor, or have you developed your own database & way of classifying and managing the stream of alert data from various sources? I'll summarize any responses back to the list. Mark From sage-members-owner@usenix.org Tue Jan 16 04:40:03 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0GCXYJ26942 for sage-members-outgoing; Tue, 16 Jan 2001 04:33:34 -0800 (PST) Received: from apoq.skynet.be (apoq.skynet.be [195.238.2.35]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0GCXX926938 for ; Tue, 16 Jan 2001 04:33:33 -0800 (PST) Received: from [172.17.1.121] (warp-core.skynet.be [195.238.2.25]) by apoq.skynet.be (Postfix) with ESMTP id 5DC1D9F19; Tue, 16 Jan 2001 13:33:25 +0100 (MET) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: References: Date: Tue, 16 Jan 2001 13:31:39 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Palm Software Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 11:17 AM -0500 2001/1/15, Bennett Samowich wrote: > With that said... the next part of my quest is to get the appropriate > modules (e.g. Ethernet, Wireless Network, etc.). This brings me to my next > question. Are there any Springboard modules to handle wired Ethernet or 802.11 wireless LAN networking? I know about the various Springboard modules for wired and wireless WAN networking (see ), but I don't see anything there for wired or wireless 802.11 LAN networks. Could you enlighten me? Also, have you seen the TRGpro? It seems to me that this device is better positioned for handling standard CompactFlash cards, of which I believe that there is a much wider array of devices available (albeit perhaps not officially certified to work with the TRGpro). Myself, I was rummaging through some of my old boxes last night, and came across some of my old Newton stuff. It occurred to me that the ideal handheld computer would seem to be something like a MessagePad 120 or a MessagePad 2100, what with the standard PCMCIA slot, etc.... Indeed, the 2100 has decent grey-scale display, a fast processor (not really equalled or surpassed by anything I know of, perhaps excepting the new Compaq iPaq) Since I've got one of each (although the 2100 needs to have the power switch repaired), it finally has decent handwriting recognition, but of course can be retro-fitted with an on-screen keyboard (including something like the FITALY, which is designed to minimize stylus movements), and a whole bunch of other features. Man, who knew how far advanced Apple really was? Anyway, does anyone know how they fare with the more modern PC Cards that are now available? Can you use a Lucent WaveLAN card in them? What about high-capacity CompactFlash cards? > Is it possible/is there software that can be run on PalmOS that makes the > handheld into a bit of a network diagnostics tool? Thinking ping, > traceroute, packet capture, that sort of thing. Perhaps that stuff comes > with the module. The thought is to use the Visor to check a new network > node installation or debug a faulty one. If you wanted to go that route, I might be inclined to install Linux on the thing. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Tue Jan 16 09:32:33 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0GHSYG27618 for sage-members-outgoing; Tue, 16 Jan 2001 09:28:34 -0800 (PST) Received: from alumni.umbc.edu (ajohns5@alumni.umbc.edu [130.85.60.17]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0GHSW927614 for ; Tue, 16 Jan 2001 09:28:33 -0800 (PST) Received: from localhost (ajohns5@localhost) by alumni.umbc.edu (8.8.8/8.8.8) with SMTP id MAA21237; Tue, 16 Jan 2001 12:28:37 -0500 (EST) Date: Tue, 16 Jan 2001 12:28:37 -0500 (EST) From: anderson johnston Reply-To: afj@alumni.princeton.edu To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: managing/filtering/searching security alerts for multiple OS's In-Reply-To: <5098.979580699@biber> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk I recommend a daily visit to www.securityfocus.com and every two or three days to archives.neohapsis.com. Not as nice as getting mail but your less likely to miss something. On Mon, 15 Jan 2001 bergman@merctech.com wrote: > > I'm looking for a solution to correlate the multiple sources of security > alerts, such as bugtraq, nt-bugtraq, vendor lists, etc. against the inventory > of machines that we manage (linux, bsd, Solaris, NT, Win2K, HP, AIX). > > We're considering the vulnerability database service offered by > eSecurityOnline.com, but we have a number of issues with their product. > > Does anyone have experience with a comparable vendor, or have you developed > your own database & way of classifying and managing the stream of alert data > from various sources? > > I'll summarize any responses back to the list. > > Mark > > ------------------------------------------------------------------------------- _/ /_ | Andy Johnston _/_/ /_ | _/ _/ _/_/_/ /_/_/_ /_ /_ | afj@alumni.princeton.edu _/_/_/_/ _/ _/ /_ /_ /_ /_ | _/ _/ _/ _ /_/_/_ /_ | http://alumni.umbc.edu/~ajohns5 /_ | /_ | (PGP Public Keys at web site) ............................................................................... PGP Key Fingerprints (31-mar-2000): (afj2000) 2048/271F5FA1 5D 44 1E 2E A6 7C 91 7A C4 66 5F D5 BA B9 F6 58 ------------------------------------------------------------------------------- From sage-members-owner@usenix.org Tue Jan 16 09:35:54 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0GHYLO27698 for sage-members-outgoing; Tue, 16 Jan 2001 09:34:21 -0800 (PST) Received: from merctech.com (brickhouse1.iad1.sitesmith.com [63.94.228.10]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0GHYK927694 for ; Tue, 16 Jan 2001 09:34:20 -0800 (PST) Received: from biber (bergman@localhost) by merctech.com (8.11.1/8.11.1) with ESMTP id f0GHYAg18158; Tue, 16 Jan 2001 12:34:10 -0500 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: sage-members@usenix.org CC: sage-members@usenix.org From: bergman@merctech.com Subject: Re: managing/filtering/searching security alerts for multiple OS's In-Reply-To: Your message of "Tue, 16 Jan 2001 12:28:37 EST." References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 16 Jan 2001 12:34:10 -0500 Message-ID: <18157.979666450@biber> Sender: owner-sage-members@usenix.org Precedence: bulk In your message dated: Tue, 16 Jan 2001 12:28:37 EST, your pithy ruminations on were: => => I recommend a daily visit to www.securityfocus.com and every two or three => days to archives.neohapsis.com. Not as nice as getting mail but your less => likely to miss something. Thanks, but that doesn't scale for 150+ admins and 2500~5000 devices being managed. Mark => => On Mon, 15 Jan 2001 bergman@merctech.com wrote: => => > => > I'm looking for a solution to correlate the multiple sources of security => > alerts, such as bugtraq, nt-bugtraq, vendor lists, etc. against the inventory => > of machines that we manage (linux, bsd, Solaris, NT, Win2K, HP, AIX). => > => > We're considering the vulnerability database service offered by => > eSecurityOnline.com, but we have a number of issues with their product. => > => > Does anyone have experience with a comparable vendor, or have you developed => > your own database & way of classifying and managing the stream of alert data => > from various sources? => > => > I'll summarize any responses back to the list. => > => > Mark => > => > => => ------------------------------------------------------------------------------- => _/ /_ | Andy Johnston => _/_/ /_ | => _/ _/ _/_/_/ /_/_/_ /_ /_ | afj@alumni.princeton.edu => _/_/_/_/ _/ _/ /_ /_ /_ /_ | => _/ _/ _/ _ /_/_/_ /_ | http://alumni.umbc.edu/~ajohns5 => /_ | => /_ | (PGP Public Keys at web site) => ............................................................................... => PGP Key Fingerprints (31-mar-2000): => (afj2000) 2048/271F5FA1 5D 44 1E 2E A6 7C 91 7A C4 66 5F D5 BA B9 F6 58 => ------------------------------------------------------------------------------- => => From sage-members-owner@usenix.org Tue Jan 16 09:56:06 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0GHsGt27920 for sage-members-outgoing; Tue, 16 Jan 2001 09:54:16 -0800 (PST) Received: from web11207.mail.yahoo.com (web11207.mail.yahoo.com [216.136.131.189]) by usenix.org (8.11.0/8.11.0) with SMTP id f0GHsF927916 for ; Tue, 16 Jan 2001 09:54:15 -0800 (PST) Message-ID: <20010116175412.44515.qmail@web11207.mail.yahoo.com> Received: from [216.100.35.122] by web11207.mail.yahoo.com; Tue, 16 Jan 2001 09:54:12 PST Date: Tue, 16 Jan 2001 09:54:12 -0800 (PST) From: "M.L.Graham" Reply-To: kaihoku@yahoo.com Subject: Re: Palm Software To: sage-members@usenix.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-sage-members@usenix.org Precedence: bulk I'm not real familar with the Palm IIIc or a Handspring Visor, but I know that there are vt100 modules for the Palm V and that you can use it as a serial device hooked up to a router, switch or a server and then debug that way. Checkout topgun ssh which is also a ssh implementation for the Palm pilots and they are certain to have a list of solutions to do what you want: http://www.ai/~iang/TGssh/ There is also minstrel wireless cradle that might work out for you, check: http://www.novatelwireless.com/palmtop/index.html --Melinda :o) --- Bennett Samowich wrote: > Greetings, > > Previously I had posted inquiring about various > handheld devices. I am > proud to say that I opted for the Handspring Visor > and am pleasantly > satisfied with it at this point. When held > side-by-side to the Palm IIIc > there are a few subtle differences that, I think, > make the Visor just a bit > better. > > With that said... the next part of my quest is to > get the appropriate > modules (e.g. Ethernet, Wireless Network, etc.). > This brings me to my next > question. > > Is it possible/is there software that can be run on > PalmOS that makes the > handheld into a bit of a network diagnostics tool? > Thinking ping, > traceroute, packet capture, that sort of thing. > Perhaps that stuff comes > with the module. The thought is to use the Visor to > check a new network > node installation or debug a faulty one. > > - Bennett > ===== Melinda L. Armstrong (kaihoku@yahoo.com) __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ From sage-members-owner@usenix.org Tue Jan 16 10:13:04 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0GIBOY28054 for sage-members-outgoing; Tue, 16 Jan 2001 10:11:24 -0800 (PST) Received: from cliff.niehs.nih.gov (IDENT:root@cliff.niehs.nih.gov [157.98.8.7]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0GIBJ928050 for ; Tue, 16 Jan 2001 10:11:22 -0800 (PST) Received: from cliff.niehs.nih.gov (IDENT:root@localhost.localdomain [127.0.0.1]) by cliff.niehs.nih.gov (8.9.3/8.9.3/NIEHS-POST-1.6) with ESMTP id NAA01103 for ; Tue, 16 Jan 2001 13:11:11 -0500 Received: from splat.niehs.nih.gov (splat.niehs.nih.gov [157.98.0.29]) by cliff.niehs.nih.gov (8.9.3/8.9.3/NIEHS-PRE-1.7) with ESMTP id NAA01074; Tue, 16 Jan 2001 13:11:07 -0500 Received: from splat (localhost [127.0.0.1]) by splat.niehs.nih.gov (8.9.3/8.9.3) with ESMTP id NAA10091; Tue, 16 Jan 2001 13:11:06 -0500 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.3 In-reply-to: References: Comments: In-reply-to Brad Knowles message dated "Tue, 16 Jan 2001 07:31:39 -0500." To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: Palm Software Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 16 Jan 2001 13:11:06 -0500 Message-ID: <10089.979668666@splat> From: "Lance A. Brown" Sender: owner-sage-members@usenix.org Precedence: bulk Greetings, I've got a TRGPro. I've not used the CF slot yet, but hope to in the future. The docs say the slot is "industry standard" CF and the Pro will handle memory and hard drive cards without a problem. Active devices such as ethernet, modems, wireless, etc. may require software on the Pro to work properly. I believe the website (www.trgpro.com) lists the currently supported CF cards. --[Lance] From sage-members-owner@usenix.org Tue Jan 16 10:24:06 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0GIMco28247 for sage-members-outgoing; Tue, 16 Jan 2001 10:22:38 -0800 (PST) Received: from godzilla.monsters.org (IDENT:root@godzilla.monsters.org [204.180.109.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0GIMZ928243 for ; Tue, 16 Jan 2001 10:22:35 -0800 (PST) Received: from zero.monsters.org (IDENT:root@zero.monsters.org [208.191.248.1]) by godzilla.monsters.org (8.9.3/8.9.3) with ESMTP id MAA12312 for ; Tue, 16 Jan 2001 12:22:30 -0600 Received: from zero.monsters.org by zero.monsters.org (8.11.0) id f0GIGp404736; Tue, 16 Jan 2001 12:16:51 -0600 Message-Id: <200101161816.f0GIGp404736@zero.monsters.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: sage-members@usenix.org Subject: Re: Palm Devices Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 16 Jan 2001 12:16:50 -0600 From: Stephen L Johnson Sender: owner-sage-members@usenix.org Precedence: bulk So one asked me about the list of software that I use(d) on my various Palms over the years. I didn't forget. It was just a bit low on the TODO totem pole. Before my Palm VII, this was the usual list of software that I had and a short description on who I used it. ptelnet - http://netpage.em.com.br/mmand/ptelnet.htm One of the best all all around communication programs that I've seen for any platform / OS. It's a telnet client and a terminal program. Needless to say I used this one quite a lot. It is great as a console. I used it extensively to diagnose and fix an external RAID unit at a datacenter across town from my office. The sync cradle is fabulous for this sort of thing. It's angled just right to view and write on. And the cable is wired to connect to a DCE serial port. ping - http://www.searat.com/palm.html A standard ping command based on BSD ping. I didn't really use it that much. But I had it when I needed it. Top Gun SSH client - http://www.ai/~iang/TGssh/ A Secure Shell client for the Palm. A good implementation. It handles all of the major encryption library currenly in use. Top Gun Postman / Proximail - http://www.proxinet.com/ A partial mail client that handles the MTA portions of mail handling. It work in conjunction with the Palm Mail application. Proximail is the current incarnation of Postman. It handled POP and the sending of of e-mail. Palmscape - http://www.ilinx.co.jp/en/ Proxiweb - http://www.proxinet.com/ Two web browsers that I have tried. Palmscape is a full stand-alone web browser. Proxiweb is a web browser that works in conjunction with a gateway server. The Proxiweb gateway handles the translation of text and graphics to formated that a Palm can handle, e.g. graphics scaled and remapped to 4 bit greyscale etc. When I first used them they were still beta programs. But now that fully featured and work really well. I can recommend them both. DOC readers There are way too many to even start discussing. Best advice I can give is to try them all out until you find the one you like the best. I first settled on TealDoc. But nowadays I use iSilo. I think that iSilo beter handles HTML document conversions. But now I'm looking at and evaluating Plucker. The way that I kept a master IP address databse with me was as a DOC file. The database we used was for an entire class B network. This was way too big to keep in an actual Palm DB format. The IP keeps eventually developed a report format that he printed to a file and converted it to DOC format. This was small enough to keep on our Palm. It was searchable by Ip address or by name using the Find function. progect - progect.sourceforge.net Progect is the latest hierarchical TODO/Project Manager program that I use. I started off with Brain Forest. For complex things the Palm ToDo app won't cut it. This is what I use. IP calc - http://www.palmgear.com IP addresses, netmasks, broadcast addresses, network addresses, CIDRs, etc. IP calc will fix you up. It handles all of the calculations. I use it all of the time. Don't leave home without it! --- That is all for the non-Palm VII apps. What follows are all of the Palm VII apps that I current use for Admin related stuff. ThinAir A remote mail access application. It can handle up to 3 different POP/IMAP/HotMail accounts. It's limited to you inbox. But it is a handy app when you on the road. GuruNet and Foldoc Two handle WEb Clipping apps that are great in looking up strange acronyms that you don't know. Pocket Geek Tools - Pocket GT A Web clipping app that give you access to the Geek Tools web site. Access to the various IP calcuators, the RFC database, a Traceroute Gatway and a WHOIS proxy. Net ToolBox A Web clipping app that gives your access to traceroute, Ping, NS Lookup, Finger, Whois, Host Info, DNS Query. It is from the SeanHayes.com web site. It is handy when your 'Net access is out and you want to know where the problems lies: your ISP or futher upstream? Time A web clipping app that gets the current US Time from the NIST and US Naval Observatory. OK, not so useful that those outside the US, but you only have to do some time zone conversions. Simple Wire A Web Clipping App that allows you to send pages to pagers on a wide range of paging providers. Snakeeyes A Web Clipping App that can fetch the text from almost any web page. It is really limited, but it will don when you are in a pinch. KBrowser A WAP brwoser for the Palm VII from 4thpass.com. IF you want WAP on your PALM VII, you need this browser. I use KBrowser to keep watch on my Unix servers. I use my package Spong (http://spong.sourceforge.net) to monitor my Unix Servers at work. The web interface for Spong is much too intensive for a small screen device. Now in comes WAP, it's a perfect interface for wireless devices with small screens. Last, but definitely not least DP Web This is a combo Web Clipping App. It give you text based web browsing from your Palm VII. If you register and and pay $20, you get access to a bookmarks, cookies and secure web sites (i.e. https:// ). This is probably the app I use the most away from a computer. It allows me to surf the web almost as well from a desktop computer. I said almost. You are limited to text only, no graphics. It is at most 8Kbps, so be patient. Busy web sites with lots of text and graphics are a pain because you have to wade though so much text. Stephen L Johnson P.S. And for those who need their daily SlashDot fix will on the road, there is a SlashDot Web Clipping App for the Palm VII. ;> From sage-members-owner@usenix.org Tue Jan 16 12:45:22 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0GKfeJ29315 for sage-members-outgoing; Tue, 16 Jan 2001 12:41:40 -0800 (PST) Received: from harpo.wi.mit.edu (genome.wi.mit.edu [18.157.0.135]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0GKfZ929311 for ; Tue, 16 Jan 2001 12:41:38 -0800 (PST) Received: from WI.MIT.EDU (mercury.wi.mit.edu [18.157.4.100]) by harpo.wi.mit.edu (8.9.2/8.9.2) with ESMTP id PAA28721; Tue, 16 Jan 2001 15:41:25 -0500 (EST) Message-ID: <3A64B1F5.D86C1B7E@WI.MIT.EDU> Date: Tue, 16 Jan 2001 15:41:25 -0500 From: "K. M. Peterson" X-Mailer: Mozilla 4.76 (Macintosh; U; PPC) MIME-Version: 1.0 To: sage-members@usenix.org CC: sage-members@usenix.org Subject: Re: At last, the big zamboni hits the playing field References: <3A61D63D.3B6A99B0@virtual.net> Content-Type: text/plain; charset=us-ascii; x-mac-type="54455854"; x-mac-creator="4D4F5353" Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Well, not to pour gasoline on the fire, but... Strata Rose Chalup wrote: > Microsoft is finally abandoning the zero administration lie. A friend > forwarded me a long and highly entertaining post about Windows 2000 and > the new "datacenter" versions, high uptime, etc-- a post full of > extremely precise language along the lines of "chocolate frosted sugar > bombs belongs on the same table with any good breakfast". The "yes!!!" > moment came here, though: > > > To get the highest level of availability from any operating system, > > including Windows, requires an IT environment built around sound > > operating guidelines and staffed by well-trained employees. > Microsoft lies a lot, but I have to take issue with your comments about "Zero Administration". In the original announcement, Microsoft talked about a "Zero Administration initiative" and the "Zero Administration Kit" (ZAK), but the term "Zero Administration" refers to the _client_ (generally, WinNT Workstation), not NT Server. It's a framework with registry files and scripts and a protocol that one could use to begin to develop a WinNT Workstation environment that would not require administrative support. How? By making it almost impossible for a user to "break" the system - securing the OS environment so that a user could not install software applications, change system settings, or even see any object on the desktop or Start Menu that wasn't explicitly approved. IIRC, you could even set the system to not allow the user to change their desktop background! Working under this level of control (which I call fascist mode) is untenable for systems administrators, but if you're in a bank with 2000 WinNT boxes on your teller and branch customer-service reps desks, you really _don't_ want them monkeying with the things. And that's the environment that this is meant for. A fundamental thing that we Unix SysAdmins take for granted is that we set up a box and don't give out the root password and thus prevent people from erasing configuration files. That's a good part of what the Zero Administration thing is about. Microsoft only promises that ZAK allows administrators to set up an environment to lessen support costs by ensuring that any large number of boxes can be deployed and remain virtually identical by locking out write access to files and the registry (and even hiding files and directories) against end-users. We use many of those disciplines here. A lot of users don't like it, the same way that they didn't like it when we took root away from those folks using Unix workstations. We're working now on a policy and framework to allow "enhanced user access" to workstations where people are doing software development, or need to install their own stuff and can (knowledgeably) take responsibility for their own actions ... but in the meantime, for the most part, things work well because people can't (easily) hose the machines on their desk, and it isn't in their job descriptions to do Windows systems administration. The Microsoft salesdroids are probably ignorant, and that's Microsoft's fault. But the ZAK is a good place to start to try to get some reasonable level of control in a large environment over systems folks having to clean up other people's messes. _KMP -- K. M. Peterson voice: +1 617 258 0927 Manager, Computer Operations Group Whitehead Institute/MIT Center for Genome Research 320 Charles Street - Cambridge, MA 02141-2023 fax: +1 617 258 0903 (This email was written on a Mac in Netscape, and sent by sendmail 8.9 - no Microsoft products used to produce this communication). From sage-members-owner@usenix.org Tue Jan 16 13:06:16 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0GL4S229523 for sage-members-outgoing; Tue, 16 Jan 2001 13:04:28 -0800 (PST) Received: from mail.mirapoint.com (IDENT:mirapoint@mail.mirapoint.com [208.48.74.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0GL4R929519 for ; Tue, 16 Jan 2001 13:04:27 -0800 (PST) Received: from virtual.net (adsl-63-193-240-161.dsl.snfc21.pacbell.net [63.193.240.161]) by mail.mirapoint.com (Mirapoint) with ESMTP id ABH04575 (AUTH schalup); Tue, 16 Jan 2001 13:04:06 -0800 (PST) Message-ID: <3A64B83D.9B480F33@virtual.net> Date: Tue, 16 Jan 2001 13:08:13 -0800 From: Strata Rose Chalup Organization: VirtualNet Consulting X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org CC: "K. M. Peterson" Subject: Re: At last, the big zamboni hits the playing field References: <3A61D63D.3B6A99B0@virtual.net> <3A64B1F5.D86C1B7E@WI.MIT.EDU> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Hmm, that wasn't fire on gasoline, that was light shining through the smoke. Thanks for setting me, and possibly some others, straight on this. I think your post may be very useful for folks seeking to explain the zero administration myth to their own management, since I had never heard anyone explicitly describe the technology and specific application thereof precisely before. I definitely agree that the salesdroid force has represented it differently, either out of ignorance or perhaps a desire to reassure the customer (not coincidentally helping to make the sale). Goes to show me you're never too old to dig a little deeper before mouthing off. :-) It sounds like raising awareness of the ZA Kit could actually greatly assist some folks in heterogenous OS environments who need more tools to keep users from overly customizing Windows desktops. Sounds like a great topic for a LISA paper. I know that several excellent papers have been done on the topic of serving applications across such an environment. I'm not remembering anything in the last few years specifically talking about using ZAK or homegrown tools like it for locking stuff down. I have heard some interesting things about tools being used to essentially do a wipe-clean reinstall periodically on desktops at night, to help enforce logout and storage policies in some institutions (financials usually). But I don't recall a "Using ZAK" kind of paper-- maybe stuff was published at LISA-NT instead? I've not looked at the proceedings of that. Cheers, and thanks again, _Strata -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From sage-members-owner@usenix.org Tue Jan 16 15:12:29 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0GN9Z400948 for sage-members-outgoing; Tue, 16 Jan 2001 15:09:35 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f0GN9YH00943 for sage-members@usenix.org; Tue, 16 Jan 2001 15:09:34 -0800 (PST) Received: from numenor.techops.verio.net (numenor.techops.verio.net [206.68.76.70]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0GMiX900344 for ; Tue, 16 Jan 2001 14:44:33 -0800 (PST) Received: from dan by numenor.techops.verio.net with local (Exim 3.161 #1) id 14Iepz-00035T-00; Tue, 16 Jan 2001 22:44:23 +0000 Date: Tue, 16 Jan 2001 17:44:23 -0500 From: Dan Lowe To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Palm Software Message-ID: <20010116174423.A11845@tangledhelix.com> Reply-To: dan@tangledhelix.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from brad.knowles@skynet.be on Tue, Jan 16, 2001 at 01:31:39PM +0100 X-No-Archive: yes Sender: owner-sage-members@usenix.org Precedence: bulk Previously, Brad Knowles said: > > Are there any Springboard modules to handle wired Ethernet or > 802.11 wireless LAN networking? I know about the various Springboard > modules for wired and wireless WAN networking (see > ), but I > don't see anything there for wired or wireless 802.11 LAN networks. > Could you enlighten me? Go to http://www.visorcentral.com/ and click 'modules' which will go to a more complete list of modules out there. There are a few ethernet-related ones but the last time I looked they were all still pending release, none were available for purchase (that may have changed since then). Xircom was one vendor I recall seeing on the list for wired ethernet. -dan -- Dan Lowe http://tangledhelix.com/ Plan to be spontaneous - tomorrow. From sage-members-owner@usenix.org Tue Jan 16 16:43:18 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0H0d4t01623 for sage-members-outgoing; Tue, 16 Jan 2001 16:39:04 -0800 (PST) Received: from bunrab.catwhisker.org (adsl-63-193-123-122.dsl.snfc21.pacbell.net [63.193.123.122]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0H0d3901619 for ; Tue, 16 Jan 2001 16:39:03 -0800 (PST) Received: (from david@localhost) by bunrab.catwhisker.org (8.10.0/8.10.0) id f0H0ciD99592 for sage-members@usenix.org; Tue, 16 Jan 2001 16:38:44 -0800 (PST) Date: Tue, 16 Jan 2001 16:38:44 -0800 (PST) From: David Wolfskill Message-Id: <200101170038.f0H0ciD99592@bunrab.catwhisker.org> To: sage-members@usenix.org Subject: Re: At last, the big zamboni hits the playing field In-Reply-To: <3A64B1F5.D86C1B7E@WI.MIT.EDU> Sender: owner-sage-members@usenix.org Precedence: bulk >Date: Tue, 16 Jan 2001 15:41:25 -0500 >From: "K. M. Peterson" >And that's the environment that this is meant for. A fundamental thing that >we Unix SysAdmins take for granted is that we set up a box and don't give out >the root password and thus prevent people from erasing configuration files. That depends a great deal on the environment in question (which is something you also point out about the ZA stuff). For example, in my current position, I am the UNIX sysadmin for the engineers -- predominantly, software developers who use FreeBSD as the base for the product they're working on, as well as using it for their desktops. So they're re-building everything from scratch (in their "build environments") -- not just the kernel, but all of user-land, too. Sure, we use things like chroot to limit the damage when something goes wrong, but my colleagues all have root access to their boxen (via sudo). And sometimes we swap disks in & out, or add or remove additional NICs, make private nets hanging off the back end of desktops (my own desktop is a case in point; that way, I have a reasonably private environment for loading new machines), for example. Granted, this doesn't extend to the internal servers or to those that live on my employer's perimeter net -- ref. the comment about the environment. (As a further illustration, when I received the laptop I currently use at work, I didn't stop to even pay attention to whatever might have been installed on the disk, since I knew it wouldn't have been FreeBSD 4.1.1-S. I powered off the old laptop, pulled the drive out, swapped it into the new laptop, booted single-user, re-configured XFree86, re-booted multi-user, and proceeded from there. (Later, I got FreeBSD installed on the new laptop's disk, and swapped the drives back again.) And when one of my colleagues was having difficulty figuring out a routing issue, I plugged 2 PCMCIA NICs into my laptop, and turned it into a NAT/router....) I suppose there are some who would consider administration in an environment where that sort of thing is tolerated (let alone encouraged) to be a nightmare... I think it's interesting and educational; besides, we get to contribute back to the Open Source community, which is Cool. Cheers, david -- David H. Wolfskill david@catwhisker.org As a computing professional, I believe it would be unethical for me to advise, recommend, or support the use (save possibly for personal amusement) of any product that is or depends on any Microsoft product. From sage-members-owner@usenix.org Wed Jan 17 11:44:52 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0HJbOH05312 for sage-members-outgoing; Wed, 17 Jan 2001 11:37:24 -0800 (PST) Received: from inswsod02.gs.com (inswsod02.gs.com [207.17.37.11]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0HJbL905308 for ; Wed, 17 Jan 2001 11:37:22 -0800 (PST) Received: from insdbod02.inz.gs.com (insdbod02.inz.gs.com [207.17.36.75]) by inswsod02.gs.com (Postfix) with ESMTP id D61BB1BF68 for ; Wed, 17 Jan 2001 14:37:10 -0500 (EST) Received: from nbsapsm02.ny.ficc.gs.com by insdbod02.inz.gs.com with ESMTP for sage-members@usenix.org; Wed, 17 Jan 2001 14:37:10 -0500 Received: from nbsadc111.ny.ficc.gs.com (nbsadc111.ny.ficc.gs.com [148.86.214.85]) by nbsapsm02.ny.ficc.gs.com (8.9.1a/8.9.0/wanhub) with ESMTP id OAA19215 for ; Wed, 17 Jan 2001 14:37:10 -0500 (EST) Received: from gs.com (localhost [127.0.0.1]) by nbsadc111.ny.ficc.gs.com (8.9.3+Sun/8.9.3) with ESMTP id OAA03569 for ; Wed, 17 Jan 2001 14:36:53 -0500 (EST) Message-Id: <3A65F455.1694EAD6@gs.com> Date: Wed, 17 Jan 2001 14:36:53 -0500 From: "Joseph Boyer Jr." Organization: Goldman Sachs and Company X-Mailer: Mozilla 4.76C-CCK-MCD CPT-2 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: encrypted file systems on/for solaris Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk hello, does anyone know of an encrypted file system for solari?. If so can you kindly pass along any info. Do ask why I need such animal, I just have been ask to research if one exists. thanks, joe From sage-members-owner@usenix.org Wed Jan 17 17:01:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0I0wJw07402 for sage-members-outgoing; Wed, 17 Jan 2001 16:58:19 -0800 (PST) Received: from mail.mirapoint.com (IDENT:mirapoint@mail.mirapoint.com [208.48.74.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0I0wI907398 for ; Wed, 17 Jan 2001 16:58:18 -0800 (PST) Received: from virtual.net ([192.168.2.3]) by mail.mirapoint.com (Mirapoint) with ESMTP id ABH12176; Wed, 17 Jan 2001 16:58:13 -0800 (PST) Message-ID: <3A6640A1.D63076E1@virtual.net> Date: Wed, 17 Jan 2001 17:02:25 -0800 From: Strata Rose Chalup Organization: VirtualNet Consulting X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: Postmaster survey Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Hi folks, If you are the postmaster for your organization, or are filling that role in addition to other duties, I would like to ask you to donate a few minutes to fill out a survey. If not, you can hit "d" now. :-) Brian Kerouac and I are working on a draft of the SAGE postmaster booklet. We're also working on expanding the postmaster body of knowledge in general. To the latter end, I've made a survey on one of the free websurvey sites. I'll be paying to upgrade it in a few days, but for now it can only take 500 responses. The results will be available to anyone, and posted to the web with a copyleft or similar that keeps them freely available to all. Taking the survey should only take a few minutes, and you don't have to log in or register or anything like that. Please give it a try! I passed it by the folks who were at the LISA Postmaster BOF, and so far no complaints and a dozen or so folks have had a chance to fill it out. Time to widen the scope a little. http://www.surveypro.com/cgi-bin/surveypro/run_survey.cgi?id=490 Please feel free to pass the URL on to *individuals* who you know are postmasters for sites, but please ask them not to pass it further, and please don't send it to any other lists. I'm still trying to unsnarl a problem with the online method they have to pay to upgrade the survey, and it still has the 500 user cap. Thanks much, _Strata PS- This is a volunteer undertaking, and is in no way funded by or connected with SAGE or Usenix. I will be making the results available to those organizations, however, as well as everyone else. :-) -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From sage-members-owner@usenix.org Wed Jan 17 17:05:08 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0I13TF07444 for sage-members-outgoing; Wed, 17 Jan 2001 17:03:29 -0800 (PST) Received: from rhino.ark.gnac.net (rhino.ark.gnac.net [198.151.248.82]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0I13R907439; Wed, 17 Jan 2001 17:03:27 -0800 (PST) Received: (from baylisa@localhost) by rhino.ark.gnac.net (8.8.5/8.8.5/GNAC-GW-2.1) id QAA00643 for baylisa@baylisa.org; Wed, 17 Jan 2001 16:58:19 -0800 (PST) Received: from mail.mirapoint.com (mail.mirapoint.com [208.48.74.2]) by rhino.ark.gnac.net (8.8.5/8.8.5/GNAC-GW-2.1) with ESMTP id QAA00638 for ; Wed, 17 Jan 2001 16:58:14 -0800 (PST) Received: from virtual.net ([192.168.2.3]) by mail.mirapoint.com (Mirapoint) with ESMTP id ABH12176; Wed, 17 Jan 2001 16:58:13 -0800 (PST) Message-ID: <3A6640A1.D63076E1@virtual.net> Date: Wed, 17 Jan 2001 17:02:25 -0800 From: Strata Rose Chalup Organization: VirtualNet Consulting X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: Postmaster survey Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Loop: baylisa@gnac.com Sender: owner-sage-members@usenix.org Precedence: bulk Hi folks, If you are the postmaster for your organization, or are filling that role in addition to other duties, I would like to ask you to donate a few minutes to fill out a survey. If not, you can hit "d" now. :-) Brian Kerouac and I are working on a draft of the SAGE postmaster booklet. We're also working on expanding the postmaster body of knowledge in general. To the latter end, I've made a survey on one of the free websurvey sites. I'll be paying to upgrade it in a few days, but for now it can only take 500 responses. The results will be available to anyone, and posted to the web with a copyleft or similar that keeps them freely available to all. Taking the survey should only take a few minutes, and you don't have to log in or register or anything like that. Please give it a try! I passed it by the folks who were at the LISA Postmaster BOF, and so far no complaints and a dozen or so folks have had a chance to fill it out. Time to widen the scope a little. http://www.surveypro.com/cgi-bin/surveypro/run_survey.cgi?id=490 Please feel free to pass the URL on to *individuals* who you know are postmasters for sites, but please ask them not to pass it further, and please don't send it to any other lists. I'm still trying to unsnarl a problem with the online method they have to pay to upgrade the survey, and it still has the 500 user cap. Thanks much, _Strata PS- This is a volunteer undertaking, and is in no way funded by or connected with SAGE or Usenix. I will be making the results available to those organizations, however, as well as everyone else. :-) -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From sage-members-owner@usenix.org Thu Jan 18 15:03:05 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0IMojg25588 for sage-members-outgoing; Thu, 18 Jan 2001 14:50:45 -0800 (PST) Received: from motgate.mot.com (motgate.mot.com [129.188.136.100]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0IMoi925584 for ; Thu, 18 Jan 2001 14:50:44 -0800 (PST) Received: [from pobox4.mot.com (pobox4.mot.com [10.64.251.243]) by motgate.mot.com (motgate 2.1) with ESMTP id PAA01122 for ; Thu, 18 Jan 2001 15:50:39 -0700 (MST)] Received: [from plnt005.comm.mot.com (plnt005.comm.mot.com [145.2.198.78]) by pobox4.mot.com (MOT-pobox4 2.0) with ESMTP id PAA29268 for ; Thu, 18 Jan 2001 15:50:39 -0700 (MST)] Received: from admin01.comm.mot.com (plhp002.comm.mot.com [173.40.22.12]) by plnt005.comm.mot.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id C3JLDZQC; Thu, 18 Jan 2001 17:50:38 -0500 Received: from plhp049.comm.mot.com (brownmic@plhp049 [173.41.21.44]) by admin01.comm.mot.com (8.9.3 (PHNE_18979)/8.8.6) with ESMTP id RAA27194; Thu, 18 Jan 2001 17:50:36 -0500 (EST) Received: (from brownmic@localhost) by plhp049.comm.mot.com (8.9.3 (PHNE_21697)/8.7.3) id RAA02820; Thu, 18 Jan 2001 17:50:35 -0500 (EST) From: Michael Rogero Brown Message-Id: <200101182250.RAA02820@plhp049.comm.mot.com> Subject: Re: At last, the big zamboni hits the playing field To: sage-members@usenix.org Date: Thu, 18 Jan 2001 17:50:34 EST Cc: sage-members@usenix.org, KMP@WI.MIT.EDU In-Reply-To: <3A64B83D.9B480F33@virtual.net>; from "Strata Rose Chalup" at Jan 16, 2001 1:08 pm X-Mailer: Elm [revision: 212.5] Sender: owner-sage-members@usenix.org Precedence: bulk > > > Hmm, that wasn't fire on gasoline, that was light shining through the > smoke. Thanks for setting me, and possibly some others, straight on > this. > > I think your post may be very useful for folks seeking to explain the > zero administration myth to their own management, since I had never > heard anyone explicitly describe the technology and specific application > thereof precisely before. I definitely agree that the salesdroid force > has represented it differently, either out of ignorance or perhaps a > desire to reassure the customer (not coincidentally helping to make the > sale). When M$ put forth this ZAI and ZAK, I had to explain to our management types that M$'s Zero Administration did NOT mean 'zero administrators'. My explaination was much like the previous one just given. However, M$ has for some time been pushing NT to corporate types as being a cheaper OS to maintain because it does need all those expensive sysadmins like Unix does. Then on the flip side they sell their MSCE to would be NT Sysadmins as a way to make lots of money admining all those NT servers bought by corporate types sold on the idea that NT doesn't need them. Hmmmm. > > Goes to show me you're never too old to dig a little deeper before > mouthing off. :-) > > It sounds like raising awareness of the ZA Kit could actually greatly > assist some folks in heterogenous OS environments who need more tools to > keep users from overly customizing Windows desktops. Sounds like a > great topic for a LISA paper. > O'Reilly published a book on the ZAK. Should take a look at it. -- Michael Rogero Brown | Disclaimer: I speak only for myself. Unix/NT Systems Support | Any opinions expressed are my own Motorola, CGISS/CE | and do not reflect the opinions of email: emb021@email.mot.com | Motorola. From sage-members-owner@usenix.org Fri Jan 19 12:13:40 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0JKADR29752 for sage-members-outgoing; Fri, 19 Jan 2001 12:10:13 -0800 (PST) Received: from mail.mirapoint.com (IDENT:mirapoint@mail.mirapoint.com [208.48.74.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0JKAC929748 for ; Fri, 19 Jan 2001 12:10:12 -0800 (PST) Received: from virtual.net ([192.168.2.3]) by mail.mirapoint.com (Mirapoint) with ESMTP id ABK00251; Fri, 19 Jan 2001 12:09:41 -0800 (PST) Message-ID: <3A68A004.E1451644@virtual.net> Date: Fri, 19 Jan 2001 12:13:56 -0800 From: Strata Rose Chalup Organization: VirtualNet Consulting X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org.list-managers@greatcircle.com Subject: Postmaster survey fixed Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk If you had trouble with it, the problem should be fixed now. Several questions in the survey ended up requiring you to give a minimum number of answers. A lot of folks didn't notice this, since they were checking a lot of the boxes. Some folks found themselves unable to submit the results, though, due to this bug. What happened? The question creation template has the "force person to answer" box checked by default, which I UNchecked for all the questions when creating them. During the course of editing some of the questions, several picked up the default again in the edit screen, and I didn't notice. The result seemed to be that for questions where you could have "as many as N" responses out of M possible, the survey was not letting people submit if they'd checked less than N boxes. My testing was based on some complex sites and didn't check few enough boxes to pick up the error. I apologize for the error, and the additional message traffic. Thank you very much for participating-- we're up from 14 results a day or so ago to 88 today, with 76 of the respondents being the primary postmaster for their organization. Yeah!!! If you tried to take the survey and were stymied by the bug, please feel free to try again now, and I'm sorry for your earlier frustration. _Strata -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From sage-members-owner@usenix.org Fri Jan 19 12:15:52 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0JKFWF29787 for sage-members-outgoing; Fri, 19 Jan 2001 12:15:32 -0800 (PST) Received: from rhino.ark.gnac.net (rhino.ark.gnac.net [198.151.248.82]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0JKFT929780; Fri, 19 Jan 2001 12:15:29 -0800 (PST) Received: (from baylisa@localhost) by rhino.ark.gnac.net (8.8.5/8.8.5/GNAC-GW-2.1) id MAA04986 for baylisa@baylisa.org; Fri, 19 Jan 2001 12:10:03 -0800 (PST) Received: from mail.mirapoint.com (mail.mirapoint.com [208.48.74.2]) by rhino.ark.gnac.net (8.8.5/8.8.5/GNAC-GW-2.1) with ESMTP id MAA04981 for ; Fri, 19 Jan 2001 12:09:58 -0800 (PST) Received: from virtual.net ([192.168.2.3]) by mail.mirapoint.com (Mirapoint) with ESMTP id ABK00251; Fri, 19 Jan 2001 12:09:41 -0800 (PST) Message-ID: <3A68A004.E1451644@virtual.net> Date: Fri, 19 Jan 2001 12:13:56 -0800 From: Strata Rose Chalup Organization: VirtualNet Consulting X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org.list-managers@greatcircle.com Subject: Postmaster survey fixed Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Loop: baylisa@gnac.com Sender: owner-sage-members@usenix.org Precedence: bulk If you had trouble with it, the problem should be fixed now. Several questions in the survey ended up requiring you to give a minimum number of answers. A lot of folks didn't notice this, since they were checking a lot of the boxes. Some folks found themselves unable to submit the results, though, due to this bug. What happened? The question creation template has the "force person to answer" box checked by default, which I UNchecked for all the questions when creating them. During the course of editing some of the questions, several picked up the default again in the edit screen, and I didn't notice. The result seemed to be that for questions where you could have "as many as N" responses out of M possible, the survey was not letting people submit if they'd checked less than N boxes. My testing was based on some complex sites and didn't check few enough boxes to pick up the error. I apologize for the error, and the additional message traffic. Thank you very much for participating-- we're up from 14 results a day or so ago to 88 today, with 76 of the respondents being the primary postmaster for their organization. Yeah!!! If you tried to take the survey and were stymied by the bug, please feel free to try again now, and I'm sorry for your earlier frustration. _Strata -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From sage-members-owner@usenix.org Mon Jan 22 21:01:16 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0N4rfd11581 for sage-members-outgoing; Mon, 22 Jan 2001 20:53:41 -0800 (PST) Received: from femail7.sdc1.sfba.home.com (femail7.sdc1.sfba.home.com [24.0.95.87]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0N4re911577 for ; Mon, 22 Jan 2001 20:53:40 -0800 (PST) Received: from flipdog.com ([24.176.173.177]) by femail7.sdc1.sfba.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20010123045330.JKOA9583.femail7.sdc1.sfba.home.com@flipdog.com> for ; Mon, 22 Jan 2001 20:53:30 -0800 Message-ID: <3A6CAB26.CDED57B8@flipdog.com> Date: Mon, 22 Jan 2001 22:50:30 +0100 From: Justin Wood Reply-To: justin@flipdog.com Organization: FlipDog.com X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: production web servers on hpux Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Sagers, My company is in the process of moving our site from Solaris to HPUX. We're running into some strange errors when doing this. Apache stays up and running, however it _delays_ connections - doesn't drop them or stop accepting, just delays them (for up to 10+ seconds). I'd thought I'd send a note out to the list, because surely someone here is running their site on HP, and hopefully someone has seen this weirdness and can give us some hints. Details: HPUX 11 on A class machines apache-1.3.14 (compiled from src) Thanks in advance, Justin. From sage-members-owner@usenix.org Tue Jan 23 01:36:53 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0N9Xl312204 for sage-members-outgoing; Tue, 23 Jan 2001 01:33:47 -0800 (PST) Received: from glenlivet.propertymall.com (glenlivet.propertymall.com [194.201.169.189]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0N9Xj912200 for ; Tue, 23 Jan 2001 01:33:46 -0800 (PST) Received: from glenlivet.propertymall.com (IDENT:jc@localhost [127.0.0.1]) by glenlivet.propertymall.com (8.9.3/8.9.3) with ESMTP id JAA00792; Tue, 23 Jan 2001 09:33:27 GMT Message-Id: <200101230933.JAA00792@glenlivet.propertymall.com> From: Jonathan Crompton To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: production web servers on hpux In-Reply-To: Message from Justin Wood of "Mon, 22 Jan 2001 22:50:30 +0100." <3A6CAB26.CDED57B8@flipdog.com> Date: Tue, 23 Jan 2001 09:33:27 +0000 Sender: owner-sage-members@usenix.org Precedence: bulk Hi, > My company is in the process of moving our site from Solaris to HPUX. > We're running into some strange errors when doing this. Apache stays up > and running, however it _delays_ connections - doesn't drop them or stop > accepting, just delays them (for up to 10+ seconds). My first guess would be that you are doing reverse DNS lookups for each incoming connection e.g. you have 'HostnameLookups On' and that the reverse lookups are causing the delay. Try some reverse lookups from the command line. HTH, Jonathan. From sage-members-owner@usenix.org Tue Jan 23 08:21:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0NGHDB12866 for sage-members-outgoing; Tue, 23 Jan 2001 08:17:13 -0800 (PST) Received: from pony.whizbang.com ([205.171.122.116]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0NGHB912862 for ; Tue, 23 Jan 2001 08:17:12 -0800 (PST) Received: from flipdog.com (marsellus.whizbang.com [63.225.238.8]) by pony.whizbang.com (Postfix) with ESMTP id 180305D00B; Tue, 23 Jan 2001 09:09:02 -0700 (MST) Message-ID: <3A6DAD7E.824E131B@flipdog.com> Date: Tue, 23 Jan 2001 09:12:46 -0700 From: Justin Wood Organization: FlipDog.com X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: production web servers on hpux References: <200101230933.JAA00792@glenlivet.propertymall.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Actually we are not doing reverse lookups. It's very strange - I'll sit on the box running apache, and telnet to localhost port 80. Every few minutes it will delay the connection. -Justin. Jonathan Crompton wrote: > > Hi, > > > My company is in the process of moving our site from Solaris to HPUX. > > We're running into some strange errors when doing this. Apache stays up > > and running, however it _delays_ connections - doesn't drop them or stop > > accepting, just delays them (for up to 10+ seconds). > > My first guess would be that you are doing reverse DNS lookups for > each incoming connection e.g. you have 'HostnameLookups On' and that > the reverse lookups are causing the delay. Try some reverse lookups > from the command line. > > HTH, > Jonathan. From sage-members-owner@usenix.org Tue Jan 23 20:49:11 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0O4jEA17283 for sage-members-outgoing; Tue, 23 Jan 2001 20:45:14 -0800 (PST) Received: from gerasimov.net ([209.143.70.130]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0O4jC917279 for ; Tue, 23 Jan 2001 20:45:13 -0800 (PST) Received: (from alban@localhost) by gerasimov.net (8.9.3/8.9.3) id XAA20532 for sage-members@usenix.org; Tue, 23 Jan 2001 23:43:47 -0500 Date: Tue, 23 Jan 2001 20:43:47 -0800 From: David Alban To: sage-members@usenix.org Subject: Happy tech recruiter stories? Message-ID: <20010123204347.A20227@gerasimov.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4us Sender: owner-sage-members@usenix.org Precedence: bulk sage'oids: I've never actually gotten a job using a tech recruiter. I've avoided recruiters in the past because of horror stories about how recruiters only care about getting their commission. Stories that seem to indicate how little the interests of the prospective employee mean to them. Of course, these are stereotypes, and indeed there must exist men and women who are wonderfully suited to this kind of work and take pride in it and excel at it, benefitting individuals who seek their services. I'd like to ask anyone who has had good experiences with a tech recruiter to tell me about it, especially if they were able to hook you up with the very kind of job you were looking for. That is, they took your preferences very seriously. I'm looking in particular for a recruiter who works in the San Francisco Bay area. But even if you simply have a relevant recruiter experience I'd like to hear it. I'd prefer to hear about what worked for you, but I guess horror stories may also be helpful in avoiding pitfalls in this process. Thanks! David -- Live in a world of your own, but always welcome visitors. From sage-members-owner@usenix.org Wed Jan 24 09:30:59 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0OHLI718991 for sage-members-outgoing; Wed, 24 Jan 2001 09:21:18 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f0OHLHJ18986 for sage-members@usenix.org; Wed, 24 Jan 2001 09:21:17 -0800 (PST) Received: from ace.DELOS.COM (kolstad@ace.DELOS.COM [207.174.116.67]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0NNWo915675 for ; Tue, 23 Jan 2001 15:32:51 -0800 (PST) Received: (from kolstad@localhost) by ace.DELOS.COM (8.10.1/8.10.1) id f0NNWhV15218 for sage-members@usenix.org; Tue, 23 Jan 2001 16:32:43 -0700 (MST) Date: Tue, 23 Jan 2001 16:32:43 -0700 (MST) From: Rob Kolstad Message-Id: <200101232332.f0NNWhV15218@ace.DELOS.COM> To: sage-members@usenix.org Subject: System Administration taxonomy (a.k.a. Book of Knowledge) Sender: owner-sage-members@usenix.org Precedence: bulk Would you like to help create the System Administration Book of Knowledge (a sort of non-tree-like taxonomy)? Geoff Halprin initiated this project, and I have constructed a web site to enable us to collaborate in creating the line items for the book. In summary, I chaired a workshop at LISA 2000 in New Orleans. The 20 participants laid out a large set of categories and a set of "subheadings" that apply to each set of categories (e.g., categories include printing, user name management, policy management while subheadings include security, change management, and accounting). We're slowly but surely filling in the grid with a featured item each day. If you'd like to participate, please drop me a short note. RK ==================================================================== /\ * Rob Kolstad http://www.delos.com * /\/ \ kolstad@delos.com 15235 Roller Coaster Road / \ \ +1 719-481-6542 Colorado Springs, CO 80921 ==================================================================== From sage-members-owner@usenix.org Wed Jan 24 10:49:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0OIjAD19737 for sage-members-outgoing; Wed, 24 Jan 2001 10:45:10 -0800 (PST) Received: from mail.snert.net (mail.snert.net [195.5.195.101]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0OIj8919733 for ; Wed, 24 Jan 2001 10:45:08 -0800 (PST) Received: from snert.com ([195.10.32.84]) by mail.snert.net (8.11.1/8.11.1) with ESMTP id f0OJ3i120665 for ; Wed, 24 Jan 2001 20:03:44 +0100 Message-ID: <3A6F229F.A1BF6F2B@snert.com> Date: Wed, 24 Jan 2001 19:44:47 +0100 From: Anthony Howe Organization: Snert X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: sage-members@usenix.org Subject: IMAP + SSL Content-Type: multipart/mixed; boundary="------------D466653B2CB2CD34DA606B36" Sender: owner-sage-members@usenix.org Precedence: bulk This is a multi-part message in MIME format. --------------D466653B2CB2CD34DA606B36 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Is there an IMAP4 server implementation (freeware, open source, GPL) (in C) that supports SSL connections? -- Anthony C Howe 1489 Ch. des Collines, 06110 Le Cannet, France +33 (0)6 1189 7378 (p) +33 (0)4 9346 8901 (f) ICQ# 7116561 mailto:achowe@snert.com http://www.snert.com/ --------------D466653B2CB2CD34DA606B36 Content-Type: text/x-vcard; charset=us-ascii; name="achowe.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Anthony Howe Content-Disposition: attachment; filename="achowe.vcf" begin:vcard n:Howe;Anthony tel;pager:ICQ 7116561 tel;cell:+33 6 11 89 73 78 tel;fax:+33 4 93 46 91 27 x-mozilla-html:FALSE url:http://www.snert.com/ org:Snert version:2.1 email;internet:achowe@snert.com adr;quoted-printable:;;Villa Magnolia=0D=0A1489 Chemin des Collines;Le Cannet;Alpes-Maritimes;06110;France fn:Anthony Howe end:vcard --------------D466653B2CB2CD34DA606B36-- From sage-members-owner@usenix.org Wed Jan 24 13:16:17 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0OLBfs21255 for sage-members-outgoing; Wed, 24 Jan 2001 13:11:41 -0800 (PST) Received: from pianosa.catch22.org (postfix@pianosa.catch22.org [64.81.70.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0OLBe921251 for ; Wed, 24 Jan 2001 13:11:40 -0800 (PST) Received: by pianosa.catch22.org (Postfix, from userid 1020) id 07355177A; Wed, 24 Jan 2001 13:11:33 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by pianosa.catch22.org (Postfix) with ESMTP id EC447325B; Wed, 24 Jan 2001 13:11:33 -0800 (PST) Date: Wed, 24 Jan 2001 13:11:33 -0800 (PST) From: Benjy Feen X-Sender: To: sage-members@usenix.org Cc: Subject: Re: IMAP + SSL In-Reply-To: <3A6F229F.A1BF6F2B@snert.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, 24 Jan 2001, Anthony Howe wrote: > Is there an IMAP4 server implementation (freeware, open source, GPL) (in > C) that supports SSL connections? > http://www.google.com/search?q=imap4+ssl+GPL Searched the web for imap4 ssl GPL. Results 1 - 10 of about 108. Search took 0.38 seconds. Yes, there is. :) (UW IMAP and Cyrus are two of them.) -- Benjy Feen benjy(AT)feen.com http://www.monkeybagel.com From sage-members-owner@usenix.org Wed Jan 24 13:17:45 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0OLEij21270 for sage-members-outgoing; Wed, 24 Jan 2001 13:14:44 -0800 (PST) Received: from pianosa.catch22.org (postfix@pianosa.catch22.org [64.81.70.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0OLEh921266 for ; Wed, 24 Jan 2001 13:14:43 -0800 (PST) Received: by pianosa.catch22.org (Postfix, from userid 1020) id CFE6F177A; Wed, 24 Jan 2001 13:14:35 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by pianosa.catch22.org (Postfix) with ESMTP id B80B4325B; Wed, 24 Jan 2001 13:14:35 -0800 (PST) Date: Wed, 24 Jan 2001 13:14:35 -0800 (PST) From: Benjy Feen X-Sender: To: sage-members@usenix.org Cc: Subject: Re: IMAP + SSL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, 24 Jan 2001, Benjy Feen wrote: > On Wed, 24 Jan 2001, Anthony Howe wrote: > > > Is there an IMAP4 server implementation (freeware, open source, GPL) (in > > C) that supports SSL connections? > > (UW IMAP and Cyrus are two of them.) And because I was a smartass in my first reply, here's a link and a snippet. http://www.linuxdoc.org/HOWTO/Cyrus-IMAP-2.html#ss2.3 says: 2.3 Cyrus IMAP vs. Washington IMAP Cyrus has its own mailbox database which is standalone and increases performance, whereas Washington uses the stanard UNIX mailbox format, which was designed for a smaller set of users. Washington is portable to more UNIX and non-UNIX systems than Cyrus. The main difference is that with Cyrus, you don't have to add new users to your linux box (i.e. in /etc/passwd) to add new mail users, and with Washington, you do. From sage-members-owner@usenix.org Wed Jan 24 13:43:45 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0OLech21494 for sage-members-outgoing; Wed, 24 Jan 2001 13:40:38 -0800 (PST) Received: from eclectic.kluge.net (IDENT:root@eclectic.kluge.net [208.176.238.117]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0OLeb921490 for ; Wed, 24 Jan 2001 13:40:37 -0800 (PST) Received: (from felicity@localhost) by eclectic.kluge.net (8.11.2/8.11.2) id f0OLePL16511; Wed, 24 Jan 2001 16:40:25 -0500 Date: Wed, 24 Jan 2001 16:40:24 -0500 From: Theo Van Dinter To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: IMAP + SSL Message-ID: <20010124164024.H9046@kluge.net> References: <3A6F229F.A1BF6F2B@snert.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A6F229F.A1BF6F2B@snert.com>; from achowe@snert.com on Wed, Jan 24, 2001 at 07:44:47PM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Jan 24, 2001 at 07:44:47PM +0100, Anthony Howe wrote: > Is there an IMAP4 server implementation (freeware, open source, GPL) (in > C) that supports SSL connections? I haven't done this myself, but I'm told that to do this, mostly people use a generic IMAP server with stunnel to handle the SSL part. I've heard it works very well. -- Randomly Generated Tagline: "Absolutely nothing should be concluded from these figures except that no conclusion can be drawn from them." (By Joseph L. Brothers, Linux/PowerPC Project) From sage-members-owner@usenix.org Wed Jan 24 14:21:58 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0OMI2L21853 for sage-members-outgoing; Wed, 24 Jan 2001 14:18:02 -0800 (PST) Received: from smtpsrv0.isis.unc.edu (smtpsrv0.isis.unc.edu [152.2.1.139]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0OMI0921849 for ; Wed, 24 Jan 2001 14:18:00 -0800 (PST) Received: from login0.isis.unc.edu (harris@login0.isis.unc.edu [152.2.1.97]) by smtpsrv0.isis.unc.edu (8.9.3/8.9.1) with ESMTP id RAA26542; Wed, 24 Jan 2001 17:17:51 -0500 (EST) Received: (from harris@localhost) by login0.isis.unc.edu (AIX4.3/8.9.3/8.9.3) id RAA68058; Wed, 24 Jan 2001 17:17:53 -0500 Date: Wed, 24 Jan 2001 17:17:51 -0500 (EST) From: Trey Harris X-Sender: harris@login0.isis.unc.edu To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: IMAP + SSL In-Reply-To: <3A6F229F.A1BF6F2B@snert.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk The Cyrus server from Carnegie Mellon University is purported to work well with stunnel. I have no experience with running Cyrus in that situation, though. Trey Harris formerly of UNC Academic Technology Now with VA Linux Systems, New York region On Wed, 24 Jan 2001, Anthony Howe wrote: > Is there an IMAP4 server implementation (freeware, open source, GPL) (in > C) that supports SSL connections? > > -- > Anthony C Howe 1489 Ch. des Collines, 06110 Le Cannet, France > +33 (0)6 1189 7378 (p) +33 (0)4 9346 8901 (f) ICQ# 7116561 > mailto:achowe@snert.com http://www.snert.com/ From sage-members-owner@usenix.org Wed Jan 24 14:30:39 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0OMRYK21958 for sage-members-outgoing; Wed, 24 Jan 2001 14:27:34 -0800 (PST) Received: from mail.cuug.ab.ca (sparc250.cuug.ab.ca [192.75.191.250]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0OMRW921954 for ; Wed, 24 Jan 2001 14:27:32 -0800 (PST) Received: (from uucp@localhost) by mail.cuug.ab.ca (8.9.3/8.9.3) id PAA14377; Wed, 24 Jan 2001 15:26:06 -0700 (MST) Received: from UNKNOWN(192.75.191.7), claiming to be "igor.cuug.ab.ca" via SMTP by sparc250, id smtpdH27705; Wed Jan 24 15:25:54 2001 Received: from localhost (dorfsmay@localhost) by igor.cuug.ab.ca (8.9.3/8.9.3) with ESMTP id PAA27895; Wed, 24 Jan 2001 15:37:24 -0700 X-Authentication-Warning: igor.cuug.ab.ca: dorfsmay owned process doing -bs Date: Wed, 24 Jan 2001 15:37:24 -0700 (MST) From: Yves Dorfsman To: sage-members@usenix.org cc: Subject: Re: IMAP + SSL In-Reply-To: <3A6F229F.A1BF6F2B@snert.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, 24 Jan 2001, Anthony Howe wrote: > Is there an IMAP4 server implementation (freeware, open source, GPL) (in > C) that supports SSL connections? imapd from University of Washington (used to be bundled with pine) is supporting SSL authentication now: http://www.washington.edu/imap/IMAP-FAQs/faqs.xml#config18 Yves. ---- Yves Dorfsman dorfsmay@cuug.ab.ca http://www.cuug.ab.ca/~dorfsmay From sage-members-owner@usenix.org Wed Jan 24 14:46:12 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0OMh7v22156 for sage-members-outgoing; Wed, 24 Jan 2001 14:43:07 -0800 (PST) Received: from dfw-gate2.raytheon.com (dfw-gate2.raytheon.com [199.46.199.231]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0OMh5922152 for ; Wed, 24 Jan 2001 14:43:06 -0800 (PST) Received: from ds02c00.directory.ray.com (ds02c00.rsc.raytheon.com [147.25.138.118]) by dfw-gate2.raytheon.com (8.11.0.Beta3/8.11.0.Beta3) with ESMTP id f0OMgxt22113 for ; Wed, 24 Jan 2001 16:42:59 -0600 (CST) Received: from seasnake.rsc.raytheon.com (localhost [127.0.0.1]) by ds02c00.directory.ray.com (8.9.3/8.9.3) with ESMTP id QAA05867 for ; Wed, 24 Jan 2001 16:42:17 -0600 (CST) Received: from seasnake (seasnake [147.17.205.60]) by seasnake.rsc.raytheon.com (8.9.3+Sun/8.9.3) with SMTP id OAA16507 for ; Wed, 24 Jan 2001 14:42:57 -0800 (PST) Message-Id: <200101242242.OAA16507@seasnake.rsc.raytheon.com> Date: Wed, 24 Jan 2001 14:42:57 -0800 (PST) From: Mario Obejas Reply-To: Mario Obejas Subject: Power outage lessons learned? To: sage-members@usenix.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: 8xJsEIom1k37/euBGtLInA== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-sage-members@usenix.org Precedence: bulk This is aimed at my Northern California brethren who have experienced the recent unannounced 90 minute blackouts. How were you affected? How were your contingency plans tested? What lessons have you learned? e.g., Backup generators do/don't start in sufficient time What assumptions did you make that proved to be true/false? e.g., we thought we could communicate via cell phones, they were/were not usable. Whate were the good and bad surprises? Obviously our insurance is our backup media. Our tapes are immediately heading to safes, and we're still debating what's the best time (i.e., how soon) to send the recent backups offsite. Some of our suppliers are now starting to be affected. The high electricity cost is forcing some shutdowns, e.g., Liquid Nitrogen suppliers, which affect how long some of the production lines run. In Southern California, we're trying to prepare for our turn. Obviously, we don't want to get caught with our pants down. I'm urging anybody who has lived through it and has been affected by it to please tell us what you've learned. Mario Obejas Engineering Automation & Computing Raytheon Electronic Systems 310-334-7201 (Voice) 310-366-4867 (Pager) From sage-members-owner@usenix.org Wed Jan 24 15:19:28 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0ONFtk22483 for sage-members-outgoing; Wed, 24 Jan 2001 15:15:55 -0800 (PST) Received: from sephiroth.byte-me.org (sephiroth.byte-me.org [216.15.105.106]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0ONFs922479 for ; Wed, 24 Jan 2001 15:15:54 -0800 (PST) Received: (from mallen@localhost) by sephiroth.byte-me.org (8.9.3/8.9.3) id PAA31733; Wed, 24 Jan 2001 15:15:32 -0800 From: Mark Allen Message-Id: <200101242315.PAA31733@sephiroth.byte-me.org> Subject: Re: IMAP + SSL To: sage-members@usenix.org Date: Wed, 24 Jan 2001 15:15:32 -0800 (PST) Cc: sage-members@usenix.org In-Reply-To: <3A6F229F.A1BF6F2B@snert.com> from "Anthony Howe" at Jan 24, 2001 07:44:47 PM X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Anthony Howe writes: > Is there an IMAP4 server implementation (freeware, open source, GPL) (in > C) that supports SSL connections? It's really easy to set up SSL enabled IMAP using any IMAP server you like and stunnel. stunnel will wrap "insecure" socket connections like IMAP to an SSL enabled one. Very nifty and not hard to do, if you RTFM. Check out: http://www.stunnel.org http://www.openssl.org stunnel requires openssl, which may or may not have legal ramifications in your country. Regards, Mark -- Mark Allen -- mallen@byte-me.org -- http://www.byte-me.org/~mallen/ PGP1: 0x5CDC2161 Mark Allen (Personal Key) PGP2: 0x80402A46 Mark Allen (Work) From sage-members-owner@usenix.org Wed Jan 24 17:06:31 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0P12Rg23409 for sage-members-outgoing; Wed, 24 Jan 2001 17:02:27 -0800 (PST) Received: from voltron.oit.unc.edu (voltron.oit.unc.edu [152.2.1.126]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0P12P923405 for ; Wed, 24 Jan 2001 17:02:25 -0800 (PST) Received: from localhost (chris@localhost) by voltron.oit.unc.edu (1.0.b2/8.8.5) with SMTP id UAA17965; Wed, 24 Jan 2001 20:02:04 -0500 (EST) Date: Wed, 24 Jan 2001 20:02:03 -0500 (EST) From: Chris Colomb X-Sender: chris@voltron.oit.unc.edu To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: IMAP + SSL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Cyrus 2.0.x supports SSL/TLS natively when built with OpenSSL. Chris On Wed, 24 Jan 2001, Trey Harris wrote: > The Cyrus server from Carnegie Mellon University is purported to work well > with stunnel. I have no experience with running Cyrus in that situation, > though. > > Trey Harris > formerly of UNC Academic Technology > Now with VA Linux Systems, New York region > > On Wed, 24 Jan 2001, Anthony Howe wrote: > > > Is there an IMAP4 server implementation (freeware, open source, GPL) (in > > C) that supports SSL connections? > > > > -- > > Anthony C Howe 1489 Ch. des Collines, 06110 Le Cannet, France > > +33 (0)6 1189 7378 (p) +33 (0)4 9346 8901 (f) ICQ# 7116561 > > mailto:achowe@snert.com http://www.snert.com/ > > From sage-members-owner@usenix.org Thu Jan 25 12:59:18 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0PKogN09204 for sage-members-outgoing; Thu, 25 Jan 2001 12:50:42 -0800 (PST) Received: from sparcplug.greymouser.com (sparcplug.greymouser.com [12.5.48.56]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0PKof909193 for ; Thu, 25 Jan 2001 12:50:41 -0800 (PST) Received: by sparcplug.greymouser.com (Postfix, from userid 9930) id 58C683D89F; Thu, 25 Jan 2001 15:50:32 -0500 (EST) Date: Thu, 25 Jan 2001 15:50:32 -0500 From: Phil Scarr To: sage-members@usenix.org Subject: LTO (Linear Tape Open) Tape Drives Message-ID: <20010125155032.A11255@greymouser.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i Sender: owner-sage-members@usenix.org Precedence: bulk Has anyone had any experience with these new-fangled LTO drives (like the HP Ultrium LTO 230)? -Phil -- GREYMOUSER CONSULTING System, Network and Security Architecture and Administration for Central Virginia (http://www.greymouser.com) * S o l a r i s * H P - U X * L I N U X * W i n d o w s N T * From sage-members-owner@usenix.org Thu Jan 25 13:45:06 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0PLfU012592 for sage-members-outgoing; Thu, 25 Jan 2001 13:41:30 -0800 (PST) Received: from fw2.tek.com (fw2.tek.com [192.65.17.17]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0PLfS912588 for ; Thu, 25 Jan 2001 13:41:28 -0800 (PST) Received: from fw2-internal.tek.com (root@localhost) by fw2.tek.com with ESMTP id NAA27831 for ; Thu, 25 Jan 2001 13:41:14 -0800 (PST) Received: from mailhub.opbu.xerox.com (mailhub.opbu.xerox.com [13.62.6.81]) by fw2-internal.tek.com with ESMTP id NAA27819 for ; Thu, 25 Jan 2001 13:41:14 -0800 (PST) Received: from usawvas36.opbu.xerox.com (UsaWvAS36.opbu.xerox.com [13.62.3.98]) by mailhub.opbu.xerox.com (8.9.3+Sun/8.9.3) with SMTP id NAA28558 for ; Thu, 25 Jan 2001 13:41:13 -0800 (PST) Received: FROM filtronix.opbu.xerox.com BY usawvas36.opbu.xerox.com ; Thu Jan 25 13:41:13 2001 -0800 Received: from usawvbh01.opbu.xerox.com (UsaWvBH01.opbu.xerox.com [13.62.3.133]) by filtronix.opbu.xerox.com (8.8.8+Sun/8.8.8) with ESMTP id NAA26467; Thu, 25 Jan 2001 13:38:18 -0800 (PST) Received: by UsaWvBH01.opbu.xerox.com with Internet Mail Service (5.5.2653.19) id ; Thu, 25 Jan 2001 13:38:19 -0800 Message-ID: From: "Ravenwood, Tyler" To: sage-members@usenix.org Subject: RE: Happy tech recruiter stories? Date: Thu, 25 Jan 2001 13:38:18 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-sage-members@usenix.org Precedence: bulk Oh, how true it is that many tech recruiters forget who their customers are. However, I have worked extensively with one company in the San Francisco Bay area, both as a customer and as an employee, and have nothing but positive remarks for them. When I was seeking employees, they found just the right person in a very short period of time AND when I was looking for positions, they found me very suitable positions, for the right pay, in the right area, in a reasonable time frame. This company goes by a number of names, depending on which division you are working with. They are TAC1 / EDP Contract Services / Tech-Aid. My experience has been with the people at the San Ramon office, but they overlap into San Francisco, Sacramento, East Bay and Silicon Valley. You can contact Dale Cecchetini, Tim Mason, or Chris Pankey at 510-866-1030. Tell them I sent you! Tyler Ravenwood Sr. UNIX System Administrator Xerox OPBU > -----Original Message----- > From: David Alban [SMTP:extasia@mindspring.com] > Sent: Tuesday, January 23, 2001 8:44 PM > To: sage-members@usenix.org > Subject: Happy tech recruiter stories? > > sage'oids: > > I've never actually gotten a job using a tech recruiter. I've > avoided recruiters in the past because of horror stories about how > recruiters only care about getting their commission. Stories that > seem to indicate how little the interests of the prospective employee > mean to them. Of course, these are stereotypes, and indeed there > must exist men and women who are wonderfully suited to this kind of > work and take pride in it and excel at it, benefitting individuals > who seek their services. > > I'd like to ask anyone who has had good experiences with a tech > recruiter to tell me about it, especially if they were able to hook > you up with the very kind of job you were looking for. That is, they > took your preferences very seriously. > > I'm looking in particular for a recruiter who works in the San > Francisco Bay area. But even if you simply have a relevant recruiter > experience I'd like to hear it. I'd prefer to hear about what worked > for you, but I guess horror stories may also be helpful in avoiding > pitfalls in this process. > > Thanks! > David > -- > Live in a world of your own, but always welcome visitors. From sage-members-owner@usenix.org Fri Jan 26 09:04:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0QGxdb16973 for sage-members-outgoing; Fri, 26 Jan 2001 08:59:39 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f0QGxd416968 for sage-members@usenix.org; Fri, 26 Jan 2001 08:59:39 -0800 (PST) Received: from vax.area.com (vax.area.com [216.218.218.27]) by usenix.org (8.11.0/8.11.0) with SMTP id f0Q5Qk915367 for ; Thu, 25 Jan 2001 21:26:46 -0800 (PST) Received: (qmail 23046 invoked by uid 2244); 26 Jan 2001 05:26:38 -0000 Date: Thu, 25 Jan 2001 22:26:38 -0700 (MST) From: Vern Hart X-Sender: vern@vax.area.com To: sage-members@usenix.org cc: Phil Scarr Subject: Re: LTO (Linear Tape Open) Tape Drives In-Reply-To: <20010125155032.A11255@greymouser.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Today, Phil Scarr wrote: > > Has anyone had any experience with these new-fangled LTO drives (like > the HP Ultrium LTO 230)? I work with HP in the Product Test lab for that product. This probably means I can't give an unbiased opinion but I'm more than happy to answer any questions. Sometimes it's nice to get it from a fellow sysadmin instead of a sales drone. :-) Vern From sage-members-owner@usenix.org Fri Jan 26 13:21:15 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0QLFHV19002 for sage-members-outgoing; Fri, 26 Jan 2001 13:15:17 -0800 (PST) Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0QLFF918998 for ; Fri, 26 Jan 2001 13:15:15 -0800 (PST) Received: from [10.0.1.2] (dialup80.brussels.skynet.be [195.238.19.80]) by picard.skynet.be (8.11.2/8.11.2/Skynet-RELAY-2.01) with ESMTP id f0QJEtD02047 for ; Fri, 26 Jan 2001 20:14:57 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be (Unverified) Message-Id: Date: Fri, 26 Jan 2001 18:37:05 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Updated slides.... Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk Folks, For those of you who are interested, I've updated the slides for the "Design and Implementation of Highly Scalable E-mail Systems" talk I gave at LISA. I've also uploaded the presentation source, and you can view the HTML version, the PDF version (as it was presented at the conference), or download the postscript version (including the annotated version). See . Shortly, I hope to have all the same information online for the forty-one pages of material that was dropped the night before the talk, so that I could squeeze everything else into the remaining time. Check back at in a few days for the links. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Sun Jan 28 21:31:11 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0T5Hq924994 for sage-members-outgoing; Sun, 28 Jan 2001 21:17:52 -0800 (PST) Received: from mail2.panix.com (mail2.panix.com [166.84.0.213]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0T5Ho924990 for ; Sun, 28 Jan 2001 21:17:51 -0800 (PST) Received: from panix6.panix.com (panix6.panix.com [166.84.0.231]) by mail2.panix.com (Postfix) with ESMTP id 3EC3F8FF6 for ; Mon, 29 Jan 2001 00:17:41 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by panix6.panix.com (8.8.8/8.7.1/PanixN1.0) with ESMTP id AAA26238 for ; Mon, 29 Jan 2001 00:17:41 -0500 (EST) X-Authentication-Warning: panix6.panix.com: milburn owned process doing -bs Date: Mon, 29 Jan 2001 00:17:41 -0500 (EST) From: "Shane B. Milburn" To: sage-members@usenix.org Subject: Multisubnet NIS slave options Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk I have 10 subnets on which I need to run NIS. Currently we are using our IBM S7A as the NIS slave since it has one nic on each subnet. This works well, however, management decided that we should replace our S7A with a NetApp 840c. This leaves me with a problem because the NetApp can not serve as my NIS slave. We have been trying to come up with the best solution for a replacement NIS slave. Here are the solutions we have come up with. 1. Quad port cards in a couple of Ultra60's or even an x86 box. But as the number of subnets grows I'll need more machines/computer room space for the NIS slaves. 2. Use the "-ypset" option on the clients to allow them to bind across the router. We have about 60 machines per subnet so I'm not sure how this would affect the router. I'm wondering what other folks are doing out there for NIS across multiple subnets? thanks, -shane -- Shane B. Milburn Email: milburn@panix.com Sr. Systems Engineer GPG Key ID: 9DA907DA "Death need not be fatal!" - Tom Christiansen From sage-members-owner@usenix.org Mon Jan 29 05:36:19 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0TDUKj25690 for sage-members-outgoing; Mon, 29 Jan 2001 05:30:20 -0800 (PST) Received: from ocee.groupsys.com (ocee.groupsys.com [155.229.202.35]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0TDUJ925686 for ; Mon, 29 Jan 2001 05:30:19 -0800 (PST) Received: from groupsys.com (ocee.groupsys.com [155.229.202.35]) by ocee.groupsys.com (8.9.0/8.9.0) with ESMTP id IAA26396; Mon, 29 Jan 2001 08:30:00 -0500 (EST) Message-ID: <3A757058.16A8F89@groupsys.com> Date: Mon, 29 Jan 2001 08:30:00 -0500 From: William LeFebvre Organization: The LeFebvre abode X-Mailer: Mozilla 4.5 [en] (X11; U; SunOS 5.5.1 sun4m) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org CC: sage-members@usenix.org Subject: Re: Multisubnet NIS slave options References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk "Shane B. Milburn" wrote: > 2. Use the "-ypset" option on the clients to allow them > to bind across the router. We have about 60 machines > per subnet so I'm not sure how this would affect the > router. Don't use -ypset. If you have to do this, use -ypsetme. But even that is living dangerously. (Of course just using NIS is living dangerously.... :-) ) Most modern NIS implementations allow you to specify a list of servers that a client can bind to. This list is in /var/yp/binding//ypservers. Each host listed there must also be listed in /etc/hosts (since NIS isn't yet working when the binding takes place, the servers MUST be listed in the host file). You should be able to list the main server in every client's ypservers file. This should allow the clients to bind through a router. Check "man ypbind" to see if your ypbind allows for this. And once the upservers file is in place, make sure that the startup scripts do NOT invoke ypbind with the -broadcast switch. If your system doesn't honor ypservers, then you're back to your two choices: find the equipment needed to get one interface per subnet or go with ypsetme. Router's can't be taught to forward the initial broadcast requests because the port number isn't fixed. If you want scalability on your server with quad ethernet cards then you could always get another server and use one server for every 4 subnets. A NIS server doesn't need to be all that beefy. If you dedicate a machine to the task you can get away with using a pretty small box. -- William LeFebvre Mooney 4074H wnl@groupsys.com From sage-members-owner@usenix.org Mon Jan 29 13:27:06 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0TLNI028110 for sage-members-outgoing; Mon, 29 Jan 2001 13:23:18 -0800 (PST) Received: from spotter.yi.org (IDENT:root@dhcp065-024-215-097.insight.rr.com [65.24.215.97]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0TLNG928106 for ; Mon, 29 Jan 2001 13:23:17 -0800 (PST) Received: from spotter.yi.org (spp@localhost [127.0.0.1]) by spotter.yi.org (8.8.7/8.8.7) with ESMTP id RAA20136; Mon, 29 Jan 2001 17:24:29 -0500 Message-Id: <200101292224.RAA20136@spotter.yi.org> To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: Multisubnet NIS slave options In-Reply-To: Your message of "Mon, 29 Jan 2001 00:17:41 EST." Date: Mon, 29 Jan 2001 17:24:29 -0500 From: "Stephen P. Potter" Sender: owner-sage-members@usenix.org Precedence: bulk Lightning flashed, thunder crashed and "Shane B. Milburn" w hispered: | Here are the solutions we have come up with. | | 1. Quad port cards in a couple of Ultra60's or even an | x86 box. But as the number of subnets grows I'll | need more machines/computer room space for the NIS slaves. | | 2. Use the "-ypset" option on the clients to allow them | to bind across the router. We have about 60 machines | per subnet so I'm not sure how this would affect the | router. Ideally, you want to have two NIS servers (either the master and a slave, or two slaves) on each subnet for redundancy. I would be very worried about using a single box as a slave for so many subnets. What happens when that box goes down? I also don't like the idea of using ypset for much the same reason. If the server that the clients are bound to goes down, there is no way for them to rebind to another server, someone has to do it manually. To really come up with a good solution for you would require intimate knowledge of your network. You need to know what kinds of machines you have on each subnet, and how they are utilized. Do you have any machines on those subnets that currently act as some other kind of server (mail, print, news, nfs, application, whatever) that could serve double duty? Set up a couple of those per subnet. The load that NIS puts on a machine in very negligable, and since you can have multiple slaves, you can make several boxes be slaves to distribute the load. Ultra60s would be far over powered for this kind of service. I'd suggest a couple of U5s, or even look at the new Sun Cobolt systems. Their low end systems clock in at under $1k, probably even lower if you have a discount structure. If you are worried about space, these are only a couple of U, and rack mountable. You could set up several of these, and have them cross several subnets. You might have to add more servers as you add more subnets, but not on a one-to-one ratio. -spp From sage-members-owner@usenix.org Mon Jan 29 16:05:35 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0U02rN29262 for sage-members-outgoing; Mon, 29 Jan 2001 16:02:53 -0800 (PST) Received: from what.snew.com (what.snew.com [206.136.64.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0U02p929258 for ; Mon, 29 Jan 2001 16:02:51 -0800 (PST) Received: (from chuck@localhost) by what.snew.com (8.11.0/8.10.1) id f0U02Xk31354; Mon, 29 Jan 2001 16:02:33 -0800 (PST) Date: Mon, 29 Jan 2001 16:02:32 -0800 From: Chuck Yerkes To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: IMAP + SSL Message-ID: <20010129160232.D31221@snew.com> References: <3A6F229F.A1BF6F2B@snert.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <3A6F229F.A1BF6F2B@snert.com>; from achowe@snert.com on Wed, Jan 24, 2001 at 07:44:47PM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk It's covered in the OReilly IMAP book some. Also, a good thing about STunnel is that you can put compute heavy SSL decryption on one or more OTHER machines than the IMAP server. Quoting Anthony Howe (achowe@snert.com): > Is there an IMAP4 server implementation (freeware, open source, GPL) (in > C) that supports SSL connections? UW, cyrus, non-free ones from sendmail, inc. Likely others. From sage-members-owner@usenix.org Mon Jan 29 16:05:35 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0U03M129272 for sage-members-outgoing; Mon, 29 Jan 2001 16:03:22 -0800 (PST) Received: from what.snew.com (what.snew.com [206.136.64.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0U03K929268 for ; Mon, 29 Jan 2001 16:03:20 -0800 (PST) Received: (from chuck@localhost) by what.snew.com (8.11.0/8.10.1) id f0U03Bq31360 for sage-members@usenix.org; Mon, 29 Jan 2001 16:03:11 -0800 (PST) Date: Mon, 29 Jan 2001 16:03:10 -0800 From: Chuck Yerkes Cc: sage-members@usenix.org Subject: Re: IMAP + SSL Message-ID: <20010129160310.E31221@snew.com> References: <3A6F229F.A1BF6F2B@snert.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <3A6F229F.A1BF6F2B@snert.com>; from achowe@snert.com on Wed, Jan 24, 2001 at 07:44:47PM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk Oops, didn't mean to group reply that. Sorry. Quoting Anthony Howe (achowe@snert.com): > Is there an IMAP4 server implementation (freeware, open source, GPL) (in > C) that supports SSL connections? From sage-members-owner@usenix.org Mon Jan 29 17:16:33 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0U1Du429780 for sage-members-outgoing; Mon, 29 Jan 2001 17:13:56 -0800 (PST) Received: from blodwen.watching.org (blodwen.demonadsltrial.co.uk [193.195.65.37]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0U1Ds929776 for ; Mon, 29 Jan 2001 17:13:55 -0800 (PST) Received: from jrg by blodwen.watching.org with local (Exim 3.15 #5) id 14NPMd-0003Qq-00 for sage-members@usenix.org; Tue, 30 Jan 2001 01:13:43 +0000 From: jrg@blodwen.demon.co.uk (James R Grinter) Date: Tue, 30 Jan 2001 01:13:43 +0000 In-Reply-To: <200101292224.RAA20136@spotter.yi.org> "Re: Multisubnet NIS slave options" (Jan 29, 23:27) X-Subliminal: H is for Hypertext X-Layer: 3 X-Mailer: Mail User's Shell (7.2.6 beta(5)+dynamic 10/07/98) To: sage-members@usenix.org Subject: Re: Multisubnet NIS slave options Message-Id: Sender: owner-sage-members@usenix.org Precedence: bulk On Mon 29 Jan, 2001, "Stephen P. Potter" wrote: >Lightning flashed, thunder crashed and "Shane B. Milburn" w >hispered: >| Here are the solutions we have come up with. >| >| 1. Quad port cards in a couple of Ultra60's or even an >| x86 box. But as the number of subnets grows I'll >| need more machines/computer room space for the NIS slaves. Stuart McRobert's paper at LISA IX leapt to mind, here: "From Twisting Country Lanes to MultiLane Ethernet SuperHighways" http://www.usenix.org/publications/library/proceedings/lisa95/mcrobert.html They used quad-port ethernet cards in each box - and although the paper mentions two per system, plus two standard ethernet interfaces, I know they did have up to four in some eventually to cover 16 networks at a time. You wouldn't be doing it for the same reasons, but it demonstrates that it does work. With 3 machines you could cover 32 networks *and* have two available per network and in today's typically switched arrangements you might not even have anywhere near that many subnets anyway. >Ultra60s would be far over powered for this kind of service. I'd suggest a >couple of U5s, or even look at the new Sun Cobolt systems. Their low end The Cobalt stuff runs Linux - not to denegrate that, but not necessarily suitable in a Sun shop, and I have no knowledge about Linux's current ypserver capabilities (but to quote a Linux-using colleague: "just say no.") The Netra X1 - well, that's a bit lacking in the ethernet dept, if you were going to try and cover a large amount of networks and keep the box count down low. James. From sage-members-owner@usenix.org Mon Jan 29 17:25:39 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0U1O4p29882 for sage-members-outgoing; Mon, 29 Jan 2001 17:24:04 -0800 (PST) Received: from date.palm.cri.nz (date.palm.cri.nz [161.66.1.20]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0U1Nw929878 for ; Mon, 29 Jan 2001 17:24:00 -0800 (PST) Received: from sisom.marc.hort.cri.nz (IDENT:root@sisom.marc.hort.cri.nz [161.66.241.1]) by date.palm.cri.nz (8.11.1/8.11.1) with ESMTP id f0U1NZu01995 for ; Tue, 30 Jan 2001 14:23:35 +1300 Received: from sisom.marc.hort.cri.nz (IDENT:shauver@sisom.marc.hort.cri.nz [127.0.0.1]) by sisom.marc.hort.cri.nz (8.11.0/8.11.0) with ESMTP id f0U1NYk24307 for ; Tue, 30 Jan 2001 14:23:34 +1300 Message-Id: <200101300123.f0U1NYk24307@sisom.marc.hort.cri.nz> To: sage-members@usenix.org Subject: Relocating to Chicago Date: Tue, 30 Jan 2001 14:23:32 +1300 From: Dan Shauver Sender: owner-sage-members@usenix.org Precedence: bulk How-do, I decided to relocate to Chicago, as my wife has accepted a research position in said city, and will be heading there herself. I'll be there in early March, and should probably find a job, as the salary of a research scientist won't support my habits. :) Seriously though, there are almost certainly Chicago-based people on this list. Does anyone have any reccomendations for recruitment agents/agencies to contact? I fit into the Intermediate/Advanced SAGE job description, and have experience with Solaris, HP-UX, Linux, and Tru64 UNIX, and am currently the sole SysAd for 16 UNIX servers and ~24 UNIX workstations in a mixed Novell/NT/UNIX environment. I've worked in academic/research for a few years now, would like to try consulting or business for a while. Oh, and though I'm currently living and working in New Zealand, I am a US citizen, so won't have any immigration difficulties. Dan Shauver HortResearch UNIX Dude From sage-members-owner@usenix.org Mon Jan 29 22:49:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0U6irF01063 for sage-members-outgoing; Mon, 29 Jan 2001 22:44:53 -0800 (PST) Received: from mars.starshine.org ([204.130.184.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0U6iq901059 for ; Mon, 29 Jan 2001 22:44:52 -0800 (PST) Received: from mars (mars.starshine.org [127.0.0.1]) by mars.starshine.org (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id WAA29914; Mon, 29 Jan 2001 22:45:55 -0800 Message-Id: <200101300645.WAA29914@mars.starshine.org> X-Authentication-Warning: mars.starshine.org: Host mars.starshine.org [127.0.0.1] claimed to be mars To: sage-members@usenix.org cc: sage-members@usenix.org From: Jim Dennis X-Mailer: NMH X-GnuPG-Fingerprint: 66A0 25A0 57AF 963C 414C 0DD7 2065 7DEC 123E C631 Content-Type: application/pgp; format=text; x-action=sign Subject: Re: IMAP + SSL In-Reply-to: <3A6F229F.A1BF6F2B@snert.com> Message Apparently From Anthony Howe Dated Wed, 24 Jan 2001 19:44:47 +0100. Date: Mon, 29 Jan 2001 22:45:54 -0800 Sender: owner-sage-members@usenix.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apparently Anthony Howe wrote: > Is there an IMAP4 server implementation (freeware, open source, GPL) (in > C) that supports SSL connections? Most Linux people seem to be using stunnel (a package for creating SSL tunnels for any TCP connection). It basically gets installed into your /etc/inetd.conf like TCP Wrappers (called after/by tcpd in most cases). That will let you (continue to) use any existing POP/IMAP daemon and just "wrap" SSL support around it. I haven't been using this myself, so I can't speak to it. The main thing I'd wonder about is how you manage the certificates. I guess you have to create a self-signed PEM cert for the server. Do they support client-certs? Can you sign them and configure stunnel to require *your* signature on the client-certs? Or is this just a way of use SSL for creating DH-keyed encrypted sessions? (without providing client or server authentication) Lot's of others use ssh tunnels. However those basically require that the client/users have shell access to the system. So those are more "ad hoc" then stunnel. > -- > Anthony C Howe 1489 Ch. des Collines, 06110 Le Cannet, France > +33 (0)6 1189 7378 (p) +33 (0)4 9346 8901 (f) ICQ# 7116561 > mailto:achowe@snert.com http://www.snert.com/ - -- Jim Dennis Software Analyst Axis Personal Trainers http://www.axispt.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard iEYEARECAAYFAjp2YwwACgkQIGV97BI+xjGd9gCcDC+XNFkzF9ksvvB7SploBAED 6K4An1RqJDoB29H/BkzPOaG7ClRU3EEc =FdqC -----END PGP SIGNATURE----- From sage-members-owner@usenix.org Tue Jan 30 06:56:47 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0UErY501899 for sage-members-outgoing; Tue, 30 Jan 2001 06:53:34 -0800 (PST) Received: from eclectic.kluge.net (IDENT:root@eclectic.kluge.net [208.176.238.117]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0UErX901895 for ; Tue, 30 Jan 2001 06:53:33 -0800 (PST) Received: (from felicity@localhost) by eclectic.kluge.net (8.11.2/8.11.2) id f0UErJC10872 for sage-members@usenix.org; Tue, 30 Jan 2001 09:53:19 -0500 Date: Tue, 30 Jan 2001 09:53:19 -0500 From: Theo Van Dinter To: sage-members@usenix.org Subject: Re: IMAP + SSL Message-ID: <20010130095319.F6454@kluge.net> References: <3A6F229F.A1BF6F2B@snert.com> <20010124164024.H9046@kluge.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010124164024.H9046@kluge.net>; from felicity@kluge.net on Wed, Jan 24, 2001 at 04:40:24PM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Jan 24, 2001 at 04:40:24PM -0500, Theo Van Dinter wrote: > I haven't done this myself, but I'm told that to do this, mostly people use a > generic IMAP server with stunnel to handle the SSL part. I've heard it works > very well. I got bored over the weekend and played with this for a bit. stunnel works very nicely with both the UW POP/IMAP servers as well as Qpopper. I have been able to do SSL IMAP (what I was really interested in) from both Outlook Express and Netscape's Mail client. The biggest problem is getting other clients to understand a certificate that is signed by a "non-major" CA (I created a self-signed certificate), but that is usually easy to fix. -- Randomly Generated Tagline: "Your door is a jar. No it's not... It's a door." - The "O" From sage-members-owner@usenix.org Tue Jan 30 09:37:20 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0UHX2H02611 for sage-members-outgoing; Tue, 30 Jan 2001 09:33:02 -0800 (PST) Received: from ocee.groupsys.com (ocee.groupsys.com [155.229.202.35]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0UHX1902607 for ; Tue, 30 Jan 2001 09:33:01 -0800 (PST) Received: from groupsys.com (ocee.groupsys.com [155.229.202.35]) by ocee.groupsys.com (8.9.0/8.9.0) with ESMTP id MAA29258; Tue, 30 Jan 2001 12:32:49 -0500 (EST) Message-ID: <3A76FAC1.522594DE@groupsys.com> Date: Tue, 30 Jan 2001 12:32:49 -0500 From: William LeFebvre Organization: The LeFebvre abode X-Mailer: Mozilla 4.5 [en] (X11; U; SunOS 5.5.1 sun4m) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org CC: sage-members@usenix.org Subject: Re: Multisubnet NIS slave options References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Matthew Crosby wrote: > This is true, but one little caveat: We have found, at least under Solaris, > that Solaris versions prior to 8 have problems with failing over with > explicitly specified ypservers. In that, they take a looong time (up to > 5 minutes when I last did benchmarks). Sun has fixed it in 8, and supposedly > a recent patch of 7 fixes it, but we still have a large 2.5.1 plant. So, > much to our distress, (and to the security group's even bigegr disstress :-( ), > we are still running with broadcast in most cases. > > However, if you can live with the failover issues, this really is the best > solution. You used to be able to use adb on the ypbind binary and change the timeout setting. Unfortunately the later versions of Solaris all have stripped ypbind binaries. Sigh.... -- William LeFebvre Mooney 4074H wnl@groupsys.com From sage-members-owner@usenix.org Tue Jan 30 09:45:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0UHgIK02764 for sage-members-outgoing; Tue, 30 Jan 2001 09:42:18 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f0UHgIt02759 for sage-members@usenix.org; Tue, 30 Jan 2001 09:42:18 -0800 (PST) Received: from tandu.com (anon@tandu-gw.tandu.com [199.45.131.30]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0UFsv902039 for ; Tue, 30 Jan 2001 07:54:57 -0800 (PST) Received: from mcrosby (helo=localhost) by tandu.com with local-smtp (Exim 3.12 #1 (Debian)) id 14Nd6z-0006RS-00; Tue, 30 Jan 2001 08:54:29 -0700 Date: Tue, 30 Jan 2001 08:54:29 -0700 (MST) From: Matthew Crosby X-Sender: mcrosby@tandu.com To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: Multisubnet NIS slave options In-Reply-To: <3A757058.16A8F89@groupsys.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Mon, 29 Jan 2001, William LeFebvre wrote: > "Shane B. Milburn" wrote: > > 2. Use the "-ypset" option on the clients to allow them > > to bind across the router. We have about 60 machines > > per subnet so I'm not sure how this would affect the > > router. > > Don't use -ypset. If you have to do this, use -ypsetme. But even that is > living dangerously. (Of course just using NIS is living dangerously.... > :-) ) > > Most modern NIS implementations allow you to specify a list of servers that > a client can bind to. This list is in > /var/yp/binding//ypservers. Each host listed there must also be > listed in /etc/hosts (since NIS isn't yet working when the binding takes > place, the servers MUST be listed in the host file). You should be able to > list the main server in every client's ypservers file. This should allow > the clients to bind through a router. Check "man ypbind" to see if your > ypbind allows for this. And once the upservers file is in place, make sure > that the startup scripts do NOT invoke ypbind with the -broadcast switch. This is true, but one little caveat: We have found, at least under Solaris, that Solaris versions prior to 8 have problems with failing over with explicitly specified ypservers. In that, they take a looong time (up to 5 minutes when I last did benchmarks). Sun has fixed it in 8, and supposedly a recent patch of 7 fixes it, but we still have a large 2.5.1 plant. So, much to our distress, (and to the security group's even bigegr disstress :-( ), we are still running with broadcast in most cases. However, if you can live with the failover issues, this really is the best solution. From sage-members-owner@usenix.org Tue Jan 30 09:51:29 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0UHmaB02832 for sage-members-outgoing; Tue, 30 Jan 2001 09:48:36 -0800 (PST) Received: from mail.cuug.ab.ca (sparc250.cuug.ab.ca [192.75.191.250]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0UHmY902827 for ; Tue, 30 Jan 2001 09:48:35 -0800 (PST) Received: (from uucp@localhost) by mail.cuug.ab.ca (8.9.3/8.9.3) id KAA32613 for ; Tue, 30 Jan 2001 10:46:59 -0700 (MST) Received: from UNKNOWN(192.75.191.7), claiming to be "igor.cuug.ab.ca" via SMTP by sparc250, id smtpdY20174; Tue Jan 30 10:46:54 2001 Received: from localhost (dorfsmay@localhost) by igor.cuug.ab.ca (8.9.3/8.9.3) with ESMTP id KAA07367 for ; Tue, 30 Jan 2001 10:58:24 -0700 X-Authentication-Warning: igor.cuug.ab.ca: dorfsmay owned process doing -bs Date: Tue, 30 Jan 2001 10:58:24 -0700 (MST) From: Yves Dorfsman To: sage-members@usenix.org Subject: NetAps vs EMC Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Does anybody have any hard number on the reliability of NetAps vs EMC ? Anybody's been running NetAps filer for a long time, could you comment on their reliability ? Anybody with a horror story ?? Thanks, Yves. ---- Yves Dorfsman dorfsmay@cuug.ab.ca http://www.cuug.ab.ca/~dorfsmay From sage-members-owner@usenix.org Tue Jan 30 10:19:58 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0UIGZW03044 for sage-members-outgoing; Tue, 30 Jan 2001 10:16:35 -0800 (PST) Received: from proxy2.ba.best.com (root@proxy2.ba.best.com [206.184.139.14]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0UIGY903040 for ; Tue, 30 Jan 2001 10:16:34 -0800 (PST) Received: from shell3.ba.best.com (bolthole@shell3.ba.best.com [206.184.139.134]) by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with SMTP id KAA24961 for ; Tue, 30 Jan 2001 10:14:19 -0800 (PST) Received: by shell3.ba.best.com (sSMTP sendmail emulation); Tue, 30 Jan 2001 10:14:19 -0800 From: phil@bolthole.com Date: Tue, 30 Jan 2001 10:14:19 -0800 To: sage-members@usenix.org Subject: Re: encrypted file systems on/for solaris Message-ID: <20010130101419.A28238@bolthole.com> Mail-Followup-To: sage-members@usenix.org References: <3A65F455.1694EAD6@gs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A65F455.1694EAD6@gs.com>; from joseph.boyer@gs.com on Wed, Jan 17, 2001 at 02:36:53PM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Jan 17, 2001 at 02:36:53PM -0500, Joseph Boyer Jr. wrote: > hello, > > does anyone know of an encrypted file system for solari?. If so can you > kindly pass along any info. Do ask why I need such animal, I just have > been ask to research if one exists. I think there was one for linux, that needed a "mount file as filesystem" capability (and ran at userlevel, maybe) now that solaris 8 has that capability, maybe the linux one could be usable. sorry, dont know the name of it. From sage-members-owner@usenix.org Tue Jan 30 13:13:55 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0UL7xk04616 for sage-members-outgoing; Tue, 30 Jan 2001 13:07:59 -0800 (PST) Received: from minuet.das.harvard.edu (minuet.das.harvard.edu [140.247.50.251]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0UL7v904612 for ; Tue, 30 Jan 2001 13:07:57 -0800 (PST) Received: from [140.247.51.64] (minuet.das.harvard.edu [140.247.50.251]) by minuet.das.harvard.edu (8.9.1/8.9.1) with ESMTP id QAA00010; Tue, 30 Jan 2001 16:07:32 -0500 (EST) Mime-Version: 1.0 X-Sender: lois@127.0.0.1 Message-Id: In-Reply-To: References: Date: Tue, 30 Jan 2001 16:06:40 -0500 To: sage-members@usenix.org From: Lois Bennett Subject: Re: NetAps vs EMC Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk We have a very old filer which is tiny now. It has been totally reliable in the 2 and 1/2 years I have been here and I think it was here for a year before that. It had a disk fail and the fail over to hot spare just worked. I have no hard numbers though. We are in the process of replacing it because we have out grown it and it is no longer supported because it is so old. Good solid stuff in my opinion. I don't have an opinion on their support since we have never really needed it. Lois At 10:58 AM -0700 1/30/01, Yves Dorfsman wrote: >Does anybody have any hard number on the reliability of NetAps vs EMC ? > >Anybody's been running NetAps filer for a long time, could you comment on >their reliability ? > >Anybody with a horror story ?? > > >Thanks, > > >Yves. >---- >Yves Dorfsman dorfsmay@cuug.ab.ca > http://www.cuug.ab.ca/~dorfsmay -- ********************************************************************** Lois B. Bennett - Chief Network & System Analyst (617) 496-5357 Division of Engineering and Applied Sciences FAX:(617) 495-9837 Harvard University 33 Oxford Street - MD G109 lois@deas.harvard.edu Cambridge, MA 02138 http://www.deas.harvard.edu/~lois ********************************************************************** From sage-members-owner@usenix.org Tue Jan 30 14:17:04 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0UMEAl05009 for sage-members-outgoing; Tue, 30 Jan 2001 14:14:10 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f0UME9805004 for sage-members@usenix.org; Tue, 30 Jan 2001 14:14:10 -0800 (PST) Received: from mail.iddg.com ([209.190.97.35]) by usenix.org (8.11.0/8.11.0) with SMTP id f0UM2e904940 for ; Tue, 30 Jan 2001 14:02:40 -0800 (PST) Message-Id: <200101302202.f0UM2e904940@usenix.org> Received: (qmail 16286 invoked from network); 30 Jan 2001 22:01:05 -0000 Received: from unknown (HELO Debug) (209.190.98.36) by mail.iddg.com with SMTP; 30 Jan 2001 22:01:05 -0000 To: sage-members@usenix.org From: lglaze@iddg.com Subject: Re: encrypted file systems on/for solaris Date: Tue, 30 Jan 2001 22:01:05 +0000 X-Mailer: Endymion MailMan Standard Edition v3.0.7 Sender: owner-sage-members@usenix.org Precedence: bulk Many moons ago (1997 era) there was a package called "cryptfs". I don't know if it is still supported or not since I haven't used it in several years. The way it worked was you created a directory with the cryptfs commands. Then you could put files in that directory. Once you were finished you could encrypt the directory with a hash. You couldn't use anything on the directory until it was decrypted again (it all looked like garbage until then, including the filenames). Not sure if that is exactly what you are after or not... Larry > On Wed, Jan 17, 2001 at 02:36:53PM -0500, Joseph Boyer Jr. wrote: > > hello, > > > > does anyone know of an encrypted file system for solari?. If so can you > > kindly pass along any info. Do ask why I need such animal, I just have > > been ask to research if one exists. > > I think there was one for linux, that needed a "mount file as filesystem" > capability (and ran at userlevel, maybe) > > now that solaris 8 has that capability, maybe the linux one could be > usable. > sorry, dont know the name of it. > From sage-members-owner@usenix.org Tue Jan 30 15:58:31 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0UNlwg16322 for sage-members-outgoing; Tue, 30 Jan 2001 15:47:58 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0UNlu916318 for ; Tue, 30 Jan 2001 15:47:57 -0800 (PST) Received: from [10.0.1.2] (dialup420.brussels2.skynet.be [195.238.24.164]) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.07) with ESMTP id f0UNlLw01073; Wed, 31 Jan 2001 00:47:26 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: References: Date: Tue, 30 Jan 2001 23:48:42 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: NetAps vs EMC Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 10:58 AM -0700 2001/1/30, Yves Dorfsman wrote: > Does anybody have any hard number on the reliability of NetAps vs EMC ? > > Anybody's been running NetAps filer for a long time, could you comment on > their reliability ? My problem with NetApp has always been that the management interface was very minimal, and only one person can log in at a time. If someone logs on and then shuts down their terminal program without logging out, no one else can log in until the box is rebooted. Yes, there's the web interface, but in my experience, that's not really suitable for administration, just monitoring. One of the reasons I always liked Auspex was that they had a "host controller" that was a real Unix box (SunOS 4.1.x, as I recall), and you could do real Unix things on them. If the host died or was being rebooted, you couldn't get any locks and you couldn't mount any new filesystems, but because of the way they implemented "functional multiprocessing" (i.e., dedicated hardware to handle most typical NFS operations), reads and writes of existing filesystems could continue unhindered. I don't know if this is possible with EMC, but I have to believe that their management interface is more full-featured than NetApp. