Heath, Bruce,

Thank you both for your attention. Authoxy is a start for getting an all PC shop used to the idea of the Macintosh as a viable platform. With your assistance we were able to get Software Update working (What a difference actually getting in front of the computer makes!) but it took about five minutes. We aren't using a pac file or automatic configuration. The performance remained the same after turning logging off.

Instead of using an IP address for the proxy server address we are using a fqdn that's setup in DNS as a round robin to two different IP addresses. Using the IP address of one of the servers didn't affect performance. Any suggestion on where to start looking?

Congratulations on your decision to go open source. Everyone can benefit from your hard work. As soon as we get through some of the performance issues we will register Authoxy. Thanks for the hard work and help.


On May 23, 2004, at 8:59 AM, Heath Raftery wrote:


Very handy information you've provided there. This very late reply is just to clear a couple of tidbits up...

On 17/05/2004, at 9:37 PM, bruce wrote:
So from our point of view Software Update seems to work through port 80. As Software Update failed with a direct proxy connection (ie not using Authoxy)
I must assume that tcp port 80 is used. This is not definitive but may be a reasonable assumption.

Very reasonable. I've done a bit of packet sniffing with Software Update and certainly agree with that assumption. In fact, the checking routine is a fairly plain HTTP connection to <http://swscan.apple.com/scanningpoints/scanningpointX.xml>. There could be other connections that I haven't noticed.

The only issues we have Authoxy is that if the Network settings are changed
to say a direct ethernet connection that doesn't require proxies etc,
then if one attempts to get the Authoxy Messages, the whole of System-Prefs
freezes and must be ForceQuit (OS 10.3.3). Eeverything else continues normally.

Damn, that sounds like a bug. Nice clear report though!

The second issue is that Virex doesn't seem to want to communicate through
standard http connection so it would be nice to catch that rogue http
connection and force it though a normal http/80/proxy.

Yeah, that's an on-going problem - Authoxy is powerless to help applications that wont help themselves. Not sure what to offer there - there are some funky possibilities with kernel extensions, in-transit network stream editors and even firewall setups, but I know of no successful solution.

Thirdly, as a Unix developer, it would be nice to be able to control the
min/max number of daemons running (cf Apache) but this is only to experiment
with load handling. Remember the browsers can set 8 or more concurrent connections (although our proxies would probably complain if eveyone did that
at the same time)

Interesting idea. There's nothing in the code currently which allows that - requests are forked off to be handled as quickly as possible, but it shouldn't be a difficult addition.

Forth, an indicator in the Menubar showing that a valid proxy-to-proxy
authenticated link has been established and that user x has satisfactorily
connected would be very friendly!!!

Another interesting idea. A problem with that I see is that connections are made and broken very rapidly, particularly with non-NTLM connections where every request for an object requires re-authentication. It is a little more feasible with persistent connections (HTTP/1.1 or HTTP/1.0 and Keep-Alive) but still a bit hard to imagine. NTLM requires persistent connections, and the idea of a user being connected makes a bit more sense. These connections are still broken very often though, and I'm not sure how a menuling might reflect that.

Apart from that I can only say that this software is brilliant and the author
must keep it coming. I would love to see ther source as well because I suspect
that it would teach us all quite a lot.

Thank you very much! Now something for you... perhaps you (and others on this list) missed out on the announcement that was originally made on the Announce list back in the evening of the 1st of May: Authoxy is Open Source!

The website has been updated, and I actually used the Apple Developer Roadshow (we were in Melbourne on the 10th May) to make the announcement a little more public, but I did neglect to repeat the news on the Discuss list. I couldn't perfectely determine whether you were aware of the news from your email Bruce, but you seem to have picked my exact motives for opening up the source, and I'm excited that you "would love to see the source", particularly "as a Unix developer"!

Regards from Melbourne,
Bruce Stephens.

PS We haven't registered Authoxy yet but will register soon but I have to convince the school/students to pay and at this stage we only need 4 licences and I'm not sure how site licences will work.

That's fine, schools can be tricky like that ;) Educational licenses are only $5 each, so the school would probably be better off buying a few of those.

|   Heath Raftery    <[EMAIL PROTECTED]>          |
|   HRSoftWorks      <http://www.hrsoftworks.net>     |
|                                                     |
|   *Quotation is a serviceable substitute for wit*   |
|                                     _\|/_           |
|____________________________________m(. .)m__________|

Reply via email to