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Tue Jan 30 18:08:27 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0V231W17417 for sage-members-outgoing; Tue, 30 Jan 2001 18:03:01 -0800 (PST) Received: from lanning.cc ([63.166.8.14]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0V22x917413 for ; Tue, 30 Jan 2001 18:02:59 -0800 (PST) Received: (from lanning@localhost) by lanning.cc (8.11.0/8.11.0) id f0V22mZ05303 for sage-members@usenix.org; Tue, 30 Jan 2001 18:02:48 -0800 From: Robert Hajime Lanning Message-Id: <200101310202.f0V22mZ05303@lanning.cc> Subject: Re: NetAps vs EMC To: sage-members@usenix.org Date: Tue, 30 Jan 2001 18:02:47 -0800 (PST) In-Reply-To: from "Lois Bennett" at Jan 30, 2001 04:06:40 PM X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk The real difference is in support. EMC has hot support and you REALY pay for it. (this is through experience with their SAN product) NetApp for NAS works very solid. You will hardly ever need their support. fairly easy to setup and maintain also. ---- As written by Lois Bennett: > > We have a very old filer which is tiny now. It has been totally > reliable in the 2 and 1/2 years I have been here and I think it was > here for a year before that. > It had a disk fail and the fail over to hot spare just worked. I > have no hard numbers though. > > We are in the process of replacing it because we have out grown it > and it is no longer supported because it is so old. Good solid stuff > in my opinion. > > I don't have an opinion on their support since we have never really needed it. > > Lois > > At 10:58 AM -0700 1/30/01, Yves Dorfsman wrote: > >Does anybody have any hard number on the reliability of NetAps vs EMC ? > > > >Anybody's been running NetAps filer for a long time, could you comment on > >their reliability ? > > > >Anybody with a horror story ?? > > > > > >Thanks, > > > > > >Yves. > >---- > >Yves Dorfsman dorfsmay@cuug.ab.ca > > http://www.cuug.ab.ca/~dorfsmay > > -- > > ********************************************************************** > Lois B. Bennett - Chief Network & System Analyst (617) 496-5357 > Division of Engineering and Applied Sciences FAX:(617) 495-9837 > Harvard University > 33 Oxford Street - MD G109 lois@deas.harvard.edu > Cambridge, MA 02138 http://www.deas.harvard.edu/~lois > ********************************************************************** > -- /* Robert Hajime Lanning lanning@lanning.cc ** Trade: Unix Systems Administrator (Senior level) (SAGE IV) */ #include From sage-members-owner@usenix.org Tue Jan 30 18:23:21 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0V2KPJ17578 for sage-members-outgoing; Tue, 30 Jan 2001 18:20:25 -0800 (PST) Received: from relay1.pair.com (relay1.pair.com [209.68.1.20]) by usenix.org (8.11.0/8.11.0) with SMTP id f0V2KN917574 for ; Tue, 30 Jan 2001 18:20:24 -0800 (PST) Received: (qmail 27272 invoked from network); 31 Jan 2001 02:20:08 -0000 Received: from goldengate-bridge.veritas.com (HELO ?10.131.13.110?) (63.197.92.2) by relay1.pair.com with SMTP; 31 Jan 2001 02:20:08 -0000 X-pair-Authenticated: 63.197.92.2 From: Jim Holthaus Subject: Re:[2] NetAps vs EMC To: sage-members@usenix.org Date: Tue, 30 Jan 2001 20:19:13 -0600 Lines: 1 Message-ID: Reply-To: jim@holthaus.com Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Mailer: Kaufman Mail Warrior 3.60 Final Sender: owner-sage-members@usenix.org Precedence: bulk If you're looking at EMC, don't forget to look at Hitachi. Great frame, low price. From sage-members-owner@usenix.org Tue Jan 30 20:12:18 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0V47Xn06261 for sage-members-outgoing; Tue, 30 Jan 2001 20:07:33 -0800 (PST) Received: from spies.com (ts1.ca.breakaway.com [216.32.244.30] (may be forged)) by usenix.org (8.11.0/8.11.0) with ESMTP id f0V47W906257 for ; Tue, 30 Jan 2001 20:07:32 -0800 (PST) Received: (from ahm@localhost) by spies.com (8.9.3/8.9.3) id UAA32281 for sage-members@usenix.org; Tue, 30 Jan 2001 20:07:14 -0800 Date: Tue, 30 Jan 2001 23:07:14 -0500 From: Andreas Meyer To: sage-members@usenix.org Subject: Re: NetAps vs EMC Message-ID: <20010130230714.L13521@spies.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4us In-Reply-To: ; from Brad Knowles on Tue, Jan 30, 2001 at 11:48:42PM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk Brad Knowles writes: [...] > My problem with NetApp has always been that the management > interface was very minimal, and only one person can log in at a time. > If someone logs on and then shuts down their terminal program without > logging out, no one else can log in until the box is rebooted. [...] Are your NetApps and other servers connected to a console server? The last place I was at ran software called "conserver" that enabled us to attach to and detach from the different console ports (a little like using the program "screen"), to remotely watch what someone was doing, and to be able to steal control of a console if needed. It also keeps a logs for each of the ports. But to the point, I've had nothing but good experiences with NetApps and I hope to buy more in the near future. Andy From sage-members-owner@usenix.org Tue Jan 30 21:08:03 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0V54bR13566 for sage-members-outgoing; Tue, 30 Jan 2001 21:04:37 -0800 (PST) Received: from mail.snert.net (mail.snert.net [195.5.195.101]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0V54Z913562 for ; Tue, 30 Jan 2001 21:04:36 -0800 (PST) Received: from snert.com ([195.10.32.61]) by mail.snert.net (8.11.1/8.11.1) with ESMTP id f0V5NNd09718 for ; Wed, 31 Jan 2001 06:23:24 +0100 Message-ID: <3A779CD0.FBFFA446@snert.com> Date: Wed, 31 Jan 2001 06:04:16 +0100 From: Anthony Howe Organization: Snert X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: sage-members@usenix.org Subject: SUMMARY: IMAP + SSL Content-Type: multipart/mixed; boundary="------------BC977045B33946FE547B6D89" Sender: owner-sage-members@usenix.org Precedence: bulk This is a multi-part message in MIME format. --------------BC977045B33946FE547B6D89 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Thank you to all who wrote which has helped me implemented successfully a solution. 1. DKIMAP4 is a solution, but its written in C++ and I don't do C++. http://www.dbox.handshake.de/ 2. Cyrus IMAPD uses a different mail database structure, instead of the traditional Unix mailbox file, which I didn't want to switch to. I like being able to use mailx and/or edit a mailbox in Vi. http://asg.web.cmu.edu/cyrus 3. Some suggested using SSLWrap, but for some reason I discarded this solution. http://www.rickk.com/sslwrap 4. I found there was a new version of UW IMAP, version 2000b which is supposed to support SSL using OpenSSL. Going this route proved unsuccessful. The documentation was incomplete or vague as to howto setup the SSL certificates nor was the OpenSSL documentation specific enough to help here. http://www.washington.edu/imap/ http://www.openssl.org/ 5. In the end I went with using stunnel, as suggested. It was by far the simplest and clearest solution that worked. stunnel's web site documentation was, while not 100% clear, was far better than the others. I now have Netscape working with a self-signed certificate talking IMAP over SSL. http://www.stunnel.org/ Thank you for all your help. -- Anthony C Howe 1489 Ch. des Collines, 06110 Le Cannet, France +33 (0)6 1189 7378 (p) +33 (0)4 9346 8901 (f) ICQ# 7116561 mailto:achowe@snert.com http://www.snert.com/ --------------BC977045B33946FE547B6D89 Content-Type: text/x-vcard; charset=us-ascii; name="achowe.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Anthony Howe Content-Disposition: attachment; filename="achowe.vcf" begin:vcard n:Howe;Anthony tel;pager:ICQ 7116561 tel;cell:+33 6 11 89 73 78 tel;fax:+33 4 93 46 91 27 x-mozilla-html:FALSE url:http://www.snert.com/ org:Snert version:2.1 email;internet:achowe@snert.com adr;quoted-printable:;;Villa Magnolia=0D=0A1489 Chemin des Collines;Le Cannet;Alpes-Maritimes;06110;France fn:Anthony Howe end:vcard --------------BC977045B33946FE547B6D89-- From sage-members-owner@usenix.org Tue Jan 30 21:51:41 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0V5meW13735 for sage-members-outgoing; Tue, 30 Jan 2001 21:48:40 -0800 (PST) Received: from proxy2.ba.best.com (root@proxy2.ba.best.com [206.184.139.14]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0V5md913731 for ; Tue, 30 Jan 2001 21:48:39 -0800 (PST) Received: from shell3.ba.best.com (bolthole@shell3.ba.best.com [206.184.139.134]) by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with SMTP id VAA12697 for ; Tue, 30 Jan 2001 21:47:29 -0800 (PST) Received: by shell3.ba.best.com (sSMTP sendmail emulation); Tue, 30 Jan 2001 21:47:29 -0800 From: phil@bolthole.com Date: Tue, 30 Jan 2001 21:47:29 -0800 To: sage-members@usenix.org Subject: US-CA-los angeles: LUG on practical Oracle usage Message-ID: <20010130214729.A15479@bolthole.com> Mail-Followup-To: sage-members@usenix.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-sage-members@usenix.org Precedence: bulk This thursday Feb 1st, the Los Angeles chapter of the UNIX Users' Group of Southern California is proud to host a presentation of a real-world example of Oracle use. A fair amount of people may have had a basic "oracle overview" experience, where you learn basically what a database is, the general components, and how oracle specifically works. But getting to see it used for something practical is usually left to DBAs-in-training. This thursday, Sid Womac will go through the nitty-gritty of actually setting up the "business end", so to speak, of an Oracle installation. What happens AFTER the sysadmin says "Okay, it's all set up: go to it!" presentation is set for 7-9pm DIRECTIONS -------------------------------------------------- TRW, Building R2, room 1177A One Space Park Drive, Redondo Beach, CA. A telephone into the room is 310-812-5607 **You need to call this number to be let in the building** There is a phone in a call box beside the door for any latecomers, and they only need to dial the last five digits (25607). That number is also what folk may want to use if someone needs to get hold of them. http://www.bolthole.com/uuala/ From sage-members-owner@usenix.org Tue Jan 30 23:10:03 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0V76dB13977 for sage-members-outgoing; Tue, 30 Jan 2001 23:06:39 -0800 (PST) Received: from haystack.lclark.edu (haystack.lclark.edu [149.175.1.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0V76a913973 for ; Tue, 30 Jan 2001 23:06:37 -0800 (PST) Received: from localhost (miller@localhost) by haystack.lclark.edu (8.9.3/8.9.3) with ESMTP id XAA03207 for ; Tue, 30 Jan 2001 23:06:18 -0800 (PST) Date: Tue, 30 Jan 2001 23:06:18 -0800 (PST) From: John Miller To: sage-members@usenix.org Subject: Re: NetAps vs EMC In-Reply-To: <20010130230714.L13521@spies.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk As for the console, at Metro, we have a serial line between the filer and our main unix box (no general logins allowed there) so you can 'tip' to it... use for booting since you see even the lower level console boot messages. You can telnet in or use rsh to execute single filer commands such as 'quota resize' after editing one of the config files. (The filer closes telnet when going down...) Since there is really only ONE console that any of these modes sees/uses, I don't see how we could get locked out as per the scenario that Brad Knowles described. I bet there is even a way to reset the telnet session w/o rebooting. Advice: don't let everybody have the password! John Miller http://www.lclark.edu/~miller Brad Knowles writes: [...] > My problem with NetApp has always been that the management > interface was very minimal, and only one person can log in at a time. > If someone logs on and then shuts down their terminal program without > logging out, no one else can log in until the box is rebooted. From sage-members-owner@usenix.org Wed Jan 31 02:16:57 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VACrC14320 for sage-members-outgoing; Wed, 31 Jan 2001 02:12:53 -0800 (PST) Received: from gate.mental.com (gate.mental.com [192.31.14.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VACp914316 for ; Wed, 31 Jan 2001 02:12:51 -0800 (PST) Received: (from uucp@localhost) by gate.mental.com (8.8.5/8.8.8/Lobo-20000426) id LAA20541 for ; Wed, 31 Jan 2001 11:12:40 +0100 (CET) Received: from twen-et(172.16.0.5) by gate via smap (V2.0/Lobo-010123) id xma020539; Wed, 31 Jan 01 11:12:40 +0100 Received: (from smap@localhost) by mental.com (8.10.1/8.10.1/Lobo-20001016) id f0VACdt15706 for ; Wed, 31 Jan 2001 11:12:39 +0100 (MET) Received: from twen(172.17.0.5) by twen via smap (V2.0) id xma015703; Wed, 31 Jan 01 11:12:38 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: sage-members@usenix.org Subject: Re: NetApps vs EMC In-reply-to: Brad Knowles's message of Tue, 30 Jan 2001 23:48:42 +0100 Organization: mental images GmbH & Co. KG, Berlin, Germany Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 31 Jan 2001 11:12:38 +0100 Message-ID: <15702.980935958@mental.com> From: Alexander Lobodzinski Sender: owner-sage-members@usenix.org Precedence: bulk () > Anybody's been running NetAps filer for a long time, could you () > comment on their reliability ? Ran an F230 for about 1.5 years and run an F720 for about 9 months @ roughly 5 million NFS ops/day - no trouble at all. The only downtimes were for installing another network interface and disk shelf and for switching a tape drive. () If someone logs on and then shuts down their terminal program without () logging out, no one else can log in until the box is rebooted. The telnet session is mirrored on the serial console, so in said case you could logout there. Nearly all commands can be done via rsh as well if you want. () My problem with NetApp has always been that the management () interface was very minimal, and only one person can log in at a time. () () One of the reasons I always liked Auspex was that they had a () "host controller" that was a real Unix box (SunOS 4.1.x, as I () recall), and you could do real Unix things on them. Funny - exactly these are the things I like on the NetApp and dislike on the Auspex. Looks like we are entering the personal taste zone here... Ciao, Lobo From sage-members-owner@usenix.org Wed Jan 31 05:28:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VDOJX14623 for sage-members-outgoing; Wed, 31 Jan 2001 05:24:19 -0800 (PST) Received: from burlma1-smrt1.gtei.net (burlma1-smrt1.gtei.net [4.2.35.10]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VDOH914619 for ; Wed, 31 Jan 2001 05:24:18 -0800 (PST) Received: from wally (wally.tools.gtei.net [4.2.32.149]) by burlma1-smrt1.gtei.net (8.9.3/8.9.3) with ESMTP id NAA22937; Wed, 31 Jan 2001 13:24:05 GMT Date: Wed, 31 Jan 2001 08:24:05 -0500 (EST) From: Mark Lamourine X-X-Sender: To: sage-members@usenix.org cc: Subject: Re: NetAps vs EMC In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, 30 Jan 2001, Brad Knowles wrote: > At 10:58 AM -0700 2001/1/30, Yves Dorfsman wrote: > > My problem with NetApp has always been that the management > interface was very minimal, and only one person can log in at a time. > If someone logs on and then shuts down their terminal program without > logging out, no one else can log in until the box is rebooted. I've never had that experience. we connect the netapp console to a private net terminal server. Someone may disconnect from it but the login session stays live and the next person to connect gets on. We disable/ignore rsh connections due to lack of security. Same goes with the web interface. We seldom log on. once the machine is up, it just goes. Of course, we've had few problems with ours. If you DO experience problems, the interface might get in your way. We have seldom had the need for the comprehensive HA setup of and Auspex and the savings are pretty big. I can't comment on the EMCs - Mark Mark Lamourine Genuity, Server Tools. 3 Van DeGraff Drive, PO Box 3073, Burlington, MA 01803 Voice: +1 781 262 4306 Fax: +1 781 262 2819 From sage-members-owner@usenix.org Wed Jan 31 06:57:23 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VErtB14815 for sage-members-outgoing; Wed, 31 Jan 2001 06:53:55 -0800 (PST) Received: from out5.mx.nwbl.wi.voyager.net (out5.mx.nwbl.wi.voyager.net [169.207.2.77]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VErs914811 for ; Wed, 31 Jan 2001 06:53:54 -0800 (PST) Received: from pop1.nwbl.wi.voyager.net (pop1.nwbl.wi.voyager.net [169.207.2.115]) by out5.mx.nwbl.wi.voyager.net (8.11.1/8.11.1) with ESMTP id f0VErMt18388; Wed, 31 Jan 2001 08:53:24 -0600 (CST) Received: from starfury.execpc.com (d93.as16.nwbl1.wi.voyager.net [169.207.89.93]) by pop1.nwbl.wi.voyager.net (8.10.2/8.10.2) with ESMTP id f0VEr5t69778; Wed, 31 Jan 2001 08:53:05 -0600 (CST) Received: from localhost (alcourt@localhost) by starfury.execpc.com (8.11.0/8.11.0) with ESMTP id f0VEuBd11191; Wed, 31 Jan 2001 08:56:11 -0600 X-Authentication-Warning: starfury.execpc.com: alcourt owned process doing -bs Date: Wed, 31 Jan 2001 08:56:07 -0600 (CST) From: "Mr. Alcourt" To: sage-members@usenix.org cc: Subject: Re: NetAps vs EMC In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- On Tue, 30 Jan 2001, Brad Knowles wrote: > I don't know if this is possible with EMC, but I have to believe > that their management interface is more full-featured than NetApp. My problem with EMC is that I don't have _any_ management interface that EMC is willing to tell me about. Because of the model of local disk and the fact that we were forced to run at Solaris 2.6, we were forced to reboot after editing the /kernel/drv/sd.conf file just to allow the system access to access a bit more drive space that already existed inside the EMC array. I'm sure there is some management interface to allow me as a sysadmin to control the box, but the way EMC is playing it right now, it's all voodoo controlled by EMC support personnel. They seem unwilling or unable to provide basic information on their product even. I admit, there is a good chance that my problems are due to the individuals at EMC that I am dealing with. But I get nervous when I'm told to pretend it's just a very big disk array with no management control needed, until we decide to take advantage of a little more hard drive space and are told we need a new bin file and new microcode and only EMC can provide such. (Yet the hard drives were already installed in the array, we just weren't using them yet.) - -- Mr. Alcourt http://www.execpc.com/~alcourt/ "I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Made with pgp4pine 1.75-6 iQCVAwUBOngni9HXH7Z+KmdxAQEYgwP/UQA8szqg9k6ZsP3qndZiOKUIIVVY5Riz OPcmYXTH3NWdcD8We07xnGnWkeiCd3UQA+OPkveXeqDJsshV9I5NojObOPp58QW+ F+LeGswdxqcQM+LRgdFvUb5u+ADctfuwY7oWFBXhjz5n7DmclSDu4svqjiqnMc/h Z3M8OLnJ1GA= =EdA/ -----END PGP SIGNATURE----- From sage-members-owner@usenix.org Wed Jan 31 08:30:48 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VGQaU15054 for sage-members-outgoing; Wed, 31 Jan 2001 08:26:36 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f0VGQZC15049 for sage-members@usenix.org; Wed, 31 Jan 2001 08:26:35 -0800 (PST) Received: from cumulus.shore.mbari.org (cumulus.shore.mbari.org [134.89.10.85]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VFDM914873 for ; Wed, 31 Jan 2001 07:13:22 -0800 (PST) Received: by cumulus.shore.mbari.org with Internet Mail Service (5.5.2650.21) id ; Wed, 31 Jan 2001 07:12:56 -0800 Message-ID: <8969C7C92A78D311869C0090278750B67A2678@cumulus.shore.mbari.org> From: "Allen, Pat" To: sage-members@usenix.org Cc: "'sage-members@usenix.org'" Subject: RE: NetAps vs EMC Date: Wed, 31 Jan 2001 07:12:51 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk I suppose I could be considered a long-time Network Appliance customer - I've been using them for the past 6 years! We started off with one of their old 1400 series boxes and have just upgraded and gone from there. Right now we have a F740 with around 450GB of disk storage and an older F330 with only 28GB of disk. By the end of this week we'll have another F740 delivered with an additional 252GB of disk that we'll cluster with the first one and two of Net App's NetCache boxes. I can't comment on the reliability of EMC but it can't be any better than Net App! In the past 6 years I think I've had one disk go bad and some RAM became flakey. I found out about the RAM because the filer sent a notification message to the Net App support group. I received a phone call telling me that they were aware of a problem with my filer and that new RAM was on its way to me. How's that for support!!!! When you consider the lack of problems I've experienced with their boxes, you have to understand the environment I'm in as well. We're an oceanographic research institute and one of the filers (the F330) was installed on one of our ships. Needless to say that's not one of the most computer friendly environments. But the filer ran like a charm. I've noticed in this thread that there are some comments regarding the user interface. One of the benefits behind the network appliance is its light operating system which is optimized for being a file server. It's not loaded down with a heavy GUI or lots of unnecessary operating system layers. It's GREAT at what it does. But as one person said, this is getting into the realm of personal opinion. I'd like to mention another couple of things I love about the Net App filers. The first is that occasionally they do need to be rebooted in order to update the OS, add a new disk shelf or a tape changer or ..... (Note - they don't need to be shut down to add a new disk.) When you power up the system, it takes a whopping 1.25 minutes to boot our F740 with 450GB of disk. I'd like to see any Unix server match that. (And I've been a Unix fan/developer/admin/jack-of-all-trades for the past 20 years!) And talk about upgrading the OS - it's a 5 minute process that is fool-proof. The other thing that I like about the filer is their multi-protocol support. Right now they natively support NFS, CIFS, and HTTP. The only other protocol I could ask for is Appletalk - not because I like it but because my users need it. I'm sure that will come down the line. Needless to say, I'm a happy customer. There's no way that we would ever get rid of the Network Appliance boxes we have. Go for it - you can't go wrong! --- Pat Allen (pat@mbari.org) Monterey Bay Aquarium Research Institute (MBARI) PO Box 628, 7700 Sandholdt Rd, Moss Landing, CA 95039 (voice) 831-775-1724; (fax) 831-775-1620 -----Original Message----- From: Yves Dorfsman [mailto:dorfsmay@cuug.ab.ca] Sent: Tuesday, January 30, 2001 9:58 AM To: sage-members@usenix.org Subject: NetAps vs EMC Does anybody have any hard number on the reliability of NetAps vs EMC ? Anybody's been running NetAps filer for a long time, could you comment on their reliability ? Anybody with a horror story ?? Thanks, Yves. ---- Yves Dorfsman dorfsmay@cuug.ab.ca http://www.cuug.ab.ca/~dorfsmay From sage-members-owner@usenix.org Wed Jan 31 09:10:53 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VH7V315366 for sage-members-outgoing; Wed, 31 Jan 2001 09:07:31 -0800 (PST) Received: from wilco-int.com (intmailserv.wilco-int.com [212.36.174.165]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VH7S915362 for ; Wed, 31 Jan 2001 09:07:29 -0800 (PST) Received: from wilco-fw3.wilco-int.com (wilco-fwdmz.wilco-int.com [192.168.32.253]) by wilco-int.com (8.9.1b+Sun/8.9.1) with SMTP id QAA11309 for ; Wed, 31 Jan 2001 16:49:32 GMT Received: from smtpscan.wilco-int.com ([194.62.147.46]) by wilco-fw3.wilco-int.com; Wed, 31 Jan 2001 17:02:15 +0000 (GMT) Received: FROM mailsweeper.wilco-int.com BY smtpscan.wilco-int.com ; Wed Jan 31 17:01:00 2001 0000 Received: from lonmail01.wilco-int.com (unverified) by mailsweeper.wilco-int.com (Content Technologies SMTPRS 4.1.2) with ESMTP id for ; Wed, 31 Jan 2001 16:58:32 +0000 Received: from hydmail01.hyd.wilco-int.com (hydmail01 [192.168.130.32]) by lonmail01.wilco-int.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id D7J9A8FB; Wed, 31 Jan 2001 16:56:49 -0000 Received: by hydmail01.hyd.wilco-int.com with Internet Mail Service (5.5.2650.21) id ; Wed, 31 Jan 2001 22:28:15 +0530 Message-ID: From: Rayappa Mayakunthala To: sage-members@usenix.org Subject: RE: NetApps vs EMC Date: Wed, 31 Jan 2001 22:28:13 +0530 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk With NetApp, is it possible to save the configuration anywhere else other than in the NetApp - much like tftp support. We are planning to get few of them but I am wondering if NetApp dies for some reason, would I end up losing the configuration? Rayappa. >-----Original Message----- >From: Alexander Lobodzinski [mailto:lobo@mental.com] >Sent: Wednesday, January 31, 2001 3:43 PM >To: sage-members@usenix.org >Subject: Re: NetApps vs EMC > > >() > Anybody's been running NetAps filer for a long time, could you >() > comment on their reliability ? > >Ran an F230 for about 1.5 years and run an F720 for about 9 >months @ roughly 5 million NFS ops/day - no trouble at all. The >only downtimes were for installing another network interface and >disk shelf and for switching a tape drive. > >() If someone logs on and then shuts down their terminal >program without >() logging out, no one else can log in until the box is rebooted. > >The telnet session is mirrored on the serial console, so in said >case you could logout there. Nearly all commands can be done via >rsh as well if you want. > >() My problem with NetApp has always been that the management >() interface was very minimal, and only one person can log in >at a time. >() >() One of the reasons I always liked Auspex was that they had a >() "host controller" that was a real Unix box (SunOS 4.1.x, as I >() recall), and you could do real Unix things on them. > >Funny - exactly these are the things I like on the NetApp and >dislike on the Auspex. Looks like we are entering the personal >taste zone here... > > Ciao, Lobo > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From sage-members-owner@usenix.org Wed Jan 31 09:46:08 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VHgPs15670 for sage-members-outgoing; Wed, 31 Jan 2001 09:42:25 -0800 (PST) Received: from fw2.tek.com (fw2.tek.com [192.65.17.17]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VHgO915666 for ; Wed, 31 Jan 2001 09:42:24 -0800 (PST) Received: from fw2-internal.tek.com (root@localhost) by fw2.tek.com with ESMTP id JAA11863 for ; Wed, 31 Jan 2001 09:42:08 -0800 (PST) Received: from mailhub.opbu.xerox.com (mailhub.opbu.xerox.com [13.62.6.81]) by fw2-internal.tek.com with ESMTP id JAA11859 for ; Wed, 31 Jan 2001 09:42:08 -0800 (PST) Received: from usawvas36.opbu.xerox.com (UsaWvAS36.opbu.xerox.com [13.62.3.98]) by mailhub.opbu.xerox.com (8.9.3+Sun/8.9.3) with SMTP id JAA14779 for ; Wed, 31 Jan 2001 09:42:08 -0800 (PST) Received: FROM filtronix.opbu.xerox.com BY usawvas36.opbu.xerox.com ; Wed Jan 31 09:42:07 2001 -0800 Received: from usawvbh01.opbu.xerox.com (UsaWvBH01.opbu.xerox.com [13.62.3.133]) by filtronix.opbu.xerox.com (8.8.8+Sun/8.8.8) with ESMTP id JAA27322 for ; Wed, 31 Jan 2001 09:36:49 -0800 (PST) Received: by UsaWvBH01.opbu.xerox.com with Internet Mail Service (5.5.2653.19) id ; Wed, 31 Jan 2001 09:36:51 -0800 Message-ID: From: "Ravenwood, Tyler" To: sage-members@usenix.org Subject: RE: NetApps vs EMC Date: Wed, 31 Jan 2001 09:36:50 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-sage-members@usenix.org Precedence: bulk We had a NetApps box that ran for over 2 years and the only shutdown was for racking it! We never even so much as lost a disk drive. We liked that box so much that we got another and another, each one bigger and faster than the previous one. As for the minimal operating system, I find that that aspect beats Auspex hands-down. While Auspex has it's positive points, the fact that it runs a flavor of SunOS 4.1.x caused some real headaches for us when we wanted to upgrade network hardware etc. The drivers just don't exist for that OS. With NetApps, the OS is so minimal and integrated so well, you have very little room for error. Thus, once it is configured and running, it just RUNS and RUNS. Just .02 from a devoted NetApps fan! Tyler > -----Original Message----- > From: Alexander Lobodzinski [SMTP:lobo@mental.com] > Sent: Wednesday, January 31, 2001 2:13 AM > To: sage-members@usenix.org > Subject: Re: NetApps vs EMC > > () > Anybody's been running NetAps filer for a long time, could you > () > comment on their reliability ? > > Ran an F230 for about 1.5 years and run an F720 for about 9 > months @ roughly 5 million NFS ops/day - no trouble at all. The > only downtimes were for installing another network interface and > disk shelf and for switching a tape drive. > > () If someone logs on and then shuts down their terminal program without > () logging out, no one else can log in until the box is rebooted. > > The telnet session is mirrored on the serial console, so in said > case you could logout there. Nearly all commands can be done via > rsh as well if you want. > > () My problem with NetApp has always been that the management > () interface was very minimal, and only one person can log in at a time. > () > () One of the reasons I always liked Auspex was that they had a > () "host controller" that was a real Unix box (SunOS 4.1.x, as I > () recall), and you could do real Unix things on them. > > Funny - exactly these are the things I like on the NetApp and > dislike on the Auspex. Looks like we are entering the personal > taste zone here... > > Ciao, Lobo From sage-members-owner@usenix.org Wed Jan 31 10:29:19 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VIQ9N16090 for sage-members-outgoing; Wed, 31 Jan 2001 10:26:09 -0800 (PST) Received: from mdahub.mda.ca (mdahub.mda.ca [142.73.130.152]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VIQ8916086 for ; Wed, 31 Jan 2001 10:26:08 -0800 (PST) Received: from msxyvr1.mda.ca (exchange [142.73.131.48]) by mdahub.mda.ca (8.9.2/8.9.2) with ESMTP id KAA07499 for ; Wed, 31 Jan 2001 10:25:59 -0800 (PST) Received: by exchange.mda.ca with Internet Mail Service (5.5.2653.19) id ; Wed, 31 Jan 2001 10:25:59 -0800 Message-ID: From: John LLOYD To: sage-members@usenix.org Subject: restricted ftp-only accounts on Solaris 7? Date: Wed, 31 Jan 2001 10:25:58 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk How can I create or arrange for accounts allowing only ftp access to a certain set of directories? Note that anonymous is insufficient; we want password authentication to be used, but we want the other features of "anonymous ftp" like chrooted directory, short list of authorized users independant of /etc/passwd, logging too. Solaris 7 man ftpd shows a script to set this up (using native ftpd) but it seems to allow only for anonymous ftp. Choices so far: a) shell command that does a logout (ensures only ftp access, but leaves the user free to cd all over) b) fiddle with the Solaris script to see if anonymous can be turned off c) some sort of front end to the anonymous ftp to check a password And, did I mention I need this working by Friday? Any ideas? Cheers John From sage-members-owner@usenix.org Wed Jan 31 10:42:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VIdHk16208 for sage-members-outgoing; Wed, 31 Jan 2001 10:39:17 -0800 (PST) Received: from wally.eecs.harvard.edu (wally.eecs.harvard.edu [140.247.60.30]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VIdG916204 for ; Wed, 31 Jan 2001 10:39:16 -0800 (PST) Received: from ares.eecs.harvard.edu (IDENT:root@ares.eecs.harvard.edu [140.247.62.67]) by wally.eecs.harvard.edu (8.10.0/8.10.0) with ESMTP id f0VHPR702678 for ; Wed, 31 Jan 2001 12:25:27 -0500 (EST) Received: from ares.eecs.harvard.edu (peg@localhost) by ares.eecs.harvard.edu (8.11.0/8.9.3) with ESMTP id f0VHPi317816 for ; Wed, 31 Jan 2001 12:25:44 -0500 Message-Id: <200101311725.f0VHPi317816@ares.eecs.harvard.edu> To: sage-members@usenix.org Subject: Re: NetAps vs EMC Date: Wed, 31 Jan 2001 12:25:44 -0500 From: Peg Schafer Sender: owner-sage-members@usenix.org Precedence: bulk I love my netapps! I have been running netapps here at EECS for over 6 years. They are *very* sturdy and run quite well. I like the service netapp provides. Frankly, they are the best. They have gone to great lengths to provide service. I've even had them call me up to fix a possible problem. They uncovered something and then went thru all their records and then called everyone and fixed the bug! Talk about pro-active! The auto support e-mail feature is wonderful. When a disk goes west the hot spare is activated, the auto-support e-mail goes out and there is a call on my answering machine in the morning telling me my new hot spare disk will be there shortly. Then, I just pull out the dead disk and stick in the new one! No problems no muss and NO down time. I love how I can expand my netapps just by adding disk shelves. I love the .snapshot feature. No more restores. Saves me so much work! We do backups to tape just once a week now... I don't have an EMC. Can't comment on them. Cheers --Peg From sage-members-owner@usenix.org Wed Jan 31 10:56:50 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VIr1a16347 for sage-members-outgoing; Wed, 31 Jan 2001 10:53:01 -0800 (PST) Received: from cliff.niehs.nih.gov (IDENT:root@cliff.niehs.nih.gov [157.98.8.7]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VIqx916343 for ; Wed, 31 Jan 2001 10:53:00 -0800 (PST) Received: from cliff.niehs.nih.gov (IDENT:root@localhost.localdomain [127.0.0.1]) by cliff.niehs.nih.gov (8.9.3/8.9.3/NIEHS-POST-1.6) with ESMTP id NAA29548 for ; Wed, 31 Jan 2001 13:52:44 -0500 Received: from splat.niehs.nih.gov (splat.niehs.nih.gov [157.98.0.29]) by cliff.niehs.nih.gov (8.9.3/8.9.3/NIEHS-PRE-1.7) with ESMTP id NAA29540 for ; Wed, 31 Jan 2001 13:52:44 -0500 Received: from splat (localhost [127.0.0.1]) by splat.niehs.nih.gov (8.9.3/8.9.3) with ESMTP id NAA12722 for ; Wed, 31 Jan 2001 13:52:44 -0500 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.3 To: sage-members@usenix.org Subject: Serial Terminal Servers Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 31 Jan 2001 13:52:44 -0500 Message-ID: <12720.980967164@splat> From: "Lance A. Brown" Sender: owner-sage-members@usenix.org Precedence: bulk Greetings, The mention of conserver in the NetApp vs. EMC thread reminded me that I'm supposed to be looking at serial port terminal server solutions. My preference is to hang a bunch of serial ports off a UNIX system and use conserver to manage them vs. some kind of standalone network-attached terminal server gadget. What products are folks using to do this? We need to collect serial consoles from some NetApps, a few Compaq Alpha systems, and other assorted equipment. --[Lance] From sage-members-owner@usenix.org Wed Jan 31 11:01:22 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VIwSq16395 for sage-members-outgoing; Wed, 31 Jan 2001 10:58:28 -0800 (PST) Received: from godzilla.monsters.org (IDENT:root@godzilla.monsters.org [204.180.109.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VIwP916391 for ; Wed, 31 Jan 2001 10:58:26 -0800 (PST) Received: from zero.monsters.org (IDENT:root@zero.monsters.org [208.191.248.1]) by godzilla.monsters.org (8.9.3/8.9.3) with ESMTP id MAA13878 for ; Wed, 31 Jan 2001 12:58:11 -0600 Received: from zero.monsters.org by zero.monsters.org (8.11.0) id f0VIrDb13957; Wed, 31 Jan 2001 12:53:13 -0600 Message-Id: <200101311853.f0VIrDb13957@zero.monsters.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: sage-members@usenix.org Subject: Re: NetAps vs EMC In-Reply-To: Your message of "Wed, 31 Jan 2001 08:56:07 CST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 31 Jan 2001 12:53:13 -0600 From: Stephen L Johnson Sender: owner-sage-members@usenix.org Precedence: bulk On Jan 31, "Mr. Alcourt" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On Tue, 30 Jan 2001, Brad Knowles wrote: > > > I don't know if this is possible with EMC, but I have to believe > > that their management interface is more full-featured than NetApp. > > > My problem with EMC is that I don't have _any_ management interface that > EMC is willing to tell me about. Because of the model of local disk and > the fact that we were forced to run at Solaris 2.6, we were forced to > reboot after editing the /kernel/drv/sd.conf file just to allow the system > access to access a bit more drive space that already existed inside the > EMC array. I'm sure there is some management interface to allow me as a > sysadmin to control the box, but the way EMC is playing it right now, it's > all voodoo controlled by EMC support personnel. They seem unwilling or > unable to provide basic information on their product even. Note: Platform comments only apply to EMC's high-end productions and not to their products from their buyout of Clarion. EMC does have a management programs. I've seen Windows based and native host based packages. It has a GUI based interface you can create various RAID sets, LUN's and associations via a drag and drop interface. They also have command line interfaces on the hosts to allow you to do things things like breaking a mirror in order to do a backup on the mirror copy. I've also seen performance monitoring software. > I admit, there is a good chance that my problems are due to the > individuals at EMC that I am dealing with. But I get nervous when I'm > told to pretend it's just a very big disk array with no management control > needed, until we decide to take advantage of a little more hard drive > space and are told we need a new bin file and new microcode and only EMC > can provide such. (Yet the hard drives were already installed in the > array, we just weren't using them yet.) You experiences are not unique. They don't like customers to much with the insides of the frames. They want only EMC techs to manage them. That's why you pay through the nose for support. But I must admit, you do get good support. While at a previous job we where evaluating server and storage solutions for a big Oracle database with around 1 TB of storage. We asked various local and corporate EMC personnel about basic performance (i.e. max I/Os per second, average transfer rates, peak transfer rates, etc) of their "frames". We got no response from local personnel or their standard 4 color glossy sales package. The sales package told use everything about their products except performance stats. And on the sales front, let's just say I've seen 'at any cost' behaviour in order to nab a sale. This varies from salesman to salesman but it stems from the corporation. We eventually got performance information when we had some of their engineering types in a presentation. But they were going all out to convince the company to go with EMC instead of Hitachi. (EMC won becuase Hitachi was a couple of weeks behind EMC in development of a couple of key thing we need for our environment) And I give a few comments about the structure of their high-end frames. They have storage processors which handle the actual data handling on the back-end and IO directors which are the interfaces (Fiber Channel, Ultra-SCSI, etc) to your servers. Generally you will have to use only EMC approved Host Bus Adapters, microcode, drivers and OS patches. So beware on that front. The storage processors use the same memory for programs/processes and data caches. You can control the balance between the two, but you don't have a dedicated cache memory. And there are only two control/data buses in the frame going to all of the disks. You don't have a storage processes dedicated to groups of disks. Now to the disks themselves. All of the disks are HUGE. The last I heard, as of a few years ago, they were putting in 36BG drives as their standard drive. The drives are divided into partitions. These partitions are your basic building blocks for creating storages sets. You don't manage thing at the raw disk level. This means that you could create a RAID set out of partitions that are on the same physical device. Stephen L Johnson From sage-members-owner@usenix.org Wed Jan 31 11:58:11 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VJsBD16804 for sage-members-outgoing; Wed, 31 Jan 2001 11:54:11 -0800 (PST) Received: from lsi.lsil.com (lsi.lsil.com [147.145.40.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VJs9916800 for ; Wed, 31 Jan 2001 11:54:10 -0800 (PST) Received: from mhbs.lsil.com (mhbs [147.145.31.100]) by lsi.lsil.com (8.9.3+Sun/8.9.1) with ESMTP id LAA22759 for ; Wed, 31 Jan 2001 11:53:39 -0800 (PST) Received: from gallager.lsil.com by mhbs.lsil.com with ESMTP; Wed, 31 Jan 2001 11:53:00 -0800 Received: from sysadmin.lsil.com (sysadmin.lsil.com [147.145.168.200]) by gallager.lsil.com (8.9.3+Sun/8.9.3) with ESMTP id LAA21347; Wed, 31 Jan 2001 11:52:57 -0800 (PST) Received: from sysadmin.lsil.com (sysadmin.lsil.com [147.145.168.200]) by sysadmin.lsil.com (8.9.3+Sun/8.9.3) with SMTP id LAA13739; Wed, 31 Jan 2001 11:52:56 -0800 (PST) Message-Id: <200101311952.LAA13739@sysadmin.lsil.com> Date: Wed, 31 Jan 2001 11:52:56 -0800 (PST) From: "Michael G. Noble" Reply-To: "Michael G. Noble" Subject: Re: restricted ftp-only accounts on Solaris 7? To: sage-members@usenix.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: j0Q/lJccqCiTvBRCTLRcKg== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-sage-members@usenix.org Precedence: bulk wu-ftpd will allow for passwd protected directories and for anonymous as well. I have been using it for several years now and it works great. I do not know the address off the top of my head but it is at the University of Washington. Mike >From: John LLOYD >To: sage-members@usenix.org >Subject: restricted ftp-only accounts on Solaris 7? >Date: Wed, 31 Jan 2001 10:25:58 -0800 > >How can I create or arrange for accounts allowing only ftp access to a >certain set of directories? Note that anonymous is insufficient; we want >password authentication to be used, but we want the other features of >"anonymous ftp" like chrooted directory, short list of authorized users >independant of /etc/passwd, logging too. > >Solaris 7 man ftpd shows a script to set this up (using native ftpd) but it >seems to allow only for anonymous ftp. > > >Choices so far: > >a) shell command that does a logout (ensures only ftp access, but leaves the >user free to cd all over) >b) fiddle with the Solaris script to see if anonymous can be turned off >c) some sort of front end to the anonymous ftp to check a password > > >And, did I mention I need this working by Friday? > >Any ideas? > >Cheers > >John --- Michael G. Noble LSI Logic Corporation UNIX System Administration Wireless Design Center Field Systems Administration 3390 Carmel Mountain Road San Diego, CA. 92121-1002 mailto:mnoble@lsil.com voice: (858) 523-5221 epage:mnoble-pager@lsil.com fax: (858) 350-0171 From sage-members-owner@usenix.org Wed Jan 31 12:04:46 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VK1vl16868 for sage-members-outgoing; Wed, 31 Jan 2001 12:01:57 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VK1t916864 for ; Wed, 31 Jan 2001 12:01:56 -0800 (PST) Received: from [172.17.1.121] (warp-core.skynet.be [195.238.2.25]) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.07) with ESMTP id f0VK1Xs06502; Wed, 31 Jan 2001 21:01:36 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: References: Date: Wed, 31 Jan 2001 20:48:07 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: NetAps vs EMC Cc: Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 8:56 AM -0600 2001/1/31, Mr. Alcourt wrote: > My problem with EMC is that I don't have _any_ management interface that > EMC is willing to tell me about. Because of the model of local disk and > the fact that we were forced to run at Solaris 2.6, we were forced to > reboot after editing the /kernel/drv/sd.conf file just to allow the system > access to access a bit more drive space that already existed inside the > EMC array. Surely this is a filesystem or volume manager issue, and not a problem with EMC. Are you using Veritas VxVM and/or VxFS? I know that VxVM gives you tools to grow volumes online, and I know that VxFS gives you tools to grow and shrink filesystems online. Therefore, so long as the volume can be grown in a manner that VxFS understands, you don't even necessarily have to be running VxVM. > I admit, there is a good chance that my problems are due to the > individuals at EMC that I am dealing with. But I get nervous when I'm > told to pretend it's just a very big disk array with no management control > needed, until we decide to take advantage of a little more hard drive > space and are told we need a new bin file and new microcode and only EMC > can provide such. (Yet the hard drives were already installed in the > array, we just weren't using them yet.) If that's what EMC is telling you, then I absolutely agree -- they are not doing their job, and they should be required to pull the equipment out of the computer room with their "undercarriages" (see ). -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Wed Jan 31 12:23:46 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VKKrQ16998 for sage-members-outgoing; Wed, 31 Jan 2001 12:20:53 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f0VKKrh16993 for sage-members@usenix.org; Wed, 31 Jan 2001 12:20:53 -0800 (PST) Received: from mail.iddg.com ([209.190.97.35]) by usenix.org (8.11.0/8.11.0) with SMTP id f0VK2m916870 for ; Wed, 31 Jan 2001 12:02:48 -0800 (PST) Message-Id: <200101312002.f0VK2m916870@usenix.org> Received: (qmail 12485 invoked from network); 31 Jan 2001 20:01:13 -0000 Received: from unknown (HELO Debug) (209.190.98.36) by mail.iddg.com with SMTP; 31 Jan 2001 20:01:13 -0000 To: sage-members@usenix.org From: lglaze@iddg.com Subject: Re: restricted ftp-only accounts on Solaris 7? Date: Wed, 31 Jan 2001 20:01:13 +0000 X-Mailer: Endymion MailMan Standard Edition v3.0.7 Sender: owner-sage-members@usenix.org Precedence: bulk You can use the "guest ftp" priveldges within wu-ftpd, or you can use ncftpd. I personally feel that wu-ftpd has too many security problems (at least in the past when I used it) and prefer ncftpd. ncftpd is commercial, but it is only $50 for 100 users or something like that. Larry > How can I create or arrange for accounts allowing only ftp access to a > certain set of directories? Note that anonymous is insufficient; we want > password authentication to be used, but we want the other features of > "anonymous ftp" like chrooted directory, short list of authorized users > independant of /etc/passwd, logging too. > > Solaris 7 man ftpd shows a script to set this up (using native ftpd) but it > seems to allow only for anonymous ftp. > > > Choices so far: > > a) shell command that does a logout (ensures only ftp access, but leaves the > user free to cd all over) > b) fiddle with the Solaris script to see if anonymous can be turned off > c) some sort of front end to the anonymous ftp to check a password > > > And, did I mention I need this working by Friday? > > Any ideas? > > Cheers > > John > From sage-members-owner@usenix.org Wed Jan 31 12:26:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VKNIM17012 for sage-members-outgoing; Wed, 31 Jan 2001 12:23:18 -0800 (PST) Received: from bunrab.catwhisker.org (adsl-63-193-123-122.dsl.snfc21.pacbell.net [63.193.123.122]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VKNG917008 for ; Wed, 31 Jan 2001 12:23:16 -0800 (PST) Received: (from david@localhost) by bunrab.catwhisker.org (8.10.0/8.10.0) id f0VKMa347528; Wed, 31 Jan 2001 12:22:36 -0800 (PST) Date: Wed, 31 Jan 2001 12:22:36 -0800 (PST) From: David Wolfskill Message-Id: <200101312022.f0VKMa347528@bunrab.catwhisker.org> To: sage-members@usenix.org Subject: RE: NetApps vs EMC In-Reply-To: Sender: owner-sage-members@usenix.org Precedence: bulk >From: Rayappa Mayakunthala >Date: Wed, 31 Jan 2001 22:28:13 +0530 >With NetApp, is it possible to save the configuration anywhere else other >than in the NetApp - much like tftp support. We are planning to get few of >them but I am wondering if NetApp dies for some reason, would I end up >losing the configuration? It's been a few years since I last had the pleasure of using a NetApp, but as I recall, as long as the NetApp's (equivalent of?) /etc is exported, you can copy the files in it wherever you like.... Cheers, david -- David H. Wolfskill david@catwhisker.org As a computing professional, I believe it would be unethical for me to advise, recommend, or support the use (save possibly for personal amusement) of any product that is or depends on any Microsoft product. From sage-members-owner@usenix.org Wed Jan 31 12:42:08 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VKd3O17106 for sage-members-outgoing; Wed, 31 Jan 2001 12:39:03 -0800 (PST) Received: from eclectic.kluge.net (IDENT:root@eclectic.kluge.net [208.176.238.117]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VKcx917102 for ; Wed, 31 Jan 2001 12:38:59 -0800 (PST) Received: (from felicity@localhost) by eclectic.kluge.net (8.11.2/8.11.2) id f0VKckV17698; Wed, 31 Jan 2001 15:38:46 -0500 Date: Wed, 31 Jan 2001 15:38:45 -0500 From: Theo Van Dinter To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: NetAps vs EMC Message-ID: <20010131153845.P6454@kluge.net> References: <8969C7C92A78D311869C0090278750B67A2678@cumulus.shore.mbari.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <8969C7C92A78D311869C0090278750B67A2678@cumulus.shore.mbari.org>; from pat@mbari.org on Wed, Jan 31, 2001 at 07:12:51AM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Jan 31, 2001 at 07:12:51AM -0800, Allen, Pat wrote: > filers. The first is that occasionally they do need to be rebooted in order > to update the OS, add a new disk shelf or a tape changer or ..... (Note - > they don't need to be shut down to add a new disk.) When you power up the FYI: With certain shelves (FC9's? I forget exactly), you don't need to shutdown to add new shelves. The shelves self-terminate, so you don't need an external terminator on them. Adding a new shelf? No problem, put it in the rack, insert the disks, plug the power cables in, hook the FC-AL cable up (new shelf in, then old shelf old). When you're ready, turn the new shelf on. The filer will notice the new shelf and the disks, incorporate them as spares, and that's it. I've done this a couple of times now, it's great. Need another 250+GB of disk? Get it up and running with 0 downtime. :) > system, it takes a whopping 1.25 minutes to boot our F740 with 450GB of 6.0.x is supposed to get that down to under 45 seconds. They're aiming for "5 9's" of uptime. ;) -- Randomly Generated Tagline: Even if you aren't in doubt, consider the mental welfare of the person who has to maintain the code after you, and who will probably put parens in the wrong place. -- Larry Wall in the perl man page From sage-members-owner@usenix.org Wed Jan 31 12:43:32 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VKel717120 for sage-members-outgoing; Wed, 31 Jan 2001 12:40:47 -0800 (PST) Received: from lanning.cc ([63.166.8.14]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VKek917116 for ; Wed, 31 Jan 2001 12:40:46 -0800 (PST) Received: (from lanning@localhost) by lanning.cc (8.11.0/8.11.0) id f0VKdsq06102; Wed, 31 Jan 2001 12:39:54 -0800 From: Robert Hajime Lanning Message-Id: <200101312039.f0VKdsq06102@lanning.cc> Subject: Re: NetApps vs EMC To: sage-members@usenix.org Date: Wed, 31 Jan 2001 12:39:52 -0800 (PST) Cc: sage-members@usenix.org In-Reply-To: from "Rayappa Mayakunthala" at Jan 31, 2001 10:28:13 PM X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk The configuration is in a single file that you can cp. ---- As written by Rayappa Mayakunthala: > > With NetApp, is it possible to save the configuration anywhere else other > than in the NetApp - much like tftp support. We are planning to get few of > them but I am wondering if NetApp dies for some reason, would I end up > losing the configuration? > > Rayappa. > > > >-----Original Message----- > >From: Alexander Lobodzinski [mailto:lobo@mental.com] > >Sent: Wednesday, January 31, 2001 3:43 PM > >To: sage-members@usenix.org > >Subject: Re: NetApps vs EMC > > > > > >() > Anybody's been running NetAps filer for a long time, could you > >() > comment on their reliability ? > > > >Ran an F230 for about 1.5 years and run an F720 for about 9 > >months @ roughly 5 million NFS ops/day - no trouble at all. The > >only downtimes were for installing another network interface and > >disk shelf and for switching a tape drive. > > > >() If someone logs on and then shuts down their terminal > >program without > >() logging out, no one else can log in until the box is rebooted. > > > >The telnet session is mirrored on the serial console, so in said > >case you could logout there. Nearly all commands can be done via > >rsh as well if you want. > > > >() My problem with NetApp has always been that the management > >() interface was very minimal, and only one person can log in > >at a time. > >() > >() One of the reasons I always liked Auspex was that they had a > >() "host controller" that was a real Unix box (SunOS 4.1.x, as I > >() recall), and you could do real Unix things on them. > > > >Funny - exactly these are the things I like on the NetApp and > >dislike on the Auspex. Looks like we are entering the personal > >taste zone here... > > > > Ciao, Lobo > > > > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote also confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses. > > www.mimesweeper.com > ********************************************************************** > -- /* Robert Hajime Lanning lanning@lanning.cc ** Trade: Unix Systems Administrator (Senior level) (SAGE IV) */ #include From sage-members-owner@usenix.org Wed Jan 31 13:57:47 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VLr2j17625 for sage-members-outgoing; Wed, 31 Jan 2001 13:53:02 -0800 (PST) Received: from aurora.whizbang.com (c1082929-a.saltlk1.ut.home.com [24.20.101.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VLr0917620 for ; Wed, 31 Jan 2001 13:53:00 -0800 (PST) Received: from flipdog.com (jlp@localhost) by aurora.whizbang.com (8.9.3/8.9.3) with ESMTP id OAA29661; Wed, 31 Jan 2001 14:52:30 -0700 Message-Id: <200101312152.OAA29661@aurora.whizbang.com> X-Mailer: exmh version 2.3.1 01/19/2001 with nmh-1.0.4 To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: restricted ftp-only accounts on Solaris 7? X-face: p=61=y<.Il$z+k*y~"j>%c[8R~8{j3WTnaSd-'RyC>t.Ub>AAm\zYA#5JF +W=G?EI+|EI);]=fs_MOfKN0n9`OlmB[1^0;L^64K5][nOb&gv/n}p@mm06|J|WNa asp7mMEw0w)e_6T~7v-\]yHKvI^1}[2k)] References: In-reply-to: Your message of "Wed, 31 Jan 2001 10:25:58 PST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 31 Jan 2001 14:52:30 -0700 From: "Jan L. Peterson" Sender: owner-sage-members@usenix.org Precedence: bulk John, How about a fourth option... install proftpd. http://www.proftpd.net/ It lets you have chrooted accounts that act like anonymous ftp, but with individual logins and passwords. -jan- -- Jan L. Peterson FlipDog.com tel. +1 801 418 7815 Sr. Systems Admin 3210 N Canyon Rd, Ste 300 fax +1 801 818 0879 jlp@flipdog.com Provo, UT 84604 http://www.flipdog.com/ From sage-members-owner@usenix.org Wed Jan 31 14:41:00 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VMdMo17944 for sage-members-outgoing; Wed, 31 Jan 2001 14:39:22 -0800 (PST) Received: from finch-post-10.mail.demon.net (finch-post-10.mail.demon.net [194.217.242.38]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VMdK917940 for ; Wed, 31 Jan 2001 14:39:21 -0800 (PST) Received: from pyrite.demon.co.uk ([194.222.60.33]) by finch-post-10.mail.demon.net with esmtp (Exim 2.12 #1) id 14O5u5-000DPe-0A; Wed, 31 Jan 2001 22:39:05 +0000 Message-ID: <3A789407.655E611@pyrite.demon.co.uk> Date: Wed, 31 Jan 2001 22:39:03 +0000 From: Jonathan Crompton X-Mailer: Mozilla 4.7 [en] (X11; U; Linux 2.2.12-20 i586) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org CC: sage-members@usenix.org Subject: Re: restricted ftp-only accounts on Solaris 7? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk John LLOYD wrote: > How can I create or arrange for accounts allowing only ftp access to a > certain set of directories? Note that anonymous is insufficient; we want > password authentication to be used, but we want the other features of > "anonymous ftp" like chrooted directory, short list of authorized users > independant of /etc/passwd, logging too. If you don't mind switching to a different ftp daemon, proftpd will do exactly what you want (including hiding files you don't want users to see, making files appear to belong to them, even though they don't have /etc/password file entries etc.). I use this for allowing users to upload web sites (hiding .htaccess from them). It works well for me. Jonathan. From sage-members-owner@usenix.org Wed Jan 31 14:48:08 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VMkR618038 for sage-members-outgoing; Wed, 31 Jan 2001 14:46:27 -0800 (PST) Received: from sephiroth.byte-me.org (sephiroth.byte-me.org [216.15.105.106]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VMkQ918034 for ; Wed, 31 Jan 2001 14:46:26 -0800 (PST) Received: (from mallen@localhost) by sephiroth.byte-me.org (8.9.3/8.9.3) id OAA03757; Wed, 31 Jan 2001 14:45:43 -0800 From: Mark Allen Message-Id: <200101312245.OAA03757@sephiroth.byte-me.org> Subject: Re: Serial Terminal Servers To: sage-members@usenix.org Date: Wed, 31 Jan 2001 14:45:43 -0800 (PST) Cc: sage-members@usenix.org In-Reply-To: <12720.980967164@splat> from "Lance A. Brown" at Jan 31, 2001 01:52:44 PM X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Lance A. Brown writes: > What products are folks using to do this? We need to collect serial > consoles from some NetApps, a few Compaq Alpha systems, and other > assorted equipment. At an old job, we used a commodity 2u Linux box running sshd with a couple of Cyclades serial octopii cards hanging off the back with conserver. Worked like a real champ and was pretty easy on the pocket book. Mark -- Mark Allen -- mallen@byte-me.org -- http://www.byte-me.org/~mallen/ PGP1: 0x5CDC2161 Mark Allen (Personal Key) PGP2: 0x80402A46 Mark Allen (Work) From sage-members-owner@usenix.org Wed Jan 31 15:05:18 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VN2Va18150 for sage-members-outgoing; Wed, 31 Jan 2001 15:02:31 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f0VN2VD18145 for sage-members@usenix.org; Wed, 31 Jan 2001 15:02:31 -0800 (PST) Received: from mail.mirapoint.com (IDENT:mirapoint@mail.mirapoint.com [208.48.74.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VMhh918013 for ; Wed, 31 Jan 2001 14:43:43 -0800 (PST) Received: from mirapoint.com (madrid.mirapoint.com [192.168.200.31]) by mail.mirapoint.com (Mirapoint) with ESMTP id ABO09695; Wed, 31 Jan 2001 14:43:31 -0800 (PST) Message-ID: <3A789513.531D0F27@mirapoint.com> Date: Wed, 31 Jan 2001 14:43:31 -0800 From: "Francisco J. Manso" Organization: Mirapoint Inc, X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: en,es MIME-Version: 1.0 To: sage-members@usenix.org CC: sage-members@usenix.org Subject: Re: Serial Terminal Servers References: <12720.980967164@splat> Content-Type: multipart/mixed; boundary="------------2CB003DE81FC7AC5AC4F1A13" Sender: owner-sage-members@usenix.org Precedence: bulk This is a multi-part message in MIME format. --------------2CB003DE81FC7AC5AC4F1A13 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I use Lantronicx (ETS8 to ETS32) Francisco "Lance A. Brown" wrote: > Greetings, > > The mention of conserver in the NetApp vs. EMC thread reminded me > that I'm supposed to be looking at serial port terminal server > solutions. > > My preference is to hang a bunch of serial ports off a UNIX system > and use conserver to manage them vs. some kind of standalone > network-attached terminal server gadget. > > What products are folks using to do this? We need to collect serial > consoles from some NetApps, a few Compaq Alpha systems, and other > assorted equipment. > > --[Lance] --------------2CB003DE81FC7AC5AC4F1A13 Content-Type: text/x-vcard; charset=us-ascii; name="fmanso.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Francisco J. Manso Content-Disposition: attachment; filename="fmanso.vcf" begin:vcard n:Manso;Francisco tel;fax:408-720-3725 tel;work:408-720-3856 x-mozilla-html:FALSE url:www.mirapoint.com org:Mirapoint Inc;IT Department adr:;;909 Hermosa Ct.;Sunnyvale;CA;94085;USA version:2.1 email;internet:fmanso@mirapoint.com title:Sr. Unix Systems Administrator fn:Francisco Manso end:vcard --------------2CB003DE81FC7AC5AC4F1A13-- From sage-members-owner@usenix.org Wed Jan 31 15:44:13 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VNet618435 for sage-members-outgoing; Wed, 31 Jan 2001 15:40:55 -0800 (PST) Received: from spotter.yi.org (IDENT:root@dhcp065-024-215-097.insight.rr.com [65.24.215.97]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VNer918431 for ; Wed, 31 Jan 2001 15:40:53 -0800 (PST) Received: from spotter.yi.org (spp@localhost [127.0.0.1]) by spotter.yi.org (8.8.7/8.8.7) with ESMTP id TAA28557; Wed, 31 Jan 2001 19:42:33 -0500 Message-Id: <200102010042.TAA28557@spotter.yi.org> To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: restricted ftp-only accounts on Solaris 7? In-Reply-To: Your message of "Wed, 31 Jan 2001 10:25:58 PST." Date: Wed, 31 Jan 2001 19:42:33 -0500 From: "Stephen P. Potter" Sender: owner-sage-members@usenix.org Precedence: bulk I don't have access to a SUN box this evening, but if I remember correctly, you can create a chrooted environment for FTP by placing a /./ within the home directory in the passwd file. For example: spp:x:2112:2112:Stephen Potter:/export/home/./spp:/bin/sh will chroot to /export/home/spp. Don't forget to set up the rest of the chroot stuff in ~spp/{bin,etc,lib} and such. You can create an FTP-only shell fairly simply in C, just have it do an exit() only. Then place this program in /etc/shells. I can verify and test all this tomorrow. -spp Lightning flashed, thunder crashed and John LLOYD whispered: | How can I create or arrange for accounts allowing only ftp access to a | certain set of directories? Note that anonymous is insufficient; we want | password authentication to be used, but we want the other features of | "anonymous ftp" like chrooted directory, short list of authorized users | independant of /etc/passwd, logging too. From sage-members-owner@usenix.org Wed Jan 31 16:05:50 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f0VNx9618559 for sage-members-outgoing; Wed, 31 Jan 2001 15:59:09 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f0VNx8W18554 for sage-members@usenix.org; Wed, 31 Jan 2001 15:59:09 -0800 (PST) Received: from yosemite.rwc.gnac.net (yosemite.rwc.gnac.net [198.151.248.221]) by usenix.org (8.11.0/8.11.0) with ESMTP id f0VNrt918513 for ; Wed, 31 Jan 2001 15:53:55 -0800 (PST) Received: by yosemite.rwc.gnac.net; id PAA02787; Wed, 31 Jan 2001 15:57:02 -0800 (PST) Received: from unknown(192.168.1.21) by yosemite.rwc.gnac.net via smap (V5.0) id xma002776; Wed, 31 Jan 01 15:56:37 -0800 Received: from tweety.main.gnac.com (localhost.main.gnac.com [127.0.0.1]) by pepe.corp.crtnty.com (8.11.0/8.8.7/GNAC-GW-2.1) with ESMTP id f0VNrIc15283; Wed, 31 Jan 2001 15:53:18 -0800 (PST) Received: (from bryan@localhost) by tweety.main.gnac.com (8.9.3/8.7.3/GNAC-COM-1.1) id PAA08224; Wed, 31 Jan 2001 15:53:17 -0800 (PST) Date: Wed, 31 Jan 2001 15:53:17 -0800 From: Bryan Stansell To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Serial Terminal Servers Message-ID: <20010131155317.L14181@tweety.main.gnac.com> References: <12720.980967164@splat> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <12720.980967164@splat>; from brown9@niehs.nih.gov on Wed, Jan 31, 2001 at 01:52:44PM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk Well, since we're going here, I'll plug the web pages again: http://www.conserver.com/ (conserver software) http://www.conserver.com/consoles/ (zonker's terminal server/serial knowledge) http://www.conserver.com/consoles/breakoff.html (BREAK testing) Zonker's pages have a wealth of terminal server info. There are links to other good sites as well. We haven't tested many local serial port products (we're trying to), but everything we've seen and heard about send a BREAK signal when power-cycled. If you don't have Sun equipment, no problem, but it's something to think about. Hope this helps (at least some). A lot of this info is hard to get (because it's not really talked about). As we receive and verify the information, we're trying to publish it on these web pages. Good luck. Bryan On Wed, Jan 31, 2001 at 01:52:44PM -0500, Lance A. Brown wrote: > Greetings, > > The mention of conserver in the NetApp vs. EMC thread reminded me > that I'm supposed to be looking at serial port terminal server > solutions. > > My preference is to hang a bunch of serial ports off a UNIX system > and use conserver to manage them vs. some kind of standalone > network-attached terminal server gadget. > > What products are folks using to do this? We need to collect serial > consoles from some NetApps, a few Compaq Alpha systems, and other > assorted equipment. > > --[Lance] > From sage-members-owner@usenix.org Wed Jan 31 17:26:58 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f111N4018895 for sage-members-outgoing; Wed, 31 Jan 2001 17:23:04 -0800 (PST) Received: from out4.mx.nwbl.wi.voyager.net (out4.mx.nwbl.wi.voyager.net [169.207.1.77]) by usenix.org (8.11.0/8.11.0) with ESMTP id f111N3918891 for ; Wed, 31 Jan 2001 17:23:03 -0800 (PST) Received: from pop3.nwbl.wi.voyager.net (pop3.nwbl.wi.voyager.net [169.207.1.83]) by out4.mx.nwbl.wi.voyager.net (8.11.1/8.11.1) with ESMTP id f111MpB84519; Wed, 31 Jan 2001 19:22:51 -0600 (CST) Received: from starfury.execpc.com (d65.as3.nwbl1.wi.voyager.net [169.207.85.193]) by pop3.nwbl.wi.voyager.net (8.10.2/8.10.2) with ESMTP id f111Mn865541; Wed, 31 Jan 2001 19:22:49 -0600 (CST) Received: from localhost (alcourt@localhost) by starfury.execpc.com (8.11.0/8.11.0) with ESMTP id f111Psu12303; Wed, 31 Jan 2001 19:25:54 -0600 X-Authentication-Warning: starfury.execpc.com: alcourt owned process doing -bs Date: Wed, 31 Jan 2001 19:25:50 -0600 (CST) From: "Mr. Alcourt" To: sage-members@usenix.org cc: Subject: Re: NetAps vs EMC In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- On Wed, 31 Jan 2001, Brad Knowles wrote: > At 8:56 AM -0600 2001/1/31, Mr. Alcourt wrote: > > > My problem with EMC is that I don't have _any_ management interface that > > EMC is willing to tell me about. Because of the model of local disk and > > the fact that we were forced to run at Solaris 2.6, we were forced to > > reboot after editing the /kernel/drv/sd.conf file just to allow the system > > access to access a bit more drive space that already existed inside the > > EMC array. > > Surely this is a filesystem or volume manager issue, and not a > problem with EMC. Are you using Veritas VxVM and/or VxFS? I know > that VxVM gives you tools to grow volumes online, and I know that > VxFS gives you tools to grow and shrink filesystems online. > Therefore, so long as the volume can be grown in a manner that VxFS > understands, you don't even necessarily have to be running VxVM. That's what the problem was. Before Veritas VxVM could see the disks, we had to get a "bin file" update to reconfigure the storage array to make more disks visible to the system, and it also required a microcode update. We were informed it is a five day process to create a new bin file. Because Solaris limits us to 120 luns per controller (target?), we had to also modify the sd.conf file to tell the system that new controllers and targets were visible along the fiber strands to the EMC array. Now that we have made those disks visible, if we were to decide in the future to ask for another third of the available disk (we only have about one third visible right now) for use, that would require another bin file and downtime on the EMC array. Another issue I have with them is they seem to not understand inherent security risks in some of their proposed solutions. They couldn't understand why I didn't want a chassis to chassis mirror (SRDF) to go over the public internet. "It's virtually encrypted". (Never mind why it would have hit the public internet in the first place, that's a disaster that still makes me shudder.) Something about having every single bit of data hitting the public network makes me nervous. > > I admit, there is a good chance that my problems are due to the > > individuals at EMC that I am dealing with. But I get nervous when I'm > > told to pretend it's just a very big disk array with no management control > > needed, until we decide to take advantage of a little more hard drive > > space and are told we need a new bin file and new microcode and only EMC > > can provide such. (Yet the hard drives were already installed in the > > array, we just weren't using them yet.) > > If that's what EMC is telling you, then I absolutely agree -- > they are not doing their job, and they should be required to pull the > equipment out of the computer room with their "undercarriages" (see > ). After looking at that URL, I have to shudder. Somehow it seems an appropriate punishment however for the design features that I am finding out about the hard way. Because of my very recent experience with EMC in a recent project, I cannot reccomend EMC, especially on a Solaris 2.6 platform. While EMC in theory "phones home" when it has a problem, we didn't discover we had a problem until a EMC support tech came on site to do some of the work in preparation for our bin file upgrade, which resulted in delays and scheduling additional downtime for the system. - -- Mr. Alcourt http://www.execpc.com/~alcourt/ "I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Made with pgp4pine 1.75-6 iQCVAwUBOni7ItHXH7Z+KmdxAQGPdAQAkzYULwhG/wkL3LWIMxGcHS4quZRjpAfq UwUZ8IRYZSb2JY2jPulvSHNyTtu+xiEBD0JTxn/qvAsqvQB4g+8FvLqLiVAaKEYE P/Z/vkTr8Mvm2odwQw+bcsm541GhhIQfUW3vXihKHAXVIN4pBmxXrEJRJG09vRWO CnIKSCD2jlw= =3NJF -----END PGP SIGNATURE----- From sage-members-owner@usenix.org Wed Jan 31 21:40:16 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f115XPT19658 for sage-members-outgoing; Wed, 31 Jan 2001 21:33:25 -0800 (PST) Received: from ns0.utdallas.edu (ns0.utdallas.edu [129.110.10.1]) by usenix.org (8.11.0/8.11.0) with ESMTP id f115XN919654 for ; Wed, 31 Jan 2001 21:33:23 -0800 (PST) Received: from spartacus.utdallas.edu (spartacus.utdallas.edu [129.110.3.11]) by ns0.utdallas.edu (Postfix) with SMTP id A49421A0B61 for ; Wed, 31 Jan 2001 23:33:09 -0600 (CST) To: sage-members@usenix.org Subject: Re: Palm devices References: <200101021453.f02ErG628966@shangri-la.ccs.neu.edu> <20010104124727.A18313@theseas.softlab.ece.ntua.gr> From: Amos Gouaux Date: 31 Jan 2001 23:33:33 -0600 In-Reply-To: <20010104124727.A18313@theseas.softlab.ece.ntua.gr> (Alexios Zavras's message of "Thu, 4 Jan 2001 12:47:27 +0200") Message-ID: Lines: 11 User-Agent: Gnus/5.090001 (Oort Gnus v0.01) XEmacs/21.1 (Cuyahoga Valley) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-sage-members@usenix.org Precedence: bulk >>>>> On Thu, 4 Jan 2001 12:47:27 +0200, >>>>> Alexios Zavras (az) writes: az> For a project that I'm working on, we are using iPaqs running Linux has anybody tried out these devices? http://www.agendacomputing.com/ -- Amos From sage-members-owner@usenix.org Wed Jan 31 23:40:14 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f117Z3r19867 for sage-members-outgoing; Wed, 31 Jan 2001 23:35:03 -0800 (PST) Received: from web11205.mail.yahoo.com (web11205.mail.yahoo.com [216.136.131.187]) by usenix.org (8.11.0/8.11.0) with SMTP id f117Z1919863 for ; Wed, 31 Jan 2001 23:35:02 -0800 (PST) Message-ID: <20010201073452.10914.qmail@web11205.mail.yahoo.com> Received: from [216.100.35.124] by web11205.mail.yahoo.com; Wed, 31 Jan 2001 23:34:52 PST Date: Wed, 31 Jan 2001 23:34:52 -0800 (PST) From: "M.L.Graham" Reply-To: kaihoku@yahoo.com Subject: Re: Serial Terminal Servers To: sage-members@usenix.org In-Reply-To: <12720.980967164@splat> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-sage-members@usenix.org Precedence: bulk I've used the Cisco 2511 console server, used them for NetApp filers, sparcs, Winchester Flash Disks, and for switches, etc. Easy to configure. When I rebooted them after a firmware upgrade, no breaks were sent. I've had great luck with them and really recommend them. --Melinda :o) --- "Lance A. Brown" wrote: > Greetings, > > The mention of conserver in the NetApp vs. EMC > thread reminded me > that I'm supposed to be looking at serial port > terminal server > solutions. > > My preference is to hang a bunch of serial ports off > a UNIX system > and use conserver to manage them vs. some kind of > standalone > network-attached terminal server gadget. > > What products are folks using to do this? We need > to collect serial > consoles from some NetApps, a few Compaq Alpha > systems, and other > assorted equipment. > > --[Lance] > > ===== Melinda L. Armstrong (kaihoku@yahoo.com) __________________________________________________ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ From sage-members-owner@usenix.org Thu Feb 1 00:37:24 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f118WtB19973 for sage-members-outgoing; Thu, 1 Feb 2001 00:32:56 -0800 (PST) Received: from mail.sonytel.be (mail.sonytel.be [193.74.243.200]) by usenix.org (8.11.0/8.11.0) with ESMTP id f118Wr919969 for ; Thu, 1 Feb 2001 00:32:53 -0800 (PST) Received: from immortelle.sonytel.be (immortelle.sonytel.be [10.18.0.3]) by mail.sonytel.be (8.9.0/8.8.6) with ESMTP id JAA18415; Thu, 1 Feb 2001 09:32:40 +0100 (MET) Received: (from nico@localhost) by immortelle.sonytel.be (8.9.0/8.8.6) id JAA13185; Thu, 1 Feb 2001 09:32:40 +0100 (MET) Date: Thu, 1 Feb 2001 09:32:40 +0100 From: Nico De Ranter To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Serial Terminal Servers Message-ID: <20010201093240.J23775@immortelle.sonytel.be> References: <12720.980967164@splat> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <12720.980967164@splat>; from brown9@niehs.nih.gov on Wed, Jan 31, 2001 at 01:52:44PM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk We use a number of Portmaster-2e's from Lucent. Up to 30 serial ports reachable through telnet (no ssh unfortunately). It's not realy cheap however. I'm also looking into the Consoleserver from Lightwave communications they promised ssh support and in the near future also the possibility for remote powermanagement (basicaly a powerplug with a network interface :-). This solution is even more expensive unfortunately. (www.lightwave.com) Nico On Wed, Jan 31, 2001 at 01:52:44PM -0500, Lance A. Brown wrote: > Greetings, > > The mention of conserver in the NetApp vs. EMC thread reminded me > that I'm supposed to be looking at serial port terminal server > solutions. > > My preference is to hang a bunch of serial ports off a UNIX system > and use conserver to manage them vs. some kind of standalone > network-attached terminal server gadget. > > What products are folks using to do this? We need to collect serial > consoles from some NetApps, a few Compaq Alpha systems, and other > assorted equipment. > > --[Lance] > > --------------------------------------------------------- "It has been said that there are only two businesses that refer to customers as users: illegal drug trade and the computer industry." --------------------------------------------------------- Nico De Ranter Sony Service Center (SDCE/NEE-B) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter@sonycom.com From sage-members-owner@usenix.org Thu Feb 1 05:04:26 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f11CxMM20387 for sage-members-outgoing; Thu, 1 Feb 2001 04:59:22 -0800 (PST) Received: from vielle.datasys.net (IDENT:root@0.enet.vielle.datasys.net [208.206.129.153]) by usenix.org (8.11.0/8.11.0) with ESMTP id f11CxK920383 for ; Thu, 1 Feb 2001 04:59:20 -0800 (PST) Received: (from mark@localhost) by vielle.datasys.net (8.11.0/8.11.0) id f11D3Ta14256; Thu, 1 Feb 2001 08:03:29 -0500 Message-Id: <200102011303.f11D3Ta14256@vielle.datasys.net> From: lindsey@acm.org (Mark R. Lindsey) Date: Thu, 1 Feb 2001 08:03:27 -0500 X-Imperative: Eat! Drink! Be Merry! Or I shall fire my halcyon gun! Reply-To: lindsey@acm.org (Mark R. Lindsey) X-Mailer: Mail User's Shell (7.2.6 beta(4) 03/19/98) To: sage-members@usenix.org Subject: Re: Serial Terminal Servers Sender: owner-sage-members@usenix.org Precedence: bulk Nico said: : We use a number of Portmaster-2e's from Lucent. Up to 30 serial ports : reachable through telnet (no ssh unfortunately). It's not realy cheap : however. You can usually get a PM2E used through MSI Communications (msic.com) for under $1000. : I'm also looking into the Consoleserver from Lightwave communications : they promised ssh support and in the near future also the possibility for : remote powermanagement (basicaly a powerplug with a network interface :-). APC also sells a remotely-manageable power-distribution unit, in the so-called `masterswitch' series. Combining this into a terminal server does sound interesting, though a bit odd. From sage-members-owner@usenix.org Thu Feb 1 07:52:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f11FlSF20698 for sage-members-outgoing; Thu, 1 Feb 2001 07:47:28 -0800 (PST) Received: from voltron.oit.unc.edu (voltron.oit.unc.edu [152.2.1.126]) by usenix.org (8.11.0/8.11.0) with ESMTP id f11FlR920694 for ; Thu, 1 Feb 2001 07:47:27 -0800 (PST) Received: from localhost (chris@localhost) by voltron.oit.unc.edu (1.0.b2/8.8.5) with SMTP id KAA12076 for ; Thu, 1 Feb 2001 10:47:15 -0500 (EST) Date: Thu, 1 Feb 2001 10:47:15 -0500 (EST) From: Chris Colomb X-Sender: chris@voltron.oit.unc.edu To: sage-members@usenix.org Subject: Re: Serial Terminal Servers In-Reply-To: <200102011303.f11D3Ta14256@vielle.datasys.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Thu, 1 Feb 2001, Mark R. Lindsey wrote: > Nico said: > : We use a number of Portmaster-2e's from Lucent. Up to 30 serial ports > : reachable through telnet (no ssh unfortunately). It's not realy cheap > : however. > > You can usually get a PM2E used through MSI Communications (msic.com) > for under $1000. This is great information. We've been using the 2e's for some time (we have sshd access through a Linux box that has a separate nic for a private network to which the 2e's are attached) but Lucent says they're discontinuing them. I was looking into the Ciscos that Melinda likes...I also noticed the Digi Portserver series does anyone have experience with them? Chris From sage-members-owner@usenix.org Thu Feb 1 08:53:23 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f11GmUA21048 for sage-members-outgoing; Thu, 1 Feb 2001 08:48:30 -0800 (PST) Received: from cliff.niehs.nih.gov (IDENT:root@cliff.niehs.nih.gov [157.98.8.7]) by usenix.org (8.11.0/8.11.0) with ESMTP id f11GmS921044 for ; Thu, 1 Feb 2001 08:48:28 -0800 (PST) Received: from cliff.niehs.nih.gov (IDENT:root@localhost.localdomain [127.0.0.1]) by cliff.niehs.nih.gov (8.9.3/8.9.3/NIEHS-POST-1.6) with ESMTP id LAA01914 for ; Thu, 1 Feb 2001 11:48:17 -0500 Received: from splat.niehs.nih.gov (splat.niehs.nih.gov [157.98.0.29]) by cliff.niehs.nih.gov (8.9.3/8.9.3/NIEHS-PRE-1.7) with ESMTP id LAA01900; Thu, 1 Feb 2001 11:48:17 -0500 Received: from splat (localhost [127.0.0.1]) by splat.niehs.nih.gov (8.9.3/8.9.3) with ESMTP id LAA05859; Thu, 1 Feb 2001 11:48:16 -0500 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.3 In-reply-to: References: <200101021453.f02ErG628966@shangri-la.ccs.neu.edu> <20010104124727.A18313@theseas.softlab.ece.ntua.gr> Comments: In-reply-to Amos Gouaux message dated "Thu, 01 Feb 2001 00:33:33 -0500." To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: Palm devices Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 01 Feb 2001 11:48:16 -0500 Message-ID: <5857.981046096@splat> From: "Lance A. Brown" Sender: owner-sage-members@usenix.org Precedence: bulk Amos Gouaux writes: > >>>>> On Thu, 4 Jan 2001 12:47:27 +0200, > >>>>> Alexios Zavras (az) writes: > > az> For a project that I'm working on, we are using iPaqs running Linux > > has anybody tried out these devices? > > http://www.agendacomputing.com/ I just had my hands on one two days ago. A co-worker got one of the 'developers' versions. The darn thing IS running Linux. Do a reset and watch the linux boot messages fly by! You flash the kernel and a filesystem into the unit separately. Development is done with GCC cross-compilers. The thing is pretty slow, but still impressive to see. --[Lance] From sage-members-owner@usenix.org Thu Feb 1 10:52:11 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f11Ikm721673 for sage-members-outgoing; Thu, 1 Feb 2001 10:46:48 -0800 (PST) Received: from bunrab.catwhisker.org (adsl-63-193-123-122.dsl.snfc21.pacbell.net [63.193.123.122]) by usenix.org (8.11.0/8.11.0) with ESMTP id f11Ikl921669 for ; Thu, 1 Feb 2001 10:46:47 -0800 (PST) Received: (from david@localhost) by bunrab.catwhisker.org (8.10.0/8.10.0) id f11IkWO50139 for sage-members@usenix.org; Thu, 1 Feb 2001 10:46:32 -0800 (PST) Date: Thu, 1 Feb 2001 10:46:32 -0800 (PST) From: David Wolfskill Message-Id: <200102011846.f11IkWO50139@bunrab.catwhisker.org> To: sage-members@usenix.org Subject: Re: Serial Terminal Servers In-Reply-To: Sender: owner-sage-members@usenix.org Precedence: bulk I recall that one of the contributors to this thread mentioned the symptom of a "BREAK" being seen as a result of power-cycling the device on the other end of the cable. I was just leafing through a recently-received copy of the catalog for Workstation Express (htt://www.workstationexp.com/), and note that on the back cover, they advertise "Non-Aborting Serial Console" adapters of various flavors (at US$89 each). I've never used these, so I cannot attest to how well they work. For that matter, I've never purchased anything from Workstation Express -- I had merely requested their catalog on the recommendation of a colleague. But if anyone has used one (or does use one), it might be worth reporting back on experiences.... Cheers, david -- David H. Wolfskill david@catwhisker.org As a computing professional, I believe it would be unethical for me to advise, recommend, or support the use (save possibly for personal amusement) of any product that is or depends on any Microsoft product. From sage-members-owner@usenix.org Thu Feb 1 16:59:07 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f120lKB23370 for sage-members-outgoing; Thu, 1 Feb 2001 16:47:20 -0800 (PST) Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by usenix.org (8.11.0/8.11.0) with ESMTP id f120lI923366 for ; Thu, 1 Feb 2001 16:47:18 -0800 (PST) Received: from [10.0.1.2] (dialup713.brussels.skynet.be [195.238.21.201]) by picard.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.07) with ESMTP id f120kob19348; Fri, 2 Feb 2001 01:46:51 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20010201073452.10914.qmail@web11205.mail.yahoo.com> References: <20010201073452.10914.qmail@web11205.mail.yahoo.com> Date: Fri, 2 Feb 2001 01:02:48 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Serial Terminal Servers Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 11:34 PM -0800 2001/1/31, M.L.Graham wrote: > I've used the Cisco 2511 console server, used them for > NetApp filers, sparcs, Winchester Flash Disks, and for > switches, etc. Easy to configure. When I rebooted them > after a firmware upgrade, no breaks were sent. I've > had great luck with them and really recommend them. We've had really bad experiences with cisco console servers causing Sun servers to have to be re-installed, including our firewall servers. Under no circumstances whatsoever will we ever make that mistake again. We have people who have previous experience with Cyclades equipment, and the advantage there is that you could ssh into the server, and then directly connect to the serial port of the console, and your communications are never sent in the clear, even on a local unrouted network (as would be the case with all hardware terminal servers I know of). -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Fri Feb 2 02:49:28 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12AinQ24737 for sage-members-outgoing; Fri, 2 Feb 2001 02:44:49 -0800 (PST) Received: from wilco-int.com (intmailserv.wilco-int.com [212.36.174.165]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12Ail924733 for ; Fri, 2 Feb 2001 02:44:48 -0800 (PST) Received: from wilco-fw3.wilco-int.com (wilco-fwdmz.wilco-int.com [192.168.32.253]) by wilco-int.com (8.9.1b+Sun/8.9.1) with SMTP id KAA01050 for ; Fri, 2 Feb 2001 10:23:11 GMT Received: from smtpscan.wilco-int.com ([194.62.147.46]) by wilco-fw3.wilco-int.com; Fri, 02 Feb 2001 10:35:56 +0000 (GMT) Received: FROM mailsweeper.wilco-int.com BY smtpscan.wilco-int.com ; Fri Feb 02 10:34:48 2001 0000 Received: from lonmail01.wilco-int.com (unverified) by mailsweeper.wilco-int.com (Content Technologies SMTPRS 4.1.2) with ESMTP id for ; Fri, 2 Feb 2001 10:32:02 +0000 Received: from hydmail01.hyd.wilco-int.com (hydmail01 [192.168.130.32]) by lonmail01.wilco-int.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id D7J9BZY2; Fri, 2 Feb 2001 10:30:24 -0000 Received: by hydmail01.hyd.wilco-int.com with Internet Mail Service (5.5.2650.21) id <1BHBCFAJ>; Fri, 2 Feb 2001 16:01:48 +0530 Message-ID: From: Rayappa Mayakunthala To: sage-members@usenix.org Subject: length of the login id Date: Fri, 2 Feb 2001 16:01:46 +0530 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk Folks Our local office has recently been taken over by a new company. This new company uses 3-char login id for both NT and Unix and our office had been using 8-char login id for both NT and Unix. Now the question is whether we should migrate to 3-char or not. Though it is lot of work and it is going to break various things, this would be forced upon us by the management at some point. This new company is 800+ employee strong and our office 300+ employee strong and that is making me think towards 3-char as it is easy to change few users than lot of users. Any thoughts? Thanks very much. Rayappa. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From sage-members-owner@usenix.org Fri Feb 2 06:37:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12EWww25072 for sage-members-outgoing; Fri, 2 Feb 2001 06:32:58 -0800 (PST) Received: from mr1.ash.ops.us.uu.net (mr1.ash.ops.us.uu.net [198.5.241.86]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12EWu925067 for ; Fri, 2 Feb 2001 06:32:57 -0800 (PST) Received: from mail.cuug.ab.ca by mr1.ash.ops.us.uu.net with ESMTP (peer crosschecked as: sparc250.cuug.ab.ca [192.75.191.250]) id QQkaqk19969 for ; Fri, 2 Feb 2001 14:32:45 GMT Received: (from uucp@localhost) by mail.cuug.ab.ca (8.9.3/8.9.3) id HAA06477 for ; Fri, 2 Feb 2001 07:27:35 -0700 (MST) Received: from UNKNOWN(192.75.191.7), claiming to be "igor.cuug.ab.ca" via SMTP by sparc250, id smtpds21931; Fri Feb 2 07:27:25 2001 Received: from localhost (dorfsmay@localhost) by igor.cuug.ab.ca (8.9.3/8.9.3) with ESMTP id HAA27949 for ; Fri, 2 Feb 2001 07:38:54 -0700 X-Authentication-Warning: igor.cuug.ab.ca: dorfsmay owned process doing -bs Date: Fri, 2 Feb 2001 07:38:54 -0700 (MST) From: Yves Dorfsman To: sage-members@usenix.org Subject: Re: length of the login id In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Fri, 2 Feb 2001, Rayappa Mayakunthala wrote: > Our local office has recently been taken over by a new company. This new > company uses 3-char login id for both NT and Unix and our office had been > using 8-char login id for both NT and Unix. Now the question is whether we > should migrate to 3-char or not. Though it is lot of work and it is going to > break various things, this would be forced upon us by the management at some > point. This new company is 800+ employee strong and our office 300+ employee > strong and that is making me think towards 3-char as it is easy to change > few users than lot of users. For 300 changes, I would try to come with a scheme that is realtively easy to script, therefore it shouldn't matter if it is 300 or 800. 8 char ids seems to make more sense, but the only valid reason I can come up with is that it is easier to create something meaningfull out of 8 chars than 3... or it could just be habit (I originally thought 3 alphanumeric would be very limited in the number of possible ids, but 36^3 = 46656, more than enough !!). Yves. ---- Yves Dorfsman dorfsmay@cuug.ab.ca http://www.cuug.ab.ca/~dorfsmay From sage-members-owner@usenix.org Fri Feb 2 07:11:17 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12F82b25151 for sage-members-outgoing; Fri, 2 Feb 2001 07:08:02 -0800 (PST) Received: from spotter.yi.org (IDENT:root@dhcp065-024-215-097.insight.rr.com [65.24.215.97]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12F81925147 for ; Fri, 2 Feb 2001 07:08:01 -0800 (PST) Received: from spotter.yi.org (spp@localhost [127.0.0.1]) by spotter.yi.org (8.8.7/8.8.7) with ESMTP id LAA03238; Fri, 2 Feb 2001 11:09:59 -0500 Message-Id: <200102021609.LAA03238@spotter.yi.org> To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: length of the login id In-Reply-To: Your message of "Fri, 02 Feb 2001 16:01:46 +0530." Date: Fri, 02 Feb 2001 11:09:59 -0500 From: "Stephen P. Potter" Sender: owner-sage-members@usenix.org Precedence: bulk Lightning flashed, thunder crashed and Rayappa Mayakunthala whispered: | Our local office has recently been taken over by a new company. This new | company uses 3-char login id for both NT and Unix and our office had been | using 8-char login id for both NT and Unix. Now the question is whether we | should migrate to 3-char or not. Though it is lot of work and it is going to | break various things, this would be forced upon us by the management at some | point. This new company is 800+ employee strong and our office 300+ employee | strong and that is making me think towards 3-char as it is easy to change | few users than lot of users. Three characters is awfully short. How are they determined? If they are random, you end up with about 46000 (assuming a-z 0-9, 17500 if only a-z) possible IDs. If they are based on initials or some such, you'll find that there are common initials that will really only give you about 1500 IDs. I'd recommend that you try and get them to grandfather you in. -spp From sage-members-owner@usenix.org Fri Feb 2 07:16:07 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12FDAn25172 for sage-members-outgoing; Fri, 2 Feb 2001 07:13:10 -0800 (PST) Received: from denali.loopback.net (nat-pool.corp.redhat.com [199.183.24.200] (may be forged)) by usenix.org (8.11.0/8.11.0) with ESMTP id f12FD8925168 for ; Fri, 2 Feb 2001 07:13:08 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f12FCkQ18002; Fri, 2 Feb 2001 10:12:46 -0500 Date: Fri, 2 Feb 2001 10:12:45 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: length of the login id Message-ID: <20010202101245.A17944@redhat.com> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="82I3+IH0IqGh5yIs" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mrayappa@Wilco-int.com on Fri, Feb 02, 2001 at 04:01:46PM +0530 Sender: owner-sage-members@usenix.org Precedence: bulk --82I3+IH0IqGh5yIs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 02, 2001 at 04:01:46PM +0530, Rayappa Mayakunthala mailed: > Folks >=20 > Our local office has recently been taken over by a new company. This new > company uses 3-char login id for both NT and Unix and our office had been > using 8-char login id for both NT and Unix. Now the question is whether we > should migrate to 3-char or not. Though it is lot of work and it is going= to > break various things, this would be forced upon us by the management at s= ome > point. This new company is 800+ employee strong and our office 300+ emplo= yee > strong and that is making me think towards 3-char as it is easy to change > few users than lot of users. >=20 > Any thoughts? I supposed the obvious thought would be, why the arbitrary limit on login id in the first place, especially at three characters. There are far too many possible repeats if users try and use initials so for many people I'd imagi= ne that their login id becomes arbitrary. Standardization alone really isn't an arguement since both NT and UNIX can provide the kind of database/directory lookup to get from real-name <-> login id. --=20 Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary= ." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --82I3+IH0IqGh5yIs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6es5t5AZBSxmJOhkRAgVXAJ97CetjCBRCl/qId36OGTkjaQoZSwCeM4qc EoSTo3Fgfs/SdewUZMXmCG4= =Qa7Q -----END PGP SIGNATURE----- --82I3+IH0IqGh5yIs-- From sage-members-owner@usenix.org Fri Feb 2 07:49:20 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12FjdU25251 for sage-members-outgoing; Fri, 2 Feb 2001 07:45:39 -0800 (PST) Received: from prajna.anatman.org (we-24-130-93-25.we.mediaone.net [24.130.93.25]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12Fjb925247 for ; Fri, 2 Feb 2001 07:45:38 -0800 (PST) Received: from localhost (localhost.we.mediaone.net [127.0.0.1]) by prajna.anatman.org (Postfix) with ESMTP id B46A1136EF; Fri, 2 Feb 2001 07:45:22 -0800 (PST) Date: Fri, 2 Feb 2001 07:45:22 -0800 (PST) From: Thornton Prime X-X-Sender: To: sage-members@usenix.org Cc: Subject: Re: length of the login id In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Fri, 2 Feb 2001, Rayappa Mayakunthala wrote: > Our local office has recently been taken over by a new company. This new > company uses 3-char login id for both NT and Unix and our office had been > using 8-char login id for both NT and Unix. Now the question is whether we > should migrate to 3-char or not. Though it is lot of work and it is going to > break various things, this would be forced upon us by the management at some > point. This new company is 800+ employee strong and our office 300+ employee > strong and that is making me think towards 3-char as it is easy to change > few users than lot of users. > > Any thoughts? Apart from the fact that a 3-character login id is silly? Because NT logins are not case-sensitive (indeed, many applications won't be) you are limited to only about 47K combinations. That might seem like a lot, but you are looking to run into clashes as employees will generally want their initials. It just seems to me that a 3 character login is poor planning on your parent company's part ... they should be encouraged to migrate to 8 character logins. thornton From sage-members-owner@usenix.org Fri Feb 2 08:11:19 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12G7hq25591 for sage-members-outgoing; Fri, 2 Feb 2001 08:07:43 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f12G7gA25584 for sage-members@usenix.org; Fri, 2 Feb 2001 08:07:42 -0800 (PST) Received: from zeus.etrade.ca ([209.167.132.84]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12Dl6924992 for ; Fri, 2 Feb 2001 05:47:06 -0800 (PST) Received: from radar.vtidev.ca (radar [192.9.211.192]) by zeus.etrade.ca (8.9.3/8.9.3) with ESMTP id IAA28796 for ; Fri, 2 Feb 2001 08:46:53 -0500 (EST) Received: by radar.vtidev.ca (8.8.8+Sun/SMI-SVR4) id IAA16879; Fri, 2 Feb 2001 08:46:53 -0500 (EST) From: pradeep@etrade.ca (Pradeep Subramaniam) Message-Id: <200102021346.IAA16879@radar.vtidev.ca> Subject: Veritas clustering To: sage-members@usenix.org Date: Fri, 2 Feb 2001 08:46:53 -0500 (EST) X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk I am in the process of clustering a couple of my servers using Veritas Cluster server. The final setup will be that one or the other will answer to a certain name and IP address. The issue I am running into is that these are application servers and as such will be initiating connections from within the cluster. This poses a problem as the connections are validated by name and IP. The Veritas cluster server creates the virtual network interface (hme0:1) assigns the pseudo IP of the cluster node to it. Since this is not the first entry in the routing table of that machine, connections going out of the `cluster' appear to come from the actual machine's IP address rather than that of the `cluster'. (See outputs below). How would I force them to come from the cluster name and IP? Has anyone out there done this before? Thanks in advance. Pradeep. terra% /usr/sbin/ifconfig -a lo0: flags=849 mtu 8232 inet 127.0.0.1 netmask ff000000 hme0: flags=863 mtu 1500 inet 192.9.208.252 netmask ffffff00 broadcast 192.9.208.255 hme0:1: flags=843 mtu 1500 inet 192.9.208.253 netmask ffffff00 broadcast 192.9.208.255 terra% netstat -rn Routing Table: Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 192.9.208.0 192.9.208.252 U 4 949 hme0 192.9.208.0 192.9.208.253 U 4 0 hme0:1 224.0.0.0 192.9.208.252 U 4 0 hme0 default 192.9.208.2 UG 0 644 127.0.0.1 127.0.0.1 UH 0 137607 lo0 terra% -- Pradeep Subramaniam, | Manager, Systems Administration | You can fool some of the people E*Trade Technology Corporation | all the time, but not all the e-mail: pradeep@etrade.ca | people all the time. phone: (416) 214 7979 | fax: (416) 214 9065 | - Yet another brilliant philosopher cell: (416) 806 2328 | ******************************************************************************* From sage-members-owner@usenix.org Fri Feb 2 09:00:56 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12GvGJ25815 for sage-members-outgoing; Fri, 2 Feb 2001 08:57:16 -0800 (PST) Received: from pianosa.catch22.org (postfix@pianosa.catch22.org [64.81.70.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12GvF925811 for ; Fri, 2 Feb 2001 08:57:16 -0800 (PST) Received: by pianosa.catch22.org (Postfix, from userid 1020) id 7DAF51761; Fri, 2 Feb 2001 08:57:05 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by pianosa.catch22.org (Postfix) with ESMTP id 6DBB43467; Fri, 2 Feb 2001 08:57:05 -0800 (PST) Date: Fri, 2 Feb 2001 08:57:05 -0800 (PST) From: Benjy Feen X-Sender: To: sage-members@usenix.org Cc: Subject: Re: length of the login id In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk > 8 char ids seems to make more sense, but the only valid reason I can come > up with is that it is easier to create something meaningfull out of 8 > chars than 3... or it could just be habit (I originally thought 3 > alphanumeric would be very limited in the number of possible ids, but 36^3 > = 46656, more than enough !!). I love the fact that UNIXy folks think in such consistent ways... when I read the question, I immediately fired up bc and typed 36^3 :) From sage-members-owner@usenix.org Fri Feb 2 09:27:27 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12HOC325983 for sage-members-outgoing; Fri, 2 Feb 2001 09:24:12 -0800 (PST) Received: from pianosa.catch22.org (postfix@pianosa.catch22.org [64.81.70.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12HOB925979 for ; Fri, 2 Feb 2001 09:24:12 -0800 (PST) Received: by pianosa.catch22.org (Postfix, from userid 1020) id 77609177A; Fri, 2 Feb 2001 09:24:01 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by pianosa.catch22.org (Postfix) with ESMTP id 6182E3467 for ; Fri, 2 Feb 2001 09:24:01 -0800 (PST) Date: Fri, 2 Feb 2001 09:24:01 -0800 (PST) From: Benjy Feen X-Sender: To: sage-members@usenix.org Subject: Re: length of the login id In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Rayappa: Are you in contact with the sysadmins of the parent company? Is there a way to find out how well 3-character ids are working out for them? From sage-members-owner@usenix.org Fri Feb 2 09:59:24 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12HuDf26170 for sage-members-outgoing; Fri, 2 Feb 2001 09:56:13 -0800 (PST) Received: from minbar.megacity.org (IDENT:root@minbar.megacity.org [64.71.143.244]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12HuC926166 for ; Fri, 2 Feb 2001 09:56:12 -0800 (PST) Received: from [206.132.89.194] (e-coli.corp.yahoo.com [206.132.89.194]) (authenticated (0 bits)) by minbar.megacity.org (8.12.0.Beta1/8.12.0.Beta1) with ESMTP id f12HqoNT025092; Fri, 2 Feb 2001 09:52:51 -0800 Mime-Version: 1.0 X-Sender: dredd@mail.megacity.org Message-Id: In-Reply-To: References: Date: Fri, 2 Feb 2001 09:52:44 -0800 To: sage-members@usenix.org From: "Derek J. Balling" Subject: Re: length of the login id Cc: sage-members@usenix.org Content-Type: text/plain; charset="us-ascii" Sender: owner-sage-members@usenix.org Precedence: bulk At 7:38 AM -0700 2/2/01, Yves Dorfsman wrote: >8 char ids seems to make more sense, but the only valid reason I can come >up with is that it is easier to create something meaningfull out of 8 >chars than 3... or it could just be habit (I originally thought 3 >alphanumeric would be very limited in the number of possible ids, but 36^3 >= 46656, more than enough !!). Funny, I almost made the same argument, so you're not alone there. I was like "3 characters, are they nuts?! That's only... er., um.. wow.. ok, nevermind" and deleted the message. ;-) D -- +---------------------+-----------------------------------------+ | dredd@megacity.org | "Conan! What is best in life?" | | Derek J. Balling | "To crush your enemies, see them | | | driven before you, and to hear the | | | lamentation of their women!" | +---------------------+-----------------------------------------+ From sage-members-owner@usenix.org Fri Feb 2 10:30:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12IQh026461 for sage-members-outgoing; Fri, 2 Feb 2001 10:26:43 -0800 (PST) Received: from hartman.aptis.com (hartman.aptis.com [132.245.91.10]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12IQf926457 for ; Fri, 2 Feb 2001 10:26:41 -0800 (PST) Received: by hartman.aptis.com with Internet Mail Service (5.5.2650.21) id <1ABR3HN4>; Fri, 2 Feb 2001 13:26:17 -0500 Message-ID: <24DDB00C6B7AD411A561009027177FF135591D@hartman.aptis.com> From: Joe Yuska Sr To: sage-members@usenix.org Subject: RE: length of the login id Date: Fri, 2 Feb 2001 13:26:09 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C08D45.A19C42EA" Sender: owner-sage-members@usenix.org Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C08D45.A19C42EA Content-Type: text/plain; charset="iso-8859-1" > -----Original Message----- > From: Stephen P. Potter [mailto:spp@spotter.yi.org] > Sent: Friday, February 02, 2001 11:10 AM > To: sage-members@usenix.org > Cc: sage-members@usenix.org > Subject: Re: length of the login id > > > Lightning flashed, thunder crashed and Rayappa Mayakunthala > .com> whispered: > | Our local office has recently been taken over by a new > company. This new > | company uses 3-char login id for both NT and Unix and our > office had been > | using 8-char login id for both NT and Unix. Now the > question is whether we > | should migrate to 3-char or not. Though it is lot of work > and it is going to > | break various things, this would be forced upon us by the > management at some > | point. This new company is 800+ employee strong and our > office 300+ employee > | strong and that is making me think towards 3-char as it is > easy to change > | few users than lot of users. > > Three characters is awfully short. How are they determined? > If they are > random, you end up with about 46000 (assuming a-z 0-9, 17500 > if only a-z) > possible IDs. If they are based on initials or some such, > you'll find that > there are common initials that will really only give you > about 1500 IDs. > I'd recommend that you try and get them to grandfather you in. Unless there had been a conscious attempt to assign UID's and GID's, the overlap on these will be a more significant problem than the usernames themselves. I'm making the small assumption that the names are global within each company and the servers will mix. Been there a few times, feel the pain. Joe Yuska ------_=_NextPart_001_01C08D45.A19C42EA Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: length of the login id

> -----Original Message-----
> From: Stephen P. Potter [mailto:spp@spotter.yi.org]=
> Sent: Friday, February 02, 2001 11:10 AM
> To: sage-members@usenix.org
> Cc: sage-members@usenix.org
> Subject: Re: length of the login id
>
>
> Lightning flashed, thunder crashed and Rayappa = Mayakunthala
> <mrayappa@Wilco-int
> .com> whispered:
> | Our local office has recently been taken over = by a new
> company. This new
> | company uses 3-char login id for both NT and = Unix and our
> office had been
> | using 8-char login id for both NT and Unix. = Now the
> question is whether we
> | should migrate to 3-char or not. Though it is = lot of work
> and it is going to
> | break various things, this would be forced = upon us by the
> management at some
> | point. This new company is 800+ employee = strong and our
> office 300+ employee
> | strong and that is making me think towards = 3-char as it is
> easy to change
> | few users than lot of users.
>
> Three characters is awfully short.  How = are they determined? 
> If they are
> random, you end up with about 46000 (assuming = a-z 0-9, 17500
> if only a-z)
> possible IDs.  If they are based on = initials or some such,
> you'll find that
> there are common initials that will really only = give you
> about 1500 IDs.
> I'd recommend that you try and get them to = grandfather you in.


Unless there had been a conscious attempt to assign = UID's and GID's, the overlap on these will be a more significant = problem than the usernames themselves.  I'm making the small = assumption that the names are global within each company and the = servers will mix.

Been there a few times, feel the pain.

Joe Yuska

------_=_NextPart_001_01C08D45.A19C42EA-- From sage-members-owner@usenix.org Fri Feb 2 10:59:06 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12Itvb26772 for sage-members-outgoing; Fri, 2 Feb 2001 10:55:57 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f12Ituo26767 for sage-members@usenix.org; Fri, 2 Feb 2001 10:55:56 -0800 (PST) Received: from nautilus.shore.net (nautilus.shore.net [207.244.124.104]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12IpI926712 for ; Fri, 2 Feb 2001 10:51:19 -0800 (PST) Received: from vineyard.ecosoft.com [207.244.127.80] by nautilus.shore.net with esmtp (Exim) id 14OlIN-0006aQ-00; Fri, 02 Feb 2001 13:50:55 -0500 Received: from sambucca.dt.ecosoft.com [207.244.127.105] by vineyard.ecosoft.com with esmtp (Exim) id 14OlIM-0002Np-00; Fri, 02 Feb 2001 13:50:54 -0500 Received: from jtm by sambucca.dt.ecosoft.com with local (Exim) id 14OlIL-00024I-00; Fri, 02 Feb 2001 13:50:53 -0500 Subject: Re: length of the login id To: sage-members@usenix.org Date: Fri, 2 Feb 2001 13:50:53 -0500 (EST) Cc: sage-members@usenix.org From: jtm@primushost.com X-Mailer: ELM [version 2.4ME+ PL45 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: Sender: owner-sage-members@usenix.org Precedence: bulk Thornton Prime wrote ..... -> -> On Fri, 2 Feb 2001, Rayappa Mayakunthala wrote: -> > Our local office has recently been taken over by a new company. This new -> > company uses 3-char login id for both NT and Unix and our office had been -> > using 8-char login id for both NT and Unix. Now the question is whether we -> > should migrate to 3-char or not. Though it is lot of work and it is going to -> > break various things, this would be forced upon us by the management at some -> > point. This new company is 800+ employee strong and our office 300+ employee -> > strong and that is making me think towards 3-char as it is easy to change -> > few users than lot of users. -> > -> > Any thoughts? -> -> Apart from the fact that a 3-character login id is silly? -> -> Because NT logins are not case-sensitive (indeed, many applications won't -> be) you are limited to only about 47K combinations. That might seem like a -> lot, but you are looking to run into clashes as employees will generally -> want their initials. -> -> It just seems to me that a 3 character login is poor planning on your -> parent company's part ... they should be encouraged to migrate to 8 -> character logins. -> -> thornton Am I missing something here? Why does anyone want to change? If some folks want a login name of 3 char's, let them have 3 char's. If they want to use 8 (or 5, 6, or 7) char's, let them use that number. The only important thing is to avoid duplication - right? John -- _________________________________________________________ John T. Mahoney jtm@primushost.com Senior Unix System Administrator PRIMUS Managed Hosting Solutions - Shore.Net http://www.primushost.com 781/586-6100 From sage-members-owner@usenix.org Fri Feb 2 11:58:43 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12Jsvn27285 for sage-members-outgoing; Fri, 2 Feb 2001 11:54:57 -0800 (PST) Received: from lanning.cc ([63.166.8.14]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12Jsu927281 for ; Fri, 2 Feb 2001 11:54:56 -0800 (PST) Received: (from lanning@localhost) by lanning.cc (8.11.0/8.11.0) id f12Jshw08360; Fri, 2 Feb 2001 11:54:43 -0800 From: Robert Hajime Lanning Message-Id: <200102021954.f12Jshw08360@lanning.cc> Subject: Re: Veritas clustering To: sage-members@usenix.org Date: Fri, 2 Feb 2001 11:54:42 -0800 (PST) Cc: sage-members@usenix.org In-Reply-To: <200102021346.IAA16879@radar.vtidev.ca> from "Pradeep Subramaniam" at Feb 02, 2001 08:46:53 AM X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Have you tried IP Filter? Do a NAT rewrite. ---- As written by Pradeep Subramaniam: > > > I am in the process of clustering a couple of my servers using Veritas > Cluster server. The final setup will be that one or the other will > answer to a certain name and IP address. > > The issue I am running into is that these are application servers and > as such will be initiating connections from within the cluster. This > poses a problem as the connections are validated by name and IP. > > The Veritas cluster server creates the virtual network interface > (hme0:1) assigns the pseudo IP of the cluster node to it. Since this is > not the first entry in the routing table of that machine, connections > going out of the `cluster' appear to come from the actual machine's IP > address rather than that of the `cluster'. (See outputs below). > > How would I force them to come from the cluster name and IP? Has anyone > out there done this before? Thanks in advance. > > Pradeep. > > terra% /usr/sbin/ifconfig -a > lo0: flags=849 mtu 8232 > inet 127.0.0.1 netmask ff000000 > hme0: flags=863 mtu 1500 > inet 192.9.208.252 netmask ffffff00 broadcast 192.9.208.255 > hme0:1: flags=843 mtu 1500 > inet 192.9.208.253 netmask ffffff00 broadcast 192.9.208.255 > terra% netstat -rn > > Routing Table: > Destination Gateway Flags Ref Use Interface > -------------------- -------------------- ----- ----- ------ --------- > 192.9.208.0 192.9.208.252 U 4 949 hme0 > 192.9.208.0 192.9.208.253 U 4 0 hme0:1 > 224.0.0.0 192.9.208.252 U 4 0 hme0 > default 192.9.208.2 UG 0 644 > 127.0.0.1 127.0.0.1 UH 0 137607 lo0 > terra% > > -- > Pradeep Subramaniam, | > Manager, Systems Administration | You can fool some of the people > E*Trade Technology Corporation | all the time, but not all the > e-mail: pradeep@etrade.ca | people all the time. > phone: (416) 214 7979 | > fax: (416) 214 9065 | - Yet another brilliant philosopher > cell: (416) 806 2328 | > ******************************************************************************* > > -- /* Robert Hajime Lanning lanning@lanning.cc ** Trade: Unix Systems Administrator (Senior level) (SAGE IV) */ #include From sage-members-owner@usenix.org Fri Feb 2 14:51:39 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12MkL628337 for sage-members-outgoing; Fri, 2 Feb 2001 14:46:21 -0800 (PST) Received: from io.frii.com (root@io.frii.com [216.17.128.3]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12MkK928333 for ; Fri, 2 Feb 2001 14:46:20 -0800 (PST) Received: (from zilla@localhost) by io.frii.com (8.11.1/8.11.1) id f12Mk9v31178 for sage-members@usenix.org; Fri, 2 Feb 2001 15:46:09 -0700 (MST) Message-Id: <200102022246.f12Mk9v31178@io.frii.com> Subject: Re: NetApps vs EMC In-Reply-To: from Rayappa Mayakunthala at "Jan 31, 2001 10:28:13 pm" To: sage-members@usenix.org Date: Fri, 2 Feb 2001 15:46:09 -0700 (MST) From: Mike Loseke X-Mailer: ELM [version 2.4ME+ PL68 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Thus spake Rayappa Mayakunthala: > With NetApp, is it possible to save the configuration anywhere else other > than in the NetApp - much like tftp support. We are planning to get few of > them but I am wondering if NetApp dies for some reason, would I end up > losing the configuration? Yup. We mount the /etc/dir on our filers on one of our admin machines and they get backed up automatically by our backup procedures and we can manually copy them around when needed. Quite nice. -- Mike Loseke | If at first you don't succeed, mike@verinet.com | increase the amperage. From sage-members-owner@usenix.org Fri Feb 2 14:55:19 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12MohX28385 for sage-members-outgoing; Fri, 2 Feb 2001 14:50:43 -0800 (PST) Received: from thomas.byzantium.com ([62.232.10.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12Mof928381 for ; Fri, 2 Feb 2001 14:50:42 -0800 (PST) Received: from host62-6-101-74.dialup.lineone.co.uk ([62.6.101.74] helo=chocolate) by thomas.byzantium.com with smtp (Exim 3.16 #2) id 14Op0E-0001uZ-00 for sage-members@usenix.org; Fri, 02 Feb 2001 22:48:26 +0000 Message-ID: <007e01c08d6a$9d20dbc0$4a65063e@chocolate> From: "Edward Rolison" To: sage-members@usenix.org Subject: Fw: length of the login id Date: Fri, 2 Feb 2001 22:50:55 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 Sender: owner-sage-members@usenix.org Precedence: bulk > Thornton Prime wrote ..... > -> > -> On Fri, 2 Feb 2001, Rayappa Mayakunthala wrote: > -> > Our local office has recently been taken over by a new company. This new > -> > company uses 3-char login id for both NT and Unix and our office had been > -> > using 8-char login id for both NT and Unix. Now the question is whether we > -> > should migrate to 3-char or not. Though it is lot of work and it is going to > -> > break various things, this would be forced upon us by the management at some > -> > point. This new company is 800+ employee strong and our office 300+ employee > -> > strong and that is making me think towards 3-char as it is easy to change > -> > few users than lot of users. > -> > > -> > Any thoughts? > -> > -> Apart from the fact that a 3-character login id is silly? > -> It just seems to me that a 3 character login is poor planning on your > -> parent company's part ... they should be encouraged to migrate to 8 > -> character logins. > Am I missing something here? Why does anyone want to > change? If some folks want a login name of 3 char's, let > them have 3 char's. If they want to use 8 (or 5, 6, or 7) > char's, let them use that number. The only important > thing is to avoid duplication - right? Because management doesn't really need a reason to inflict more work on 'Those Systems Layabouts"? IMHO you are right though, unless they want some form of _really_ lazy scripting. (cycling through letters rather than bothering to parse the passwd file or equivalent). Only minor concern is that if you know they have 3char passwords, it becomes easier to guess valid user codes for crack attempts. Although usercodes aren't generally 'secret' anyway... PS I did exactly the same thing trying to figure out the available number of usercodes. Spooky. From sage-members-owner@usenix.org Fri Feb 2 15:07:43 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f12N2ic28477 for sage-members-outgoing; Fri, 2 Feb 2001 15:02:44 -0800 (PST) Received: from io.frii.com (root@io.frii.com [216.17.128.3]) by usenix.org (8.11.0/8.11.0) with ESMTP id f12N2h928473 for ; Fri, 2 Feb 2001 15:02:43 -0800 (PST) Received: (from zilla@localhost) by io.frii.com (8.11.1/8.11.1) id f12N2Ps31569; Fri, 2 Feb 2001 16:02:25 -0700 (MST) Message-Id: <200102022302.f12N2Ps31569@io.frii.com> Subject: Re: NetAps vs EMC In-Reply-To: <8969C7C92A78D311869C0090278750B67A2678@cumulus.shore.mbari.org> from "Allen, Pat" at "Jan 31, 2001 07:12:51 am" To: sage-members@usenix.org Date: Fri, 2 Feb 2001 16:02:25 -0700 (MST) CC: "'sage-members@usenix.org'" From: Mike Loseke X-Mailer: ELM [version 2.4ME+ PL68 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Thus spake Allen, Pat: > I suppose I could be considered a long-time Network Appliance customer - > I've been using them for the past 6 years! We started off with one of their > old 1400 series boxes and have just upgraded and gone from there. Right now > we have a F740 with around 450GB of disk storage and an older F330 with only > 28GB of disk. By the end of this week we'll have another F740 delivered with > an additional 252GB of disk that we'll cluster with the first one and two of > Net App's NetCache boxes. We have eight filers with a few terabytes of total space on them. Very very good product with an excellent support organization, both post- and pre-sales.Our newer filers are using fibre-channel and it's excellent. > I can't comment on the reliability of EMC but it can't be any better than > Net App! In the past 6 years I think I've had one disk go bad and some RAM > became flakey. I found out about the RAM because the filer sent a > notification message to the Net App support group. I received a phone call > telling me that they were aware of a problem with my filer and that new RAM > was on its way to me. How's that for support!!!! When you consider the lack > of problems I've experienced with their boxes, you have to understand the > environment I'm in as well. We're an oceanographic research institute and > one of the filers (the F330) was installed on one of our ships. Needless to > say that's not one of the most computer friendly environments. But the filer > ran like a charm. Yes, the feature where the filer notifies their support staff of errors and events is very helpful. We always buy spares kits for ours so that when we do have some sort of failure we can swap a part out but it's also nice to get an email saying "we just overnighted a new disk drive to you". Saves us the overhead of contacting them first. > I've noticed in this thread that there are some comments regarding the user > interface. One of the benefits behind the network appliance is its light > operating system which is optimized for being a file server. It's not loaded > down with a heavy GUI or lots of unnecessary operating system layers. It's > GREAT at what it does. But as one person said, this is getting into the > realm of personal opinion. YES! My feelings exactly. A system should be as simple as possible and for everything that that NetApp's can do, they do it with performance of data throughput being the highest priority. System reliability gained from a stable and lightweight OS (new versions are copied over from a single 3.5" floppy) is very high. > I'd like to mention another couple of things I love about the Net App > filers. The first is that occasionally they do need to be rebooted in order > to update the OS, add a new disk shelf or a tape changer or ..... (Note - > they don't need to be shut down to add a new disk.) When you power up the > system, it takes a whopping 1.25 minutes to boot our F740 with 450GB of > disk. I'd like to see any Unix server match that. (And I've been a Unix > fan/developer/admin/jack-of-all-trades for the past 20 years!) And talk > about upgrading the OS - it's a 5 minute process that is fool-proof. Yep, very easy to sneak these upgrades and reboots in when you need to. The .snapshot facility is also a life/timesaver. The ability to say "oops, shouldn't have deleted that - I'll just retrieve it out of the .snapshot" and keep working is invaluable to my fat-fingered engineers (and me). Quotas which work, and can disguise true volume sizes to commands like "df", are nice too. > The other thing that I like about the filer is their multi-protocol support. > Right now they natively support NFS, CIFS, and HTTP. The only other protocol > I could ask for is Appletalk - not because I like it but because my users > need it. I'm sure that will come down the line. We've looked at using the CIFS support but are sticking with a samba server for that as Samba is a bit more robust for our environment. We run them using TCPv3(udp) and have a very high level of performance and reliability. I'll have to add that a high-performance network makes them work that much better so udp is safe for us (no to mention about 40% faster than tcp). > Needless to say, I'm a happy customer. There's no way that we would ever get > rid of the Network Appliance boxes we have. Go for it - you can't go wrong! Ditto. :-) We're being asked to look at other solutions for reasons I can't get into but anything else would be a step backwards. -- Mike Loseke | If at first you don't succeed, mike@verinet.com | increase the amperage. From sage-members-owner@usenix.org Fri Feb 2 16:12:11 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1306ns28782 for sage-members-outgoing; Fri, 2 Feb 2001 16:06:49 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1306l928778 for ; Fri, 2 Feb 2001 16:06:47 -0800 (PST) Received: from [10.0.1.3] (dialup510.brussels2.skynet.be [195.238.24.254]) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.07) with ESMTP id f1306Vs12910; Sat, 3 Feb 2001 01:06:31 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: References: Date: Sat, 3 Feb 2001 00:56:46 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: length of the login id Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 7:38 AM -0700 2001/2/2, Yves Dorfsman wrote: > 8 char ids seems to make more sense, but the only valid reason I can come > up with is that it is easier to create something meaningfull out of 8 > chars than 3... or it could just be habit (I originally thought 3 > alphanumeric would be very limited in the number of possible ids, but 36^3 > = 46656, more than enough !!). Right, but how are those three generated? Is it your initials? If so, you have a much, much higher probability of collisions, because Brian Kizer can have the same middle name as Brad Knowles -- Remember the birthday paradox. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Fri Feb 2 23:22:15 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f137Er529876 for sage-members-outgoing; Fri, 2 Feb 2001 23:14:53 -0800 (PST) Received: from ntua.gr (achilles.noc.ntua.gr [147.102.222.210]) by usenix.org (8.11.0/8.11.0) with ESMTP id f137Eo929872 for ; Fri, 2 Feb 2001 23:14:50 -0800 (PST) Received: from theseas.softlab.ece.ntua.gr (theseas.softlab.ece.ntua.gr [147.102.1.1]) by ntua.gr (8.9.3/8.9.3) with ESMTP id JAA17669; Sat, 3 Feb 2001 09:14:33 +0200 (EET) Received: (from zvr@localhost) by theseas.softlab.ece.ntua.gr (8.11.1/8.11.1) id f137EYa28419; Sat, 3 Feb 2001 09:14:34 +0200 (EET) Date: Sat, 3 Feb 2001 09:14:34 +0200 From: Alexios Zavras To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: length of the login id Message-ID: <20010203091434.A28058@theseas.softlab.ece.ntua.gr> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from brad.knowles@skynet.be on 20010203T005646 X-Mail-Address: P.O. Box 24071, GR-111 10 Athens, GREECE X-Home-Address: 24, Th. Anninou St., GR-111 41 Athens, GREECE X-Work-Phone: +30-1-8203163 X-Work-Fax: +30-1-8203135 X-Home-Phone: +30-1-2933369 X-Home-Fax: +30-1-2933369 Sender: owner-sage-members@usenix.org Precedence: bulk Brad Knowles wrote [edited]: > At 7:38 AM -0700 2001/2/2, Yves Dorfsman wrote: > > (I originally thought 3 > > alphanumeric would be very limited in the number of possible ids, but 36^3 > > = 46656, more than enough !!). > > Right, but how are those three generated? Is it your initials? Right! There are 46656 possible accounts, but if you're talking about initials, you'd have an uneven distribution. Or specifically hire someone called Xavier Yves Zeno to use the xyz combination. :-) In our case, with /etc/passwd at ~1300 entries, the combinations of First and Last name initials (FL) are: [yeah, I know, it could be done otherwise] > awk -F: '{print $5}' /etc/passwd | sed -e 's/[ a-z]//g' | sort | uniq -c | sort -n | tail -3 20 EK 25 AP 29 AK So the "3-letter initials" approach will definitely not work for us. -- -- zvr -- -- +---------------------------+ Alexios Zavras (-zvr-) | H eytyxia den exei enoxes | zvr@pobox.com +-----------------------zvr-+ From sage-members-owner@usenix.org Sun Feb 4 05:51:55 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f14Dd7f02541 for sage-members-outgoing; Sun, 4 Feb 2001 05:39:07 -0800 (PST) Received: from plts.org (postfix@plts.org [204.178.16.48]) by usenix.org (8.11.0/8.11.0) with ESMTP id f14Dcw902537 for ; Sun, 4 Feb 2001 05:38:58 -0800 (PST) Received: by plts.org (Postfix, from userid 21643) id 2420543; Sun, 4 Feb 2001 08:38:39 -0500 (EST) Message-ID: <20010204083839.19315@plts.org> Date: Sun, 4 Feb 2001 08:38:39 -0500 From: Tom Limoncelli To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: length of the login id References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.84 In-Reply-To: ; from Rayappa Mayakunthala on Fri, Feb 02, 2001 at 04:01:46PM +0530 Sender: owner-sage-members@usenix.org Precedence: bulk Why not have some people with 3-letter logins and others with 8? Doing the conversion sounds like a big pain with no business benefit. I think an important question to ask is "what problem are you trying to solve?" and "who feels that it is a problem?" The "who" should pay the cost of the conversion. If they aren't willing to pay, then it isn't a problem. (My definition of "this is important and needs to be fixed" is multiplied by someone's willingness to pay to have it fixed. My car makes an odd noise but I'm not willing to pay to have it fixed... therefore it is a "attribute", not a "problem", of the car). If there is software that would have to be modified to handle mixed-length login ids, then maybe the cost of such conversion should be weighed against the cost of converting 300 accounts (and the new biz cards that need to be printed, etc.) If marketing feels that one is better than the other, then they should pay for the conversion. If they aren't willing to pay, then it obviously isn't a "real problem". The big issue is that NT permits >8 char logins and most (I know! I know! Not all! but "MOST" unix systems) don't permit >8 char logins. If any source code or written policies are going to be modified, I would modify things to be "3 to 8 chars" rather than 3 or 8. Variety is the spice of life. --tal -- Tom Limoncelli -- http://whatexit.org/tal -- tal@plts.org Live in New York City once, but leave before it makes you hard. Live in Northern California once, but leave before it makes you soft. --Schmich From sage-members-owner@usenix.org Sun Feb 4 08:17:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f14GC4a02743 for sage-members-outgoing; Sun, 4 Feb 2001 08:12:04 -0800 (PST) Received: from haystack.lclark.edu (haystack.lclark.edu [149.175.1.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f14GC3902739 for ; Sun, 4 Feb 2001 08:12:03 -0800 (PST) Received: from localhost (miller@localhost) by haystack.lclark.edu (8.9.3/8.9.3) with ESMTP id IAA04150; Sun, 4 Feb 2001 08:11:44 -0800 (PST) Date: Sun, 4 Feb 2001 08:11:44 -0800 (PST) From: John Miller To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: length of the login id In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Fri, 2 Feb 2001, Rayappa Mayakunthala wrote: > Our local office has recently been taken over by a new company. This new > company uses 3-char login id for both NT and Unix and our office had been > using 8-char login id for both NT and Unix. Now the question is whether we > should migrate to 3-char or not. Though it is lot of work and it is going to > break various things, this would be forced upon us by the management at some > point. This new company is 800+ employee strong and our office 300+ employee > strong and that is making me think towards 3-char as it is easy to change > few users than lot of users. > > Any thoughts? Yes - send this to Scott Adams so he can do a Sunday Dilbert Piece on it! This can be a holy war depending on the parties involved -- like whether the originator of the 3-character scheme is still around; s/he will feel obligated to defend the scheme at all costs to keep face. You didn't say what things would break so I can only make certain comments. You didn't say whether the situation was the merging of IT shops, joining security, etc. So other SAGE questions of whether this is even necessary are valid. You say "local office" vs "new company" -- Is your office IT shop going to be tightly or loosely coupled with the new company? If the best and brightest of the office and company IT shops are going to be merged as well, then there may be an opportunity to do what is best for both. For example, consider the relative health of the two existing account management systems. (Now about 3 vs 8) The 3-char logins must be some license-number-like tag. With 8, you can have some decent naming possibilities (miller, jmiller, jemiller, jem, john, millerj, johnm, etc) - and there'd be another Dilbert piece where the Boss is dumbstruck by the notion of employees having non-uniform id's. I see you have mrayappa rather than rayappam, which I suspect may be different from other's at wilco-int. Do the 800 staff at the parent company use the 3-char names for E-mail too, or is that another id, or a firstname_lastname alias!? You didn't say what the 8-char id's look like. Esthetics has a good deal to do with it in my mind. IF the 8 character id's are something like fin00025, then I extend you my sympathy. You didn't say whether 8 was the limit on the length of "8-char", or whether ALL were exactly 8. If 8 is the limit, then obviously, all the 3-char logins are already compliant with the 8-char id's. This could be a selling point for your 8-char scheme. If 8 is indeed only a limit, then your only work is to resolve duplicates between the 3-char names in the 2 companies, and join the two sets assuming they are to be joined at all. I predict this is more liable to be decided by politics than merit, but there really isn't enought information in your msg to decide. good luck! John http://www.lclark.edu/~miller From sage-members-owner@usenix.org Sun Feb 4 09:10:54 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f14H6Rm02831 for sage-members-outgoing; Sun, 4 Feb 2001 09:06:27 -0800 (PST) Received: from smtpsrv1.isis.unc.edu (smtpsrv1.isis.unc.edu [152.2.1.138]) by usenix.org (8.11.0/8.11.0) with ESMTP id f14H6Q902827 for ; Sun, 4 Feb 2001 09:06:26 -0800 (PST) Received: from login0.isis.unc.edu (harris@login0.isis.unc.edu [152.2.1.97]) by smtpsrv1.isis.unc.edu (8.9.3/8.9.1) with ESMTP id MAA05251; Sun, 4 Feb 2001 12:06:14 -0500 (EST) Received: (from harris@localhost) by login0.isis.unc.edu (AIX4.3/8.9.3/8.9.3) id MAA75144; Sun, 4 Feb 2001 12:06:14 -0500 Date: Sun, 4 Feb 2001 12:06:12 -0500 (EST) From: Trey Harris X-Sender: harris@login0.isis.unc.edu To: sage-members@usenix.org cc: sage-members@usenix.org Subject: The bearer of the burden (was Re: length of the login id) In-Reply-To: <20010204083839.19315@plts.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Sun, 4 Feb 2001, Tom Limoncelli wrote: > I think an important question to ask is "what problem are you trying to > solve?" and "who feels that it is a problem?" > > The "who" should pay the cost of the conversion. If they aren't > willing to pay, then it isn't a problem. (My definition of "this is > important and needs to be fixed" is multiplied by someone's willingness > to pay to have it fixed. My car makes an odd noise but I'm not willing > to pay to have it fixed... therefore it is a "attribute", not a > "problem", of the car). Tom, I've heard you make this comment a few times, and as a general guideline it puzzles me. Take the following case: you buy a server from company X. You plug it in, you power it on, but besides generating an acrid odor and an aesthetically displeasing noise, it doesn't seem to do anything. You call company X and they inform you that by their way of thinking, production of racket and stink are sufficient conditions for making this box a whiz-bang web server. You feel differently. Is it your responsibility, since you're the one who feels that there's a problem, to pay for the replacement? In my experience, the people who broke something (or who set it up broken to begin with) are much more likely to work around it and pretend that nothing's wrong. To my mind, their willingness to ignore the problem does not automatically make it someone else's responsibility to fix it. Trey Harris VA Linux Systems, New York From sage-members-owner@usenix.org Sun Feb 4 12:23:25 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f14KHGF03114 for sage-members-outgoing; Sun, 4 Feb 2001 12:17:16 -0800 (PST) Received: from java2.dpcsys.com (java2.dpcsys.com [206.16.184.5]) by usenix.org (8.11.0/8.11.0) with ESMTP id f14KHF903110 for ; Sun, 4 Feb 2001 12:17:15 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by java2.dpcsys.com (8.11.1/8.11.1) with ESMTP id f14KG3K76983; Sun, 4 Feb 2001 12:16:03 -0800 (PST) Date: Sun, 4 Feb 2001 12:16:03 -0800 (PST) From: Dan Busarow To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: The bearer of the burden (was Re: length of the login id) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Feb 4, Trey Harris wrote: >On Sun, 4 Feb 2001, Tom Limoncelli wrote: >> I think an important question to ask is "what problem are you trying to >> solve?" and "who feels that it is a problem?" [ delete ] > >I've heard you make this comment a few times, and as a general guideline >it puzzles me. Take the following case: you buy a server from company X. >You plug it in, you power it on, but besides generating an acrid odor and >an aesthetically displeasing noise, it doesn't seem to do anything. You >call company X and they inform you that by their way of thinking, >production of racket and stink are sufficient conditions for making this >box a whiz-bang web server. You feel differently. Is it your >responsibility, since you're the one who feels that there's a problem, to >pay for the replacement? > >In my experience, the people who broke something (or who set it up broken >to begin with) are much more likely to work around it and pretend that >nothing's wrong. To my mind, their willingness to ignore the problem does >not automatically make it someone else's responsibility to fix it. Trey, Analogies are always broken. The point is; are the people complaining "willing to pay" to fix the "problem" In my experience marketdroids can usually live with a "problem" when they find there is a cost associated with "fixing" it. Dan -- Dan Busarow 949 443 4172 Dana Point Communications, Inc. dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 From sage-members-owner@usenix.org Sun Feb 4 19:24:15 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f153IDv03771 for sage-members-outgoing; Sun, 4 Feb 2001 19:18:13 -0800 (PST) Received: from plts.org (postfix@plts.org [204.178.16.48]) by usenix.org (8.11.0/8.11.0) with ESMTP id f153IC903766 for ; Sun, 4 Feb 2001 19:18:12 -0800 (PST) Received: by plts.org (Postfix, from userid 21643) id AA37543; Sun, 4 Feb 2001 22:17:56 -0500 (EST) Message-ID: <20010204221755.59814@plts.org> Date: Sun, 4 Feb 2001 22:17:55 -0500 From: Tom Limoncelli To: sage-members@usenix.org Cc: sage-members@usenix.org, chogan@chogan.com Subject: Re: The bearer of the burden (was Re: length of the login id) References: <20010204083839.19315@plts.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.84 In-Reply-To: ; from Trey Harris on Sun, Feb 04, 2001 at 12:06:12PM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk On Sun, Feb 04, 2001 at 12:06:12PM -0500, Trey Harris wrote: > I've heard you make this comment a few times, and as a general guideline > it puzzles me. Take the following case: you buy a server from company X. Dan's email cleared things up pretty well, but I'll take on your specific example. > You plug it in, you power it on, but besides generating an acrid odor and > an aesthetically displeasing noise, it doesn't seem to do anything. You > call company X and they inform you that by their way of thinking, > production of racket and stink are sufficient conditions for making this > box a whiz-bang web server. You feel differently. Is it your > responsibility, since you're the one who feels that there's a problem, to > pay for the replacement? If you charge-back for maintaining that system, then you should pass on the cost of working around the stink and noise to them. If they are willing to pay the extra money, then you haven't made the cost a big enough problem for them. I would assume the cost would be in the tens of thousands just for the construction alone. If they pay for that, then you have actually solved the problem. However, I think a more realistic situation makes it more clear: At a previous job I was constantly surprised at how many times people would come and need a $50,000 "favor" and have no willingness to pay for it. As if the magic system administration elves could make a server appear out of thin air. Them: "Oh, we need you to supply us with a server for this VERY IMPORTANT demo." Me: "Certainly! Here's the purchase order for you to sign." Them: "No, we were hoping for a free server. Could you cobble something together out of spare parts?" Me: "We don't have that many spare parts. However, if the project is that important, then it should have funding and can purchase the server." Them: "No, but this demo will get us funded." Me: "I happen to know that you have funding for prototypes that, when proven, will lead to more funding." Them: "Did we mention that this demo is for the president of the company? It is _that_ important!!" Me: "Ah ha! Well, why didn't you say so! I've met the president of the company. He's a very smart man. In fact, he's smart enough to know that servers aren't free. He at least understands the cost of the raw materials (steel, plastic, etc.) even if he doesn't understand that computers, when fully assembled, are more expensive than their parts. Would you like me to call him and ask him to approve this purchase order? He must be smart enough to understand that important demos aren't free." Them: "Ok! We'll pay for the darn server!" I don't think this is being a BOFH, by the way. I think this is the same kind of "reward good behavior, never reward negative behaviro" techniques that one uses when training any kind of animal. (and I'm not saying that to be funny... the study of "animal behavior" includes humans). > In my experience, the people who broke something (or who set it up broken > to begin with) are much more likely to work around it and pretend that > nothing's wrong. To my mind, their willingness to ignore the problem does > not automatically make it someone else's responsibility to fix it. If the work-around causes them pain, and they put up with that pain, then they _are_ showing a willingness to pay for the problem. If they have broken something that causes me problems, then I need to make sure that they share the cost of the repairs so that they have a vested interest in not repeating the dammage. --Tom -- Tom Limoncelli -- http://whatexit.org/tal -- tal@plts.org Live in New York City once, but leave before it makes you hard. Live in Northern California once, but leave before it makes you soft. --Schmich From sage-members-owner@usenix.org Mon Feb 5 02:03:00 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f159vMk04296 for sage-members-outgoing; Mon, 5 Feb 2001 01:57:22 -0800 (PST) Received: from trinity.fluff.org (mail@trinity.fluff.org [194.153.168.225]) by usenix.org (8.11.0/8.11.0) with ESMTP id f159vK904292 for ; Mon, 5 Feb 2001 01:57:20 -0800 (PST) Received: from ajr by trinity.fluff.org with local (Exim 3.12) id 14PiO7-0004E0-00 for sage-members@usenix.org ; Mon, 05 Feb 2001 09:56:47 +0000 Date: Mon, 5 Feb 2001 09:56:47 +0000 To: sage-members@usenix.org Subject: Re: Veritas clustering Message-ID: <20010205095647.A4162@btinternet.com> Reply-To: ade.rixon@bigfoot.com Mail-Followup-To: ajr, sage-members@usenix.org References: <200102021346.IAA16879@radar.vtidev.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102021346.IAA16879@radar.vtidev.ca>; from pradeep@etrade.ca on Fri, Feb 02, 2001 at 08:46:53AM -0500 X-Home-Page: http://www.big-bubbles.home.dhs.org/ From: Adrian Rixon Sender: owner-sage-members@usenix.org Precedence: bulk 2 Feb 08:46:53 AM: Meanwhile in the Sheraton, Pradeep Subramaniam wrote: > The Veritas cluster server creates the virtual network interface > (hme0:1) assigns the pseudo IP of the cluster node to it. Since this is > not the first entry in the routing table of that machine, connections > going out of the `cluster' appear to come from the actual machine's IP > address rather than that of the `cluster'. (See outputs below). Write a script to delete the route for hme0 and then re-add it (following which it will appear after hme0:1), and run it after Cluster Server has configured the virtual IP. e.g.: #!/bin/sh route delete net 192.9.208.0 192.9.208.252 route add net 192.9.208.0 192.9.208.252 0 (You could probably write something fancier using netstat, grep & /etc/hostname.* to locate the correct route without hardwiring it into the script.) Alternatively, authorise the static host IPs as well as the cluster addresses. Ade_ / -- | Ade Rixon || http://www.big-bubbles.home.dhs.org/ || ade.rixon@bigfoot.com | "I thought my mother was a bad cook but at least her gravy used to move around. Your's just sort of sits there and *sets*." - "A Sunday Afternoon", Hancock From sage-members-owner@usenix.org Tue Feb 6 13:55:25 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f16LgQD12530 for sage-members-outgoing; Tue, 6 Feb 2001 13:42:26 -0800 (PST) Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by usenix.org (8.11.0/8.11.0) with ESMTP id f16LgO912526 for ; Tue, 6 Feb 2001 13:42:25 -0800 (PST) Received: from [172.17.1.121] (warp-core.skynet.be [195.238.2.25]) by picard.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.08) with ESMTP id f16Lg6r18587 for ; Tue, 6 Feb 2001 22:42:07 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: Date: Tue, 6 Feb 2001 22:41:51 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Updated my slides from LISA 2000 again... Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk Folks, I have again updated the material I have online at . I've now included the "MTA Review" slides which I was forced to omit from the presentation at LISA 2000 due to time constraints. I've also updated the index pages to include links to local PDF versions of the slides (created with MacGhostView 2.0), including links to the PDF versions of the annotated slides. Finally, I've also included the same material for the presentation as I plan on presenting at the UKUUG Winter Conference 2001 later this week (see for details). Feel free to take a look at these pages and give me any feedback you may have. In particular, if you find any links that are broken or do not act in a way you would expect, I would appreciate your letting me know. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Thu Feb 8 16:37:33 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f190RYw22843 for sage-members-outgoing; Thu, 8 Feb 2001 16:27:34 -0800 (PST) Received: from associates.deer-run.com (associates.deer-run.com [216.15.51.194]) by usenix.org (8.11.0/8.11.0) with ESMTP id f190RX922839 for ; Thu, 8 Feb 2001 16:27:33 -0800 (PST) Received: from deer.deer-deer.com (deer.deer-run.com [10.66.1.2]) by associates.deer-run.com (8.11.2/8.11.2) with ESMTP id f190RKr15755 for ; Thu, 8 Feb 2001 16:27:20 -0800 (PST) Received: (from hal@localhost) by deer.deer-deer.com (8.11.2/8.11.2) id f190RJ502831 for sage-members@usenix.org; Thu, 8 Feb 2001 16:27:19 -0800 (PST) Date: Thu, 8 Feb 2001 16:27:19 -0800 From: Hal Pomeranz To: sage-members@usenix.org Subject: Odd question Message-ID: <20010208162719.D26508@deer-run.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-sage-members@usenix.org Precedence: bulk Does anybody know who manufactures the CD-ROM sleeves that Sun uses to ship Solaris disks? I'm talking about the "booklet-style" cases with pages that hold two CD-ROMs on each page face (in sort of a diagonal arrangement). The ones I've seen have either two or three pages (can hold 8 or 12 CD-ROMs). I'm trying to get some made up as a promotional item, but I can't find anybody who manufactures or distributes them. I wouldn't even begin to know who to call at Sun about this. Replies to me, please. If I manage to find a suppier, I'll post their contact info back to the list. Thanks in advance. -- Hal Pomeranz, Founder/CEO Deer Run Associates hal@deer-run.com Network Connectivity and Security, Systems Management, Training From sage-members-owner@usenix.org Thu Feb 8 21:58:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f195nr224036 for sage-members-outgoing; Thu, 8 Feb 2001 21:49:53 -0800 (PST) Received: from what.snew.com (what.snew.com [206.136.64.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f195np924032 for ; Thu, 8 Feb 2001 21:49:51 -0800 (PST) Received: (from chuck@localhost) by what.snew.com (8.11.0/8.10.1) id f195nZd23690; Thu, 8 Feb 2001 21:49:35 -0800 (PST) Date: Thu, 8 Feb 2001 21:49:34 -0800 From: Chuck Yerkes To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Serial Terminal Servers Message-ID: <20010208214934.A23613@snew.com> References: <12720.980967164@splat> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <12720.980967164@splat>; from brown9@niehs.nih.gov on Wed, Jan 31, 2001 at 01:52:44PM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk I picked up a 16 port Annex terminal server on barter (I didn't want to carry a laser printer cross country and since CA has no electricity, it was a good call). These things (many brands) are on eBay and such all the time. So about any terminal server works just fine. Put a pull up resistor in to keep Sun's from getting a break with the TS resets and throw conserver on a machine to handle it, you're done. For the security aware, put it on a spare network segment with one of two "gateway" machines that run ssh (2 for redundancy). Unix machines should be managed via console serial ports. Bonus points for power management over serial port. Hardware terminal servers tend not to reboot - for years. Serial ports on Unix boxes do. Quoting Lance A. Brown (brown9@niehs.nih.gov): > The mention of conserver in the NetApp vs. EMC thread reminded me > that I'm supposed to be looking at serial port terminal server > solutions. > > My preference is to hang a bunch of serial ports off a UNIX system > and use conserver to manage them vs. some kind of standalone > network-attached terminal server gadget. From sage-members-owner@usenix.org Thu Feb 8 22:14:21 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1967Th24074 for sage-members-outgoing; Thu, 8 Feb 2001 22:07:29 -0800 (PST) Received: from what.snew.com (what.snew.com [206.136.64.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1967R924070 for ; Thu, 8 Feb 2001 22:07:28 -0800 (PST) Received: (from chuck@localhost) by what.snew.com (8.11.0/8.10.1) id f1966wr23744; Thu, 8 Feb 2001 22:06:58 -0800 (PST) Date: Thu, 8 Feb 2001 22:06:57 -0800 From: Chuck Yerkes To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: NetAps vs EMC Message-ID: <20010208220657.B23613@snew.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from dorfsmay@cuug.ab.ca on Tue, Jan 30, 2001 at 10:58:24AM -0700 Sender: owner-sage-members@usenix.org Precedence: bulk Have a friend dealing with both - he and I love the NetApps, but his throughput from a Symmetrix box was shockingly poor (compared to a PC running local IDE even). The major differences are function. Netapps do NFS really, really well. EMC's, as I understand, are intended to provide local appearing disk. The EMC/NFS thing I saw used SCO as the front end/controller. I've done the SCO ride and it firmed by belief in BSD. (not that I have strong opinions about that :) NetApp upness - my co uses it for windows as well and have had them brought down for minor OS updates - usually for under 5 minutes. Quoting Yves Dorfsman (dorfsmay@cuug.ab.ca): > Does anybody have any hard number on the reliability of NetAps vs EMC ? > > Anybody's been running NetAps filer for a long time, could you comment on > their reliability ? > > Anybody with a horror story ?? From sage-members-owner@usenix.org Fri Feb 9 08:44:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f19GdPL25463 for sage-members-outgoing; Fri, 9 Feb 2001 08:39:25 -0800 (PST) Received: from gatekeep.ti.com (gatekeep.ti.com [192.94.94.61]) by usenix.org (8.11.0/8.11.0) with ESMTP id f19GdN925459 for ; Fri, 9 Feb 2001 08:39:23 -0800 (PST) Received: from dlep7.itg.ti.com ([157.170.134.103]) by gatekeep.ti.com (8.11.1/8.11.1) with ESMTP id f19Gd4r09565 for ; Fri, 9 Feb 2001 10:39:04 -0600 (CST) Received: from dlep7.itg.ti.com (localhost [127.0.0.1]) by dlep7.itg.ti.com (8.9.3/8.9.3) with ESMTP id KAA27091 for ; Fri, 9 Feb 2001 10:39:04 -0600 (CST) Received: from sh-gpl.ti.com (mx1.sh-gpl.ti.com [158.218.196.127]) by dlep7.itg.ti.com (8.9.3/8.9.3) with ESMTP id KAA27075 for ; Fri, 9 Feb 2001 10:39:03 -0600 (CST) Received: (from root@localhost) by sh-gpl.ti.com (8.8.5/8.7.3) id KAA01882; Fri, 9 Feb 2001 10:39:02 -0600 (CST) Received: from dlep8.itg.ti.com (dlep8.itg.ti.com [157.170.134.88]) by sh-gpl.ti.com (8.8.5/8.7.3) with ESMTP id BAA11631 for ; Fri, 9 Feb 2001 01:15:32 -0600 (CST) Received: from dlep8.itg.ti.com (localhost [127.0.0.1]) by dlep8.itg.ti.com (8.9.3/8.9.3) with ESMTP id BAA21528 for ; Fri, 9 Feb 2001 01:15:32 -0600 (CST) Received: from tower.ti.com (ti.com [192.94.93.5]) by dlep8.itg.ti.com (8.9.3/8.9.3) with ESMTP id BAA21522 for ; Fri, 9 Feb 2001 01:15:31 -0600 (CST) Received: from usenix.org (voyager.usenix.org [131.106.3.1]) by tower.ti.com (8.11.1/8.11.1) with ESMTP id f197FVr11667 for ; Fri, 9 Feb 2001 01:15:31 -0600 (CST) Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1967Th24074 for sage-members-outgoing; Thu, 8 Feb 2001 22:07:29 -0800 (PST) Received: from what.snew.com (what.snew.com [206.136.64.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1967R924070 for ; Thu, 8 Feb 2001 22:07:28 -0800 (PST) Received: (from chuck@localhost) by what.snew.com (8.11.0/8.10.1) id f1966wr23744; Thu, 8 Feb 2001 22:06:58 -0800 (PST) Date: Thu, 8 Feb 2001 22:06:57 -0800 From: Chuck Yerkes To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: NetAps vs EMC Message-ID: <20010208220657.B23613@snew.com> References: Mime-Version: 1.0 X-Mailer: Mutt 1.0.1i In-Reply-To: ; from dorfsmay@cuug.ab.ca on Tue, Jan 30, 2001 at 10:58:24AM -0700 Sender: owner-sage-members@usenix.org Precedence: bulk Have a friend dealing with both - he and I love the NetApps, but his throughput from a Symmetrix box was shockingly poor (compared to a PC running local IDE even). The major differences are function. Netapps do NFS really, really well. EMC's, as I understand, are intended to provide local appearing disk. The EMC/NFS thing I saw used SCO as the front end/controller. I've done the SCO ride and it firmed by belief in BSD. (not that I have strong opinions about that :) NetApp upness - my co uses it for windows as well and have had them brought down for minor OS updates - usually for under 5 minutes. Quoting Yves Dorfsman (dorfsmay@cuug.ab.ca): > Does anybody have any hard number on the reliability of NetAps vs EMC ? > > Anybody's been running NetAps filer for a long time, could you comment on > their reliability ? > > Anybody with a horror story ?? From sage-members-owner@usenix.org Fri Feb 9 08:44:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f19GdGV25449 for sage-members-outgoing; Fri, 9 Feb 2001 08:39:16 -0800 (PST) Received: from gatekeep.ti.com (gatekeep.ti.com [192.94.94.61]) by usenix.org (8.11.0/8.11.0) with ESMTP id f19GdF925445 for ; Fri, 9 Feb 2001 08:39:15 -0800 (PST) Received: from dlep7.itg.ti.com ([157.170.134.103]) by gatekeep.ti.com (8.11.1/8.11.1) with ESMTP id f19Gcur09505 for ; Fri, 9 Feb 2001 10:38:56 -0600 (CST) Received: from dlep7.itg.ti.com (localhost [127.0.0.1]) by dlep7.itg.ti.com (8.9.3/8.9.3) with ESMTP id KAA26812 for ; Fri, 9 Feb 2001 10:38:55 -0600 (CST) Received: from sh-gpl.ti.com (mx1.sh-gpl.ti.com [158.218.196.127]) by dlep7.itg.ti.com (8.9.3/8.9.3) with ESMTP id KAA26798 for ; Fri, 9 Feb 2001 10:38:55 -0600 (CST) Received: (from root@localhost) by sh-gpl.ti.com (8.8.5/8.7.3) id KAA01849; Fri, 9 Feb 2001 10:38:54 -0600 (CST) Received: from dlep6.itg.ti.com (dlep6.itg.ti.com [157.170.188.9]) by sh-gpl.ti.com (8.8.5/8.7.3) with ESMTP id AAA11264 for ; Fri, 9 Feb 2001 00:57:40 -0600 (CST) Received: from dlep6.itg.ti.com (localhost [127.0.0.1]) by dlep6.itg.ti.com (8.9.3/8.9.3) with ESMTP id AAA12314 for ; Fri, 9 Feb 2001 00:57:39 -0600 (CST) Received: from tower.ti.com (ti.com [192.94.93.5]) by dlep6.itg.ti.com (8.9.3/8.9.3) with ESMTP id AAA12304 for ; Fri, 9 Feb 2001 00:57:39 -0600 (CST) Received: from usenix.org (voyager.usenix.org [131.106.3.1]) by tower.ti.com (8.11.1/8.11.1) with ESMTP id f196vcr06399 for ; Fri, 9 Feb 2001 00:57:38 -0600 (CST) Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f195nr224036 for sage-members-outgoing; Thu, 8 Feb 2001 21:49:53 -0800 (PST) Received: from what.snew.com (what.snew.com [206.136.64.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f195np924032 for ; Thu, 8 Feb 2001 21:49:51 -0800 (PST) Received: (from chuck@localhost) by what.snew.com (8.11.0/8.10.1) id f195nZd23690; Thu, 8 Feb 2001 21:49:35 -0800 (PST) Date: Thu, 8 Feb 2001 21:49:34 -0800 From: Chuck Yerkes To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Serial Terminal Servers Message-ID: <20010208214934.A23613@snew.com> References: <12720.980967164@splat> Mime-Version: 1.0 X-Mailer: Mutt 1.0.1i In-Reply-To: <12720.980967164@splat>; from brown9@niehs.nih.gov on Wed, Jan 31, 2001 at 01:52:44PM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk I picked up a 16 port Annex terminal server on barter (I didn't want to carry a laser printer cross country and since CA has no electricity, it was a good call). These things (many brands) are on eBay and such all the time. So about any terminal server works just fine. Put a pull up resistor in to keep Sun's from getting a break with the TS resets and throw conserver on a machine to handle it, you're done. For the security aware, put it on a spare network segment with one of two "gateway" machines that run ssh (2 for redundancy). Unix machines should be managed via console serial ports. Bonus points for power management over serial port. Hardware terminal servers tend not to reboot - for years. Serial ports on Unix boxes do. Quoting Lance A. Brown (brown9@niehs.nih.gov): > The mention of conserver in the NetApp vs. EMC thread reminded me > that I'm supposed to be looking at serial port terminal server > solutions. > > My preference is to hang a bunch of serial ports off a UNIX system > and use conserver to manage them vs. some kind of standalone > network-attached terminal server gadget. From sage-members-owner@usenix.org Fri Feb 9 08:46:04 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f19GhHS25489 for sage-members-outgoing; Fri, 9 Feb 2001 08:43:17 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f19GhCL25483 for sage-members@usenix.org; Fri, 9 Feb 2001 08:43:12 -0800 (PST) Received: from emis-intl.com ([208.226.242.25]) by usenix.org (8.11.0/8.11.0) with ESMTP id f18Nak922420 for ; Thu, 8 Feb 2001 15:36:46 -0800 (PST) Received: from rdulnx003.emis-intl.com (rdulnx003.emis-intl.com [10.90.132.28]) by emis-intl.com (8.9.3+Sun/8.9.3) with ESMTP id SAA04934; Thu, 8 Feb 2001 18:36:21 -0500 (EST) Received: (from majordomo@localhost) by rdulnx003.emis-intl.com (8.9.3/8.9.3) id SAA08807 for ncsa-announce-outgoing; Thu, 8 Feb 2001 18:33:44 -0500 X-Authentication-Warning: rdulnx003.emis-intl.com: majordomo set sender to owner-ncsa-announce@networks.com using -f Received: from emis-intl.com (ftp.emis-intl.com [10.90.132.25]) by rdulnx003.emis-intl.com (8.9.3/8.9.3) with ESMTP id SAA08804 for ; Thu, 8 Feb 2001 18:33:42 -0500 Received: from emis-intl.com (rdulnx001.emis-intl.com [10.90.132.23]) by emis-intl.com (8.9.3+Sun/8.9.3) with ESMTP id SAA04731 for ; Thu, 8 Feb 2001 18:34:11 -0500 (EST) Message-Id: <200102082334.SAA04731@emis-intl.com> Date: Thu, 8 Feb 2001 18:32:18 -0500 (EST) From: Stephen.Schaefer@emis-intl.com Subject: NC*SA Meeting - Monday, February 12, 2001 - EMC Clariion To: sage-members@usenix.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Sender: owner-sage-members@usenix.org Precedence: bulk Greetings! The next meeting of the North Carolina System Administrators organization (NC*SA) is upcoming. Details about the meeting and directions are provided in this note. We hope to see you there! NC*SA General Meeting 6:00 p.m., Monday, February 12, 2001 Dreyfus Laboratory Research Triangle Institute Research Triangle Park, NC (directions below) Topic: "EMC Clariion Network-Attached Storage Systems" Speaker: Tim Hicks EMC Sponsors: Please see the end of this announcement for a list of our sponsors. ============================== Presentation abstract: EMC Corporation will present the EMC CLARiiON IP4700 network attached storage system. This new product targets the mid-range NAS market with an unprecedented combination of technology, high availability, and customer service. The product, code named Chameleon, can easily be converted to direct attached storage for production database requirements. Speaker bio: Tim Hicks is a seasoned veteran of the computer industry with experience in mainframe, distributed systems, unix systems, networks, and NT administration. Throughout his career, Tim has served in numerous consulting, technical sales, and systems engineering positions for Compaq, DEC, Wang and Sperry UNIVAC. Tim currently is based in Raleigh for EMC and serves as a technical consultant for enterprise storage applications. ============================== Our meetings are free and open to anyone with an interest in the topic of the evening and/or system administration. We will be providing food and drink for the evening. If you have any questions please contact: Lisa Lorenzin Utenzi (919) 852-0690 lorenzin@utenzi.com or the Steering Committee at: ncsa-steer@ncsysadmin.org ============================== For information about the NC System Administrators group, please see our web site at . We have several usually-low-volume mailing lists that you can join: ncsa-discussion .. general discussion ncsa-announce .... meeting announcements ncsa-jobs ........ employment opportunities ncsa-steer ....... steering committee These are currently run on a Majordomo list manager at ; usual majordomo commands apply. Please see this page on our web site for more information about these lists: For other information on (un)subscribing from this, or any other NC*SA list, send e-mail to . Put the word 'help' on a line by itself to receive instructions on proper interaction with majordomo. When unsubscribing feel free to use the wildcard (*) to insure that you are removed from all of our lists in one fell swoop. (Please note, if you are a member of , you will also get a copy of these announcements. We cannot unsubscribe you from that list.) ============================== Directions to Research Triangle Institute: Please see this page on our web site for directions to the meeting: . If you do not have web access, please send e-mail to , and we will send them to you. For a map of RTI, please see: . ============================== Sponsors and Underwriters ============================== Gold Sponsors ------------- The following organizations have been major contributors to NC*SA. Their generous contributions and funding have been instrumental in the continued success of NC*SA: Auspex Dot Hill Duke University Computer Science Lab Network Computing Solutions, Inc. Pencom StorNet Silver Sponsors --------------- The following organizations and individuals have made significant contributions to and have underwritten meetings of NC*SA. Research Triangle Institute ........ provide our meeting space eMerging Information Systems ....... host our mailing lists WebslingerZ, Inc. .................. host our web site ===== End ===== From sage-members-owner@usenix.org Sat Feb 10 21:58:08 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1B5iM701889 for sage-members-outgoing; Sat, 10 Feb 2001 21:44:22 -0800 (PST) Received: from what.snew.com (what.snew.com [206.136.64.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1B5iL901885 for ; Sat, 10 Feb 2001 21:44:21 -0800 (PST) Received: (from chuck@localhost) by what.snew.com (8.11.0/8.10.1) id f1B5hsW31487; Sat, 10 Feb 2001 21:43:54 -0800 (PST) Date: Sat, 10 Feb 2001 21:43:53 -0800 From: Chuck Yerkes To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Serial Terminal Servers Message-ID: <20010210214353.A31472@snew.com> References: <200102011846.f11IkWO50139@bunrab.catwhisker.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <200102011846.f11IkWO50139@bunrab.catwhisker.org>; from david@catwhisker.org on Thu, Feb 01, 2001 at 10:46:32AM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk I've generally just soldered in a pullup resistor in the 232 line. Celeste Sokely's web site has the info at http://www.stokely.com/unix.sysadm.resources/faqs.sun.html and it's around at other sites. Perhaps useful to bribe a kid good with a soldering iron to make you a dozen or two if you're a large shop. Quoting David Wolfskill (david@catwhisker.org): > I recall that one of the contributors to this thread mentioned the symptom > of a "BREAK" being seen as a result of power-cycling the device on the > other end of the cable. > > I was just leafing through a recently-received copy of the catalog for > Workstation Express (htt://www.workstationexp.com/), and note that on > the back cover, they advertise "Non-Aborting Serial Console" adapters > of various flavors (at US$89 each). > > I've never used these, so I cannot attest to how well they work. For that > matter, I've never purchased anything from Workstation Express -- I had > merely requested their catalog on the recommendation of a colleague. > > But if anyone has used one (or does use one), it might be worth reporting > back on experiences.... > > Cheers, > david > -- > David H. Wolfskill david@catwhisker.org > As a computing professional, I believe it would be unethical for me to > advise, recommend, or support the use (save possibly for personal > amusement) of any product that is or depends on any Microsoft product. From sage-members-owner@usenix.org Mon Feb 12 14:56:06 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1CMj9v08434 for sage-members-outgoing; Mon, 12 Feb 2001 14:45:09 -0800 (PST) Received: from associates.deer-run.com (associates.deer-run.com [216.15.51.194]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1CMj8908430 for ; Mon, 12 Feb 2001 14:45:08 -0800 (PST) Received: from deer.deer-deer.com (deer.deer-run.com [10.66.1.2]) by associates.deer-run.com (8.11.2/8.11.2) with ESMTP id f1CMirr28859 for ; Mon, 12 Feb 2001 14:44:53 -0800 (PST) Received: (from hal@localhost) by deer.deer-deer.com (8.11.2/8.11.2) id f1CMiro24044 for sage-members@usenix.org; Mon, 12 Feb 2001 14:44:53 -0800 (PST) Date: Mon, 12 Feb 2001 14:44:53 -0800 From: Hal Pomeranz To: sage-members@usenix.org Subject: [SUMMARY] Odd question Message-ID: <20010212144453.E19183@deer-run.com> References: <20010208162719.D26508@deer-run.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010208162719.D26508@deer-run.com>; from hal@deer-run.com on Thu, Feb 08, 2001 at 04:27:19PM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk Last week I queried the list: > Does anybody know who manufactures the CD-ROM sleeves that Sun uses > to ship Solaris disks? I'm talking about the "booklet-style" cases > with pages that hold two CD-ROMs on each page face (in sort of a > diagonal arrangement). The ones I've seen have either two or three > pages (can hold 8 or 12 CD-ROMs). One of the Sun folks on the mailing list was kind enough to forward my query to an internal source at Sun who had the correct answer (names witheld so these kind people don't get buried with other random requests for information). The manufacturer is Univenture Disk Packaging and Systems, found on the Web at https://www.univenture.com/. It's a frames site, so click on the "18. Media Folders" link in the lefthand frame to get to the item I was looking for (you can actually see a Sun logo media folder carefully hidden at the back of the picture!). They've got some other cool looking stuff for storing CDs and DVDs on the site as well. -- Hal Pomeranz, Founder/CEO Deer Run Associates hal@deer-run.com Network Connectivity and Security, Systems Management, Training From sage-members-owner@usenix.org Wed Feb 14 08:01:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1EFuKu18391 for sage-members-outgoing; Wed, 14 Feb 2001 07:56:20 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1EFuKT18386 for sage-members@usenix.org; Wed, 14 Feb 2001 07:56:20 -0800 (PST) Received: from mail.snert.net (mail.snert.net [195.5.195.101]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1E0Ho915360 for ; Tue, 13 Feb 2001 16:17:50 -0800 (PST) Received: from snert.com ([195.10.32.53]) by mail.snert.net (8.11.1/8.11.1) with ESMTP id f1E0aPw19713 for ; Wed, 14 Feb 2001 01:36:25 +0100 Message-ID: <3A89CE92.2BFF97BB@snert.com> Date: Wed, 14 Feb 2001 01:17:22 +0100 From: Anthony Howe Organization: Snert X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: sage-members@usenix.org Subject: Help with MRTG & BayStack 303 switch. Content-Type: multipart/mixed; boundary="------------CB97209155AE6200F704D1F5" Sender: owner-sage-members@usenix.org Precedence: bulk This is a multi-part message in MIME format. --------------CB97209155AE6200F704D1F5 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I'm new to MRTG, have read the documentation front to back, and hunted through the third party material on the web site, and I'm still stuck and running out of time. I thought some of you might have some experience with MRTG & BayStack switches. I have been asked to install something in an customer's office who lease their bandwidth to other businesses in the building, a means to monitor consumed bandwidth. Each of their clients passes through a port on a BayStack 303 switch. I chose MRTG because it is an inexpensive solution that works on Unix-like and Windows systems and appeared appropriate to the job. Q1: It is possible to monitor and graph "volume of data", instead of speed? I've tried playing with the gauge, absolute, and MaxBytes values and I just can't seem to get output that makes sense. I would expect to see an ever increasing slope. Q2: More importantly, are there OIDs for the BayStack switch that count the number of bytes in & out on *each* port? I've tried looking at BayNetworks web site for this information, but can't find want I need to know. -- Anthony C Howe 1489 Ch. des Collines, 06110 Le Cannet, France +33 6 11 89 73 78 (p) +33 4 93 46 89 01 (f) ICQ# 7116561 mailto:achowe@snert.com http://www.snert.com/ --------------CB97209155AE6200F704D1F5 Content-Type: text/x-vcard; charset=us-ascii; name="achowe.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Anthony Howe Content-Disposition: attachment; filename="achowe.vcf" begin:vcard n:Howe;Anthony tel;pager:ICQ 7116561 tel;cell:+33 6 11 89 73 78 tel;fax:+33 4 93 46 91 27 x-mozilla-html:FALSE url:http://www.snert.com/ org:Snert version:2.1 email;internet:achowe@snert.com adr;quoted-printable:;;Villa Magnolia=0D=0A1489 Chemin des Collines;Le Cannet;Alpes-Maritimes;06110;France fn:Anthony Howe end:vcard --------------CB97209155AE6200F704D1F5-- From sage-members-owner@usenix.org Wed Feb 14 08:01:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1EFpjT18341 for sage-members-outgoing; Wed, 14 Feb 2001 07:51:45 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1EFpjZ18336 for sage-members@usenix.org; Wed, 14 Feb 2001 07:51:45 -0800 (PST) Received: from wonderlan.midgard.net (wonderlan.midgard.net [216.240.38.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1E8Fo917545 for ; Wed, 14 Feb 2001 00:15:50 -0800 (PST) Received: from wonderlan.midgard.net (localhost.midgard.net [127.0.0.1]) by wonderlan.midgard.net (Postfix) with ESMTP id 16B2110CC6 for ; Wed, 14 Feb 2001 00:15:35 -0800 (PST) From: Richard Threadgill Subject: Strata suggested I forward this to you folks as well... To: sage-members@usenix.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <18254.982138535.1@wonderlan.midgard.net> Date: Wed, 14 Feb 2001 00:15:35 -0800 Message-ID: <18256.982138535@wonderlan.midgard.net> Sender: owner-sage-members@usenix.org Precedence: bulk Giving good report, or, I keep doing work, why do they keep yelling at me? Lots of techies give really lousy progress reports, and are basically hell on their managers for no good reason. This is particularly bad for sysadmin types, systems programmers, and other people who love math too much. I spent several hours with a coworker last week discussing 'how not to be an employee of doom,' and these are my notes from that conversation. First an aside - these notes offer advice both for techies in general, who often have a pretty sucky model for the pressures on, and motivations of, their management, and advice for systems and math people in particular. Math people have two classes of problems: trivial problems, which merely need typing at, or the identification of the existing solution; and unsolved problems, which require thinking, hypothesis, and potentially experimentation. This leads them to often front-load their work, going through the list of their tasks and performing the 'hard' tasks first because the others are 'just work.' Systems people have a strong tendency to be moderately ADD as well, because its a *really* useful trait in a high-interrupt environment where you need to context-switch pretty completely. Unfortunately, it leads to some work habits which make their behavior (our behavior) *really* unpredictable. Management can tell how often they're getting complained to about things we haven't gotten done, and how often you're reporting finishing tasks which they cared a lot about personally, and that's about it. This makes writing job req justifications basically impossible. And that sucks, because it means you get fewer raises and spend all of your time being overworked. It also means that development managers basically can't deal with you in any constructive way, because your behavior is inexplicable and unpredictable. Finally, this document is designed for people who have a soft handle on how much time they spend on tasks, because they think about tasks from the perspective of difficulty rather than from the perspective of expected time-to-accomplish. So, some rules for being easier to manage. o First and foremost, NEVER go radio silent. This is your manager's worst nightmare - they don't know what you're doing, they can't defend spending their resources on it, and they don't know when you'll finish. So, if you are about to embark upon a task which *may* cause you to go quiet for a while, discuss it with your manager first. Be prepared for them to direct you to attack a different problem first, so that they (and you) can build some capital to defend you while you're silent. Think of this as you giving your manager a good answer to the question 'what has that employee done for you lately?' when they get asked by their peers and their management. This makes their life easier. o Give status early and often. This makes your manager's life easier. Most of the rest of this document will talk about how you can order your work and reporting to make your work more predictable and thereby more obviously valuable. o Attempt to show consistent levels of output. This creates a perception of predictability, and changes the conversation your boss has with his boss from 'Has Dave gone silent again? Do we know what he's working on this time?' to 'How's the really huge project we asked Dave to deal with coming? Are we interrupting him with too many other little tasks?' o Order your tasks so that you generate useable, partial, visible results ofte. This allows other people to get leverage from your work quickly, and makes your manager's life easier. This hurtles headlong into the math-geek work-ordering, which tends to start with 'do the hard bits, because we don't know if those are possible, and that's the most important thing to learn before we get into this too deeply.' Unfortunately, this behavior gets interpreted by a lot of managers as 'Dave just wants to do the fun bits and never does the actual work.' So while it will make your teeth itch, gang, when you do your task breakdown, plan to do a bunch of the simple ones *in parallel* with the hard, thinking about bits. I know this will sometimes mean you run down a rathole building trivial bits of a non-tractable task. You'll be showing progress while you lose, which is vastly better than not-showing progress while you lose more quickly. Your manager will almost never get points for you finding out that a solution is intractable faster than you might have. Check - if that's actually your job, much of this document is not for you. o When beginning a project, make a list of tasks. Then make a list of questions which must be answered to perform those tasks, including who needs to answer those questions. Note which ones you have already answered. I know it sounds crazy, work with me on this one. Now, in another document, note what those answers are that you already have. Do *not* spend time trying to determine new answers at this stage - either you already have the answer, or it should be listed as a 'collect somewhow' question. Send a copy to your manager, this makes their life easier, and forward selected portions of the list to each potential answerer. This gets answering your questions into *their* task queue. Each one of those 'collect answer' questions should be treated as a task. Now begin performing tasks. o Make daily logs. All ADD people who aren't stupid get parts of many more tasks done every day than anyone else expects. Don't expect to remember what you've been doing, write it down as you work on things so that you can forward it at regular intervals. Its easier for your manager to throw away data (if you've organized it well for them) than it is for them to extract it from you if you can't remember things. BTW, this is one of the skills which makes admins really love a manager - this near-psychic ability to figure out what their staff are actually working on, even though their staff aren't very communicative, which comes from lots of domain experience. They used to be admins themselves, and they're good at interpreting those reticent grunts you give out when you're slogging through a lame nameservice problem for the fourth day in a row, but you're still making progress, so you're not at the 'just firebomb the vendor and get it over with' stage. o If you are hit with inspiration, work on that task until you run out of steam. Take good notes while you're doing so. Then complete a trivial task. o Do not work on more than one complex task per day, unless you have a) finished a complex task, or b) you are inspired. Don't let a unit-of-time go by without finishing at least one task. o Try to make your list of tasks contain tasks of comparable amounts of temporal effort. Perform those tasks by strictly alternating trivial tasks and complex tasks within a unit-of-time (day/week/whatever). o Once per mega-unit-of-time, ask people who you need information from (see the task listing task above) to answer the questions you need them to answer. Getting information from someone is a (not always trivial) task. Do not attempt to get information from more than one person/day - keep trying to get info from different people until *someone* gives you at least one answer, but stop when you've succeeded with one of them. If other people send you answers, that's gravy, but you don't want to go radio silent because you're spending days on end appearing to block while you're trying to extract information from other people. If someone answers "Go find the information in a named location," that should be construed as an answer for the purposes of this discussion, although it creates a 'collect information from a known document' task. "I don't know" is not an answer, but changes your list of people to ask. If you get an answer or an "I don't know," write down the answer in your answers list. o Finally, let me reiterate the cardinal rule: Silence is bad. Management cannot differentiate between someone who's gone off the deep end and is over their head, someone who is malingering, someone who's trying to solve an intractable problem, and someone who is making progress on a hard design issue. You'll note that almost all of those options are bad. If you don't tell your manager what you're doing in a way that they can easily communicate to their peers, you're creating a lot of new work for your manager in two ways: first, by creating a need for them to defend you to their peers, and secondly by making it actually difficult for them to do so. Good managers will review and evaluate their own focus and resource allocation continually. Making it easy for them do to so is good for both of you. Yours in service, RichardT From sage-members-owner@usenix.org Wed Feb 14 12:56:21 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1EKpVP21165 for sage-members-outgoing; Wed, 14 Feb 2001 12:51:31 -0800 (PST) Received: from audities (64-32-164-80.sfo3.phoenixdsl.net [64.32.164.80]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1EKpU921161 for ; Wed, 14 Feb 2001 12:51:30 -0800 (PST) Received: from michael by audities with local (Exim 3.22 #1) id 14T8wf-0000jc-00 for sage-members@usenix.org; Wed, 14 Feb 2001 12:54:37 -0800 Date: Wed, 14 Feb 2001 12:54:37 -0800 From: Michael Coxe To: sage-members@usenix.org Subject: Speaking of daily logs... [Strata suggested...] Message-ID: <20010214125437.A2463@audities.audities.net> References: <18256.982138535@wonderlan.midgard.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2us In-Reply-To: <18256.982138535@wonderlan.midgard.net> Sender: owner-sage-members@usenix.org Precedence: bulk On 02/14/01, Richard Threadgill (as "richardt@midgard.net") wrote: > o Make daily logs. All ADD people who aren't stupid get parts of > many more tasks done every day than anyone else expects. > Don't expect to remember what you've been doing, write it down > as you work on things so that you can forward it at regular > intervals. (plus many other 'logging' mentions in the text) The extreme multitasking required of the present day admin doesn't make it easier, that's for sure. I have recently found grep'able logfiles essential to my work, as the previous sysadmin (long gone before my arrival) kept copious logs of essentially everthing he did. Yes, there's higher level docs & README's, but many times that only covered the concept, not enough to fix what's broke, update or add functionality, especially when treading into unknown territory. What do you use for daily sysadmin logs? In my past I've had varying degrees of success at keeping daily logs, but it usually boiled down to not having the right tool for the job, and thus my 'success rate' declined instead of becoming second nature. I've used 'script', numerous cut-and-paste methods, and email. But what (I think :|) I really want is a 'script'-like program with time-stamping, dated-filename rollover, differentiation between raw logs and comments, configurable from an 'rc' file, accessible from disparate sources/ systems/networks ala syslog, usable w/o thinking (the 2nd nature thing). Anything available? - michael coxe, himself From sage-members-owner@usenix.org Wed Feb 14 15:55:45 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1ENpeB10786 for sage-members-outgoing; Wed, 14 Feb 2001 15:51:40 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1ENpc910781 for ; Wed, 14 Feb 2001 15:51:38 -0800 (PST) Received: from [10.0.1.3] (dialup370.brussels2.skynet.be [195.238.24.114]) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.10) with ESMTP id f1ENpFq16711; Thu, 15 Feb 2001 00:51:15 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <18256.982138535@wonderlan.midgard.net> References: <18256.982138535@wonderlan.midgard.net> Date: Thu, 15 Feb 2001 00:49:28 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Strata suggested I forward this to you folks as well... Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 12:15 AM -0800 2001/2/14, Richard Threadgill wrote: > o Finally, let me reiterate the cardinal rule: Silence is bad. > Management cannot differentiate between someone who's gone off > the deep end and is over their head, someone who is > malingering, someone who's trying to solve an intractable > problem, and someone who is making progress on a hard design > issue. You'll note that almost all of those options are bad. Silence is bad on both sides. We also need pointers on how to deal with silence from our managers, silence which may go on literally for months. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Wed Feb 14 18:13:38 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1F29M121933 for sage-members-outgoing; Wed, 14 Feb 2001 18:09:22 -0800 (PST) Received: from vielle.datasys.net (IDENT:root@0.enet.vielle.datasys.net [208.206.129.153]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1F29J921929 for ; Wed, 14 Feb 2001 18:09:20 -0800 (PST) Received: (from mark@localhost) by vielle.datasys.net (8.11.0/8.11.0) id f1F2DpL12565; Wed, 14 Feb 2001 21:13:51 -0500 Message-Id: <200102150213.f1F2DpL12565@vielle.datasys.net> From: lindsey@acm.org (Mark R. Lindsey) Date: Wed, 14 Feb 2001 21:13:45 -0500 Reply-To: lindsey@acm.org (Mark R. Lindsey) X-Mailer: Mail User's Shell (7.2.6 beta(4) 03/19/98) To: sage-members@usenix.org Subject: Re: Speaking of daily logs... [Strata suggested...] Sender: owner-sage-members@usenix.org Precedence: bulk michael coxe, himself, wrote: : What do you use for daily sysadmin logs? I have problems keeping a decent work log on the computer. I've opted to use a paper Daily Journal. Office-supply stores sell them in various sizes; it has at least one page per calendar day. Most of my configs live in cvs, and detailed notes go into bugzilla, but the paper log can track conversations, specific requests, partial progress, phone numbers, bug/issue numbers, &c. Saturday and Sunday pages can be used for sketches. :-) I've read (ORA ``Practical Unix and Internet Security'', spaf/simsong, I think) that paper logs tend to make better court evidence than do computer files. Nevertheless, May You Never Have to Testify on Your Work Logs in Court! From sage-members-owner@usenix.org Thu Feb 15 07:36:59 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1FFWEp23461 for sage-members-outgoing; Thu, 15 Feb 2001 07:32:14 -0800 (PST) Received: from denali.loopback.net (nat-pool.corp.redhat.com [199.183.24.200] (may be forged)) by usenix.org (8.11.0/8.11.0) with ESMTP id f1FFWC923457 for ; Thu, 15 Feb 2001 07:32:13 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f1FFVbl09069; Thu, 15 Feb 2001 10:31:37 -0500 Date: Thu, 15 Feb 2001 10:31:37 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Strata suggested I forward this to you folks as well... Message-ID: <20010215103136.A8988@redhat.com> References: <18256.982138535@wonderlan.midgard.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="+QahgC5+KEYLbs62" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from brad.knowles@skynet.be on Thu, Feb 15, 2001 at 12:49:28AM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 15, 2001 at 12:49:28AM +0100, Brad Knowles mailed: > At 12:15 AM -0800 2001/2/14, Richard Threadgill wrote: >=20 > > o Finally, let me reiterate the cardinal rule: Silence is bad. > > Management cannot differentiate between someone who's gone off > > the deep end and is over their head, someone who is > > malingering, someone who's trying to solve an intractable > > problem, and someone who is making progress on a hard design > > issue. You'll note that almost all of those options are bad. >=20 > Silence is bad on both sides. We also need pointers on how to=20 > deal with silence from our managers, silence which may go on=20 > literally for months. I was in a situation for a while where I was living and working in the UK (= I'm merkin by birth) for a few months. The idea had been my managers and was truely wonderful ... until my manager stopped talking, literally just about the day I arrived over the pond. After a few months of not knowing what I w= as supposed to do, not having the resources when I figured it out, and costing the local office money and giving no return, I had to do something. In my c= ase the appropriate response was to contact *his* boss (the CFO) and HR at the same time. --=20 Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary= ." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --+QahgC5+KEYLbs62 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6i/ZY5AZBSxmJOhkRArLSAJ45kaq057QPV/ATSvYJSHqfuE+56gCfd/jO JXwEUTw95COJPya/KV09ohI= =VsiJ -----END PGP SIGNATURE----- --+QahgC5+KEYLbs62-- From sage-members-owner@usenix.org Thu Feb 15 08:48:49 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1FGgqA23716 for sage-members-outgoing; Thu, 15 Feb 2001 08:42:52 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1FGgo923712 for ; Thu, 15 Feb 2001 08:42:50 -0800 (PST) Received: from [172.17.1.121] (warp-core.skynet.be [195.238.2.25]) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.10) with ESMTP id f1FGgAq22977; Thu, 15 Feb 2001 17:42:10 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20010215103136.A8988@redhat.com> References: <18256.982138535@wonderlan.midgard.net> <20010215103136.A8988@redhat.com> Date: Thu, 15 Feb 2001 17:37:42 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Strata suggested I forward this to you folks as well... Cc: sage-members@usenix.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 10:31 AM -0500 2001/2/15, Bryan C. Andregg wrote: > After a few months of not knowing >what I was > supposed to do, not having the resources when I figured it out, and costing > the local office money and giving no return, I had to do something. >In my case > the appropriate response was to contact *his* boss (the CFO) and HR at the > same time. Once things are finalized and the ink is drying, I'll let you know what my solution is. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Thu Feb 15 09:07:26 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1FH46623897 for sage-members-outgoing; Thu, 15 Feb 2001 09:04:06 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1FH45d23892 for sage-members@usenix.org; Thu, 15 Feb 2001 09:04:05 -0800 (PST) Received: from sdrc.com (heimdall.sdrc.com [146.122.132.195]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1FEdg923330 for ; Thu, 15 Feb 2001 06:39:42 -0800 (PST) Received: from tyr.sdrc.com (mailhub-cvg.sdrc.com [146.122.142.31]) by sdrc.com (8.9.1/8.9.1) with ESMTP id JAA21965; Thu, 15 Feb 2001 09:39:25 -0500 (EST) Received: from weirdness.com (suncor3.sdrc.com [146.122.6.11]) by tyr.sdrc.com (8.8.6 (PHNE_17190)/8.8.5) with ESMTP id JAA13917; Thu, 15 Feb 2001 09:39:23 -0500 (EST) Message-ID: <3A8BEA1B.88D750B4@weirdness.com> Date: Thu, 15 Feb 2001 09:39:23 -0500 From: Paul Joslin Organization: SDRC, Information Services X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org CC: sage-members@usenix.org Subject: Re: Speaking of daily logs... References: <18256.982138535@wonderlan.midgard.net> <20010214125437.A2463@audities.audities.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Michael Coxe wrote: What do you use for daily sysadmin logs? I recommend plod, by Hal Pomeranz. I used to use V1.7, but a newer version might be available. If you live in Emacs, there's even a 'plod-mode.el' that integrates very nicely. I'm now away from my desk more, and rely on Datebk4 on my Palm III. It's easy to create categories of Todo items, Memos, and Appointments, and to attach notes to them. If you're going to be doing a lot of text entry, you might want to consider a keyboard as well. -- Paul R. Joslin paul.joslin@sdrc.com The man who sets out to carry a cat by its tail learns something that will always be useful and which never will grow dim or doubtful. -- Mark Twain. From sage-members-owner@usenix.org Thu Feb 15 10:12:44 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1FI7D424257 for sage-members-outgoing; Thu, 15 Feb 2001 10:07:13 -0800 (PST) Received: from associates.deer-run.com (associates.deer-run.com [216.15.51.194]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1FI7C924253 for ; Thu, 15 Feb 2001 10:07:12 -0800 (PST) Received: from deer.deer-deer.com (deer.deer-run.com [10.66.1.2]) by associates.deer-run.com (8.11.2/8.11.2) with ESMTP id f1FI6ur10716; Thu, 15 Feb 2001 10:06:56 -0800 (PST) Received: (from hal@localhost) by deer.deer-deer.com (8.11.2/8.11.2) id f1FI6uC25130; Thu, 15 Feb 2001 10:06:56 -0800 (PST) Date: Thu, 15 Feb 2001 10:06:55 -0800 From: Hal Pomeranz To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Speaking of daily logs... Message-ID: <20010215100655.B22723@deer-run.com> References: <18256.982138535@wonderlan.midgard.net> <20010214125437.A2463@audities.audities.net> <3A8BEA1B.88D750B4@weirdness.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A8BEA1B.88D750B4@weirdness.com>; from paul.joslin@weirdness.com on Thu, Feb 15, 2001 at 09:39:23AM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk On Thu Feb 15 09:39, Paul Joslin wrote: > Michael Coxe wrote: > What do you use for daily sysadmin logs? > > I recommend plod, by Hal Pomeranz. I used to use V1.7, but a newer > version might be available. If you live in Emacs, there's even a > 'plod-mode.el' that integrates very nicely. I wrote to Michael privately extolling the virtues of PLOD, but just to update Paul's comments: yes, there is a newer version of PLOD (including some Y2K fixes from the version that Paul is currently using), and the canonical source repository for PLOD is now http://www.deer-run.com/~hal/plod/ It's nice to know that there are folks out there still using PLOD. Enjoy! -- Hal Pomeranz, Founder/CEO Deer Run Associates hal@deer-run.com Network Connectivity and Security, Systems Management, Training From sage-members-owner@usenix.org Fri Feb 16 07:33:54 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1GFOj929283 for sage-members-outgoing; Fri, 16 Feb 2001 07:24:45 -0800 (PST) Received: from mail.ben-tech.com (colo-204-186-59-225.dejazzd.com [204.186.59.225]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GFOh929279 for ; Fri, 16 Feb 2001 07:24:43 -0800 (PST) Received: from kensei (IDENT:root@localhost [127.0.0.1]) by mail.ben-tech.com (8.11.2/8.11.0) with SMTP id f1GFNww29488 for ; Fri, 16 Feb 2001 10:23:59 -0500 From: "Bennett Samowich" To: sage-members@usenix.org Subject: On-Call compensation Date: Fri, 16 Feb 2001 10:24:23 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-sage-members@usenix.org Precedence: bulk Greets, Just curious if it is common for administrators to be compensated for being "on-call" or not, and if so, what is a typical compensation? We have another situation brewing and I am starting to line up my proverbial ducks. Cheers, - Bennett From sage-members-owner@usenix.org Fri Feb 16 10:22:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1GIFSq00368 for sage-members-outgoing; Fri, 16 Feb 2001 10:15:28 -0800 (PST) Received: from saturn.nationwide.com (saturn.nationwide.com [198.8.253.8]) by usenix.org (8.11.0/8.11.0) with SMTP id f1GIFQ900363; Fri, 16 Feb 2001 10:15:26 -0800 (PST) Received: from smoke.ent.nwie.net by saturn.nationwide.com (SMTP Gateway) with SMTP id NAA12883; Fri, 16 Feb 2001 13:15:04 -0500 Received: from ddcsrv46.ent.nwie.net by smoke.ent.nwie.net with ESMTP id f1GIF3i27147; Fri, 16 Feb 2001 13:15:03 -0500 (EST) Subject: Re: On-Call compensation To: sage-members@usenix.org Cc: owner-sage-members@usenix.org, sage-members@usenix.org X-Mailer: Lotus Notes Release 5.0.4a July 24, 2000 Message-Id: From: friedlm@nationwide.com Date: Fri, 16 Feb 2001 13:15:02 -0500 X-Mimetrack: Serialize by Router on EntDDCMTA01/SRV/NWIE(Release 5.0.4a |July 24, 2000) at 02/16/2001 01:15:03 PM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-sage-members@usenix.org Precedence: bulk We have pay for on-call $20 a day then if we receive a page out side 'normal' working hours we receive and additional $30 a day. So there is potential for $50 a day on-call. - Marsha "Bennett Samowich" To: sage-members@usenix.org Sent by: cc: owner-sage-members@ bcc: usenix.org Subject: On-Call compensation 02/16/01 10:24 AM Greets, Just curious if it is common for administrators to be compensated for being "on-call" or not, and if so, what is a typical compensation? We have another situation brewing and I am starting to line up my proverbial ducks. Cheers, - Bennett From sage-members-owner@usenix.org Fri Feb 16 10:23:43 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1GIKOi00406 for sage-members-outgoing; Fri, 16 Feb 2001 10:20:24 -0800 (PST) Received: from pianosa.catch22.org (postfix@dsl081-048-019.dsl-isp.net [64.81.48.19]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GIKN900400 for ; Fri, 16 Feb 2001 10:20:23 -0800 (PST) Received: by pianosa.catch22.org (Postfix, from userid 1020) id 114021761; Fri, 16 Feb 2001 10:20:06 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by pianosa.catch22.org (Postfix) with ESMTP id F3207370B; Fri, 16 Feb 2001 10:20:05 -0800 (PST) Date: Fri, 16 Feb 2001 10:20:05 -0800 (PST) From: Benjy Feen X-Sender: To: sage-members@usenix.org Cc: Subject: Re: On-Call compensation In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk > Just curious if it is common for administrators to be compensated for being > "on-call" or not, and if so, what is a typical compensation? Some companies have a pro-rated pay scale for night or weekend hours spent oncall. Others have formal perks set up, like getting comp time. Others have informal perks, like getting to sleep in as late as you want while oncall nights. Others tell you from the start that the job involves oncall time and that your compensation takes that into account. I think the appropriate (and common) form is to give you time away from daily work hours if you've been oncall. (Rant follows.) Work is a trade of your time, mind (mental health) and body (physical health) in exchange for some kind of value. If someone wants your mind and body for 45 hours a week, they need to give you things that make it an acceptable trade. If they want more of your time or want to begin consuming more of your mind or body, then they need to offer value to you that makes sense. I worked for a company that offered compensation in tangible and intangible ways in levels that would drive people to give up levels of time, body, and mind that were not sustainable without the anaesthetic effect of the compensation. It was a lose-lose situation. So, in short, if someone wants you to go on call, but doesn't make it worth doing, then you'll either quit or they'll run themselves into a situation where they'll come to depend on your willingness to work for no additional value with higher levels of personal investment, which means they'll be harder hit by the effects of the delayed rebound effect when you finally snap and urinate into the air intakes of every single production system in the company. WARNING: DISCONNECT EQUIPMENT FROM POWER SUPPLY AND DISCHARGE ANY CAPACITORS BEFORE URINATING INTO ELECTRICAL DEVICES. CONSUME ELECTROLYTIC REPLACEMENT BEVERAGES TO AVOID DEHYDRATION DURING EXTENDED PERIODS OF FORCED URINATION FOR PURPOSES OF UNAMBIGUOUS COMMUNICATION OF JOB DISSATISFACTION/VOLUNTARY NOTICE OF TERMINATION OF EMPLOYMENT. -- Benjy Feen benjy(AT)feen.com http://www.monkeybagel.com From sage-members-owner@usenix.org Fri Feb 16 10:38:16 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1GIYSE00544 for sage-members-outgoing; Fri, 16 Feb 2001 10:34:28 -0800 (PST) Received: from thomas.byzantium.com ([62.232.10.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GIYQ900540 for ; Fri, 16 Feb 2001 10:34:26 -0800 (PST) Received: from host213-123-67-18.dialup.lineone.co.uk ([213.123.67.18] helo=chocolate) by thomas.byzantium.com with smtp (Exim 3.22 #1) id 14TpfL-0002PW-00 for sage-members@usenix.org; Fri, 16 Feb 2001 18:31:36 +0000 Message-ID: <005001c09847$22eaff60$12437bd5@chocolate> From: "Edward Rolison" To: sage-members@usenix.org References: Subject: Re: On-Call compensation Date: Fri, 16 Feb 2001 18:34:41 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 Sender: owner-sage-members@usenix.org Precedence: bulk ----- Original Message ----- From: Bennett Samowich To: Sent: Friday, February 16, 2001 3:24 PM Subject: On-Call compensation > Greets, > > Just curious if it is common for administrators to be compensated for being > "on-call" or not, and if so, what is a typical compensation? > > We have another situation brewing and I am starting to line up my proverbial > ducks. This issue has recently reared it's ugly head at my place of work. Us systems people have been told 'you will do it'. We feel that this is somewhat offensive, especially since they are considering 1 week in 3 to be a reasonable rotation. Oh, uncompensated of course. An initial discussion, was that we would feel that either 5 days holiday per week on call, or 1/4 of our montly salary would be a reasonable compensation. If they aren't prepared to do so, then we aren't prepared to be on call. Of course, when this was pointed out, we got big shouty shouty, and pointed out that our contract says 'other hours from time to time as may reasonably be expected'. I may be alone in this, but I consider 1 week in 3 and 24 hours on call to be neither from time to time, or reasonable. (In my book, reasonable is sticking around for a few hours after work if there's a problem) So I too would be interested in finding out what the 'going rate' for such a thing is. Thanks, and Regards, Ed From sage-members-owner@usenix.org Fri Feb 16 10:50:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1GIlUp00708 for sage-members-outgoing; Fri, 16 Feb 2001 10:47:30 -0800 (PST) Received: from thalia.fm.intel.com (fmfdns02.fm.intel.com [132.233.247.11]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GIlT900704 for ; Fri, 16 Feb 2001 10:47:29 -0800 (PST) Received: from SMTP (fmsmsxvs02-1.fm.intel.com [132.233.42.202]) by thalia.fm.intel.com (8.9.1a+p1/8.9.1/d: relay.m4,v 1.35 2001/02/12 09:03:45 smothers Exp $) with SMTP id SAA22411; Fri, 16 Feb 2001 18:47:07 GMT Received: from fmsmsx29.FM.INTEL.COM ([132.233.48.29]) by 132.233.48.202 (Norton AntiVirus for Internet Email Gateways 1.0) ; Fri, 16 Feb 2001 18:47:06 0000 (GMT) Received: by fmsmsx29.fm.intel.com with Internet Mail Service (5.5.2650.21) id <1RTCAH8D>; Fri, 16 Feb 2001 10:47:05 -0800 Message-ID: From: "Bailey, Glenn R" To: sage-members@usenix.org Subject: RE: On-Call compensation Date: Fri, 16 Feb 2001 10:47:02 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk Hi! We do compensate admins who "volunteer" to be in the on-call rotation. It is a set amount for each weeknight or weekend. However, the senior level admins whose job description includes second/third level escalation handling are not "allowed" to volunteer for the rotation. They may not have to be the one answering the page/call - but they may be called upon to deal with an issue beyond the capabilities of the junior/intermediate admin who takes the call. Being in their job description, they don't get extra pay - but they ARE compensated higher for the skills they bring to the table for dealing with emergencies in a timely manner. Glenn Bailey Sr. Unix/Linux Support Engineer NW Engineering Computing -----Original Message----- From: Bennett Samowich [mailto:brs@ben-tech.com] Sent: Friday, February 16, 2001 7:24 AM To: sage-members@usenix.org Subject: On-Call compensation Greets, Just curious if it is common for administrators to be compensated for being "on-call" or not, and if so, what is a typical compensation? We have another situation brewing and I am starting to line up my proverbial ducks. Cheers, - Bennett From sage-members-owner@usenix.org Fri Feb 16 12:31:44 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1GKQQh01393 for sage-members-outgoing; Fri, 16 Feb 2001 12:26:26 -0800 (PST) Received: from fw2.tek.com (fw2.tek.com [192.65.17.17]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GKQP901389 for ; Fri, 16 Feb 2001 12:26:25 -0800 (PST) Received: from fw2-internal.tek.com (root@localhost) by fw2.tek.com with ESMTP id MAA07954 for ; Fri, 16 Feb 2001 12:26:03 -0800 (PST) Received: from mailhub.opbu.xerox.com (mailhub.opbu.xerox.com [13.62.6.81]) by fw2-internal.tek.com with ESMTP id MAA07950 for ; Fri, 16 Feb 2001 12:26:03 -0800 (PST) Received: from usawvas36.opbu.xerox.com (UsaWvAS36.opbu.xerox.com [13.62.3.98]) by mailhub.opbu.xerox.com (8.9.3+Sun/8.9.3) with SMTP id MAA08528 for ; Fri, 16 Feb 2001 12:26:03 -0800 (PST) Received: FROM filtronix.opbu.xerox.com BY usawvas36.opbu.xerox.com ; Fri Feb 16 12:26:03 2001 -0800 Received: from usawvbh01.opbu.xerox.com (UsaWvBH01.opbu.xerox.com [13.62.3.133]) by filtronix.opbu.xerox.com (8.8.8+Sun/8.8.8) with ESMTP id MAA03354 for ; Fri, 16 Feb 2001 12:23:23 -0800 (PST) Received: by UsaWvBH01.opbu.xerox.com with Internet Mail Service (5.5.2653.19) id <1XWYMVHK>; Fri, 16 Feb 2001 12:23:23 -0800 Message-ID: From: "Ravenwood, Tyler" To: sage-members@usenix.org Subject: RE: On-Call compensation Date: Fri, 16 Feb 2001 12:23:22 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-sage-members@usenix.org Precedence: bulk I have worked at organizations with various philosophies about on-call compensation. Most of the time, salaried employees were considered to be on-call 24x7 with no compensation. Other locations gave a flat fee. Yet another location gave 1 hour of compensation pay per on-call evening and 2.5 hours on a weekend day, whether you were called or not. Another was to give compensation time-off for actual hours worked. I think you will probably find as many compensation schemas as there are opinions about it. Good Luck! Tyler Ravenwood > -----Original Message----- > From: Bennett Samowich [SMTP:brs@ben-tech.com] > Sent: Friday, February 16, 2001 7:24 AM > To: sage-members@usenix.org > Subject: On-Call compensation > > Greets, > > Just curious if it is common for administrators to be compensated for > being > "on-call" or not, and if so, what is a typical compensation? > > We have another situation brewing and I am starting to line up my > proverbial > ducks. > > Cheers, > - Bennett From sage-members-owner@usenix.org Fri Feb 16 12:48:42 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1GKiHj01556 for sage-members-outgoing; Fri, 16 Feb 2001 12:44:17 -0800 (PST) Received: from [131.106.3.60] (quark.usenix.org [131.106.3.60]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GKiG901552 for ; Fri, 16 Feb 2001 12:44:16 -0800 (PST) Mime-Version: 1.0 X-Sender: gale@mail.usenix.org Message-Id: Date: Fri, 16 Feb 2001 12:47:24 -0800 To: sage-members@usenix.org From: Gale Berkowitz Subject: SAGE election results Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk The results of the election for the seven SAGE Executive Committee positions (and the number of votes received) for the 2001-2002 term are as follows: Barbara Dijker (492) Geoff Halprin (447) Peg Schafer (399) Trey Harris (356) Strata Chalup (333) Tim Gassaway (328) David Parter (324) Not elected: John Sellens (302) Bryan C. Andregg (278) Andres Silva (242) Total number of SAGE members eligible to vote: 4861 Total number of votes cast: 606 Number of postal ballots: 3 Response rate: 12.5% The newly elected SAGE Executive Committee members will meet in Berkeley, California, on March 9-10, 2001. The SAGE Executive Committee will choose its own officers at this meeting. The results can also be found at: http://www.usenix.org/sage/election01/index.html. From sage-members-owner@usenix.org Fri Feb 16 13:10:12 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1GL5Zd01748 for sage-members-outgoing; Fri, 16 Feb 2001 13:05:35 -0800 (PST) Received: from mail.cuug.ab.ca (sparc250.cuug.ab.ca [192.75.191.250]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GL5T901744 for ; Fri, 16 Feb 2001 13:05:34 -0800 (PST) Received: (from uucp@localhost) by mail.cuug.ab.ca (8.9.3/8.9.3) id OAA29077 for ; Fri, 16 Feb 2001 14:04:24 -0700 (MST) Received: from UNKNOWN(192.75.191.7), claiming to be "igor.cuug.ab.ca" via SMTP by sparc250, id smtpdz30227; Fri Feb 16 14:04:17 2001 Received: from localhost (dorfsmay@localhost) by igor.cuug.ab.ca (8.9.3/8.9.3) with ESMTP id OAA31561 for ; Fri, 16 Feb 2001 14:04:40 -0700 X-Authentication-Warning: igor.cuug.ab.ca: dorfsmay owned process doing -bs Date: Fri, 16 Feb 2001 14:04:40 -0700 (MST) From: Yves Dorfsman To: sage-members@usenix.org Subject: Re: On-Call compensation In-Reply-To: <005001c09847$22eaff60$12437bd5@chocolate> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Fri, 16 Feb 2001, Edward Rolison wrote: > I may be alone in this, but I consider 1 week in 3 and 24 hours on call to > be neither from time to time, or reasonable. Agreed. I am a contractor, so I don't face the problem. But usually the discussion end up being how much and how to pay. My take on this is that I tried to see it as an employer wanting the service while respecting the employees. If I had a company where it is important that somebody comes in if the computers stop working, here is what I would do and why: I would pay a lot of money (300$) to the person on call for being on call, but not for the hours worked. I f an employee has to work a lot during the night, then I wouldn't say too much if he/she is late in the morning. The reasoning is that the employee who looks after a system and his paid weel (respected) for being on call will both be available if there is a problem, but will make sure (as much as possible) that no problems happen, since he/she doesn't get paid for coming in and fixing it. You have to be carrefull what behaviour you are driving for when you set "rewards". I have seen pretty disgusting and insulting policies on some sites I worked at, and I think it is because the company see the problem as a loyalty problem, as opposed as a service that should be paid for. When talking with the employer, you might want to bring up the notion of service and value to the company. How much would they be prepared to pay an external consultant to do it ? May be go fishing for prices with consulting firms that do this sort of services. Yves. ---- Yves Dorfsman dorfsmay@cuug.ab.ca http://www.cuug.ab.ca/~dorfsmay From sage-members-owner@usenix.org Fri Feb 16 14:46:47 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1GMelA02346 for sage-members-outgoing; Fri, 16 Feb 2001 14:40:47 -0800 (PST) Received: from mx1.colltech.com (ausproxy.colltech.com [208.229.236.19]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GMek902342 for ; Fri, 16 Feb 2001 14:40:46 -0800 (PST) Received: from mail2.colltech.com (mail2.colltech.com [208.229.236.41]) by mx1.colltech.com (8.9.3/8.9.3/not) with ESMTP id QAA18411 for ; Fri, 16 Feb 2001 16:40:24 -0600 Received: from brass (cr676056-a.abtsfd1.bc.wave.home.com [24.113.62.140]) by mail2.colltech.com (8.9.3/8.9.3/not) with SMTP id QAA19187 for ; Fri, 16 Feb 2001 16:40:22 -0600 Message-ID: <000301c09868$e90c6be0$8c3e7118@dazel.com> From: "Rob Janzen" To: sage-members@usenix.org References: Subject: Re: On-Call compensation Date: Fri, 16 Feb 2001 13:30:27 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-sage-members@usenix.org Precedence: bulk What I have seen in the past that seemed to work was a set amount for being on call (on the order of $20 / day), with a premium payed if you were actually contacted. If you were contacted, it was considered time and a half, for a minimum of three hours (regardless of the length of the call). The department who placed the call was internally billed for the overtime. If you wished, you could take the time off the next day (straight time) in lieu of the overtime pay. So if you were contacted at 3am, you could show up late the next day. And finally, if it wasn't a 'production-down' problem, you could tell the user that it would be dealt with the next day. On-call was *only* for production-down problems. (And the user was still billed for the call) Another approach I have heard of is that you receive 25% of the on-call time you work as time off. My attitude towards on-call work is that it is reasonable for work to try to contact you after-hours if there is a crisis / emergency that needs to be dealt with, but at such time as your job has changed to include regularily scheduled on-call work they need to change your compensation to include this. When you are on call, you are constrained on the things that you are able to do and where you can go as you need to be available if you are contacted. If I go to a movie, I may be called out in the middle of it. I can't go to my friends who live out of cell / pager coverage areas. On Friday night, I can't go out drinking with friends. These are significant lifestyle issues which need to be discussed with management. Taking the weekends as an example, I quite often leave the city for the weekend and am out of pager / cell phone range. If work has an important roll-out or upgrade, I don't mind staying around for ONE weekend in case there are problems. I would view staying around for one weekend a month because management does not want to create and staff a proper support structure is a problem. Rob Janzen From sage-members-owner@usenix.org Fri Feb 16 16:05:23 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1GNxvX02802 for sage-members-outgoing; Fri, 16 Feb 2001 15:59:57 -0800 (PST) Received: from paladin.globnix.org (paladin.globnix.org [195.11.247.40]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GNxt902798 for ; Fri, 16 Feb 2001 15:59:55 -0800 (PST) Received: by paladin.globnix.org with local id 14Tumn-0004Q1-00 for sage-members@usenix.org; Fri, 16 Feb 2001 23:59:37 +0000 Date: Sat, 17 Feb 2001 00:59:37 +0100 From: Phil Pennock To: sage-members@usenix.org Subject: Re: On-Call compensation Message-ID: <20010217005937.A18050@globnix.org> Mail-Followup-To: sage-members@usenix.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from brs@ben-tech.com on Fri, Feb 16, 2001 at 10:24:23AM -0500 Organisation: Organisation? Here? No, over there ----> X-NIC-Handles: COCO-149560 COCO-456268 COCO-374186 (ignore PP8185) X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine and mine alone. Such views do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. X-Phase-of-Moon: The Moon is Waning Crescent (32% of Full) X-No-Archive: yes Sender: owner-sage-members@usenix.org Precedence: bulk On 2001-02-16 at 10:24 -0500, Bennett Samowich gifted us with: > Just curious if it is common for administrators to be compensated for being > "on-call" or not, and if so, what is a typical compensation? Two scenarios, both in one ISP but in different countries with different NOC structures. In the Netherlands, it's a small NOC, 8 sysadmin, four of whom perform callout duty. One week in four is on call, compensation being flat-rate 75 NL Guilders /day, or 150/day at weekends. About 2.2 NLG to the dollar. In this situation, the sysadmin on duty are assumed to have reasonable competence in all of the critical systems and where there's something lacking they can call on the others for help, including the boss (NOC Manager is strongly technical - started me on kernel debugging). Escalation if unable to reach person on call has a defined order. Incidents requiring physical presence typically involve me being nice because I live near the office, otherwise it's the boss. In the UK, the NOC is larger with clearly defined teams with separate responsibilities. Each team has two to four people who may be on service protection duty. It's typically one day on at a time, not one week. Escalation is via others in the group. All staff on duty are required to live near the NOC; prior to more common broadband, staff received free baseband, not sure now. Company laptop for remote administration. Compensation is 12.5% of salary, not calculated on a day-by-day basis, but just flat 12.5% across the board. Does this provide some ammo? -- Common sense is the collection of prejudices acquired by age eighteen -- Einstein From sage-members-owner@usenix.org Fri Feb 16 17:12:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1H17SZ03242 for sage-members-outgoing; Fri, 16 Feb 2001 17:07:28 -0800 (PST) Received: from gwyn.tux.org (ident-user@gwyn.tux.org [207.96.122.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1H17R903238 for ; Fri, 16 Feb 2001 17:07:27 -0800 (PST) Received: (from jsdy@localhost) by gwyn.tux.org (8.9.3/8.9.1) id UAA17536; Fri, 16 Feb 2001 20:06:55 -0500 Date: Fri, 16 Feb 2001 20:06:55 -0500 From: Joseph S D Yao To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: On-Call compensation Message-ID: <20010216200655.K20732@gwyn.tux.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from brs@ben-tech.com on Fri, Feb 16, 2001 at 10:24:23AM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk On Fri, Feb 16, 2001 at 10:24:23AM -0500, Bennett Samowich wrote: > Greets, > > Just curious if it is common for administrators to be compensated for being > "on-call" or not, and if so, what is a typical compensation? > > We have another situation brewing and I am starting to line up my proverbial > ducks. > > Cheers, > - Bennett As folks have said, different companies work it different ways. Granted, those who are salaried are NOT paid per-hour, technically; but are paid for getting a fixed piece of work done. However, if that fixed piece of work involved being on-call, that should have been made explicit before anyone took the job - and there should be specific compensation for it. If management is trying to tack it on, as a "small" add-on to your tasks - don't let them do it. Being on call for anything, even if you never get called, is somewhat of a strain. You need to take your car with your gear in it, instead of driving with the rest of your family. You need to make sure you don't schedule vital events [no laser surgery ;-)]. You need to make sure that you keep a battery in the pager, or keep it in the re-charger, that you take it with you to the bathroom in the morning, and that it's loud enough to wake you at night. If you need extra staff to cover night hours, that's a fight that's hard to win, but do try to fight it. On the other hand, if this is only for those truly occasional times when something goes bad simultaneously with it being the worst time for something to go bad, then I wouldn't mind having my telephone number available to those who might need help. As long as it wasn't abused. -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/ From sage-members-owner@usenix.org Sat Feb 17 12:53:43 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1HKgrP05121 for sage-members-outgoing; Sat, 17 Feb 2001 12:42:53 -0800 (PST) Received: from eamail1-out.unisys.com (eamail1-out.unisys.com [192.61.61.99]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1HKgp905117 for ; Sat, 17 Feb 2001 12:42:52 -0800 (PST) Received: from us-ea-gtwy-4.ea.unisys.com (us-ea-gtwy-4.ea.unisys.com [192.61.146.122]) by eamail1-out.unisys.com (8.9.3/8.9.3) with ESMTP id UAA06506 for ; Sat, 17 Feb 2001 20:42:05 GMT Received: by us-ea-gtwy-4.ea.unisys.com with Internet Mail Service (5.5.2650.21) id <180DNJG0>; Sat, 17 Feb 2001 14:42:33 -0600 Message-ID: <4D436812116AD311B43B00104B9DF3B6C94814@US-CPT-EXCH-2.plpt.com> From: "Company, Paul J." To: sage-members@usenix.org Subject: RE: On-Call compensation Date: Sat, 17 Feb 2001 14:42:32 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk At Unisys Corp., you get $180, $220 or $260/wk depending on various factors (if holidays are involved etc.) Also, this is both a legal matter and an ethical one. Specifically, in the US, it's a Department of Labor (DOL)issue. Read these URLs they anwer questions like "How many hours can employees be forced to work?" http://www.dol.gov/dol/esa/public/minwage/america.htm http://www.wagelaw.com/newlaw.htm http://www.fwlli.com/ca_ot_law.htm http://www.dir.ca.gov/labor_law.html http://www.fairmeasures.com/overtime.html Find out what your state's or country's laws are! The law in many place put no restrictions on how many hours a company an force you to work. That bastion of liberalism, California, does have a limit on how many hours a week you can be required to work: 72. After that, you're free to leave. And, of course, it's not just about being legal, it's about applying justice = being fair and equitable...remember those qualities. ;-) --paul From sage-members-owner@usenix.org Mon Feb 19 16:47:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1K0bkZ10744 for sage-members-outgoing; Mon, 19 Feb 2001 16:37:46 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1K0bkU10739 for sage-members@usenix.org; Mon, 19 Feb 2001 16:37:46 -0800 (PST) Received: from pobox.cs.mcgill.ca (pobox.CS.McGill.CA [132.206.51.249]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GGog929496 for ; Fri, 16 Feb 2001 08:50:42 -0800 (PST) Received: from nova.cs.mcgill.ca (nova.CS.McGill.CA [132.206.51.245]) by pobox.cs.mcgill.ca (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id LAA05046; Fri, 16 Feb 2001 11:50:25 -0500 Received: from localhost (maclean@localhost) by nova.cs.mcgill.ca (8.8.8+Sun/8.8.8) with SMTP id LAA09120; Fri, 16 Feb 2001 11:50:23 -0500 (EST) X-Authentication-Warning: nova.cs.mcgill.ca: maclean owned process doing -bs Date: Fri, 16 Feb 2001 11:50:23 -0500 (EST) From: Matthew SAMS To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: On-Call compensation In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Fri, 16 Feb 2001, Bennett Samowich wrote: > Just curious if it is common for administrators to be compensated for being > "on-call" or not, and if so, what is a typical compensation? One hour for every day that you carry. For every page: 1.5 hours for every telephone response, 2.5 hours for every on-site call Overtime at 1.5 times hourly rate for any time spent in excess of the 1.5/2.5 allotment. You must be able to respond within 1 hour. This means you must be within 1 hour of the office, physically.. It's actually not much fun to be chained to the city for almost every day of the year since pagers don't get rotated. Supervisors and above are required to carry pagers but are not compensated. Even when they are more than just escalation points. :-( -Matthew From sage-members-owner@usenix.org Mon Feb 19 16:51:50 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1K0liq10814 for sage-members-outgoing; Mon, 19 Feb 2001 16:47:44 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1K0leB10804 for sage-members@usenix.org; Mon, 19 Feb 2001 16:47:40 -0800 (PST) Received: from adios.duckland.org (ip125.110.136.216.in-addr.arpa [216.136.110.125] (may be forged)) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GIC0900314 for ; Fri, 16 Feb 2001 10:12:10 -0800 (PST) Received: (from duck@localhost) by adios.duckland.org (8.11.2/8.11.2) id f1GHCqW01302; Fri, 16 Feb 2001 12:12:52 -0500 Date: Fri, 16 Feb 2001 12:12:52 -0500 From: Don Duck Harper To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: On-Call compensation Message-ID: <20010216121251.D1178@duckland.org> Reply-To: Don Duck Harper References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from brs@ben-tech.com on Fri, Feb 16, 2001 at 10:24:23AM -0500 X-No-Archive: yes X-WARNING1: Pursuant to US Code. Title 47. Chapter 5. Subchapter, X-WARNING2: II. Sec. 227. any and all nonsolicited commercial E-mail, X-WARNING3: sent to this address is subject to a download and archival, X-WARNING4: fee in the amount of $500 US. E-mailing denotes acceptance, X-WARNING5: of these terms. Sender: owner-sage-members@usenix.org Precedence: bulk On Fri, Feb 16, 2001 at 10:24:23AM -0500, Bennett Samowich wrote to To sage-members@usenix.org: :-) Greets, :-) :-) Just curious if it is common for administrators to be compensated for being :-) "on-call" or not, and if so, what is a typical compensation? :-) :-) We have another situation brewing and I am starting to line up my proverbial :-) ducks. At my last three employeers ( two consulting firms, one as a FTE ), the pratice was to track the time. At job #1 & #2, I got OT pay, at #3, I got comp time. It went like this: M-F 8a - 6p - normal coverage 6p - 11p - min time recorded, 1 hours, .5 hours increments. 11p - 7 a - min time recorded, 2 hours, 1 hour increments. S-S - min time recorded, 2 hours, 1 hour increments. If I had to get into the car, it was min. 4 hours recorded. Current gig, serious amount of flex time ( gotta love start ups. :), but I knew I was signing up for 24x7 solo support here. YMMV. Duck[1] [1] That's one duck for your row. :) -- Don Harper work: don@mpv.com Senior Systems Manager http://www.mpv.com Medical Present Value, Inc. +01-512-795-0015x201 From sage-members-owner@usenix.org Mon Feb 19 16:52:45 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1K0mfS10833 for sage-members-outgoing; Mon, 19 Feb 2001 16:48:41 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1K0mfC10828 for sage-members@usenix.org; Mon, 19 Feb 2001 16:48:41 -0800 (PST) Received: from ertpg14e1.nortelnetworks.com (ertpg14e1.nortelnetworks.com [47.234.0.35]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1GLVl901912 for ; Fri, 16 Feb 2001 13:31:47 -0800 (PST) Received: from zsc4c000.us.nortel.com by ertpg14e1.nortelnetworks.com; Fri, 16 Feb 2001 16:00:55 -0500 Received: by zsc4c000.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 16 Feb 2001 13:00:54 -0800 Message-ID: From: "Joseph Yuska" To: sage-members@usenix.org Cc: "'sage-members@usenix.org'" Subject: RE: On-Call compensation Date: Fri, 16 Feb 2001 13:00:50 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0985B.8AF63110" Sender: owner-sage-members@usenix.org Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0985B.8AF63110 Content-Type: text/plain; charset="iso-8859-1" > -----Original Message----- > From: Edward Rolison [mailto:ed.rolison@byzantium.com] > Sent: Friday, February 16, 2001 1:35 PM > To: sage-members@usenix.org > Subject: Re: On-Call compensation > > > > ----- Original Message ----- > From: Bennett Samowich > To: > Sent: Friday, February 16, 2001 3:24 PM > Subject: On-Call compensation > > > > Greets, > > > > Just curious if it is common for administrators to be > compensated for > being > > "on-call" or not, and if so, what is a typical compensation? > > > > We have another situation brewing and I am starting to line up my > proverbial > > ducks. > > This issue has recently reared it's ugly head at my place of work. Us > systems people have been told 'you will do it'. We feel that this is > somewhat offensive, especially since they are considering 1 > week in 3 to be > a reasonable rotation. > Oh, uncompensated of course. > An initial discussion, was that we would feel that either 5 > days holiday per > week on call, or 1/4 of our montly salary would be a reasonable > compensation. If they aren't prepared to do so, then we > aren't prepared to > be on call. > Of course, when this was pointed out, we got big shouty > shouty, and pointed > out that our contract says 'other hours from time to time as > may reasonably > be expected'. > I may be alone in this, but I consider 1 week in 3 and 24 > hours on call to > be neither from time to time, or reasonable. > (In my book, reasonable is sticking around for a few hours > after work if > there's a problem) > I've worked in both compensated and non-compensated environments with on-call arangements. In the non-compensated ones they were decent enough to tell me this up front, and salary negotiations proceeded accordingly. When working as a contractor, I usually got a two-hour minimum for being called, with no "retainer". This didn't bother me, because I'm not the type to lose sleep waiting for the beeper to go off. This arrangement also tends to minimize frivolous calls. The two occasions where we had the rotation when I was full-time, there was a 10% differential built into the salary structure for wearing the beeper. Again, all up front, right in the personnel policy book. Changing the rules in midstream and expecting freebies would color my opinion of the management deeply, and have me setting new searches on monster.com fairly quickly. Joe Yuska ------_=_NextPart_001_01C0985B.8AF63110 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: On-Call compensation

> -----Original Message-----
> From: Edward Rolison [mailto:ed.rolison@byzantium.com= ]
> Sent: Friday, February 16, 2001 1:35 PM
> To: sage-members@usenix.org
> Subject: Re: On-Call compensation
>
>
>
> ----- Original Message -----
> From: Bennett Samowich = <brs@ben-tech.com>
> To: <sage-members@usenix.org>
> Sent: Friday, February 16, 2001 3:24 PM
> Subject: On-Call compensation
>
>
> > Greets,
> >
> > Just curious if it is common for = administrators to be
> compensated for
> being
> > "on-call" or not, and if so, = what is a typical compensation?
> >
> > We have another situation brewing and I am = starting to line up my
> proverbial
> > ducks.
>
> This issue has recently reared it's ugly head = at my place of work. Us
> systems people have been told 'you will do it'. = We feel that this is
> somewhat offensive, especially since they are = considering 1
> week in 3 to be
> a reasonable rotation.
> Oh, uncompensated of course.
> An initial discussion, was that we would feel = that either 5
> days holiday per
> week on call, or 1/4 of our montly salary would = be a reasonable
> compensation. If they aren't prepared to do so, = then we
> aren't prepared to
> be on call.
> Of course, when this was pointed out, we got = big shouty
> shouty, and pointed
> out that our contract says 'other hours from = time to time as
> may reasonably
> be expected'.
> I may be alone in this, but I consider 1 week = in 3 and 24
> hours on call to
> be neither from time to time, or = reasonable.
> (In my book, reasonable is sticking around for = a few hours
> after work if
> there's a problem)
>
I've worked in both compensated and non-compensated = environments with on-call arangements.  In the non-compensated = ones they were decent enough to tell me this up front, and salary = negotiations proceeded accordingly.

When working as a contractor, I usually got a  = two-hour minimum for being called, with no "retainer".  = This didn't bother me, because I'm not the type to lose sleep waiting = for the beeper to go off.  This arrangement also tends to minimize = frivolous calls.

The two occasions where we had the rotation when I = was full-time, there was a 10% differential built into the salary = structure for wearing the beeper.  Again, all up front, right in = the personnel policy book.

Changing the rules in midstream and expecting = freebies would color my opinion of the management deeply, and have me = setting new searches on monster.com fairly quickly.


Joe Yuska

------_=_NextPart_001_01C0985B.8AF63110-- From sage-members-owner@usenix.org Tue Feb 20 08:42:02 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KGauG12923 for sage-members-outgoing; Tue, 20 Feb 2001 08:36:56 -0800 (PST) Received: from kestrel.octaldream.com (kestrel.octaldream.com [204.201.111.9]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KGat912919 for ; Tue, 20 Feb 2001 08:36:55 -0800 (PST) Received: (from scottm@localhost) by kestrel.octaldream.com (8.11.1/8.11.1) id f1KGabb18289 for sage-members@usenix.org; Tue, 20 Feb 2001 08:36:37 -0800 (PST) (envelope-from scottm) Date: Tue, 20 Feb 2001 08:36:37 -0800 From: Scott McDermott To: sage-members@usenix.org Subject: Re: SAGE election results Message-ID: <20010220083636.A18079@octaldream.com> Mail-Followup-To: sage-members@usenix.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from gale@usenix.org on Fri, Feb 16, 2001 at 12:47:24PM -0800 X-Archive-No: Yes Sender: owner-sage-members@usenix.org Precedence: bulk On Fri, Feb 16, 2001, a militant turtle forced Gale Berkowitz to say: > > Total number of SAGE members eligible to vote: 4861 > Total number of votes cast: 606 > Number of postal ballots: 3 > Response rate: 12.5% How does this turnout compare with past elections? -- Scott McDermott Unix Dude From sage-members-owner@usenix.org Tue Feb 20 10:49:28 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KIjKY14082 for sage-members-outgoing; Tue, 20 Feb 2001 10:45:20 -0800 (PST) Received: from raptor-qfe0.answerfinancial.com ([208.236.100.231]) by usenix.org (8.11.0/8.11.0) with SMTP id f1KIjJ914076 for ; Tue, 20 Feb 2001 10:45:19 -0800 (PST) Received: from [10.2.0.11] by raptor-qfe0.answerfinancial.com via smtpd (for voyager.usenix.org [131.106.3.1]) with SMTP; 20 Feb 2001 18:39:57 UT Received: by US-CP-ML02 with Internet Mail Service (5.5.2650.21) id ; Tue, 20 Feb 2001 10:45:06 -0800 Message-ID: <71E57122D51BD311AFB800A0C9F49861025F6851@mail-cpk> From: Todd Williams To: sage-members@usenix.org Subject: RE: On-Call compensation Date: Tue, 20 Feb 2001 10:45:05 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk Phil Pennock said: > > In the UK, the NOC is larger with clearly defined teams with separate > responsibilities. Each team has two to four people who may be on > service protection duty. It's typically one day on at a time, not one > week. Escalation is via others in the group. All staff on duty are > REQUIRED TO LIVE NEAR THE NOC... ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Wow. I'm not sure what this means. If I live far away, do I: a) not get hired b) not have to ever be on call c) get the company to buy me a house nearby Please explain. P.S. Not sure what the legal issues are about requiring an employee to live in a certain place! -Todd From sage-members-owner@usenix.org Tue Feb 20 11:01:42 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KIwgK14245 for sage-members-outgoing; Tue, 20 Feb 2001 10:58:42 -0800 (PST) Received: from denali.loopback.net (nat-pool.corp.redhat.com [199.183.24.200] (may be forged)) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KIwe914241 for ; Tue, 20 Feb 2001 10:58:40 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f1KIwD717932 for sage-members@usenix.org; Tue, 20 Feb 2001 13:58:13 -0500 Date: Tue, 20 Feb 2001 13:58:13 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Subject: Re: SAGE election results Message-ID: <20010220135813.H17413@redhat.com> References: <20010220083636.A18079@octaldream.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="WIIRZ1HQ6FgrlPgb" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010220083636.A18079@octaldream.com>; from scottm@octaldream.com on Tue, Feb 20, 2001 at 08:36:37AM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk --WIIRZ1HQ6FgrlPgb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 20, 2001 at 08:36:37AM -0800, Scott McDermott mailed: > On Fri, Feb 16, 2001, a militant turtle forced Gale Berkowitz to say: > > Total number of SAGE members eligible to vote: 4861 > > Total number of votes cast: 606 > > Number of postal ballots: 3 > > Response rate: 12.5% >=20 > How does this turnout compare with past elections? =46rom talking to some of the other candidates before the election this is pretty on par to a touch higher, if I recall correctly. --=20 Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary= ." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --WIIRZ1HQ6FgrlPgb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6kr5F5AZBSxmJOhkRAtdEAJ4tDhUYDsvax2aPAmCKG3QkoRLhcwCdEkTA XUh+VG9YFNOlg0nIN0zYcxc= =QV47 -----END PGP SIGNATURE----- --WIIRZ1HQ6FgrlPgb-- From sage-members-owner@usenix.org Tue Feb 20 11:16:21 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KJCpV14395 for sage-members-outgoing; Tue, 20 Feb 2001 11:12:51 -0800 (PST) Received: from paladin.globnix.org (paladin.globnix.org [195.11.247.40]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KJCl914391 for ; Tue, 20 Feb 2001 11:12:47 -0800 (PST) Received: by paladin.globnix.org with local id 14VICu-0006NH-00 for multiple recipients; Tue, 20 Feb 2001 19:12:16 +0000 Date: Tue, 20 Feb 2001 20:12:16 +0100 From: Phil Pennock To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: On-Call compensation Message-ID: <20010220201216.A22027@globnix.org> Mail-Followup-To: Todd Williams , sage-members@usenix.org References: <71E57122D51BD311AFB800A0C9F49861025F6851@mail-cpk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <71E57122D51BD311AFB800A0C9F49861025F6851@mail-cpk>; from twilliams@AnswerFinancial.com on Tue, Feb 20, 2001 at 10:45:05AM -0800 Organisation: Organisation? Here? No, over there ----> X-NIC-Handles: COCO-149560 COCO-456268 COCO-374186 (ignore PP8185) X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine and mine alone. Such views do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. X-Phase-of-Moon: The Moon is Waning Crescent (6% of Full) X-No-Archive: yes Sender: owner-sage-members@usenix.org Precedence: bulk On 2001-02-20 at 10:45 -0800, Todd Williams gifted us with: > Phil Pennock said: > > In the UK, the NOC is larger with clearly defined teams with separate > > responsibilities. Each team has two to four people who may be on > > service protection duty. It's typically one day on at a time, not one > > week. Escalation is via others in the group. All staff on duty are > > REQUIRED TO LIVE NEAR THE NOC... > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Wow. I'm not sure what this means. If I live far away, do I: > a) not get hired > b) not have to ever be on call > c) get the company to buy me a house nearby (b), but my knowledge is dated, given organisational changes and the introduction of ADSL. Note that this is North London, UK. Transport is awful and the cultural differences from the US (spread-out, cars for everything) combined with the average pay, etc, means that most of the sysadmin end up house-sharing. One of the benefits used to be staff baseband -- running a 2Mb link directly over copper. This involved being close to one of the sites, but all residents were then required to be staff members. As I said, my knowledge is dated. I suspect that things have changed. Certainly, the pay has gone up in the UK, so maybe more staff can afford not to have 4 to 5 people to a house. *shrugs* I live & work in Amsterdam. I like this. The UK can go run itself into the ground, for most of what I care -- the staff churn there has resulted in ... undesirable levels of clue. Every time they touch our systems they break something, especially when they shouldn't be touching in the first place but [ SNIP IMMINENT (off-topic) RANT ]. *sighs* When your ISP employer is bought out by an ex-monopoly telco, fear. Greatly. -- Don't question your elders. They have enough experience of the world to be able to lie convincingly and pretend to be your betters. From sage-members-owner@usenix.org Tue Feb 20 12:45:16 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KKfkJ15190 for sage-members-outgoing; Tue, 20 Feb 2001 12:41:46 -0800 (PST) Received: from denali.loopback.net (nat-pool.corp.redhat.com [199.183.24.200] (may be forged)) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KKfj915186 for ; Tue, 20 Feb 2001 12:41:45 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f1KKdKC18202; Tue, 20 Feb 2001 15:39:20 -0500 Date: Tue, 20 Feb 2001 15:39:20 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Password History Message-ID: <20010220153920.J17413@redhat.com> References: <200102201709.LAA03000@endeavor.ep.frco.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="bWEb1MG/o7IKOlQF" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102201709.LAA03000@endeavor.ep.frco.com>; from donna@ep.frco.com on Tue, Feb 20, 2001 at 11:09:47AM -0600 Sender: owner-sage-members@usenix.org Precedence: bulk --bWEb1MG/o7IKOlQF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 20, 2001 at 11:09:47AM -0600, Donna L Butler mailed: > 3) Better yet; does anyone have another solution for me, or at > least have a Solaris compiled version of "anlpasswd" or some > other tool. Have you considered using PAM to do this? Native PAM modules should automatically do the appropriate checking for strong passwords and for the most recent password (if using md5 passwords). Implementing a db that holds old passwords shouldn't be that hard. That said, keeping old paswords anywhere near a system that users have access to is dangerous for a variety of reasons I'm sure you've considered. --=20 Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary= ." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --bWEb1MG/o7IKOlQF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6ktX45AZBSxmJOhkRAsAhAJ4zgMq5WYiiBt8fWFsAVDiUTWav+wCdH0bm uXqE2FXNpqHVTdmPGeGMhcI= =Vi7Q -----END PGP SIGNATURE----- --bWEb1MG/o7IKOlQF-- From sage-members-owner@usenix.org Tue Feb 20 13:04:49 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KL1NJ15330 for sage-members-outgoing; Tue, 20 Feb 2001 13:01:23 -0800 (PST) Received: from mail.mirapoint.com (IDENT:mirapoint@mail.mirapoint.com [208.48.74.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KL1M915326 for ; Tue, 20 Feb 2001 13:01:22 -0800 (PST) Received: from virtual.net (dhcp100.mirapoint.com [192.168.4.100]) by mail.mirapoint.com (Mirapoint) with ESMTP id ACA32450; Tue, 20 Feb 2001 13:01:01 -0800 (PST) Message-ID: <3A92DC19.F84A33B2@virtual.net> Date: Tue, 20 Feb 2001 13:05:29 -0800 From: Strata Rose Chalup Reply-To: strata@virtual.net Organization: VirtualNet Consulting X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org CC: sage-members@usenix.org Subject: Re: SAGE election results References: <20010220083636.A18079@octaldream.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Scott, The notification I got after the election also included the following: ---- For the 1999-2000 SAGE election: Of the 4,337 ballots mailed, 656 were returned to us, for a return rate of 15%. One ballot was determined invalid and two abstained, making a total ballot count of 653. ---- Frankly, this sucks, and I think it means that we have a lot of work to do... Cheers, _Strata Scott McDermott wrote: > > On Fri, Feb 16, 2001, a militant turtle forced Gale Berkowitz to say: > > > > Total number of SAGE members eligible to vote: 4861 > > Total number of votes cast: 606 > > Number of postal ballots: 3 > > Response rate: 12.5% > > How does this turnout compare with past elections? > > -- > Scott McDermott > Unix Dude -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From sage-members-owner@usenix.org Tue Feb 20 13:05:16 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KL2Ro15338 for sage-members-outgoing; Tue, 20 Feb 2001 13:02:27 -0800 (PST) Received: from zia.aoc.NRAO.EDU (zia.aoc.nrao.edu [146.88.1.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KL2N915334 for ; Tue, 20 Feb 2001 13:02:24 -0800 (PST) Received: from schooner.aoc.nrao.edu (schooner [146.88.1.113]) by zia.aoc.NRAO.EDU (8.9.3/8.9.3) with ESMTP id OAA04577 for ; Tue, 20 Feb 2001 14:02:01 -0700 (MST) Received: (from rmilner@localhost) by schooner.aoc.nrao.edu (8.7.3/8.6.10) id OAA04204 for sage-members@usenix.org; Tue, 20 Feb 2001 14:02:00 -0700 (MST) Date: Tue, 20 Feb 2001 14:02:00 -0700 (MST) From: Ruth Milner Message-Id: <200102202102.OAA04204@schooner.aoc.nrao.edu> To: sage-members@usenix.org Subject: RE: On-Call compensation X-Sun-Charset: US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Todd Williams wrote: > Not sure what the legal issues are about requiring an employee to live > in a certain place! You can't require them to live in a certain place, but you can make it part of the job requirements that they be on-site within a certain period of time in response to a call-out. Ruth. From sage-members-owner@usenix.org Tue Feb 20 13:31:56 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KLSph15644 for sage-members-outgoing; Tue, 20 Feb 2001 13:28:51 -0800 (PST) Received: from honor.greatcircle.com (honor.greatcircle.com [198.102.244.44]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KLSo915640 for ; Tue, 20 Feb 2001 13:28:50 -0800 (PST) Received: from [198.102.244.42] (gw-zodiac.mv.meer.net [209.157.150.14]) by honor.greatcircle.com (Postfix) with ESMTP id 2DBD917E8C; Tue, 20 Feb 2001 13:28:17 -0800 (PST) Mime-Version: 1.0 X-Sender: brent@honor.greatcircle.com Message-Id: In-Reply-To: <71E57122D51BD311AFB800A0C9F49861025F6851@mail-cpk> References: <71E57122D51BD311AFB800A0C9F49861025F6851@mail-cpk> Date: Tue, 20 Feb 2001 13:28:30 -0800 To: sage-members@usenix.org From: Brent Chapman Subject: RE: On-Call compensation Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 10:45 AM -0800 2/20/01, Todd Williams wrote: >Phil Pennock said: > > > > In the UK, the NOC is larger with clearly defined teams with separate > > responsibilities. Each team has two to four people who may be on > > service protection duty. It's typically one day on at a time, not one > > week. Escalation is via others in the group. All staff on duty are > > REQUIRED TO LIVE NEAR THE NOC... > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >Wow. I'm not sure what this means. If I live far away, do I: >a) not get hired >b) not have to ever be on call >c) get the company to buy me a house nearby > >Please explain. > >P.S. Not sure what the legal issues are about requiring an employee to live >in a certain place! > >-Todd It is a fairly common requirement for public safety personnel (police officers, fire fighters, etc.), as well as managers at the local and county levels. It is usually expressed in terms of "you must be able to respond to work within N minutes when called during on-call hours". It's perfectly legal; it's a contractual matter between the employee and the employer. If you can't meet that requirement, then you're not a qualified candidate for the job. Note that they don't tell you where you have to live, merely that you have to be able to reach your duty station within a certain period of time. If you want to accomplish that by staying at a local hotel or crashing on a buddy's couch when you're on call, rather than moving somewhere closer, that's up to you. -Brent -- Brent Chapman Great Circle Associates, Inc. Brent@GreatCircle.COM http://www.greatcircle.com/ From sage-members-owner@usenix.org Tue Feb 20 13:38:57 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KLa2J15700 for sage-members-outgoing; Tue, 20 Feb 2001 13:36:02 -0800 (PST) Received: from sephiroth.byte-me.org (sephiroth.byte-me.org [216.15.105.106]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KLa1915696 for ; Tue, 20 Feb 2001 13:36:01 -0800 (PST) Received: (from mallen@localhost) by sephiroth.byte-me.org (8.9.3/8.9.3) id NAA25974; Tue, 20 Feb 2001 13:35:17 -0800 From: Mark Allen Message-Id: <200102202135.NAA25974@sephiroth.byte-me.org> Subject: Re: Password History To: sage-members@usenix.org Date: Tue, 20 Feb 2001 13:35:17 -0800 (PST) Cc: sage-members@usenix.org In-Reply-To: <200102201709.LAA03000@endeavor.ep.frco.com> from "Donna L Butler" at Feb 20, 2001 01:14:32 PM X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Donna L Butler writes: > 1) If I write a simple csh or sh wrapper, how can I hide the > input so folks can't see what is being typed in? stty is your friend for controlling TTY settings in shell scripts. See the man page for it. > 2) Can I deliver the old and new passwords to 'passwd' as > arguments or with some type of redirect? I tried a number > of things and couldnt get this to work. Probably not. All the password commands (i know of, anyway) won't take parameters containing passwords because then someone could look at the process table and get the unencrypted password for an account. You might be able to make your script work by using the 'expect' scripting language. ObURL: http://members.cotse.com/dlf/man/expect/index.html > 3) Better yet; does anyone have another solution for me, or at > least have a Solaris compiled version of "anlpasswd" or some > other tool. You could write a pretty simple perl script to implement the flatfile aging database you describe, and then change folks passwords using the crypt() function, the trick here being that the script would have to have permission to modify /etc/shadow or /etc/passwd or your NIS maps, depending on how your environment is set up. ObRandomThought: Solaris /etc/shadow doesn't support password aging?! Woah. Mark -- Mark Allen -- mallen@byte-me.org -- http://www.byte-me.org/~mallen/ PGP1: 0x5CDC2161 Mark Allen (Personal Key) PGP2: 0x80402A46 Mark Allen (Work) From sage-members-owner@usenix.org Tue Feb 20 14:06:26 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KM30c15957 for sage-members-outgoing; Tue, 20 Feb 2001 14:03:00 -0800 (PST) Received: from mail.hodgsonhouse.com (server.hodgsonhouse.com [24.72.10.209]) by usenix.org (8.11.0/8.11.0) with SMTP id f1KM2w915953 for ; Tue, 20 Feb 2001 14:02:58 -0800 (PST) Received: (qmail 31149 invoked by uid 501); 20 Feb 2001 22:02:39 -0000 Date: Tue, 20 Feb 2001 16:02:39 -0600 From: Tillman To: sage-members@usenix.org Subject: Re: Password History Message-ID: <20010220160239.C30993@server.hodgsonhouse.com> References: <200102201709.LAA03000@endeavor.ep.frco.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102201709.LAA03000@endeavor.ep.frco.com>; from donna@ep.frco.com on Tue, Feb 20, 2001 at 11:09:47AM -0600 X-Editor: Vim-5.5 http://www.vim.org X-Mailer: Mutt Rocks! http://www.mutt.org Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, Feb 20, 2001 at 11:09:47AM -0600, Donna L Butler wrote: > I thought if I could write a wrapper to the passwd program, I would have it > made. I would have it prompt for the old and new password, then check against > a database of old passwords, then if all is well it would execute the "real" > password command with the input as arguments. Howdy, How were you planning on storing the old passwords? You can't compare them in encrypted form to the old one's (the salt changes that), and storing them in other forms would be insecure. I don't claim to be an cryptographic expert, but it seesmsto me that the old passwords would likely have to be stored in a reversible form to be directly comparable and would *definitely* have to be stored in a reversible form in order to perform "too close" estimates (i.e., not enough characters changing, etc). This is Bad Thing, I suspect, and hard to work around. - Tillman From sage-members-owner@usenix.org Tue Feb 20 14:42:55 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KMdoF16274 for sage-members-outgoing; Tue, 20 Feb 2001 14:39:50 -0800 (PST) Received: from motgate.mot.com (motgate.mot.com [129.188.136.100]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KMdn916270 for ; Tue, 20 Feb 2001 14:39:49 -0800 (PST) Received: [from pobox3.mot.com (pobox3.mot.com [10.64.251.242]) by motgate.mot.com (motgate 2.1) with ESMTP id PAA07719 for ; Tue, 20 Feb 2001 15:39:29 -0700 (MST)] Received: [from plnt015.comm.mot.com (plnt015.comm.mot.com [145.2.198.71]) by pobox3.mot.com (MOT-pobox3 2.0) with ESMTP id PAA06564 for ; Tue, 20 Feb 2001 15:35:07 -0700 (MST)] Received: from admin01.comm.mot.com (plhp002.comm.mot.com [173.40.22.12]) by plnt015.comm.mot.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id FKZ8SWLC; Tue, 20 Feb 2001 17:39:27 -0500 Received: from plhp049.comm.mot.com (plhp049 [173.41.21.44]) by admin01.comm.mot.com (8.9.3 (PHNE_18979)/8.8.6) with ESMTP id RAA26352 for ; Tue, 20 Feb 2001 17:39:25 -0500 (EST) Received: (from brownmic@localhost) by plhp049.comm.mot.com (8.9.3 (PHNE_18546)/8.8.6) id RAA00550 for sage-members@usenix.org; Tue, 20 Feb 2001 17:29:13 -0500 (EST) From: Michael Rogero Brown Message-Id: <200102202229.RAA00550@plhp049.comm.mot.com> Subject: Disk cleanup advice for users To: sage-members@usenix.org Date: Tue, 20 Feb 2001 17:29:13 -0500 (EST) In-Reply-To: <200102202102.OAA04204@schooner.aoc.nrao.edu> from Ruth Milner at Feb "20, " 2001 "02:02:00" pm X-Mailer: ELM [$Revision: 1.17.214.2 $] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk All- I am in the process of putting something together to send to our user community to have them cleanup their home directories and group directories of unnecessary files. I was hoping that prehaps someone has already done so, and I could take advantage of this. I've gone over my admin resources (books and confrence proceedings) and don't seen anything that fits the bill. What I am looking for is something that directs them to delete unneeded files, compress files they want to archive, advice on the types of files they should not be saving in home/group directories (*.mp3, etc), and the like. Anyone have something like that they want to share?? Thanks in advance. -- Michael Rogero Brown | Disclaimer: I speak only for myself. Unix/NT Systems Support | Any opinions expressed are my own Motorola, CGISS/CE | and do not reflect the opinions of email: emb021@email.mot.com | Motorola. From sage-members-owner@usenix.org Tue Feb 20 14:57:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KMs5m16420 for sage-members-outgoing; Tue, 20 Feb 2001 14:54:05 -0800 (PST) Received: from warlock.qualcomm.com (warlock.qualcomm.com [129.46.64.204]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KMs4916416 for ; Tue, 20 Feb 2001 14:54:04 -0800 (PST) Received: from avalon.qualcomm.com (avalon.qualcomm.com [203.30.171.11]) by warlock.qualcomm.com (8.9.3/8.9.3/8.9) with ESMTP id OAA21556; Tue, 20 Feb 2001 14:53:43 -0800 (PST) Received: from NAVAJO.qualcomm.com by avalon.qualcomm.com (8.8.8+Sun/SMI-SVR4) id JAA23570; Wed, 21 Feb 2001 09:53:18 +1100 (EST) Message-Id: <4.3.1.0.20010221093953.01ca9780@avalon.qualcomm.com> X-Sender: ggr2@avalon.qualcomm.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Wed, 21 Feb 2001 09:53:06 +1100 To: sage-members@usenix.org From: Greg Rose Subject: Re: Password History Cc: sage-members@usenix.org In-Reply-To: <20010220160239.C30993@server.hodgsonhouse.com> References: <200102201709.LAA03000@endeavor.ep.frco.com> <200102201709.LAA03000@endeavor.ep.frco.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-sage-members@usenix.org Precedence: bulk At 04:02 PM 2/20/2001 -0600, Tillman wrote: >On Tue, Feb 20, 2001 at 11:09:47AM -0600, Donna L Butler wrote: > > I thought if I could write a wrapper to the passwd program, I would have it > > made. I would have it prompt for the old and new password, then check > against > > a database of old passwords, then if all is well it would execute the > "real" > > password command with the input as arguments. > >Howdy, > >How were you planning on storing the old passwords? You can't compare them in >encrypted form to the old one's (the salt changes that), and storing them in >other forms would be insecure. I don't claim to be an cryptographic expert, >but it seesmsto me that the old passwords would likely have to be stored in a >reversible form to be directly comparable and would *definitely* have to be >stored in a reversible form in order to perform "too close" estimates (i.e., >not enough characters changing, etc). This is Bad Thing, I suspect, and hard >to work around. That's not right. The program, at the time of running, has access to the plaintext proposed password. So, to compare it to the old passwords, it just needs to read in an old password, take the first (or is it last? I can't remember, but my argument stands) two characters of the old hashed password and use them as the salt to hash the proposed new password. If they don't match, the proposed password wasn't the same as the old one, and that's all you need to know. Once all the old passwords (for that user only... you don't want to give away information about what *other* people have used for passwords) have been checked, let the passwd command choose a new random salt. I agree that expect is a great solution to the problem... you just need to cobble up a program that expect can call to say "what's the result of hashing this password with this salt?"... or embed such a subroutine into expect. I'd guess about 20 lines of expect script and 20 lines of C. And a note to one of the earlier posters... password aging is not the same thing as password history. Almost all of the manufacturer supplied password aging schemes let the user cycle through two passwords. Mind you, password history won't stop them cycling through "Psw!!###" where ### is a counter, either, which is why I believe the only real solution is to teach proper password discipline and stop using 8 character passwords, not to try to enforce more draconian rules. But we're in the wrong universe for that to work. regards, Greg. Greg Rose INTERNET: ggr@qualcomm.com Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/ Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C From sage-members-owner@usenix.org Tue Feb 20 14:57:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KMs9i16426 for sage-members-outgoing; Tue, 20 Feb 2001 14:54:09 -0800 (PST) Received: from rm-rstar.sfu.ca (root@rm-rstar.sfu.ca [142.58.120.21]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KMs7916422 for ; Tue, 20 Feb 2001 14:54:07 -0800 (PST) Received: from fraser.sfu.ca (vanepp@fraser.sfu.ca [142.58.101.25]) by rm-rstar.sfu.ca (8.10.1/8.10.1/SFU-5.0H) with ESMTP id f1KMrmW18472 for ; Tue, 20 Feb 2001 14:53:48 -0800 (PST) From: Peter Van Epp Received: (from vanepp@localhost) by fraser.sfu.ca (8.9.2/8.9.2/SFU-5.0C) id OAA07310 for sage-members@usenix.org; Tue, 20 Feb 2001 14:53:48 -0800 (PST) Message-Id: <200102202253.OAA07310@fraser.sfu.ca> Subject: Re: Password History To: sage-members@usenix.org Date: Tue, 20 Feb 2001 14:53:48 -0800 (PST) In-Reply-To: <20010220160239.C30993@server.hodgsonhouse.com> from "Tillman" at Feb 20, 2001 04:02:39 PM X-Mailer: ELM [version 2.5 PL4] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk > > On Tue, Feb 20, 2001 at 11:09:47AM -0600, Donna L Butler wrote: > > I thought if I could write a wrapper to the passwd program, I would have it > > made. I would have it prompt for the old and new password, then check against > > a database of old passwords, then if all is well it would execute the "real" > > password command with the input as arguments. > > Howdy, > > How were you planning on storing the old passwords? You can't compare them in > encrypted form to the old one's (the salt changes that), and storing them in Sure you can. Since you have the salt used to encrypt the old password you can encrypt the new password using that same salt and compare the encrypted values to see if they match. You then only have to securely (as securely as /etc/passwd or /etc/shadow) store the old passwords in their enrypted form. After this check you would of course want to let the system actually encrypt the new password with a salt of its choice to preserve the salt entropy. Peter Van Epp / Operations and Technical Support Simon Fraser University, Burnaby, B.C. Canada From sage-members-owner@usenix.org Tue Feb 20 15:41:26 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KNc7B16813 for sage-members-outgoing; Tue, 20 Feb 2001 15:38:07 -0800 (PST) Received: from pianosa.catch22.org (postfix@pianosa.catch22.org [64.81.48.19]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KNc6916809 for ; Tue, 20 Feb 2001 15:38:06 -0800 (PST) Received: by pianosa.catch22.org (Postfix, from userid 1020) id 115C31793; Tue, 20 Feb 2001 15:37:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by pianosa.catch22.org (Postfix) with ESMTP id 02A1737B2 for ; Tue, 20 Feb 2001 15:37:47 -0800 (PST) Date: Tue, 20 Feb 2001 15:37:47 -0800 (PST) From: Benjy Feen X-Sender: To: sage-members@usenix.org Subject: 2^32 stupid things smart admins do to screw up their systems Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Check this passage from man resolv.conf under OpenBSD, Red Hat Linux, Solaris 7 (phrased differently) and a slew of other systems... -- The domain and search keywords are mutually exclusive. If more than one instance of these keywords is present, the last instance will override. -- I frequently see resolv.conf files which contain both domain and search directives on systems where I know for a fact they're mutually exclusive. People do this *all* the time. Effects vary, but range from none to some. I'm a pedantic bastard by nature, too, so I find myself muttering things like, "It's sloppy thinking like this that's melting the polar icecaps," whenever I run across an erroneous resolv.conf. So it got me to thinking: What are some common administration practices that are silly, ill-advised, or just plain wrong? Other examples: habitually /dev/nulling all output from cronjobs running logfiles into your homedir using /tmp as a scratch filesystem or staging area The idea here is to come up with the sort of things that: a) Are really common practices b) Are a universally Bad Idea and could have been done properly with no or little more effort, if only they'd known to. Ultimately, I'd like to write the results up as an article for Monkeybagel or for a print publication; contributors will be credited by name unless they specify otherwise. If it doesn't end up working out as an article, well, hey, we'll still have fun talking about it, eh? -- Benjy Feen benjy(AT)feen.com http://www.monkeybagel.com From sage-members-owner@usenix.org Tue Feb 20 15:46:16 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KNhF516945 for sage-members-outgoing; Tue, 20 Feb 2001 15:43:15 -0800 (PST) Received: from mars.starshine.org ([204.130.184.13]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KNhE916941 for ; Tue, 20 Feb 2001 15:43:14 -0800 (PST) Received: from mars (mars.starshine.org [127.0.0.1]) by mars.starshine.org (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id PAA12631; Tue, 20 Feb 2001 15:44:19 -0800 Message-Id: <200102202344.PAA12631@mars.starshine.org> X-Authentication-Warning: mars.starshine.org: Host mars.starshine.org [127.0.0.1] claimed to be mars To: sage-members@usenix.org cc: sage-members@usenix.org From: Jim Dennis X-Mailer: NMH X-GnuPG-Fingerprint: 66A0 25A0 57AF 963C 414C 0DD7 2065 7DEC 123E C631 X-Content-Type: application/pgp; format=text; x-action=sign Subject: Re: On-Call compensation In-Reply-to: Message Apparently From "Bennett Samowich" Dated Fri, 16 Feb 2001 10:24:23 EST. Date: Tue, 20 Feb 2001 15:44:19 -0800 Sender: owner-sage-members@usenix.org Precedence: bulk Apparently "Bennett Samowich" wrote: > Greets, > Just curious if it is common for administrators to be compensated for being > "on-call" or not, and if so, what is a typical compensation? > We have another situation brewing and I am starting to line up my proverbial > ducks. > Cheers, > - Bennett It seems that most small to medium-sized organizations don't pay sysadmins "extra" for being on call; since we are paid somewhat more than average salaries compared to employees in other fields. Obviously in a larger organization if most of the sysadmin staff is *not* on call then those that are have a legitimate claim for compensation. However, that doesn't always translate to higher salaries, or financial bonuses. Often the compensation is in the form of "comp time" (flexible and relaxed day time work schedules). Although my current title is "software analyst" I'm currently acting as the senior sysadmin in a six person IT team (with just one SA reporting to me). This is a small company (about 100 employees) in a non-technical field. (Most employees spend less than 1/2 hour per day on our computers). I'm on-call from at least 5am to about 11pm 7 days per week. However, I don't have any particular day time our requirements. (I'm expected before noon most weekdays). This have been pretty consistent with other small to medium organizations for which I've worked as a sysadmin. That said, it is quite reasonable for you to demand clear guidelines on the "on call" expectations. Are you expected to hop out of bed and check for mail routing issues or clean out print queues at 2 am just because some night owl at the office is working late? What if the night out is the VP of engineering, or the CEO? What if the issue is preventing their preparation for a meeting with the VCs at 9:00 am sharp, and he/she has to catch a 6:00 am flight to get there? One time, a few years ago, I had a mild confrontation with a boss over such an issue. It was the third consecutive month when the monthly issue (anti-virus updates to subscribers) "went into over-time." Last minute bugs had been detected during my final testing (a process I'd designed and implemented to prevent embarassing "recalls" and re-issues); the fixes had been hacked in, the programmers were leaving for the day at 7 o'clock and I'd been their since 7 am for a "bright and early shipment." I explained to him that once in awhile is an emergency, but every month, consistently is *not*. I went on to explain that the risks associated with worker exhaustion were significant to their business and customer relations, etc. After that we adjusted the process. Basically I arranged to come in later on those days, and gained the clear perogative to set a cutoff for final patches. (Basic release engineering practices). The programmers fought this; but I held firm on my side --- professionalism prevails (sometimes). (Basically they had a deadline that co-incided with our release deadline; there was no established testing interval. They didn't want to miss their deadlines because it cut into their bonuses; so their lack of preparation and time management was constantly becoming my emergency; I was able to show that the extent bad practices were causing us more problems and probably costing us more customers than delays would have). Basically, you want to look at the expectations in terms of the business requirements of your users/customers. What does it cost for your work to be delayed until the next business day? What risks do those delays entail? If the costs and risks are insignficant than the "requirement" that you be on call (for those issues) is unreasonable. If the costs and risks are high then the requirement justifies extra expense on their part and compensation for your part. For legitimate emergencies (those issues that *emerge*, from unforeseen circumstances) you just do you best and file them away in your "accomplishments" log. (Then, next time you're pressed for details about why you deserve a raise, promotion etc, you can whip out the accomplishments log and provide them). -- Jim Dennis Software Analyst Axis Personal Trainers http://www.axispt.com From sage-members-owner@usenix.org Tue Feb 20 16:01:44 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1KNwqa17257 for sage-members-outgoing; Tue, 20 Feb 2001 15:58:52 -0800 (PST) Received: from kestrel.octaldream.com (kestrel.octaldream.com [204.201.111.9]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1KNwp917251 for ; Tue, 20 Feb 2001 15:58:51 -0800 (PST) Received: (from scottm@localhost) by kestrel.octaldream.com (8.11.1/8.11.1) id f1KNwWW21360 for sage-members@usenix.org; Tue, 20 Feb 2001 15:58:32 -0800 (PST) (envelope-from scottm) Date: Tue, 20 Feb 2001 15:58:32 -0800 From: Scott McDermott To: sage-members@usenix.org Subject: Re: SAGE election results Message-ID: <20010220155832.A21300@octaldream.com> Mail-Followup-To: sage-members@usenix.org References: <20010220083636.A18079@octaldream.com> <20010220135813.H17413@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010220135813.H17413@redhat.com>; from bandregg@redhat.com on Tue, Feb 20, 2001 at 01:58:13PM -0500 X-Archive-No: Yes Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, Feb 20, 2001, a militant turtle forced Bryan C. Andregg to say: > > From talking to some of the other candidates before the election this is > pretty on par to a touch higher, if I recall correctly. This is weak. Somehow SAGE needs to get the membership more involved. Exactly how to do this, I do not know. Was there a flyer about the election in the LISA packet? Maybe there should be in the future? Actually, the first question is probably why are so many members not voting? -- Scott McDermott Unix Dude From sage-members-owner@usenix.org Tue Feb 20 16:39:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L0aRV17592 for sage-members-outgoing; Tue, 20 Feb 2001 16:36:27 -0800 (PST) Received: from gwyn.tux.org (ident-user@gwyn.tux.org [207.96.122.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L0aQ917587 for ; Tue, 20 Feb 2001 16:36:26 -0800 (PST) Received: (from jsdy@localhost) by gwyn.tux.org (8.9.3/8.9.1) id TAA06090; Tue, 20 Feb 2001 19:35:56 -0500 Date: Tue, 20 Feb 2001 19:35:56 -0500 From: Joseph S D Yao To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Password History Message-ID: <20010220193556.Z9638@gwyn.tux.org> References: <20010220160239.C30993@server.hodgsonhouse.com> <200102202253.OAA07310@fraser.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200102202253.OAA07310@fraser.sfu.ca>; from vanepp@sfu.ca on Tue, Feb 20, 2001 at 02:53:48PM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, Feb 20, 2001 at 02:53:48PM -0800, Peter Van Epp wrote: ... > Sure you can. Since you have the salt used to encrypt the old password > you can encrypt the new password using that same salt and compare the encrypted > values to see if they match. You then only have to securely (as securely as > /etc/passwd or /etc/shadow) store the old passwords in their enrypted form. > After this check you would of course want to let the system actually encrypt > the new password with a salt of its choice to preserve the salt entropy. "Salt entropy." I don't remember hearing that term before. ;-) Your method works to some degree. However, this does have some disadvantages which may be disabling in this application. One is that, IIRC, Unix password encrypting is not unique (part of why it's not reversible). There is a small but finite chance that two strings that are not identical will hash into the same encryption. If a user KNOWS that he or she is entering a different string, yet gets told that the new string is the same as the old, some amount of user discomfort and displeasure is to be expected. ;-} Another may not have been part of the original design requirements ... but I remember somewhere in this thread mentioning of denying passwords that are too similar (these could be reversals, rotations, case changes, minimal substitutions, or the like). Comparing the encrypted strings would not allow this kind of comparison at all, of course. -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/ From sage-members-owner@usenix.org Tue Feb 20 16:58:52 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L0sT317774 for sage-members-outgoing; Tue, 20 Feb 2001 16:54:29 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1L0sSx17769 for sage-members@usenix.org; Tue, 20 Feb 2001 16:54:28 -0800 (PST) Received: from hunterftp.hunter.com (hunterftp.hunter.com [128.242.141.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L0Ti917514 for ; Tue, 20 Feb 2001 16:29:44 -0800 (PST) Received: from gwydion.kenthamilton.net (root@gwydion.kenthamilton.net [172.16.1.240]) by hunterftp.hunter.com (8.11.1/8.11.1) with ESMTP id f1L0TNa01570; Tue, 20 Feb 2001 18:29:23 -0600 (CST) (envelope-from kenth@KentHamilton.NET) Received: (from kenth@localhost) by gwydion.kenthamilton.net (8.11.1/8.11.1) id f1L0TMo03653; Tue, 20 Feb 2001 18:29:22 -0600 (CST) (envelope-from kenth) From: Kent Hamilton Message-Id: <200102210029.f1L0TMo03653@gwydion.kenthamilton.net> Subject: Re: On-Call compensation In-Reply-To: "from Brent Chapman at Feb 20, 2001 01:28:30 pm" To: sage-members@usenix.org Date: Tue, 20 Feb 2001 18:29:21 -0600 (CST) CC: sage-members@usenix.org Reply-To: KentH@KentHamilton.NET X-Operating-System: FreeBSD 4.2-STABLE X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk > At 10:45 AM -0800 2/20/01, Todd Williams wrote: [snip] > >P.S. Not sure what the legal issues are about requiring an employee to live > >in a certain place! > > > >-Todd > > It is a fairly common requirement for public safety personnel (police > officers, fire fighters, etc.), as well as managers at the local and > county levels. It is usually expressed in terms of "you must be able > to respond to work within N minutes when called during on-call > hours". > [snip] > > Note that they don't tell you where you have to live, merely that you > have to be able to reach your duty station within a certain period of > time. If you want to accomplish that by staying at a local hotel or > crashing on a buddy's couch when you're on call, rather than moving > somewhere closer, that's up to you. Slightly off-topic but.... Actually St. Louis, Missouri requires all police officers live in St. Louis county and if you move outside the county you better find a PO Box somewhere in it to receive your checks or you loose your job, so I'd have to say that at least for some professions it is legal. -- Kent Hamilton From sage-members-owner@usenix.org Tue Feb 20 17:33:53 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L1Ue818190 for sage-members-outgoing; Tue, 20 Feb 2001 17:30:40 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L1Uc918186 for ; Tue, 20 Feb 2001 17:30:38 -0800 (PST) Received: from [10.0.1.2] (dialup83.brussels.skynet.be [195.238.19.83] (may be forged)) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.10) with ESMTP id f1L1U8q07610; Wed, 21 Feb 2001 02:30:08 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20010220160239.C30993@server.hodgsonhouse.com> References: <200102201709.LAA03000@endeavor.ep.frco.com> <20010220160239.C30993@server.hodgsonhouse.com> Date: Wed, 21 Feb 2001 02:29:15 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Password History Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 4:02 PM -0600 2/20/01, Tillman wrote: > How were you planning on storing the old passwords? You can't compare them in > encrypted form to the old one's (the salt changes that), and storing them in > other forms would be insecure. You've got a known salt if you take the first two characters of the password and use that. You can then relatively safely store that encrypted version, since you'd only ever have unencrypted passwords on input, which you could then do a trial encryption with a forced salt, and do a comparison what permanent storage to see if it's already in the history. If not, and it passes all the other criteria, then you can re-encrypt (this time using a more variable salt), and actually change the password to suit. -- ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Tue Feb 20 18:04:56 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L204418590 for sage-members-outgoing; Tue, 20 Feb 2001 18:00:04 -0800 (PST) Received: from falcon.prod.itd.earthlink.net (falcon.prod.itd.earthlink.net [207.217.120.74]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L202918586 for ; Tue, 20 Feb 2001 18:00:03 -0800 (PST) Received: from marvin (user-vcautnk.dsl.mindspring.com [216.175.118.244]) by falcon.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with SMTP id RAA22985; Tue, 20 Feb 2001 17:59:40 -0800 (PST) From: "Andy Silva" To: sage-members@usenix.org Subject: Why are you a SAGE member? (Was: SAGE election results) Date: Tue, 20 Feb 2001 19:59:39 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 In-Reply-To: <20010220155832.A21300@octaldream.com> Importance: Normal Sender: owner-sage-members@usenix.org Precedence: bulk I suspect (and note that this was one of my 'campaign' platforms) that part of the reason that people don't participate is because in general we haven't been very good a communicating or building up the benefits that SAGE offers individuals. Prior to running for this most recent committee, I primarily was a SAGE member to support the idea of SAGE. Not so much for what SAGE could do for me, but because of what it could do for all admins. I want to help other admins by teaching the things I know and giving me a chance to grow personally. I want to support venues for learning so that other people can share the things they know with me. Now this is all great for me, so what about the other 4000+ people out there? It seems to me that a large portion of them are not very active. They go to LISA or other USENIX or SAGE event, join both organizations because it's easy (come-on it's just a checkbox and an extra $115 to your registration), enjoy the passive benefits they receive (;login: and the short topic booklets), but other than that are largely ambivalent to the organization as a whole. Where does the ambivalence come from? I think it comes from the fact that the reality of the day-to-day SAGE member is that SAGE to them is a loose collection of professionals (hobbyists?) that have a similar interest and get together periodically by way of conferences to share ideas and to a lesser extent continue that sharing process through lists like this, but other than that, SAGE makes no impact on their profession. Being a SAGE member doesn't do anything for you professionally in a passive way like belonging to some other organizations. So if you had to assign a priority for your interests and where you're going to spend your time of all the things you can spend your time on in a given day, where would SAGE fit into for you. Your answer may vary depending on your day, your mood, or your feeling towards SAGE. How do you alter the trend of apathy towards SAGE? It's a good question. I won't even pretend to have all the answers. However, I do think that if you want someone to be more active in an organization you need to instill a level of pride and ownership. For as old as SAGE is in years of existence, it is a very immature organization in my opinion. What that means to the individual is that there's a lot of room to make a piece of SAGE your own and help build it into a mature professional organization. I would stress that more people get involved in the sharing of knowledge through presentations to your local SAGE group or at the national level through conferences. While anyone can do this, belonging to SAGE can give you an edge in the fact that there's at least 606 other people out there who want you to succeed because we're all in it for the same reason. While SAGE itself may not help you professionally, the opportunities that are available to you as an individual through your involvement with SAGE will if you participate. SAGE is like your first car. It's probably got a little rust here and there, and it may not be the sleekest and coolest model on the road. However, it is your vehicle, and you're behind the wheel and have the opportunity to direct it and use it in a way that benefits you. The hitch is that you can only benefit from this if you get behind the wheel and start driving. -andy -- Collective: Managed infrastructure for the real world. collectivetech.com -------------------------------------------------------------------------- Andres 'Andy' Silva | It takes less time to do a thing right, than it does Senior Consultant | to explain why you did it wrong. 630.650.8255 cell | 312.781.9400 fax | -- Henry Wadsworth Longfellow > -----Original Message----- > From: owner-sage-members@usenix.org > [mailto:owner-sage-members@usenix.org]On Behalf Of Scott McDermott > Sent: Tuesday, February 20, 2001 5:59 PM > To: sage-members@usenix.org > Subject: Re: SAGE election results > > > On Tue, Feb 20, 2001, a militant turtle forced Bryan C. Andregg to say: > > > > From talking to some of the other candidates before the election this is > > pretty on par to a touch higher, if I recall correctly. > > This is weak. Somehow SAGE needs to get the membership more > involved. Exactly > how to do this, I do not know. Was there a flyer about the election in the > LISA packet? Maybe there should be in the future? > > Actually, the first question is probably why are so many members > not voting? > > -- > Scott McDermott > Unix Dude > From sage-members-owner@usenix.org Tue Feb 20 18:23:24 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L2KHJ19062 for sage-members-outgoing; Tue, 20 Feb 2001 18:20:17 -0800 (PST) Received: from mail.hodgsonhouse.com (server.hodgsonhouse.com [24.72.10.209]) by usenix.org (8.11.0/8.11.0) with SMTP id f1L2KG919058 for ; Tue, 20 Feb 2001 18:20:16 -0800 (PST) Received: (qmail 32109 invoked by uid 501); 21 Feb 2001 02:19:56 -0000 Date: Tue, 20 Feb 2001 20:19:56 -0600 From: Tillman To: sage-members@usenix.org Subject: Re: Password History Message-ID: <20010220201956.A31997@server.hodgsonhouse.com> References: <200102201709.LAA03000@endeavor.ep.frco.com> <200102201709.LAA03000@endeavor.ep.frco.com> <20010220160239.C30993@server.hodgsonhouse.com> <4.3.1.0.20010221093953.01ca9780@avalon.qualcomm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.1.0.20010221093953.01ca9780@avalon.qualcomm.com>; from ggr@qualcomm.com on Wed, Feb 21, 2001 at 09:53:06AM +1100 X-Editor: Vim-5.5 http://www.vim.org X-Mailer: Mutt Rocks! http://www.mutt.org Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Feb 21, 2001 at 09:53:06AM +1100, Greg Rose wrote: > At 04:02 PM 2/20/2001 -0600, Tillman wrote: > >but it seesmsto me that the old passwords would likely have to be stored in a > >reversible form to be directly comparable and would *definitely* have to be > >stored in a reversible form in order to perform "too close" estimates (i.e., > >not enough characters changing, etc). This is Bad Thing, I suspect, and hard > >to work around. > That's not right. The program, at the time of running, has access to the > plaintext proposed password. So, to compare it to the old passwords, it > just needs to read in an old password, take the first (or is it last? I > can't remember, but my argument stands) two characters of the old hashed > password and use them as the salt to hash the proposed new password. If > they don't match, the proposed password wasn't the same as the old one, and > that's all you need to know. Once all the old passwords (for that user > only... you don't want to give away information about what *other* people > have used for passwords) have been checked, let the passwd command choose a > new random salt. (but noted, thanks for the reminder) > And a note to one of the earlier posters... password aging is not the same > thing as password history. Almost all of the manufacturer supplied password > aging schemes let the user cycle through two passwords. Mind you, password > history won't stop them cycling through "Psw!!###" where ### is a counter, > either, which is why I believe the only real solution is to teach proper > password discipline and stop using 8 character passwords, not to try to > enforce more draconian rules. But we're in the wrong universe for that to work. Right, it sounds like you're agreeing with me ;-) Comparing direct passwords, even with the salt, is possible. But do handle "mypassword1" --> "mypassword2" changes (or even to "MyPassword1", etc), requires the ability to retrieve the actual original password, unless a system to store "characteristics" of the old password is used. This is likely to be less than satisfactory, though. I agree with another poster that implementing this through PAM is probably the best way to do this, though I don't like the implications of storing the previous passwords. ObDraconianAnswer: Assign all users a new random password on a X'ly basis and hand them the password on paper that will "self destruct in 10 seconds" under a cone of silence surrounded by armed guards. Note that this is not truly secure. Heh. - Tillman From sage-members-owner@usenix.org Tue Feb 20 18:49:49 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L2kLc19248 for sage-members-outgoing; Tue, 20 Feb 2001 18:46:21 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1L2kKA19243 for sage-members@usenix.org; Tue, 20 Feb 2001 18:46:20 -0800 (PST) Received: from blodwen.watching.org (blodwen.demonadsltrial.co.uk [193.195.65.37]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L23H918623 for ; Tue, 20 Feb 2001 18:03:18 -0800 (PST) Received: from jrg by blodwen.watching.org with local (Exim 3.15 #5) id 14VOcK-00053I-00 for sage-members@usenix.org; Wed, 21 Feb 2001 02:02:57 +0000 From: jrg@watching.org (James R Grinter) Date: Wed, 21 Feb 2001 02:02:56 +0000 In-Reply-To: <20010220135813.H17413@redhat.com> "Re: SAGE election results" (Feb 20, 20:52) X-Subliminal: H is for Hypertext X-Layer: 3 X-Mailer: Mail User's Shell (7.2.6 beta(5)+dynamic 10/07/98) To: sage-members@usenix.org Subject: Re: SAGE election results Message-Id: Sender: owner-sage-members@usenix.org Precedence: bulk On Tue 20 Feb, 2001, "Bryan C. Andregg" wrote: >From talking to some of the other candidates before the election this is >pretty on par to a touch higher, if I recall correctly. Do we have figures for how many selected the first option (which was the "print a ballot paper for mailing" - paraphrased, the wording was much less clear than that) and then didn't mail one in? James. From sage-members-owner@usenix.org Tue Feb 20 19:08:58 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L35cl19333 for sage-members-outgoing; Tue, 20 Feb 2001 19:05:38 -0800 (PST) Received: from mail2.rdc2.ab.home.com (mail2.rdc2.ab.home.com [24.64.2.49]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L35a919329 for ; Tue, 20 Feb 2001 19:05:37 -0800 (PST) Received: from h24-64-245-133.cg.shawcable.net ([24.64.245.133]) by mail2.rdc2.ab.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20010221030512.KQHI825.mail2.rdc2.ab.home.com@h24-64-245-133.cg.shawcable.net>; Tue, 20 Feb 2001 19:05:12 -0800 Date: Tue, 20 Feb 2001 20:05:11 -0700 (MST) From: Yves Dorfsman X-X-Sender: To: sage-members@usenix.org cc: Subject: Re: On-Call compensation In-Reply-To: <200102202344.PAA12631@mars.starshine.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, 20 Feb 2001, Jim Dennis wrote: > It seems that most small to medium-sized organizations don't pay > sysadmins "extra" for being on call; since we are paid somewhat more > than average salaries compared to employees in other fields. As mentioned by other people, only if this is well defined and clear to all party as they sign the contract. Yves. ---- Yves Dorfsman dorfsmay@cuug.ab.ca http://www.cuug.ab.ca/~dorfsmay From sage-members-owner@usenix.org Tue Feb 20 19:22:58 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L3JiK19392 for sage-members-outgoing; Tue, 20 Feb 2001 19:19:44 -0800 (PST) Received: from out4.mx.nwbl.wi.voyager.net (out4.mx.nwbl.wi.voyager.net [169.207.1.77]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L3Jh919388 for ; Tue, 20 Feb 2001 19:19:43 -0800 (PST) Received: from pop0.nwbl.wi.voyager.net (pop0.nwbl.wi.voyager.net [169.207.1.115]) by out4.mx.nwbl.wi.voyager.net (8.11.1/8.11.1) with ESMTP id f1L3JDN82283; Tue, 20 Feb 2001 21:19:13 -0600 (CST) Received: from starfury.execpc.com (d145.as14.nwbl1.wi.voyager.net [169.207.90.19]) by pop0.nwbl.wi.voyager.net (8.10.2/8.10.2) with ESMTP id f1L3JBU35259; Tue, 20 Feb 2001 21:19:11 -0600 (CST) Received: from localhost (alcourt@localhost) by starfury.execpc.com (8.11.0/8.11.0) with ESMTP id f1L3NUN09488; Tue, 20 Feb 2001 21:23:30 -0600 X-Authentication-Warning: starfury.execpc.com: alcourt owned process doing -bs Date: Tue, 20 Feb 2001 21:23:27 -0600 (CST) From: "Mr. Alcourt" To: sage-members@usenix.org cc: Subject: Re: Password History In-Reply-To: <20010220193556.Z9638@gwyn.tux.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- On Tue, 20 Feb 2001, Joseph S D Yao wrote: > Your method works to some degree. > > However, this does have some disadvantages which may be disabling in > this application. One is that, IIRC, Unix password encrypting is not > unique (part of why it's not reversible). There is a small but finite > chance that two strings that are not identical will hash into the same > encryption. If a user KNOWS that he or she is entering a different > string, yet gets told that the new string is the same as the old, some > amount of user discomfort and displeasure is to be expected. ;-} Has a case yet been discovered of two separate strings that hash to the same string with the crypt function? I haven't heard about one. > Another may not have been part of the original design requirements ... > but I remember somewhere in this thread mentioning of denying passwords > that are too similar (these could be reversals, rotations, case changes, > minimal substitutions, or the like). Comparing the encrypted strings > would not allow this kind of comparison at all, of course. Not at all. You also have access to the users' old password because they just typed it in to prove that they are indeed permitted to change their password. What you can't prevent with this technique is rotating between two passwords. VMS did have that capability (I think it was frequently set up to memorize up to 1 year's worth of passwords), and I was always uncomfortable with that feature, but I never learned VMS well enough to know what was going on under the hood. IIRC, the old pink Programming Perl book (it doesn't cover Perl 5) has an example passwd program replacement that illustrates how to quality check a password as well as check for minimal changes only from the last password. It would not be hard to modify said program to also check against a secured directory with a file containing old passwords for each user. The model would unfortunately probably resemble HP's secure mode, but there are worse approaches. - -- Mr. Alcourt http://www.execpc.com/~alcourt/ "I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Made with pgp4pine 1.75-6 iQCVAwUBOpM0stHXH7Z+KmdxAQGoBgP7BySeTHYPBTWSN8zCgjksVhMLRDOod47u mqVwAVu4lpA/tJxFAAmQef7tLfsP/eWHC7Gcz2VTlWKAaH/2K1qXiTOtxZnZjAWG /XyE+A2MexKWCVRrdgAwGGz795BMhw/m2yTOl5uDaJT0vat95XUtNPPC6mCe8qQP GYov4avwtVU= =4b2S -----END PGP SIGNATURE----- From sage-members-owner@usenix.org Tue Feb 20 20:03:55 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L40dL19528 for sage-members-outgoing; Tue, 20 Feb 2001 20:00:39 -0800 (PST) Received: from q4.quik.com (q4.quik.com [216.176.28.1]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L40c919524 for ; Tue, 20 Feb 2001 20:00:38 -0800 (PST) Received: from biz.compata.com (IDENT:root@compata.com [209.213.159.33]) by q4.quik.com (8.11.0/8.11.0) with ESMTP id f1L40H279414 for ; Tue, 20 Feb 2001 20:00:17 -0800 Received: from biz.compata.com by biz.compata.com (Linux 2.2.14) with ESMTP (8.9.3/8.9.3) id UAA15657 for ; Tue, 20 Feb 2001 20:00:08 -0800 Message-Id: <200102210400.UAA15657@biz.compata.com> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.3 To: sage-members@usenix.org Subject: Re: Password History In-reply-to: Your message of "Wed, 21 Feb 2001 09:53:06 +1100." <4.3.1.0.20010221093953.01ca9780@avalon.qualcomm.com> X-Face: $?&5f7w4GjUJOb-[FmngebA}V`5Dv)QEdHg|d%mytVRm]'o}*{J6:PP%(LfN LmOcb#>"^wDF*|ZzuS??S*vLH[.miV( Sender: owner-sage-members@usenix.org Precedence: bulk Greg Rose wrote: >And a note to one of the earlier posters... password aging is not >the same thing as password history. Almost all of the manufacturer >supplied password aging schemes let the user cycle through two >passwords. Mind you, password history won't stop them cycling through >"Psw!!###" where ### is a counter, either, which is why I believe the >only real solution is to teach proper password discipline and stop >using 8 character passwords, not to try to enforce more draconian >rules. But we're in the wrong universe for that to work This is certainly an interesting technical problem, but is it a real problem? If by "proper password discipline" one means, "must change passwords regularly and must not re-use any relatives of previous passwords", to what problem is that discipline a solution? I'm not sure that Greg is advocating those characteristics; he offers discipline as an alternative to them. But, of course, many sites do insist on those characteristics, and many managers seem to think they are unequivocally good things. To me, there are only two valid rules for passwords. (1) Keep it truly secret. Don't write it down anywhere. Don't tell anyone else. Don't share use of an account. Take adequate precaution to avoid interception of a password during use. (2) Limit possible damage. Use different passwords in different contexts. My second rule is not meant to imply that every account must have a different password. It is sensible that a password used for a public web site should not be the same as that for your corporate file server. But if you have several corporate file servers, I see no harm in using the same password on each. Requiring too many different passwords and requiring that they be changed frequently almost forces a user to write them down. Or maybe write them into his PDA. No one ever lost a PDA? If my first rule is observed strictly, I see no reason to ever change a password unless there is evidence it has been compromised. And in that case, one must not only change the password but also change the system to close whatever loophole allowed the compromise. Don't worry too much about undetected compromise. Any attacker good enough to remain unknown is also likely good enough to have installed whatever he needs to capture any new passwords. Rather than thinking a monthly change will do anything to thwart someone who learned a password 29 days ago, spend more effort on detecting compromise quickly and reliably. -- Dave Close, Compata, Costa Mesa CA "Politics is the business of getting dave@compata.com, +1 714 434 7359 power and privilege without dhclose@alumni.caltech.edu possessing merit." - P. J. O'Rourke From sage-members-owner@usenix.org Tue Feb 20 20:05:19 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L425T19538 for sage-members-outgoing; Tue, 20 Feb 2001 20:02:05 -0800 (PST) Received: from gwyn.tux.org (ident-user@gwyn.tux.org [207.96.122.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L41x919534 for ; Tue, 20 Feb 2001 20:01:59 -0800 (PST) Received: (from jsdy@localhost) by gwyn.tux.org (8.9.3/8.9.1) id XAA15828; Tue, 20 Feb 2001 23:01:32 -0500 Date: Tue, 20 Feb 2001 23:01:32 -0500 From: Joseph S D Yao To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Password History Message-ID: <20010220230132.B15045@gwyn.tux.org> References: <20010220193556.Z9638@gwyn.tux.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from alcourt@execpc.com on Tue, Feb 20, 2001 at 09:23:27PM -0600 Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, Feb 20, 2001 at 09:23:27PM -0600, Mr. Alcourt wrote: > Not at all. You also have access to the users' old password because they > just typed it in to prove that they are indeed permitted to change their > password. What you can't prevent with this technique is rotating between > two passwords. ... Which is why, I suspect, the original poster was assigned to modify 'passwd' to do PASSWORD HISTORY checking [as the Subject: line says]. We aren't talking about the immediate past password here. Rather, not JUST the immediate past password. Otherwise, why bother to store the old encrypted form at all? Which was what this discussion was about. -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/ From sage-members-owner@usenix.org Tue Feb 20 20:25:07 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L4LwK19625 for sage-members-outgoing; Tue, 20 Feb 2001 20:21:58 -0800 (PST) Received: from glatton.cnchost.com (glatton.cnchost.com [207.155.248.47]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L4Lv919621 for ; Tue, 20 Feb 2001 20:21:57 -0800 (PST) Received: from deaddrop.org (ts008d15.lap-ca.concentric.net [64.1.209.123]) by glatton.cnchost.com id XAA10258; Tue, 20 Feb 2001 23:21:37 -0500 (EST) [ConcentricHost SMTP Relay 1.10] Message-ID: <3A934241.9BCCE68C@deaddrop.org> Date: Tue, 20 Feb 2001 20:21:21 -0800 From: Etaoin Shrdlu Organization: Do I look like I'm organized? X-Mailer: Mozilla 4.72 [en] (Win95; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: sage-members@usenix.org Subject: Re: SAGE election results References: <20010220083636.A18079@octaldream.com> <20010220135813.H17413@redhat.com> <20010220155832.A21300@octaldream.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Scott McDermott wrote: > > On Tue, Feb 20, 2001, a militant turtle forced Bryan C. Andregg to say: > > > > From talking to some of the other candidates before the election this is > > pretty on par to a touch higher, if I recall correctly. > > This is weak. Somehow SAGE needs to get the membership more involved. Exactly > how to do this, I do not know. Was there a flyer about the election in the > LISA packet? Maybe there should be in the future? If people wanted to get involved, they would be. I saw plenty about the election, on this list, on the newsgroup, and with the two or three physical mailers (and the two or three emails). Notification alone will not create participation where their is no perceived benefit. It isn't weak. I'm fine with it. > Actually, the first question is probably why are so many members not voting? It's the easy question to answer. Because they don't care about the outcome, because they feel that the outcome will have little or no effect on things that matter to them. I'm always amazed that there are people willing to serve, and I certainly applaud the winners (in fact, I voted for all of them, which might make this a first for me as far as a usenix election is concerned). Even the smallest volunteer effort takes an ENORMOUS amount of time, and I truly admire the dedication and sacrifice from folk like Barb and company. You know, while I'm thinking about this, I wonder how many members of sage/usenix (or even just sage) are long term members. Long term here can mean some time period that is at least three years, so that we can see that there is general interest in improving, or at least participating in, the group that is sage. I think that you'll find that the numbers might hide a few things. There are always, in any group, a small core of people who care about the purpose of the group, about its future, and about the outcome of certain events within it. There are many more that like things that the group represents, but do not have this focus of purpose that exists within the core. There are still more who join because it seems the thing to do, but have no more actual interest in sage than the average accountant or lawyer. Why should they? Be happy that there is such a strong, healthy core, and work to support the people who seem to care deeply. Understand that by doing so, you also benefit the general community of folk who like sage/usenix, and who cares about the rest, anyway? They'll be gone, supplanted by more one-year-here-and-over members. Congratulations again to the new slate. -- Come back, Dave. From sage-members-owner@usenix.org Tue Feb 20 20:26:46 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L4NmK19631 for sage-members-outgoing; Tue, 20 Feb 2001 20:23:48 -0800 (PST) Received: from denali.loopback.net (durham-ar1-020-103.dsl.gtei.net [4.40.20.103]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L4Nk919627 for ; Tue, 20 Feb 2001 20:23:46 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f1L4NPL19293; Tue, 20 Feb 2001 23:23:25 -0500 Date: Tue, 20 Feb 2001 23:23:25 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Password History Message-ID: <20010220232325.C19271@redhat.com> References: <200102201709.LAA03000@endeavor.ep.frco.com> <200102201709.LAA03000@endeavor.ep.frco.com> <20010220160239.C30993@server.hodgsonhouse.com> <4.3.1.0.20010221093953.01ca9780@avalon.qualcomm.com> <20010220201956.A31997@server.hodgsonhouse.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="p2kqVDKq5asng8Dg" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010220201956.A31997@server.hodgsonhouse.com>; from tillman@hodgsonhouse.com on Tue, Feb 20, 2001 at 08:19:56PM -0600 Sender: owner-sage-members@usenix.org Precedence: bulk --p2kqVDKq5asng8Dg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 20, 2001 at 08:19:56PM -0600, Tillman mailed: > Comparing direct passwords, even with the salt, is possible. But do handle > "mypassword1" --> "mypassword2" changes (or even to "MyPassword1", etc), > requires the ability to retrieve the actual original password, unless a s= ystem > to store "characteristics" of the old password is used. This is likely to= be > less than satisfactory, though. >=20 > I agree with another poster that implementing this through PAM is probabl= y the > best way to do this, though I don't like the implications of storing the > previous passwords. As a side note, the use of md5 password within the framework of PAM allows = the administrator to set a score that new passwords have to meet in order to be allowed. So, setting a score of 20 and then configuring PAM to give 2 points for uppercase characters, and 2 points for "other" characters, and 2 points for numbers, etc. is a way to encourage more "random" passwords. As an added advantage with the md5 paswords one "match" is the number of characters that are different from the previous password. --=20 Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary= ." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --p2kqVDKq5asng8Dg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6k0K95AZBSxmJOhkRAuT/AJ0TNjRaKIiTdMPcESx69+zB4HViYQCbBzVv XsLQfufOclgk+i7SE16lAK4= =c27U -----END PGP SIGNATURE----- --p2kqVDKq5asng8Dg-- From sage-members-owner@usenix.org Tue Feb 20 21:09:20 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1L4x3h19768 for sage-members-outgoing; Tue, 20 Feb 2001 20:59:03 -0800 (PST) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1L4x1919764 for ; Tue, 20 Feb 2001 20:59:01 -0800 (PST) Received: from moe.cs.duke.edu (moe.cs.duke.edu [152.3.140.74]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id XAA15394; Tue, 20 Feb 2001 23:58:40 -0500 (EST) Received: from localhost (des@localhost) by moe.cs.duke.edu (8.8.5/8.6.9) with ESMTP id XAA12953; Tue, 20 Feb 2001 23:58:40 -0500 (EST) X-Authentication-Warning: moe.cs.duke.edu: des owned process doing -bs Date: Tue, 20 Feb 2001 23:58:40 -0500 (EST) From: "Daniel E. Singer" To: sage-members@usenix.org cc: Subject: Re: Disk cleanup advice for users In-Reply-To: <200102202229.RAA00550@plhp049.comm.mot.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, 20 Feb 2001, Michael Rogero Brown wrote: > I am in the process of putting something together to send to our user > community to have them cleanup their home directories and group directories > of unnecessary files. .... HAR HAR HAR HAR HAR! (ROTFL) :-O Ahem, sorry, couldn't restrain myself. :) From sage-members-owner@usenix.org Wed Feb 21 06:39:50 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LEYYu20842 for sage-members-outgoing; Wed, 21 Feb 2001 06:34:34 -0800 (PST) Received: from gerasimov.net ([209.143.70.130]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LEYP920838 for ; Wed, 21 Feb 2001 06:34:29 -0800 (PST) Received: (from alban@localhost) by gerasimov.net (8.9.3/8.9.3) id JAA26791 for sage-members@usenix.org; Wed, 21 Feb 2001 09:32:49 -0500 Date: Wed, 21 Feb 2001 06:32:49 -0800 From: David Alban To: sage-members@usenix.org Subject: Re: Password History Message-ID: <20010221063249.A26680@gerasimov.net> References: <4.3.1.0.20010221093953.01ca9780@avalon.qualcomm.com> <200102210400.UAA15657@biz.compata.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4us In-Reply-To: <200102210400.UAA15657@biz.compata.com>; from Dave Close on Tue, Feb 20, 2001 at 08:00:08PM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk At 2001/02/20/20:00 -0800 Dave Close wrote: > To me, there are only two valid rules for passwords. (1) Keep it truly > secret. Don't write it down anywhere. Don't tell anyone else. Don't > share use of an account. Take adequate precaution to avoid interception > of a password during use. (2) Limit possible damage. Use different > passwords in different contexts. (3) Don't ever let them go over a network unencrypted (i.e., use ssh or something similar) If they can capture them in plain text, it doesn't matter how good they are, or whether or not they've been used before. (Unless of course they're one-time passwords. :-) -- Live in a world of your own, but always welcome visitors. From sage-members-owner@usenix.org Wed Feb 21 06:44:46 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LEfcA20873 for sage-members-outgoing; Wed, 21 Feb 2001 06:41:38 -0800 (PST) Received: from smtpsrv0.isis.unc.edu (smtpsrv0.isis.unc.edu [152.2.1.139]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LEfb920869 for ; Wed, 21 Feb 2001 06:41:37 -0800 (PST) Received: from login0.isis.unc.edu (harris@login0.isis.unc.edu [152.2.1.97]) by smtpsrv0.isis.unc.edu (8.9.3/8.9.1) with ESMTP id JAA13424 for ; Wed, 21 Feb 2001 09:41:16 -0500 (EST) Received: (from harris@localhost) by login0.isis.unc.edu (AIX4.3/8.9.3/8.9.3) id JAA24092; Wed, 21 Feb 2001 09:41:16 -0500 Date: Wed, 21 Feb 2001 09:41:14 -0500 (EST) From: Trey Harris X-Sender: harris@login0.isis.unc.edu To: sage-members@usenix.org Subject: Re: Password History In-Reply-To: <20010220232325.C19271@redhat.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, 20 Feb 2001, Bryan C. Andregg wrote: > As a side note, the use of md5 password within the framework of PAM allows the > administrator to set a score that new passwords have to meet in order to be > allowed. So, setting a score of 20 and then configuring PAM to give 2 points > for uppercase characters, and 2 points for "other" characters, and 2 points > for numbers, etc. is a way to encourage more "random" passwords. As an added > advantage with the md5 paswords one "match" is the number of characters that > are different from the previous password. Incidentally, I hate it when random websites--from whom I'm only choosing a password because they won't give me some piece of info I need until I do so--use such rules. I don't *care* about these passwords very much, I don't have the faculties to remember a different password for each of dozens of sites, particularly ones I may visit only once or twice a year, and I don't carry around any piece of equipment (a la Palm) enough to use one of those password-crypt apps. So my solution--and I bet most people's--is to use the same password for every website that I don't particularly care about. I use a different website for SSL sites, and yet another for each "important site" (the bank, websites who keep my credit card, etc.). That gets the list of potential passwords down to a more manageable dozen or so. The monkey wrench gets thrown in when you start using these rules for the password. One site insists on at least one punctuation mark, another forbids any. One insists on a capital letter, another says passwords are case insensitive (but demands you type in all lower case when setting it). There's one site that I now type the variation of my standard password (adjusted for all the weird rules) directly, but that's because I started noticing that it always took me three incorrect tries before I got it right--so I now just, in my head, skip the first three passwords I would try and go to the fourth directly! My preference, when I can get away with it, is a long passphrase (my standard password I use for real tasks is between 15 and 28 characters when the OS will allow it) with no character rules at all. But I'm in the minority, and my typographical error rate is low. ;-) Trey From sage-members-owner@usenix.org Wed Feb 21 07:09:05 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LF66020961 for sage-members-outgoing; Wed, 21 Feb 2001 07:06:06 -0800 (PST) Received: from gerasimov.net ([209.143.70.130]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LF64920957 for ; Wed, 21 Feb 2001 07:06:04 -0800 (PST) Received: (from alban@localhost) by gerasimov.net (8.9.3/8.9.3) id KAA26979 for sage-members@usenix.org; Wed, 21 Feb 2001 10:04:28 -0500 Date: Wed, 21 Feb 2001 07:04:28 -0800 From: David Alban To: sage-members@usenix.org Subject: Re: 2^32 stupid things smart admins do to screw up their systems Message-ID: <20010221070428.B26680@gerasimov.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4us In-Reply-To: ; from Benjy Feen on Tue, Feb 20, 2001 at 03:37:47PM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk At 2001/02/20/15:37 -0800 Benjy Feen wrote: > What are some common administration practices that are silly, ill-advised, > or just plain wrong? 1. Aliasing rm to "rm -i" in users' ~/.*rc files Whether a user is experienced or not, use of this alias will teach them that rm is "safe". That is, they learn that they will always get a chance to change their mind because they'll always be prompted. This sets up the possibility that the user will use "rm" instead of "rm -i" on a different system on which this alias may not have been defined. This will be especially painful if the user has become used to executing "rm *" or "rm *.c" or others as nasty as these because they've been conditioned to regard rm as safe. My alternative, both for my own use and for newly created user accounts is to define the alias: alias "rmi=/usr/bin/rm -i" I have gotten into the habit of using "rmi" to remove files. I occasionally use "rm" when I *know* I don't want to be prompted. So, what happens when the "rmi" alias is not set up on another machine? bash: rmi: command not found or something similar. :-) A bit of user education is recommended when their accounts are set up. You tell them that in spite of whatever their experience has been, their account has been set up without a "safe" rm. They should use "rmi" instead of rm. And when they don't want to be prompted with a gazillion files to confirm deletion, they should first execute "ls PATTERN" and *then* "rm PATTERN". They, of course, are free to reinstitute the "rm=rm -i" alias at their own risk. :-) 2. Not realizing that tar files with sensitive data may be world readable If root's (or even a regular user's) umask allows world read permission, then any tar file created will also have world read permission. You may think you're safe because the files you have tar'red may not allow world permissions, but you're not safe. Example: say you are root (with aforementioned umask) and you want to temporarily store a copy of /var/mail somewhere. If you make a tar file of it, then you have just created a hole which will allow any user on the system to copy your tar file into their space and look at the contents. (Unless you created the tar file in a directory that users can't access.) 3. Not using ssh and scp (or similar tools) It's humbling when a user sniffs a root password. David -- Live in a world of your own, but always welcome visitors. From sage-members-owner@usenix.org Wed Feb 21 07:32:21 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LFTDh21022 for sage-members-outgoing; Wed, 21 Feb 2001 07:29:13 -0800 (PST) Received: from bantha.org (postfix@208.241.154-dsl-117.ntrnet.net [208.241.154.117]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LFTC921018 for ; Wed, 21 Feb 2001 07:29:12 -0800 (PST) Received: by bantha.org (Postfix, from userid 1014) id E9A0C66BC2; Wed, 21 Feb 2001 10:28:52 -0500 (EST) Date: Wed, 21 Feb 2001 10:28:52 -0500 From: Chris Palmer To: sage-members@usenix.org Subject: Re: SAGE election results Message-ID: <20010221102852.B43554@azuen.net> Mail-Followup-To: sage-members@usenix.org References: <20010220083636.A18079@octaldream.com> <20010220135813.H17413@redhat.com> <20010220155832.A21300@octaldream.com> <3A934241.9BCCE68C@deaddrop.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A934241.9BCCE68C@deaddrop.org>; from shrdlu@deaddrop.org on Tue, Feb 20, 2001 at 08:21:21PM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk On 20/02/01, Etaoin Shrdlu wrote: > > how to do this, I do not know. Was there a flyer about the election in the > > LISA packet? Maybe there should be in the future? > > If people wanted to get involved, they would be. I saw plenty about the > election, on this list, on the newsgroup, and with the two or three > physical mailers (and the two or three emails). Notification alone will > not create participation where their is no perceived benefit. It isn't > weak. I'm fine with it. I don't think by "involved" SAGE should limit itself to just "votes in an election". Many people who are not involved in SAGE in any way beyond attending LISA once in a while are not going to notice the election no matter how many flyers are sent out. If a wider segment of the membership was more directly involved in SAGE, then little publicity would be needed to get a good election turnout. An election itself is not a good target for participation, it's more of an indicator that people are participating in other parts of the organization. SAGE needs to create ways in which members both are able to and want to be involved with the organization on a regular basis, and just how that's to be done is a big question for the new Board as they split off from Usenix. Congrats to the new Exec Board! -Chris Palmer -- -- Chris Palmer 135 Rollstone Road Fitchburg, MA 01420 From sage-members-owner@usenix.org Wed Feb 21 08:31:00 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LGQ8d21257 for sage-members-outgoing; Wed, 21 Feb 2001 08:26:08 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1LGQ7V21252 for sage-members@usenix.org; Wed, 21 Feb 2001 08:26:07 -0800 (PST) Received: from insws8502.gs.com (insws8502.gs.com [204.4.182.11]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LE7t920780 for ; Wed, 21 Feb 2001 06:07:55 -0800 (PST) Received: from insdb8502.inz.gs.com (insdb8502.inz.gs.com [204.4.188.75]) by insws8502.gs.com (Postfix) with ESMTP id 49F7D1BE84; Wed, 21 Feb 2001 09:07:31 -0500 (EST) Received: from gsny08e.et.gs.com by insdb8502.inz.gs.com with ESMTP; Wed, 21 Feb 2001 09:07:31 -0500 Received: by gsny08e.et.gs.com with Internet Mail Service (5.5.2448.0) id ; Wed, 21 Feb 2001 09:07:31 -0500 Message-Id: <2D428234521FD311B91A00902762CA8F05DFDCB6@gsny08e.et.gs.com> From: "Gittler, Xev" To: sage-members@usenix.org Subject: RE: SAGE election results Date: Wed, 21 Feb 2001 09:07:30 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk >From the USENIX office: For the 1999-2000 SAGE election: Of the 4,337 ballots mailed, 656 were returned to us, for a return rate of 15%. One ballot was determined invalid and two abstained, making a total ballot count of 653. For the 2001-2002 SAGE election: Total number of SAGE members eligible to vote: 4861 Total number of votes cast: 606 * Number of postal ballots: 3 Response rate: 12.5% Total invalid ballots: 0 > -----Original Message----- > From: jrg@watching.org [mailto:jrg@watching.org] > Sent: Tuesday, February 20, 2001 9:03 PM > To: sage-members@usenix.org > Subject: Re: SAGE election results > > > On Tue 20 Feb, 2001, "Bryan C. Andregg" wrote: > >From talking to some of the other candidates before the > election this is > >pretty on par to a touch higher, if I recall correctly. > > Do we have figures for how many selected the first option (which was > the "print a ballot paper for mailing" - paraphrased, the wording was > much less clear than that) and then didn't mail one in? > > James. > From sage-members-owner@usenix.org Wed Feb 21 08:32:25 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LGT0L21281 for sage-members-outgoing; Wed, 21 Feb 2001 08:29:00 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1LGSxl21276 for sage-members@usenix.org; Wed, 21 Feb 2001 08:28:59 -0800 (PST) Received: from merctech.com (brickhouse1.iad1.sitesmith.com [63.94.228.10]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LFom921146 for ; Wed, 21 Feb 2001 07:50:48 -0800 (PST) Received: from biber (bergman@localhost) by merctech.com (8.11.1/8.11.1) with ESMTP id f1LFoAp26929; Wed, 21 Feb 2001 10:50:11 -0500 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: sage-members@usenix.org cc: sage-members@usenix.org From: bergman@panix.com Reply-To: bergman@panix.com Subject: Re: Password History In-Reply-To: Your message of "Tue, 20 Feb 2001 21:23:27 CST." References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 21 Feb 2001 10:50:10 -0500 Message-ID: <26928.982770610@biber> Sender: owner-sage-members@usenix.org Precedence: bulk In your message dated: Tue, 20 Feb 2001 21:23:27 CST, your pithy ruminations on were: => -----BEGIN PGP SIGNED MESSAGE----- => => On Tue, 20 Feb 2001, Joseph S D Yao wrote: => => => IIRC, the old pink Programming Perl book (it doesn't cover Perl 5) has an => example passwd program replacement that illustrates how to quality check a => password as well as check for minimal changes only from the last password. ***************************************************************************** WARNING!!!!!!! That's a nice example, but it's got an error that _will_ corrupt your /etc/shadow file! As far as I recall, the script truncates any trailing NULL fields in /etc/shadow, resulting in a file that will have lines with too few fields. This causes Solaris to barf, preventing logins and other nastiness. ***************************************************************************** I've got (and sent to the original poster) a perl script that's loosely based on the example in the old Camel book. This does implement password history, as well as doing fairly fascist checks to attempt to ensure that the password is well chosen. I will distribute the script upon request. I will not post it to the list. Mark => It would not be hard to modify said program to also check against a => secured directory with a file containing old passwords for each user. The => model would unfortunately probably resemble HP's secure mode, but there => are worse approaches. => => - -- => Mr. Alcourt http://www.execpc.com/~alcourt/ => "I may disagree with what you say, but I will defend unto the death => your right to say it." -- Voltaire => -----BEGIN PGP SIGNATURE----- => Version: GnuPG v1.0.4 (GNU/Linux) => Comment: Made with pgp4pine 1.75-6 => => iQCVAwUBOpM0stHXH7Z+KmdxAQGoBgP7BySeTHYPBTWSN8zCgjksVhMLRDOod47u => mqVwAVu4lpA/tJxFAAmQef7tLfsP/eWHC7Gcz2VTlWKAaH/2K1qXiTOtxZnZjAWG => /XyE+A2MexKWCVRrdgAwGGz795BMhw/m2yTOl5uDaJT0vat95XUtNPPC6mCe8qQP => GYov4avwtVU= => =4b2S => -----END PGP SIGNATURE----- => => => -- Mark Bergman Biker, IATSE #1 Stagehand, Rock Climber, Unix mechanic '94 Yamaha GTS1000A bergman@panix.com I want a newsgroup with a infinite S/N ratio! Now taking CFV on: rec.motorcycles.stagehands.pet-bird-owners.pinballers.unix-supporters 5+ So Far--Want to join? Check out: http://www.panix.com/~bergman From sage-members-owner@usenix.org Wed Feb 21 08:35:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LGWGg21307 for sage-members-outgoing; Wed, 21 Feb 2001 08:32:16 -0800 (PST) Received: from rm-rstar.sfu.ca (root@rm-rstar.sfu.ca [142.58.120.21]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LGWE921303 for ; Wed, 21 Feb 2001 08:32:14 -0800 (PST) Received: from fraser.sfu.ca (vanepp@fraser.sfu.ca [142.58.101.25]) by rm-rstar.sfu.ca (8.10.1/8.10.1/SFU-5.0H) with ESMTP id f1LGVsW14504 for ; Wed, 21 Feb 2001 08:31:54 -0800 (PST) From: Peter Van Epp Received: (from vanepp@localhost) by fraser.sfu.ca (8.9.2/8.9.2/SFU-5.0C) id IAA03506 for sage-members@usenix.org; Wed, 21 Feb 2001 08:31:54 -0800 (PST) Message-Id: <200102211631.IAA03506@fraser.sfu.ca> Subject: Re: SAGE election results To: sage-members@usenix.org Date: Wed, 21 Feb 2001 08:31:54 -0800 (PST) In-Reply-To: <20010221102852.B43554@azuen.net> from "Chris Palmer" at Feb 21, 2001 10:28:52 AM X-Mailer: ELM [version 2.5 PL4] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Don't know about anyone else, but all the candidates for the board looked as if they would do a fine job to me leaving more or less random chance (and/or the couple that I have met) as selection criteria and no particular downside that I could see to not participating in the election. Thus I suspect that too much is perhaps being made of a "poor" (for some definition of poor :-)) return rate in the election. Now if we couldn't find enough good people willing to serve that would be a problem, but we look to have been blessed that way and I for one don't see a problem. Peter Van Epp / Operations and Technical Support Simon Fraser University, Burnaby, B.C. Canada From sage-members-owner@usenix.org Wed Feb 21 09:19:39 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LHGPF21577 for sage-members-outgoing; Wed, 21 Feb 2001 09:16:25 -0800 (PST) Received: from yfandes.cs.wisc.edu (yfandes.cs.wisc.edu [128.105.162.24]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LHGO921573 for ; Wed, 21 Feb 2001 09:16:24 -0800 (PST) Received: from yfandes.cs.wisc.edu (localhost [127.0.0.1]) by yfandes.cs.wisc.edu (8.9.2/8.9.2) with ESMTP id LAA05769; Wed, 21 Feb 2001 11:16:03 -0600 (CST) Message-Id: <200102211716.LAA05769@yfandes.cs.wisc.edu> To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: SAGE election results In-reply-to: Your message of "Wed, 21 Feb 2001 08:31:54 PST." <200102211631.IAA03506@fraser.sfu.ca> Date: Wed, 21 Feb 2001 11:16:03 -0600 From: David Parter Sender: owner-sage-members@usenix.org Precedence: bulk In informal discussions, the board has been looking at the participation rate in the recent elections. On the one hand, the participation rate is typical for most non-profit/professional organizations. On the other hand, we view it as a sign of the weakness of our connection to our members. We'd like to improve membership participation in all aspects of SAGE, and improve the services we provide to our members. Most -- if not all -- of the board members read sage-members. I try and not comment immediately on many issues, because I want to let the discussion flow. We value your input, and do try and address the issues raised on the sage-members mailing list. However, if you have more specific comments/suggesstions/ideas please send them to sage-exec@sage.org, and we will make sure that one (or more) of the members of the executive committee answers your question. --david From sage-members-owner@usenix.org Wed Feb 21 09:34:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LHTU521643 for sage-members-outgoing; Wed, 21 Feb 2001 09:29:30 -0800 (PST) Received: from gerasimov.net ([209.143.70.130]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LHTS921639 for ; Wed, 21 Feb 2001 09:29:28 -0800 (PST) Received: (from alban@localhost) by gerasimov.net (8.9.3/8.9.3) id MAA28105 for sage-members@usenix.org; Wed, 21 Feb 2001 12:27:49 -0500 Date: Wed, 21 Feb 2001 09:27:49 -0800 From: David Alban To: sage-members@usenix.org Subject: Re: Password History Message-ID: <20010221092749.A28064@gerasimov.net> References: <4.3.1.0.20010221093953.01ca9780@avalon.qualcomm.com> <200102210400.UAA15657@biz.compata.com> <20010221063249.A26680@gerasimov.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4us In-Reply-To: <20010221063249.A26680@gerasimov.net>; from David Alban on Wed, Feb 21, 2001 at 06:32:49AM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk At 2001/02/21/06:32 -0800 David Alban wrote: > At 2001/02/20/20:00 -0800 Dave Close wrote: > > To me, there are only two valid rules for passwords. (1) Keep it truly > > secret. Don't write it down anywhere. Don't tell anyone else. Don't > > share use of an account. Take adequate precaution to avoid interception > > of a password during use. (2) Limit possible damage. Use different > > passwords in different contexts. > > (3) Don't ever let them go over a network unencrypted (i.e., use > ssh or something similar) Sorry, Dave. I didn't read number (1) well enough. You do indeed say "Take adequate precaution to avoid interception of a password during use." -- Live in a world of your own, but always welcome visitors. From sage-members-owner@usenix.org Wed Feb 21 09:52:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LHlxY21792 for sage-members-outgoing; Wed, 21 Feb 2001 09:47:59 -0800 (PST) Received: from zia.aoc.NRAO.EDU (zia.aoc.nrao.edu [146.88.1.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LHlv921788 for ; Wed, 21 Feb 2001 09:47:57 -0800 (PST) Received: from schooner.aoc.nrao.edu (schooner [146.88.1.113]) by zia.aoc.NRAO.EDU (8.9.3/8.9.3) with ESMTP id KAA11066 for ; Wed, 21 Feb 2001 10:47:36 -0700 (MST) Received: (from rmilner@localhost) by schooner.aoc.nrao.edu (8.7.3/8.6.10) id KAA05134 for sage-members@usenix.org; Wed, 21 Feb 2001 10:47:35 -0700 (MST) Date: Wed, 21 Feb 2001 10:47:35 -0700 (MST) From: Ruth Milner Message-Id: <200102211747.KAA05134@schooner.aoc.nrao.edu> To: sage-members@usenix.org Subject: Re: Password History X-Sun-Charset: US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Joe Yao wrote: > There is a small but finite > chance that two strings that are not identical will hash into the same > encryption. Yes, and I have seen this happen, in the late 1980's. We got a match when cracking a password, but it turned out that wasn't the real password. It's pretty rare, though. Frankly, I'm surprised it doesn't happen more often since these days the dictionaries used for cracking are *huge* and all sorts of permutations are checked. Back then it was just English words, place names, and maybe an initial capital or appended single digit. > If a user KNOWS that he or she is entering a different > string, yet gets told that the new string is the same as the old, some > amount of user discomfort and displeasure is to be expected. ;-} >From a security point of view, it doesn't matter whether the characters the user types in are different; since they hash to the same thing, anyone trying either one of them will be able to gain access. (We verified that in the case I encountered.) Usually if you demonstrate this to someone they will be willing to change it, but I agree that for the user, having a program insist they're the same would be irritating! Fortunately, the combination of a) rare occurrence, and b) the two strings that match have to be what the user chose previously and what they're choosing now, rather than a bombardment of strings to compare such as crack does, means that it will probably never happen. Ruth. From sage-members-owner@usenix.org Wed Feb 21 10:11:48 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LI7Hu22046 for sage-members-outgoing; Wed, 21 Feb 2001 10:07:17 -0800 (PST) Received: from falcon.prod.itd.earthlink.net (falcon.prod.itd.earthlink.net [207.217.120.74]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LI7G922042 for ; Wed, 21 Feb 2001 10:07:16 -0800 (PST) Received: from marvin (user-2injhp3.dialup.mindspring.com [165.121.199.35]) by falcon.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with SMTP id KAA25638; Wed, 21 Feb 2001 10:06:43 -0800 (PST) From: "Andy Silva" To: sage-members@usenix.org Subject: RE: SAGE election results Date: Wed, 21 Feb 2001 12:06:42 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20010221102852.B43554@azuen.net> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Sender: owner-sage-members@usenix.org Precedence: bulk > SAGE needs to create ways in which members both are > able to and want to be involved with the organization on a regular > basis, and just how that's to be done is a big question for the > new Board as they split off from USENIX. A couple of points here to keep in mind. First, the exec committee is just seven people. While many of us have experiences that show that a smaller group of people working together can usually accomplish things at a faster pace than a larger group of people, these seven people have many responsibilities in a volunteer capacity and probably will be unable to 'create' ways in which members want to be involved. What they can do is take input from members on ways they would like to be involved and promote those efforts by spawning off sub-committees, but don't look to these folks to wave a magic wand and make you want to be involved with SAGE. I think the most important thing the executive committee can do for SAGE at this point is provide frequent and consistent communication about what's going on within the organization and what opportunities are available for people to get involved with. When you see something happening that interests you, you'll get involved. Otherwise, no one is, or can, make you be involved with SAGE. My second point focuses on the second half of your statement. I'm not trying to start another thread from hell on the subject, but I think you're being a bit premature about the state of SAGE splitting from USENIX. Personally, I don't think this is in the best interest for SAGE and will continue to oppose this until the USENIX board and the SAGE executive committee can explain why this needs to happen in a way that is devoid of political posturing and historical failures in communication. When this topic came up I didn't understand why it was being lobbied for so hard, and now that I know a bit more about it, I still don't understand why it's being pushed so hard. Many of the reasons and analogies provided in the past 3 months don't really seem to fit well with the reality of how SAGE and USENIX operate today when you take a closer look at things and talk to the board and committee members involved. -andy -- Collective: Managed infrastructure for the real world. collectivetech.com -------------------------------------------------------------------------- Andres 'Andy' Silva | It takes less time to do a thing right, than it does Senior Consultant | to explain why you did it wrong. 630.650.8255 cell | 312.781.9400 fax | -- Henry Wadsworth Longfellow From sage-members-owner@usenix.org Wed Feb 21 10:16:29 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LIC9w22101 for sage-members-outgoing; Wed, 21 Feb 2001 10:12:09 -0800 (PST) Received: from merctech.com (brickhouse1.iad1.sitesmith.com [63.94.228.10]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LIC7922097 for ; Wed, 21 Feb 2001 10:12:07 -0800 (PST) Received: from biber (bergman@localhost) by merctech.com (8.11.1/8.11.1) with ESMTP id f1LIBTT30360; Wed, 21 Feb 2001 13:11:30 -0500 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 X-Exmh-Isig-CompType: forw X-Exmh-Isig-Folder: outbox From: bergman@merctech.com To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: Password History MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <30358.982779089.1@biber> Date: Wed, 21 Feb 2001 13:11:29 -0500 Message-ID: <30359.982779089@biber> Sender: owner-sage-members@usenix.org Precedence: bulk In your message dated: Tue, 20 Feb 2001 21:23:27 CST, your pithy ruminations on were: => -----BEGIN PGP SIGNED MESSAGE----- => => On Tue, 20 Feb 2001, Joseph S D Yao wrote: => => => IIRC, the old pink Programming Perl book (it doesn't cover Perl 5) has an => example passwd program replacement that illustrates how to quality check a => password as well as check for minimal changes only from the last password. ***************************************************************************** WARNING!!!!!!! That's a nice example, but it's got an error that _will_ corrupt your /etc/shadow file! As far as I recall, the script truncates any trailing NULL fields in /etc/shadow, resulting in a file that will have lines with too few fields. This causes Solaris to barf, preventing logins and other nastiness. ***************************************************************************** I've got (and sent to the original poster) a perl script that's loosely based on the example in the old Camel book. This does implement password history, as well as doing fairly fascist checks to attempt to ensure that the password is well chosen. I will distribute the script upon request. I will not post it to the list. Mark => It would not be hard to modify said program to also check against a => secured directory with a file containing old passwords for each user. The => model would unfortunately probably resemble HP's secure mode, but there => are worse approaches. => => - -- => Mr. Alcourt http://www.execpc.com/~alcourt/ => "I may disagree with what you say, but I will defend unto the death => your right to say it." -- Voltaire => -----BEGIN PGP SIGNATURE----- => Version: GnuPG v1.0.4 (GNU/Linux) => Comment: Made with pgp4pine 1.75-6 => => iQCVAwUBOpM0stHXH7Z+KmdxAQGoBgP7BySeTHYPBTWSN8zCgjksVhMLRDOod47u => mqVwAVu4lpA/tJxFAAmQef7tLfsP/eWHC7Gcz2VTlWKAaH/2K1qXiTOtxZnZjAWG => /XyE+A2MexKWCVRrdgAwGGz795BMhw/m2yTOl5uDaJT0vat95XUtNPPC6mCe8qQP => GYov4avwtVU= => =4b2S => -----END PGP SIGNATURE----- => => => ---- Mark Bergman http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=bergman@merctech.com From sage-members-owner@usenix.org Wed Feb 21 10:47:20 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LIgVl22310 for sage-members-outgoing; Wed, 21 Feb 2001 10:42:31 -0800 (PST) Received: from gerasimov.net ([209.143.70.130]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LIgT922305 for ; Wed, 21 Feb 2001 10:42:30 -0800 (PST) Received: (from alban@localhost) by gerasimov.net (8.9.3/8.9.3) id NAA28810 for sage-members@usenix.org; Wed, 21 Feb 2001 13:40:53 -0500 Date: Wed, 21 Feb 2001 10:40:53 -0800 From: David Alban To: sage-members@usenix.org Subject: Re: Disk cleanup advice for users Message-ID: <20010221104053.A28720@gerasimov.net> References: <200102202102.OAA04204@schooner.aoc.nrao.edu> <200102202229.RAA00550@plhp049.comm.mot.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4us In-Reply-To: <200102202229.RAA00550@plhp049.comm.mot.com>; from Michael Rogero Brown on Tue, Feb 20, 2001 at 05:29:13PM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk Michael, At 2001/02/20/17:29 -0500 Michael Rogero Brown wrote: > I am in the process of putting something together to send to our user > community to have them cleanup their home directories and group directories > of unnecessary files. I was hoping that prehaps someone has already done so, > and I could take advantage of this. I've gone over my admin resources (books > and confrence proceedings) and don't seen anything that fits the bill. > > What I am looking for is something that directs them to delete unneeded files, > compress files they want to archive, advice on the types of files they should > not be saving in home/group directories (*.mp3, etc), and the like. > > Anyone have something like that they want to share?? You may want to take a look at the web page: squall.nascom.nasa.gov/cgi-bin/tsdis_scripts_interface?script=duchk,+dutree It describes two useful scripts that both sysadmins and users can use to quickly highlight the areas of highest disk use in a directory tree (without crossing filesystem boundaries). duchk will list information for a single directory. dutree will list information for an entire directory tree, where it be rooted at / or ~someuser/. Take a look at the web page for sample output. Also on the referenced web page is a template I used to compose email messages for when I needed users to police their own disk space. It showed them how to use duchk and dutree to quickly get the needed information. For users who were particularly greedy of disk, I would actually run dutree on their $HOME and email them the results. The results were very positive. Nothing works better to get someone to do something for you than to make it as easy as possible for them. I believe that anywhere from 10-60% of a typical users files are not needed by that user anymore. By showing them how to spot such directories and files easily, or by giving them that information after you have gathered it for them, you increase the chance of getting the results you want, namely an increase in free disk space. This has worked very well for me. The scripts are old, and one day I'll rewrite them in perl, but they are time tested. Note that the scripts have tab characters in them (in characters classes). Please see: squall.nascom.nasa.gov/~alban/tsdis/sysadmin/scripts/tab.mauling.html for a discussion if you want to download the scripts. Or contact me and I'll make a tarball available. David -- Live in a world of your own, but always welcome visitors. From sage-members-owner@usenix.org Wed Feb 21 11:23:05 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LJIRO22566 for sage-members-outgoing; Wed, 21 Feb 2001 11:18:27 -0800 (PST) Received: from mail.hodgsonhouse.com (server.hodgsonhouse.com [24.72.10.209]) by usenix.org (8.11.0/8.11.0) with SMTP id f1LJIQ922561 for ; Wed, 21 Feb 2001 11:18:26 -0800 (PST) Received: (qmail 3446 invoked by uid 501); 21 Feb 2001 19:18:06 -0000 Date: Wed, 21 Feb 2001 13:18:06 -0600 From: Tillman To: sage-members@usenix.org Subject: Re: SAGE election results Message-ID: <20010221131806.C3392@server.hodgsonhouse.com> References: <20010221102852.B43554@azuen.net> <200102211631.IAA03506@fraser.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102211631.IAA03506@fraser.sfu.ca>; from vanepp@sfu.ca on Wed, Feb 21, 2001 at 08:31:54AM -0800 X-Editor: Vim-5.5 http://www.vim.org X-Mailer: Mutt Rocks! http://www.mutt.org Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Feb 21, 2001 at 08:31:54AM -0800, Peter Van Epp wrote: > Don't know about anyone else, but all the candidates for the board > looked as if they would do a fine job to me leaving more or less random > chance (and/or the couple that I have met) as selection criteria and no > particular downside that I could see to not participating in the election. > Thus I suspect that too much is perhaps being made of a "poor" (for some > definition of poor :-)) return rate in the election. Now if we couldn't find > enough good people willing to serve that would be a problem, but we look to > have been blessed that way and I for one don't see a problem. Howdy, The details over future involvement with Usenix seemed to be a defining characteristic to me. What this means about the general SAGE members opinion on this issue (other than they didn't care enough to vote ;-) ) I'm not sure. - Tillman From sage-members-owner@usenix.org Wed Feb 21 11:48:41 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LJi3j22892 for sage-members-outgoing; Wed, 21 Feb 2001 11:44:03 -0800 (PST) Received: from smtpsrv0.isis.unc.edu (smtpsrv0.isis.unc.edu [152.2.1.139]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LJi0922888 for ; Wed, 21 Feb 2001 11:44:01 -0800 (PST) Received: from login0.isis.unc.edu (harris@login0.isis.unc.edu [152.2.1.97]) by smtpsrv0.isis.unc.edu (8.9.3/8.9.1) with ESMTP id OAA06141 for ; Wed, 21 Feb 2001 14:43:39 -0500 (EST) Received: (from harris@localhost) by login0.isis.unc.edu (AIX4.3/8.9.3/8.9.3) id OAA53176; Wed, 21 Feb 2001 14:43:39 -0500 Date: Wed, 21 Feb 2001 14:43:36 -0500 (EST) From: Trey Harris X-Sender: harris@login0.isis.unc.edu To: sage-members@usenix.org Subject: Re: SAGE election results In-Reply-To: <200102211631.IAA03506@fraser.sfu.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, 21 Feb 2001, Peter Van Epp wrote: > Don't know about anyone else, but all the candidates for the board > looked as if they would do a fine job to me leaving more or less random > chance (and/or the couple that I have met) as selection criteria and no > particular downside that I could see to not participating in the election. > Thus I suspect that too much is perhaps being made of a "poor" (for some > definition of poor :-)) return rate in the election. Now if we couldn't find > enough good people willing to serve that would be a problem, but we look to > have been blessed that way and I for one don't see a problem. There's a study by the National Center for Nonprofit Boards (I think--don't have the reference in front of me) that showed that voter turnout in board elections is inversely proportional to membership satisfaction. When the membership is happy, they don't bother voting. They only vote to express their dissatisfaction. This incidentally means that someone with a radical minority point of view has a much better chance of being elected in a nonprofit board than in, say, municipal elections, because the people voting are disproportionately composed of people who want a change. Trey ---- Trey Harris formerly of UNC Academic Technology Now with VA Linux Systems, New York region From sage-members-owner@usenix.org Wed Feb 21 12:05:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LK0MD23023 for sage-members-outgoing; Wed, 21 Feb 2001 12:00:22 -0800 (PST) Received: from smtpsrv1.isis.unc.edu (smtpsrv1.isis.unc.edu [152.2.1.138]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LK0K923019 for ; Wed, 21 Feb 2001 12:00:20 -0800 (PST) Received: from login0.isis.unc.edu (harris@login0.isis.unc.edu [152.2.1.97]) by smtpsrv1.isis.unc.edu (8.9.3/8.9.1) with ESMTP id OAA25820 for ; Wed, 21 Feb 2001 14:59:58 -0500 (EST) Received: (from harris@localhost) by login0.isis.unc.edu (AIX4.3/8.9.3/8.9.3) id OAA39282; Wed, 21 Feb 2001 14:59:58 -0500 Date: Wed, 21 Feb 2001 14:59:56 -0500 (EST) From: Trey Harris X-Sender: harris@login0.isis.unc.edu To: sage-members@usenix.org Subject: Re: SAGE election results In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, 21 Feb 2001, Trey Harris wrote: > There's a study by the National Center for Nonprofit Boards (I > think--don't have the reference in front of me) that showed that voter > turnout in board elections is inversely proportional to membership > satisfaction. When the membership is happy, they don't bother > voting. They only vote to express their dissatisfaction. Let me correct myself: the study showed that the two were negatively correlated. Inverse proportionality is a much stronger statement that I don't think can be made here. Trey From sage-members-owner@usenix.org Wed Feb 21 12:17:48 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LKEtD23130 for sage-members-outgoing; Wed, 21 Feb 2001 12:14:55 -0800 (PST) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LKEr923126 for ; Wed, 21 Feb 2001 12:14:54 -0800 (PST) Received: from pompano.cs.duke.edu (pompano.cs.duke.edu [152.3.140.228]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id PAA02337; Wed, 21 Feb 2001 15:14:33 -0500 (EST) Received: from localhost (des@localhost) by pompano.cs.duke.edu (8.8.5/8.6.9) with ESMTP id PAA05308; Wed, 21 Feb 2001 15:14:32 -0500 (EST) X-Authentication-Warning: pompano.cs.duke.edu: des owned process doing -bs Date: Wed, 21 Feb 2001 15:14:32 -0500 (EST) From: "Daniel E. Singer" To: sage-members@usenix.org cc: Subject: Re: Disk cleanup advice for users In-Reply-To: <200102202229.RAA00550@plhp049.comm.mot.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, 20 Feb 2001, Michael Rogero Brown wrote: > I am in the process of putting something together to send to our user > community to have them cleanup their home directories and group directories > of unnecessary files. I was hoping that prehaps someone has already done so, > and I could take advantage of this. I've gone over my admin resources (books > and confrence proceedings) and don't seen anything that fits the bill. > > What I am looking for is something that directs them to delete unneeded files, > compress files they want to archive, advice on the types of files they should > not be saving in home/group directories (*.mp3, etc), and the like. > > Anyone have something like that they want to share?? Michael, Please forgive my first response, but it was exactly that, my first response, which was to have a good chuckle. I've dealt with user account and disk space issues quite a bit, and I know what it's like to try to get people to police themselves on this issue. In my current university department, we use quotas for home directories, so it's less of a problem. But there are some problems, such as that faculty can get a quota increase upon request. A couple have home directories over a GB. Project space is a bit more of a problem since we don't use quotas there. But usually someone owns a particular disk, so it is in their self interest to deal with space problems when they arise. Occasionally there is a public area that requires some intervention. In my previous department (same univ.), we had no home dir. quotas, so intervention and monitoring were required. Sometimes this took the form of sending an email to the worst offenders alerting them to the problem and reminding them of what to do. We also had a couple of other more automated strategies: - a cron job ran a script nightly that would do a `du' on every home directory and track this information. Then another script would compare these results with the previous run, and would report on any significant changes. I could see whose usage had increased sharply, and respond accordingly. - another cron job ran nightly that would search through user (home dir, projects, etc) directories and compress files on certain criteria. The bigger the file was (there were various threshholds), the sooner it would be compressed if it hadn't been accessed recently. Smaller files could go longer without being affected. - many of our users used the SAS statistical package, and had very large data files. The compression process above would cause problems when they ran their SAS programs (a sort of script or JCL). So we also provided a front end script for SAS that could be run that would check for any data files that the job needed, and uncompress any that had become compressed. This helped keep their jobs from bombing out. If any of these sound useful to you, let me know and I'll see if I can get hold of them for you. As far as notices to users, I think I'd just write up some common sense announcement explaining what, why, etc. Of course some people would consistently and totally ignore such requests. I could try to dig one up if you want, but you probably need something appropriate for your site. Good luck, -Dan -- Daniel E. Singer, System Administrator Dept. of Computer Science, Duke University, Durham NC 27708 USA des@cs.duke.edu, www.cs.duke.edu/~des, (919)660-6577 From sage-members-owner@usenix.org Wed Feb 21 12:35:33 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LKWcf23237 for sage-members-outgoing; Wed, 21 Feb 2001 12:32:38 -0800 (PST) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LKWa923233 for ; Wed, 21 Feb 2001 12:32:36 -0800 (PST) Received: from pompano.cs.duke.edu (pompano.cs.duke.edu [152.3.140.228]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id PAA02763 for ; Wed, 21 Feb 2001 15:32:16 -0500 (EST) Received: from localhost (des@localhost) by pompano.cs.duke.edu (8.8.5/8.6.9) with ESMTP id PAA05348 for ; Wed, 21 Feb 2001 15:32:15 -0500 (EST) X-Authentication-Warning: pompano.cs.duke.edu: des owned process doing -bs Date: Wed, 21 Feb 2001 15:32:15 -0500 (EST) From: "Daniel E. Singer" To: sage-members@usenix.org Subject: Re: Disk cleanup advice for users In-Reply-To: <20010221104053.A28720@gerasimov.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, 21 Feb 2001, David Alban wrote: > You may want to take a look at the web page: > > squall.nascom.nasa.gov/cgi-bin/tsdis_scripts_interface?script=duchk,+dutree > > It describes two useful scripts that both sysadmins and users can use to > quickly highlight the areas of highest disk use in a directory tree > (without crossing filesystem boundaries). duchk will list information > for a single directory. dutree will list information for an entire > directory tree, where it be rooted at / or ~someuser/. Take a look > at the web page for sample output. > ... Forgot to mention in my previous message that I have a script similar to `duchk' and `dutree' (mentioned above); it's sort of like both of them combined into one (depending on how you specify the options). It is also very useful in alerting someone as to where their disk usage is concentrated. The script and man page (`duf' and `duf.man') are available at: ftp://ftp.cs.duke.edu/pub/des/scripts/ -Dan -- Daniel E. Singer, System Administrator Dept. of Computer Science, Duke University, Durham NC 27708 USA des@cs.duke.edu, www.cs.duke.edu/~des, (919)660-6577 From sage-members-owner@usenix.org Wed Feb 21 12:57:12 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LKr1X23388 for sage-members-outgoing; Wed, 21 Feb 2001 12:53:01 -0800 (PST) Received: from paladin.globnix.org (paladin.globnix.org [195.11.247.40]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LKr0923384 for ; Wed, 21 Feb 2001 12:53:00 -0800 (PST) Received: by paladin.globnix.org with local id 14VgFb-0007k1-00 for sage-members@usenix.org; Wed, 21 Feb 2001 20:52:39 +0000 Date: Wed, 21 Feb 2001 21:52:39 +0100 From: Phil Pennock To: sage-members@usenix.org Subject: Re: SAGE election results Message-ID: <20010221215239.A21169@globnix.org> Mail-Followup-To: sage-members@usenix.org References: <20010220135813.H17413@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from jrg@watching.org on Wed, Feb 21, 2001 at 02:02:56AM +0000 Organisation: Organisation? Here? No, over there ----> X-NIC-Handles: COCO-149560 COCO-456268 COCO-374186 (ignore PP8185) X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine and mine alone. Such views do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. X-Phase-of-Moon: The Moon is Waning Crescent (2% of Full) X-No-Archive: yes Sender: owner-sage-members@usenix.org Precedence: bulk On 2001-02-21 at 02:02 +0000, James R Grinter gifted us with: > Do we have figures for how many selected the first option (which was > the "print a ballot paper for mailing" - paraphrased, the wording was > much less clear than that) and then didn't mail one in? Do we have web-server logs indicating how many people got as far as they could, before stopping because their browser didn't implement JavaScript or cookies? I'm really uncomfortable with the hypocritical position I was in -- banning JavaScript because of security worries, getting it profiled to disabled (or whatever the terminology is) for the Windows users, and then enabling it myself so that I could vote. I did get the boss's permission first, so I wasn't ignoring the rules which I put in place, but it still felt very uncomfortable. I also had to open holes in Junkbuster. It was partway through this that I almost just abandoned the whole idea of voting. Then I decided that this approach would result in electoral bias against the wishes of those of us who hold out and typically still use browsers like 'w3m'. So I persevered. Are there any plans to improve the situation before the next elections? -- When I'm wrong, I change my mind. From sage-members-owner@usenix.org Wed Feb 21 13:18:02 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LLEux23603 for sage-members-outgoing; Wed, 21 Feb 2001 13:14:56 -0800 (PST) Received: from mcnc-mdm1-ex07.marriott.com (host036.marriott.com [162.130.1.36]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LLEt923599 for ; Wed, 21 Feb 2001 13:14:55 -0800 (PST) Received: from oberon.vacationclub.com ([172.16.24.79]) by mcnc-mdm1-ex07.marriott.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id FMNQZXK9; Wed, 21 Feb 2001 16:13:54 -0500 Received: (from boyd@localhost) by oberon.vacationclub.com (8.11.0/8.9.3) id f1LLDgT08333; Wed, 21 Feb 2001 16:13:42 -0500 (EST) (envelope-from Daniel.Boyd@vacationclub.com) Date: Wed, 21 Feb 2001 16:13:42 -0500 (EST) Message-Id: <200102212113.f1LLDgT08333@oberon.vacationclub.com> X-Authentication-Warning: oberon.vacationclub.com: boyd set sender to Daniel.Boyd@vacationclub.com using -f To: sage-members@usenix.org Subject: Re: Disk cleanup advice for users In-Reply-To: <20010221104053.A28720@gerasimov.net> References: <200102202102.OAA04204@schooner.aoc.nrao.edu> <200102202229.RAA00550@plhp049.comm.mot.com> <20010221104053.A28720@gerasimov.net> From: Daniel Boyd Reply-To: Daniel Boyd Sender: owner-sage-members@usenix.org Precedence: bulk David Alban writes: > You may want to take a look at the web page: > > squall.nascom.nasa.gov/cgi-bin/tsdis_scripts_interface?script=duchk,+dutree > > It describes two useful scripts that both sysadmins and users can use to > quickly highlight the areas of highest disk use in a directory tree > (without crossing filesystem boundaries). There is also the highly clever 'xdu' program, which functions as follows: du -x -k -a /home/user | xdu It reads the output of 'du' from stdin, and puts up a box like this: +-----------+----------+-----------+ | | | | | | | f1 (25) | | | | | | | a (50) +-----------+ | | | | | | | f2 (25) | | | | | | | +-----------+ | ./ (100) |----------+-----------+ | | | b1 (10) | | | +-----------+ | | | b2 (10) | | | b (40) +-----------+ | | | b3 (10) | | | +-----------+ | | | | | |----------+ | | | | +-----------+----------------------+ This is analogous to the following 'du' output: 25 ./a/f1 25 ./a/f2 50 ./a 10 ./b/b1 10 ./b/b2 10 ./b/b3 40 ./b 100 ./ You can see which big file is eating up all your space even if it's hidden several levels deep. You can also click on a directory and the drawing is re-done with that directory at the root of the hierarchy, so you can zero in on a certain area of the tree. Since 'xdu' just reads the data from stdin, you can provide whatever input to it you want, as long as you make it resemble the output of 'du'. For instance, I've got some scripts that show my Informix space usage in 'du' format, so you can tell which Informix database is sucking up all the space in chunk05, etc. 'xdu' is available as part of the FreeBSD ports collection, and probably elsewhere as well. -- Daniel F. Boyd, UNIX System Administrator, Marriott Vacation Club 1200 US 98 South, Suite 23 / Lakeland FL 33801 / 863-688-7700 x4875 From sage-members-owner@usenix.org Wed Feb 21 13:29:24 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LLQ9M23677 for sage-members-outgoing; Wed, 21 Feb 2001 13:26:09 -0800 (PST) Received: from gwyn.tux.org (ident-user@gwyn.tux.org [207.96.122.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LLQ8923673 for ; Wed, 21 Feb 2001 13:26:08 -0800 (PST) Received: (from jsdy@localhost) by gwyn.tux.org (8.9.3/8.9.1) id QAA00650; Wed, 21 Feb 2001 16:25:49 -0500 Date: Wed, 21 Feb 2001 16:25:49 -0500 From: Joseph S D Yao To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Password History Message-ID: <20010221162549.J10061@gwyn.tux.org> References: <26928.982770610@biber> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <26928.982770610@biber>; from bergman@panix.com on Wed, Feb 21, 2001 at 10:50:10AM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Feb 21, 2001 at 10:50:10AM -0500, bergman@panix.com wrote: > In your message dated: Tue, 20 Feb 2001 21:23:27 CST, > your pithy ruminations on were: > => -----BEGIN PGP SIGNED MESSAGE----- > => > => On Tue, 20 Feb 2001, Joseph S D Yao wrote: > => > > => > => IIRC, the old pink Programming Perl book (it doesn't cover Perl 5) has an > => example passwd program replacement that illustrates how to quality check a > => password as well as check for minimal changes only from the last password. Watch those nested attributions. I did not say that, but was responding to a message containing that. ;-> -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/ From sage-members-owner@usenix.org Wed Feb 21 14:26:49 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LMMmg24148 for sage-members-outgoing; Wed, 21 Feb 2001 14:22:48 -0800 (PST) Received: from mdahub.mda.ca (mdahub.mda.ca [142.73.130.152]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LMMk924144 for ; Wed, 21 Feb 2001 14:22:46 -0800 (PST) Received: from msxyvr1.mda.ca (exchange [142.73.131.48]) by mdahub.mda.ca (8.9.2/8.9.2) with ESMTP id OAA28703; Wed, 21 Feb 2001 14:22:13 -0800 (PST) Received: by exchange.mda.ca with Internet Mail Service (5.5.2653.19) id ; Wed, 21 Feb 2001 14:22:13 -0800 Message-ID: From: John LLOYD To: sage-members@usenix.org.sage-members@usenix.org Subject: RE: Disk cleanup advice for users Date: Wed, 21 Feb 2001 14:22:10 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk > I am in the process of putting something together to send to our user > community to have them cleanup their home directories and > group directories > of unnecessary files. I was hoping that prehaps someone has > already done so, > and I could take advantage of this. I've gone over my admin > resources (books > and confrence proceedings) and don't seen anything that fits the bill. Some of the best practises we found (after many years of experience, trials, and head-banging-on-wall) were: 1) e-mail a list to the 5 to 20 top users on a disk--- name names. Put storage use, and their ranking. Nothing gets a disk emptier than other people complaining directly to co-workers that they are getting in the way of real work getting done. Note: do not distribute the whole list to everybody. Just the top 5 or 20. "Size peers" in other words. 2) relocate "big disk users" to their own disks. This means putting the 5, 20, or 2(!) big disk users together. They will know who they are (from messages like 1) above) and will manage the space appropriately. 3) buy more disk but only for planned use---reward people who predict large usage, and give it back when done, and who are good at asking soon enough (three weeks in advance, for instance). This strategy requires management support. 4) measure all usage and sort by descending size. Look at this list and measure the median, average, and 80 percentile (or just estimate it by printing it out and measuring the printout thickness). You will come to understand that 80% of your storage is only 20% of your users---concentrate on understanding their needs, and then try to meet them. Remember that only one of their needs is understanding "rm". Expect 20% to 30% to be operating system overhead, including empty space. This will make you somewhere around #3 or #5 on the list (of used space). Have your arguments ready to defend this excessive disk usage. 5) Educate your users about your backup systems. Some will keep stuff online just in case of an accident. If you provide a reliable file restore method they will be more comfortable deleting stuff you think is temporary and they think is important. 6) Consider adding an "archiving" system, that keeps files offline but retrievable. Sometimes a few users may find this useful. Alternatively, show them how to use tar and a tape drive. Don't expect more than 10% of users to adopt this. 7) For users engaged in "business processes", for example a technical illustrator generating/updating files all day, or a developer, or secretary managing correspondance, or engineer updating documents, find out what the life cycle of their documents should be, and help automate the "disposal" at end-of-life. Many processes involve intermediate versions of documents that could be reliably deleted, if only somebody knew when. If most files are process-oriented, "archiving" as in 6) above could be very useful. 8) Seagates' phone number is 1-877-271-3285 John From sage-members-owner@usenix.org Wed Feb 21 14:35:38 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LMVR724263 for sage-members-outgoing; Wed, 21 Feb 2001 14:31:27 -0800 (PST) Received: from amazon.ssec.wisc.edu (amazon.ssec.wisc.edu [144.92.118.101]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LMVQ924259 for ; Wed, 21 Feb 2001 14:31:26 -0800 (PST) Received: from amazon.ssec.wisc.edu (localhost.localdomain [127.0.0.1]) by amazon.ssec.wisc.edu (8.10.2/8.10.2) with ESMTP id f1LMS5P19160; Wed, 21 Feb 2001 16:28:05 -0600 Message-Id: <200102212228.f1LMS5P19160@amazon.ssec.wisc.edu> To: sage-members@usenix.org cc: barnet@amazon.ssec.wisc.edu Subject: Re: Disk cleanup advice for users In-Reply-To: Your message of "Tue, 20 Feb 2001 23:58:40 EST." Date: Wed, 21 Feb 2001 16:28:05 -0600 From: "Steve Barnet" Sender: owner-sage-members@usenix.org Precedence: bulk I'm sure that Daniel's response struck home for many of us floating around on this list. So in the interest of furthering discussion, I will attempt to elaborate a bit. I have run into this particular trap in a number of forms over the past few years. The trap is: if only people would clean up their various directories we would have plenty of disk space (backup capacity, whatever). However, the facts are these: 1) Old tasks are being pushed onto electronic systems 2) New tasks are being created every day 3) Complexity of tasks is increasing 4) File sizes are increasing 5) Disk is cheap 6) Labor is expensive Items 1-3 reflect the old adage "Disks only come in one size: too small." The real point is that the amount of stuff stored on disk is constantly increasing. Couple that with 5 and 6 and it seems like the best you can do is calculate the growth rate for planning purposes. Asking users to remove unneeded files can buy you a few months to add capacity, but ultimately you'll end up adding anyway. So it goes. Best, ---Steve > From: "Daniel E. Singer" > On Tue, 20 Feb 2001, Michael Rogero Brown wrote: > > > I am in the process of putting something together to send to our user > > community to have them cleanup their home directories and group directori > es > > of unnecessary files. .... > > HAR HAR HAR HAR HAR! (ROTFL) :-O > > > Ahem, sorry, couldn't restrain myself. > > > > :) From sage-members-owner@usenix.org Wed Feb 21 15:30:40 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LNQwY24801 for sage-members-outgoing; Wed, 21 Feb 2001 15:26:58 -0800 (PST) Received: from bantha.org (postfix@208.241.154-dsl-117.ntrnet.net [208.241.154.117]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LNQu924797 for ; Wed, 21 Feb 2001 15:26:56 -0800 (PST) Received: by bantha.org (Postfix, from userid 1014) id 6F56966BC2; Wed, 21 Feb 2001 18:26:35 -0500 (EST) Date: Wed, 21 Feb 2001 18:26:35 -0500 From: Chris Palmer To: sage-members@usenix.org Subject: Re: SAGE election results Message-ID: <20010221182635.B48216@azuen.net> Mail-Followup-To: sage-members@usenix.org References: <20010221102852.B43554@azuen.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from asilva@cis.net on Wed, Feb 21, 2001 at 12:06:42PM -0600 Sender: owner-sage-members@usenix.org Precedence: bulk On 21/02/01, Andy Silva wrote: > > SAGE needs to create ways in which members both are > > able to and want to be involved with the organization on a regular > > basis, and just how that's to be done is a big question for the > > new Board as they split off from USENIX. > > A couple of points here to keep in mind. First, the exec committee is > just seven people. While many of us have experiences that show that a > smaller group of people working together can usually accomplish things at > a faster pace than a larger group of people, these seven people have many > responsibilities in a volunteer capacity and probably will be unable to > 'create' ways in which members want to be involved. What they can do is > take input from members on ways they would like to be involved and promote > those efforts by spawning off sub-committees, but don't look to these > folks to wave a magic wand and make you want to be involved with SAGE. But I didn't say that the SAGE *board* needs to create these ways to be involved. I said *SAGE* needs to do it. The direction and leadership comes from the board, and they'll certainly be the chief prodders and pokers to get something rolling, but overall it's the organization as a whole, not just those seven people, which is facing the challenge. It's somewhat indicative that many people's first instinct is to equate SAGE with the exec board. If SAGE was a more widely participatory organization then the difference between the two would be much clearer in the subconscious, as it were. Right now I don't see a clear concept of what SAGE is outside the exec board, but I think the cert committee, love or hate its purpose, is a good start towards developing one. I also see that as a point in favor of the Usenix split, but that's a topic I'm going to stay away from. -Chris -- -- Chris Palmer 135 Rollstone Road Fitchburg, MA 01420 From sage-members-owner@usenix.org Wed Feb 21 15:33:04 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1LNUBI24825 for sage-members-outgoing; Wed, 21 Feb 2001 15:30:11 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1LNU9924821 for ; Wed, 21 Feb 2001 15:30:10 -0800 (PST) Received: from [10.0.1.2] (dialup1801.brussels.skynet.be [194.78.235.9] (may be forged)) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.10) with ESMTP id f1LNTkq07439; Thu, 22 Feb 2001 00:29:47 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20010221104053.A28720@gerasimov.net> References: <200102202102.OAA04204@schooner.aoc.nrao.edu> <200102202229.RAA00550@plhp049.comm.mot.com> <20010221104053.A28720@gerasimov.net> Date: Wed, 21 Feb 2001 23:47:29 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Disk cleanup advice for users Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 10:40 AM -0800 2/21/01, David Alban wrote: > It describes two useful scripts that both sysadmins and users can use to > quickly highlight the areas of highest disk use in a directory tree > (without crossing filesystem boundaries). duchk will list information > for a single directory. dutree will list information for an entire > directory tree, where it be rooted at / or ~someuser/. Take a look > at the web page for sample output. Uh, how is this different from "cd $DIR; du -sk | sort -nr"? > Also on the referenced web page is a template I used to compose email > messages for when I needed users to police their own disk space. It > showed them how to use duchk and dutree to quickly get the needed > information. For users who were particularly greedy of disk, I would > actually run dutree on their $HOME and email them the results. The > results were very positive. Many years ago, when I attended the University of Oklahoma as a student, one of the things they used to do was to post a list of the "Top Ten Disk Hogs" every month on a public bulletin board, and to embarass them into action. -- ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Wed Feb 21 16:24:22 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1M0LK525294 for sage-members-outgoing; Wed, 21 Feb 2001 16:21:20 -0800 (PST) Received: from mdahub.mda.ca (mdahub.mda.ca [142.73.130.152]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1M0LH925288 for ; Wed, 21 Feb 2001 16:21:18 -0800 (PST) Received: from msxyvr1.mda.ca (exchange [142.73.131.48]) by mdahub.mda.ca (8.9.2/8.9.2) with ESMTP id QAA12068 for ; Wed, 21 Feb 2001 16:20:57 -0800 (PST) Received: by exchange.mda.ca with Internet Mail Service (5.5.2653.19) id ; Wed, 21 Feb 2001 16:20:57 -0800 Message-ID: From: John LLOYD To: sage-members@usenix.org Subject: RE: Disk cleanup advice for users Date: Wed, 21 Feb 2001 16:20:56 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk Another quickie tool is this little "top 5 subdirectories" alias I use --- in a couple of trials you can drill down to the right place.... alias du5 "du -k | nawk -F / ' {if (NF==2) print }' | sort -n | tail -5r" It generates the top five subdirectories for disk space in descending order. It helps if you are already on the trail -- using it from root tends to be a little slow. ---John > -----Original Message----- > From: Daniel Boyd [mailto:Daniel.Boyd@vacationclub.com] > Sent: February 21, 2001 1:14 PM > To: sage-members@usenix.org > Subject: Re: Disk cleanup advice for users > > > David Alban writes: > > You may want to take a look at the web page: > > > > > squall.nascom.nasa.gov/cgi-bin/tsdis_scripts_interface?script= > duchk,+dutree > > > > It describes two useful scripts that both sysadmins and > users can use to > > quickly highlight the areas of highest disk use in a directory tree > > (without crossing filesystem boundaries). > > There is also the highly clever 'xdu' program, which functions as > follows: > > du -x -k -a /home/user | xdu > > It reads the output of 'du' from stdin, and puts up a box like this: > > > +-----------+----------+-----------+ > | | | | > | | | f1 (25) | > | | | | > | | a (50) +-----------+ > | | | | > | | | f2 (25) | > | | | | > | | +-----------+ > | ./ (100) |----------+-----------+ > | | | b1 (10) | > | | +-----------+ > | | | b2 (10) | > | | b (40) +-----------+ > | | | b3 (10) | > | | +-----------+ > | | | | > | |----------+ | > | | | > +-----------+----------------------+ > > > This is analogous to the following 'du' output: > > 25 ./a/f1 > 25 ./a/f2 > 50 ./a > 10 ./b/b1 > 10 ./b/b2 > 10 ./b/b3 > 40 ./b > 100 ./ > > You can see which big file is eating up all your space even if it's > hidden several levels deep. You can also click on a directory and the > drawing is re-done with that directory at the root of the hierarchy, > so you can zero in on a certain area of the tree. > > Since 'xdu' just reads the data from stdin, you can provide whatever > input to it you want, as long as you make it resemble the output of > 'du'. For instance, I've got some scripts that show my Informix > space usage in 'du' format, so you can tell which Informix database is > sucking up all the space in chunk05, etc. > > 'xdu' is available as part of the FreeBSD ports collection, and > probably elsewhere as well. > > -- > Daniel F. Boyd, UNIX System Administrator, Marriott Vacation Club > 1200 US 98 South, Suite 23 / Lakeland FL 33801 / 863-688-7700 x4875 > From sage-members-owner@usenix.org Wed Feb 21 16:25:13 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1M0MPs25302 for sage-members-outgoing; Wed, 21 Feb 2001 16:22:25 -0800 (PST) Received: from gerasimov.net ([209.143.70.130]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1M0MM925298 for ; Wed, 21 Feb 2001 16:22:22 -0800 (PST) Received: (from alban@localhost) by gerasimov.net (8.9.3/8.9.3) id TAA31748 for sage-members@usenix.org; Wed, 21 Feb 2001 19:20:45 -0500 Date: Wed, 21 Feb 2001 16:20:45 -0800 From: David Alban To: sage-members@usenix.org Subject: Re: Disk cleanup advice for users Message-ID: <20010221162045.A31227@gerasimov.net> References: <200102202102.OAA04204@schooner.aoc.nrao.edu> <200102202229.RAA00550@plhp049.comm.mot.com> <20010221104053.A28720@gerasimov.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4us In-Reply-To: ; from Brad Knowles on Wed, Feb 21, 2001 at 11:47:29PM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk Brad, At 2001/02/21/23:47 +0100 Brad Knowles wrote: > At 10:40 AM -0800 2/21/01, David Alban wrote: > > > It describes two useful scripts that both sysadmins and users can use to > > quickly highlight the areas of highest disk use in a directory tree > > (without crossing filesystem boundaries). duchk will list information > > for a single directory. dutree will list information for an entire > > directory tree, where it be rooted at / or ~someuser/. Take a look > > at the web page for sample output. > > Uh, how is this different from "cd $DIR; du -sk | sort -nr"? One difference: when a filesystem is filling up, it's not a disk that you're worried about. Other partitions on the disk could be just fine. It's a particular *filesystem* in which you're gasping for space. duchk and dutree don't cross filesystems. Executing the above command will give incorrect information if there are active mount points in the $DIR tree at any level. Also, a nice-to-have (albeit very minor) difference: they list directories with trailing slashes, files without. :-) And symlinks aren't listed unless you specify that you want them listed. A major difference: check out the dutree output at the bottom of this message. You just can't get this with du -sk and sort. At every level of indentation you have information listed from the most usage to the least. And (in the example below) only the root filesystem is being used to generate statistics. Also, dutree has a size threshold (default 5120 kbytes). Files and directories with disk usages less than this threshold will not be listed in (clutter up) output. You can, of course specify whatever is your preferred threshold on the command line. > Many years ago, when I attended the University of Oklahoma as a > student, one of the things they used to do was to post a list of the > "Top Ten Disk Hogs" every month on a public bulletin board, and to > embarass them into action. My experience was that you get better results when you make freeing disk space as easy as possible for them. I had great results that way. There was a guy we couldn't get to work with us. He wasn't a bad guy, just too busy I guess. We gave him is own filesystem ('cause at the time, we could :-). When he filled it, he *had* to start policing his own disk space. :-) YMMV, David P.S. I've put a duchk and dutree tarball at: http://www.gerasimov.net/~alban/duchk-and-dutree.tar.gz See for usage, explanation, examples: http://squall.nascom.nasa.gov/cgi-bin/tsdis_scripts_interface?script=duchk,+dutree P.P.S. In the output below, notice the line: duchk: /home/alban/tsdis02: active mount point buried within the output. :-) $ dutree / dutree: smallest size displayed: 5120 kbytes dutree: units are kbytes dutree: building mount point table dutree: mount point table done duchk: /hw: active mount point duchk: /proc: active mount point 1448552 /usr/ 297928 /usr/lib/ 29144 /usr/lib/internal/ 19080 /usr/lib/X11/ 6364 /usr/lib/X11/fonts/ 18848 /usr/lib/libpfdb/ 14364 /usr/lib/Insight/ 9300 /usr/lib/Insight/data/ 5820 /usr/lib/Insight/data/cgmfonts/ 12308 /usr/lib/dmedia/ 5244 /usr/lib/dmedia/imageconverters/ 8216 /usr/lib/filetype/ 8144 /usr/lib/libcomplib.sgimath_mp.a 8020 /usr/lib/libcomplib.sgimath.a 7612 /usr/lib/libpf_ogl.so.4 7448 /usr/lib/libpf_igl.so.4 6836 /usr/lib/libInventor.so.2 6592 /usr/lib/libshowcase3d.so 6368 /usr/lib/DPS/ 5700 /usr/lib/libmbase.so 5688 /usr/lib/libcomplib.sgimath_mp.so 5584 /usr/lib/libcomplib.sgimath.so 293896 /usr/share/ 159708 /usr/share/Insight/ 159696 /usr/share/Insight/library/ 159696 /usr/share/Insight/library/SGI_bookshelves/ 84440 /usr/share/Insight/library/SGI_bookshelves/SGI_Developer/ 82992 /usr/share/Insight/library/SGI_bookshelves/SGI_Developer/books/ 7876 /usr/share/Insight/library/SGI_bookshelves/SGI_Developer/books/OpenGL_PG/ 5544 /usr/share/Insight/library/SGI_bookshelves/SGI_Developer/books/OpenGL_PG/figures/ 7828 /usr/share/Insight/library/SGI_bookshelves/SGI_Developer/books/Motif_SG/ 6456 /usr/share/Insight/library/SGI_bookshelves/SGI_Developer/books/Motif_SG/figures/ 7424 /usr/share/Insight/library/SGI_bookshelves/SGI_Developer/books/DevDriver_PG/ 5248 /usr/share/Insight/library/SGI_bookshelves/SGI_Developer/books/UI_Glines/ 28580 /usr/share/Insight/library/SGI_bookshelves/SGI_EndUser/ 28336 /usr/share/Insight/library/SGI_bookshelves/SGI_EndUser/books/ 8208 /usr/share/Insight/library/SGI_bookshelves/SGI_EndUser/books/O2_OG/ 5160 /usr/share/Insight/library/SGI_bookshelves/SGI_EndUser/books/O2_OG/html/ 7384 /usr/share/Insight/library/SGI_bookshelves/SGI_EndUser/books/MediaTls_UG/ 22384 /usr/share/Insight/library/SGI_bookshelves/SGI_Admin/ 22052 /usr/share/Insight/library/SGI_bookshelves/SGI_Admin/books/ 13984 /usr/share/Insight/library/SGI_bookshelves/Help/ 13864 /usr/share/Insight/library/SGI_bookshelves/Help/books/ 5832 /usr/share/Insight/library/SGI_bookshelves/Help/books/CosmoCreate_UG/ 10308 /usr/share/Insight/library/SGI_bookshelves/SGIindex/ 8948 /usr/share/Insight/library/SGI_bookshelves/SGIindex/bks.inv 59188 /usr/share/catman/ 24828 /usr/share/catman/p_man/ 11612 /usr/share/catman/p_man/cat3/ 6216 /usr/share/catman/p_man/cat3/complib/ 14448 /usr/share/catman/SGIindex/ 10612 /usr/share/catman/SGIindex/man.inv 10968 /usr/share/catman/u_man/ 7984 /usr/share/catman/u_man/cat1/ 52172 /usr/share/data/ 44228 /usr/share/data/sounds/ 29736 /usr/share/data/sounds/synth/ 29028 /usr/share/data/sounds/synth/soundfiles/ 26188 /usr/share/data/sounds/synth/soundfiles/GeneralMIDI_SoundSetLevel1/ 11100 /usr/share/data/sounds/prosonus/ 8244 /usr/share/lib/ 7552 /usr/share/lib/perl5/ 6088 /usr/share/Performer/ 6088 /usr/share/Performer/data/ 6084 /usr/share/Performer/data/town/ 269052 /usr/lib32/ 83612 /usr/lib32/mips4/ 17708 /usr/lib32/mips4/libcomplib.sgimath_mp.a 17376 /usr/lib32/mips4/libcomplib.sgimath.a 12764 /usr/lib32/mips4/libcomplib.sgimath_mp.so 12496 /usr/lib32/mips4/libcomplib.sgimath.so 6888 /usr/lib32/mips4/dmedia/ 23912 /usr/lib32/libpfdb/ 6900 /usr/lib32/libpfdb/libpfwrl_ogl.so.4 6900 /usr/lib32/libpfdb/libpfwrl_igl.so.4 23760 /usr/lib32/cmplrs/ 5164 /usr/lib32/cmplrs/lno.so 23220 /usr/lib32/mips3/ 6780 /usr/lib32/mips3/dmedia/ 11624 /usr/lib32/internal/ 7168 /usr/lib32/libpf_ogl.so.4 6992 /usr/lib32/libpf_igl.so.4 6896 /usr/lib32/libil.so.3 5564 /usr/lib32/dmedia/ 99680 /usr/demos/ 44132 /usr/demos/General_Demos/ 14116 /usr/demos/General_Demos/CyberAstronomy/ 14040 /usr/demos/General_Demos/CyberAstronomy/data/ 10084 /usr/demos/General_Demos/CyberAstronomy/data/Sounds/ 5224 /usr/demos/General_Demos/amesh/ 34628 /usr/demos/O2/ 23256 /usr/demos/O2/roam/ 22984 /usr/demos/O2/roam/images/ 16388 /usr/demos/O2/roam/images/berlin4k.tif 7248 /usr/demos/O2/chromeskins/ 7188 /usr/demos/O2/chromeskins/data/ 11984 /usr/demos/WorkShopMPF/ 11744 /usr/demos/WorkShopMPF/linpack/ 11712 /usr/demos/WorkShopMPF/linpack/test.linpack.cpu/ 6204 /usr/demos/WorkShopMPF/linpack/test.linpack.cpu/libc.so.1_Instr 5504 /usr/demos/Demo_Interfaces/ 89644 /usr/local/ 24792 /usr/local/communicator-v45.mips-sgi-irix6.2/ 15596 /usr/local/communicator-v45.mips-sgi-irix6.2/netscape 17256 /usr/local/bin/ 16456 /usr/local/xlockmore-4.11/ 9752 /usr/local/xlockmore-4.11/modes/ 16336 /usr/local/ssh-1.2.26/ 8096 /usr/local/ssh-1.2.26/gmp-2.0.2-ssh-2/ 62880 /usr/sbin/ 9348 /usr/sbin/AliasToIv 53900 /usr/freeware/ 21304 /usr/freeware/src/ 5476 /usr/freeware/src/xfig/ 15828 /usr/freeware/lib/ 11228 /usr/freeware/lib/gcc-lib/ 11228 /usr/freeware/lib/gcc-lib/mips-sgi-irix6.2/ 11228 /usr/freeware/lib/gcc-lib/mips-sgi-irix6.2/2.8.1/ 9588 /usr/freeware/bin/ 53052 /usr/WorkShop/ 53052 /usr/WorkShop/usr/ 36368 /usr/WorkShop/usr/lib/ 32680 /usr/WorkShop/usr/lib/WorkShop/ 9304 /usr/WorkShop/usr/lib/WorkShop/Motif/ 16144 /usr/WorkShop/usr/sbin/ 33076 /usr/cpu/ 32656 /usr/cpu/sysgen/ 21112 /usr/cpu/sysgen/root/ 21112 /usr/cpu/sysgen/root/usr/ 19628 /usr/cpu/sysgen/root/usr/lib32/ 19628 /usr/cpu/sysgen/root/usr/lib32/cmplrs/ 5164 /usr/cpu/sysgen/root/usr/lib32/cmplrs/lno.so 11544 /usr/cpu/sysgen/IP32boot/ 29640 /usr/java/ 18112 /usr/java/lib32/ 18112 /usr/java/lib32/sgi/ 9148 /usr/java/lib32/sgi/green_threads/ 8964 /usr/java/lib32/sgi/native_threads/ 8028 /usr/java/webdocs/ 7848 /usr/java/webdocs/api/ 22588 /usr/bin/ 9824 /usr/bin/X11/ 19992 /usr/ns-home/ 14068 /usr/ns-home/bin/ 10848 /usr/ns-home/bin/httpd/ 8920 /usr/ns-home/bin/httpd/admin/ 17604 /usr/include/ 5384 /usr/include/sys/ 12440 /usr/lib64/ 12292 /usr/gfx/ 10828 /usr/gfx/arch/ 12240 /usr/sysadm/ 6096 /usr/sysadm/taskdso/ 9380 /usr/adobe/ 9380 /usr/adobe/Acrobat3.0/ 8884 /usr/adobe/Acrobat3.0/Reader/ 7324 /usr/adobe/Acrobat3.0/Reader/mipsirix/ 8340 /usr/etc/ 7936 /usr/Motif-1.2/ 7052 /usr/sgitcl/ 7008 /usr/sgitcl/lib/ 5924 /usr/SpeedShop/ 5924 /usr/SpeedShop/usr/ 95968 /home/ 95900 /home/alban/ duchk: /home/alban/tsdis02: active mount point 44260 /home/alban/.netscape/ 42036 /home/alban/.netscape/cache/ 36604 /home/alban/.netscape/cache/04/ 36404 /home/alban/.netscape/cache/04/cache36D45AA4080056D 7100 /home/alban/junk.linux-2.0.36.tar.gz 64720 /var/ 26032 /var/netscape/ 26032 /var/netscape/communicator/ 12812 /var/netscape/communicator/netscape 6124 /var/netscape/communicator/java/ 6124 /var/netscape/communicator/java/classes/ 11420 /var/www/ 11096 /var/www/htdocs/ 5720 /var/www/htdocs/WhatsNew/ 7868 /var/tmp/ 7092 /var/tmp/tardista00JO5/ 5868 /var/inst/ 7044 /unix 5224 /sbin/ -- Live in a world of your own, but always welcome visitors. http://www.gerasimov.net/~alban/trt/resume.html From sage-members-owner@usenix.org Wed Feb 21 17:51:12 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1M1hWn25911 for sage-members-outgoing; Wed, 21 Feb 2001 17:43:32 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1M1hT925907 for ; Wed, 21 Feb 2001 17:43:29 -0800 (PST) Received: from [10.0.1.2] (dialup88.brussels.skynet.be [195.238.19.88] (may be forged)) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.10) with ESMTP id f1M1h6q06299; Thu, 22 Feb 2001 02:43:07 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20010221215239.A21169@globnix.org> References: <20010220135813.H17413@redhat.com> <20010221215239.A21169@globnix.org> Date: Thu, 22 Feb 2001 02:39:05 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: SAGE election results Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 9:52 PM +0100 2/21/01, Phil Pennock wrote: > Do we have web-server logs indicating how many people got as far as they > could, before stopping because their browser didn't implement JavaScript > or cookies? Websites requiring the use of cookies, JavaScript, or Java is a really big sore point with me. Most sites like this I just permanently write off, never to bother surfing them again -- unfortunately, there are some sites where I can't really do that. IMO, there is absolutely nothing whatsoever that is truly useful that *requires* the use of any of these tools. There are other ways to do these things (including server-side CGI or applets) that can be used, and with the bonus that the site is more functional and available for everyone, regardless of the type of browser they have. That said, I did re-enable JavaScript just long enough to vote, and am happy to say that many of the people I voted for were elected. -- ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Wed Feb 21 22:33:28 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1M6SM427004 for sage-members-outgoing; Wed, 21 Feb 2001 22:28:22 -0800 (PST) Received: from smtpsrv0.isis.unc.edu (smtpsrv0.isis.unc.edu [152.2.1.139]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1M6SK927000 for ; Wed, 21 Feb 2001 22:28:20 -0800 (PST) Received: from login0.isis.unc.edu (harris@login0.isis.unc.edu [152.2.1.97]) by smtpsrv0.isis.unc.edu (8.9.3/8.9.1) with ESMTP id BAA28439; Thu, 22 Feb 2001 01:28:01 -0500 (EST) Received: (from harris@localhost) by login0.isis.unc.edu (AIX4.3/8.9.3/8.9.3) id BAA73842; Thu, 22 Feb 2001 01:28:00 -0500 Date: Thu, 22 Feb 2001 01:27:58 -0500 (EST) From: Trey Harris X-Sender: harris@login0.isis.unc.edu To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: SAGE election results In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Thu, 22 Feb 2001, Brad Knowles wrote: > IMO, there is absolutely nothing whatsoever that is truly useful > that *requires* the use of any of these tools. There are other ways > to do these things (including server-side CGI or applets) that can be > used, and with the bonus that the site is more functional and > available for everyone, regardless of the type of browser they have. I had nothing whatsoever to do with the election (other than being one of the names on the ballot, and testing the website a couple of days before it went live), so I can't give a definitive answer, but my understanding from snatches of conversation here and there is that SAGE asked for an electronic ballot that would require "no active content", or words to that effect, but that was misinterpreted to mean only Java and Flash, not JavaScript. By the time we saw a prototype, it was too late to remove the JavaScript. Trey From sage-members-owner@usenix.org Thu Feb 22 00:22:29 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1M8ISZ27235 for sage-members-outgoing; Thu, 22 Feb 2001 00:18:28 -0800 (PST) Received: from relay.cs.tcd.ie (root@relay.cs.tcd.ie [134.226.32.56]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1M8IQ927231 for ; Thu, 22 Feb 2001 00:18:26 -0800 (PST) Received: from wilde.cs.tcd.ie (mknell@wilde.cs.tcd.ie [134.226.32.55]) by relay.cs.tcd.ie (8.9.1a/8.9.1) with ESMTP id IAA01314; Thu, 22 Feb 2001 08:17:57 GMT Message-Id: <200102220817.IAA01314@relay.cs.tcd.ie> To: sage-members@usenix.org From: Mike Knell cc: sage-members@usenix.org Subject: Re: 2^32 stupid things smart admins do to screw up their systems In-reply-to: Your message of "Tue, 20 Feb 2001 15:37:47 PST." Date: Thu, 22 Feb 2001 08:17:56 +0000 Sender: owner-sage-members@usenix.org Precedence: bulk Benjy said: > What are some common administration practices that are silly, ill-advised, > or just plain wrong? The cardinal sin that springs to mind here can be expressed in two words: Permitting Entropy. Taking too many defaults during software installations without looking at where stuff's going, ignoring on a nightly basis that mail cron sent you about problems with log rotation, not taking an occasional look inside /usr/local to find out what the hell's going on there, "oh, there seems to be an unidentifiable problem, I'll reboot the machine and see if it goes away", not stopping to think briefly about the best place to run this new service from, adding extra stuff to check for exceptions by just hanging yet another script on the side of a system that really needs scrapping and rewriting from scratch.. This is the kind of stuff that leads to entropy, and too much entropy starts systems on the long slide down towards looming unmanageability. At this point, system administration moves from being the relaxing, ever-fulfilling joy we all know it to be (yeah, right) to crisis management when various bits start falling off, smelling bad, or just stop working altogether. Of course, most sysadmins are kind of interrupt-driven and overworked, which means that sitting down and spending more than, say, 20-25 minutes on one thing is almost impossible as the next phone call / user sticking head round door / "terribly urgent" help request always interrupts and getting back to doing what you were doing before can be kind of difficult. How many people have directories half full of really useful little scripts that aren't _quite_ finished yet? So on the whole, entropy isn't necessarily the fault of the sysadmin. Still worth avoiding when you can help it, though. Hum. This is maybe management practices that should be avoided (letting your sysadmins get interrupted too often) rather than systems admin practices that should be avoided. Oh well. m. -- Computer Science System Administrator, Trinity College, Dublin, Ireland mike.knell@cs.tcd.ie -=- http://www.cs.tcd.ie/Mike.Knell/ From sage-members-owner@usenix.org Thu Feb 22 02:08:49 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MA51227416 for sage-members-outgoing; Thu, 22 Feb 2001 02:05:01 -0800 (PST) Received: from relay.cs.tcd.ie (root@relay.cs.tcd.ie [134.226.32.56]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1MA4x927412 for ; Thu, 22 Feb 2001 02:04:59 -0800 (PST) Received: from little.cs.tcd.ie (IDENT:root@little.cs.tcd.ie [134.226.38.59]) by relay.cs.tcd.ie (8.9.1a/8.9.1) with ESMTP id KAA06989; Thu, 22 Feb 2001 10:04:34 GMT Received: from little.cs.tcd.ie (IDENT:mknell@localhost [127.0.0.1]) by little.cs.tcd.ie (8.10.1/8.10.1) with ESMTP id f1MA4YE22874; Thu, 22 Feb 2001 10:04:34 GMT Message-Id: <200102221004.f1MA4YE22874@little.cs.tcd.ie> To: sage-members@usenix.org From: Mike Knell cc: sage-members@usenix.org Subject: Re: 2^32 stupid things smart admins do to screw up their systems In-reply-to: Your message of "Tue, 20 Feb 2001 15:37:47 PST." Date: Thu, 22 Feb 2001 10:04:33 +0000 Sender: owner-sage-members@usenix.org Precedence: bulk > What are some common administration practices that are silly, ill-advised, > or just plain wrong? Sorry for following up twice, but this one just sprung to mind in connection with the "keeping your passwords safe" thing: Telnetting into a general user access host and then using ssh from there to connect to other machines which have telnet turned off for the usual very good reasons. Oh, and going root over that link as well. m. -- Computer Science System Administrator, Trinity College, Dublin, Ireland mike.knell@cs.tcd.ie -=- http://www.cs.tcd.ie/Mike.Knell/ From sage-members-owner@usenix.org Thu Feb 22 04:37:53 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MCY7a27731 for sage-members-outgoing; Thu, 22 Feb 2001 04:34:07 -0800 (PST) Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1MCY5927727 for ; Thu, 22 Feb 2001 04:34:05 -0800 (PST) Received: from [10.0.1.2] (dialup1237.brussels.skynet.be [194.78.232.213] (may be forged)) by picard.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.10) with ESMTP id f1MCXZo13602; Thu, 22 Feb 2001 13:33:35 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20010221162045.A31227@gerasimov.net> References: <200102202102.OAA04204@schooner.aoc.nrao.edu> <200102202229.RAA00550@plhp049.comm.mot.com> <20010221104053.A28720@gerasimov.net> <20010221162045.A31227@gerasimov.net> Date: Thu, 22 Feb 2001 13:28:46 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Disk cleanup advice for users Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 4:20 PM -0800 2/21/01, David Alban wrote: >> Uh, how is this different from "cd $DIR; du -sk | sort -nr"? > > One difference: when a filesystem is filling up, it's not a disk that > you're worried about. Other partitions on the disk could be just > fine. It's a particular *filesystem* in which you're gasping for > space. Okay, so use "du -sxk" instead. > A major difference: check out the dutree output at the bottom of this > message. You just can't get this with du -sk and sort. At every > level of indentation you have information listed from the most usage > to the least. And (in the example below) only the root filesystem is > being used to generate statistics. Sorry, I prefer the output of "du -sxk" instead. Yes, this intermingles everything so that you could get the value of a subdirectory sorted higher than the value of a directory at a level higher in the filesystem, but I think that this is good -- if /usr/local/src/bind is larger than /usr/local/etc, then there is less probability of my being able to get significant amounts of disk space back by concentrating on the latter as opposed to the former. > Also, dutree has a size threshold (default 5120 kbytes). Files and > directories with disk usages less than this threshold will not be > listed in (clutter up) output. You can, of course specify whatever > is your preferred threshold on the command line. I like the idea of having a size threshold, but it's not a really big point for me -- for what I do, simply piping the results to "sort -nr | head -n 100" is plenty. > My experience was that you get better results when you make freeing > disk space as easy as possible for them. I had great results that > way. There was a guy we couldn't get to work with us. He wasn't a > bad guy, just too busy I guess. We gave him is own filesystem > ('cause at the time, we could :-). When he filled it, he *had* to > start policing his own disk space. :-) That's one way to solve the problem, but it seems a rather unscalable solution to start giving everyone their own filesystem. The use of disk quotas would be more effective, IMO. -- ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Thu Feb 22 07:50:32 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MFkNm28075 for sage-members-outgoing; Thu, 22 Feb 2001 07:46:23 -0800 (PST) Received: from smtpsrv1.isis.unc.edu (smtpsrv1.isis.unc.edu [152.2.1.138]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1MFkL928070 for ; Thu, 22 Feb 2001 07:46:21 -0800 (PST) Received: from login0.isis.unc.edu (harris@login0.isis.unc.edu [152.2.1.97]) by smtpsrv1.isis.unc.edu (8.9.3/8.9.1) with ESMTP id KAA01461; Thu, 22 Feb 2001 10:46:01 -0500 (EST) Received: (from harris@localhost) by login0.isis.unc.edu (AIX4.3/8.9.3/8.9.3) id KAA10442; Thu, 22 Feb 2001 10:46:00 -0500 Date: Thu, 22 Feb 2001 10:45:55 -0500 (EST) From: Trey Harris X-Sender: harris@login0.isis.unc.edu To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: 2^32 stupid things smart admins do to screw up their systems In-Reply-To: <200102221004.f1MA4YE22874@little.cs.tcd.ie> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Thu, 22 Feb 2001, Mike Knell wrote: > Telnetting into a general user access host and then using ssh from there > to connect to other machines which have telnet turned off for the > usual very good reasons. Oh, and going root over that link as well. That brings up a question I've wondered about a number of times but have never had the time to sit down and try to answer carefully... I've been at a number of sites where some hosts limited SSH access to some other set of hosts within the same site. But when somebody complains about not being able to get to the machines they need from home, etc., they're informed that one of the hosts on the access list is a machine that itself has no SSH access list. So you just do a two-hop connection, first hop to the full-access machine, and then hop to the limited-access one. My question: is this really any more secure than just leaving SSH access open on the other hosts in the first place? And since in my experience, just one open host is generally put on *all* the other access lists (so you don't have to remember lists of who can get to what), doesn't that set up that one machine as an Achille's Heel, where if you compromise it, you compromise the entire network of machines--making this solution *less* secure than just allowing SSH to each machine? It's a case of do X, increase risk in column A, decrease it in column B; do Y, decrease column A, increase column B. I'm not sure how to analyze the tradeoffs. Trey From sage-members-owner@usenix.org Thu Feb 22 07:52:43 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MFnrr28091 for sage-members-outgoing; Thu, 22 Feb 2001 07:49:53 -0800 (PST) Received: from newton.newton.cam.ac.uk (newton.newton.cam.ac.uk [131.111.145.1]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1MFnp928087 for ; Thu, 22 Feb 2001 07:49:51 -0800 (PST) Received: from klein.newton.cam.ac.uk (klein.newton.cam.ac.uk [131.111.145.40]) by newton.newton.cam.ac.uk (8.8.8/8.8.8) with ESMTP id PAA06106 for ; Thu, 22 Feb 2001 15:49:28 GMT From: Jonathan H N Chin Date: Thu, 22 Feb 2001 15:50:20 GMT Received: by klein.newton.cam.ac.uk (8.8.8) id PAA00241; Thu, 22 Feb 2001 15:50:20 GMT Message-Id: <200102221550.PAA00241@klein.newton.cam.ac.uk> To: sage-members@usenix.org Subject: Re: Password History Sender: owner-sage-members@usenix.org Precedence: bulk If storing a password as a one-way hash of itself is deemed to be safe, perhaps storing the history list reversibly encrypted by a well-regarded cipher (is that the right word?), using the most recent password as the key, may also be deemed to be safe? -jonathan -- Jonathan H N Chin, 1 dan | deputy computer | Newton Institute, Cambridge, UK | systems mangler | tel/fax: +44 1223 335986/330508 "respondeo etsi mutabor" --Rosenstock-Huessy From sage-members-owner@usenix.org Thu Feb 22 08:42:31 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MGdTs28327 for sage-members-outgoing; Thu, 22 Feb 2001 08:39:29 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1MGdTl28322 for sage-members@usenix.org; Thu, 22 Feb 2001 08:39:29 -0800 (PST) Received: from paladin.globnix.org (paladin.globnix.org [195.11.247.40]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1MGXD928263 for ; Thu, 22 Feb 2001 08:33:13 -0800 (PST) Received: by paladin.globnix.org with local id 14Vyfk-0007b5-00 for sage-members@usenix.org; Thu, 22 Feb 2001 16:32:52 +0000 Date: Thu, 22 Feb 2001 17:32:52 +0100 From: Phil Pennock To: sage-members@usenix.org Subject: Re: Disk cleanup advice for users Message-ID: <20010222173252.A19316@globnix.org> Mail-Followup-To: sage-members@usenix.org References: <200102202102.OAA04204@schooner.aoc.nrao.edu> <200102202229.RAA00550@plhp049.comm.mot.com> <20010221104053.A28720@gerasimov.net> <20010221162045.A31227@gerasimov.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from brad.knowles@skynet.be on Thu, Feb 22, 2001 at 01:28:46PM +0100 Organisation: Organisation? Here? No, over there ----> X-NIC-Handles: COCO-149560 COCO-456268 COCO-374186 (ignore PP8185) X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine and mine alone. Such views do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. X-Phase-of-Moon: The Moon is New X-No-Archive: yes Sender: owner-sage-members@usenix.org Precedence: bulk On 2001-02-22 at 13:28 +0100, Brad Knowles gifted us with: > That's one way to solve the problem, but it seems a rather > unscalable solution to start giving everyone their own filesystem. > The use of disk quotas would be more effective, IMO. But this assumes that people are logical and rational. "I'm important, my work is important, increase my quota now!" If the people likely to cause trouble are given dedicated space, then when it almost fills, they are put in the position of "No, we can't raise your quota, because there's no more disk space to allot to it. However, if you'd like to fill in this purchase authorisation form, get it signed by A B & C, in triplicate, we will be delighted to arrange more disk space for you. Given our current schedules, this will take two weeks. What? Now? Well, why did you ignore the warning mails?" The "hard size limit" vs the "movable quota" is more of a weapon (partly psychological) than a straight alternative. Skillfully deployed, it's helpful. :^) Part of the psychological side comes from the fact that disk space becomes "something which must be paid for, if you want more", instead of "something which can be allocated from the mystical bit-storage pool of infinite capacity". In my current job, disk capacity isn't the issue since we have multiple workstations with fairly modern disks (thanks to Y2k). It's backups and time to complete and fitting the backups on the tapes vs buying extra drives ... for this, the approach which works _has_ been user education. We explain why, we point to things which can be flagged nodump, we document this, it happens. If necessary, after a phone call from me, apologising for the fact that, due to space constraints, we're going to have to remove their system from backups unless they can find a way to reduce their backups requirements. That works quite well. To think, before I became a sysadmin I disdained human psychology and was a hard-core logical wannabe-cyborg. ;^) -- Debugging is at least twice as hard as programming. If your code is as clever as you can possibly make it, then by definition you're not smart enough to debug it. -- Brian Kernighan From sage-members-owner@usenix.org Thu Feb 22 08:42:31 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MGdBc28315 for sage-members-outgoing; Thu, 22 Feb 2001 08:39:11 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1MGdBr28310 for sage-members@usenix.org; Thu, 22 Feb 2001 08:39:11 -0800 (PST) Received: from bunrab.catwhisker.org (adsl-63-193-123-122.dsl.snfc21.pacbell.net [63.193.123.122]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1MGIk928192 for ; Thu, 22 Feb 2001 08:18:47 -0800 (PST) Received: (from david@localhost) by bunrab.catwhisker.org (8.10.0/8.10.0) id f1MGIML11207 for sage-members@usenix.org; Thu, 22 Feb 2001 08:18:22 -0800 (PST) Date: Thu, 22 Feb 2001 08:18:22 -0800 (PST) From: David Wolfskill Message-Id: <200102221618.f1MGIML11207@bunrab.catwhisker.org> To: sage-members@usenix.org Subject: Re: Disk cleanup advice for users In-Reply-To: Sender: owner-sage-members@usenix.org Precedence: bulk >Date: Thu, 22 Feb 2001 13:28:46 +0100 >From: Brad Knowles > That's one way to solve the problem, but it seems a rather >unscalable solution to start giving everyone their own filesystem. >The use of disk quotas would be more effective, IMO. That depends a great deal on one's environment. Where I work (development; I support the developers as the (note singular) UNIX sysadmin), each person's home directory is normally on the person's desktop box, which runs FreeBSD and had adequate space for a handful of CVS working directories, both for the software that folks are working on directly, as well as for FreeBSD (which the desktops run, and which is incorporated into the product). The exceptions to this are non-development folks, who typically have greatly reduced space & processing requirements; they get a shared space. But that's my environment. Of course, regardless of where it is, there's the issue of the extent to which backup & recovery services are provided, and that is something that isn't getting cheaper anywhere near as fast as disk space itself is. [Case in point: I'm looking at laptops to buy for myself. I'd be running FreeBSD on the thing... and it looks like a nice price-point for local disk storage is at 20 GB. Given that I've been around for a while, that seems nearly obscene.i (I recall allocating as much as 80 MB to a news spool around 1987 or so.) I'm figuring that I should be able to maintain a local copy of the entire FreeBSD CVS repository on that, and still have plentry of room to build & run a couple of versions of FreeBSD-STABLE; probably at least one of FreeBSD-CURRENT, as well. Along with a home directory, of course. Gak.] Cheers, david -- David H. Wolfskill david@catwhisker.org As a computing professional, I believe it would be unethical for me to advise, recommend, or support the use (save possibly for personal amusement) of any product that is or depends on any Microsoft product. From sage-members-owner@usenix.org Thu Feb 22 10:26:21 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MIMR829150 for sage-members-outgoing; Thu, 22 Feb 2001 10:22:27 -0800 (PST) Received: from sekrit.office.oceanwave.com (laslo.ne.mediaone.net [24.128.174.140]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1MIMQ929146 for ; Thu, 22 Feb 2001 10:22:26 -0800 (PST) Received: (from arr@localhost) by sekrit.office.oceanwave.com (8.11.1/8.11.1) id f1MIM0t06399; Thu, 22 Feb 2001 13:22:00 -0500 (EST) Message-ID: <14997.22727.130637.820280@sekrit.office.oceanwave.com> Date: Thu, 22 Feb 2001 13:21:59 -0500 (EST) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: 2^32 stupid things smart admins do to screw up their systems In-Reply-To: References: <200102221004.f1MA4YE22874@little.cs.tcd.ie> X-Mailer: VM 6.63 under Emacs 20.6.1 X-PGP-Fingerprint: 5B F5 08 B3 6B 11 72 BD 19 29 1B 98 D2 94 77 D8 Sender: owner-sage-members@usenix.org Precedence: bulk harris> That brings up a question I've wondered about a number of times but harris> have never had the time to sit down and try to answer harris> carefully... I've been at a number of sites where some hosts limited harris> SSH access to some other set of hosts within the same site. But when harris> somebody complains about not being able to get to the machines they harris> need from home, etc., they're informed that one of the hosts on the harris> access list is a machine that itself has no SSH access list. So you harris> just do a two-hop connection, first hop to the full-access machine, harris> and then hop to the limited-access one. Yes, you're right, this does just push off the security to another host, but there are a few things in there that might make it worthwhile: - The two hosts are different architecture (kiddie scripts won't generally work the same on both) - You can limit the access to many machines through one machine that you keep a closer eye on (patching, logging, security restrictions, etc). It's best to put the less secure/looked after machines behind a filter (not just limiting ssh connections with AllowHosts or tcp wrappers). - People can have different passwords/passphrases on the "gateway" machine than they have in other places (so you must compromise two, not just one) - The network that the limited-access machine is on may be probed more vigorously than the network that the open gateway machine is on (ie you only allow access to your cablemodem at home via your work address...everyone under the sun probes cablemodem networks, and many fewer people may probe $VBC either for fear of litigation or just because they aren't generally as easy a prey as cablemodem customers). - There's also the possibility of some small security through obscurity bit here, too if the gateway host is less known than a higher profile machine which uses the open gateway as a hop. Basically, it's just another hoop to hop through where you can add a small bit of extra security/watching. -- Amy Rich Oceanwave Consulting, Inc. UNIX Systems Administration Consultant 21 Old Town Rd. http://www.oceanwave.com/ Beverly, MA 01915 Phone: 978-232-9535 Fax: 978-232-9537 From sage-members-owner@usenix.org Thu Feb 22 11:27:53 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MJO8P29638 for sage-members-outgoing; Thu, 22 Feb 2001 11:24:08 -0800 (PST) Received: from gwyn.tux.org (gwyn.tux.org [207.96.122.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1MJO7929634 for ; Thu, 22 Feb 2001 11:24:07 -0800 (PST) Received: (from jsdy@localhost) by gwyn.tux.org (8.9.3/8.9.1) id OAA05714; Thu, 22 Feb 2001 14:22:39 -0500 Date: Thu, 22 Feb 2001 14:22:39 -0500 From: Joseph S D Yao To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Disk cleanup advice for users Message-ID: <20010222142239.E24463@gwyn.tux.org> References: <200102202102.OAA04204@schooner.aoc.nrao.edu> <200102202229.RAA00550@plhp049.comm.mot.com> <20010221104053.A28720@gerasimov.net> <200102212113.f1LLDgT08333@oberon.vacationclub.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200102212113.f1LLDgT08333@oberon.vacationclub.com>; from Daniel.Boyd@vacationclub.com on Wed, Feb 21, 2001 at 04:13:42PM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Feb 21, 2001 at 04:13:42PM -0500, Daniel Boyd wrote: > You can see which big file is eating up all your space even if it's > hidden several levels deep. ... Which I do with: du -k /news4 | sort +0rn -1 +1 > /tmp/du.news4; head -20 /tmp/du.news4 which can also be done on a non-X console. ;-) -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/ From sage-members-owner@usenix.org Thu Feb 22 11:32:25 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MJTQO29694 for sage-members-outgoing; Thu, 22 Feb 2001 11:29:26 -0800 (PST) Received: from gwyn.tux.org (gwyn.tux.org [207.96.122.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1MJTP929690 for ; Thu, 22 Feb 2001 11:29:25 -0800 (PST) Received: (from jsdy@localhost) by gwyn.tux.org (8.9.3/8.9.1) id OAA05998; Thu, 22 Feb 2001 14:29:03 -0500 Date: Thu, 22 Feb 2001 14:29:03 -0500 From: Joseph S D Yao To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Disk cleanup advice for users Message-ID: <20010222142903.G24463@gwyn.tux.org> References: <200102202102.OAA04204@schooner.aoc.nrao.edu> <200102202229.RAA00550@plhp049.comm.mot.com> <20010221104053.A28720@gerasimov.net> <20010221162045.A31227@gerasimov.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20010221162045.A31227@gerasimov.net>; from extasia@mindspring.com on Wed, Feb 21, 2001 at 04:20:45PM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Feb 21, 2001 at 04:20:45PM -0800, David Alban wrote: > One difference: when a filesystem is filling up, it's not a disk that > you're worried about. Other partitions on the disk could be just > fine. It's a particular *filesystem* in which you're gasping for > space. duchk and dutree don't cross filesystems. Executing the > above command will give incorrect information if there are active > mount points in the $DIR tree at any level. Also, a nice-to-have > (albeit very minor) difference: they list directories with trailing > slashes, files without. :-) And symlinks aren't listed unless you > specify that you want them listed. Many 'du' implementations these days have the "-x" option, to restrict crossing file system boundaries. -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/ From sage-members-owner@usenix.org Thu Feb 22 11:33:20 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MJULg29712 for sage-members-outgoing; Thu, 22 Feb 2001 11:30:21 -0800 (PST) Received: from mail.hodgsonhouse.com (server.hodgsonhouse.com [24.72.10.209]) by usenix.org (8.11.0/8.11.0) with SMTP id f1MJUK929708 for ; Thu, 22 Feb 2001 11:30:20 -0800 (PST) Received: (qmail 7988 invoked by uid 501); 22 Feb 2001 19:29:59 -0000 Date: Thu, 22 Feb 2001 13:29:59 -0600 From: Tillman To: sage-members@usenix.org Subject: Re: Password History Message-ID: <20010222132959.C7855@server.hodgsonhouse.com> References: <200102221550.PAA00241@klein.newton.cam.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102221550.PAA00241@klein.newton.cam.ac.uk>; from jc254@newton.cam.ac.uk on Thu, Feb 22, 2001 at 03:50:20PM +0000 X-Editor: Vim-5.5 http://www.vim.org X-Mailer: Mutt Rocks! http://www.mutt.org Sender: owner-sage-members@usenix.org Precedence: bulk On Thu, Feb 22, 2001 at 03:50:20PM +0000, Jonathan H N Chin wrote: > If storing a password as a one-way hash of itself is deemed to > be safe, perhaps storing the history list reversibly encrypted > by a well-regarded cipher (is that the right word?), using the > most recent password as the key, may also be deemed to be safe? > > -jonathan I *like* that idea. It provides reversible encryption with the highly useful caveat that the user is required to perform the reversal. Since this will only be used when performing a password change, this seems to be a nice fit for the problem. Two security downsides: * Obtaining someone's current password will allow you to unlock all previous passwords, which has implications for other hosts if the user is a typical human and reuses passwords; and * depending on the algorithm used, obtaining a user's /old/ password in clear text and password history file in encrypted form may let you obtain the /current/ password. Since users are typically careless with passwords that they believe to no longer be used, that might be a danger. These problems lie in the realm of soft science (education, policy and LARTs), though, so they might be academic. - Tillman From sage-members-owner@usenix.org Thu Feb 22 12:32:31 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MKRZ000040 for sage-members-outgoing; Thu, 22 Feb 2001 12:27:35 -0800 (PST) Received: from gerasimov.net ([209.143.70.130]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1MKRW900035 for ; Thu, 22 Feb 2001 12:27:33 -0800 (PST) Received: (from alban@localhost) by gerasimov.net (8.9.3/8.9.3) id PAA07667 for sage-members@usenix.org; Thu, 22 Feb 2001 15:25:55 -0500 Date: Thu, 22 Feb 2001 12:25:55 -0800 From: David Alban To: sage-members@usenix.org Subject: Re: Disk cleanup advice for users Message-ID: <20010222122555.A7295@gerasimov.net> References: <20010221104053.A28720@gerasimov.net> <20010221162045.A31227@gerasimov.net> <20010222142903.G24463@gwyn.tux.org> <200102202102.OAA04204@schooner.aoc.nrao.edu> <200102202229.RAA00550@plhp049.comm.mot.com> <20010221104053.A28720@gerasimov.net> <20010221162045.A31227@gerasimov.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4us In-Reply-To: ; from Brad Knowles on Thu, Feb 22, 2001 at 01:28:46PM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk At 2001/02/22/13:28 +0100 Brad Knowles wrote: > Okay, so use "du -sxk" instead. At 2001/02/22/14:29 -0500 Joseph S D Yao wrote: > Many 'du' implementations these days have the "-x" option, to restrict > crossing file system boundaries. Let's look more closely at this. Say you have the following filesystems: $ df Filesystem 1024-blocks Used Available Capacity Mounted on . . . /dev/sda6 279921 37080 228385 14% /tmp /dev/fd0 1390 205 1113 16% /tmp/mnt Assume that 'x' is the du option on your platform that restricts processing to one filesystem. Then we get: $ du -sk /tmp 37283 /tmp $ du -skx /tmp 37078 /tmp $ du -sk /tmp/mnt 205 /tmp/mnt Looks good, right? -x caused du not to process /tmp/mnt. However, what we want to know is not the summary of just /tmp, but the summaries of usage of each entry in /tmp. That is: "/tmp/*". So we have: $ du -skx /tmp/* | sort -nr 36822 /tmp/tmp 205 /tmp/mnt 43 /tmp/fvwmrca00331 43 /tmp/fvwmrca00306 43 /tmp/fvwmrca00292 41 /tmp/zman32451aaa 30 /tmp/cbb-tmp-16344.cbb 30 /tmp/cbb-tmp-1419.cbb 12 /tmp/lost+found 2 /tmp/junkr.ppp.tar.gz 1 /tmp/xt.cmd.31545.151442 1 /tmp/xt.cmd.27619.214016 1 /tmp/xt.cmd.23867.174500 1 /tmp/xt.cmd.21108.101258 1 /tmp/xt.cmd.198.050332 1 /tmp/xt.cmd.190.092921 1 /tmp/junk.ctab.extasia.26817.image~ 1 /tmp/cbb-tmp-14902.cbb 1 /tmp/cbb-tmp-10651.cbb 0 /tmp/updatedb.lastrun Hmmm. /tmp/mnt showed up in the listing. How did that happen? Because when the shell expands /tmp/*, one of the arguments to du now becomes /tmp/mnt, as in: du -skx ... /tmp/lost+found /tmp/mnt /tmp/tmp ... du will now create a summary for each argument. Sure enough, when du -skx processes /tmp/mnt, it will restrict itself only to that (the /tmp/mnt) filesystem. But the problem is that this filesystem was an argument to du in the first place. duchk and dutree both create a table of mounted filesystems before the first "du -skx" call. Then they examine each directory entry (that is itself a directory) to ensure that the entry is not a mount point *before* allowing "du -skx" to process it. Live mount points are "pruned". Granted, these tools a fresh coat of paint. I know much more now about shell (and perl, in which I'd rewrite them) than I did when I wrote them. But the algorithms are sound. David -- Live in a world of your own, but always welcome visitors. http://www.gerasimov.net/~alban/trt/resume.html (currently looking) From sage-members-owner@usenix.org Thu Feb 22 14:08:50 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1MM4ks00760 for sage-members-outgoing; Thu, 22 Feb 2001 14:04:46 -0800 (PST) Received: from gwyn.tux.org (ident-user@gwyn.tux.org [207.96.122.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1MM4e900756 for ; Thu, 22 Feb 2001 14:04:45 -0800 (PST) Received: (from jsdy@localhost) by gwyn.tux.org (8.9.3/8.9.1) id RAA16234; Thu, 22 Feb 2001 17:04:17 -0500 Date: Thu, 22 Feb 2001 17:04:17 -0500 From: Joseph S D Yao To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Disk cleanup advice for users Message-ID: <20010222170417.T24463@gwyn.tux.org> References: <20010221162045.A31227@gerasimov.net> <20010222142903.G24463@gwyn.tux.org> <200102202102.OAA04204@schooner.aoc.nrao.edu> <200102202229.RAA00550@plhp049.comm.mot.com> <20010221104053.A28720@gerasimov.net> <20010221162045.A31227@gerasimov.net> <20010222122555.A7295@gerasimov.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20010222122555.A7295@gerasimov.net>; from extasia@mindspring.com on Thu, Feb 22, 2001 at 12:25:55PM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk On Thu, Feb 22, 2001 at 12:25:55PM -0800, David Alban wrote: > At 2001/02/22/13:28 +0100 Brad Knowles wrote: > > Okay, so use "du -sxk" instead. > > At 2001/02/22/14:29 -0500 Joseph S D Yao wrote: > > Many 'du' implementations these days have the "-x" option, to restrict > > crossing file system boundaries. > > Let's look more closely at this. Say you have the following filesystems: ... > However, what we want to know is not the summary of just /tmp, but the > summaries of usage of each entry in /tmp. That is: "/tmp/*". So we > have: ... > Hmmm. /tmp/mnt showed up in the listing. How did that happen? > Because when the shell expands /tmp/*, one of the arguments to du now > becomes /tmp/mnt, as in: > > du -skx ... /tmp/lost+found /tmp/mnt /tmp/tmp ... > > du will now create a summary for each argument. Sure enough, when > du -skx processes /tmp/mnt, it will restrict itself only to that (the > /tmp/mnt) filesystem. But the problem is that this filesystem was an > argument to du in the first place. So the solution is not to make /tmp/mnt an argument in the first place. ;-( If I want to find out what is in a file system on which others are mounted [say, /], and I don't want just the whole summary, I will say: du -x -k /tmp | sort +0rn -1 +1 | other-filters This is not to say that your script is worse - I haven't tried it. But you can't say, for heaven's sake, that the -x argument doesn't work because it won't ignore a mounted file system that you snuck in! ;-} [No mail, please, about how "snuck" ain't a word. ;->] -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/ From sage-members-owner@usenix.org Fri Feb 23 01:31:04 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1N9OKt03072 for sage-members-outgoing; Fri, 23 Feb 2001 01:24:20 -0800 (PST) Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1N9OI903068 for ; Fri, 23 Feb 2001 01:24:18 -0800 (PST) Received: from [10.0.1.2] (dialup30.brussels.skynet.be [195.238.19.30] (may be forged)) by picard.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.10) with ESMTP id f1N9Nro15869; Fri, 23 Feb 2001 10:23:53 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20010222122555.A7295@gerasimov.net> References: <20010221104053.A28720@gerasimov.net> <20010221162045.A31227@gerasimov.net> <20010222142903.G24463@gwyn.tux.org> <200102202102.OAA04204@schooner.aoc.nrao.edu> <200102202229.RAA00550@plhp049.comm.mot.com> <20010221104053.A28720@gerasimov.net> <20010221162045.A31227@gerasimov.net> <20010222122555.A7295@gerasimov.net> Date: Fri, 23 Feb 2001 10:21:05 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Disk cleanup advice for users Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 12:25 PM -0800 2/22/01, David Alban wrote: > However, what we want to know is not the summary of just /tmp, but the > summaries of usage of each entry in /tmp. That is: "/tmp/*". So we > have: Try "du -kx /tmp". Instead of trying to get summaries of each of the files/directories in /tmp, you get the full hiearchical listing, which you then feed to "sort -nr". -- ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Fri Feb 23 05:36:49 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1NDX0r03424 for sage-members-outgoing; Fri, 23 Feb 2001 05:33:00 -0800 (PST) Received: from newton.newton.cam.ac.uk (newton.newton.cam.ac.uk [131.111.145.1]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1NDWx903420 for ; Fri, 23 Feb 2001 05:32:59 -0800 (PST) Received: from klein.newton.cam.ac.uk (klein.newton.cam.ac.uk [131.111.145.40]) by newton.newton.cam.ac.uk (8.8.8/8.8.8) with ESMTP id NAA14112 for ; Fri, 23 Feb 2001 13:32:37 GMT From: Jonathan H N Chin Date: Fri, 23 Feb 2001 13:33:29 GMT Received: by klein.newton.cam.ac.uk (8.8.8) id NAA08457; Fri, 23 Feb 2001 13:33:29 GMT Message-Id: <200102231333.NAA08457@klein.newton.cam.ac.uk> To: sage-members@usenix.org Subject: Re: Password History Sender: owner-sage-members@usenix.org Precedence: bulk Tillman wrote: > On Thu, Feb 22, 2001 at 03:50:20PM +0000, Jonathan H N Chin wrote: > > If storing a password as a one-way hash of itself is deemed to > > be safe, perhaps storing the history list reversibly encrypted > > by a well-regarded cipher (is that the right word?), using the > > most recent password as the key, may also be deemed to be safe? > * Obtaining someone's current password will allow you to unlock all previous > passwords, which has implications for other hosts if the user is a typical > human and reuses passwords; and If you show the history list to the user, yes. However I assumed it would not be made available. cf. /etc/shadow, which is not intended to be read by the user. We are not told how the passwords are stored (NIS db?) so cannot judge the safety of that. However, one could, for example, have a central server (black box) which accepts requests of form: (user, old password, new password) and returns success or fail. Should work within a PAM framework. If one does not wish to invent a protocol, perhaps one might establish communications with the server using SRP or the like so that nothing helpful to a cracker is passed over the network. > * depending on the algorithm used, obtaining a user's /old/ password in clear > text and password history file in encrypted form may let you obtain the > /current/ password. True. The black box server approach might go some way to alleviating this as a concern. -jonathan -- Jonathan H N Chin, 1 dan | deputy computer | Newton Institute, Cambridge, UK | systems mangler | tel/fax: +44 1223 335986/330508 "respondeo etsi mutabor" --Rosenstock-Huessy From sage-members-owner@usenix.org Fri Feb 23 14:34:16 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1NMRGJ06700 for sage-members-outgoing; Fri, 23 Feb 2001 14:27:16 -0800 (PST) Received: from insws8502.gs.com (insws8502.gs.com [204.4.182.11]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1NMRE906695 for ; Fri, 23 Feb 2001 14:27:15 -0800 (PST) Received: from insdb8502.inz.gs.com (insdb8502.inz.gs.com [204.4.188.75]) by insws8502.gs.com (Postfix) with ESMTP id 5C11A1BE82 for ; Fri, 23 Feb 2001 17:26:49 -0500 (EST) Received: from nbsapsm02.ny.ficc.gs.com by insdb8502.inz.gs.com with ESMTP for sage-members@usenix.org; Fri, 23 Feb 2001 17:26:49 -0500 Received: from nbsadc111.ny.ficc.gs.com (nbsadc111.ny.ficc.gs.com [148.86.214.85]) by nbsapsm02.ny.ficc.gs.com (8.9.1a/8.9.0/wanhub) with ESMTP id RAA13644 for ; Fri, 23 Feb 2001 17:26:48 -0500 (EST) Received: from gs.com (localhost [127.0.0.1]) by nbsadc111.ny.ficc.gs.com (8.9.3+Sun/8.9.3) with ESMTP id RAA05704 for ; Fri, 23 Feb 2001 17:26:39 -0500 (EST) Message-Id: <3A96E39F.2F9D7A75@gs.com> Date: Fri, 23 Feb 2001 17:26:39 -0500 From: "Joseph Boyer Jr." Organization: Goldman Sachs and Company X-Mailer: Mozilla 4.76C-CCK-MCD CPT-2 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: running applications as root X-Priority: 1 (Highest) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk hello folks... Hi, how is everyone? Me, just a little ticked off at this point. I have dealing with a third party application vendor who is telling me that their app "has to runn as root or it will not work properly". The application is a java with a web frontend. I have setup a specific user to run this application. This user has the appropriate permission, not root permissions, for the application to run. I have had this setup since August of last year and now that we are encountering a problem their support is telling me it is because that the app is not running as root. my opinion is that they are full of it!!!! Does anyone have an opinion on this and or how have some of you all setup third party applicaions? Please note that this app ships with its own api and libraries, which are off the root of the app's installation directory. Thanks for letting me vent! Any feedback who be great! Thanks! Regards, -- Joseph Boyer Jr. Goldman Sachs and Company 85 Broad Street, 8th Floor New York, New York 10004 Email: Joseph.Boyer@gs.com From sage-members-owner@usenix.org Fri Feb 23 19:01:14 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1O2uIY08622 for sage-members-outgoing; Fri, 23 Feb 2001 18:56:18 -0800 (PST) Received: from igtc.igtc.com (IDENT:root@igtc.igtc.com [64.124.0.40]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1O2uG908618 for ; Fri, 23 Feb 2001 18:56:16 -0800 (PST) Received: (from pmm@localhost) by igtc.igtc.com (8.11.1/8.11.1) id f1O2ttT31498; Fri, 23 Feb 2001 18:55:55 -0800 Date: Fri, 23 Feb 2001 18:55:55 -0800 From: "Paul M. Moriarty" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: running applications as root Message-ID: <20010223185555.A31384@igtc.igtc.com> References: <3A96E39F.2F9D7A75@gs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A96E39F.2F9D7A75@gs.com>; from joseph.boyer@gs.com on Fri, Feb 23, 2001 at 05:26:39PM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk One test is worth a thousand hypotheses Joseph Boyer Jr. writes: > hello folks... > > Hi, how is everyone? Me, just a little ticked off at this point. > > I have dealing with a third party application vendor who is telling me > that their app "has to runn as root or it will not work properly". The > application is a java with a web frontend. I have setup a specific user > to run this application. This user has the appropriate permission, not > root permissions, for the application to run. I have had this setup > since August of last year and now that we are encountering a problem > their support is telling me it is because that the app is not running as > root. my opinion is that they are full of it!!!! > > Does anyone have an opinion on this and or how have some of you all > setup third party applicaions? > > Please note that this app ships with its own api and libraries, which > are off the root of the app's installation directory. > > Thanks for letting me vent! Any feedback who be great! Thanks! > > Regards, > -- > Joseph Boyer Jr. > Goldman Sachs and Company > 85 Broad Street, 8th Floor > New York, New York 10004 > Email: Joseph.Boyer@gs.com From sage-members-owner@usenix.org Fri Feb 23 19:14:20 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1O3BJF08674 for sage-members-outgoing; Fri, 23 Feb 2001 19:11:19 -0800 (PST) Received: from mail2.rdc2.ab.home.com (mail2.rdc2.ab.home.com [24.64.2.49]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1O3BI908670 for ; Fri, 23 Feb 2001 19:11:18 -0800 (PST) Received: from h24-64-245-133.cg.shawcable.net ([24.64.245.133]) by mail2.rdc2.ab.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20010224031049.GJBV825.mail2.rdc2.ab.home.com@h24-64-245-133.cg.shawcable.net>; Fri, 23 Feb 2001 19:10:49 -0800 Date: Fri, 23 Feb 2001 20:10:48 -0700 (MST) From: Yves Dorfsman X-X-Sender: To: sage-members@usenix.org cc: Subject: Re: running applications as root In-Reply-To: <3A96E39F.2F9D7A75@gs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Fri, 23 Feb 2001, Joseph Boyer Jr. wrote: > I have dealing with a third party application vendor who is telling me > that their app "has to runn as root or it will not work properly". The > application is a java with a web frontend. I have setup a specific user > to run this application. This user has the appropriate permission, not > root permissions, for the application to run. I have had this setup > since August of last year and now that we are encountering a problem > their support is telling me it is because that the app is not running as > root. my opinion is that they are full of it!!!! Have you tried to reproduce the problem on a test box, where the apps run as root, or even re-start the program on the prod box as root, and see if you can reproduce the problem... And even if it seems that it needs root, it might be something simple as setting the right perms on a directory. Yves. ---- Yves Dorfsman dorfsmay@cuug.ab.ca http://www.cuug.ab.ca/~dorfsmay From sage-members-owner@usenix.org Fri Feb 23 19:44:02 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1O3el708734 for sage-members-outgoing; Fri, 23 Feb 2001 19:40:47 -0800 (PST) Received: from hotmail.com (f170.law7.hotmail.com [216.33.237.170]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1O3ek908730 for ; Fri, 23 Feb 2001 19:40:46 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 23 Feb 2001 19:40:21 -0800 Received: from 209.86.200.66 by lw7fd.law7.hotmail.msn.com with HTTP; Sat, 24 Feb 2001 03:40:21 GMT X-Originating-IP: [209.86.200.66] From: "J Yaple" To: sage-members@usenix.org Subject: Re: running applications as root Date: Fri, 23 Feb 2001 21:40:21 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 24 Feb 2001 03:40:21.0498 (UTC) FILETIME=[838CBDA0:01C09E13] Sender: owner-sage-members@usenix.org Precedence: bulk We normally set up third party java apps with their own user, just as you describe. Our security standards prohibit them running as root. We can use root access to install, but operation is done under a generic account. Standards also require the binaries install other than the root FS. Sounds like they, or more correctly, this clueless support person, is full of it. If it was running without root before, it shouldn't need it now. James ----Original Message Follows---- From: "Joseph Boyer Jr." I have dealing with a third party application vendor who is telling me that their app "has to runn as root or it will not work properly". The application is a java with a web frontend. I have setup a specific user to run this application. This user has the appropriate permission, not root permissions, for the application to run. I have had this setup since August of last year and now that we are encountering a problem their support is telling me it is because that the app is not running as root. my opinion is that they are full of it!!!! Does anyone have an opinion on this and or how have some of you all setup third party applicaions? Please note that this app ships with its own api and libraries, which are off the root of the app's installation directory. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com From sage-members-owner@usenix.org Sat Feb 24 07:21:50 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1OFBNI09594 for sage-members-outgoing; Sat, 24 Feb 2001 07:11:23 -0800 (PST) Received: from smtpsrv0.isis.unc.edu (smtpsrv0.isis.unc.edu [152.2.1.139]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1OFBM909590 for ; Sat, 24 Feb 2001 07:11:22 -0800 (PST) Received: from login0.isis.unc.edu (harris@login0.isis.unc.edu [152.2.1.97]) by smtpsrv0.isis.unc.edu (8.9.3/8.9.1) with ESMTP id KAA29568; Sat, 24 Feb 2001 10:11:00 -0500 (EST) Received: (from harris@localhost) by login0.isis.unc.edu (AIX4.3/8.9.3/8.9.3) id KAA06398; Sat, 24 Feb 2001 10:11:01 -0500 Date: Sat, 24 Feb 2001 10:11:00 -0500 (EST) From: Trey Harris X-Sender: harris@login0.isis.unc.edu To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: running applications as root In-Reply-To: <3A96E39F.2F9D7A75@gs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Joseph, A test would certainly be your best bet. Does the problem go away when run as root? If not, then tell the tech support person that they're barking up the wrong tree. If a test isn't possible, think about it from the other end of what root can do. There aren't really that many superpowers of root... changing the ownership of files, violating file permissions, binding to low-numbered TCP or UDP ports, sending signals to non-owned processes.... does it makes sense that the problem you're seeing would be alleviated by being root? You can always challenge the tech support people, depending on their level of expertise. If they're not merely script-followers, you could try asking "why do I have to be root?" If they don't name one of the superpowers and why you need it, tell them that your security policy doesn't allow running unnecessary code as root. Trey Harris formerly of UNC Academic Technology Now with VA Linux Systems, New York region On Fri, 23 Feb 2001, Joseph Boyer Jr. wrote: > I have dealing with a third party application vendor who is telling me > that their app "has to runn as root or it will not work properly". The > application is a java with a web frontend. From sage-members-owner@usenix.org Sat Feb 24 10:35:29 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1OIRLe09882 for sage-members-outgoing; Sat, 24 Feb 2001 10:27:21 -0800 (PST) Received: from prajna.anatman.org (we-24-130-93-49.we.mediaone.net [24.130.93.49]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1OIRK909878 for ; Sat, 24 Feb 2001 10:27:20 -0800 (PST) Received: from localhost (localhost.we.mediaone.net [127.0.0.1]) by prajna.anatman.org (Postfix) with ESMTP id BC7DB136EF for ; Sat, 24 Feb 2001 10:26:57 -0800 (PST) Date: Sat, 24 Feb 2001 10:26:57 -0800 (PST) From: Thornton Prime X-X-Sender: To: sage-members@usenix.org Subject: Re: running applications as root In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Sat, 24 Feb 2001, Trey Harris wrote: > You can always challenge the tech support people, depending on their level > of expertise. If they're not merely script-followers, you could try > asking "why do I have to be root?" If they don't name one of the > superpowers and why you need it, tell them that your security policy > doesn't allow running unnecessary code as root. I've had similar run-ins with commercial software vendors, where they insisted on running a process as root, or required some other privledge that was a clear and unecessary risk. Threatening to go to another vendor is usually enough to put you in touch with somoene who knows what they are talking about. In every case it has been that they have decided that it was easier to have support people tell customers that the application should run as root rather than educate support people on the real software requirements and alternatives to runing as root. thornton From sage-members-owner@usenix.org Mon Feb 26 21:15:03 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1R55Cf19395 for sage-members-outgoing; Mon, 26 Feb 2001 21:05:12 -0800 (PST) Received: from proxy4.ba.best.com (root@proxy4.ba.best.com [206.184.139.15]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1R55B919391 for ; Mon, 26 Feb 2001 21:05:11 -0800 (PST) Received: from shell3.ba.best.com (bolthole@shell3.ba.best.com [206.184.139.134]) by proxy4.ba.best.com (8.9.3/8.9.2/best.out) with SMTP id VAA26763 for ; Mon, 26 Feb 2001 21:04:10 -0800 (PST) Received: by shell3.ba.best.com (sSMTP sendmail emulation); Mon, 26 Feb 2001 21:04:10 -0800 From: phil@bolthole.com Date: Mon, 26 Feb 2001 21:04:09 -0800 To: sage-members@usenix.org Subject: US-CA-Los Angeles: LUG on VPNs, and extranets, this thursday Message-ID: <20010226210409.A23817@bolthole.com> Mail-Followup-To: sage-members@usenix.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-sage-members@usenix.org Precedence: bulk This Thursday, the Los Angeles chapter of the UUASC will be hosting a free presentation on Extranets and VPNs, given by Mark Mellis. " While extranets link suppliers, customers, data sources, financial organizations and frequently, competitors, the abysmal state of extranet security is one of the best kept dirty secrets. This presentation offers advice with helping companies to connect with business partners without putting themselves at risk. " In particular, Mark will talk about extranet implementation techniques, with pros and cons of different technologies. Some of the different technologies which will be covered are VPNs of different types, "session extenders" like Citrix MetaFrame and PC Anywhere, leased lines and frame relay, and web-enabled extranets. We'll discuss which techniques are useful in which scenarios, and what the pitfalls can be. Oh, and some "war stories" :-) Thursday March 1st, 7pm-9pm TRW, Building R2, room 1177A One Space Park Drive, Redondo Beach, California A telephone into the room is 310-812-5607 **You need to call this number to be let in the building** More details & maps at http://www.bolthole.com/uuala/ From sage-members-owner@usenix.org Tue Feb 27 07:56:15 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1RFnhu20551 for sage-members-outgoing; Tue, 27 Feb 2001 07:49:43 -0800 (PST) Received: from trinity.fluff.org (mail@trinity.fluff.org [194.153.168.225]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1RFne920547 for ; Tue, 27 Feb 2001 07:49:41 -0800 (PST) Received: from ajr by trinity.fluff.org with local (Exim 3.12) id 14XmMu-0003en-00 for sage-members@usenix.org ; Tue, 27 Feb 2001 15:48:52 +0000 Date: Tue, 27 Feb 2001 15:48:52 +0000 To: sage-members@usenix.org Subject: Re: running applications as root Message-ID: <20010227154852.A13363@btinternet.com> Reply-To: ade.rixon@bigfoot.com Mail-Followup-To: ajr, sage-members@usenix.org References: <3A96E39F.2F9D7A75@gs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A96E39F.2F9D7A75@gs.com>; from joseph.boyer@gs.com on Fri, Feb 23, 2001 at 05:26:39PM -0500 X-Home-Page: http://www.big-bubbles.home.dhs.org/ From: Adrian Rixon Sender: owner-sage-members@usenix.org Precedence: bulk 23 Feb 05:26:39 PM: Meanwhile in the Sheraton, Joseph Boyer Jr. wrote: > root permissions, for the application to run. I have had this setup > since August of last year and now that we are encountering a problem > their support is telling me it is because that the app is not running as > root. my opinion is that they are full of it!!!! >-- End of excerpt from Joseph Boyer Jr. Bit of a longwinded approach, but could you truss/strace the process, reproduce the problem and check the output for access violations (e.g. EACCES)? If it was just a question of file permissions, this might locate the target. Alternatively, you may find beating up on the vendor involves slightly less effort on your part. Cheers, Ade_ / -- | Ade Rixon || http://www.big-bubbles.home.dhs.org/ || ade.rixon@bigfoot.com | "And does this imply any kind of political programme?" "It could do. Easily. Yes, why not?" - The Long Johns From sage-members-owner@usenix.org Tue Feb 27 12:56:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1RKqx422876 for sage-members-outgoing; Tue, 27 Feb 2001 12:52:59 -0800 (PST) Received: from zia.aoc.NRAO.EDU (zia.aoc.nrao.edu [146.88.1.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1RKqv922872 for ; Tue, 27 Feb 2001 12:52:57 -0800 (PST) Received: from schooner.aoc.nrao.edu (schooner [146.88.1.113]) by zia.aoc.NRAO.EDU (8.9.3/8.9.3) with ESMTP id NAA09860 for ; Tue, 27 Feb 2001 13:52:26 -0700 (MST) Received: (from rmilner@localhost) by schooner.aoc.nrao.edu (8.7.3/8.6.10) id NAA16291 for sage-members@usenix.org; Tue, 27 Feb 2001 13:52:25 -0700 (MST) Date: Tue, 27 Feb 2001 13:52:25 -0700 (MST) From: Ruth Milner Message-Id: <200102272052.NAA16291@schooner.aoc.nrao.edu> To: sage-members@usenix.org Subject: user login directory survey Sender: owner-sage-members@usenix.org Precedence: bulk Quick survey to try to get some idea of whether there is really a "standard" for this. What does your site use as the convention for the path to UNIX users' home (i.e. login) directories? Are you using something like /home/ per the Sun NFS book :-), or something different, e.g. /u, /users, /home///, or a comprehensive hierar- chical structure like /home/users/, /home/software/, etc.? Note, I'm not looking for discussion on the merits of various options or the rationale behind specific ones, I'm just trying to get an idea of the conventions in use and whether any one of them dominates. Inquiring Minds Want To Know. Replies directly to me, please, and I'll post the tallies in a few days. Thanks! Ruth. ---- Ruth Milner National Radio Astronomy Observatory Computing Security Manager, Socorro, NM Assistant to the Director for rmilner@nrao.edu Data Management - 505-835-7282 Computing Acquisitions/Budgets/Contracts FAX 505-835-7027 From sage-members-owner@usenix.org Tue Feb 27 13:08:59 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1RL5uL23012 for sage-members-outgoing; Tue, 27 Feb 2001 13:05:56 -0800 (PST) Received: from motgate4.mot.com (motgate4.mot.com [144.189.100.102]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1RL5s923008 for ; Tue, 27 Feb 2001 13:05:54 -0800 (PST) Received: [from pobox2.mot.com (pobox2.mot.com [136.182.15.8]) by motgate4.mot.com (motgate4 2.1) with ESMTP id OAA06721 for ; Tue, 27 Feb 2001 14:05:31 -0700 (MST)] Received: [from plnt014.comm.mot.com (plantation.comm.mot.com [145.2.198.69]) by pobox2.mot.com (MOT-pobox2 2.0) with ESMTP id OAA16844 for ; Tue, 27 Feb 2001 14:05:31 -0700 (MST)] Received: from admin01.comm.mot.com (plhp002.comm.mot.com [173.40.22.12]) by plnt014.comm.mot.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id 1H5T4945; Tue, 27 Feb 2001 16:05:31 -0500 Received: from plhp049.comm.mot.com (plhp049 [173.41.21.44]) by admin01.comm.mot.com (8.9.3 (PHNE_18979)/8.8.6) with ESMTP id QAA28819 for ; Tue, 27 Feb 2001 16:05:30 -0500 (EST) Received: (from brownmic@localhost) by plhp049.comm.mot.com (8.9.3 (PHNE_18546)/8.8.6) id QAA22544 for sage-members@usenix.org; Tue, 27 Feb 2001 16:05:22 -0500 (EST) From: Michael Rogero Brown Message-Id: <200102272105.QAA22544@plhp049.comm.mot.com> Subject: Re: running applications as root To: sage-members@usenix.org Date: Tue, 27 Feb 2001 16:05:22 -0500 (EST) In-Reply-To: <20010227154852.A13363@btinternet.com> from Adrian Rixon at Feb "27, " 2001 "03:48:52" pm X-Mailer: ELM [$Revision: 1.17.214.2 $] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk All- I have seen similiar issues in the Windows NT/2K work as well. Several times we have had to deal with Windows applications that won't work unless they are run by the admin (or the user is a member of the admin group, the same thing). It seems there are several developer groups out there that think that on a NT/W2K system, that the user will have full admin access, and so develop/test their applications with that assumption. As someone who comes from a UNIX background where we don't give out root to users, I expect the same idea to work in the NT world, ie users don't get admin on 'their' workstations. And the solution is seldom one of file permissions either. I find this a serious problem in the NT world, because it seems there are too many Windows developers coming from a background of no-security Windows 3.1/9x, and applying this attitude of no security to NT, which is supposed to have more UNIX-like security. -- Michael Rogero Brown | Disclaimer: I speak only for myself. Unix/NT Systems Support | Any opinions expressed are my own Motorola, CGISS/CE | and do not reflect the opinions of email: emb021@email.mot.com | Motorola. From sage-members-owner@usenix.org Tue Feb 27 13:54:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1RLp6123325 for sage-members-outgoing; Tue, 27 Feb 2001 13:51:06 -0800 (PST) Received: from hebe.or.intel.com (jffdns02.or.intel.com [134.134.248.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1RLp4923321 for ; Tue, 27 Feb 2001 13:51:05 -0800 (PST) Received: from ichips-ra.pdx.intel.com (ichips-ra.intel.com [10.7.3.35]) by hebe.or.intel.com (8.9.1a+p1/8.9.1/d: relay.m4, v 1.35 2001/02/12 09:03:45 smothers Exp $) with ESMTP id VAA08865 for ; Tue, 27 Feb 2001 21:50:42 GMT Received: from pdx484.pdx.intel.com (pdx484.pdx.intel.com [10.7.51.234]) by ichips-ra.pdx.intel.com (8.9.1a/8.9.1/d: internal.m4, v 1.2 1998/11/09 19:18:37 iwep Exp iwep $) with ESMTP id NAA19065 for ; Tue, 27 Feb 2001 13:50:42 -0800 (PST) Received: from ichips.intel.com (localhost [127.0.0.1]) by pdx484.pdx.intel.com (8.9.1a/8.9.1/d: client-ra.m4, v 1.1 1998/12/24 19:00:55 jamesw Exp jamesw $) with ESMTP id NAA41384 for ; Tue, 27 Feb 2001 13:50:41 -0800 Message-Id: <200102272150.NAA41384@pdx484.pdx.intel.com> X-Mailer: exmh version 2.0delta 6/3/97 To: sage-members@usenix.org Subject: Taking palmtops/notebooks in/out of USA, Europe Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 27 Feb 2001 13:50:41 -0800 From: Steve Willoughby Sender: owner-sage-members@usenix.org Precedence: bulk In your collective experience attending conferences or during business or personal travel, have any of you encountered difficulty carrying a laptop or PDA through customs? I'll be travelling from the USA -> Italy -> Greece -> USA soon, and would (naturally) like to take my Handspring and a notebook or two. I've been told before that any computing device capable of encryption may be confiscated, and certainly laptops and PDAs are capable enough for that. Trouble is, I'm sure there are people moving portable computers on trips like this, and it's going to be a very long flight without something to play with :) Should I really leave my electronics behind, or is there something I need to do to make sure I don't lose them along the way? TIA, --steve -- Steve Willoughby | "It is our choices... that show what we truly Intel DPG Eng. Computing | are, far more than our abilities." Engineering Apps Development | --Albus Dumbledore, in Harry Potter and | the Chamber of Secrets, by J. K. Rowling From sage-members-owner@usenix.org Tue Feb 27 15:23:19 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1RNJal23994 for sage-members-outgoing; Tue, 27 Feb 2001 15:19:36 -0800 (PST) Received: from smtp7ve.mailsrvcs.net (smtp7vepub.gte.net [206.46.170.28]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1RNJZ923990 for ; Tue, 27 Feb 2001 15:19:35 -0800 (PST) Received: from nessie (adsl-151-203-68-56.bostma.adsl.bellatlantic.net [151.203.68.56]) by smtp7ve.mailsrvcs.net (8.9.1/8.9.1) with SMTP id XAA4881578; Tue, 27 Feb 2001 23:26:02 GMT From: "Brian D. Silverio" To: sage-members@usenix.org Subject: RE: user login directory survey Date: Tue, 27 Feb 2001 18:18:15 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <200102272052.NAA16291@schooner.aoc.nrao.edu> Sender: owner-sage-members@usenix.org Precedence: bulk I use: /home/ for "normal" users. Whatever that is.... /students/ for students /mailusers/ for people who almost never log in From sage-members-owner@usenix.org Tue Feb 27 16:01:25 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1RNwDg24376 for sage-members-outgoing; Tue, 27 Feb 2001 15:58:13 -0800 (PST) Received: from vielle.datasys.net (0.enet.vielle.datasys.net [208.206.129.153]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1RNwB924372 for ; Tue, 27 Feb 2001 15:58:11 -0800 (PST) Received: (from mark@localhost) by vielle.datasys.net (8.11.0/8.11.0) id f1S02ah06247; Tue, 27 Feb 2001 19:02:36 -0500 Message-Id: <200102280002.f1S02ah06247@vielle.datasys.net> From: lindsey@acm.org (Mark R. Lindsey) Date: Tue, 27 Feb 2001 19:02:22 -0500 Reply-To: lindsey@acm.org (Mark R. Lindsey) X-Mailer: Mail User's Shell (7.2.6 beta(4) 03/19/98) To: sage-members@usenix.org Subject: Re: running applications as root Sender: owner-sage-members@usenix.org Precedence: bulk Ade Rixon wrote: : 23 Feb 05:26:39 PM: Meanwhile in the Sheraton, Joseph Boyer Jr. wrote: : > root permissions, for the application to run. I have had this setup : > since August of last year and now that we are encountering a problem : > their support is telling me it is because that the app is not running as : > root. my opinion is that they are full of it!!!! : >-- End of excerpt from Joseph Boyer Jr. : : Bit of a longwinded approach, but could you truss/strace the process, I've had trouble strace'ing Java programs, even if there's only `one thing' going on in the JVM; maybe the threads are obscuring things? Has anyone else any more luck? From sage-members-owner@usenix.org Tue Feb 27 16:38:56 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1S0ZCU24751 for sage-members-outgoing; Tue, 27 Feb 2001 16:35:12 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1S0ZBF24746 for sage-members@usenix.org; Tue, 27 Feb 2001 16:35:11 -0800 (PST) Received: from adios.duckland.org (ip125.110.136.216.in-addr.arpa [216.136.110.125] (may be forged)) by usenix.org (8.11.0/8.11.0) with ESMTP id f1S08G924463 for ; Tue, 27 Feb 2001 16:08:20 -0800 (PST) Received: (from duck@localhost) by adios.duckland.org (8.11.2/8.11.2) id f1S07fS31278; Tue, 27 Feb 2001 18:07:41 -0600 Date: Tue, 27 Feb 2001 18:07:41 -0600 From: Don Duck Harper To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe Message-ID: <20010227180740.P2077@duckland.org> Reply-To: Don Duck Harper References: <200102272150.NAA41384@pdx484.pdx.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102272150.NAA41384@pdx484.pdx.intel.com>; from steve@ichips.intel.com on Tue, Feb 27, 2001 at 01:50:41PM -0800 X-No-Archive: yes X-WARNING1: Pursuant to US Code. Title 47. Chapter 5. Subchapter, X-WARNING2: II. Sec. 227. any and all nonsolicited commercial E-mail, X-WARNING3: sent to this address is subject to a download and archival, X-WARNING4: fee in the amount of $500 US. E-mailing denotes acceptance, X-WARNING5: of these terms. Sender: owner-sage-members@usenix.org Precedence: bulk I have been to Italy over the last three summers, as has my wife. I have taken my Pilot and a laptop, and she has taken her laptop, and no one has ever given un any grief. Remember, the export laws were to specific countries, and those have been laxed some recently. I do remember reading somewhere a fellow just for grins tried to comply with the laws about taking a laptop out of country, and he almost got arrested, and was delayed nearly 12 hours at JFK. YMMV. Don On Tue, Feb 27, 2001 at 01:50:41PM -0800, Steve Willoughby wrote to To sage-members@usenix.org: :-) In your collective experience attending conferences or during business or :-) personal travel, have any of you encountered difficulty carrying a laptop :-) or PDA through customs? :-) :-) I'll be travelling from the USA -> Italy -> Greece -> USA soon, and would :-) (naturally) like to take my Handspring and a notebook or two. I've been :-) told before that any computing device capable of encryption may be :-) confiscated, and certainly laptops and PDAs are capable enough for that. :-) :-) Trouble is, I'm sure there are people moving portable computers on trips :-) like this, and it's going to be a very long flight without something to :-) play with :) :-) :-) Should I really leave my electronics behind, or is there something I need :-) to do to make sure I don't lose them along the way? :-) :-) TIA, :-) :-) --steve :-) -- :-) Steve Willoughby | "It is our choices... that show what we truly :-) Intel DPG Eng. Computing | are, far more than our abilities." :-) Engineering Apps Development | --Albus Dumbledore, in Harry Potter and :-) | the Chamber of Secrets, by J. K. Rowling :-) :-) -- Don Harper, RHCE, MCSE email: duck@duckland.org Just a systems kinda guy... http://www.duckland.org "Few women admit their age, Few men act it! " From sage-members-owner@usenix.org Tue Feb 27 16:39:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1S0ZPr24764 for sage-members-outgoing; Tue, 27 Feb 2001 16:35:25 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1S0ZOE24759 for sage-members@usenix.org; Tue, 27 Feb 2001 16:35:24 -0800 (PST) Received: from mail.torque.com (IDENT:postfix@torque.com [64.163.145.23]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1S0Xm924716 for ; Tue, 27 Feb 2001 16:33:48 -0800 (PST) Received: from torque.com (unknown [64.163.145.20]) by mail.torque.com (Postfix) with ESMTP id DB55810178; Tue, 27 Feb 2001 16:35:00 -0800 (PST) Message-ID: <3A9C47B2.34355086@torque.com> Date: Tue, 27 Feb 2001 16:34:58 -0800 From: jblauth X-Mailer: Mozilla 4.7C-SGI [en] (X11; I; IRIX64 6.5 IP28) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe References: <200102272150.NAA41384@pdx484.pdx.intel.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Steve Willoughby wrote: > In your collective experience attending conferences or during business or > personal travel, have any of you encountered difficulty carrying a laptop > or PDA through customs? > > I'll be travelling from the USA -> Italy -> Greece -> USA soon, and would > (naturally) like to take my Handspring and a notebook or two. I've been > told before that any computing device capable of encryption may be > confiscated, and certainly laptops and PDAs are capable enough for that. > > Trouble is, I'm sure there are people moving portable computers on trips > like this, and it's going to be a very long flight without something to > play with :) > > Should I really leave my electronics behind, or is there something I need > to do to make sure I don't lose them along the way? > > TIA, > > --steve > -- > Steve Willoughby | "It is our choices... that show what we truly > Intel DPG Eng. Computing | are, far more than our abilities." > Engineering Apps Development | --Albus Dumbledore, in Harry Potter and > | the Chamber of Secrets, by J. K. Rowling I have done both, and plenty, US-Europe and back. Primarily, make sure they have juice, because you will need to power them up for security personnel. Other than that, expect them to be x-rayed. Once I had my notebook placed under a contraption that searched for chemical particles knowm from explosives. They just reran the test until it would not trigger an alarm anymore. this was mandated because my batteries were dead and I did not have a proper adapter on me to power up the box for them. It cost me over 30 minutes extra. Encryption algorithms are an entirely different matter, your main problem there being the US and its restrictions. No advice given on that matter. JH Blauth Sr Sytems Engineer Torque Systems San Francisco From sage-members-owner@usenix.org Tue Feb 27 16:57:54 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1S0sPY25010 for sage-members-outgoing; Tue, 27 Feb 2001 16:54:25 -0800 (PST) Received: from eamail1-out.unisys.com (eamail1-out.unisys.com [192.61.61.99]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1S0sN925006 for ; Tue, 27 Feb 2001 16:54:23 -0800 (PST) Received: from us-ea-gtwy-4.ea.unisys.com (us-ea-gtwy-4.ea.unisys.com [192.61.146.122]) by eamail1-out.unisys.com (8.9.3/8.9.3) with ESMTP id AAA16015 for ; Wed, 28 Feb 2001 00:53:24 GMT Received: by us-ea-gtwy-4.ea.unisys.com with Internet Mail Service (5.5.2653.19) id ; Tue, 27 Feb 2001 18:54:00 -0600 Message-ID: <4D436812116AD311B43B00104B9DF3B6C94860@US-CPT-EXCH-2.plpt.com> From: "Company, Paul J." To: sage-members@usenix.org Subject: Offsite Archive Storage Date: Tue, 27 Feb 2001 18:54:00 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk Does anyone have a list of companies that offer offsite archive storage? I'm not talking about SSPs, I want to store my backup tapes offsite for disaster recovery. I'm in Carpinteria, California, USA Thank you, Paul From sage-members-owner@usenix.org Tue Feb 27 17:52:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1S1mNl25438 for sage-members-outgoing; Tue, 27 Feb 2001 17:48:23 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1S1mNd25433 for sage-members@usenix.org; Tue, 27 Feb 2001 17:48:23 -0800 (PST) Received: from mail.mirapoint.com (IDENT:mirapoint@mail.mirapoint.com [208.48.74.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1S19o925150 for ; Tue, 27 Feb 2001 17:09:50 -0800 (PST) Received: from mirapoint.com (madrid.mirapoint.com [192.168.200.31]) by mail.mirapoint.com (Mirapoint) with ESMTP id ACA68551; Tue, 27 Feb 2001 17:08:39 -0800 (PST) Message-ID: <3A9C4F9C.40A43E62@mirapoint.com> Date: Tue, 27 Feb 2001 17:08:44 -0800 From: "Francisco J. Manso" Organization: Mirapoint Inc, X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: en,es MIME-Version: 1.0 To: sage-members@usenix.org CC: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe References: <200102272150.NAA41384@pdx484.pdx.intel.com> Content-Type: multipart/mixed; boundary="------------BE27D86652FEB9C443DAD5BD" Sender: owner-sage-members@usenix.org Precedence: bulk This is a multi-part message in MIME format. --------------BE27D86652FEB9C443DAD5BD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Even some people here in California told me to be aware of this issue, I have been traveling with laptops and PDA'a from the USA to Europe and nobody asked Francisco Manso Mirapoint Inc, Steve Willoughby wrote: > In your collective experience attending conferences or during business or > personal travel, have any of you encountered difficulty carrying a laptop > or PDA through customs? > > I'll be travelling from the USA -> Italy -> Greece -> USA soon, and would > (naturally) like to take my Handspring and a notebook or two. I've been > told before that any computing device capable of encryption may be > confiscated, and certainly laptops and PDAs are capable enough for that. > > Trouble is, I'm sure there are people moving portable computers on trips > like this, and it's going to be a very long flight without something to > play with :) > > Should I really leave my electronics behind, or is there something I need > to do to make sure I don't lose them along the way? > > TIA, > > --steve > -- > Steve Willoughby | "It is our choices... that show what we truly > Intel DPG Eng. Computing | are, far more than our abilities." > Engineering Apps Development | --Albus Dumbledore, in Harry Potter and > | the Chamber of Secrets, by J. K. Rowling --------------BE27D86652FEB9C443DAD5BD Content-Type: text/x-vcard; charset=us-ascii; name="fmanso.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Francisco J. Manso Content-Disposition: attachment; filename="fmanso.vcf" begin:vcard n:Manso;Francisco tel;fax:408-720-3725 tel;work:408-720-3856 x-mozilla-html:FALSE url:www.mirapoint.com org:Mirapoint Inc;IT Department adr:;;909 Hermosa Ct.;Sunnyvale;CA;94085;USA version:2.1 email;internet:fmanso@mirapoint.com title:Sr. Unix Systems Administrator fn:Francisco Manso end:vcard --------------BE27D86652FEB9C443DAD5BD-- From sage-members-owner@usenix.org Wed Feb 28 00:06:52 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1S7vvS26349 for sage-members-outgoing; Tue, 27 Feb 2001 23:57:57 -0800 (PST) Received: from mail2.stonesoft.com ([192.89.38.188]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1S7vt926345 for ; Tue, 27 Feb 2001 23:57:56 -0800 (PST) Received: from hki-vcs-1.stonesoft.com (unknown [172.16.49.22]) by mail2.stonesoft.com (Postfix) with SMTP id 59F756017 for ; Wed, 28 Feb 2001 09:57:14 +0200 (EET) Received: from 172.16.49.23 by hki-vcs-1.stonesoft.com (InterScan E-Mail VirusWall NT); Wed, 28 Feb 2001 09:57:31 +0200 (GTB Standard Time) Subject: Re: Taking palmtops/notebooks in/out of USA, Europe To: sage-members@usenix.org X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000 Message-ID: From: Mark.Boltz@stonesoft.com Date: Wed, 28 Feb 2001 09:57:30 +0200 X-MIMETrack: Serialize by Router on sharon/Stone(Release 5.0.5 |September 22, 2000) at 28.02.2001 09:57:31 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-sage-members@usenix.org Precedence: bulk Hi, >In your collective experience attending conferences or during business or >personal travel, have any of you encountered difficulty carrying a laptop >or PDA through customs? I'm in Finland right now, for about the third time, and I've been to France several times as well. Each time with a laptop. I've never had an issue with encryption or other export controls...only the usual chemical analysis to make sure it's not a bomb (they usually don't do the "turn it on and make it do something, please" test anymore from what I've seen). It's generally not an issue or hassle at all. Not sure about Greece, but Italy has also never been a problem for our techs who have traveled to Italy to visit our R & D there. I somehow doubt the Greeks would care either. We've also had techs that never had a problem going to Canada, Brazil, Mexico or other locations from the US either. It's one of the reasons I laugh at the attempts to legislate encryption codes like PGP in the first place. Mark Boltz Stonesoft, Inc. From sage-members-owner@usenix.org Wed Feb 28 01:07:14 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1S93mh26469 for sage-members-outgoing; Wed, 28 Feb 2001 01:03:48 -0800 (PST) Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1S93k926465 for ; Wed, 28 Feb 2001 01:03:46 -0800 (PST) Received: from [194.78.241.123] ([194.78.241.123]) by picard.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with ESMTP id f1S91Su17714; Wed, 28 Feb 2001 10:01:29 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <200102272150.NAA41384@pdx484.pdx.intel.com> References: <200102272150.NAA41384@pdx484.pdx.intel.com> Date: Wed, 28 Feb 2001 09:59:37 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Taking palmtops/notebooks in/out of USA, Europe Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 1:50 PM -0800 2/27/01, Steve Willoughby wrote: > In your collective experience attending conferences or during business or > personal travel, have any of you encountered difficulty carrying a laptop > or PDA through customs? Nope. My wife and I live in Europe, and we travel to the US at least once or twice a year (usually visiting the respective families), and she travels back to the US quite a bit more on business (usually to NY or DC). We take laptops back and forth all the time, and have never had any problems. They do usually require that you can power the laptop on to prove that it works, but of course this ignores the fact that on many laptops, you could have a small explosive device hidden in one of the removable drive bays (where a CD-ROM or DVD-ROM drive would normally go). They also frequently swipe the edges of the laptop and the bag with a bit of cloth on the end of a wand, and they then put the cloth into a chemical sniffing device to see if they have detected any particles of explosive substances. In fact, the worst laptop-related trouble I've ever had is when I was recently flying back to Brussels from Newcastle (in the UK), and they made me weigh my laptop bag. When they discovered how much it weighed, they made me check it instead of carrying it onboard (although they did allow me to pull out the laptop itself and carry that separately in a backpack that I had to buy there). So, do watch your carryon luggage weight limits carefully. That said, a billion people telling you that they've never had any trouble whatsoever doesn't do you any good if you manage to find yourself faced with a truly anal security guy who decides he has to scan your laptop for kiddie porn or crypto software, and you end up with having your computer confiscated. -- ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Wed Feb 28 01:32:18 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1S9TAa26512 for sage-members-outgoing; Wed, 28 Feb 2001 01:29:10 -0800 (PST) Received: from mail.snert.net (mail.snert.net [195.5.195.101]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1S9T9926508 for ; Wed, 28 Feb 2001 01:29:09 -0800 (PST) Received: from snert.com ([195.5.203.18]) by mail.snert.net (8.11.1/8.11.1) with ESMTP id f1S9Sjn11109 for ; Wed, 28 Feb 2001 10:28:45 +0100 Message-ID: <3A9CC4CC.D2D7CEF1@snert.com> Date: Wed, 28 Feb 2001 10:28:44 +0100 From: Anthony Howe X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe References: <200102272150.NAA41384@pdx484.pdx.intel.com> Content-Type: multipart/mixed; boundary="------------C0B33C96E583653E7B654389" Sender: owner-sage-members@usenix.org Precedence: bulk This is a multi-part message in MIME format. --------------C0B33C96E583653E7B654389 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I live in France now and have travelled between Canada, UK, Switzerland on many occasions with an old luggable, then later laptops, and a now laptop with a Palm. I've NEVER had anyone question me about my electronics concerning encryption. On one occasion I was question concerning duties on my old luggable about 14 years ago, but never since. My take on it is this, if you carry it into a country for a business trip and can prove you will take it back with you, then you won't be charged. 95% of the time they ignore travellers with laptops and Palms. HOWEVER, your gear must travel with you. If you ship it separately expect HUGE hassles concerning customs duties, especially in France as I just recently experienced when I sent my laptop back to Canada for repair. Anthony Howe Steve Willoughby wrote: > > In your collective experience attending conferences or during business or > personal travel, have any of you encountered difficulty carrying a laptop > or PDA through customs? > > I'll be travelling from the USA -> Italy -> Greece -> USA soon, and would > (naturally) like to take my Handspring and a notebook or two. I've been > told before that any computing device capable of encryption may be > confiscated, and certainly laptops and PDAs are capable enough for that. > > Trouble is, I'm sure there are people moving portable computers on trips > like this, and it's going to be a very long flight without something to > play with :) > > Should I really leave my electronics behind, or is there something I need > to do to make sure I don't lose them along the way? > > TIA, > > --steve > -- > Steve Willoughby | "It is our choices... that show what we truly > Intel DPG Eng. Computing | are, far more than our abilities." > Engineering Apps Development | --Albus Dumbledore, in Harry Potter and > | the Chamber of Secrets, by J. K. Rowling -- Anthony C Howe 1489 Ch. des Collines, 06110 Le Cannet, France +33 6 11 89 73 78 (p) +33 4 93 46 89 01 (f) ICQ# 7116561 mailto:achowe@snert.com http://www.snert.com/ --------------C0B33C96E583653E7B654389 Content-Type: text/x-vcard; charset=us-ascii; name="achowe.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Anthony Howe Content-Disposition: attachment; filename="achowe.vcf" begin:vcard n:Howe;Anthony tel;pager:ICQ 7116561 tel;cell:+33 6 11 89 73 78 tel;fax:+33 4 93 46 91 27 x-mozilla-html:FALSE url:http://www.snert.com/ org:Snert version:2.1 email;internet:achowe@snert.com adr;quoted-printable:;;Villa Magnolia=0D=0A1489 Chemin des Collines;Le Cannet;Alpes-Maritimes;06110;France fn:Anthony Howe end:vcard --------------C0B33C96E583653E7B654389-- From sage-members-owner@usenix.org Wed Feb 28 02:51:23 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SAln626649 for sage-members-outgoing; Wed, 28 Feb 2001 02:47:49 -0800 (PST) Received: from mail.sonytel.be ([193.74.243.200]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SAll926645 for ; Wed, 28 Feb 2001 02:47:47 -0800 (PST) Received: from immortelle.sonytel.be (immortelle.sonytel.be [10.18.0.3]) by mail.sonytel.be (8.9.0/8.8.6) with ESMTP id LAA12156 for ; Wed, 28 Feb 2001 11:47:22 +0100 (MET) Received: (from nico@localhost) by immortelle.sonytel.be (8.9.0/8.8.6) id LAA10205 for sage-members@usenix.org; Wed, 28 Feb 2001 11:47:22 +0100 (MET) Date: Wed, 28 Feb 2001 11:47:22 +0100 From: Nico De Ranter To: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe Message-ID: <20010228114722.F29579@immortelle.sonytel.be> References: <200102272150.NAA41384@pdx484.pdx.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from brad.knowles@skynet.be on Wed, Feb 28, 2001 at 09:59:37AM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk > That said, a billion people telling you that they've never had > any trouble whatsoever doesn't do you any good if you manage to find > yourself faced with a truly anal security guy who decides he has to > scan your laptop for kiddie porn or crypto software, and you end up > with having your computer confiscated. Put linux on it, they won't have a clue what to do with it >-) Nico --------------------------------------------------------- "It has been said that there are only two businesses that refer to customers as users: illegal drug trade and the computer industry." --------------------------------------------------------- Nico De Ranter Sony Service Center (SDCE/NEE-B) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter@sonycom.com From sage-members-owner@usenix.org Wed Feb 28 05:51:44 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SDljM26938 for sage-members-outgoing; Wed, 28 Feb 2001 05:47:45 -0800 (PST) Received: from mx3m2.etrade.com ([167.216.184.60]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SDli926934 for ; Wed, 28 Feb 2001 05:47:44 -0800 (PST) Received: from a1ntex2.etrade.com (a1ntex2.etrade.com [10.50.80.91]) by mx3m2.etrade.com (8.9.3+Sun/8.9.1) with SMTP id FAA14588 for ; Wed, 28 Feb 2001 05:44:09 -0800 (PST) Received: from 10.50.80.91 by a1ntex2.etrade.com (InterScan E-Mail VirusWall NT); Wed, 28 Feb 2001 08:37:56 -0500 (Eastern Standard Time) Received: from a1ntex2.etrade.com (localhost [127.0.0.1]) by a1ntex2.etrade.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id F53YJQ4G; Wed, 28 Feb 2001 08:35:38 -0500 Received: from 10.171.80.90 by a1ntex2.etrade.com (InterScan E-Mail VirusWall NT); Wed, 28 Feb 2001 08:26:43 -0500 (Eastern Standard Time) Received: by ukld1ex1.etrade.com with Internet Mail Service (5.5.2650.21) id ; Wed, 28 Feb 2001 13:24:48 -0000 Message-ID: From: Donal Cunningham To: sage-members@usenix.org Subject: RE: Taking palmtops/notebooks in/out of USA, Europe Date: Wed, 28 Feb 2001 13:22:27 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk > In your collective experience attending conferences or during > business or personal travel, have any of you encountered difficulty > carrying a laptop or PDA through customs? I use a Palm Pilot, and I've never had to do more than turn it on for customs staff when travelling within Europe. I've also taken it to the US and back, where they asked me to put it through the x-ray machine. D. From sage-members-owner@usenix.org Wed Feb 28 07:52:32 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SFmLg27196 for sage-members-outgoing; Wed, 28 Feb 2001 07:48:21 -0800 (PST) Received: from gwyn.tux.org (ident-user@gwyn.tux.org [207.96.122.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SFmJ927192 for ; Wed, 28 Feb 2001 07:48:19 -0800 (PST) Received: (from jsdy@localhost) by gwyn.tux.org (8.9.3/8.9.1) id KAA25941; Wed, 28 Feb 2001 10:47:50 -0500 Date: Wed, 28 Feb 2001 10:47:50 -0500 From: Joseph S D Yao To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: user login directory survey Message-ID: <20010228104750.A25414@gwyn.tux.org> References: <200102272052.NAA16291@schooner.aoc.nrao.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200102272052.NAA16291@schooner.aoc.nrao.edu>; from rmilner@aoc.nrao.edu on Tue, Feb 27, 2001 at 01:52:25PM -0700 Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, Feb 27, 2001 at 01:52:25PM -0700, Ruth Milner wrote: > Quick survey to try to get some idea of whether there is really a > "standard" for this. > > What does your site use as the convention for the path to UNIX users' home > (i.e. login) directories? Are you using something like /home/ > per the Sun NFS book :-), or something different, e.g. /u, /users, > /home///, or a comprehensive hierar- > chical structure like /home/users/, /home/software/, etc.? Depending on the group and the need, different things. But usually the default for the OS. More and more, that's either /home/ or (for some odd Sun situations) /export/home/. We also have or have had: /users/ /users// /usr/users/ /usr/users// /u// /u// Where is an administrative group, which we try to also track with Unix groups; and is a serially monotonically increasing integer. ;-) -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/ From sage-members-owner@usenix.org Wed Feb 28 08:42:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SGcwX27385 for sage-members-outgoing; Wed, 28 Feb 2001 08:38:58 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1SGcwd27380 for sage-members@usenix.org; Wed, 28 Feb 2001 08:38:58 -0800 (PST) Received: from femail7.sdc1.sfba.home.com (femail7.sdc1.sfba.home.com [24.0.95.87]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1S6GB926199 for ; Tue, 27 Feb 2001 22:16:12 -0800 (PST) Received: from whizbang.com ([24.20.104.207]) by femail7.sdc1.sfba.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20010228061549.CLXB15476.femail7.sdc1.sfba.home.com@whizbang.com>; Tue, 27 Feb 2001 22:15:49 -0800 Message-ID: <3A9C4246.680DEBD5@whizbang.com> Date: Tue, 27 Feb 2001 23:11:50 -0100 From: Justin Wood Organization: WhizBang!Labs X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.14-5.0 i586) X-Accept-Language: en, fr MIME-Version: 1.0 To: sage-members@usenix.org CC: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe References: <200102272150.NAA41384@pdx484.pdx.intel.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk I lived in France last year, and travelled all over Europe, back and forth to the US, and even to China without any problems. Come to think of it, they didn't even balk about my Leatherman ;) -Justin. Steve Willoughby wrote: > > In your collective experience attending conferences or during business or > personal travel, have any of you encountered difficulty carrying a laptop > or PDA through customs? > > I'll be travelling from the USA -> Italy -> Greece -> USA soon, and would > (naturally) like to take my Handspring and a notebook or two. I've been > told before that any computing device capable of encryption may be > confiscated, and certainly laptops and PDAs are capable enough for that. > > Trouble is, I'm sure there are people moving portable computers on trips > like this, and it's going to be a very long flight without something to > play with :) > > Should I really leave my electronics behind, or is there something I need > to do to make sure I don't lose them along the way? > > TIA, > > --steve > -- > Steve Willoughby | "It is our choices... that show what we truly > Intel DPG Eng. Computing | are, far more than our abilities." > Engineering Apps Development | --Albus Dumbledore, in Harry Potter and > | the Chamber of Secrets, by J. K. Rowling -- --------------------------------------------------- Justin Wood justin@flipdog.com Systems Administrator FlipDog.com http://www.flipdog.com/ --------------------------------------------------- From sage-members-owner@usenix.org Wed Feb 28 08:42:51 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SGe3j27406 for sage-members-outgoing; Wed, 28 Feb 2001 08:40:03 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1SGe2h27401 for sage-members@usenix.org; Wed, 28 Feb 2001 08:40:02 -0800 (PST) Received: from hqaedoim.heidelberg.army.mil (hqaedoim.hqusareur.army.mil [144.170.111.56]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1S83Z926373 for ; Wed, 28 Feb 2001 00:03:36 -0800 (PST) Received: by hqaedoim.hqusareur.army.mil with Internet Mail Service (5.5.2653.19) id ; Wed, 28 Feb 2001 08:06:15 -0000 Message-ID: From: "Brownsword, Thomas D., Mr. HQ USAREUR & 7A ODCSINT" To: sage-members@usenix.org Subject: RE: Taking palmtops/notebooks in/out of USA, Europe Date: Wed, 28 Feb 2001 08:03:22 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk I live in Germany and have never had any problems with my computer / Palm (DISCLAIMER: I have a Status of Forces stamp in my passport for Germany because I work on a U.S. Army contract, which helps me get through German customs and immigration without much of a hassle). As someone already said, though, make sure you can turn it on for the security people. The problem with encryption comes because some countries do not allow 128 bit encryption. I don't have specific details; if you're truly concerned, you might want to do a bit of research before you travel and/or call the consulate for the countries you will be visiting. The potential for theft in Italy and Greece is rather high. Always be aware of what's going on around you, especially in train / subway stations, etc. You might want to consider using a backpack for your notebook so that you don't have to set it down while in public. Do *NOT* put your wallet, passport, train ticket, etc. in the outer pockets of the backpack, though - keep them in your front pockets. Basically, follow the same precautions you would follow in any major city and you should be O.K. Have a good trip! Tom Brownsword Heidelberg, Germany -----Original Message----- From: Steve Willoughby To: sage-members@usenix.org Sent: 2/27/01 10:50 PM Subject: Taking palmtops/notebooks in/out of USA, Europe In your collective experience attending conferences or during business or personal travel, have any of you encountered difficulty carrying a laptop or PDA through customs? I'll be travelling from the USA -> Italy -> Greece -> USA soon, and would (naturally) like to take my Handspring and a notebook or two. I've been told before that any computing device capable of encryption may be confiscated, and certainly laptops and PDAs are capable enough for that. Trouble is, I'm sure there are people moving portable computers on trips like this, and it's going to be a very long flight without something to play with :) Should I really leave my electronics behind, or is there something I need to do to make sure I don't lose them along the way? TIA, --steve -- Steve Willoughby | "It is our choices... that show what we truly Intel DPG Eng. Computing | are, far more than our abilities." Engineering Apps Development | --Albus Dumbledore, in Harry Potter and | the Chamber of Secrets, by J. K. Rowling From sage-members-owner@usenix.org Wed Feb 28 09:05:19 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SH1a527553 for sage-members-outgoing; Wed, 28 Feb 2001 09:01:36 -0800 (PST) Received: from motgate4.mot.com (motgate4.mot.com [144.189.100.102]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SH1U927547 for ; Wed, 28 Feb 2001 09:01:31 -0800 (PST) Received: [from pobox2.mot.com (pobox2.mot.com [136.182.15.8]) by motgate4.mot.com (motgate4 2.1) with ESMTP id KAA05994 for ; Wed, 28 Feb 2001 10:01:08 -0700 (MST)] Received: [from plnt005.comm.mot.com (plnt005.comm.mot.com [145.2.198.78]) by pobox2.mot.com (MOT-pobox2 2.0) with ESMTP id KAA15773 for ; Wed, 28 Feb 2001 10:01:08 -0700 (MST)] Received: from admin01.comm.mot.com (plhp002.comm.mot.com [173.40.22.12]) by plnt005.comm.mot.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id 1H5FQZTS; Wed, 28 Feb 2001 12:01:07 -0500 Received: from plhp049.comm.mot.com (plhp049 [173.41.21.44]) by admin01.comm.mot.com (8.9.3 (PHNE_18979)/8.8.6) with ESMTP id MAA05627 for ; Wed, 28 Feb 2001 12:01:06 -0500 (EST) Received: (from brownmic@localhost) by plhp049.comm.mot.com (8.9.3 (PHNE_18546)/8.8.6) id MAA11505 for sage-members@usenix.org; Wed, 28 Feb 2001 12:00:52 -0500 (EST) From: Michael Rogero Brown Message-Id: <200102281700.MAA11505@plhp049.comm.mot.com> Subject: Traveling with electronics To: sage-members@usenix.org Date: Wed, 28 Feb 2001 12:00:52 -0500 (EST) X-Mailer: ELM [$Revision: 1.17.214.2 $] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk All- Well, in my travels with electronic devices, I have had to do the following: *turn on my Pagewrite two-way pager to prove it was a pager and not some bomb disguised as a pager. Same with my cell phone. *take my laptop out of its case and run the laptop thru the x-ray separate from the case. (which I didn't like because I feared both damage on the conveyer belt and theft). *have them rub a cloth pad along my laptop, and check it for explosives. not had a problem with my Palm, but I don't carry it on my belt when I travel, so that may be why. I have traveled to several airports, and gotten different treatment at different airports (and different treatment at different terminals of the same airport). -- Michael Rogero Brown | Disclaimer: I speak only for myself. Unix/NT Systems Support | Any opinions expressed are my own Motorola, CGISS/CE | and do not reflect the opinions of email: emb021@email.mot.com | Motorola. From sage-members-owner@usenix.org Wed Feb 28 09:07:14 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SH4Ei27574 for sage-members-outgoing; Wed, 28 Feb 2001 09:04:14 -0800 (PST) Received: from ntua.gr (achilles.noc.ntua.gr [147.102.222.210]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SH4A927570 for ; Wed, 28 Feb 2001 09:04:11 -0800 (PST) Received: from netmode.ntua.gr (dolly.netmode.ece.ntua.gr [147.102.13.10]) by ntua.gr (8.9.3/8.9.3) with ESMTP id TAA00033; Wed, 28 Feb 2001 19:03:32 +0200 (EET) Received: from edgar.netmode.ece.ntua.gr (edgar.netmode.ece.ntua.gr [147.102.13.70]) by netmode.ntua.gr (8.11.1/8.11.1) with ESMTP id f1SHBfD41146; Wed, 28 Feb 2001 19:11:42 +0200 (EET) (envelope-from past@edgar.netmode.ece.ntua.gr) Received: (from past@localhost) by edgar.netmode.ece.ntua.gr (8.11.2/8.11.2) id f1SH48v01598; Wed, 28 Feb 2001 19:04:08 +0200 (EET) (envelope-from past) Date: Wed, 28 Feb 2001 19:04:07 +0200 From: Panagiotis Astithas To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe Message-ID: <20010228190405.A1551@netmode.ece.ntua.gr> Reply-To: past@netmode.ntua.gr References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from Mark.Boltz@stonesoft.com on Wed, Feb 28, 2001 at 09:57:30AM +0200 X-Organizational-Unit: Network Management and Optimal Design Laboratory X-Organization: National Technical University of Athens, GREECE X-Work-Phone: +30-1-772-1-450 X-Work-FAX: +30-1-772-1-452 Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Feb 28, 2001 at 09:57:30AM +0200, Mark.Boltz@stonesoft.com wrote: > generally not an issue or hassle at all. Not sure about Greece, but Italy > has also never been a problem for our techs who have traveled to Italy to > visit our R & D there. I somehow doubt the Greeks would care either. I live in Greece and I have never encountered any problems of that sort. Neither have my colleagues. I don't think you should worry too much about it. -past From sage-members-owner@usenix.org Wed Feb 28 09:31:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SHQst27750 for sage-members-outgoing; Wed, 28 Feb 2001 09:26:54 -0800 (PST) Received: from pianosa.catch22.org (postfix@pianosa.catch22.org [64.81.48.19]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SHQr927742 for ; Wed, 28 Feb 2001 09:26:53 -0800 (PST) Received: by pianosa.catch22.org (Postfix, from userid 1020) id 50EE5175F; Wed, 28 Feb 2001 09:26:31 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by pianosa.catch22.org (Postfix) with ESMTP id 3C3C53DEB for ; Wed, 28 Feb 2001 09:26:31 -0800 (PST) Date: Wed, 28 Feb 2001 09:26:31 -0800 (PST) From: Benjy Feen X-Sender: To: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk I went through various European airports with a Handspring Visor and cradle last year, and never had a problem. In fact, the only time I've ever had my luggage yanked was at Schipol five years ago, when I brought all of my harmonicas, which I carry in a handgun case. Harmonicas appear on X-ray as long rectangular boxes with ten rectagular metal shapes inside and don't look THAT different from, say, the clip from a Ruger .22 semiauto. But the Visor? No problem. -- Benjy Feen benjy(AT)feen.com http://www.monkeybagel.com On Wed, 28 Feb 2001 Mark.Boltz@stonesoft.com wrote: > > > Hi, > > >In your collective experience attending conferences or during business or > >personal travel, have any of you encountered difficulty carrying a laptop > >or PDA through customs? > > I'm in Finland right now, for about the third time, and I've been to France > several times as well. Each time with a laptop. I've never had an issue > with encryption or other export controls...only the usual chemical analysis > to make sure it's not a bomb (they usually don't do the "turn it on and > make it do something, please" test anymore from what I've seen). It's > generally not an issue or hassle at all. Not sure about Greece, but Italy > has also never been a problem for our techs who have traveled to Italy to > visit our R & D there. I somehow doubt the Greeks would care either. > > We've also had techs that never had a problem going to Canada, Brazil, > Mexico or other locations from the US either. It's one of the reasons I > laugh at the attempts to legislate encryption codes like PGP in the first > place. > > Mark Boltz > Stonesoft, Inc. > > > From sage-members-owner@usenix.org Wed Feb 28 12:05:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SJxXR29233 for sage-members-outgoing; Wed, 28 Feb 2001 11:59:33 -0800 (PST) Received: from pianosa.catch22.org (postfix@pianosa.catch22.org [64.81.48.19]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SJxW929229 for ; Wed, 28 Feb 2001 11:59:32 -0800 (PST) Received: by pianosa.catch22.org (Postfix, from userid 1020) id 21F86175F; Wed, 28 Feb 2001 11:59:10 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by pianosa.catch22.org (Postfix) with ESMTP id 145033DED for ; Wed, 28 Feb 2001 11:59:10 -0800 (PST) Date: Wed, 28 Feb 2001 11:59:09 -0800 (PST) From: Benjy Feen X-Sender: To: sage-members@usenix.org Subject: Seattle technical infrastructure status? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk For those who haven't heard, Seattle and Portland were hit by a (now estimated) 7.0 earthquake this morning. So: how's everyone doing, infrastructure-wise? Some friends have told me that they had a few servers fall off of bread racks, etc. -- Benjy Feen benjy(AT)feen.com http://www.monkeybagel.com From sage-members-owner@usenix.org Wed Feb 28 12:11:47 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SK7We29346 for sage-members-outgoing; Wed, 28 Feb 2001 12:07:32 -0800 (PST) Received: from gwyn.tux.org (ident-user@gwyn.tux.org [207.96.122.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SK7U929341 for ; Wed, 28 Feb 2001 12:07:30 -0800 (PST) Received: (from jsdy@localhost) by gwyn.tux.org (8.9.3/8.9.1) id PAA11825; Wed, 28 Feb 2001 15:07:02 -0500 Date: Wed, 28 Feb 2001 15:07:02 -0500 From: Joseph S D Yao To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe Message-ID: <20010228150702.K25414@gwyn.tux.org> References: <200102272150.NAA41384@pdx484.pdx.intel.com> <3A9C4246.680DEBD5@whizbang.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <3A9C4246.680DEBD5@whizbang.com>; from justin@whizbang.com on Tue, Feb 27, 2001 at 11:11:50PM -0100 Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, Feb 27, 2001 at 11:11:50PM -0100, Justin Wood wrote: > .. Come to think > of it, they didn't even balk about my Leatherman ;) Now, THAT IS a surprise! -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/ From sage-members-owner@usenix.org Wed Feb 28 13:44:13 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SLdDE00170 for sage-members-outgoing; Wed, 28 Feb 2001 13:39:13 -0800 (PST) Received: from mcs.anl.gov (cliff.mcs.anl.gov [140.221.9.17]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SLdC900166 for ; Wed, 28 Feb 2001 13:39:12 -0800 (PST) Received: from cliff.mcs.anl.gov (obie.mcs.anl.gov [140.221.11.11]) by mcs.anl.gov (8.9.3/8.9.3) with ESMTP id PAA26662; Wed, 28 Feb 2001 15:38:42 -0600 Message-Id: <200102282138.PAA26662@mcs.anl.gov> To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe In-reply-to: Your message of "Wed, 28 Feb 2001 15:07:02 EST." <20010228150702.K25414@gwyn.tux.org> Date: Wed, 28 Feb 2001 15:38:42 -0600 From: Gene Rackow Sender: owner-sage-members@usenix.org Precedence: bulk Not really. I don't even think about my 16+ year old leatherman on my belt anymore. I've walked through O'Hare, Midway, SFO, Dallas, Miami, SanDiago, Washington and several other airports over the years. I have only set off the detector 1 time with the leatherman. The same detectors have triggered off my car keys or watchbob. I grab those first when they guard asks if you forgot your keys or change then try again. One time a guard asked me about it after I walked through and it didn't trigger. He wanted to know what it was. He was totally amazed that I could just walk through, but also stated that it was below the size limits that would consider it a weapon. This is an "original" leatherman, (the PST before name changes) where the ruler on the handle is only in inches (with 1/8 inch marks). None of the metric marks ;-) It really is the same 4 inch stainless steel bar that all the other resemble when folded up. It has had a hard life, but still very funtional. I've started to look at replacing it, but it has been so useful over the years.... insert remaining testiment here. A new one just wouldn't be the same. -_Gene Joseph S D Yao made the following keystrokes: >On Tue, Feb 27, 2001 at 11:11:50PM -0100, Justin Wood wrote: >> .. Come to think >> of it, they didn't even balk about my Leatherman ;) > >Now, THAT IS a surprise! > >-- >/*********************************************************************\ >** >** Joe Yao jsdy@tux.org - Joseph S. D. Yao >** >\*********************************************************************/ > From sage-members-owner@usenix.org Wed Feb 28 14:03:39 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SLxIk00414 for sage-members-outgoing; Wed, 28 Feb 2001 13:59:18 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1SLxIK00409 for sage-members@usenix.org; Wed, 28 Feb 2001 13:59:18 -0800 (PST) Received: from smtp.nwlink.com (smtp.nwlink.com [209.20.130.57]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SLwE900376 for ; Wed, 28 Feb 2001 13:58:14 -0800 (PST) Received: from nwlink.com (voxel.irix-hax0rs.org [209.20.250.124]) by smtp.nwlink.com (8.9.3/8.9.1) with ESMTP id NAA06260 for ; Wed, 28 Feb 2001 13:57:51 -0800 (PST) Message-ID: <3A9D66CC.BE4AA452@nwlink.com> Date: Wed, 28 Feb 2001 13:59:56 -0700 From: "David J. Watt" X-Mailer: Mozilla 4.75 (Macintosh; U; PPC) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: Re: Seattle technical infrastructure status? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk I work for Boeing and as far as I can tell the network and servers came through ok. Some of the older buildings sustained some damage and the power was out at some locations. Most importantly, my home and my computer survived without a scratch. ;-) _david_ Benjy Feen wrote: > > For those who haven't heard, Seattle and Portland were hit by a (now > estimated) 7.0 earthquake this morning. > > So: how's everyone doing, infrastructure-wise? Some friends have told me > that they had a few servers fall off of bread racks, etc. > > -- > Benjy Feen > benjy(AT)feen.com > http://www.monkeybagel.com From sage-members-owner@usenix.org Wed Feb 28 14:09:12 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SM52p00485 for sage-members-outgoing; Wed, 28 Feb 2001 14:05:02 -0800 (PST) Received: from pandora.bigsky.net (IDENT:oman@pandora.bigsky.net [206.252.224.213]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SM50900481 for ; Wed, 28 Feb 2001 14:05:00 -0800 (PST) Received: from localhost (oman@localhost) by pandora.bigsky.net (8.8.7/8.8.7) with ESMTP id QAA09858 for ; Wed, 28 Feb 2001 16:21:08 -0700 Date: Wed, 28 Feb 2001 16:21:07 -0700 (MST) From: Diane Oman To: sage-members@usenix.org Subject: Re: Seattle technical infrastructure status? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk We (The University of Montana) still have connectivity - our internet service is at Verio in Seattle. I believe that all of Montana's connectivity is through Seattle. Diane -- On Wed, 28 Feb 2001, Benjy Feen wrote: > For those who haven't heard, Seattle and Portland were hit by a (now > estimated) 7.0 earthquake this morning. > > So: how's everyone doing, infrastructure-wise? Some friends have told me > that they had a few servers fall off of bread racks, etc. > > > -- > Benjy Feen > benjy(AT)feen.com > http://www.monkeybagel.com > From sage-members-owner@usenix.org Wed Feb 28 14:54:55 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SMmi300873 for sage-members-outgoing; Wed, 28 Feb 2001 14:48:44 -0800 (PST) Received: from mail1.panix.com (mail1.panix.com [166.84.0.212]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SMme900868 for ; Wed, 28 Feb 2001 14:48:41 -0800 (PST) Received: from panix2.panix.com (panix2.panix.com [166.84.0.227]) by mail1.panix.com (Postfix) with ESMTP id A7B4E487A4; Wed, 28 Feb 2001 17:48:11 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by panix2.panix.com (8.8.8/8.7.1/PanixN1.0) with ESMTP id RAA19517; Wed, 28 Feb 2001 17:48:11 -0500 (EST) X-Authentication-Warning: panix2.panix.com: milburn owned process doing -bs Date: Wed, 28 Feb 2001 17:48:11 -0500 (EST) From: "Shane B. Milburn" To: sage-members@usenix.org Cc: Subject: Re: Seattle technical infrastructure status? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk No problems here in Portland. The building swayed a decent amount but all of my systems stayed online and nothing fell over. cheers, -shane -- Shane B. Milburn Email: milburn@panix.com Sr. Systems Engineer GPG Key ID: 9DA907DA On Wed, 28 Feb 2001, Benjy Feen wrote: > For those who haven't heard, Seattle and Portland were hit by a (now > estimated) 7.0 earthquake this morning. > > So: how's everyone doing, infrastructure-wise? Some friends have told me > that they had a few servers fall off of bread racks, etc. > > > -- > Benjy Feen > benjy(AT)feen.com > http://www.monkeybagel.com > > From sage-members-owner@usenix.org Wed Feb 28 15:26:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f1SNLeF01230 for sage-members-outgoing; Wed, 28 Feb 2001 15:21:40 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f1SNLe301225 for sage-members@usenix.org; Wed, 28 Feb 2001 15:21:40 -0800 (PST) Received: from mail1.mattel.com ([63.100.129.35]) by usenix.org (8.11.0/8.11.0) with ESMTP id f1SMaD900782 for ; Wed, 28 Feb 2001 14:36:13 -0800 (PST) Received: from naphx61.matna.mattel.com ([156.20.109.250]) by mail1.mattel.com (8.9.3+Sun/8.9.3) with SMTP id PAA29082 for ; Wed, 28 Feb 2001 15:37:03 -0700 (MST) From: neil_strand@pleasantco.com Received: from 156.20.190.22 by naphx61.matna.mattel.com (InterScan E-Mail VirusWall NT); Wed, 28 Feb 2001 15:35:41 -0700 Received: from naphx61.matna.mattel.com ([127.0.0.1]) by naphx61.matna.mattel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id F213G3KP; Wed, 28 Feb 2001 15:35:41 -0700 Received: from 153.12.84.25 by naphx61.matna.mattel.com (InterScan E-Mail VirusWall NT); Wed, 28 Feb 2001 15:35:41 -0700 Received: by mdl-silicon.pleasantco.com with Internet Mail Service (5.5.2653.19) id <1KPNTN96>; Wed, 28 Feb 2001 16:35:05 -0600 Message-ID: <596E6ADAB278D111BCD500A0C9968148072C33F3@MDL_IRON> To: sage-members@usenix.org Subject: 2^32 stupid things smart admins do to screw up their systems Date: Wed, 28 Feb 2001 16:35:44 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk One particularly nondescript morning we discovered that the symbolic link /bin->./usr/bin had been deleted on one of our Solaris hosts. Mountains shook and fires erupted and an intense (and expensive) search for an intruder was launched. While reviewing the filesystem structure, we noted that / had permissions of 777. Things eventually settled down and no real harm to the system was found. A day or so later, I was installing a software package off of a CD from a manufacturer and noticed that / permissions were 777 after the install. A quick check of the script and tarfile found the following: Script: cd / tar xhfp Tarfile: drwxrwxrwx ./ drwxr-xr-x ./usr/ .... .... This same piece of software was installed on the "hacked" system, shortly prior to the "hacking" incident. After fixing things and directing some not so pleasant adjectives toward the manufacturer (who does otherwise make good stuff), I resolved to forever review any installation script. *Note - the disappearance of the symbolic link /bin was caused by a rogue cleanup script written by a in-house developer who relied on relative pathnames. The script was accidently executed by a regular user so that it began it's search and destroy in /. That too was fixed. ** Note - We were able to recover some of the cost of incident response from the manufacturer of the software package. Stupid? naive? - you be the judge. I learned my lesson. Neil Strand Pleasant Co. (608) 836-7200 x4332 From sage-members-owner@usenix.org Wed Feb 28 16:16:00 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f210AjA01746 for sage-members-outgoing; Wed, 28 Feb 2001 16:10:45 -0800 (PST) Received: from pallas.eruditorum.org (postfix@pallas.eruditorum.org [204.254.168.96]) by usenix.org (8.11.0/8.11.0) with ESMTP id f210Ah901742 for ; Wed, 28 Feb 2001 16:10:44 -0800 (PST) Received: by pallas.eruditorum.org (Postfix, from userid 503) id 9023311207; Wed, 28 Feb 2001 19:11:04 -0500 (EST) Date: Wed, 28 Feb 2001 19:11:04 -0500 From: "Melissa D. Binde" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Seattle technical infrastructure status? Message-ID: <20010228191104.C31537@terindell.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from benjy@feen.com on Wed, Feb 28, 2001 at 11:59:09AM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk Twas brillig, on Wed Feb 28 at 11:59:09 AM, and Benjy Feen burbled: > For those who haven't heard, Seattle and Portland were hit by a (now > estimated) 7.0 earthquake this morning. > > So: how's everyone doing, infrastructure-wise? Some friends have told me > that they had a few servers fall off of bread racks, etc. Very little damage anywhere, as far as I can tell, and I believe the majority of businesses (ours included) are fine. I'm not an earthquake virgin anymore, though :). -M. From sage-members-owner@usenix.org Wed Feb 28 17:44:59 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f211fTA02617 for sage-members-outgoing; Wed, 28 Feb 2001 17:41:29 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f211fSf02612 for sage-members@usenix.org; Wed, 28 Feb 2001 17:41:28 -0800 (PST) Received: from shark.seavcom.com ([63.237.232.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f211aR902518 for ; Wed, 28 Feb 2001 17:36:27 -0800 (PST) Received: (from hal@localhost) by shark.seavcom.com (8.9.3/8.9.3) id RAA01056; Wed, 28 Feb 2001 17:33:27 -0800 (PST) From: Hal Miller Message-Id: <200103010133.RAA01056@shark.seavcom.com> Subject: Re: Seattle technical infrastructure status? To: sage-members@usenix.org Date: Wed, 28 Feb 2001 17:33:27 -0800 (PST) Cc: sage-members@usenix.org In-Reply-To: from "Benjy Feen" at Feb 28, 2001 11:59:09 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Benjy Feen writes: > For those who haven't heard, Seattle and Portland were hit by a (now > estimated) 7.0 earthquake this morning. > > So: how's everyone doing, infrastructure-wise? Some friends have told me > that they had a few servers fall off of bread racks, etc. No doubt about being in an earthquake--can't miss a 6.8 :-) However, although there are declarations of disaster, I've yet to see any damage myself. Other than momentary power loss (worst kind for computers), I had no computing/network issues, and have stayed at work all day. The sum total of damage was some dust from the ceiling tiles, and one cassette (audio) tape case cracked when it fell. I'm sure someone must have had problems, but I sure didn't see any. Thanks for asking! -- | Hal Miller (HAM10) System Architect | halm@sage.org, or halm@usenix.org | | AVCOM Technologies, Inc. | hal.miller@avcom.com | | 4636 E. Marginal Way South, Suite B100 | voice: +1(206) 762-4000 x111 | | Seattle, Washington 98134 | fax: +1(206) 762-4400 | |Member, The System Administrators Guild of Australia - http://sage-au.org.au | From sage-members-owner@usenix.org Wed Feb 28 22:12:21 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2167Ce03385 for sage-members-outgoing; Wed, 28 Feb 2001 22:07:12 -0800 (PST) Received: from kestrel.octaldream.com (kestrel.octaldream.com [204.201.111.9]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2167B903381 for ; Wed, 28 Feb 2001 22:07:11 -0800 (PST) Received: (from scottm@localhost) by kestrel.octaldream.com (8.11.2/8.11.1) id f2166mq02330 for sage-members@usenix.org; Wed, 28 Feb 2001 22:06:48 -0800 (PST) (envelope-from scottm) Date: Wed, 28 Feb 2001 22:06:48 -0800 From: Scott McDermott To: sage-members@usenix.org Subject: Re: Seattle technical infrastructure status? Message-ID: <20010228220648.A2267@octaldream.com> Mail-Followup-To: sage-members@usenix.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from benjy@feen.com on Wed, Feb 28, 2001 at 11:59:09AM -0800 X-Archive-No: Yes Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Feb 28, 2001, a militant turtle forced Benjy Feen to say: > > So: how's everyone doing, infrastructure-wise? Some friends have told me > that they had a few servers fall off of bread racks, etc. We had a jig going in our building. It's built on a bog and has 350 (IIRC) pylons holding up the building. That thing moved. Power went out, my U30 fell over. Some monitors fell down. Server racks are located a few inches from where they were. The worst thing about it was our generator. The batteries were dead because the AC input fuse had somehow been left out of the charger. We have emergency lights only on exit signs because the generator is supposed to kick in to provide power, so it was really dark. Then it took me 2h to convince facilities to hook a couple car batteries up to it to start it. Finally got juice back, but only 20m before city power came back on. Then our HVAC for the computer room wouldn't work and it took a while to figure out how to reset it. My cache server is dead. Just another long stressful day at the office. ;) -- Scott McDermott Unix Dude From sage-members-owner@usenix.org Thu Mar 1 02:08:16 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f21A1h903820 for sage-members-outgoing; Thu, 1 Mar 2001 02:01:43 -0800 (PST) Received: from relay.cs.tcd.ie (root@relay.cs.tcd.ie [134.226.32.56]) by usenix.org (8.11.0/8.11.0) with ESMTP id f21A1e903816 for ; Thu, 1 Mar 2001 02:01:41 -0800 (PST) Received: from allen.cs.tcd.ie (mknell@allen.cs.tcd.ie [134.226.33.11]) by relay.cs.tcd.ie (8.9.1a/8.9.1) with ESMTP id KAA09994 for ; Thu, 1 Mar 2001 10:01:14 GMT Message-Id: <200103011001.KAA09994@relay.cs.tcd.ie> From: Mike Knell To: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe In-reply-to: Your message of "Wed, 28 Feb 2001 09:26:31 PST." Date: Thu, 01 Mar 2001 10:01:12 +0000 Sender: owner-sage-members@usenix.org Precedence: bulk > I went through various European airports with a Handspring Visor and > cradle last year, and never had a problem. I've never been to North America, but I fly between different bits of Europe pretty regularly -- mainly between Ireland and the UK. I've never had problem with electronics at all, except that you may have to turn things on to prove they're real electronics. I usually drop my Leatherman into my hand baggage before it's X-rayed just to keep things simple -- in fact, I tend to empty most of my pockets into my jacket and just stuff that through along with my bag. Most metal detectors in European airports are pretty sensitive -- a Leatherman would definitely set them off, and even the metal eyelets in my boots regularly earn me a frisking at Dublin and Birmingham airports. Most airport security people have seen a Leatherman before. I wouldn't worry about cryptographic stuff too much, unless your machine has "Top Secret Military Communication Hardware" written on it, in which case a few customs people might raise an eyebrow. In short -- we do have technology on this side of the Atlantic too, guys. *grin* m. -- Computer Science System Administrator, Trinity College, Dublin, Ireland mike.knell@cs.tcd.ie -=- http://www.cs.tcd.ie/Mike.Knell/ From sage-members-owner@usenix.org Thu Mar 1 07:40:50 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f21FaUZ04341 for sage-members-outgoing; Thu, 1 Mar 2001 07:36:30 -0800 (PST) Received: from insws8502.gs.com (insws8502.gs.com [204.4.182.11]) by usenix.org (8.11.0/8.11.0) with ESMTP id f21FaS904337 for ; Thu, 1 Mar 2001 07:36:29 -0800 (PST) Received: from insdbod01.inz.gs.com (insdbod01.inz.gs.com [207.17.36.74]) by insws8502.gs.com (Postfix) with ESMTP id 639D91BE49 for ; Thu, 1 Mar 2001 10:36:01 -0500 (EST) Received: from nbsapsm02.ny.ficc.gs.com by insdbod01.inz.gs.com with ESMTP for sage-members@usenix.org; Thu, 1 Mar 2001 10:36:01 -0500 Received: from nbsadc111.ny.ficc.gs.com (nbsadc111.ny.ficc.gs.com [148.86.214.85]) by nbsapsm02.ny.ficc.gs.com (8.9.1a/8.9.0/wanhub) with ESMTP id KAA07004 for ; Thu, 1 Mar 2001 10:36:00 -0500 (EST) Received: from gs.com (localhost [127.0.0.1]) by nbsadc111.ny.ficc.gs.com (8.9.3+Sun/8.9.3) with ESMTP id KAA11579 for ; Thu, 1 Mar 2001 10:35:48 -0500 (EST) Message-Id: <3A9E6C54.A835074A@gs.com> Date: Thu, 01 Mar 2001 10:35:48 -0500 From: "Joseph Boyer Jr." Organization: Goldman Sachs and Company X-Mailer: Mozilla 4.76C-CCK-MCD CPT-2 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 Cc: sage-members@usenix.org Subject: Re: running applications as root References: <200102280002.f1S02ah06247@vielle.datasys.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Just wanted to say thanks for everyone's responses to my post about running as root. The problem has been resolved. Turns out that the application does not have to run as root after all. There's a big surprise! The application vender talk with there senior engineering people and after they said that it did not have to run as root, did the tech support folks believe me. So with that in hand, the tech support actually found out what was really wrong and the issue has be resolved. Thanks! Regards, joe -- Joseph Boyer Jr. Goldman Sachs and Company 85 Broad Street, 8th Floor New York, New York 10004 Email: Joseph.Boyer@gs.com From sage-members-owner@usenix.org Thu Mar 1 07:49:01 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f21Fjti04412 for sage-members-outgoing; Thu, 1 Mar 2001 07:45:55 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f21Fjte04407 for sage-members@usenix.org; Thu, 1 Mar 2001 07:45:55 -0800 (PST) Received: from ophelia.sharding.net (sharding@ophelia.dogcow.org [216.162.195.122]) by usenix.org (8.11.0/8.11.0) with ESMTP id f219QH903749 for ; Thu, 1 Mar 2001 01:26:17 -0800 (PST) Received: (from sharding@localhost) by ophelia.sharding.net (8.10.0/8.10.0) id f219Pl918085; Thu, 1 Mar 2001 01:25:47 -0800 Date: Thu, 1 Mar 2001 01:25:47 -0800 From: Sean Harding To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Seattle technical infrastructure status? Message-ID: <20010301012547.R17256@dogcow.org> References: <200103010133.RAA01056@shark.seavcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.2i In-Reply-To: <200103010133.RAA01056@shark.seavcom.com>; from hal@seavcom.com on Wed, Feb 28, 2001 at 05:33:27PM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk On Wed Feb 28 at 05:33:27 PM, Hal Miller wrote: > although there are declarations of disaster, I've yet to see any damage > myself. Other than momentary power loss (worst kind for computers), I saw a fair amount of damage on the walk home from work (from Union Station to Belltown). Obviously plenty of nasty stuff in Pioneer Square. But, yeah, it's not nearly as bad as it looks on the news. Nothing even seems to have fallen over at my apartment. I'm surprised... sean -- Sean Harding sharding@dogcow.org |"we all try to frame our face http://www.dogcow.org/sean/ | in a background of success" | --The Nields From sage-members-owner@usenix.org Thu Mar 1 08:33:45 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f21GUJ704589 for sage-members-outgoing; Thu, 1 Mar 2001 08:30:19 -0800 (PST) Received: from najuib.tarjema.com (root@tarjema.com [209.221.187.252]) by usenix.org (8.11.0/8.11.0) with ESMTP id f21GUI904585 for ; Thu, 1 Mar 2001 08:30:18 -0800 (PST) Received: from tarjema.com (tgregory@tarjema.com [209.221.187.252]) by najuib.tarjema.com (8.11.1/8.11.1) with ESMTP id f21GSKX65507; Thu, 1 Mar 2001 08:28:21 -0800 (PST) Date: Thu, 1 Mar 2001 08:28:20 -0800 (PST) From: "Timothy A. Gregory" To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: Seattle technical infrastructure status? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk I work on the 32d floor of the Westin Building downtown... Other than one heck of a roller coaster ride and a couple of magazines sliding off the top of my bookshelf we came through without a scratch. They had to shut down the elevators for an hour or so because of an alarm on the 28th floor that turned out to be nothing. No server problems or anything related to the quake, just your normal run-of-the mill kind of stuff. --tag +--------------------------------------------------+ | Timothy A. Gregory http://www.tarjema.com | | *NIX SysAdmin tgregory@tarjema.com | | Arabic > English Translator IBM AIX CATE | +--------------------------------------------------+ Habit is habit and not to be flung out of the window by any man, but coaxed downstairs a step at a time. --Mark Twain On Wed, 28 Feb 2001, the heavens parted and Benjy Feen said: > For those who haven't heard, Seattle and Portland were hit by a (now > estimated) 7.0 earthquake this morning. > > So: how's everyone doing, infrastructure-wise? Some friends have told me > that they had a few servers fall off of bread racks, etc. > > > -- > Benjy Feen > benjy(AT)feen.com > http://www.monkeybagel.com > From sage-members-owner@usenix.org Thu Mar 1 11:26:43 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f21JM4D05978 for sage-members-outgoing; Thu, 1 Mar 2001 11:22:04 -0800 (PST) Received: from gwyn.tux.org (ident-user@gwyn.tux.org [207.96.122.8]) by usenix.org (8.11.0/8.11.0) with ESMTP id f21JM3905974 for ; Thu, 1 Mar 2001 11:22:03 -0800 (PST) Received: (from jsdy@localhost) by gwyn.tux.org (8.9.3/8.9.1) id OAA31654; Thu, 1 Mar 2001 14:21:34 -0500 Date: Thu, 1 Mar 2001 14:21:34 -0500 From: Joseph S D Yao To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe Message-ID: <20010301142134.G28371@gwyn.tux.org> References: <20010228150702.K25414@gwyn.tux.org> <200102282138.PAA26662@mcs.anl.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200102282138.PAA26662@mcs.anl.gov>; from rackow@mcs.anl.gov on Wed, Feb 28, 2001 at 03:38:42PM -0600 Sender: owner-sage-members@usenix.org Precedence: bulk Well, I apparently could set off the metal detectors if I walked through them naked. I always have to remove all metal, and even then trigger them. I have had extremely negative reactions to my Boy Scout knife (before I finally lost it after all those years) and my Swiss army knives (when I still carried multiples). These days, all metal, including the S.A.K., goes in my laptop bag, where I guess they assume it's part of its accessories. And I still trigger the alarm and have to be manually processed ... If they let your Leatherman through, perhaps they are unaware of its blade. -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/ From sage-members-owner@usenix.org Thu Mar 1 14:36:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f21MVRp07769 for sage-members-outgoing; Thu, 1 Mar 2001 14:31:27 -0800 (PST) Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by usenix.org (8.11.0/8.11.0) with ESMTP id f21MVP907763 for ; Thu, 1 Mar 2001 14:31:25 -0800 (PST) Received: from [194.78.241.123] ([194.78.241.123]) by picard.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with ESMTP id f21MUuu26730; Thu, 1 Mar 2001 23:30:56 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <200103011001.KAA09994@relay.cs.tcd.ie> References: <200103011001.KAA09994@relay.cs.tcd.ie> Date: Thu, 1 Mar 2001 23:05:04 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Taking palmtops/notebooks in/out of USA, Europe Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 10:01 AM +0000 3/1/01, Mike Knell wrote: > Most airport security people have seen a Leatherman before. Indeed, most airport security folks I've run across will ask me if I have a Leatherman in my computer bag after they x-ray it, and want to check to see if the blades lock in place. I actually carry a Gerber multi-tool (which won't fold up on you the way a Leatherman would) and their newer model does indeed have locking blades. However, I learned my lesson the hard way and I no longer carry that one on-board. For some incredibly bizarre reason, you can buy switchblades and lockblades in all the knife stores over here, but they are supposedly illegal to actually carry, and they certainly freak out if you try to carry a lockblade or a switchblade on-board an airplane. -- ====================================================================== Brad Knowles, From sage-members-owner@usenix.org Fri Mar 2 07:07:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f22Ex8W11890 for sage-members-outgoing; Fri, 2 Mar 2001 06:59:08 -0800 (PST) Received: from denali.loopback.net ([199.183.24.200]) by usenix.org (8.11.0/8.11.0) with ESMTP id f22Ex7911886 for ; Fri, 2 Mar 2001 06:59:07 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f22EwWm19245; Fri, 2 Mar 2001 09:58:32 -0500 Date: Fri, 2 Mar 2001 09:58:32 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Taking palmtops/notebooks in/out of USA, Europe Message-ID: <20010302095832.B18875@redhat.com> References: <200103011001.KAA09994@relay.cs.tcd.ie> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="GID0FwUMdk1T2AWN" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from brad.knowles@skynet.be on Thu, Mar 01, 2001 at 11:05:04PM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk --GID0FwUMdk1T2AWN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 01, 2001 at 11:05:04PM +0100, Brad Knowles mailed: > Indeed, most airport security folks I've run across will ask me=20 > if I have a Leatherman in my computer bag after they x-ray it, and=20 > want to check to see if the blades lock in place. >=20 > For some incredibly bizarre reason, you can buy switchblades and=20 > lockblades in all the knife stores over here, but they are supposedly=20 > illegal to actually carry, and they certainly freak out if you try to=20 > carry a lockblade or a switchblade on-board an airplane. I actually encountered this same problem coming back to the states flying through Gatwick in the UK. After flying in and out of LGW several times a month I finally had my SOG lockblade confiscated out of my bag, fortunately= at that time they didn't realize that my leatherman wave has locking blades. W= hen I asked security about it they told me that the policy had been in place for months and that there were signs around the airport. I kind of pushed them = on this since I hadn't seen any signs and had just flown through a few days before carrying the same blade in my bag (where it was this time). Their answer was pretty much, "Sir, we don't set the rules, we just follow them, please don't give us too hard a time." --=20 Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary= ." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --GID0FwUMdk1T2AWN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6n7UY5AZBSxmJOhkRAikyAJ0XmBhI5d17RfpKHIxhQ5F2KqPQygCeKyV5 HnbkY53mNUnebmUoKx0RJlY= =93Og -----END PGP SIGNATURE----- --GID0FwUMdk1T2AWN-- From sage-members-owner@usenix.org Fri Mar 2 09:03:32 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f22GwLt12322 for sage-members-outgoing; Fri, 2 Mar 2001 08:58:21 -0800 (PST) Received: from gate.mental.com (gate.mental.com [192.31.14.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f22GwJ912318 for ; Fri, 2 Mar 2001 08:58:19 -0800 (PST) Received: (from uucp@localhost) by gate.mental.com (8.8.5/8.8.8/Lobo-20000426) id RAA07740; Fri, 2 Mar 2001 17:57:55 +0100 (CET) Received: from twen-et(172.16.0.5) by gate via smap (V2.0/Lobo-010123) id xma007738; Fri, 2 Mar 01 17:57:54 +0100 Received: (from smap@localhost) by mental.com (8.10.1/8.10.1/Lobo-20001016) id f22GvsD11633; Fri, 2 Mar 2001 17:57:54 +0100 (MET) Received: from twen(172.17.0.5) by twen via smap (V2.0) id xma011626; Fri, 2 Mar 01 17:57:44 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Taking stuff in/out of USA, Europe In-reply-to: "Bryan C. Andregg"'s message of Fri, 02 Mar 2001 09:58:32 EST <20010302095832.B18875@redhat.com> Organization: mental images GmbH & Co. KG, Berlin, Germany Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 02 Mar 2001 17:57:44 +0100 Message-ID: <11625.983552264@mental.com> From: Alexander Lobodzinski Sender: owner-sage-members@usenix.org Precedence: bulk () I actually encountered this same problem coming back to the () states flying through Gatwick in the UK. London security is really tough, the folks at Heathrow regularly insist on X-raying 35mm film rolls. They don't show mercy even at slides or 3200 speed films ("Sir, this apparatus is specified for films until 8000 speed"). On all other airports I could get away yet asking for visual inspection (film rolls taken out of their plastic containers and lumped together in a clear plastic bag before). I've given up trying to keep a lockblade on me during flights and always put the knife into a checked-in bag. In the past everybody seemed to tolerate blades not exceeding the length of a thumb (wasn't that a nice rule of thumb?), but nowadays it's just too much hassle - maybe the average thumb size decreased? Put a lighter in your pocket if you feel naked without the weight in it. Nobody needs a blade for the boiled-down-to-a-pulp airline food anyway... Ciao, Lobo From sage-members-owner@usenix.org Fri Mar 2 09:07:10 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f22H2ac12344 for sage-members-outgoing; Fri, 2 Mar 2001 09:02:36 -0800 (PST) Received: from denali.loopback.net ([199.183.24.200]) by usenix.org (8.11.0/8.11.0) with ESMTP id f22H2Z912340 for ; Fri, 2 Mar 2001 09:02:35 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f22H20321143; Fri, 2 Mar 2001 12:02:00 -0500 Date: Fri, 2 Mar 2001 12:02:00 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Taking stuff in/out of USA, Europe Message-ID: <20010302120200.E18875@redhat.com> References: <20010302095832.B18875@redhat.com> <11625.983552264@mental.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="N1GIdlSm9i+YlY4t" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <11625.983552264@mental.com>; from lobo@mental.com on Fri, Mar 02, 2001 at 05:57:44PM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk --N1GIdlSm9i+YlY4t Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 02, 2001 at 05:57:44PM +0100, Alexander Lobodzinski mailed: > Put a lighter in your pocket if you feel naked without > the weight in it. Nobody needs a blade for the > boiled-down-to-a-pulp airline food anyway... I generally don't check luggage. --=20 Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary= ." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --N1GIdlSm9i+YlY4t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6n9II5AZBSxmJOhkRAnofAJ9sRo5OLkeLomxas/vgo/P8OWuDOACeLnKB 47O3xaS7b6BgVnQuZWmk4I4= =Q5vt -----END PGP SIGNATURE----- --N1GIdlSm9i+YlY4t-- From sage-members-owner@usenix.org Fri Mar 2 16:17:16 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f230BWu16174 for sage-members-outgoing; Fri, 2 Mar 2001 16:11:32 -0800 (PST) Received: from t1-outside.immunex.com (t1.immunex.com [198.178.217.1]) by usenix.org (8.11.0/8.11.0) with SMTP id f230BV916170 for ; Fri, 2 Mar 2001 16:11:31 -0800 (PST) Received: from matrix.immunex.com by t1-outside.immunex.com via smtpd (for voyager.usenix.org [131.106.3.1]) with SMTP; 3 Mar 2001 00:11:09 UT Received: (from liddles@localhost) by matrix.immunex.com (8.9.3/8.9.3) id QAA06857; Fri, 2 Mar 2001 16:10:56 -0800 (PST) Date: Fri, 2 Mar 2001 16:10:56 -0800 From: Stuart Liddle To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Seattle technical infrastructure status? Message-ID: <20010302161056.G7482@matrix.immunex.com> Mail-Followup-To: Benjy Feen , sage-members@usenix.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from benjy@feen.com on Wed, Feb 28, 2001 at 11:59:09AM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Feb 28, 2001 at 11:59:09AM -0800, Benjy Feen wrote: > For those who haven't heard, Seattle and Portland were hit by a (now > estimated) 7.0 earthquake this morning. > > So: how's everyone doing, infrastructure-wise? Some friends have told me > that they had a few servers fall off of bread racks, etc. > > > -- > Benjy Feen Well, we here at Immunex have just moved into a "new and improved" datacenter in downtown Seattle. We are using these "earthquake" pads that are supposed to isolate the movement of the equipment racks that are placed upon them from the building that is shaking under them. About all that happened was that an ethernet connection from a computer in one of the racks was somehow pulled loose from the connection under the floor. Presumably there was not enough slack in the cable to allow for the movement that may have occurred when the quake made the building do its little dance. Although nobody was in the datacenter at the time of the quake, I'm suitably impressed with the way that these 'pads' did their job. --stuart -- Stuart Liddle |"There are two major kinds of work in the Computer Svcs. & Technology |modern corporation: 1. Taking phone |messages for people who are in meetings; liddles@matrix.immunex.com |and 2. Going to meetings." - Dave Barry From sage-members-owner@usenix.org Mon Mar 5 19:14:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2634VE26760 for sage-members-outgoing; Mon, 5 Mar 2001 19:04:31 -0800 (PST) Received: from eamail1-out.unisys.com (eamail1-out.unisys.com [192.61.61.99]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2634T926756 for ; Mon, 5 Mar 2001 19:04:29 -0800 (PST) Received: from us-ea-gtwy-7.ea.unisys.com (us-ea-gtwy-7.ea.unisys.com [192.61.145.102]) by eamail1-out.unisys.com (8.9.3/8.9.3) with ESMTP id DAA16236 for ; Tue, 6 Mar 2001 03:03:24 GMT Received: by us-ea-gtwy-7.ea.unisys.com with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Mar 2001 21:04:04 -0600 Message-ID: <4D436812116AD311B43B00104B9DF3B6C94889@US-CPT-EXCH-2.plpt.com> From: "Company, Paul J." To: sage-members@usenix.org Subject: L1 cache size Plotted over time Date: Mon, 5 Mar 2001 21:04:03 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk Does anyone know of any studies that graph L1 cache sizes over time? Moore's Law states that semiconductor capacity doubles every 18-24 months. If each CPU Functional Unit increase equally (and I know it doesn't), then you would expect L1 cache sizes to double every 18-24 months. Do L1 cache sizes double every 18-24 months? If they don't, why not? What are the extra transistors being used for? ... longer pipelines? preload buffers? ... I know a well performing system is a well balanced system, and L1 cache is just one piece of the puzzle, but I'd still like to see this graph. --pjc From sage-members-owner@usenix.org Mon Mar 5 22:26:29 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f266Mca27206 for sage-members-outgoing; Mon, 5 Mar 2001 22:22:38 -0800 (PST) Received: from q4.quik.com (q4.quik.com [216.176.28.1]) by usenix.org (8.11.0/8.11.0) with ESMTP id f266Mb927202 for ; Mon, 5 Mar 2001 22:22:37 -0800 (PST) Received: from biz.compata.com (IDENT:root@compata.com [209.213.159.33]) by q4.quik.com (8.11.0/8.11.0) with ESMTP id f266MA251824; Mon, 5 Mar 2001 22:22:10 -0800 Received: from biz.compata.com by biz.compata.com (Linux 2.2.14) with ESMTP (8.9.3/8.9.3) id WAA27711; Mon, 5 Mar 2001 22:22:05 -0800 Message-Id: <200103060622.WAA27711@biz.compata.com> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.3 To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: L1 cache size Plotted over time In-reply-to: Your message of "Mon, 05 Mar 2001 21:04:03 CST." <4D436812116AD311B43B00104B9DF3B6C94889@US-CPT-EXCH-2.plpt.com> X-Face: $?&5f7w4GjUJOb-[FmngebA}V`5Dv)QEdHg|d%mytVRm]'o}*{J6:PP%(LfN LmOcb#>"^wDF*|ZzuS??S*vLH[.miV( Sender: owner-sage-members@usenix.org Precedence: bulk "Company, Paul J." wrote: >Moore's Law states that semiconductor capacity doubles every 18-24 months. Actually, Dr. Moore claimed that the cost-effectiveness of semi- conductors doubles every 18 to 24 months. It's not always because the size doubles, sometimes it's because the price drops, usually it's a combination of the two factors. The L1 cache is a use for a semiconductor, not necessarily a semi- conductor itself. As such, it's optimum size at any point in time will certainly depend on things other than Moore's Law. When Intel makes a faster CPU, they don't always make the cache larger; sometimes it's smaller. Depends on the purpose of the chip. -- Dave Close, Compata, Costa Mesa CA +1 714 434 7359 dave@compata.com dhclose@alumni.caltech.edu "If determining good culture is left up to busybodies and politicians, we will be left with culture fit only for busybodies and politicians." Jeff Taylor, Reason From sage-members-owner@usenix.org Tue Mar 6 11:52:18 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f26JlIg29779 for sage-members-outgoing; Tue, 6 Mar 2001 11:47:18 -0800 (PST) Received: from mdahub.mda.ca (mdahub.mda.ca [142.73.130.152]) by usenix.org (8.11.0/8.11.0) with ESMTP id f26JlG929775 for ; Tue, 6 Mar 2001 11:47:17 -0800 (PST) Received: from msxyvr1.mda.ca (exchange [142.73.131.48]) by mdahub.mda.ca (8.9.2/8.9.2) with ESMTP id LAA20073 for ; Tue, 6 Mar 2001 11:46:51 -0800 (PST) Received: by exchange.mda.ca with Internet Mail Service (5.5.2653.19) id ; Tue, 6 Mar 2001 11:46:51 -0800 Message-ID: From: John LLOYD To: sage-members@usenix.org Subject: RE: L1 cache size Plotted over time Date: Tue, 6 Mar 2001 11:46:50 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk Usually computer makers used cache size as a simple means to control cpu performance; upping the cache size usually meant much better performance figures. For them it was an inexpensive performance gain; for users it cost a lot more. Case in point: SGI's old "indy" workstations came with small 8kB data and instruction caches, but for a "few dollars more" you got an outboard 1MB secondary cache. The performance gain was definitely noticeable. The dollars were substantially higher than the base cost of the 1MB static RAM chip (which of course SGI ensured was proprietary). Cache is "static RAM", which requires 5 or 6 times the transistors of "dynamic RAM" which in turn uses only 1.1 or 1.2 (average) transistors per bit. So you could estimate things by finding a history of dynamic RAM sizes and divide the capacities by 6. [This is vastly simplified; power densities and pin densities and circuit design issues cloud things a fair bit.] For microprocessor designers, the tradeoff is in extra chip area (transistors) for cache, which is easy to design, versus extra transistors for arithmetic units, which are harder to design but may give better overall performance. This is why Pentiums are not 8086s with 16MB of cache... John > -----Original Message----- > From: Company, Paul J. [mailto:paul.company@unisys.com] > Sent: March 5, 2001 7:04 PM > To: sage-members@usenix.org > Subject: L1 cache size Plotted over time > > > > Does anyone know of any studies that graph L1 cache sizes over time? > > Moore's Law states that semiconductor capacity doubles every > 18-24 months. > If each CPU Functional Unit increase equally (and I know it > doesn't), then > you would expect L1 cache sizes to double every 18-24 months. > > Do L1 cache sizes double every 18-24 months? > > If they don't, why not? > > What are the extra transistors being used for? > ... longer pipelines? preload buffers? ... > > I know a well performing system is a well balanced system, > and L1 cache is just one piece of the puzzle, but I'd still > like to see this graph. > > --pjc > From sage-members-owner@usenix.org Tue Mar 6 12:03:47 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f26K0xb29894 for sage-members-outgoing; Tue, 6 Mar 2001 12:00:59 -0800 (PST) Received: from mcst.gsfc.nasa.gov (mcst.gsfc.nasa.gov [198.119.44.143]) by usenix.org (8.11.0/8.11.0) with ESMTP id f26K0u929888 for ; Tue, 6 Mar 2001 12:00:56 -0800 (PST) Received: from aerialist.gsfc.nasa.gov (IDENT:osteiner@aerialist.gsfc.nasa.gov [198.119.44.58]) by mcst.gsfc.nasa.gov (Switch-2.0.6/Switch-2.0.6) with SMTP id f26K0Ux24445 for ; Tue, 6 Mar 2001 15:00:30 -0500 (EST) Content-Type: text/plain; charset="iso-8859-1" From: Owen Steinert To: sage-members@usenix.org Subject: FDDI host relocation networking problem Date: Tue, 6 Mar 2001 15:00:30 -0500 X-Mailer: KMail [version 1.2] MIME-Version: 1.0 Message-Id: <01030615003007.16262@aerialist.gsfc.nasa.gov> Content-Transfer-Encoding: 8bit Sender: owner-sage-members@usenix.org Precedence: bulk Hello network gurus, Here's an odd one for you . . . My network consists of an ethernet subnet and a FDDI subnet, tied together by a Bay Networks ASN router. The router has an upstream FDDI interface as well that is eventually tied into the Internet somewhere down the line. A few days ago I relocated two machines on the FDDI ring to different rooms, but kept them on the same FDDI ring. Since the move I have been unable to ping either machine from the ethernet subnet. I can login to one of relocated machines with telnet or ssh, but I can't even do that with the other relocated machine. Outgoing traffic from the FDDI machines doesn't seem to be affected in any way. Traceroutes from machines on the ethernet subnet die at the router, but I can ping the FDDI machines from the router itself without any problems. Other machines on the FDDI network haven't been affected by the move of the two machines in question, and I don't have any trouble pinging them from anywhere on the network. Pings from any machine on the FDDI subnet to the two machines that were moved are OK. I have rebooted the router, rebooted the ethernet switches, and rebooted the FDDI concentrators on the FDDI ring. Nothing has helped the situation. Does anyone have any idea what's going on here? I haven't a clue, and the Nortel Network folks say the router is fine. Any comments appreciated! -- __________________________ Owen Steinert osteinert@t-three.com GPG Key ID: C6C04FF8 From sage-members-owner@usenix.org Tue Mar 6 14:06:38 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f26M1dW00649 for sage-members-outgoing; Tue, 6 Mar 2001 14:01:39 -0800 (PST) Received: from emis-intl.com ([208.226.242.25]) by usenix.org (8.11.0/8.11.0) with ESMTP id f26M1Y900645 for ; Tue, 6 Mar 2001 14:01:34 -0800 (PST) Received: from rdulnx003.emis-intl.com (rdulnx003.emis-intl.com [10.90.132.28]) by emis-intl.com (8.9.3+Sun/8.9.3) with ESMTP id QAA16354; Tue, 6 Mar 2001 16:58:49 -0500 (EST) Received: (from majordomo@localhost) by rdulnx003.emis-intl.com (8.9.3/8.9.3) id QAA20512 for ncsa-announce-outgoing; Tue, 6 Mar 2001 16:55:46 -0500 Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by rdulnx003.emis-intl.com (8.9.3/8.9.3) with ESMTP id QAA20509 for ; Tue, 6 Mar 2001 16:55:39 -0500 Received: from pompano.cs.duke.edu (pompano.cs.duke.edu [152.3.140.228]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id QAA14827 for ; Tue, 6 Mar 2001 16:56:37 -0500 (EST) Received: from localhost (des@localhost) by pompano.cs.duke.edu (8.8.5/8.6.9) with ESMTP id QAA09615 for ; Tue, 6 Mar 2001 16:56:36 -0500 (EST) X-Authentication-Warning: pompano.cs.duke.edu: des owned process doing -bs Date: Tue, 6 Mar 2001 16:56:36 -0500 (EST) From: "Daniel E. Singer" To: sage-members@usenix.org Subject: NC*SA Meeting - Monday, March 12, 2001 - XML/Docbook Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk The next meeting of the North Carolina System Administrators organization (NC*SA) is upcoming. Details about the meeting and directions are provided in this note. We hope to see you there! NC*SA General Meeting 6:00 p.m., Monday, March 12, 2001 Dreyfus Laboratory Research Triangle Institute Research Triangle Park, NC (directions below) Topic: "Practical Linux SGML/XML for Sysadmins: A Configuration Tour via DocBook" Speaker: Mark Johnson, Senior Lecturing Fellow, Physics Department, Duke University Please see the end of this announcement for a list of our sponsors. ============================== Presentation abstract: From the KDE and Gnome help systems to the impending galactic assimilation by all things XML, the ubiquity of SGML is becoming hard to ignore. And, as a sysadmin, you may soon be fielding requests to install, troubleshoot or customize a Linux-based SGML system. The good news is that it's not at all difficult to understand the configuration of these systems. The bad news is that current configuration methods will shortly be obsolete. In this talk I'll cover the current SGML configuration models used by Redhat and Debian, and discuss the proposed new LSB SGML/XML standard. My customized documentation publishing system based on the DocBook DTD will provide both the context for the configuration discussion, and the setting for a number of publishing demonstrations. Speaker bio: Mark Johnson acquired his knowledge of SGML, and XML, and DocBook by employing one of the most sophisticated learning methods in existence: trial and error. Playing the dual roles of user and administrator, he developed and managed a number of software documentation projects related to his job in physics education. He claims to have developed custom packages that make his DocBook systems user-friendly enough for absolute newbies, and has recently joined the Debian project as maintainer of a number of DocBook XML packages and processing tools. He is a Senior Lecturing Fellow in the Physics Department at Duke University. ============================== Our meetings are free and open to anyone with an interest in the topic of the evening and/or system administration. We will be providing food and drink for the evening. If you have any questions please contact the Steering Committee at: ncsa-steer@ncsysadmin.org ============================== For information about the NC System Administrators group, please see our web site at . We have several usually-low-volume mailing lists that you can join: ncsa-discussion .. general discussion ncsa-announce .... meeting announcements ncsa-jobs ........ employment opportunities ncsa-steer ....... steering committee These are currently run on a Majordomo list manager at ; usual majordomo commands apply. Please see this page on our web site for more information about these lists: For other information on (un)subscribing from this, or any other NC*SA list, send e-mail to . Put the word 'help' on a line by itself to receive instructions on proper interaction with majordomo. When unsubscribing feel free to use the wildcard (*) to insure that you are removed from all of our lists in one fell swoop. (Please note, if you are a member of , you will also get a copy of these announcements. We cannot unsubscribe you from that list.) ============================== Directions to Research Triangle Institute: Please see this page on our web site for directions to the meeting: . If you do not have web access, please send e-mail to , and we will send them to you. For a map of RTI, please see: . ============================== Sponsors and Underwriters ============================== Gold Sponsors ------------- The following organizations have been major contributors to NC*SA. Their generous contributions and funding have been instrumental in the continued success of NC*SA: Auspex Dot Hill Duke University Computer Science Lab Network Computing Solutions, Inc. Pencom StorNet Silver Sponsors --------------- The following organizations and individuals have made significant contributions to and have underwritten meetings of NC*SA. Research Triangle Institute ........ provide our meeting space eMerging Information Systems ....... host our mailing lists WebslingerZ, Inc. .................. host our web site ===== End ===== From sage-members-owner@usenix.org Tue Mar 6 15:08:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f26N5L701060 for sage-members-outgoing; Tue, 6 Mar 2001 15:05:21 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f26N5KZ01055 for sage-members@usenix.org; Tue, 6 Mar 2001 15:05:20 -0800 (PST) Received: from outbound.ea.com (outbound.ea.com [12.35.91.3]) by usenix.org (8.11.0/8.11.0) with ESMTP id f26MLI900788 for ; Tue, 6 Mar 2001 14:21:19 -0800 (PST) Received: from eahq-bh1.rws.ad.ea.com (eahq-bh1.ea.com [10.14.204.31]) by outbound.ea.com (Switch-2.1.0/Switch-2.1.0) with ESMTP id f26MMQe10518 for ; Tue, 6 Mar 2001 14:22:26 -0800 (PST) Received: from cleric.ea.com ([10.14.132.169]) by eahq-bh1.rws.ad.ea.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id GMT246W7; Tue, 6 Mar 2001 14:20:53 -0800 Received: (from mrovner@localhost) by cleric.ea.com (8.8.8+Sun/8.8.8) id OAA04853 for sage-members@usenix.org; Tue, 6 Mar 2001 14:20:52 -0800 (PST) Date: Tue, 6 Mar 2001 14:20:52 -0800 From: "Marc `Did Someone Say Diablo?' Rovner" To: sage-members@usenix.org Subject: Re: L1 cache size Plotted over time Message-ID: <20010306142052.R3866@ea.com> References: <4D436812116AD311B43B00104B9DF3B6C94889@US-CPT-EXCH-2.plpt.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.2i In-Reply-To: <4D436812116AD311B43B00104B9DF3B6C94889@US-CPT-EXCH-2.plpt.com>; from paul.company@unisys.com on Mon, Mar 05, 2001 at 09:04:03PM -0600 Sender: owner-sage-members@usenix.org Precedence: bulk On Mon, Mar 05, 2001 at 09:04:03PM -0600, Company, Paul J. wrote: > > Does anyone know of any studies that graph L1 cache sizes over time? > > Moore's Law states that semiconductor capacity doubles every 18-24 months. > If each CPU Functional Unit increase equally (and I know it doesn't), then > you would expect L1 cache sizes to double every 18-24 months. > > Do L1 cache sizes double every 18-24 months? Here's an answer from a friend at Intel: > I don't have a graph of this but here is my take on the answer > > It [Moore's Law] states that frequency doubles every 18-24 months not > capacity. > > yes the numbe of transistors grow with every new generation of processor > and cache sizes grow but they do not have to grow at the same rate as the > processors performance. The Cache size is one little piece of the pie > which goes into the performance of a processor. the bus frequency > determines how big a cache you will need, also there are different levels > of cache in a processor. plus most code has alot of loops and usually > executes in local areas of a program. (ie. a 5 meg binary doesn't have to > be in the cache at the same time for the program to run. you might be in a > large function which has many iterations to compute, thus a smaller cache > might be ok). now as the processors pipeline grows it can handle more > instructions in its "queues" which will become a factor in cache size. --- "He's fast. He's strong. | - Marc David Rovner He's Mr TCP/IP.... | ...and he's got your address!" | Sr Unix System Administrator - Ericsson Medialab | [ ] ( ) / \ . com From sage-members-owner@usenix.org Tue Mar 6 16:34:28 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f270V5b02058 for sage-members-outgoing; Tue, 6 Mar 2001 16:31:05 -0800 (PST) Received: from zia.aoc.NRAO.EDU (zia.aoc.nrao.edu [146.88.1.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f270V4902054 for ; Tue, 6 Mar 2001 16:31:04 -0800 (PST) Received: from schooner.aoc.nrao.edu (schooner [146.88.1.113]) by zia.aoc.NRAO.EDU (8.9.3/8.9.3) with ESMTP id RAA00022 for ; Tue, 6 Mar 2001 17:30:38 -0700 (MST) Received: (from rmilner@localhost) by schooner.aoc.nrao.edu (8.7.3/8.6.10) id RAA22877 for sage-members@usenix.org; Tue, 6 Mar 2001 17:30:38 -0700 (MST) Date: Tue, 6 Mar 2001 17:30:38 -0700 (MST) From: Ruth Milner Message-Id: <200103070030.RAA22877@schooner.aoc.nrao.edu> To: sage-members@usenix.org Subject: SUMMARY: user login directory survey Sender: owner-sage-members@usenix.org Precedence: bulk Below is a tabulation of the responses I received. This proved more difficult to summarize than I had anticipated, since I wanted to try to group them logically, and in some cases more than one logical choice could have applied (in which case I picked only one). I've ordered them more or less in terms of increasing complexity, which not surprisingly also happens to correspond roughly with decreasing popularity. Also not a surprise, /home/ is the most popular, though it accounts for rather less than half the total number of conventions reported to be in use. Many sites had more than one convention. Note that these are the paths that users see. Generally speaking, the more complicated standards are designed to scale at very large sites. Having everything under a single area, whether it's an automounter map, real directories, or done with symlinks, results in poor performance above about 2-3 thousand entries. I guess people could debate the relative merits of the various choices now, but I'm not sure I would recommend it. :-} Ruth. ---- Ruth Milner National Radio Astronomy Observatory Computing Security Manager, Socorro, NM Assistant to the Director for rmilner@nrao.edu Data Management - 505-835-7282 Computing Acquisitions/Budgets/Contracts FAX 505-835-7027 --------------- Results of sage-members survey on home directory conventions March 2001 Total responders: 49 Total conventions reported: 86 Total *different* conventions reported: ~30 Sites with multiple conventions: 11 /home/ 37 // 15 u[1,2,...] 4 users 5 usr[1,2,...] 1 work 1 1 2 1 /home// 17 users 1 6 1 2 7 1 /// 3 u[1,2,...] 1 user 1 users 1 /usr// 4 home 1 users 2 staff 1 /export/home/ 1 (not hidden by automounter) /local/home/ 1 /net// 1 /home/users// 1 /usr/users// 1 /var/users// 1 //// 3 home 1 home/ 1 u 1 /work////staff/ 1 From sage-members-owner@usenix.org Wed Mar 7 05:15:53 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f27D9i403960 for sage-members-outgoing; Wed, 7 Mar 2001 05:09:44 -0800 (PST) Received: from mcst.gsfc.nasa.gov (mcst.gsfc.nasa.gov [198.119.44.143]) by usenix.org (8.11.0/8.11.0) with ESMTP id f27D9g903956 for ; Wed, 7 Mar 2001 05:09:42 -0800 (PST) Received: from aerialist.gsfc.nasa.gov (IDENT:osteiner@aerialist.gsfc.nasa.gov [198.119.44.58]) by mcst.gsfc.nasa.gov (Switch-2.0.6/Switch-2.0.6) with SMTP id f27D9Hx08198; Wed, 7 Mar 2001 08:09:17 -0500 (EST) Content-Type: text/plain; charset="iso-8859-1" From: Owen Steinert Organization: NASA/GSFC/MCST To: sage-members@usenix.org Subject: Re: FDDI host relocation networking problem Date: Wed, 7 Mar 2001 08:09:17 -0500 X-Mailer: KMail [version 1.2] References: <200103070748.f277mER16295@Snoopy.UCIS.Dal.Ca> In-Reply-To: <200103070748.f277mER16295@Snoopy.UCIS.Dal.Ca> MIME-Version: 1.0 Message-Id: <01030708091701.29423@aerialist.gsfc.nasa.gov> Content-Transfer-Encoding: 8bit Sender: owner-sage-members@usenix.org Precedence: bulk On 3/6/2001 Bruce Hudson wrote: > My suspicion would be that the boxes you moved had previously had their > network configuration set manually and the appropriate configuration files > were not updated. The symptoms you describe sound a LOT like what I would > expect if a system either did not have a default route or had its netmask > set wrong. Of course this assumes you shut down the two systems to move > them. Turns out that the machine that I couldn't contact at all from the ethernet subnet did indeed have the default gateway set incorrectly by one digit. Hate it when that happens! Now I can talk to that machine without any problems from both the FDDI subnet and the ethernet subnet. > The only thing that makes me doubt this is the comment that you can log > into one of the systems while being unable to ping it. You did not say if > you were logging in from an ethernet-based system or another FDDI system. > If you cannot ping the moved system from the same box you are telneting > from I would definitely say you had something freaky going on. This is still a problem. The default gateway and route are set correctly (I double checked this time!), and I can telnet and ssh in from the ethernet side, but can't ping from the ethernet subnet. I can both ping AND login from machines on the FDDI network. So yes, this is a freaky situation. Here's some more information I've gathered since my original post:: The affected FDDI machine is running IRIX 6.5.10. When I run snoop on the FDDI machine and ping it from an ethernet-based host the snoop shows the ICMP echo request, but the FDDI machine never echos back to the ethernet machine. > I apologize in advance if you find this explanation too simplistic. ;-) Not at all! Sometimes you just need a second pair of eyes to see the problem with. Thanks for the reply, and if you have any ideas about the ping problem on the remaining FDDI host please let me know. -- __________________________ Owen Steinert osteinert@t-three.com GPG Key ID: C6C04FF8 From sage-members-owner@usenix.org Wed Mar 7 07:36:27 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f27FWlk04337 for sage-members-outgoing; Wed, 7 Mar 2001 07:32:47 -0800 (PST) Received: from kodakr.kodak.com (kodakr.kodak.com [192.232.119.69]) by usenix.org (8.11.0/8.11.0) with ESMTP id f27FWf904333 for ; Wed, 7 Mar 2001 07:32:41 -0800 (PST) Received: from corpmail.kodak.com (corpmail.kodak.com [150.220.10.55]) by kodakr.kodak.com (8.11.1/8.11.0) with ESMTP id f27FWZD07662; Wed, 7 Mar 2001 10:32:35 -0500 (EST) Received: from KO-SITE-W8WXYL3.kodak.com ([150.221.65.122]) by corpmail.kodak.com (Post.Office MTA v3.5.3 release 223 ID# 592-58678U700L2S100V35) with ESMTP id com; Wed, 7 Mar 2001 10:30:34 -0500 Message-Id: <5.0.0.25.2.20010307102823.03a202c0@corpmail.kodak.com> X-Sender: 124859@corpmail.kodak.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Wed, 07 Mar 2001 10:30:33 -0500 To: sage-members@usenix.org From: Rich Dempsey Subject: Re: FDDI host relocation networking problem In-Reply-To: <01030708091701.29423@aerialist.gsfc.nasa.gov> References: <200103070748.f277mER16295@Snoopy.UCIS.Dal.Ca> <200103070748.f277mER16295@Snoopy.UCIS.Dal.Ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-sage-members@usenix.org Precedence: bulk There are known security exploits using the data portion of ICMP packets. For that reason, many sites disable ICMP (and therefore pings and traceroutes) at their routers. I'm wondering if SGI has disabled ICMP as part of Irix, or if this particular box has been "hardened" in some fashion to cause it to ignore ICMP traffic. Rich At 08:09 AM 03/07/2001 -0500, Owen Steinert wrote: >On 3/6/2001 Bruce Hudson wrote: >> My suspicion would be that the boxes you moved had previously had their >> network configuration set manually and the appropriate configuration files >> were not updated. The symptoms you describe sound a LOT like what I would >> expect if a system either did not have a default route or had its netmask >> set wrong. Of course this assumes you shut down the two systems to move >> them. > >Turns out that the machine that I couldn't contact at all from the ethernet >subnet did indeed have the default gateway set incorrectly by one digit. >Hate it when that happens! Now I can talk to that machine without any >problems from both the FDDI subnet and the ethernet subnet. > >> The only thing that makes me doubt this is the comment that you can log >> into one of the systems while being unable to ping it. You did not say if >> you were logging in from an ethernet-based system or another FDDI system. >> If you cannot ping the moved system from the same box you are telneting >> from I would definitely say you had something freaky going on. > >This is still a problem. The default gateway and route are set correctly (I >double checked this time!), and I can telnet and ssh in from the ethernet >side, but can't ping from the ethernet subnet. I can both ping AND login >from machines on the FDDI network. So yes, this is a freaky situation. > >Here's some more information I've gathered since my original post:: > >The affected FDDI machine is running IRIX 6.5.10. When I run snoop on the >FDDI machine and ping it from an ethernet-based host the snoop shows the ICMP >echo request, but the FDDI machine never echos back to the ethernet machine. > >> I apologize in advance if you find this explanation too simplistic. ;-) > >Not at all! Sometimes you just need a second pair of eyes to see the problem >with. Thanks for the reply, and if you have any ideas about the ping problem >on the remaining FDDI host please let me know. > >-- >__________________________ >Owen Steinert >osteinert@t-three.com >GPG Key ID: C6C04FF8 -- Richard C. Dempsey email: dempsey@kodak.com Kodak.com pager: 716-975-3539 7th Floor, Bldg 10, KO phone: 716-781-5232 Eastman Kodak Company Rochester, NY 14650-0108 From sage-members-owner@usenix.org Wed Mar 7 08:03:52 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f27G0o404471 for sage-members-outgoing; Wed, 7 Mar 2001 08:00:50 -0800 (PST) Received: from mcst.gsfc.nasa.gov (mcst.gsfc.nasa.gov [198.119.44.143]) by usenix.org (8.11.0/8.11.0) with ESMTP id f27G0n904467 for ; Wed, 7 Mar 2001 08:00:49 -0800 (PST) Received: from aerialist.gsfc.nasa.gov (IDENT:osteiner@aerialist.gsfc.nasa.gov [198.119.44.58]) by mcst.gsfc.nasa.gov (Switch-2.0.6/Switch-2.0.6) with SMTP id f27G0Nx20282 for ; Wed, 7 Mar 2001 11:00:23 -0500 (EST) Content-Type: text/plain; charset="iso-8859-1" From: Owen Steinert Organization: NASA/GSFC/MCST To: sage-members@usenix.org Subject: Re: FDDI host relocation networking problem Date: Wed, 7 Mar 2001 11:00:23 -0500 X-Mailer: KMail [version 1.2] MIME-Version: 1.0 Message-Id: <01030711002307.29423@aerialist.gsfc.nasa.gov> Content-Transfer-Encoding: 8bit Sender: owner-sage-members@usenix.org Precedence: bulk On Wednesday 07 March 2001 10:30, you wrote: > There are known security exploits using the data portion of ICMP packets. > For that reason, many sites disable ICMP (and therefore pings and > traceroutes) at their routers. I'm wondering if SGI has disabled ICMP as > part of Irix, or if this particular box has been "hardened" in some fashion > to cause it to ignore ICMP traffic. > > Rich Yeah, I know. We get ICMP scans every day. But, we're not blocking ICMP or filtering ICMP packets in any way between the two subnets (FDDI & ethernet). So your conclusion is the same as mine, and I'm trying to figure out why the IRIX FDDI box only responds to ICMP echo requests that come from the FDDI network, and not from the ethernet network. - Owen -- __________________________ Owen Steinert osteinert@t-three.com GPG Key ID: C6C04FF8 From sage-members-owner@usenix.org Wed Mar 7 08:41:41 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f27GbpU04967 for sage-members-outgoing; Wed, 7 Mar 2001 08:37:51 -0800 (PST) Received: from zia.aoc.NRAO.EDU (zia.aoc.nrao.edu [146.88.1.4]) by usenix.org (8.11.0/8.11.0) with ESMTP id f27Gbo904963 for ; Wed, 7 Mar 2001 08:37:50 -0800 (PST) Received: from schooner.aoc.nrao.edu (schooner [146.88.1.113]) by zia.aoc.NRAO.EDU (8.9.3/8.9.3) with ESMTP id JAA18901 for ; Wed, 7 Mar 2001 09:37:23 -0700 (MST) Received: (from rmilner@localhost) by schooner.aoc.nrao.edu (8.7.3/8.6.10) id JAA23359 for sage-members@usenix.org; Wed, 7 Mar 2001 09:37:23 -0700 (MST) Date: Wed, 7 Mar 2001 09:37:23 -0700 (MST) From: Ruth Milner Message-Id: <200103071637.JAA23359@schooner.aoc.nrao.edu> To: sage-members@usenix.org Subject: Re: FDDI host relocation networking problem X-Sun-Charset: US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Rich Dempsey wrote: > I'm wondering if SGI has disabled ICMP as part of Irix This is extremely unlikely for several reasons, including the fact that ICMP is required for various fundamental IP functions (e.g. MTU discovery). Not to mention that this would be a somewhat unusual security step for a vendor to take when the same box ships with passwordless accounts ... Since it responds to ping from the FDDI network, the system must support ICMP. It really sounds more like there's something buggy in the transition between Ethernet and FDDI which is only affecting ICMP. Are there any other network devices in the path which might also look at the protocol? Ruth. From sage-members-owner@usenix.org Wed Mar 7 11:07:25 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f27J3Kf06288 for sage-members-outgoing; Wed, 7 Mar 2001 11:03:20 -0800 (PST) Received: from ns3.torque.com (IDENT:postfix@torque.com [64.163.145.23]) by usenix.org (8.11.0/8.11.0) with ESMTP id f27J3J906284 for ; Wed, 7 Mar 2001 11:03:19 -0800 (PST) Received: from torque.com (unknown [64.163.145.20]) by ns3.torque.com (Postfix) with ESMTP id 70E1A114D4; Wed, 7 Mar 2001 11:03:12 -0800 (PST) Message-ID: <3AA6863E.F644630A@torque.com> Date: Wed, 07 Mar 2001 11:04:30 -0800 From: jblauth X-Mailer: Mozilla 4.7C-SGI [en] (X11; I; IRIX64 6.5 IP28) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: FDDI host relocation networking problem References: <01030711002307.29423@aerialist.gsfc.nasa.gov> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk Owen Steinert wrote: > On Wednesday 07 March 2001 10:30, you wrote: > > There are known security exploits using the data portion of ICMP packets. > > For that reason, many sites disable ICMP (and therefore pings and > > traceroutes) at their routers. I'm wondering if SGI has disabled ICMP as > > part of Irix, or if this particular box has been "hardened" in some fashion > > to cause it to ignore ICMP traffic. > > > > Rich > > Yeah, I know. We get ICMP scans every day. But, we're not blocking ICMP or > filtering ICMP packets in any way between the two subnets (FDDI & ethernet). > So your conclusion is the same as mine, and I'm trying to figure out why the > IRIX FDDI box only responds to ICMP echo requests that come from the FDDI > network, and not from the ethernet network. > > - Owen > > -- > __________________________ > Owen Steinert > osteinert@t-three.com > GPG Key ID: C6C04FF8 Irix 6.5.10 (or any older Irix) does not have ICMP disabled. SGIs are notoriously wide open. Even an OpenBSD box has ICMP enabled. This would be the first SGI I would have heard of to have been so fundamentally "hardened" (I work for a major SGI VAR). JH Blauth Sr Systems Engineer Torque Systems San Francisco From sage-members-owner@usenix.org Thu Mar 8 02:59:25 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f28ArPV03807 for sage-members-outgoing; Thu, 8 Mar 2001 02:53:25 -0800 (PST) Received: from gate.mental.com (gate.mental.com [192.31.14.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f28ArNG03803 for ; Thu, 8 Mar 2001 02:53:23 -0800 (PST) Received: (from uucp@localhost) by gate.mental.com (8.8.5/8.8.8/Lobo-20000426) id LAA12164; Thu, 8 Mar 2001 11:53:21 +0100 (CET) Received: from twen-et(172.16.0.5) by gate via smap (V2.0/Lobo-010123) id xma012162; Thu, 8 Mar 01 11:53:11 +0100 Received: (from smap@localhost) by mental.com (8.10.1/8.10.1/Lobo-20001016) id f28ArAO17655; Thu, 8 Mar 2001 11:53:10 +0100 (MET) Received: from twen(172.17.0.5) by twen via smap (V2.0) id xma017651; Thu, 8 Mar 01 11:53:09 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: FDDI host relocation networking problem In-reply-to: Owen Steinert's message of Tue, 06 Mar 2001 15:00:30 EST <01030615003007.16262@aerialist.gsfc.nasa.gov> Organization: mental images GmbH & Co. KG, Berlin, Germany Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 08 Mar 2001 11:53:09 +0100 Message-ID: <17650.984048789@mental.com> From: Alexander Lobodzinski Sender: owner-sage-members@usenix.org Precedence: bulk () A few days ago I relocated two machines on the FDDI ring to () different rooms, but kept them on the same FDDI ring. Since () the move I have been unable to ping either machine from the () ethernet subnet. () The affected FDDI machine is running IRIX 6.5.10 If the machines stayed on the same FDDI ring and kept their addresses this "should not happen". However on our FDDI ring are some SGIs as well and sometimes just something with the combination of FDDI members (different OSes, concentrators, or whatever) gives more or less subtle troubles, most oftenly on the FDDI level as it seems. I can confirm that any SGI out-of-the box responds to ping across network boundaries. Sorry, no experience with Nortel routers in between, a DEC Unix box has enough spare cycles and bandwidth to do a nice router job for us. There comes a somewhat silly but nevertheless oftenly useful SGI tool called FDDI Visualizer on the IRIX CDs (not to be confused with the not-for-free Network Visualizer). I would start troubleshooting with this until all stations show up in a healthy (non-grey) state on a *single* ring. I don't know enough FDDI pecularities to understand what exactly can go a little wrong, but there appear to be a lot of reasons... Did you de-dust the newly plugged FDDI connectors just in case? Put the machines' MAC addresses into /etc/ethers to get meaningful labels on the FDDIVisualizer display. Ciao, Lobo From sage-members-owner@usenix.org Thu Mar 8 05:40:54 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f28DZHq04085 for sage-members-outgoing; Thu, 8 Mar 2001 05:35:17 -0800 (PST) Received: from mcst.gsfc.nasa.gov (mcst.gsfc.nasa.gov [198.119.44.143]) by usenix.org (8.11.0/8.11.0) with ESMTP id f28DZGG04081 for ; Thu, 8 Mar 2001 05:35:16 -0800 (PST) Received: from aerialist.gsfc.nasa.gov (IDENT:osteiner@aerialist.gsfc.nasa.gov [198.119.44.58]) by mcst.gsfc.nasa.gov (Switch-2.0.6/Switch-2.0.6) with SMTP id f28DZCx07143; Thu, 8 Mar 2001 08:35:12 -0500 (EST) Content-Type: text/plain; charset="iso-8859-1" From: Owen Steinert Organization: NASA/GSFC/MCST To: sage-members@usenix.org Subject: Re: FDDI host relocation networking problem Date: Thu, 8 Mar 2001 08:35:12 -0500 X-Mailer: KMail [version 1.2] References: <200103071637.JAA23359@schooner.aoc.nrao.edu> In-Reply-To: <200103071637.JAA23359@schooner.aoc.nrao.edu> Cc: sage-members@usenix.org MIME-Version: 1.0 Message-Id: <01030808351200.12534@aerialist.gsfc.nasa.gov> Content-Transfer-Encoding: 8bit Sender: owner-sage-members@usenix.org Precedence: bulk On Wednesday 07 March 2001 11:37, you wrote: > Rich Dempsey wrote: > > I'm wondering if SGI has disabled ICMP as part of Irix > > This is extremely unlikely for several reasons, including the fact that > ICMP is required for various fundamental IP functions (e.g. MTU discovery). > Not to mention that this would be a somewhat unusual security step for a > vendor to take when the same box ships with passwordless accounts ... > > Since it responds to ping from the FDDI network, the system must support > ICMP. It really sounds more like there's something buggy in the transition > between Ethernet and FDDI which is only affecting ICMP. Are there any > other network devices in the path which might also look at the protocol? Not that I am aware of. It's been suggested that I take a look at SGI's FDDI Visualizer to try to figure out what's going on. I'll do that and get back to you. - Owen -- Owen Steinert Systems Administrator MODIS Characterization Support Team (MCST) GPG Key ID: C6C04FF8 (preferred) PGP Key ID: 0x6A8FE393 From sage-members-owner@usenix.org Fri Mar 9 10:40:57 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f29IW7612057 for sage-members-outgoing; Fri, 9 Mar 2001 10:32:07 -0800 (PST) Received: from spliff.LuftHans.com (cpe-24-221-1-115.az.sprintbbd.net [24.221.1.115]) by usenix.org (8.11.0/8.11.0) with ESMTP id f29IW4G12053 for ; Fri, 9 Mar 2001 10:32:05 -0800 (PST) Received: from localhost ([::ffff:127.0.0.1]) by spliff.LuftHans.com with esmtp (Exim 3.12 #1 (Debian)) id 14bRgG-0000sR-00 for ; Fri, 09 Mar 2001 11:32:00 -0700 Date: Fri, 9 Mar 2001 11:31:59 -0700 (MST) From: "der.hans" X-Sender: lufthans@spliff.LuftHans.com To: sage-members@usenix.org Subject: 255.255.255.255 and multicast Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk moin, moin, logging some traffic at work and I'm noticing traffic coming in from the net for various ports for 255.255.255.255. I'm thinking this is not good. Shouldn't these be cut down by every service provider along the way? Is there a reason I need to let these hit my network? Also what's the nameserver on port 42? I've got a mickeysquash box trying to contact that. DNS aka nameserver uses 53, and I've never heard of it using 42. Those packets are destined for multicast addy 224.0.1.24, which seems to be some multicast mickeyschrott thing. It's listed as microsoft-ds. Is that their death star? Should I be worried about this box contacting the mothership? ciao, der.hans -- # der.hans@LuftHans.com home.pages.de/~lufthans/ www.YourCompanyHere.net ;-) # I'm not anti-social, I'm pro-individual. - der.hans From sage-members-owner@usenix.org Fri Mar 9 10:53:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f29Imtc12135 for sage-members-outgoing; Fri, 9 Mar 2001 10:48:55 -0800 (PST) Received: from spin.web.net (spin.web.net [192.139.37.16]) by usenix.org (8.11.0/8.11.0) with ESMTP id f29ImoG12131 for ; Fri, 9 Mar 2001 10:48:50 -0800 (PST) Received: by spin.web.net (Postfix, from userid 32903) id BCD3112F1DF; Fri, 9 Mar 2001 13:49:38 -0500 (EST) Date: Fri, 9 Mar 2001 13:49:38 -0500 From: Erin Clarke To: sage-members@usenix.org Subject: Solaris JumpStart Server: 1st-time setup Message-ID: <20010309134938.B20515@spin.web.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Sender: owner-sage-members@usenix.org Precedence: bulk Greetings SAGE Members... First posting intro: I've been a member since July 1999, attended most of LISA 2000, am somewhere on the early side of 'Intermediate' in the SAGE SysAdmin skill category 'Intermediate/Advanced' and I voted in the latest SAGE board elections (just so the longer-term and founding members know that some of us newer members do care enough to vote [=^J). I read most of the sage-members postings with interest and have learned a few things from doing so (which I sincerely appreciate). I am reluctant to ask for information before I've contributed to the list in any educational or useful manner, but... First posting info/experience request: I have been charged with setting up a JumpStart server, which I have never done before. I've read a fair amount of documentation and am fairly confident I can set this up, but I am interested in hearing from others who've worked with JumpStart, about their experiences, successes, woes, solutions, pitfalls, other sources of info/docs, etc. Some contextual info: I am 1 of 2 UNIX admins in the Hosting Services dept. of the Canadian HQ of a large Tier-1 connectivity provider (I am not posting from my work address ;^I), which has a new set of managed hosting products, as well as existing hosting products that need better setup standards - the inspiration for the JumpStart server. What I have/planned so far (basic points): -> E250 w 4x18GB HDDs (will be mirrored, with OS - Solaris8 - and JumpStart data - /opt/install - on separate disks) -> Boot, Profile, Install server all on one machine (since all new machines will be installed on same subnet and moved to a planned pre-production network, then full production network) -> using DNS, not using NIS (I want to run bind/named on the same machine, caching, not full DNS - is this good, bad? why?). I am particularly interested in others' experience using JumpStart without NIS or NIS+, since the docs I've read don't seem to account for such a possibility (while experience and recommendations from a more senior sysadmin in another department do)... -> using a console router to work on multiple machines -> eventually on non-routable 'install' network (I plan to get a 2nd NIC and do NAT on the same machine - is this good, bad? why?) -> I'm OK with the finish scripts I have planned, but if any one has scripts or suggestions for doing more than patching, account creations and basic system config (running cfengine, modifying various /etc files), I'd be interested in hearing about it. Please reply to me directly and I will summarize input and my progress to the list (if it seems there's interest). TIA, Erin 8) From sage-members-owner@usenix.org Fri Mar 9 12:10:04 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f29K4nG12851 for sage-members-outgoing; Fri, 9 Mar 2001 12:04:49 -0800 (PST) Received: from mailer.cacs.usl.edu (mailer.cacs.usl.edu [130.70.72.22]) by usenix.org (8.11.0/8.11.0) with ESMTP id f29K4kG12847 for ; Fri, 9 Mar 2001 12:04:47 -0800 (PST) Received: from pmlsun.cacs.louisiana.edu (pmlsun.cacs.louisiana.edu [130.70.73.12]) by mailer.cacs.usl.edu (8.9.3/8.9.3) with SMTP id OAA06324; Fri, 9 Mar 2001 14:04:31 -0600 (CST) Message-Id: <200103092004.OAA06324@mailer.cacs.usl.edu> Date: Fri, 9 Mar 2001 14:04:30 -0600 (CST) From: "Patrick M. Landry" Reply-To: "Patrick M. Landry" Subject: Re: Solaris JumpStart Server: 1st-time setup To: sage-members@usenix.org Cc: sage-members@usenix.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: Stp9lIEkMyAZ8JXKd8zy+w== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4.2 SunOS 5.8 sun4u sparc Sender: owner-sage-members@usenix.org Precedence: bulk I recently came across Sun's JumpStart Architecture and Security Scripts ("JASS" Toolkit) on Sun's Blueprints web site. http://www.sun.com/blueprints/online.html JASS has some interesting ideas in it. Worth looking at. There are some other articles about JumpStart there also. -- Patrick Landry The Center for Advanced Computer Studies Senior System Administrator The University of Louisiana at Lafayette pml@cacs.louisiana.edu PO Box 44330, Lafayette, LA 70504-4330 From sage-members-owner@usenix.org Fri Mar 9 12:58:43 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f29KsLh13199 for sage-members-outgoing; Fri, 9 Mar 2001 12:54:21 -0800 (PST) Received: from denali.loopback.net ([199.183.24.200]) by usenix.org (8.11.0/8.11.0) with ESMTP id f29KsJG13195 for ; Fri, 9 Mar 2001 12:54:19 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f29KqRh05269; Fri, 9 Mar 2001 15:52:27 -0500 Date: Fri, 9 Mar 2001 15:52:27 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: 255.255.255.255 and multicast Message-ID: <20010309155227.G2521@redhat.com> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="MrRUTeZlqqNo1jQ9" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; Sender: owner-sage-members@usenix.org Precedence: bulk --MrRUTeZlqqNo1jQ9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline from SAGE@LuftHans.com on Fri, Mar 09, 2001 at 11:31:59AM -0700 On Fri, Mar 09, 2001 at 11:31:59AM -0700, der.hans mailed: > logging some traffic at work and I'm noticing traffic coming in from the > net for various ports for 255.255.255.255. I'm thinking this is not good. > Shouldn't these be cut down by every service provider along the way? Is > there a reason I need to let these hit my network? Broadcast packets are only applicable to the local broadcast domain. So they should not be coming in from different network segments. -- Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --MrRUTeZlqqNo1jQ9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6qUKL5AZBSxmJOhkRAqCIAJ9TlFnJjzxaAbQnahvfeTN/PbuXRQCeIb7v y4ZdnHN727qkmTBd4Hnb07k= =QUCg -----END PGP SIGNATURE----- --MrRUTeZlqqNo1jQ9-- From sage-members-owner@usenix.org Fri Mar 9 13:38:26 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f29LXjZ13391 for sage-members-outgoing; Fri, 9 Mar 2001 13:33:45 -0800 (PST) Received: from spliff.LuftHans.com (cpe-24-221-1-115.az.sprintbbd.net [24.221.1.115]) by usenix.org (8.11.0/8.11.0) with ESMTP id f29LXhG13387 for ; Fri, 9 Mar 2001 13:33:44 -0800 (PST) Received: from localhost ([::ffff:127.0.0.1]) by spliff.LuftHans.com with esmtp (Exim 3.12 #1 (Debian)) id 14bUVU-00043Y-00; Fri, 09 Mar 2001 14:33:04 -0700 Date: Fri, 9 Mar 2001 14:32:59 -0700 (MST) From: "der.hans" X-Sender: lufthans@spliff.LuftHans.com To: sage-members@usenix.org cc: Goetter des Netzes Subject: Re: 255.255.255.255 and multicast In-Reply-To: <20010309155227.G2521@redhat.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by usenix.org id f29LXjG13388 Sender: owner-sage-members@usenix.org Precedence: bulk Am 09. Mar, 2001 schwäzte Bryan C. Andregg so: > Broadcast packets are only applicable to the local broadcast domain. So they > should not be coming in from different network segments. That's what I'd think. We've got a /25 under 209.210, but I'm getting some broadcast stuff from 206.138.81.160, 209.44.98.81 and 217.81.131.142. They're hitting dns and ftp (ports 53 and 21). They are coming in >1024. I've got an internal machine hitting snmp on quad 255s. I'm looking into that too. danke, der.hans -- # der.hans@LuftHans.com home.pages.de/~lufthans/ www.YourCompanyHere.net ;-) # Only wimps use tape backup: _real_ men just upload their important # stuff on ftp, and let the rest of the world mirror it. -- Linus Torvalds From sage-members-owner@usenix.org Sun Mar 11 03:20:40 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2BB8CV18562 for sage-members-outgoing; Sun, 11 Mar 2001 03:08:12 -0800 (PST) Received: from paladin.globnix.org (paladin.globnix.org [195.11.247.40]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2BB89G18558 for ; Sun, 11 Mar 2001 03:08:09 -0800 (PST) Received: by paladin.globnix.org with local id 14c3hd-0004fr-00 for multiple recipients; Sun, 11 Mar 2001 11:07:57 +0000 Date: Sun, 11 Mar 2001 12:07:57 +0100 From: Phil Pennock To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: 255.255.255.255 and multicast Message-ID: <20010311120757.A10907@globnix.org> Mail-Followup-To: "der.hans" , sage-members@usenix.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from SAGE@LuftHans.com on Fri, Mar 09, 2001 at 11:31:59AM -0700 Organisation: Organisation? Here? No, over there ----> X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine and mine alone. Such views do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. X-Phase-of-Moon: The Moon is Waning Gibbous (96% of Full) X-No-Archive: yes Sender: owner-sage-members@usenix.org Precedence: bulk On 2001-03-09 at 11:31 -0700, der.hans gifted us with: > logging some traffic at work and I'm noticing traffic coming in from the > net for various ports for 255.255.255.255. I'm thinking this is not good. Microsoft Windows, on either boot-up or dial-up, trying to contact a server. NetBIOS I think, tunneled over TCP. I'm not sure, I don't do Windows. My understanding is that it's part of that Network Neighbourhood stuff when IPX is disabled. My understanding could well be wrong. I just know that we see it from our customers. > Shouldn't these be cut down by every service provider along the way? As an ISP sysadmin, I'd really really like to be able to filter these coming from our customers. Unfortunately, the rules on filtering can be quite strict. We can ensure that stuff coming from them has their source address, our routing ensures that they only get stuff for their IP address, but within that, filtering becomes highly political. :^( On my Todo list, together with 2^32 other items, is "web interface for customer to control their own simple limited IP filters, except for source address filtering, with default being some filters sensible for Windows boxes." Even this would likely cause us problems. See NANOG threads passim for people who would sue if this were the default at their ISP, even if they were warned about it. :^( There's no way that we could safely roll this out to existing accounts. The only people who'd enable it would be those who are less likely to need it in the first place, because they know enough to know that they need to enable filters. > Is > there a reason I need to let these hit my network? Filter them. Especially if you have any Windows boxes on your network. -- It seems to have reached the point where a user of a GNU/Linux distribution will consider themselves "hot" if they can install the system on their own and do the same for others, or a "guru" if they once used a command-line shell. From sage-members-owner@usenix.org Sun Mar 11 12:15:50 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2BK9wW19254 for sage-members-outgoing; Sun, 11 Mar 2001 12:09:58 -0800 (PST) Received: from crufty.research.bell-labs.com (crufty.research.bell-labs.com [204.178.16.49]) by usenix.org (8.11.0/8.11.0) with SMTP id f2BK9uG19250 for ; Sun, 11 Mar 2001 12:09:56 -0800 (PST) Received: from grubby.research.bell-labs.com ([135.104.2.9]) by crufty; Sun Mar 11 15:06:08 EST 2001 Received: from starling.research.bell-labs.com ([135.104.26.187]) by grubby; Sun Mar 11 15:08:00 EST 2001 Received: from ges.lumeta.com (ges.mh.lucent.com [135.3.161.70]) by starling.research.bell-labs.com (8.9.1/8.9.1) with ESMTP id PAA11627 for ; Sun, 11 Mar 2001 15:07:59 -0500 (EST) Message-Id: <5.1.0.10.0.20010311145606.02ca8ec8@starling.research.bell-labs.com> X-Sender: ges@starling.research.bell-labs.com X-Mailer: QUALCOMM Windows Eudora Version 5.1.0.10 (Beta) Date: Sun, 11 Mar 2001 15:07:14 -0500 To: sage-members@usenix.org From: Glenn Sieb Subject: Re: multicast & the new SMB/Microsoft-DS stuff... In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-sage-members@usenix.org Precedence: bulk On 11:31 AM 3/9/2001 -0700, der.hans wrote: >It's listed as microsoft-ds. Is that their death star? Microsoft-ds is what used to be SMB--basically, that PC (sounds like a win2k box) is trying to contact other Directory Service boxen on your network. (This is what used to be NetBIOS/WINS broadcasts in earlier versions of Windows.) Also, you might notice it's coming across port 445 instead of 139--W2k still supports 139, but apparently they're replacing it with 445 for their filesharing/etc. (Hmm--maybe they thought it'd throw a monkey wrench into a Samba server? Who knows...) Anywho.. since this is my first posting, I guess I should tell you who I am etc :) My name's, Glenn, I work at Lumeta, for Tom Limoncelli, and basically I'm help desk and Windows geek, while learning more about *nix from the people here than I've ever had to know before (and enjoying every minute of it)! Anyway, I just joined Usenix/SAGE last month, and look forward to chatting with all of you! Cheers! Glenn --- Glenn E. Sieb, System Administrator Lumeta Corp. mailto:ges@lumeta.com +1 908 582-1693 (V) +1 908 582-8129 (Fax) From sage-members-owner@usenix.org Mon Mar 12 01:12:11 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2C94jX20402 for sage-members-outgoing; Mon, 12 Mar 2001 01:04:45 -0800 (PST) Received: from spliff.LuftHans.com (cpe-24-221-1-115.az.sprintbbd.net [24.221.1.115]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2C94gG20398 for ; Mon, 12 Mar 2001 01:04:43 -0800 (PST) Received: from localhost ([::ffff:127.0.0.1]) by spliff.LuftHans.com with esmtp (Exim 3.12 #1 (Debian)) id 14cOFE-0005Iu-00; Mon, 12 Mar 2001 02:04:00 -0700 Date: Mon, 12 Mar 2001 02:03:59 -0700 (MST) From: "der.hans" X-Sender: lufthans@spliff.LuftHans.com To: sage-members@usenix.org cc: Goetter des Netzes Subject: Re: 255.255.255.255 and multicast In-Reply-To: <20010311120757.A10907@globnix.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by usenix.org id f2C94iG20399 Sender: owner-sage-members@usenix.org Precedence: bulk Am 11. Mar, 2001 schwäzte Phil Pennock so: > As an ISP sysadmin, I'd really really like to be able to filter these > coming from our customers. Unfortunately, the rules on filtering can be > quite strict. We can ensure that stuff coming from them has their > source address, our routing ensures that they only get stuff for their > IP address, but within that, filtering becomes highly political. :^( You have to drop stuff destined or originating from private address ranges as proscribed in RFC 1918, right? Is there also an RFC covering routing of broadcast traffic? I'd think broadcasting to 255.255.255.255 across inter-organization links would also be prohibited. I will be adding filters to make sure such stuff doesn't enter or leave out network. > Even this would likely cause us problems. See NANOG threads passim for > people who would sue if this were the default at their ISP, even if they Didn't find anything much with a search for 'passim' in the mailing list archives. As you can see from my posts I'm not a networking guru :). danke, der.hans -- # der.hans@LuftHans.com home.pages.de/~lufthans/ www.YourCompanyHere.net ;-) # Two roads diverged in a wood, and I -- # I took the one less traveled by, # And that has made all the difference. -- Robert Frost # I, OTOH, prefer to just go stomping through the desert... - der.hans From sage-members-owner@usenix.org Mon Mar 12 01:45:38 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2C9fJH20465 for sage-members-outgoing; Mon, 12 Mar 2001 01:41:19 -0800 (PST) Received: from paladin.globnix.org (paladin.globnix.org [195.11.247.40]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2C9fHG20461 for ; Mon, 12 Mar 2001 01:41:18 -0800 (PST) Received: by paladin.globnix.org with local id 14cOpB-00037M-00 for multiple recipients; Mon, 12 Mar 2001 09:41:09 +0000 Date: Mon, 12 Mar 2001 10:41:09 +0100 From: Phil Pennock To: sage-members@usenix.org Cc: Goetter des Netzes Subject: Re: 255.255.255.255 and multicast Message-ID: <20010312104109.A24204@globnix.org> Mail-Followup-To: "der.hans" , Goetter des Netzes References: <20010311120757.A10907@globnix.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from SAGE@LuftHans.com on Mon, Mar 12, 2001 at 02:03:59AM -0700 Organisation: Organisation? Here? No, over there ----> X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine and mine alone. Such views do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. X-Phase-of-Moon: The Moon is Waning Gibbous (91% of Full) X-No-Archive: yes Sender: owner-sage-members@usenix.org Precedence: bulk On 2001-03-12 at 02:03 -0700, der.hans gifted us with: > You have to drop stuff destined or originating from private address ranges > as proscribed in RFC 1918, right? Is there also an RFC covering routing of > broadcast traffic? I'd think broadcasting to 255.255.255.255 across > inter-organization links would also be prohibited. RFC 1918 (BCP 5) merely states which IP address ranges are for private local use. RFC 2827 (BCP 38) cover "Network Ingress Filtering", that is "make sure that packets coming from them have a Source IP which is theirs. We do this (when the NAS's OS is *shock* working properly and actually using the filters which are provided by RADIUS). Filtering outgoing traffic requires knowing what constitutes a network. Yes, we probably could filter 255.255.255.255. But we can't just impose that at the NASes, because some customers could perfectly legitimately be using two accounts at different sites and letting them see each other via Network Neighbourhoods. Yes, this is stupid. Yes, this is something that someone on NANOG had set up and was investigating suing the ISP because they were filtering 255.255.255.255. Yes, the customers should establish VLANs. We can't now impose this on our customers, though. > > Even this would likely cause us problems. See NANOG threads passim for > > people who would sue if this were the default at their ISP, even if they > > Didn't find anything much with a search for 'passim' in the mailing list > archives. As you can see from my posts I'm not a networking guru :). Ooops! Sorry, "passim" applied to an information source, such as a magazine or a news-thread or whatever, means "those which were created in the past". I must remember to be careful with my English when speaking to non-native speakers. Unfortunately, I live in The Netherlands and many of my Dutch colleagues have better English that the people on the housing estate where I grew up. Try searching on the other terms mentioned in this thread. -- Democracy is three wolves and a sheep voting on what's for dinner. From sage-members-owner@usenix.org Mon Mar 12 06:22:35 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2CEFRf20901 for sage-members-outgoing; Mon, 12 Mar 2001 06:15:27 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2CEFPG20897 for ; Mon, 12 Mar 2001 06:15:25 -0800 (PST) Received: from [194.78.241.123] ([194.78.241.123]) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with ESMTP id f2CEFJT23879; Mon, 12 Mar 2001 15:15:20 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20010312104109.A24204@globnix.org> References: <20010311120757.A10907@globnix.org> <20010312104109.A24204@globnix.org> Date: Mon, 12 Mar 2001 15:12:06 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: 255.255.255.255 and multicast Cc: Goetter des Netzes Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 10:41 AM +0100 3/12/01, Phil Pennock wrote: > Ooops! Sorry, "passim" applied to an information source, such as a > magazine or a news-thread or whatever, means "those which were created > in the past". I must remember to be careful with my English when > speaking to non-native speakers. Heck, I'm a native speaker, I consider myself to be reasonably well educated and with a decent vocabulary, and I have sure as heck never heard the term "passim" before. -- Brad Knowles, #!/usr/bin/perl -w # 531-byte qrpff-fast, Keith Winstein and Marc Horowitz # MPEG 2 PS VOB file on stdin -> descrambled output on stdout # arguments: title key bytes in least to most-significant order # Usage: # qrpff 153 2 8 105 225 /mnt/dvd/VOB_FILE_NAME | extract_mpeg2 | mpeg2_dec - $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c^=( $m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%16 -2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h =5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$ d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^ $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^ (($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval From sage-members-owner@usenix.org Mon Mar 12 06:30:26 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2CEQBn20934 for sage-members-outgoing; Mon, 12 Mar 2001 06:26:11 -0800 (PST) Received: from paladin.globnix.org (paladin.globnix.org [195.11.247.40]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2CEQ8G20927 for ; Mon, 12 Mar 2001 06:26:08 -0800 (PST) Received: by paladin.globnix.org with local id 14cTGt-0005EB-00 for multiple recipients; Mon, 12 Mar 2001 14:26:03 +0000 Date: Mon, 12 Mar 2001 15:26:03 +0100 From: Phil Pennock To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: 255.255.255.255 and multicast Message-ID: <20010312152603.A12648@globnix.org> Mail-Followup-To: Brad Knowles , sage-members@usenix.org References: <20010311120757.A10907@globnix.org> <20010312104109.A24204@globnix.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: ; from brad.knowles@skynet.be on Mon, Mar 12, 2001 at 03:12:06PM +0100 Organisation: Organisation? Here? No, over there ----> X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine and mine alone. Such views do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. X-Phase-of-Moon: The Moon is Waning Gibbous (89% of Full) X-No-Archive: yes Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by usenix.org id f2CEQAG20931 Sender: owner-sage-members@usenix.org Precedence: bulk On 2001-03-12 at 15:12 +0100, Brad Knowles gifted us with: > Heck, I'm a native speaker, I consider myself to be reasonably > well educated and with a decent vocabulary, and I have sure as heck > never heard the term "passim" before. Off-topic, but: Five entries. First: pas·sim, adv. Throughout or frequently; here and there. Used in textual annotation to indicate that something, such as a word or passage, occurs frequently in the work cited. [Latin from passus, past participle of pandere, to scatter, spread out; see pet- in Indo-European Roots.] Which isn't quite what I gave as a definition, but is how I used it and perfectly describes how this topic comes up on NANOG. ;^) Also: passim adv : used to refer to cited works [syn: throughout] Uhm .. uhm .... I, erm, actually read a small-ish dictionary when 10 or so. I have a slightly larger than average vocabulary. I'm also of British origin, for my sins, so if you're American, this could explain it. -- It seems to have reached the point where a user of a GNU/Linux distribution will consider themselves "hot" if they can install the system on their own and do the same for others, or a "guru" if they once used a command-line shell. From sage-members-owner@usenix.org Mon Mar 12 08:48:44 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2CGhHX21443 for sage-members-outgoing; Mon, 12 Mar 2001 08:43:17 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f2CGhHi21438 for sage-members@usenix.org; Mon, 12 Mar 2001 08:43:17 -0800 (PST) Received: from fw-inhouse-4. ([194.15.145.24]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2CBigG20697 for ; Mon, 12 Mar 2001 03:44:44 -0800 (PST) Received: (from uucp@localhost) by fw-inhouse-4. (8.8.8/8.8.8) id MAA07400; Mon, 12 Mar 2001 12:44:39 +0100 (MET) Received: from fw-inhouse-lan(172.30.14.4), claiming to be "fw-inhouse-4" via SMTP by fw-inhouse-lan, id smtpdAAAMVaGBo; Mon Mar 12 12:44:30 2001 Received: from dab-aw060.muc.diraba.de (172.30.22.60 [172.30.22.60]) by dab-ms01.int.diraba.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id GP1MG847; Mon, 12 Mar 2001 12:44:29 +0100 Received: (from bb@localhost) by dab-aw060.muc.diraba.de (8.10.1/8.10.1) id f2CBluF02112; Mon, 12 Mar 2001 12:47:56 +0100 (CET) Date: Mon, 12 Mar 2001 12:47:56 +0100 From: Gabriel Krabbe To: sage-members@usenix.org Subject: Re: 255.255.255.255 and multicast Message-ID: <20010312124756.B182@tao.muc.diraba.de> References: <20010312104109.A24204@globnix.org> <15702.984397241@www12.gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <15702.984397241@www12.gmx.net>; from Phil.Pennock@globnix.org on Mon, Mar 12, 2001 at 12:40:41PM +0100 Organization: Invisible Systems, Inc. - If you don't see it, we made it! Sender: owner-sage-members@usenix.org Precedence: bulk On Mon, Mar 12, 2001 at 12:40:41PM +0100, Phil Pennock wrote: > On 2001-03-12 at 02:03 -0700, der.hans gifted us with: >> You have to drop stuff destined or originating from private address ranges >> as proscribed in RFC 1918, right? Is there also an RFC covering routing of >> broadcast traffic? I'd think broadcasting to 255.255.255.255 across >> inter-organization links would also be prohibited. > > RFC 1918 (BCP 5) merely states which IP address ranges are for private > local use. > > RFC 2827 (BCP 38) cover "Network Ingress Filtering", that is "make sure > that packets coming from them have a Source IP which is theirs. We do > this (when the NAS's OS is *shock* working properly and actually using > the filters which are provided by RADIUS). > > Filtering outgoing traffic requires knowing what constitutes a network. > Yes, we probably could filter 255.255.255.255. But we can't just impose > that at the NASes, because some customers could perfectly legitimately > be using two accounts at different sites and letting them see each other > via Network Neighbourhoods. Yes, this is stupid. Yes, this is > something that someone on NANOG had set up and was investigating suing > the ISP because they were filtering 255.255.255.255. Yes, the customers > should establish VLANs. We can't now impose this on our customers, > though. Never mind "stupid". Tell them to use WINS servers, show them RFCs 919 and 929, and block away. They're going through some router, so they're leaving their physical network, so the address 0xffffffff shouldn't be going anywhere. Besides which there should be no need for blocking, assuming your customers are routed, not repeated, in. Gabe -- Of all the people I've met, you're certainly one of them. From sage-members-owner@usenix.org Mon Mar 12 12:28:23 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2CKKTM23324 for sage-members-outgoing; Mon, 12 Mar 2001 12:20:29 -0800 (PST) Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2CKKRG23320 for ; Mon, 12 Mar 2001 12:20:27 -0800 (PST) Received: from [194.78.241.123] ([194.78.241.123]) by picard.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with ESMTP id f2CKKD008318; Mon, 12 Mar 2001 21:20:13 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20010312152603.A12648@globnix.org> References: <20010311120757.A10907@globnix.org> <20010312104109.A24204@globnix.org> <20010312152603.A12648@globnix.org> Date: Mon, 12 Mar 2001 21:03:04 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: 255.255.255.255 and multicast Cc: sage-members@usenix.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 3:26 PM +0100 3/12/01, Phil Pennock wrote: > Uhm .. uhm .... I, erm, actually read a small-ish dictionary when 10 or > so. I have a slightly larger than average vocabulary. I'm also of > British origin, for my sins, so if you're American, this could explain > it. My grandfather was Regional Manager for World Book Encyclopedia, and one of his frequent Christmas gifts to me (and my parents) was a new set of encyclopedias. I started reading them at a very early age (probably around four or five, if not earlier), and every time I asked a question my parents didn't know the answer to, they would tell me to go look it up myself. After several hours of being exceptionally quiet, they'd come back and find me having followed several links to different articles and having pulled about half the books off the shelves. Reading the encyclopedia was one of my favourite pastimes, and was a primary reason behind the fact that I was reading at a college level before entering fourth grade (I later found out that they did an IQ test and I came up somewhere in the mid-150s). [0] And I *still* didn't get the reference to "passim". No, I think that you probably swallowed the Oxford English Dictionary when you were about eighteen months old, and that explains your vocabulary. ;-) [0] Yes, I realize that I've fallen way off this level since then, as I have repeatedly demonstrated on this and other FreeBSD-related mailing lists. I guess life is just one big downhill ride. -- Brad Knowles, #!/usr/bin/perl -w # 531-byte qrpff-fast, Keith Winstein and Marc Horowitz # MPEG 2 PS VOB file on stdin -> descrambled output on stdout # arguments: title key bytes in least to most-significant order # Usage: # qrpff 153 2 8 105 225 /mnt/dvd/VOB_FILE_NAME | extract_mpeg2 | mpeg2_dec - $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c^=( $m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%16 -2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h =5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$ d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^ $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^ (($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval From sage-members-owner@usenix.org Mon Mar 12 13:28:50 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2CLMAG23785 for sage-members-outgoing; Mon, 12 Mar 2001 13:22:10 -0800 (PST) Received: from emis-intl.com ([208.226.242.25]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2CLM8G23781 for ; Mon, 12 Mar 2001 13:22:09 -0800 (PST) Received: from rdulnx003.emis-intl.com (rdulnx003.emis-intl.com [10.90.132.28]) by emis-intl.com (8.9.3+Sun/8.9.3) with ESMTP id QAA04739; Mon, 12 Mar 2001 16:21:56 -0500 (EST) Received: (from majordomo@localhost) by rdulnx003.emis-intl.com (8.9.3/8.9.3) id QAA31336 for ncsa-announce-outgoing; Mon, 12 Mar 2001 16:01:42 -0500 Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by rdulnx003.emis-intl.com (8.9.3/8.9.3) with ESMTP id QAA31332 for ; Mon, 12 Mar 2001 16:01:39 -0500 Received: from moe.cs.duke.edu (moe.cs.duke.edu [152.3.140.74]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id IAA03807 for ; Mon, 12 Mar 2001 08:46:56 -0500 (EST) Received: from localhost (des@localhost) by moe.cs.duke.edu (8.8.5/8.6.9) with ESMTP id IAA14490 for ; Mon, 12 Mar 2001 08:46:56 -0500 (EST) X-Authentication-Warning: moe.cs.duke.edu: des owned process doing -bs Date: Mon, 12 Mar 2001 08:46:56 -0500 (EST) From: "Daniel E. Singer" To: sage-members@usenix.org Subject: Reminder: NC*SA Meeting - Monday, March 12, 2001 - XML/Docbook Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk The next meeting of the North Carolina System Administrators organization (NC*SA) is TONIGHT! Details about the meeting and directions are provided in this note. We hope to see you there! NC*SA General Meeting 6:00 p.m., Monday, March 12, 2001 Dreyfus Laboratory Research Triangle Institute Research Triangle Park, NC (directions below) Topic: "Practical Linux SGML/XML for Sysadmins: A Configuration Tour via DocBook" Speaker: Mark Johnson, Senior Lecturing Fellow, Physics Department, Duke University Please see the end of this announcement for a list of our sponsors. ============================== Presentation abstract: From the KDE and Gnome help systems to the impending galactic assimilation by all things XML, the ubiquity of SGML is becoming hard to ignore. And, as a sysadmin, you may soon be fielding requests to install, troubleshoot or customize a Linux-based SGML system. The good news is that it's not at all difficult to understand the configuration of these systems. The bad news is that current configuration methods will shortly be obsolete. In this talk I'll cover the current SGML configuration models used by Redhat and Debian, and discuss the proposed new LSB SGML/XML standard. My customized documentation publishing system based on the DocBook DTD will provide both the context for the configuration discussion, and the setting for a number of publishing demonstrations. Speaker bio: Mark Johnson acquired his knowledge of SGML, and XML, and DocBook by employing one of the most sophisticated learning methods in existence: trial and error. Playing the dual roles of user and administrator, he developed and managed a number of software documentation projects related to his job in physics education. He claims to have developed custom packages that make his DocBook systems user-friendly enough for absolute newbies, and has recently joined the Debian project as maintainer of a number of DocBook XML packages and processing tools. He is a Senior Lecturing Fellow in the Physics Department at Duke University. ============================== Our meetings are free and open to anyone with an interest in the topic of the evening and/or system administration. We will be providing food and drink for the evening. If you have any questions please contact the Steering Committee at: ncsa-steer@ncsysadmin.org ============================== For information about the NC System Administrators group, please see our web site at . We have several usually-low-volume mailing lists that you can join: ncsa-discussion .. general discussion ncsa-announce .... meeting announcements ncsa-jobs ........ employment opportunities ncsa-steer ....... steering committee These are currently run on a Majordomo list manager at ; usual majordomo commands apply. Please see this page on our web site for more information about these lists: For other information on (un)subscribing from this, or any other NC*SA list, send e-mail to . Put the word 'help' on a line by itself to receive instructions on proper interaction with majordomo. When unsubscribing feel free to use the wildcard (*) to insure that you are removed from all of our lists in one fell swoop. (Please note, if you are a member of , you will also get a copy of these announcements. We cannot unsubscribe you from that list.) ============================== Directions to Research Triangle Institute: Please see this page on our web site for directions to the meeting: . If you do not have web access, please send e-mail to , and we will send them to you. For a map of RTI, please see: . ============================== Sponsors and Underwriters ============================== Gold Sponsors ------------- The following organizations have been major contributors to NC*SA. Their generous contributions and funding have been instrumental in the continued success of NC*SA: Auspex Dot Hill Duke University Computer Science Lab Network Computing Solutions, Inc. Pencom StorNet Silver Sponsors --------------- The following organizations and individuals have made significant contributions to and have underwritten meetings of NC*SA. Research Triangle Institute ........ provide our meeting space eMerging Information Systems ....... host our mailing lists WebslingerZ, Inc. .................. host our web site ===== End ===== From sage-members-owner@usenix.org Mon Mar 12 14:22:51 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2CMH0L24065 for sage-members-outgoing; Mon, 12 Mar 2001 14:17:00 -0800 (PST) Received: from spliff.LuftHans.com (cpe-24-221-1-115.az.sprintbbd.net [24.221.1.115]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2CMGwG24061 for ; Mon, 12 Mar 2001 14:16:58 -0800 (PST) Received: from localhost ([::ffff:127.0.0.1]) by spliff.LuftHans.com with esmtp (Exim 3.12 #1 (Debian)) id 14cacM-0001qy-00; Mon, 12 Mar 2001 15:16:42 -0700 Date: Mon, 12 Mar 2001 15:16:41 -0700 (MST) From: "der.hans" X-Sender: lufthans@spliff.LuftHans.com To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: 255.255.255.255 and multicast In-Reply-To: <20010312124756.B182@tao.muc.diraba.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by usenix.org id f2CMH0G24062 Sender: owner-sage-members@usenix.org Precedence: bulk Am 12. Mar, 2001 schwäzte Gabriel Krabbe so: > Never mind "stupid". Tell them to use WINS servers, show them RFCs 919 > and 929, and block away. They're going through some router, so they're > leaving their physical network, so the address 0xffffffff shouldn't be > going anywhere. Section 7 of RFC 919 seems to be pretty clear about not forwarding broadcasts for 255.255.255.255, so those shouldn't be coming in. I also find section 1.2 of www.sans.org/dosstep/index.htm to be pretty explicit about what types of traffic shouldn't be leaving a network. I don't see, however, how 1.1 prevents valid source addresses from sending to 255.255.255.255, etc. I'm noting a bunch of traffic today from 169.254.x.x. I guess that's some m$ thing that has a couple of RFCs for boxen without a proper network setup. All the boxen on our network should be setup properly. Tomorrow the witch hunt begins :). cioa, der.hans -- # der.hans@LuftHans.com home.pages.de/~lufthans/ www.YourCompanyHere.net ;-) # You can't handle the source! - der.hans From sage-members-owner@usenix.org Mon Mar 12 17:21:06 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2D1FLk25416 for sage-members-outgoing; Mon, 12 Mar 2001 17:15:21 -0800 (PST) Received: from paladin.globnix.org (paladin.globnix.org [195.11.247.40]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2D1FHG25412 for ; Mon, 12 Mar 2001 17:15:19 -0800 (PST) Received: by paladin.globnix.org with local id 14cdP3-00001h-00 for multiple recipients; Tue, 13 Mar 2001 01:15:09 +0000 Date: Tue, 13 Mar 2001 02:15:09 +0100 From: Phil Pennock To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: 255.255.255.255 and multicast Message-ID: <20010313021509.A8776@globnix.org> Mail-Followup-To: "der.hans" , sage-members@usenix.org References: <20010312124756.B182@tao.muc.diraba.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from SAGE@LuftHans.com on Mon, Mar 12, 2001 at 03:16:41PM -0700 Organisation: Organisation? Here? No, over there ----> X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine and mine alone. Such views do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. X-Phase-of-Moon: The Moon is Waning Gibbous (86% of Full) X-No-Archive: yes Sender: owner-sage-members@usenix.org Precedence: bulk On 2001-03-12 at 15:16 -0700, der.hans gifted us with: > I'm noting a bunch of traffic today from 169.254.x.x. I guess that's some > m$ thing that has a couple of RFCs for boxen without a proper network > setup. All the boxen on our network should be setup properly. Tomorrow the > witch hunt begins :). Almost, except that it's not MS. Naughtily quoting an IETF draft, in this case draft-manning-dsua-06.txt: 169.254.0.0/16 has been ear-marked as the IP range to use for end node auto-configuration when a DHCP server may not be found. As such, network operations and administrators should be VERY aggressive in ensuring that neither route advertisements nor packet forwarding should occur across any media boundaries. This is true for the Internet as well as any private networks that use the IP protocols. End node administrators should be aware that some vendors will auto-configure and add this prefix to the nodes forwarding table. This will cause problems with sites that run router discovery or deprecated routing protocols such as RIP. That draft is well worth reading if you want to know which netblocks are special-cased and should perhaps be filtered if you are free to do so. Find the drafts in the 'internet-drafts' subdirectory of your nearest InterNIC mirror. -- "The Internet is full of people doing weird shit." - network engineer From sage-members-owner@usenix.org Tue Mar 13 11:15:59 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2DJ5Vj28836 for sage-members-outgoing; Tue, 13 Mar 2001 11:05:31 -0800 (PST) Received: from spliff.LuftHans.com (cpe-24-221-1-115.az.sprintbbd.net [24.221.1.115]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2DJ5PG28832 for ; Tue, 13 Mar 2001 11:05:26 -0800 (PST) Received: from localhost ([::ffff:127.0.0.1]) by spliff.LuftHans.com with esmtp (Exim 3.12 #1 (Debian)) id 14cu6i-0006Bj-00 for ; Tue, 13 Mar 2001 12:05:20 -0700 Date: Tue, 13 Mar 2001 12:05:20 -0700 (MST) From: "der.hans" X-Sender: lufthans@spliff.LuftHans.com To: sage-members@usenix.org Subject: log munging w/ RedHat Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk moin, moin, I'm consulting at a place that has lots of RedHat boxen. Unfortunately before I got here they weren't adding security updates and didn't have a firewall. Consequently they were pretty well all cracked. I can take care of that. What I'm not sure about is a logchecking program that comes with RedHat. I'm using logcheck with debian, but that doesn't appear to be packaged with RedHat and has been pretty dormant upstream. Since I'm consulting and my client is stuck with whatever I put in place, I'd like something that comes with the dist such that they get security updates, bug fixes, improvements etc. as part of their normal patch and upgrade cycle no matter who comes in behind me. My local LUG hasn't had much to offer as to what is available. danke, der.hans -- # der.hans@LuftHans.com home.pages.de/~lufthans/ www.YourCompanyHere.net ;-) # It's up to the reader to make the book interesting. # An author has only the opportunity to make it uninteresting. - der.hans From sage-members-owner@usenix.org Tue Mar 13 11:31:10 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2DJQmL29015 for sage-members-outgoing; Tue, 13 Mar 2001 11:26:48 -0800 (PST) Received: from spliff.LuftHans.com (cpe-24-221-1-115.az.sprintbbd.net [24.221.1.115]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2DJQjG29008 for ; Tue, 13 Mar 2001 11:26:46 -0800 (PST) Received: from localhost ([::ffff:127.0.0.1]) by spliff.LuftHans.com with esmtp (Exim 3.12 #1 (Debian)) id 14cuOV-0006Ua-00; Tue, 13 Mar 2001 12:23:43 -0700 Date: Tue, 13 Mar 2001 12:23:42 -0700 (MST) From: "der.hans" X-Sender: lufthans@spliff.LuftHans.com To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: 255.255.255.255 and multicast In-Reply-To: <20010313021509.A8776@globnix.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by usenix.org id f2DJQlG29012 Sender: owner-sage-members@usenix.org Precedence: bulk Am 13. Mar, 2001 schwäzte Phil Pennock so: > Almost, except that it's not MS. Yes, I appear to have jumped the gun on that, sorry. > Naughtily quoting an IETF draft, in this case draft-manning-dsua-06.txt: Thanks for pointing out the newest edition! > That draft is well worth reading if you want to know which netblocks are > special-cased and should perhaps be filtered if you are free to do so. > Find the drafts in the 'internet-drafts' subdirectory of your nearest > InterNIC mirror. I'm trying to dd it into my brain right now :). BTW, obPassim: Obviously that one got past me too. My english ain't too bad either. Funny thing for me is the amount of responses we get to these types of things. I think the longest thread I've seen on this list was a grammatical question posted a couple of years ago. I remember someone going off on 'who' vs. 'whom' :). ciao, der.hans -- # der.hans@LuftHans.com home.pages.de/~lufthans/ www.YourCompanyHere.net ;-) # Knowledge is useless unless it's shared. - der.hans From sage-members-owner@usenix.org Tue Mar 13 12:27:24 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2DKMHN29458 for sage-members-outgoing; Tue, 13 Mar 2001 12:22:17 -0800 (PST) Received: from paladin.globnix.org (paladin.globnix.org [195.11.247.40]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2DKMFG29454 for ; Tue, 13 Mar 2001 12:22:16 -0800 (PST) Received: by paladin.globnix.org with local id 14cvJ6-00048j-00 for sage-members@usenix.org; Tue, 13 Mar 2001 20:22:12 +0000 Date: Tue, 13 Mar 2001 21:22:12 +0100 From: Phil Pennock To: sage-members@usenix.org Subject: Re: 255.255.255.255 and multicast Message-ID: <20010313212212.A16629@globnix.org> Mail-Followup-To: sage-members@usenix.org References: <20010313021509.A8776@globnix.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from SAGE@LuftHans.com on Tue, Mar 13, 2001 at 12:23:42PM -0700 Organisation: Organisation? Here? No, over there ----> X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine and mine alone. Such views do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. X-Phase-of-Moon: The Moon is Waning Gibbous (79% of Full) X-No-Archive: yes Sender: owner-sage-members@usenix.org Precedence: bulk On 2001-03-13 at 12:23 -0700, der.hans gifted us with: > > Naughtily quoting an IETF draft, in this case draft-manning-dsua-06.txt: > > Thanks for pointing out the newest edition! draft 1id-index.txt is your friend. That, and my rfc fetch-(if-not-present_or-forced)_then_view script. :^) If interested, pick up a copy from where I justed dumped it. Needs $nicmirror changing to something local, ~/share/rfc created and for convenience, drop in links for other names to invoke it by so that it defaults to fetching that type of document (std, fyi, bcp & draft). "rfc -h" helps, or come after me with a stick if the Perl is really that unclear. It uses a per-user disk cache, rather than messing around. > I think the longest thread I've seen on this list was a > grammatical question posted a couple of years ago. I remember someone > going off on 'who' vs. 'whom' :). Why am I not surprised? :^) -- First snow, then silence. This thousand dollar screen dies so beautifully. From sage-members-owner@usenix.org Tue Mar 13 13:56:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2DLoYC00095 for sage-members-outgoing; Tue, 13 Mar 2001 13:50:34 -0800 (PST) Received: from firewater.mpv.com (ip115.110.136.216.in-addr.arpa [216.136.110.115] (may be forged)) by usenix.org (8.11.0/8.11.0) with ESMTP id f2DLoSG00091 for ; Tue, 13 Mar 2001 13:50:32 -0800 (PST) Received: from adios.duckland.org (IDENT:root@adios.mpv.com [10.0.0.140]) by firewater.mpv.com (8.9.3/8.9.3) with ESMTP id PAA27789; Tue, 13 Mar 2001 15:50:22 -0600 Received: (from duck@localhost) by adios.duckland.org (8.11.2/8.11.2) id f2DLoKE28798; Tue, 13 Mar 2001 15:50:20 -0600 Date: Tue, 13 Mar 2001 15:50:20 -0600 From: Don Duck Harper To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: log munging w/ RedHat Message-ID: <20010313155019.I1194@duckland.org> Reply-To: Don Duck Harper References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from SAGE@LuftHans.com on Tue, Mar 13, 2001 at 12:05:20PM -0700 X-No-Archive: yes X-WARNING1: Pursuant to US Code. Title 47. Chapter 5. Subchapter, X-WARNING2: II. Sec. 227. any and all nonsolicited commercial E-mail, X-WARNING3: sent to this address is subject to a download and archival, X-WARNING4: fee in the amount of $500 US. E-mailing denotes acceptance, X-WARNING5: of these terms. Sender: owner-sage-members@usenix.org Precedence: bulk Sure it is. http://rpmfind.net/linux/RPM/contrib/libc6/i386/logcheck-1.1.1-1.i386.html And, I think it is in the beta for RH 7.1, so RH is picking it up in the main distribution. Don On Tue, Mar 13, 2001 at 12:05:20PM -0700, der.hans wrote to To sage-members@usenix.org: :-) moin, moin, :-) :-) I'm consulting at a place that has lots of RedHat boxen. Unfortunately :-) before I got here they weren't adding security updates and didn't have a :-) firewall. Consequently they were pretty well all cracked. I can take care :-) of that. :-) :-) What I'm not sure about is a logchecking program that comes with :-) RedHat. I'm using logcheck with debian, but that doesn't appear to be :-) packaged with RedHat and has been pretty dormant upstream. :-) :-) Since I'm consulting and my client is stuck with whatever I put in place, :-) I'd like something that comes with the dist such that they get security :-) updates, bug fixes, improvements etc. as part of their normal patch and :-) upgrade cycle no matter who comes in behind me. :-) :-) My local LUG hasn't had much to offer as to what is available. :-) :-) danke, :-) :-) der.hans :-) -- :-) # der.hans@LuftHans.com home.pages.de/~lufthans/ www.YourCompanyHere.net ;-) :-) # It's up to the reader to make the book interesting. :-) # An author has only the opportunity to make it uninteresting. - der.hans :-) :-) -- Don Harper, RHCE, MCSE email: duck@duckland.org Just a systems kinda guy... http://www.duckland.org #!/usr/bin/perl -w # 531-byte qrpff-fast, Keith Winstein and Marc Horowitz # MPEG 2 PS VOB file on stdin -> descrambled output on stdout # arguments: title key bytes in least to most-significant order $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c^=( $m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%16 -2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h =5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$ d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^ $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^ (($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval Bad Types of Testing: DIGRESSION TESTING: Well, it works, but can I tell you about my truck... From sage-members-owner@usenix.org Tue Mar 13 14:12:03 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2DM7jw00295 for sage-members-outgoing; Tue, 13 Mar 2001 14:07:45 -0800 (PST) Received: from denali.loopback.net ([199.183.24.200]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2DM7hG00291 for ; Tue, 13 Mar 2001 14:07:43 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f2DM5uT04243; Tue, 13 Mar 2001 17:05:56 -0500 Date: Tue, 13 Mar 2001 17:05:56 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: log munging w/ RedHat Message-ID: <20010313170556.I1274@redhat.com> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="W/D3X8sky0X3AmG5" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from SAGE@LuftHans.com on Tue, Mar 13, 2001 at 12:05:20PM -0700 Sender: owner-sage-members@usenix.org Precedence: bulk --W/D3X8sky0X3AmG5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 13, 2001 at 12:05:20PM -0700, der.hans mailed: > What I'm not sure about is a logchecking program that comes with > RedHat. I'm using logcheck with debian, but that doesn't appear to be > packaged with RedHat and has been pretty dormant upstream. >=20 > Since I'm consulting and my client is stuck with whatever I put in place, > I'd like something that comes with the dist such that they get security > updates, bug fixes, improvements etc. as part of their normal patch and > upgrade cycle no matter who comes in behind me. Red Hat does not provide a log filter with the distribution. We do offer logrotate to help manage log sizes and (obviously) rotation, but nothing to filter. --=20 Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary= ." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --W/D3X8sky0X3AmG5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6rpnE5AZBSxmJOhkRAtg1AJ4o2K7haFHvymv2q02oQDwGBZq4fACfWSiI hAY46lh+bcupBTbvV1XitE4= =XuPU -----END PGP SIGNATURE----- --W/D3X8sky0X3AmG5-- From sage-members-owner@usenix.org Tue Mar 13 14:45:46 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2DMfK100587 for sage-members-outgoing; Tue, 13 Mar 2001 14:41:20 -0800 (PST) Received: from enfusion-group.com (cr949225-b.rchrd1.on.wave.home.com [24.112.58.97]) by usenix.org (8.11.0/8.11.0) with SMTP id f2DMfJG00583 for ; Tue, 13 Mar 2001 14:41:19 -0800 (PST) Received: (qmail 17290 invoked by uid 500); 13 Mar 2001 17:41:08 -0500 Date: Tue, 13 Mar 2001 17:41:08 -0500 From: Adrian Chung To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: log munging w/ RedHat Message-ID: <20010313174108.A17108@rogue.enfusion-group.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from SAGE@LuftHans.com on Tue, Mar 13, 2001 at 12:05:20PM -0700 X-Operating-System: Linux 2.2.18 i686 Organization: Enfusion Group Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, Mar 13, 2001 at 12:05:20PM -0700, der.hans wrote: > RedHat. I'm using logcheck with debian, but that doesn't appear to be > packaged with RedHat and has been pretty dormant upstream. I'm sure others on the list will correct me quickly, althugh I'm not aware of any log checking/analysis programs that come with RedHat. Although I do use logcheck, I downloaded it and installed it from the original source, there are RPMS, none that I know of supported by RedHat, but a quick search shows that Mandrake, and Conectiva ship packages. -- Adrian Chung - adrian@enfusion-group.com http://www.enfusion-group.com/~adrian From sage-members-owner@usenix.org Wed Mar 14 07:23:05 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2EFF1w03573 for sage-members-outgoing; Wed, 14 Mar 2001 07:15:01 -0800 (PST) Received: from denali.loopback.net ([199.183.24.200]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2EFEuG03569 for ; Wed, 14 Mar 2001 07:14:56 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f2EFEHn02460; Wed, 14 Mar 2001 10:14:17 -0500 Date: Wed, 14 Mar 2001 10:14:17 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: log munging w/ RedHat Message-ID: <20010314101417.E1266@redhat.com> References: <20010313155019.I1194@duckland.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="xJK8B5Wah2CMJs8h" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010313155019.I1194@duckland.org>; from duck@duckland.org on Tue, Mar 13, 2001 at 03:50:20PM -0600 Sender: owner-sage-members@usenix.org Precedence: bulk --xJK8B5Wah2CMJs8h Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 13, 2001 at 03:50:20PM -0600, Don Duck Harper mailed: > And, I think it is in the beta for RH 7.1, so RH is picking it up in the = main distribution. It's not. --=20 Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary= ." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --xJK8B5Wah2CMJs8h Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6r4rJ5AZBSxmJOhkRAswGAJ4udIOjLRtrz0RipXOFdnxOARpcHQCaAygH fXQXbL2mN8FW6x1+sLfSzCw= =s+Nr -----END PGP SIGNATURE----- --xJK8B5Wah2CMJs8h-- From sage-members-owner@usenix.org Wed Mar 14 08:28:43 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2EGMn903778 for sage-members-outgoing; Wed, 14 Mar 2001 08:22:49 -0800 (PST) Received: from trinity.fluff.org (mail@trinity.fluff.org [194.153.168.225]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2EGMlG03774 for ; Wed, 14 Mar 2001 08:22:47 -0800 (PST) Received: from ajr by trinity.fluff.org with local (Exim 3.12) id 14dE2L-0002Xm-00 for sage-members@usenix.org ; Wed, 14 Mar 2001 16:22:09 +0000 Date: Wed, 14 Mar 2001 16:22:09 +0000 To: sage-members@usenix.org Subject: Re: log munging w/ RedHat Message-ID: <20010314162209.A7205@btinternet.com> Reply-To: ade.rixon@bigfoot.com Mail-Followup-To: ajr, sage-members@usenix.org References: <20010313155019.I1194@duckland.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010313155019.I1194@duckland.org>; from duck@duckland.org on Tue, Mar 13, 2001 at 03:50:20PM -0600 X-Home-Page: http://www.big-bubbles.home.dhs.org/ From: Adrian Rixon Sender: owner-sage-members@usenix.org Precedence: bulk 13 Mar 03:50:20 PM: Meanwhile in the Sheraton, Don Duck Harper wrote: > http://rpmfind.net/linux/RPM/contrib/libc6/i386/logcheck-1.1.1-1.i386.html There is also a Perl script called logwatch, which I use at home: http://rpmfind.net/linux/RPM/powertools/6.2/sparc/noarch/logwatch-1.6.6-2.noarch.html Red Hat include 1.6.6 on the Powertools 6.2 CD (which means it will be included in security updates), although an RPM of the 2.1.1 release is available from the original site (http://www.kaybee.org/~kirk/html/linux.html). However, I don't know if Red Hat plan to continue supporting it. Ade_ / -- | Ade Rixon || http://www.big-bubbles.home.dhs.org/ || ade.rixon@bigfoot.com | "The Englishman has all the qualities of a poker, except its occasional warmth." - Daniel O'Connell From sage-members-owner@usenix.org Wed Mar 14 08:58:15 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2EGrxH03953 for sage-members-outgoing; Wed, 14 Mar 2001 08:53:59 -0800 (PST) Received: from denali.loopback.net ([199.183.24.200]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2EGrvG03949 for ; Wed, 14 Mar 2001 08:53:58 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f2EGrHd04227; Wed, 14 Mar 2001 11:53:17 -0500 Date: Wed, 14 Mar 2001 11:53:17 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: log munging w/ RedHat Message-ID: <20010314115317.M1266@redhat.com> References: <20010313155019.I1194@duckland.org> <20010314101417.E1266@redhat.com> <20010314104948.A1389@duckland.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="GeONROBiaq1zPAtT" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010314104948.A1389@duckland.org>; from duck@duckland.org on Wed, Mar 14, 2001 at 10:49:49AM -0600 Sender: owner-sage-members@usenix.org Precedence: bulk --GeONROBiaq1zPAtT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 14, 2001 at 10:49:49AM -0600, Don Duck Harper mailed: > On Wed, Mar 14, 2001 at 10:14:17AM -0500, Bryan C. Andregg wrote to To Do= n Duck Harper: > :-) On Tue, Mar 13, 2001 at 03:50:20PM -0600, Don Duck Harper mailed: > :-) > And, I think it is in the beta for RH 7.1, so RH is picking it up i= n the main distribution. > :-)=20 > :-) It's not. >=20 > RH 7.1 Public Beta Powertools. Ah Powertools !=3D Distribution. --=20 Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary= ." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --GeONROBiaq1zPAtT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6r6H95AZBSxmJOhkRAs2vAJwMGvRwW0nPhu3lPrxgYK1aK1b1zgCfdWsY oEd+BALemng+P3nZBdxUvX4= =W/Fv -----END PGP SIGNATURE----- --GeONROBiaq1zPAtT-- From sage-members-owner@usenix.org Wed Mar 14 10:18:44 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2EIDXu04757 for sage-members-outgoing; Wed, 14 Mar 2001 10:13:33 -0800 (PST) Received: from mr1.ash.ops.us.uu.net (mr1.ash.ops.us.uu.net [198.5.241.86]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2EIDRG04742 for ; Wed, 14 Mar 2001 10:13:27 -0800 (PST) Received: from firewater.mpv.com by mr1.ash.ops.us.uu.net with ESMTP (peer crosschecked as: ip115.110.136.216.in-addr.arpa [216.136.110.115] (may be forged)) id QQkgil25083 for ; Wed, 14 Mar 2001 16:50:02 GMT Received: from adios.duckland.org (IDENT:root@adios.mpv.com [10.0.0.152]) by firewater.mpv.com (8.9.3/8.9.3) with ESMTP id KAA01760; Wed, 14 Mar 2001 10:49:50 -0600 Received: (from duck@localhost) by adios.duckland.org (8.11.2/8.11.2) id f2EGnnZ04609; Wed, 14 Mar 2001 10:49:49 -0600 Date: Wed, 14 Mar 2001 10:49:49 -0600 From: Don Duck Harper To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: log munging w/ RedHat Message-ID: <20010314104948.A1389@duckland.org> Reply-To: Don Duck Harper References: <20010313155019.I1194@duckland.org> <20010314101417.E1266@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010314101417.E1266@redhat.com>; from bandregg@redhat.com on Wed, Mar 14, 2001 at 10:14:17AM -0500 X-No-Archive: yes X-WARNING1: Pursuant to US Code. Title 47. Chapter 5. Subchapter, X-WARNING2: II. Sec. 227. any and all nonsolicited commercial E-mail, X-WARNING3: sent to this address is subject to a download and archival, X-WARNING4: fee in the amount of $500 US. E-mailing denotes acceptance, X-WARNING5: of these terms. Sender: owner-sage-members@usenix.org Precedence: bulk On Wed, Mar 14, 2001 at 10:14:17AM -0500, Bryan C. Andregg wrote to To Don Duck Harper: :-) On Tue, Mar 13, 2001 at 03:50:20PM -0600, Don Duck Harper mailed: :-) > And, I think it is in the beta for RH 7.1, so RH is picking it up in the main distribution. :-) :-) It's not. RH 7.1 Public Beta Powertools. Don -- Don Harper, RHCE, MCSE email: duck@duckland.org Just a systems kinda guy... http://www.duckland.org #!/usr/bin/perl -w # 531-byte qrpff-fast, Keith Winstein and Marc Horowitz # MPEG 2 PS VOB file on stdin -> descrambled output on stdout # arguments: title key bytes in least to most-significant order $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c^=( $m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%16 -2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h =5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$ d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^ $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^ (($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval POSITIVE: Mistaken at the top of one's voice. -Ambrose Bierce From sage-members-owner@usenix.org Thu Mar 15 19:33:20 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2G3NrF13377 for sage-members-outgoing; Thu, 15 Mar 2001 19:23:53 -0800 (PST) Received: from sparcplug.greymouser.com (sparcplug.greymouser.com [12.5.48.56]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2G3NmG13373 for ; Thu, 15 Mar 2001 19:23:52 -0800 (PST) Received: by sparcplug.greymouser.com (Postfix, from userid 9930) id A125B3D89F; Thu, 15 Mar 2001 22:23:38 -0500 (EST) Date: Thu, 15 Mar 2001 22:23:38 -0500 From: Phil Scarr To: "sage-members@usenix.org Sun Managers List" Subject: Switched Fiber-Channel SAN Message-ID: <20010315222338.A21895@greymouser.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i Sender: owner-sage-members@usenix.org Precedence: bulk Does anybody have recent experience with a switched-fabric FC SAN? In particular, we're looking at an EMC Clariion 4700 disk with Brocade 2800 FC switches. I'm concerned with the reliability and manageability of this setup, compared with a (simpler, non-SAN) set of discrete Sun 5200s or T3s. -Phil -- GREYMOUSER CONSULTING System, Network and Security Architecture and Administration for Central Virginia (http://www.greymouser.com) * S o l a r i s * H P - U X * L I N U X * W i n d o w s N T * From sage-members-owner@usenix.org Mon Mar 19 07:24:18 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2JFCQY22956 for sage-members-outgoing; Mon, 19 Mar 2001 07:12:26 -0800 (PST) Received: from fs1.thethinkingmedia.com (fs1.thethinkingmedia.com [199.95.200.6]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2JFCOG22952 for ; Mon, 19 Mar 2001 07:12:25 -0800 (PST) Received: by fs1 with Internet Mail Service (5.5.2448.0) id ; Mon, 19 Mar 2001 10:18:55 -0500 Message-ID: <605C8BA7EAB9D411920C009027991473053192@fs1> From: Elizabeth Genco To: sage-members@usenix.org Subject: UPS solutions Date: Mon, 19 Mar 2001 10:18:47 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk Hi there -- We've got a number of UPSes here that are due to be replaced. I've never shopped for UPSes before, so I'd like to get some opinions on what to buy and how to use them (ie., how many servers should be plugged into each one). For servers, we've got about 10 Sun Ultra 5's, a couple of Linux boxes (running on your run-of-the-mill Dell PC system) and one Sun 3500. Please send your good experiences and horror stories to me; if there's enough interest, I'll post the responses in one big post. Thanks! Elizabeth From sage-members-owner@usenix.org Mon Mar 19 10:11:22 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2JI2au24375 for sage-members-outgoing; Mon, 19 Mar 2001 10:02:36 -0800 (PST) Received: from web1205.mail.yahoo.com (web1205.mail.yahoo.com [128.11.23.141]) by usenix.org (8.11.0/8.11.0) with SMTP id f2JI2ZG24371 for ; Mon, 19 Mar 2001 10:02:35 -0800 (PST) Received: (qmail 12695 invoked by uid 60001); 19 Mar 2001 18:02:30 -0000 Message-ID: <20010319180230.12694.qmail@web1205.mail.yahoo.com> Received: from [63.73.135.46] by web1205.mail.yahoo.com; Mon, 19 Mar 2001 10:02:30 PST Date: Mon, 19 Mar 2001 10:02:30 -0800 (PST) From: Jonathan Hoefker Subject: Anyone use a Paradyne Comsphere 3610? To: sage-members@usenix.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-sage-members@usenix.org Precedence: bulk Greetings, I was wondering if any fellow SAGE members had any experience dealing with any Paradyne Comsphere units? We currently have a pair of them connected via a 56k DDS link between our site and our customers site. It is currently running in TDM mode with ports 1 and 2 active running at 9.6k (that's as fast as our customer can handle). Bisync is the communication protocol between us. The problem has been getting communication to be solid on port 2. The link is solid between us. I can get into the remote unit fine. There is constant chatter on port 1. Near the end of last week, we finally managed to get the same behavior out of port 2 as well. We left for the weekend thinking things were fixed. Naturally, that isn't the case. Nothing has chnaged on either unit and now there is no communication on port 2. For as much as I've weeded through the Paradyne manuals, I can't find what's wrong or even potentially wrong. Any help would be greatly appreciated. Jonathan Hoefker __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ From sage-members-owner@usenix.org Mon Mar 19 11:41:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2JJXg624879 for sage-members-outgoing; Mon, 19 Mar 2001 11:33:42 -0800 (PST) Received: from bantha.org (postfix@208.241.154-dsl-117.ntrnet.net [208.241.154.117]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2JJXeG24875 for ; Mon, 19 Mar 2001 11:33:40 -0800 (PST) Received: by bantha.org (Postfix, from userid 1014) id 6F38166B30; Mon, 19 Mar 2001 14:33:34 -0500 (EST) Date: Mon, 19 Mar 2001 14:33:34 -0500 From: Chris Palmer To: sage-members@usenix.org Subject: Re: UPS solutions Message-ID: <20010319143334.A49222@azuen.net> Mail-Followup-To: sage-members@usenix.org References: <605C8BA7EAB9D411920C009027991473053192@fs1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <605C8BA7EAB9D411920C009027991473053192@fs1>; from elizabeth.genco@sonatainc.com on Mon, Mar 19, 2001 at 10:18:47AM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk On 19/03/01, Elizabeth Genco wrote: > > Hi there -- > > We've got a number of UPSes here that are due to be replaced. I've never > shopped for UPSes before, so I'd like to get some opinions on what to buy > and how to use them (ie., how many servers should be plugged into each one). > For servers, we've got about 10 Sun Ultra 5's, a couple of Linux boxes > (running on your run-of-the-mill Dell PC system) and one Sun 3500. Please > send your good experiences and horror stories to me; if there's enough > interest, I'll post the responses in one big post. The APC website has a rather nice calculator by which you enter your power requirements and they'll tell you what to buy; you can of course go a little lower than they recommend, but on the whole it's decently accurate, and APC's are decent UPSes. http://www.apc.com -Chris Palmer -- -- Chris Palmer 135 Rollstone Road Fitchburg, MA 01420 From sage-members-owner@usenix.org Mon Mar 19 12:20:37 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2JKG3h25154 for sage-members-outgoing; Mon, 19 Mar 2001 12:16:03 -0800 (PST) Received: from motgate4.mot.com (motgate4.mot.com [144.189.100.102]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2JKG2G25150 for ; Mon, 19 Mar 2001 12:16:02 -0800 (PST) Received: [from pobox4.mot.com (pobox4.mot.com [10.64.251.243]) by motgate4.mot.com (motgate4 2.1) with ESMTP id NAA01925 for ; Mon, 19 Mar 2001 13:15:57 -0700 (MST)] Received: [from plnt014.comm.mot.com (plantation.comm.mot.com [145.2.198.69]) by pobox4.mot.com (MOT-pobox4 2.0) with ESMTP id NAA17010 for ; Mon, 19 Mar 2001 13:15:57 -0700 (MST)] Received: from admin01.comm.mot.com (plhp002.comm.mot.com [173.40.22.12]) by plnt014.comm.mot.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id G9KATJ1K; Mon, 19 Mar 2001 15:15:56 -0500 Received: from plhp049.comm.mot.com (plhp049 [173.41.21.44]) by admin01.comm.mot.com (8.9.3 (PHNE_18979)/8.8.6) with ESMTP id PAA08092 for ; Mon, 19 Mar 2001 15:14:44 -0500 (EST) Received: (from brownmic@localhost) by plhp049.comm.mot.com (8.9.3 (PHNE_18546)/8.8.6) id PAA18295 for sage-members@usenix.org; Mon, 19 Mar 2001 15:14:38 -0500 (EST) From: Michael Rogero Brown Message-Id: <200103192014.PAA18295@plhp049.comm.mot.com> Subject: Re: UPS solutions To: sage-members@usenix.org Date: Mon, 19 Mar 2001 15:14:37 -0500 (EST) In-Reply-To: <605C8BA7EAB9D411920C009027991473053192@fs1> from Elizabeth Genco at Mar "19, " 2001 "10:18:47" am X-Mailer: ELM [$Revision: 1.17.214.2 $] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk All- At our site we use APC UPSs to protect our workstations (NT, Unix, etc). The model we currently use for the workstations is the Backups Pro 650. We have several thousand of these to protect our many workstations. For the most part, our servers are in server rooms which is on a single big facility UPS, so for the most part we don't deal with individual UPSs for servers. HOWEVER, you can go to APC's web site and they apparently have a great config tool that will give you recommendations for what APC UPS you need to obtain for your servers, based on their power consumption. Hope this helps Michael Brown -- Michael Rogero Brown | Disclaimer: I speak only for myself. Unix/NT Systems Support | Any opinions expressed are my own Motorola, CGISS/CE | and do not reflect the opinions of email: emb021@email.mot.com | Motorola. From sage-members-owner@usenix.org Mon Mar 19 16:09:15 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2K03YV27009 for sage-members-outgoing; Mon, 19 Mar 2001 16:03:34 -0800 (PST) Received: from blount.mail.mindspring.net (blount.mail.mindspring.net [207.69.200.226]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2K03WG27005 for ; Mon, 19 Mar 2001 16:03:32 -0800 (PST) Received: from 11 (host11.lithocraft.com [209.108.34.11] (may be forged)) by blount.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id TAA25704; Mon, 19 Mar 2001 19:03:17 -0500 (EST) Date: Mon, 19 Mar 2001 16:00:44 -0800 From: Sebastian Mindling To: sage-members@usenix.org Subject: Re: UPS solutions Cc: sage-members@usenix.org In-Reply-To: <605C8BA7EAB9D411920C009027991473053192@fs1> References: <605C8BA7EAB9D411920C009027991473053192@fs1> Message-Id: <20010319154612.214F.LIST@mindling.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.00.03 Sender: owner-sage-members@usenix.org Precedence: bulk On Mon, 19 Mar 2001 10:18:47 -0500 Elizabeth Genco wrote: > > Hi there -- > > We've got a number of UPSes here that are due to be replaced. I've never > shopped for UPSes before, so I'd like to get some opinions on what to buy > and how to use them (ie., how many servers should be plugged into each one). > For servers, we've got about 10 Sun Ultra 5's, a couple of Linux boxes > (running on your run-of-the-mill Dell PC system) and one Sun 3500. Please > send your good experiences and horror stories to me; if there's enough > interest, I'll post the responses in one big post. I really like APC's stuff. We're a small shop with a dozen servers of various flavors, and use SmartUPS-3000 rackmounts for most of the server equipment, and 1400s or smaller rm's for wiring closets. Their monitoring software runs great on all our boxen, be they Solaris, Linux, Netware, or NT. Also, fwiw, APC works with a company called Coastal Business Machines to do refurbishing of older UPSs, from whom we've had nothing but great service. OT: Anyone else love the smell of a new UPS? For some it's gasoline, others it may be fresh pie, but for me, that sweet smell of a new UPS puts me in reverie.... _________________________________________________________ Sebastian Mindling From sage-members-owner@usenix.org Mon Mar 19 16:18:32 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2K0EPx27128 for sage-members-outgoing; Mon, 19 Mar 2001 16:14:25 -0800 (PST) Received: from eamail1-out.unisys.com (eamail1-out.unisys.com [192.61.61.99]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2K0ENG27123 for ; Mon, 19 Mar 2001 16:14:23 -0800 (PST) Received: from us-ea-gtwy-4.ea.unisys.com (us-ea-gtwy-4.ea.unisys.com [192.61.146.122]) by eamail1-out.unisys.com (8.9.3/8.9.3) with ESMTP id AAA15740; Tue, 20 Mar 2001 00:13:26 GMT Received: by us-ea-gtwy-4.ea.unisys.com with Internet Mail Service (5.5.2653.19) id ; Mon, 19 Mar 2001 18:14:16 -0600 Message-ID: <4D436812116AD311B43B00104B9DF3B6C948D0@US-CPT-EXCH-2.plpt.com> From: "Company, Paul J." To: sage-members@usenix.org.sage-members@usenix.org Subject: RE: UPS solutions Date: Mon, 19 Mar 2001 18:14:16 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk To select the right UPS for the job, determine what equipment you will run individually and simultaneously. Check the wattage requirements on each item (volts x amps = watts). Total the wattages of all equipment to be run simultaneously. Most devices don't run at full operating load, so you have some room. Be aware of your "inductive load" when restarting your devices. Starting or inductive load is the amount of power needed to start an appliance. Certain devices require 2-6 times as much power to start as they do to run. That should help guide you on how many devices to plug into your UPS. I recommend that a minimum of 300W per square meter for a data center. Data Centers can use up to 35 watts to 65 watts per square foot, compared with to 8 watts per square foot in an average office building. So, personally I think if you're large or going to grow, you should consider a large UPS and a raised floor data center. Otherwise you'll use up alot of space with UPSes on the floors or racks. Space is money! Largest UPS I rackmounted was a APC 3000VA (3KVA), took up 6U and heavy! It powered 15 2U Linux servers with no problem. You didn't ask about generators so I won't go down that trail. Here are some UPS manufacturers: I think Clary's the best (I've used them), but you pay for their superior quality. http://www.clary.com/Products/DTSeries/Index.asp http://www.apcc.com/products/smart-ups_rm/index.cfm http://www.tripplite.com/products/family/ups/smart_pro/2u/index.cfm http://www.mgeups.com/products/pdt120/1ph/ex/exrack.htm http://www.bestpower.com/ -----Original Message----- From: Elizabeth Genco [mailto:elizabeth.genco@sonatainc.com] Sent: Monday, March 19, 2001 7:19 AM To: sage-members@usenix.org Subject: UPS solutions Hi there -- We've got a number of UPSes here that are due to be replaced. I've never shopped for UPSes before, so I'd like to get some opinions on what to buy and how to use them (ie., how many servers should be plugged into each one). For servers, we've got about 10 Sun Ultra 5's, a couple of Linux boxes (running on your run-of-the-mill Dell PC system) and one Sun 3500. Please send your good experiences and horror stories to me; if there's enough interest, I'll post the responses in one big post. Thanks! Elizabeth From sage-members-owner@usenix.org Mon Mar 19 18:14:14 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2K29CA28062 for sage-members-outgoing; Mon, 19 Mar 2001 18:09:12 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2K29AG28058 for ; Mon, 19 Mar 2001 18:09:10 -0800 (PST) Received: from [194.78.241.123] ([194.78.241.123]) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with ESMTP id f2K28tT03993; Tue, 20 Mar 2001 03:08:55 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <200103192014.PAA18295@plhp049.comm.mot.com> References: <200103192014.PAA18295@plhp049.comm.mot.com> Date: Tue, 20 Mar 2001 02:43:38 +0100 To: sage-members@usenix.org.sage-members@usenix.org From: Brad Knowles Subject: Re: UPS solutions Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 3:14 PM -0500 3/19/01, Michael Rogero Brown wrote: > >For the most > part, our servers are in server rooms which is on a single big facility UPS, > so for the most part we don't deal with individual UPSs for servers. If you go this route, it's my understanding that you really want to make sure you don't have individual UPSes within the room that it itself on a UPS. I'm not entirely sure why this is, but it seems that UPSes really hate being plugged into other UPSes (maybe it has something to do with the phase of the current?), and you're likely to fry the equipment plugged into the individual UPS. -- Brad Knowles, /* efdtt.c Author: Charles M. Hannum */ /* */ /* Thanks to Phil Carmody for additional tweaks. */ /* */ /* Length: 434 bytes (excluding unnecessary newlines) */ /* */ /* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */ /* where title-key = "153 2 8 105 225" or other similar 5-byte key */ #define m(i)(x[i]^s[i+84])<< unsigned char x[5],y,s[2048];main(n){for(read(0,x,5);read(0,s,n=2048);write(1,s ,n))if(s[y=s[13]%8+20]/16%4==1){int i=m(1)17^256+m(0)8,k=m(2)0,j=m(4)17^m(3)9^k *2-k%8^8,a=0,c=26;for(s[y]-=16;--c;j*=2)a=a*2^i&1,i=i/2^j&1<<24;for(j=127;++jy)c+=y=i^i/8^i>>4^i>>12,i=i>>8^y<<17,a^=a>>14,y=a^a*8^a<<6,a=a>>8^y<<9,k=s [j],k="7Wo~'G_\216"[k&7]+2^"cr3sfw6v;*k+>/n."[k>>4]*2^k*257/8,s[j]=k^(k&k*2&34) *6^c+~y;}} From sage-members-owner@usenix.org Mon Mar 19 19:45:40 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2K3eR728337 for sage-members-outgoing; Mon, 19 Mar 2001 19:40:27 -0800 (PST) Received: from out5.mx.nwbl.wi.voyager.net (out5.mx.nwbl.wi.voyager.net [169.207.2.77]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2K3eQG28333 for ; Mon, 19 Mar 2001 19:40:26 -0800 (PST) Received: from pop2.nwbl.wi.voyager.net (pop2.nwbl.wi.voyager.net [169.207.3.115]) by out5.mx.nwbl.wi.voyager.net (8.11.1/8.11.1) with ESMTP id f2K3eLT75006 for ; Mon, 19 Mar 2001 21:40:21 -0600 (CST) Received: from starfury.execpc.com (d127.as17.nwbl1.wi.voyager.net [169.207.90.193]) by pop2.nwbl.wi.voyager.net (8.10.2/8.10.2) with ESMTP id f2K3eK125250 for ; Mon, 19 Mar 2001 21:40:20 -0600 (CST) Received: from localhost (alcourt@localhost) by starfury.execpc.com (8.11.0/8.11.0) with ESMTP id f2K3cq019732 for ; Mon, 19 Mar 2001 21:38:53 -0600 X-Authentication-Warning: starfury.execpc.com: alcourt owned process doing -bs Date: Mon, 19 Mar 2001 21:38:49 -0600 (CST) From: "Mr. Alcourt" To: sage-members@usenix.org Subject: auto ssh through a proxy Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- I've been tasked with the unenviable task of setting up a solution of copying data through a gateway box (which I have control over) to another box. For political reasons, the file cannot sit on the gateway box for any length of time if at all possible, and cannot be sent directly to the destination either. I'm trying to set up a way to do this with ssh, but am having problems with an autoforward through the middle machine. At the moment, we are pretty much committed to trying to use ssh to get this done. Any hints anyone can reccomend? - -- Mr. Alcourt http://www.execpc.com/~alcourt/ "I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Made with pgp4pine 1.75-6 iQCVAwUBOrbQzNHXH7Z+KmdxAQEsQQQAs2v3ddFvWIz+uVOLlnixSUIXXjwKQuPw i7E0NKIR1R034DzIk8H8bMafzx/hGEKEt1PEEQGCOIaC88L4QqMdRg1ifj+SrizO 8UJWUYwOFl2GoCl6xh+kISgzPnoFsmc7nO75naJV/+aTVTOwHl6YQZYIX02WcUKc kXhaKC+ZPpk= =lkWo -----END PGP SIGNATURE----- From sage-members-owner@usenix.org Tue Mar 20 00:36:12 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2K8S2L28996 for sage-members-outgoing; Tue, 20 Mar 2001 00:28:02 -0800 (PST) Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2K8S0G28992 for ; Tue, 20 Mar 2001 00:28:00 -0800 (PST) Received: from [194.78.241.123] ([194.78.241.123]) by picard.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with ESMTP id f2K8Rq026848; Tue, 20 Mar 2001 09:27:52 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <4D436812116AD311B43B00104B9DF3B6C948D0@US-CPT-EXCH-2.plpt.com> References: <4D436812116AD311B43B00104B9DF3B6C948D0@US-CPT-EXCH-2.plpt.com> Date: Tue, 20 Mar 2001 09:26:39 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: RE: UPS solutions Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 6:14 PM -0600 3/19/01, Company, Paul J. wrote: > To select the right UPS for the job, determine what equipment > you will run individually and simultaneously. > Check the wattage requirements on each item (volts x amps = watts). While technically true, when doing these calculations involving computers, you also need to include an efficiency factor, because no conversion is 100% efficient. I believe that the standard factor to apply is something like 0.7 (i.e., when adding up the totals for all the equipment to be put on a UPS, you divide that number by 0.7 to increase the final number and account for the lack of 100% efficiency). However, I seem to recall some forms from APC that you could fill in to help you do all these calculations. Unfortunately, I have no earthly idea where they actually would be. -- Brad Knowles, /* efdtt.c Author: Charles M. Hannum */ /* */ /* Thanks to Phil Carmody for additional tweaks. */ /* */ /* Length: 434 bytes (excluding unnecessary newlines) */ /* */ /* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */ /* where title-key = "153 2 8 105 225" or other similar 5-byte key */ #define m(i)(x[i]^s[i+84])<< unsigned char x[5],y,s[2048];main(n){for(read(0,x,5);read(0,s,n=2048);write(1,s ,n))if(s[y=s[13]%8+20]/16%4==1){int i=m(1)17^256+m(0)8,k=m(2)0,j=m(4)17^m(3)9^k *2-k%8^8,a=0,c=26;for(s[y]-=16;--c;j*=2)a=a*2^i&1,i=i/2^j&1<<24;for(j=127;++jy)c+=y=i^i/8^i>>4^i>>12,i=i>>8^y<<17,a^=a>>14,y=a^a*8^a<<6,a=a>>8^y<<9,k=s [j],k="7Wo~'G_\216"[k&7]+2^"cr3sfw6v;*k+>/n."[k>>4]*2^k*257/8,s[j]=k^(k&k*2&34) *6^c+~y;}} From sage-members-owner@usenix.org Tue Mar 20 05:51:53 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2KDj5g29462 for sage-members-outgoing; Tue, 20 Mar 2001 05:45:05 -0800 (PST) Received: from ns0.utdallas.edu (ns0.utdallas.edu [129.110.10.1]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2KDj4G29458 for ; Tue, 20 Mar 2001 05:45:04 -0800 (PST) Received: from spartacus.utdallas.edu (spartacus.utdallas.edu [129.110.3.11]) by ns0.utdallas.edu (Postfix) with SMTP id 4473F1A03EC for ; Tue, 20 Mar 2001 07:44:59 -0600 (CST) To: sage-members@usenix.org Subject: Re: UPS solutions References: <605C8BA7EAB9D411920C009027991473053192@fs1> <20010319154612.214F.LIST@mindling.com> From: Amos Gouaux Date: 20 Mar 2001 07:45:07 -0600 In-Reply-To: <20010319154612.214F.LIST@mindling.com> (Sebastian Mindling's message of "Mon, 19 Mar 2001 16:00:44 -0800") Message-ID: Lines: 15 User-Agent: Gnus/5.090001 (Oort Gnus v0.01) XEmacs/21.1 (Cuyahoga Valley) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-sage-members@usenix.org Precedence: bulk >>>>> On Mon, 19 Mar 2001 16:00:44 -0800, >>>>> Sebastian Mindling (sm) writes: sm> OT: Anyone else love the smell of a new UPS? For some it's gasoline, sm> others it may be fresh pie, but for me, that sweet smell of a new UPS sm> puts me in reverie.... Oh you mean that hydrogen sulfide, or what ever that is? Because we use them at work, got an APC SmartUPS 750 for home and the damn thing just about made me sick. Though, perhaps it was silly to get such a serious unit. Perhaps the Backups Pro 650 would have been better. -- Amos From sage-members-owner@usenix.org Tue Mar 20 08:44:26 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2KGb5V29872 for sage-members-outgoing; Tue, 20 Mar 2001 08:37:05 -0800 (PST) Received: from aurora.corp.flipdog.com ([205.171.120.10]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2KGb4G29868 for ; Tue, 20 Mar 2001 08:37:04 -0800 (PST) Received: from aurora (jlp@localhost [127.0.0.1]) by aurora.corp.flipdog.com (8.11.1/8.11.1) with ESMTP id f2KGY7601070; Tue, 20 Mar 2001 09:34:07 -0700 (MST) (envelope-from jlp@aurora.whizbang.com) Message-Id: <200103201634.f2KGY7601070@aurora.corp.flipdog.com> X-Mailer: exmh version 2.3.1 01/19/2001 with nmh-1.0.4 To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: auto ssh through a proxy X-face: p=61=y<.Il$z+k*y~"j>%c[8R~8{j3WTnaSd-'RyC>t.Ub>AAm\zYA#5JF +W=G?EI+|EI);]=fs_MOfKN0n9`OlmB[1^0;L^64K5][nOb&gv/n}p@mm06|J|WNa asp7mMEw0w)e_6T~7v-\]yHKvI^1}[2k)] References: In-reply-to: Your message of "Mon, 19 Mar 2001 21:38:49 CST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 20 Mar 2001 09:34:07 -0700 From: "Jan L. Peterson" Sender: owner-sage-members@usenix.org Precedence: bulk How about this: dd if=file | ssh proxy_host "ssh final_dest_host 'dd of=/dest_path/destfile'" combine that with appropriate "authorized_key" files and keys on each box and you should be all set. -jan- -- Jan L. Peterson FlipDog.com tel. +1 801 418 7815 Sr. Systems Admin 3210 N Canyon Rd, Ste 300 fax +1 801 818 0879 jlp@flipdog.com Provo, UT 84604 http://www.flipdog.com/ From sage-members-owner@usenix.org Tue Mar 20 09:01:18 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2KGuw729962 for sage-members-outgoing; Tue, 20 Mar 2001 08:56:58 -0800 (PST) Received: from firewater.mpv.com (ip115.110.136.216.in-addr.arpa [216.136.110.115] (may be forged)) by usenix.org (8.11.0/8.11.0) with ESMTP id f2KGutG29957 for ; Tue, 20 Mar 2001 08:56:56 -0800 (PST) Received: from adios.duckland.org (IDENT:root@adios.mpv.com [10.0.0.140]) by firewater.mpv.com (8.9.3/8.9.3) with ESMTP id KAA19804 for ; Tue, 20 Mar 2001 10:56:46 -0600 Received: (from duck@localhost) by adios.duckland.org (8.11.2/8.11.2) id f2KGukr04906 for sage-members@usenix.org; Tue, 20 Mar 2001 10:56:46 -0600 Date: Tue, 20 Mar 2001 10:56:46 -0600 From: Don Duck Harper To: sage-members@usenix.org Subject: Kerberos over a WAN? Message-ID: <20010320105645.E1283@duckland.org> Reply-To: Don Duck Harper Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-No-Archive: yes X-WARNING1: Pursuant to US Code. Title 47. Chapter 5. Subchapter, X-WARNING2: II. Sec. 227. any and all nonsolicited commercial E-mail, X-WARNING3: sent to this address is subject to a download and archival, X-WARNING4: fee in the amount of $500 US. E-mailing denotes acceptance, X-WARNING5: of these terms. Sender: owner-sage-members@usenix.org Precedence: bulk So, my company needs to have machines at our client sites. We want to do a centeralized auth management for things like passwords. Kerberos comes to mind, but I do not know if I can have a client get a key from a keyserver over an untrusted WAN connection? Anyone have any pointers for me to go look at if you can do it? Thanks! Don -- Don Harper, RHCE, MCSE email: duck@duckland.org Just a systems kinda guy... http://www.duckland.org #!/usr/bin/perl -w # 531-byte qrpff-fast, Keith Winstein and Marc Horowitz # MPEG 2 PS VOB file on stdin -> descrambled output on stdout # arguments: title key bytes in least to most-significant order $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c^=( $m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%16 -2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h =5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$ d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^ $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^ (($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval Wisdom from the restroom: The only substitute for good manners is fast reflexes. From sage-members-owner@usenix.org Tue Mar 20 12:21:28 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2KKFKc01626 for sage-members-outgoing; Tue, 20 Mar 2001 12:15:20 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2KKFHG01622 for ; Tue, 20 Mar 2001 12:15:18 -0800 (PST) Received: from [194.78.241.123] ([194.78.241.123]) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with ESMTP id f2KKF5T26584; Tue, 20 Mar 2001 21:15:05 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20010320105645.E1283@duckland.org> References: <20010320105645.E1283@duckland.org> Date: Tue, 20 Mar 2001 21:15:02 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: Re: Kerberos over a WAN? Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 10:56 AM -0600 3/20/01, Don Duck Harper wrote: > #!/usr/bin/perl -w > # 531-byte qrpff-fast, Keith Winstein and Marc Horowitz > > # MPEG 2 PS VOB file on stdin -> descrambled output on stdout > # arguments: title key bytes in least to most-significant order My .sig DeCSS implementation has fewer bytes of code than yours does, and it runs faster, too! ;-) Speaking of which, has anyone seen the new "illegal prime number" version, and how it looks as a .sig? When I looked at it, it seemed to me that you'd have to include both the prime number and the program to decode/decompress it, and putting all that into a .sig is too much, even for me. -- Brad Knowles, /* efdtt.c Author: Charles M. Hannum */ /* */ /* Thanks to Phil Carmody for additional tweaks. */ /* */ /* Length: 434 bytes (excluding unnecessary newlines) */ /* */ /* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */ /* where title-key = "153 2 8 105 225" or other similar 5-byte key */ #define m(i)(x[i]^s[i+84])<< unsigned char x[5],y,s[2048];main(n){for(read(0,x,5);read(0,s,n=2048);write(1,s ,n))if(s[y=s[13]%8+20]/16%4==1){int i=m(1)17^256+m(0)8,k=m(2)0,j=m(4)17^m(3)9^k *2-k%8^8,a=0,c=26;for(s[y]-=16;--c;j*=2)a=a*2^i&1,i=i/2^j&1<<24;for(j=127;++jy)c+=y=i^i/8^i>>4^i>>12,i=i>>8^y<<17,a^=a>>14,y=a^a*8^a<<6,a=a>>8^y<<9,k=s [j],k="7Wo~'G_\216"[k&7]+2^"cr3sfw6v;*k+>/n."[k>>4]*2^k*257/8,s[j]=k^(k&k*2&34) *6^c+~y;}} From sage-members-owner@usenix.org Thu Mar 22 08:45:36 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2MGX3O12132 for sage-members-outgoing; Thu, 22 Mar 2001 08:33:03 -0800 (PST) Received: from proxy2.ba.best.com (root@proxy2.ba.best.com [206.184.139.14]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2MGX2G12128 for ; Thu, 22 Mar 2001 08:33:02 -0800 (PST) Received: from shell3.ba.best.com (bolthole@shell3.ba.best.com [206.184.139.134]) by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with SMTP id IAA12096 for ; Thu, 22 Mar 2001 08:32:38 -0800 (PST) Received: by shell3.ba.best.com (sSMTP sendmail emulation); Thu, 22 Mar 2001 08:32:38 -0800 From: phil@bolthole.com Date: Thu, 22 Mar 2001 08:32:38 -0800 To: sage-members@usenix.org Subject: Re: Kerberos over a WAN? Message-ID: <20010322083238.A5315@bolthole.com> Mail-Followup-To: sage-members@usenix.org References: <20010320105645.E1283@duckland.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010320105645.E1283@duckland.org>; from duck@duckland.org on Tue, Mar 20, 2001 at 10:56:46AM -0600 Sender: owner-sage-members@usenix.org Precedence: bulk On Tue, Mar 20, 2001 at 10:56:46AM -0600, Don Duck Harper wrote: > So, my company needs to have machines at our client sites. We want to do a centeralized auth management for things like passwords. Kerberos comes to mind, but I do not know if I > can have a client get a key from a keyserver over an untrusted WAN connection? This is the kind of thing kerberos is perfect for. As long as both endpoints are reasonably trusted, this is fine. Just do a "regular" kerberos install. [now, you may not be happy when your WAN goes down, and you cant log in anywhere. but apart from that... :-)] From sage-members-owner@usenix.org Thu Mar 22 18:17:46 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2N2Bv216201 for sage-members-outgoing; Thu, 22 Mar 2001 18:11:57 -0800 (PST) Received: from noh.ucsd.edu (noh.ucsd.edu [132.239.1.100]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2N2BtG16197 for ; Thu, 22 Mar 2001 18:11:55 -0800 (PST) Received: (from paw@localhost) by noh.ucsd.edu (8.9.3/8.9.3) id SAA10699 for sage-members@usenix.org; Thu, 22 Mar 2001 18:11:50 -0800 (PST) Date: Thu, 22 Mar 2001 18:11:50 -0800 (PST) From: Pat Wilson Message-Id: <200103230211.SAA10699@noh.ucsd.edu> To: sage-members@usenix.org Subject: LISA 2001 workshops! Sender: owner-sage-members@usenix.org Precedence: bulk Hey, folks! It may seem a bit early, but in fact, LISA 2001 is right around the corner... I'm coordinating the Workshops this year, and am looking for proposals and/or ideas about what you'd like to do. Workshops, remember, are half- or whole-day small-group (no more than 25 people) discussion groups on issues of interest to the community, preferably with some sort of outcome (a document, a web site, or even just an active mailing list). In the past, workshop topics have included Teaching systems administration Sysadmin taxonomy AFS, and its future Large scale service provider issues Management issues So, just about anything is fair game. Workshops are _not_, however, tutorials (one person, or a small group, imparting information to the assembled), nor should they be vendor-focussed. Again this year, the workshops will run concurrently with the tutorials, before the techinical sessions. Send me your ideas and proposals! And don't forget to submit a paper for the technical track - deadline for submissions is June 5th, so start writing today. Details can be found at http://www.usenix.org/events/lisa2001/cfp/ See you here in San Diego in December! Pat Wilson LISA 2001 Workshop co-ordinator paw@ucsd.edu || paw@sage.org From sage-members-owner@usenix.org Thu Mar 22 20:58:04 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2N4qsY16818 for sage-members-outgoing; Thu, 22 Mar 2001 20:52:54 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f2N4qr916813 for sage-members@usenix.org; Thu, 22 Mar 2001 20:52:53 -0800 (PST) Received: from mail.valinux.com (mail@mail.valinux.com [198.186.202.175]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2N0QKG15521 for ; Thu, 22 Mar 2001 16:26:20 -0800 (PST) Received: from beefcake.hdqt.valinux.com ([10.1.0.14] ident=mail) by mail.valinux.com with esmtp (Exim 3.22 #1 (Debian)) id 14gFP9-0008Sc-00 for ; Thu, 22 Mar 2001 16:26:11 -0800 Received: from tharris (helo=localhost) by beefcake.hdqt.valinux.com with local-esmtp (Exim 3.12 #1 (Debian)) id 14gFP8-0001Rt-00 for ; Thu, 22 Mar 2001 16:26:10 -0800 Date: Thu, 22 Mar 2001 16:26:10 -0800 (PST) From: Trey Harris X-Sender: To: sage-members@usenix.org Subject: SAGE Officers and Champions for 2001 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk At the first meeting of the new SAGE Executive Committee, held 9-10 March in Berkeley, the officers for the upcoming year were chosen. They are: President: David Parter, University of Wisconsin (parter@sage.org) Vice President: Geoff Halprin, The SysAdmin Group (geoff@sage.org) Secretary: Trey Harris, VA Linux Systems (trey@sage.org) Treasurer: Peg Schafer, Harvard University (peg@sage.org) Additional members of the Executive Committee are: Strata Rose Chalup, VirtualNet Consulting (strata@sage.org) Barb Dijker, NeTrack (barb@sage.org) Tim Gassaway, Auspex Systems (gassaway@sage.org) Andrew Hume (andrew@usenix.org) serves as the USENIX board's liason to the Committee. Each member of the Executive Committee was also given projects to oversee or "champion" on behalf of the Committee. This is not meant to be an exhaustive list of the projects SAGE or the members of the Executive Committee are involved in, but may give you an idea of our current work: International SAGE groups: Strata Rose Chalup, Geoff Halprin, Barb Dijker Memo-to-Members: Trey Harris Public Relations: David Parter Review of SAGE policies: David Parter SAGE Certification: Barb Dijker SAGE Certification Test Development Committee: Trey Harris SAGE Code of Ethics: Barb Dijker SAGE Mentoring: Strata Rose Chalup SAGE Publications: Peg Schafer SAGE/USENIX restructuring: Barb Dijker, Peg Schafer SAGE Web Site revamping: Strata Rose Chalup, Geoff Halprin, David Parter Salary Survey: Peg Schafer Sysadmin Internship Project: Peg Schafer Conference Liasons: Strata Rose Chalup (LISA 2001), Trey Harris (SNAC 2001), Geoff Halprin (BSD 2002) The Executive Committee has regular telephone conferences, and will meet in person three more times in 2001. We eagerly seek input from members. You can contact us individually at the email addresses above, or as a group at sage-exec@sage.org. ---- Trey Harris VA Linux Systems, New York region Secretary, SAGE--The System Administrators Guild (www.sage.org) From sage-members-owner@usenix.org Fri Mar 23 01:59:47 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2N9sYm17499 for sage-members-outgoing; Fri, 23 Mar 2001 01:54:34 -0800 (PST) Received: from fw-inhouse-4. ([194.15.145.24]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2N9sWG17495 for ; Fri, 23 Mar 2001 01:54:33 -0800 (PST) Received: (from uucp@localhost) by fw-inhouse-4. (8.8.8/8.8.8) id KAA15070; Fri, 23 Mar 2001 10:54:25 +0100 (MET) Received: from fw-inhouse-lan(172.30.14.4), claiming to be "fw-inhouse-4" via SMTP by fw-inhouse-lan, id smtpdAAAU9aiAD; Fri Mar 23 10:53:38 2001 Received: from dab-aw060.muc.diraba.de (dab-aw060.int.diraba.de [172.30.22.60]) by dab-ms01.int.diraba.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id GP1MKH0S; Fri, 23 Mar 2001 10:53:37 +0100 Received: (from bb@localhost) by dab-aw060.muc.diraba.de (8.10.1/8.10.1) id f2N9rUM18185; Fri, 23 Mar 2001 10:53:30 +0100 (CET) Date: Fri, 23 Mar 2001 10:53:30 +0100 From: Gabriel Krabbe To: sage-members@usenix.org Subject: Oracle 8.1.6 on Sun E10000: Performance? What performance? Message-ID: <20010323105330.K19330@tao.muc.diraba.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Invisible Systems, Inc. - If you don't see it, we made it! Sender: owner-sage-members@usenix.org Precedence: bulk (Note: Private responses will be summarized) Situation: The place I'm currently working at is migrating its central database from Oracle 8.0.6 on an E6500 cluster running Solaris 2.6 to 8.1.6 on a Starfire cluster (64 CPU, 40GB RAM) running Solaris 7. The OS and Oracle versions are the only differences, the application is the exact same. The new setup is entirely 64-bit, the shared memory segment is upped from one 4GB to one 10GB. The problem we're running into with the tests (100 clients (PCs) connecting to 50 appservers, which in turn connect to the database; running user profile simulations), apart from the client software crashing repeatedly (that will be a problem but isn't yet, and most certainly isn't mine) is the DB performance. When the first simulated user starts cycling through the profile, the xcalls on the CPU executing the oracle process as spawned by the listener goes through the roof, somewhere between 300k and 1000k in a 1-second sampling interval; system time on that CPU hits 80-90%, the rest user (idle and waiting both 0%). Around 40 Users, all CPUs are busy (70% sys, 30% user), a "ps -ef" takes about two minutes to complete, and more detailed monitoring is simply impossible. Is there anything really, really basic that must be done to get 64-bit Oracle 8.1.6 to run at all on 64-bit Solaris 7 on 64-CPU E10k? We're not hitting any resource limits (fds, shmmax, semaphores are all fine), there's next to no I/O going on, but the system practically halts - except for basic interactive functions; logging in, "ls" and the like have no delay, but anything /proc-related (ps, /usr/proc/bin/*, top, mpstat, vmstat, iostat) take one to five minutes to do anything. Strangely, ipcs is fine, too; as is lsof. If any details are required, I'll be glad to give them; I have this nagging feeling that I'm missing something basic like an /etc/system entry "set bugs = off"... Gabe -- Do not believe in miracles -- rely on them. From sage-members-owner@usenix.org Fri Mar 23 06:45:35 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2NEdoe17939 for sage-members-outgoing; Fri, 23 Mar 2001 06:39:50 -0800 (PST) Received: from web10803.mail.yahoo.com (web10803.mail.yahoo.com [216.136.130.245]) by usenix.org (8.11.0/8.11.0) with SMTP id f2NEdnG17935 for ; Fri, 23 Mar 2001 06:39:49 -0800 (PST) Message-ID: <20010323143245.59717.qmail@web10803.mail.yahoo.com> Received: from [63.101.83.254] by web10803.mail.yahoo.com; Fri, 23 Mar 2001 06:32:45 PST Date: Fri, 23 Mar 2001 06:32:45 -0800 (PST) From: Chip Christian Subject: Fwd: CERT Advisory CA-2001-04 To: sage-members@usenix.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-sage-members@usenix.org Precedence: bulk Gotta love Verisign's stringent verification procedures. Aren't you glad you never clicked that "Always trust code signed by Microsoft Corporation" button? --- CERT Advisory wrote: ... > Microsoft released a security bulletin on March 22, 2001, describing > two certificates issued by VeriSign to an individual fraudulently > claiming to be an employee of Microsoft. The full text of Microsoft's > security bulletin is available from their web site at > > http://www.microsoft.com/technet/security/bulletin/MS01-017.asp > > Additional information about this issue is also available from > VeriSign's web site: > > http://www.verisign.com/developer/notice/authenticode/index.html From sage-members-owner@usenix.org Fri Mar 23 06:59:29 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2NEt5K17979 for sage-members-outgoing; Fri, 23 Mar 2001 06:55:05 -0800 (PST) Received: from mail.snert.net (mail.snert.net [195.5.195.101]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2NEt3G17975 for ; Fri, 23 Mar 2001 06:55:03 -0800 (PST) Received: from snert.com ([195.5.203.18]) by mail.snert.net (8.11.1/8.11.1) with ESMTP id f2NEsof17065 for ; Fri, 23 Mar 2001 15:54:50 +0100 Message-ID: <3ABB63BB.4735EBB6@snert.com> Date: Fri, 23 Mar 2001 15:54:51 +0100 From: Anthony Howe X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: DNS & Changing Class C ?? Content-Type: multipart/mixed; boundary="------------7F6A9B153265F40CAD0E8BB6" Sender: owner-sage-members@usenix.org Precedence: bulk This is a multi-part message in MIME format. --------------7F6A9B153265F40CAD0E8BB6 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I'm wondering if the collective experience of SAGE has any canned procedures for the best way to migrate machines & services from one Class C to another? Cheers, -- Anthony C Howe +33 6 11 89 73 78 http://www.snert.com/ ICQ# 7116561 --------------7F6A9B153265F40CAD0E8BB6 Content-Type: text/x-vcard; charset=us-ascii; name="achowe.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Anthony Howe Content-Disposition: attachment; filename="achowe.vcf" begin:vcard n:Howe;Anthony tel;pager:ICQ 7116561 tel;cell:+33 6 11 89 73 78 x-mozilla-html:FALSE url:http://www.snert.com/ org:Snert version:2.1 email;internet:achowe@snert.com adr;quoted-printable:;;Residence Isola Bella=0D=0A42 av. Isola Bella;Cannes;Alpes-Maritimes;06400;France fn:Anthony Howe end:vcard --------------7F6A9B153265F40CAD0E8BB6-- From sage-members-owner@usenix.org Fri Mar 23 07:32:29 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2NFRaH18098 for sage-members-outgoing; Fri, 23 Mar 2001 07:27:36 -0800 (PST) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2NFRLG18094 for ; Fri, 23 Mar 2001 07:27:21 -0800 (PST) Received: from [194.78.241.123] ([194.78.241.123]) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with ESMTP id f2NFR9c08635 for ; Fri, 23 Mar 2001 16:27:09 +0100 (MET) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: Date: Fri, 23 Mar 2001 16:27:02 +0100 To: sage-members@usenix.org From: Brad Knowles Subject: DeCSS in one line Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk Folks, All I can say is "check out my .sig". This was recently sent to me by a friend, and I believe it is the shortest known DeCSS implementation. -- Brad Knowles, /* efdtt.c Author: Charles M. Hannum */ /* Represented as 1045 digit prime number by Phil Carmody */ /* Prime as DNS cname chain by Roy Arends and Walter Belgers */ /* */ /* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */ /* where title-key = "153 2 8 105 225" or other similar 5-byte key */ dig decss.friet.org|perl -ne's/\.//;print pack("H124",$1)if(/^x([^\.]*)/)' From sage-members-owner@usenix.org Fri Mar 23 09:15:23 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2NH8Ct18907 for sage-members-outgoing; Fri, 23 Mar 2001 09:08:12 -0800 (PST) Received: from denali.loopback.net (nat-pool-meridian.redhat.com [199.183.24.200]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2NH8AG18903 for ; Fri, 23 Mar 2001 09:08:11 -0800 (PST) Received: (from bandregg@localhost) by denali.loopback.net (8.11.0/8.11.0) id f2NH7nU26526; Fri, 23 Mar 2001 12:07:49 -0500 Date: Fri, 23 Mar 2001 12:07:49 -0500 From: "Bryan C. Andregg" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: DNS & Changing Class C ?? Message-ID: <20010323120749.X1422@redhat.com> References: <3ABB63BB.4735EBB6@snert.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="bDaTBUGYb9B+I6+F" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3ABB63BB.4735EBB6@snert.com>; from achowe@snert.com on Fri, Mar 23, 2001 at 03:54:51PM +0100 Sender: owner-sage-members@usenix.org Precedence: bulk --bDaTBUGYb9B+I6+F Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 23, 2001 at 03:54:51PM +0100, Anthony Howe mailed: > I'm wondering if the collective experience of SAGE has any canned > procedures for the best way to migrate machines & services from one > Class C to another? If at all possible migrate to NAT and choose your own addresses. If you can= do this, and the NAT hardware supports it (which most should) you can start migrating all non-server machines to the NAT addresses immediately and roll your transition. --=20 Bryan C. Andregg Smoke Jumper "As Slow as Possible, Red Hat, Inc. As Fast as Necessary= ." gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19 --bDaTBUGYb9B+I6+F Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6u4Ll5AZBSxmJOhkRAkx1AJ9IFDkCoc6uD9LER8/XlL+40B6D9gCeJwYe D7L8f/SuuweMMEFXsFRhv9Q= =6IlD -----END PGP SIGNATURE----- --bDaTBUGYb9B+I6+F-- From sage-members-owner@usenix.org Fri Mar 23 11:12:26 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2NJ7PU19913 for sage-members-outgoing; Fri, 23 Mar 2001 11:07:25 -0800 (PST) Received: from or1.inktomi.com (or1.inktomi.com [209.131.48.34]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2NJ7NG19908 for ; Fri, 23 Mar 2001 11:07:24 -0800 (PST) Received: from inbox2.inktomi.com (inbox2.inktomi.com [209.131.48.29]) by or1.inktomi.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA20023 for ; Fri, 23 Mar 2001 11:09:35 -0800 (PST) Received: from nimba.inktomi.com ([209.131.55.87]) by inbox2.inktomi.com (Netscape Messaging Server 4.1) with ESMTP id GANZS000.G24; Fri, 23 Mar 2001 11:07:12 -0800 Received: by nimba.inktomi.com (Postfix, from userid 11262) id D90A8EE059; Fri, 23 Mar 2001 11:07:12 -0800 (PST) Date: Fri, 23 Mar 2001 11:07:12 -0800 From: "Matthew Zeier" To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Fwd: CERT Advisory CA-2001-04 Message-ID: <20010323110712.X9591@inktomi.com> References: <20010323143245.59717.qmail@web10803.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.9i In-Reply-To: <20010323143245.59717.qmail@web10803.mail.yahoo.com>; from chip_christian@yahoo.com on Fri, Mar 23, 2001 at 06:32:45AM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk On Fri, Mar 23, 2001 at 06:32:45AM -0800, Chip Christian wrote: > Gotta love Verisign's stringent verification procedures. Aren't you glad > you never clicked that "Always trust code signed by Microsoft Corporation" > button? > And even if I did, that wouldn't matter since the certificate is different from the one I am currently trusting. I would get a warning dialouge. The URL below even covers that. > --- CERT Advisory wrote: > ... > > Microsoft released a security bulletin on March 22, 2001, describing > > two certificates issued by VeriSign to an individual fraudulently > > claiming to be an employee of Microsoft. The full text of Microsoft's > > security bulletin is available from their web site at > > > > http://www.microsoft.com/technet/security/bulletin/MS01-017.asp > > > > Additional information about this issue is also available from > > VeriSign's web site: > > > > http://www.verisign.com/developer/notice/authenticode/index.html -- matthew zeier - "There ain't no rules around here. We're trying to accomplish something." - Thomas Edison From sage-members-owner@usenix.org Fri Mar 23 11:20:29 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2NJGBt20021 for sage-members-outgoing; Fri, 23 Mar 2001 11:16:11 -0800 (PST) Received: from smtpsrv0.isis.unc.edu (smtpsrv0.isis.unc.edu [152.2.1.139]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2NJG9G20017 for ; Fri, 23 Mar 2001 11:16:09 -0800 (PST) Received: from login0.isis.unc.edu (harris@login0.isis.unc.edu [152.2.1.97]) by smtpsrv0.isis.unc.edu (8.9.3/8.9.1) with ESMTP id OAA06185; Fri, 23 Mar 2001 14:16:00 -0500 (EST) Received: (from harris@localhost) by login0.isis.unc.edu (AIX4.3/8.9.3/8.9.3) id OAA63532; Fri, 23 Mar 2001 14:16:01 -0500 Date: Fri, 23 Mar 2001 14:15:59 -0500 (EST) From: Trey Harris X-Sender: harris@login0.isis.unc.edu To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: Fwd: CERT Advisory CA-2001-04 In-Reply-To: <20010323143245.59717.qmail@web10803.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk On Fri, 23 Mar 2001, Chip Christian wrote: > Gotta love Verisign's stringent verification procedures. Aren't you glad > you never clicked that "Always trust code signed by Microsoft Corporation" > button? Funny, Mozilla doesn't seem to have such a button.... ---- Trey Harris formerly of UNC Academic Technology Now with VA Linux Systems, New York region Secretary of SAGE -- The System Administrators Guild (www.sage.org) From sage-members-owner@usenix.org Fri Mar 23 12:31:56 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2NKQx420696 for sage-members-outgoing; Fri, 23 Mar 2001 12:26:59 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f2NKQwE20691 for sage-members@usenix.org; Fri, 23 Mar 2001 12:26:58 -0800 (PST) Received: from merc95.na.sas.com (merc95.us.sas.com [149.173.6.5]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2NJb2G20179 for ; Fri, 23 Mar 2001 11:37:03 -0800 (PST) Received: from merc95.na.sas.com ([127.0.0.1]) by merc95.na.sas.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id F1DWFDJM; Fri, 23 Mar 2001 14:36:51 -0500 Received: from 10.28.149.26 by merc95.na.sas.com (InterScan E-Mail VirusWall NT); Fri, 23 Mar 2001 14:36:51 -0500 (Eastern Standard Time) Received: from stoney.unx.sas.com (stoney.unx.sas.com [10.11.1.184]) by mozart.unx.sas.com (8.9.3 (PHNE_18979)/8.9.3) with ESMTP id OAA14664; Fri, 23 Mar 2001 14:36:50 -0500 (EST) Received: from stoney.unx.sas.com (localhost [127.0.0.1]) by stoney.unx.sas.com (8.9.3/8.9.2) with ESMTP id OAA59096; Fri, 23 Mar 2001 14:36:50 -0500 (EST) (envelope-from srs@stoney.unx.sas.com) Message-Id: <200103231936.OAA59096@stoney.unx.sas.com> To: sage-members@usenix.org cc: sage-members@usenix.org Subject: Re: Fwd: CERT Advisory CA-2001-04 In-reply-to: Your message of "Fri, 23 Mar 2001 11:07:12 PST." <20010323110712.X9591@inktomi.com> Date: Fri, 23 Mar 2001 14:36:49 -0500 From: Scott Stonefield Sender: owner-sage-members@usenix.org Precedence: bulk >>>>> "Mat" == Matthew Zeier writes: Mat> On Fri, Mar 23, 2001 at 06:32:45AM -0800, Chip Christian wrote: >> Gotta love Verisign's stringent verification procedures. >> Aren't you glad you never clicked that "Always trust code >> signed by Microsoft Corporation" button? >> Mat> And even if I did, that wouldn't matter since the certificate Mat> is different from the one I am currently trusting. I would Mat> get a warning dialouge. Yes but most people/users would not think twice of just clicking away the warning dialogue. Now people on this mailing list might think twice or three times about clicking away the dialogue. And hopefully every one got a copy of the Advisory. But we are not the majority of computer users. :| -Scott ~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Scott Stonefield Sr. UNIX Systems Administrator srs@sas.com Publications Email-pager: 1336594@roam.pagemart.net SAS - The Power to Know It is said that a child learns wisdom from the parent, but the truly wise parent learns joy from the child. From sage-members-owner@usenix.org Fri Mar 23 20:49:12 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2O4gql23197 for sage-members-outgoing; Fri, 23 Mar 2001 20:42:52 -0800 (PST) Received: from dfw-smtpout2.email.verio.net (dfw-smtpout2.email.verio.net [129.250.36.42]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2O4gpG23193 for ; Fri, 23 Mar 2001 20:42:51 -0800 (PST) Received: from [129.250.38.56] (helo=dfw-corpmmp1.email.verio.net) by dfw-smtpout2.email.verio.net with esmtp id 14gfsz-0001Gz-00 for sage-members@usenix.org; Sat, 24 Mar 2001 04:42:45 +0000 Received: from [198.173.246.240] (helo=sharpecity.com) by dfw-corpmmp1.email.verio.net with esmtp id 14gfsy-0003C8-00 for sage-members@usenix.org; Sat, 24 Mar 2001 04:42:45 +0000 Message-ID: <3ABC2617.1FA1B5E0@sharpecity.com> Date: Fri, 23 Mar 2001 22:44:07 -0600 From: Scott Sharpe X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: Re: Fwd: CERT Advisory CA-2001-04 References: <200103231936.OAA59096@stoney.unx.sas.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk How do you handle these advisories and inform your users? Mass email to users or paper trail? Why not one over the other? How best to CYB? Scott Sharpe Scott Stonefield wrote: > every one got a copy of the Advisory. But we are not the majority of > computer users. :| From sage-members-owner@usenix.org Mon Mar 26 08:31:05 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2QGLwG29162 for sage-members-outgoing; Mon, 26 Mar 2001 08:21:58 -0800 (PST) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f2QGLv729157 for sage-members@usenix.org; Mon, 26 Mar 2001 08:21:57 -0800 (PST) Received: from mailexchanger.gao.gov (gao-cp.gao.gov [161.203.16.1]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2QG2dG29038 for ; Mon, 26 Mar 2001 08:02:39 -0800 (PST) Received: from gaotvcs1.gao.gov (GAOTVCS1.GAO.GOV [161.203.15.2]) by mailexchanger.gao.gov ( /GAO ESMTP) with SMTP id f2QFwod26978 for ; Mon, 26 Mar 2001 10:58:50 -0500 Received: from 10.1.0.66 by gaotvcs1.gao.gov (InterScan E-Mail VirusWall NT); Mon, 26 Mar 2001 11:02:26 -0500 (Eastern Standard Time) Received: from GWIADOM-Message_Server by GAOGWIA1.GAO.GOV with Novell_GroupWise; Mon, 26 Mar 2001 11:02:22 -0500 Message-Id: X-Mailer: Novell GroupWise 5.5.4 Date: Mon, 26 Mar 2001 11:01:50 -0500 From: "Rich Bjorklund" To: sage-members@usenix.org Subject: Re: auto ssh through a proxy Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by usenix.org id f2QG2eG29039 Sender: owner-sage-members@usenix.org Precedence: bulk Use the following: tar -cf - file-to-move | \ ssh -l gateway-userid gateway-machine \ "(ssh -l target-userid target-machine \"tar -xf - \")" This will use the gateway-machine, not a direct connection, but will not actually write the file on the gateway-machine. For this to work, the target-machine must have an shosts file in the ~target-userid/ directory with the appropriate entries: ~target-userid/.shosts (with permission 600) --------------------------------------------- gateway-userid gateway-machine gateway-userid gateway-machine.mydomain This has the potentially negative impact of allowing anyone with access to the gateway-userid to have access to the target-useid on the target-machine. If you want to automate the entire process-- say from cron--then you need a similar file on the gateway-machine, granting rights to the source-machine. This has the potentially of granting access to the gateway-userid on the gateway-machine to anyone with access to the source-userid on the source-machine--and indirectly access to the target-userid on the target-machine. ~gateway-userid/.shosts (with permission 600) --------------------------------------------- source-userid source-machine source-userid source-machine.mydomain In all of the above, replace source-userid with the userid on the source machine. source-machine with the hostname of the source machine. gateway-userid with the userid on the gateway machine. gateway-machine with the hostname of the gateway machine. target-userid with the userid on the target machine. target-machine with the hostname of the target machine. -Rich Bjorklund -- ============================================================= == Richard A. Bjorklund, Senior Unix/Network Engineer == == Postmaster: root@gao.gov Email Postmaster, U. S. GAO == == Email: bjorklundr@gao.gov Voice:202-512-3191 FAX: 4459 == ============================================================= >>> "Mr. Alcourt" 03/19/2001 22:38:49 >>> -----BEGIN PGP SIGNED MESSAGE----- I've been tasked with the unenviable task of setting up a solution of copying data through a gateway box (which I have control over) to another box. For political reasons, the file cannot sit on the gateway box for any length of time if at all possible, and cannot be sent directly to the destination either. I'm trying to set up a way to do this with ssh, but am having problems with an autoforward through the middle machine. At the moment, we are pretty much committed to trying to use ssh to get this done. Any hints anyone can reccomend? - -- Mr. Alcourt http://www.execpc.com/~alcourt/ "I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Made with pgp4pine 1.75-6 iQCVAwUBOrbQzNHXH7Z+KmdxAQEsQQQAs2v3ddFvWIz+uVOLlnixSUIXXjwKQuPw i7E0NKIR1R034DzIk8H8bMafzx/hGEKEt1PEEQGCOIaC88L4QqMdRg1ifj+SrizO 8UJWUYwOFl2GoCl6xh+kISgzPnoFsmc7nO75naJV/+aTVTOwHl6YQZYIX02WcUKc kXhaKC+ZPpk= =lkWo -----END PGP SIGNATURE----- From sage-members-owner@usenix.org Mon Mar 26 13:21:42 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2QLD9700779 for sage-members-outgoing; Mon, 26 Mar 2001 13:13:09 -0800 (PST) Received: from porgy.srv.nld.sonera.net (mbox-01.soneraplaza.nl [195.66.15.137]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2QLD7G00775 for ; Mon, 26 Mar 2001 13:13:08 -0800 (PST) Received: from qn-213-73-161-47.quicknet.nl ([213.73.161.47]:64195 "EHLO bux.xs4all.nl") by soneramail.nl with ESMTP id ; Mon, 26 Mar 2001 23:12:19 +0200 Received: (from maartenb@localhost) by bux.xs4all.nl (8.9.3/8.9.3) id WAA08857 for sage-members@usenix.org; Mon, 26 Mar 2001 22:57:50 +0200 Date: Mon, 26 Mar 2001 22:57:50 +0200 From: Maarten Ballintijn To: sage-members@usenix.org Subject: Re: auto ssh through a proxy Message-ID: <20010326225750.A7478@electron.bux> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from Bjorklundr@GAO.GOV on Mon, Mar 26, 2001 at 11:01:50AM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk Hi, You can maybe improve a little on the example below, at least if you can use OpenSSH and can create specific accounts. If you use the authorized_keys file to authenticate and the options in the authorized_keys file to restrict the command being executed, together with authentication forwarding, you restrict what can be done on the gateway machine and you restrict what can be done on the destination machine. (basicaly you can make sure files can only be put in a sub-tree of the file system.) It gives also some end-to-end authentication. You would have to create a passwordless key on the originating host. just my .02 Maarten. On Mon, Mar 26, 2001 at 11:01:50AM -0500, Rich Bjorklund wrote: > Use the following: > > tar -cf - file-to-move | \ > ssh -l gateway-userid gateway-machine \ > "(ssh -l target-userid target-machine \"tar -xf - \")" > > This will use the gateway-machine, not a direct connection, but > will not actually write the file on the gateway-machine. For > this to work, the target-machine must have an shosts file in > the ~target-userid/ directory with the appropriate entries: > > ~target-userid/.shosts (with permission 600) > --------------------------------------------- > gateway-userid gateway-machine > gateway-userid gateway-machine.mydomain > > This has the potentially negative impact of allowing anyone with > access to the gateway-userid to have access to the target-useid on > the target-machine. If you want to automate the entire process-- > say from cron--then you need a similar file on the gateway-machine, > granting rights to the source-machine. This has the potentially > of granting access to the gateway-userid on the gateway-machine to > anyone with access to the source-userid on the source-machine--and > indirectly access to the target-userid on the target-machine. > > ~gateway-userid/.shosts (with permission 600) > --------------------------------------------- > source-userid source-machine > source-userid source-machine.mydomain > > In all of the above, replace > > source-userid with the userid on the source machine. > source-machine with the hostname of the source machine. > gateway-userid with the userid on the gateway machine. > gateway-machine with the hostname of the gateway machine. > target-userid with the userid on the target machine. > target-machine with the hostname of the target machine. > > -Rich Bjorklund > -- > ============================================================= > == Richard A. Bjorklund, Senior Unix/Network Engineer == > == Postmaster: root@gao.gov Email Postmaster, U. S. GAO == > == Email: bjorklundr@gao.gov Voice:202-512-3191 FAX: 4459 == > ============================================================= > > > >>> "Mr. Alcourt" 03/19/2001 22:38:49 >>> > -----BEGIN PGP SIGNED MESSAGE----- > > I've been tasked with the unenviable task of setting up a solution of > copying data through a gateway box (which I have control over) to another > box. For political reasons, the file cannot sit on the gateway box for > any length of time if at all possible, and cannot be sent directly to the > destination either. I'm trying to set up a way to do this with ssh, but > am having problems with an autoforward through the middle machine. At the > moment, we are pretty much committed to trying to use ssh to get this > done. > > Any hints anyone can reccomend? > > - -- > Mr. Alcourt http://www.execpc.com/~alcourt/ > "I may disagree with what you say, but I will defend unto the death > your right to say it." -- Voltaire > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.4 (GNU/Linux) > Comment: Made with pgp4pine 1.75-6 > > iQCVAwUBOrbQzNHXH7Z+KmdxAQEsQQQAs2v3ddFvWIz+uVOLlnixSUIXXjwKQuPw > i7E0NKIR1R034DzIk8H8bMafzx/hGEKEt1PEEQGCOIaC88L4QqMdRg1ifj+SrizO > 8UJWUYwOFl2GoCl6xh+kISgzPnoFsmc7nO75naJV/+aTVTOwHl6YQZYIX02WcUKc > kXhaKC+ZPpk= > =lkWo > -----END PGP SIGNATURE----- > > From sage-members-owner@usenix.org Wed Mar 28 14:53:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f2SMhZx25756 for sage-members-outgoing; Wed, 28 Mar 2001 14:43:35 -0800 (PST) Received: from phxmx61.mattel.net ([63.100.129.36]) by usenix.org (8.11.0/8.11.0) with ESMTP id f2SMhYG25752 for ; Wed, 28 Mar 2001 14:43:34 -0800 (PST) Received: from naphx61.matna.mattel.com (mailhub3.mattel.net [156.20.109.250]) by phxmx61.mattel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id GFDKD7LC; Wed, 28 Mar 2001 15:43:20 -0700 Received: from 156.20.190.22 by naphx61.matna.mattel.com (InterScan E-Mail VirusWall NT); Wed, 28 Mar 2001 15:43:06 -0700 Received: from naphx61.matna.mattel.com ([127.0.0.1]) by naphx61.matna.mattel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HZBHKL5N; Wed, 28 Mar 2001 15:43:06 -0700 Received: from 153.12.84.25 by naphx61.matna.mattel.com (InterScan E-Mail VirusWall NT); Wed, 28 Mar 2001 15:43:05 -0700 Received: by mdl-silicon.pleasantco.com with Internet Mail Service (5.5.2653.19) id ; Wed, 28 Mar 2001 16:42:49 -0600 Message-ID: <596E6ADAB278D111BCD500A0C9968148072C3458@MDL_IRON> From: neil_strand@pleasantco.com To: sage-members@usenix.org Subject: RE: Oracle 8.1.6 on Sun E10000: Performance? What performance? Date: Wed, 28 Mar 2001 16:43:05 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-sage-members@usenix.org Precedence: bulk Gabe, A quick check of metalink recommends that you be running Oracle 8.1.6.3. You may want to check this. Also, our Oracle guru recommends using Solaris 8. Neil Strand Pleasant Co. (608) 836-7200 x4332 Sometimes, all you have is luck. From sage-members-owner@usenix.org Tue Apr 3 10:52:56 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f33Hcwj21464 for sage-members-outgoing; Tue, 3 Apr 2001 10:38:58 -0700 (PDT) Received: from mcst.gsfc.nasa.gov (mcst.gsfc.nasa.gov [198.119.44.143]) by usenix.org (8.11.0/8.11.0) with ESMTP id f33HctG21460 for ; Tue, 3 Apr 2001 10:38:56 -0700 (PDT) Received: from aerialist.gsfc.nasa.gov (IDENT:osteiner@aerialist.gsfc.nasa.gov [198.119.44.58]) by mcst.gsfc.nasa.gov (Switch-2.0.6/Switch-2.0.6) with SMTP id f33Hcjk05640 for ; Tue, 3 Apr 2001 13:38:45 -0400 (EDT) Content-Type: text/plain; charset="iso-8859-1" From: Owen Steinert Organization: NASA/GSFC/MCST To: sage-members@usenix.org Subject: APIC module for M720II motherboard anyone? Date: Tue, 3 Apr 2001 13:38:45 -0400 X-Mailer: KMail [version 1.2] MIME-Version: 1.0 Message-Id: <0104031338450G.09738@aerialist.gsfc.nasa.gov> Content-Transfer-Encoding: 8bit Sender: owner-sage-members@usenix.org Precedence: bulk I hope I'm not breaking any rules by posting this here, but I need some help: Does anyone have, or know of somwhere where I can get, an APIC module for a pcchips M720II "Elpina" dual processor Pentium II motherboard? The manufacturer has discontinued the item, but I'd really like to lay my hands on one of the elusive rascals and turn my home PC into a SMP Linux box. I already have everything else I need, but I can't find an available APIC module anywhere. Thanks in advance, Owen -- __________________________ Owen Steinert osteinert@t-three.com GPG Key ID: C6C04FF8 From sage-members-owner@usenix.org Tue Apr 3 14:46:03 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f33Laki23973 for sage-members-outgoing; Tue, 3 Apr 2001 14:36:46 -0700 (PDT) Received: from beaker.ziggurat.org (viv-4.soho.enteract.com [216.80.24.180]) by usenix.org (8.11.0/8.11.0) with ESMTP id f33LaiG23969 for ; Tue, 3 Apr 2001 14:36:44 -0700 (PDT) Received: from shell-2.enteract.com (shell-2.enteract.com [207.229.143.41]) by beaker.ziggurat.org (8.9.1b+Sun/8.9.1) with ESMTP id QAA14667 for ; Tue, 3 Apr 2001 16:33:55 -0500 (CDT) Date: Tue, 3 Apr 2001 16:36:29 -0500 (CDT) From: Sabrina Downard X-Sender: viv@shell-2.enteract.com To: sage-members@usenix.org Subject: urgently need two old sun patches Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Hi! I've got somewhat of a situation here and I urgently need two Solaris 7 patches which are now off SunSolve because they've been superceded. I don't know if they're contract-only patches, but if so, I promise we have contract coverage. Honest, contract number and everything. :) Does anyone have tarballs of 106541-14 and 107476-06 they can send me within the next few hours? The situation is, we have a production Oracle server and a test Oracle server, and we're scheduled to load the test server's patches on the production server, and somehow the directory with the patches in it got deleted and now if I can't find those two blasted patches a whole lot of stuff falls apart. Sigh. -- sabrina downard ~ Madness takes its toll. Please have exact change. viv@ziggurat.org ~ Soapmaker's Resources: http://www.ziggurat.org/soap/ We may be 'fringe,' but we are many and we are MAD! http://www.fringefolk.com/ From sage-members-owner@usenix.org Tue Apr 3 16:46:50 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f33Ncou24757 for sage-members-outgoing; Tue, 3 Apr 2001 16:38:50 -0700 (PDT) Received: (from jrl@localhost) by usenix.org (8.11.0/8.11.0) id f33Ncnd24752 for sage-members@usenix.org; Tue, 3 Apr 2001 16:38:50 -0700 (PDT) Received: from mr1.ash.ops.us.uu.net (mr1.ash.ops.us.uu.net [198.5.241.86]) by usenix.org (8.11.0/8.11.0) with ESMTP id f331FeG19441 for ; Mon, 2 Apr 2001 18:15:41 -0700 (PDT) Received: from proxy2.ba.best.com by mr1.ash.ops.us.uu.net with ESMTP (peer crosschecked as: proxy2.ba.best.com [206.184.139.14]) id QQkjbr24085 for ; Mon, 2 Apr 2001 23:45:21 GMT From: phil@bolthole.com Received: from shell3.ba.best.com (bolthole@shell3.ba.best.com [206.184.139.134]) by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with SMTP id QAA25832 for ; Mon, 2 Apr 2001 16:39:34 -0700 (PDT) Received: by shell3.ba.best.com (sSMTP sendmail emulation); Mon, 2 Apr 2001 16:39:33 -0700 Date: Mon, 2 Apr 2001 16:39:33 -0700 To: sage-members@usenix.org Subject: US-CA-LA: SNMP presentation (last sage announcement for uuasc) Message-ID: <20010402163933.A5541@bolthole.com> Mail-Followup-To: sage-members@usenix.org References: <200103230211.SAA10699@noh.ucsd.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200103230211.SAA10699@noh.ucsd.edu>; from paw@noh.ucsd.edu on Thu, Mar 22, 2001 at 06:11:50PM -0800 Sender: owner-sage-members@usenix.org Precedence: bulk Hi folks, let me start out by saying that since our "new" group has grown to quite a decent attendance, this will be my last announcement to the sage-members mailing list. If you'd like to receive announcements about future UUASC-LA meetings, please subscribe to the announce-only mailing list, details of which are at; http://www.uuasc.org/announce.html That being said: This Thursday will be a free presentation about SNMP, for the local sage UNIX group in Los Angeles. Topic: Intro to SNMP Presented by Dallas Legan Concepts that will be covered: * ASN.1 - abstract syntax notation * PDU - protocol data unit * MIB - Management Information Base and other issues relavant to the topic, in all the detail you could possibly ask for! Dallas recently developed Perl/SNMP/IP software for configuring Nortel Baystack 450 networking switches. Prior to that he programmed on various systems ranging from PCs to Crays. 7pm, at TRW, Building R2, room 1177A One Space Park Drive, Redondo Beach, CA. A telephone into the room is 310-812-5607 **You may need to call this number to be let in the building** more detailed directions and a map are available at http://www.bolthole.com/uuala/ Thanks, and hope to see any local sage folks there! From sage-members-owner@usenix.org Tue Apr 3 17:09:12 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f3402Hu24940 for sage-members-outgoing; Tue, 3 Apr 2001 17:02:17 -0700 (PDT) Received: from sj-msg-core-1.cisco.com (sj-msg-core-1.cisco.com [171.71.163.11]) by usenix.org (8.11.0/8.11.0) with ESMTP id f3402FG24936 for ; Tue, 3 Apr 2001 17:02:15 -0700 (PDT) Received: from overnight.cisco.com (overnight.cisco.com [171.71.154.85]) by sj-msg-core-1.cisco.com (8.9.3/8.9.1) with ESMTP id RAA19450 for ; Tue, 3 Apr 2001 17:02:01 -0700 (PDT) Received: from anjan-w2k (dhcp-171-71-107-133.cisco.com [171.71.107.133]) by overnight.cisco.com (Mirapoint) with SMTP id AAB18421; Tue, 3 Apr 2001 17:01:55 -0700 (PDT) Message-Id: <4.1.20010403170327.0127eab0@mail.earthlink.net> X-Sender: anjan@mail.earthlink.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 03 Apr 2001 17:03:40 -0700 To: sage-members@usenix.org From: Anjan Nadimpalli Subject: Anybody have experience with SUN T3 with DMP and Veritas? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-sage-members@usenix.org Precedence: bulk If you have the experience and have some cycles to spare please let me know... thanks in advance, ---Anjan. From sage-members-owner@usenix.org Tue Apr 3 17:11:09 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f3404Nt24957 for sage-members-outgoing; Tue, 3 Apr 2001 17:04:23 -0700 (PDT) Received: from beaker.ziggurat.org (viv-4.soho.enteract.com [216.80.24.180]) by usenix.org (8.11.0/8.11.0) with ESMTP id f3404MG24953 for ; Tue, 3 Apr 2001 17:04:22 -0700 (PDT) Received: from shell-2.enteract.com (shell-2.enteract.com [207.229.143.41]) by beaker.ziggurat.org (8.9.1b+Sun/8.9.1) with ESMTP id TAA14694 for ; Tue, 3 Apr 2001 19:01:38 -0500 (CDT) Date: Tue, 3 Apr 2001 19:04:10 -0500 (CDT) From: Sabrina Downard X-Sender: viv@shell-2.enteract.com To: sage-members@usenix.org Subject: got the patches! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk Thanks to those who offered and those who might yet (you rule!). I now have the patches and am de-stressing by the minute. :) -- sabrina downard ~ Madness takes its toll. Please have exact change. viv@ziggurat.org ~ Soapmaker's Resources: http://www.ziggurat.org/soap/ We may be 'fringe,' but we are many and we are MAD! http://www.fringefolk.com/ From sage-members-owner@usenix.org Wed Apr 4 07:29:26 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f34EJZS26627 for sage-members-outgoing; Wed, 4 Apr 2001 07:19:35 -0700 (PDT) Received: from gauntlet.telerama.com (root@gauntlet.telerama.com [205.201.1.214]) by usenix.org (8.11.0/8.11.0) with ESMTP id f34EJXG26623 for ; Wed, 4 Apr 2001 07:19:33 -0700 (PDT) Received: from gauntlet.telerama.com (deeann@gauntlet.telerama.com [205.201.1.214]) by gauntlet.telerama.com (8.11.0/8.11.0) with ESMTP id f34EJ4H12865 for ; Wed, 4 Apr 2001 10:19:04 -0400 (EDT) Date: Wed, 4 Apr 2001 10:19:04 -0400 (EDT) From: deeann mikula To: sage-members@usenix.org Subject: NOC furniture Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk i'm looking for some sources for shelving, cages, racks, etc. for our NOC remodeling. what vendors /catalog/ websites do people drool over when thinking about expanding their NOCs? (other than the hardware!) i'm looking for pretty as well as sturdy, of course. thanks! deeann m.m. mikula director of operations telerama public access internet http://www.telerama.com 1.877.688.3200 From sage-members-owner@usenix.org Wed Apr 4 11:55:20 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f34IiOg28645 for sage-members-outgoing; Wed, 4 Apr 2001 11:44:24 -0700 (PDT) Received: from belgarath.spotter.yi.org (dhcp065-024-215-097.insight.rr.com [65.24.215.97]) by usenix.org (8.11.0/8.11.0) with ESMTP id f34IiNG28641 for ; Wed, 4 Apr 2001 11:44:23 -0700 (PDT) Received: by belgarath.spotter.yi.org (Postfix, from userid 501) id EEE27729DD; Wed, 4 Apr 2001 14:44:38 -0400 (EDT) Received: from belgarion.spotter.yi.org (localhost [127.0.0.1]) by belgarath.spotter.yi.org (Postfix) with ESMTP id EBFAF14C3; Wed, 4 Apr 2001 14:44:38 -0400 (EDT) To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: NOC furniture In-Reply-To: Your message of "Wed, 04 Apr 2001 10:19:04 EDT." Date: Wed, 04 Apr 2001 14:44:33 -0400 From: "Stephen P. Potter" Message-Id: <20010404184438.EEE27729DD@belgarath.spotter.yi.org> Sender: owner-sage-members@usenix.org Precedence: bulk Lightning flashed, thunder crashed and deeann mikula whis pered: | | i'm looking for some sources for shelving, cages, racks, etc. for our | NOC remodeling. what vendors /catalog/ websites do people drool over | when thinking about expanding their NOCs? (other than the hardware!) Belkin has a good line of racks and cabinets. SMC+ (smcplus.com) has some really nice looking NOC furniture and racks. Shark Rack has really nice racks and mounting kits for Suns. -spp From sage-members-owner@usenix.org Wed Apr 4 12:13:49 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f34J6nO28916 for sage-members-outgoing; Wed, 4 Apr 2001 12:06:49 -0700 (PDT) Received: from peter.byzantium.com ([62.232.10.133]) by usenix.org (8.11.0/8.11.0) with ESMTP id f34J6mG28912 for ; Wed, 4 Apr 2001 12:06:48 -0700 (PDT) Received: from host213-1-118-127.dialup.lineone.co.uk ([213.1.118.127] helo=chocolate) by peter.byzantium.com with smtp (Exim 3.22 #1) id 14ksaX-0004Oq-00 for sage-members@usenix.org; Wed, 04 Apr 2001 20:05:07 +0100 Message-ID: <002f01c0bd3a$45c70e80$7f7601d5@chocolate> From: "Edward Rolison" To: sage-members@usenix.org References: Subject: Re: NOC furniture Date: Wed, 4 Apr 2001 20:05:48 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 Sender: owner-sage-members@usenix.org Precedence: bulk ----- Original Message ----- From: "deeann mikula" To: Sent: Wednesday, April 04, 2001 3:19 PM Subject: NOC furniture > > i'm looking for some sources for shelving, cages, racks, etc. for our > NOC remodeling. what vendors /catalog/ websites do people drool over > when thinking about expanding their NOCs? (other than the hardware!) > > i'm looking for pretty as well as sturdy, of course. http://www.poetictech.com Maybe not _quite_ suited to a NOC, but... From sage-members-owner@usenix.org Wed Apr 4 14:23:02 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f34LEEm00283 for sage-members-outgoing; Wed, 4 Apr 2001 14:14:14 -0700 (PDT) Received: from lanning.cc ([63.166.8.14]) by usenix.org (8.11.0/8.11.0) with ESMTP id f34LEDG00279 for ; Wed, 4 Apr 2001 14:14:13 -0700 (PDT) Received: (from lanning@localhost) by lanning.cc (8.11.0/8.11.0) id f34LDCX04968; Wed, 4 Apr 2001 14:13:12 -0700 From: Robert Hajime Lanning Message-Id: <200104042113.f34LDCX04968@lanning.cc> Subject: Re: NOC furniture To: sage-members@usenix.org Date: Wed, 4 Apr 2001 14:13:11 -0700 (PDT) Cc: sage-members@usenix.org In-Reply-To: from "deeann mikula" at Apr 04, 2001 10:19:04 AM X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk www.intech-furniture.com www.wrightline.com ---- As written by deeann mikula: > > > i'm looking for some sources for shelving, cages, racks, etc. for our > NOC remodeling. what vendors /catalog/ websites do people drool over > when thinking about expanding their NOCs? (other than the hardware!) > > i'm looking for pretty as well as sturdy, of course. > > thanks! > > deeann m.m. mikula > director of operations > > telerama public access internet > http://www.telerama.com > 1.877.688.3200 > > > > -- /* Robert Hajime Lanning lanning@lanning.cc ** Trade: Unix Systems Administrator (Senior level) (SAGE IV) */ #include From sage-members-owner@usenix.org Wed Apr 4 14:29:21 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f34LMUo00348 for sage-members-outgoing; Wed, 4 Apr 2001 14:22:30 -0700 (PDT) Received: from kermit.snew.com (kermit.snew.com [206.136.66.62]) by usenix.org (8.11.0/8.11.0) with ESMTP id f34LMTG00340 for ; Wed, 4 Apr 2001 14:22:29 -0700 (PDT) Received: (from chuck@localhost) by kermit.snew.com (8.11.3/8.11.3) id f34LMHS15109; Wed, 4 Apr 2001 14:22:17 -0700 (PDT) Date: Wed, 4 Apr 2001 14:22:16 -0700 From: Chuck Yerkes To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: DNS & Changing Class C ?? Message-ID: <20010404142216.A14620@snew.com> References: <3ABB63BB.4735EBB6@snert.com> <20010323120749.X1422@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010323120749.X1422@redhat.com>; from bandregg@redhat.com on Fri, Mar 23, 2001 at 12:07:49PM -0500 Sender: owner-sage-members@usenix.org Precedence: bulk Quoting Bryan C. Andregg (bandregg@redhat.com): > On Fri, Mar 23, 2001 at 03:54:51PM +0100, Anthony Howe mailed: > > I'm wondering if the collective experience of SAGE has any canned > > procedures for the best way to migrate machines & services from one > > Class C to another? > > If at all possible migrate to NAT and choose your own addresses. If you can do > this, and the NAT hardware supports it (which most should) you can start > migrating all non-server machines to the NAT addresses immediately and roll > your transition. Ick - I'm tired of cleaning up NAT stuff (do you really mean RFC1819 addresses -192.168.*.*, 10.*.*.* and 172.???.*.*). The way I've done mass migration for a while is by running the machines with little information on them. It depends on WHAT you are migrating (you don't really say): My first large networks had lots of xterm's and diskless machines on them, so they always had bootservers and bootp (use DHCP these days). Key from moving from our Class C to our Class B (we had 4 locations and 200+ machines, so they gave us a Class B - ah those were the days) was to change the dhcpd.conf and dns zone file info first, halt the clients (except my machine), redo the servers (by hand, the DHCP/DNS servers) and reboot them. Make sure THEY are ok. Then bring up the clients. There is really little reason for ANYTHING to refer to hardcoded IP addresses. Some software used to license to that, I'd just use an IP alias for those. /etc/hosts files can remain almost empty and should for administrative needs. That said, "Virtual interface" stuff was started for this reason (it was pre-WWW popularity by a year or so). I could give my machine (servers usually) the OLD address AND the new address at the same time. Move clients in small batches and life would be ok. Then I could withdraw the old address from the servers address at the same time. Move clients in small batches and life would be ok. Then I could withdraw the old address from the servers. Other strategies will work for different situations. chuck From sage-members-owner@usenix.org Wed Apr 4 15:14:33 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f34M6KD00739 for sage-members-outgoing; Wed, 4 Apr 2001 15:06:20 -0700 (PDT) Received: from kermit.snew.com (kermit.snew.com [206.136.66.62]) by usenix.org (8.11.0/8.11.0) with ESMTP id f34M6JG00735 for ; Wed, 4 Apr 2001 15:06:19 -0700 (PDT) Received: (from chuck@localhost) by kermit.snew.com (8.11.3/8.11.3) id f34M5YY15477; Wed, 4 Apr 2001 15:05:34 -0700 (PDT) Date: Wed, 4 Apr 2001 15:05:34 -0700 From: Chuck Yerkes To: sage-members@usenix.org Cc: sage-members@usenix.org Subject: Re: Kerberos over a WAN? Message-ID: <20010404150534.B14620@snew.com> References: <20010320105645.E1283@duckland.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010320105645.E1283@duckland.org>; from duck@duckland.org on Tue, Mar 20, 2001 at 10:56:46AM -0600 Sender: owner-sage-members@usenix.org Precedence: bulk This was the POINT of kerberos - the network is not trusted, hell, fully athenized, the MACHINES aren't trusted (the default "guest account" was "root"/passwd="mrroot") In short, given connectivity over the WAN it will work. If you are connecting via a WAN, then the problem is moot. If you can't connect, then it doesn't matter if you can't authenticate. Alternatives to make this more robust include running a slave server on a brutally secure machine in a brutally secure cabinet at an alternate location (I've recommended raising the cabinet on rubber feet and running 220V/AC through the chassis - nobody takes me up on that :). The big kerberos failing is that when cracker gets the K server, your keys are now a vulnerability. Quoting Don Duck Harper (duck@duckland.org): > So, my company needs to have machines at our client sites. We want to do a centeralized auth management for things like passwords. Kerberos comes to mind, but I do not know if I > can have a client get a key from a keyserver over an untrusted WAN connection? > > Anyone have any pointers for me to go look at if you can do it? From sage-members-owner@usenix.org Wed Apr 4 19:06:52 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f351wmm02441 for sage-members-outgoing; Wed, 4 Apr 2001 18:58:48 -0700 (PDT) Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by usenix.org (8.11.0/8.11.0) with ESMTP id f351wlG02437 for ; Wed, 4 Apr 2001 18:58:47 -0700 (PDT) Received: from [194.78.241.123] ([194.78.241.123]) by riker.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with ESMTP id f351wUq08381 for ; Thu, 5 Apr 2001 03:58:30 +0200 (MET DST) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: Date: Thu, 5 Apr 2001 03:56:47 +0200 To: sage-members@usenix.org From: Brad Knowles Subject: smtp-mx.mac.com an open relay... Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk Folks, I don't know if anyone on this mailing list is using an "@mac.com" e-mail address, but I just discovered that the mail server they're using is an open relay -- it is vulnerable to the percent hack. Worse, they try to hide the version of the software they use in the SMTP dialog process, but they don't strip "Received:" headers that show this same information. Interestingly, it appears that their outbound mail servers are running a fairly vanilla sendmail 8.11.x configuration, at least based on the way the queue-id was assigned. I also found it interesting that this server was supposedly tested by ORBS but found to be secure against relaying, so I'm betting that CriticalPath (yup, they're the host -- check traceroute, where all my packets are stopped at CriticalPath2.s2-1-0.ar1.SFO1.gblx.net [207.138.186.186]) blocks the ORBS tester(s). Strangely, what alerted me to the fact that they were an open relay was the testing tool at , so I don't understand why in the world they would be blocking the ORBS tester and not also the abuse.net relay tester. I also note that the nameservers within mac.com are both authoritative and recursive/caching, and claim to be running BIND 8.2.3-REL, and I have recently heard some whispers that this version of BIND is also vulnerable to a similar attack as previous versions of BIND 8 were vulnerable to (which is why BIND 8.2.3-REL was created). Therefore, not only can you relatively easily cache-poison these machines and subvert them that way, there's a decent chance that you could subvert them with something like the Lion worm. So far as I can tell, they haven't even turned off zone transfers from within BIND (as Apple does on their own nameservers), instead what they've done is block TCP port 53 at the firewall. Therefore, if there are any legitimate queries that would be made with TCP to this domain, the nameservers provided by CriticalPath would be totally unaware of them. Checking out CriticalPath.net a bit more, it seems that their main mail server is strangely "inbound.criticalpath.net.criticalpath.net" with IP address 209.228.12.53. Of course, this IP address doesn't map back into a host name remotely like this. Moreover, it appears that this machine may be vulnerable to a quoted percent hack scheme (e.g., something like an envelope sender "user%bogusdomain", including the double-quote characters). Their backup MXes claim to be running qmail, but may be configured insecurely, as they at least accept an envelope recipient with the percent hack. This is a company who supposedly is a world-leader in outsourcing Internet mail services, and this is the best quality of service they can provide? If you look at their list of "products" at , it seems to me like they've *really* lost their focus. If you look at their list of strategic alliances at , it strikes me that they have a lot of impressive names up there, but there is a very curious omission -- where is the strategic partner that provides them with the top-flight quality MTAs and other mail server software that they use? It seems to me that since this is the very core of their business, that they'd really want to trumpet this fact, but yet any names I would recognize are mysteriously missing. They've been publicly listed as CPTH on Nasdaq for almost two years, and up until October of 2000, they never really went much below $50/share, with a peak of $87/share apparently around March of 2000. They're now worth $1.53125/share, and have a market cap of $112.8M (see ), and they have *vastly* underperformed the Nasdaq market as a whole for the entire time that they've been listed (see if you want a laugh, or cry if you happen to be a stock-holder/employee with options). Is it any wonder? Anyway, in case you're interested, I would expect all hell to break loose in the next few days, with regards to this domain. If I were Apple, I certainly wouldn't be outsourcing that project to CriticalPath. -- Brad Knowles, /* efdtt.c Author: Charles M. Hannum */ /* Represented as 1045 digit prime number by Phil Carmody */ /* Prime as DNS cname chain by Roy Arends and Walter Belgers */ /* */ /* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */ /* where title-key = "153 2 8 105 225" or other similar 5-byte key */ dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}' From sage-members-owner@usenix.org Wed Apr 4 19:10:02 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f35233x02451 for sage-members-outgoing; Wed, 4 Apr 2001 19:03:03 -0700 (PDT) Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by usenix.org (8.11.0/8.11.0) with ESMTP id f35231G02447 for ; Wed, 4 Apr 2001 19:03:01 -0700 (PDT) Received: from [194.78.241.123] ([194.78.241.123]) by picard.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with ESMTP id f3522n211575 for ; Thu, 5 Apr 2001 04:02:49 +0200 (MET DST) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be (Unverified) Message-Id: Date: Thu, 5 Apr 2001 04:02:19 +0200 To: sage-members@usenix.org From: Brad Knowles Subject: smtp-mx.mac.com an open relay... Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk Folks, I don't know if anyone on this mailing list is using an "@mac.com" e-mail address, but I just discovered that the mail server they're using is an open relay -- it is vulnerable to the percent hack. Worse, they try to hide the version of the software they use in the SMTP dialog process, but they don't strip "Received:" headers that show this same information. Interestingly, it appears that their outbound mail servers are running a fairly vanilla sendmail 8.11.x configuration, at least based on the way the queue-id was assigned. I also found it interesting that this server was supposedly tested by ORBS but found to be secure against relaying, so I'm betting that CriticalPath (yup, they're the host -- check traceroute, where all my packets are stopped at CriticalPath2.s2-1-0.ar1.SFO1.gblx.net [207.138.186.186]) blocks the ORBS tester(s). Strangely, what alerted me to the fact that they were an open relay was the testing tool at , so I don't understand why in the world they would be blocking the ORBS tester and not also the abuse.net relay tester. I also note that the nameservers within mac.com are both authoritative and recursive/caching, and claim to be running BIND 8.2.3-REL, and I have recently heard some whispers that this version of BIND is also vulnerable to a similar attack as previous versions of BIND 8 were vulnerable to (which is why BIND 8.2.3-REL was created). Therefore, not only can you relatively easily cache-poison these machines and subvert them that way, there's a decent chance that you could subvert them with something like the Lion worm. So far as I can tell, they haven't even turned off zone transfers from within BIND (as Apple does on their own nameservers), instead what they've done is block TCP port 53 at the firewall. Therefore, if there are any legitimate queries that would be made with TCP to this domain, the nameservers provided by CriticalPath would be totally unaware of them. Checking out CriticalPath.net a bit more, it seems that their main mail server is strangely "inbound.criticalpath.net.criticalpath.net" with IP address 209.228.12.53. Of course, this IP address doesn't map back into a host name remotely like this. Moreover, it appears that this machine may be vulnerable to a quoted percent hack scheme (e.g., something like an envelope sender "user%bogusdomain", including the double-quote characters). Their backup MXes claim to be running qmail, but may be configured insecurely, as they at least accept an envelope recipient with the percent hack. This is a company who supposedly is a world-leader in outsourcing Internet mail services, and this is the best quality of service they can provide? If you look at their list of "products" at , it seems to me like they've *really* lost their focus. If you look at their list of strategic alliances at , it strikes me that they have a lot of impressive names up there, but there is a very curious omission -- where is the strategic partner that provides them with the top-flight quality MTAs and other mail server software that they use? It seems to me that since this is the very core of their business, that they'd really want to trumpet this fact, but yet any names I would recognize are mysteriously missing. They've been publicly listed as CPTH on Nasdaq for almost two years, and up until October of 2000, they never really went much below $50/share, with a peak of $87/share apparently around March of 2000. They're now worth $1.53125/share, and have a market cap of $112.8M (see ), and they have *vastly* underperformed the Nasdaq market as a whole for the entire time that they've been listed (see if you want a laugh, or cry if you happen to be a stock-holder/employee with options). Is it any wonder? Anyway, in case you're interested, I would expect all hell to break loose in the next few days, with regards to this domain. If I were Apple, I certainly wouldn't be outsourcing that project to CriticalPath. -- Brad Knowles, /* efdtt.c Author: Charles M. Hannum */ /* Represented as 1045 digit prime number by Phil Carmody */ /* Prime as DNS cname chain by Roy Arends and Walter Belgers */ /* */ /* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */ /* where title-key = "153 2 8 105 225" or other similar 5-byte key */ dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}' From sage-members-owner@usenix.org Wed Apr 4 21:05:47 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f353w8f02752 for sage-members-outgoing; Wed, 4 Apr 2001 20:58:08 -0700 (PDT) Received: from gauntlet.telerama.com (root@gauntlet.telerama.com [205.201.1.214]) by usenix.org (8.11.0/8.11.0) with ESMTP id f353w6G02748 for ; Wed, 4 Apr 2001 20:58:06 -0700 (PDT) Received: from gauntlet.telerama.com (deeann@gauntlet.telerama.com [205.201.1.214]) by gauntlet.telerama.com (8.11.0/8.11.0) with ESMTP id f353vaH19392 for ; Wed, 4 Apr 2001 23:57:36 -0400 (EDT) Date: Wed, 4 Apr 2001 23:57:36 -0400 (EDT) From: deeann mikula Reply-To: Pittsburgh SAGE To: sage-members@usenix.org Subject: Pittsburgh, PA SAGE Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-sage-members@usenix.org Precedence: bulk It was suggested to me that I mail this list to get the word out about our new SAGE local group in Pittsburgh, PA. If you are in or around Pittsburgh, this may be of interest to you. If you run a SAGE local, this might also be of interest to you. I'd love to hear from some other organizers! The pghsage website has been updated, with complete information about the next meeting, mailing lists and sponsors. Check it out at http://www.pghsage.org. Your two dedicated pghsage organizers will be present at this Thursdays Pittsburgh Geek Night at the Foundry Ale Works. (http://www.pghgeeks.org) We can answer your questions or provide more details in person. The first meeting of pghsage will be on Thursday, May 3, 2001 from 7-8:30pm. These meetings will be bi-monthly, occurring on the first Thursday of every other month OPPOSITE Geek Nights at the Foundry Ale Works. That should be easy to remember, its either the pghsage meeting or Geek Night on the first Thursday of each month! The meeting will be held in the Social Room of the Mellon Institute. The building is located on the corner of Fifth and Bellefield . Folks should enter on the Bellefield side (a map is on the website.) The Social Room is on the left side not long after walking in through the doors. Our initial meeting will be mainly introductory/organizational. Bring your ideas and thoughts about what you want this group to be! tutorial topics? speakers? structure? discussions? vendor info? Do you have the burning desire to HELP? Come to the meeting and let us know! We have also created two mailing lists. A discussion list and an announce-only list. The discussion list will be unmoderated, subscriber-only open discussion on topics relevant to SA'ing in pittsburgh, along with meeting announcements. If you want to be reminded of the bi-monthly meetings and their topics, but NOT take part in the open discussion please join the announce-only list. You can reply to this message if you have any questions about pghsage, or of course, look for us Thursday at the foundry. We hope to see you all there! Your pghsage organizers, deeann mikula Esther Filderman Pittsburgh SAGE -- http://www.pghsage.org From sage-members-owner@usenix.org Wed Apr 4 22:01:42 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f354sY602938 for sage-members-outgoing; Wed, 4 Apr 2001 21:54:34 -0700 (PDT) Received: from yfandes.cs.wisc.edu (yfandes.cs.wisc.edu [128.105.162.24]) by usenix.org (8.11.0/8.11.0) with ESMTP id f354sWG02933 for ; Wed, 4 Apr 2001 21:54:32 -0700 (PDT) Received: from yfandes.cs.wisc.edu (localhost [127.0.0.1]) by yfandes.cs.wisc.edu (8.9.2/8.9.2) with ESMTP id XAA15451; Wed, 4 Apr 2001 23:54:21 -0500 (CDT) Message-Id: <200104050454.XAA15451@yfandes.cs.wisc.edu> To: sage-members@usenix.org cc: sage-members@usenix.org, sage-exec@usenix.org Subject: Re: Pittsburgh, PA SAGE Date: Wed, 04 Apr 2001 23:54:20 -0500 From: David Parter Sender: owner-sage-members@usenix.org Precedence: bulk Congrats on starting a new SAGE local group! (If anyone else wants to start a local group, please do -- if you need help or hints, please send mail to gale@sage.org or sage-exec@sage.org). --david David Parter, SAGE President parter@sage.org From sage-members-owner@usenix.org Thu Apr 5 17:58:47 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f360juv08339 for sage-members-outgoing; Thu, 5 Apr 2001 17:45:56 -0700 (PDT) Received: from mail.mirapoint.com (IDENT:mirapoint@mail.mirapoint.com [208.48.74.2]) by usenix.org (8.11.0/8.11.0) with ESMTP id f360jsG08335 for ; Thu, 5 Apr 2001 17:45:55 -0700 (PDT) Received: from virtual.net (dhcp12.mirapoint.com [192.168.4.12]) by mail.mirapoint.com (Mirapoint) with ESMTP id ACW10499; Thu, 5 Apr 2001 17:45:44 -0700 (PDT) Message-ID: <3ACD12A1.B91CE2CF@virtual.net> Date: Thu, 05 Apr 2001 17:49:37 -0700 From: Strata Rose Chalup Reply-To: strata@virtual.net Organization: VirtualNet Consulting X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: sage-members@usenix.org Subject: Re: smtp-mx.mac.com an open relay... References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-sage-members@usenix.org Precedence: bulk This is a great example of what happens when you don't have good continuity between a site's design specifications and an outsourcing project. I don't know the details of the outsourcing, but I do know the details of the original mail specifications-- I was the contract project manager for the Netscape team that implemented the initial on-site mail and directory services in 1999 as Apple built mac.com. The main part of the team, including myself, had wrapped up into sustaining engineering mode and left the site by November of 1999, but two key engineers stayed available to Apple up through the official launch in January 2000. We had a tight spec that clearly gave both requirements and test conditions for mail server security. The original multi-tier mail architecture had, among other things, anti-relay quite specifically implemented. Our test procedures for it included testing from inside the mac.com LAN, from inside the Apple network but outside the mac.com address space, from random outside sites, and from dialins to the ISP partners on the project. I still have a copy of the architecture document, (I save everything), but I'm sure it's still covered by NDA so I can't send it along. Any outsourcing firm working from that document would have seen it in black and white--- if they ever saw the document in the first place. :-( I made some inquiries, and only one of the Apple folks I worked with on the original project team seems to be still at Apple and possibly still with the mac.com project. I forwarded Brad's note to that person, and I hope they take action. It might have been appropriate to contact the site first, rather than posting the vulnerability to a public forum, but perhaps that was already done and the listed site contacts failed to respond. Oh well. I'm very disappointed to hear about all this, since the project was such a rollercoaster ride for us and we were all pretty proud of what had been accomplished there in an incredibly short time. Build a 500K user ISP in six months, start to finish-- that's pretty much what happened there. It was a *really* wild ride, and I was glad to have only a small, well-defined chunk of it in my ballpark! ******************** Learning Experience of the Day-- think about critical pieces of infrastructure in your own organization. For how many of them could you lay hands on a written document which details the requirements that are being filled by the system? I'm not even talking about documenting HOW the existing system functions, I'm thinking of "hand this piece of paper to outsiders, stand back, and hope they recreate the functionality". Would you have a checklist of must do and must not do items with which to verify that the Right Thing had been done? Good thoughts-- I should apply them to my much-neglected home network, currently in a bit of a shambles (but at least firewalled, and not running an open relay :-) ). Cheers, _SRC -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From sage-members-owner@usenix.org Fri Apr 6 12:02:56 2001 Received: (from majordomo@localhost) by usenix.org (8.11.0/8.11.0) id f36Iu4I11850 for sage-members-outgoing; Fri, 6 Apr 2001 11:56:04 -0700 (PDT) Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by usenix.org (8.11.0/8.11.0) with ESMTP id f36Iu2G11846 for ; Fri, 6 Apr 2001 11:56:02 -0700 (PDT) Received: from [194.78.241.123] ([194.78.241.123]) by picard.skynet.be (8.11.2/8.11.2/Skynet-OUT-2.11) with ESMTP id f36Itd214622; Fri, 6 Apr 2001 20:55:40 +0200 (MET DST) (envelope-from ) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <3ACD12A1.B91CE2CF@virtual.net> References: <3ACD12A1.B91CE2CF@virtual.net> Date: Fri, 6 Apr 2001 20:43:07 +0200 To: sage-members@usenix.org From: Brad Knowles Subject: Re: smtp-mx.mac.com an open relay... Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-sage-members@usenix.org Precedence: bulk At 5:49 PM -0700 4/5/01, Strata Rose Chalup wrote: > It might have been appropriate to contact the site first, rather than > posting the vulnerability to a public forum, but perhaps that was already > done and the listed site contacts failed to respond. Actually, I had not contacted the administrators of mac.com. I fear that I don't know of anyone who works at Apple (or who I have reason to believe still works at Apple), and seeing how badly things were screwed up, I felt that it probably wouldn't have made any difference. If I knew of particular people to contact, that would be one thing. But big faceless organizations tend to ignore contacts from single individuals, especially when those single individuals are pointing out something that appears to be broken within the big faceless organization. If I honestly thought that I could have used the serial number of my PowerBook G3/Pismo to call up the Apple Help line and get through to someone who could actually help pass the message on to someone who could fix the problem, I would have done it. > Oh well. I'm > very disappointed to hear about all this, since the project was such > a rollercoaster ride for us and we were all pretty proud of what had > been accomplished there in an incredibly short time. Build a 500K > user ISP in six months, start to finish-- that's pretty much what > happened there. It was a *really* wild ride, and I was glad to > have only a small, well-defined chunk of it in my ballpark! I just got back from a job interview with a company that has recently started down that very same road, and while they've got some talented people, what they don't have is people who have real "combat experience" with that kind of hyper-scaling environment. That's one of the reasons why I'm talking to them about employment possibilities. If