Re: [Discuss] Local ISP Recommendations?
David Kramerwrites: > I'm getting now. In researching it though, about half the articles > say it should be fine, and half the articles point out how it's super > dangerous and you can end up having your mail sent to someone else's > server if your IP address gets assigned to them. > > I would love to get your opinions (or even better, facts) on how > dangerous it would be to run a web and mail server on a dynamic IP. I > think Matt was asking about that too. Way, way back when I was on comcast residential service (Oct 13, 2001 to be precise), I had a mail server hanging off my dynamic address. Delightfully, comcast managed to blow away their DHCP database one night. It made the globe, being a wide area outage, which was "mistakenly" reported as an act of god kind of thing. Anyway: A) The guy who got my previous address had an SMTP server that, as near as I could tell, would blackhole incoming mail. B) The guy who had held what was now my legitimate dhcp address was paying no attention to dhcp, so that I had to outrace his arp replies (knocking him off the net) to get my machine online with what was now *my* address to change my dns records and successfully sink mail rather than lose it. Great fun! Your luck will probably be better than that, but there you go. I spent 3/4 of a decade on speakeasy after that, but they went noticeably down hill after being acquired a time or three. I am now on comcast business service (the only viable option) and, despite the experience above, have noting but good to say about it (knock on copper). Outages are few, static address is cheap enough, and the few times I've dealt with tech support, it's been tolerable, and in new hampshire. I'm a quarter mile from one of media one's original head ends, so that may count for a lot. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] xargs guide
Bill Ricker bill.n1...@gmail.com writes: | xargs has advantages over -exec. + Can take multiple files per exec if supported, e.g. 'rm', massively reducing the exec() overhead. + can work with sources of filenames other than find You misunderstand. You are thinking of find -exec {} ; which is an exec per found object. find $find_args -print0 | xargs -0 $command is approximately find $find_args -exec $command {} + with some other small optimizations you can get by having this canonical idiom open coded into find. It saves brain cells, it doesn't obsolete xargs. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] xargs guide
John Abreau abre...@gmail.com writes: When I use find(1) and xargs(1), by default I always use something like find . -xdev .. -print0 | xargs -0 Newer find programs directly support this idiom with find . -exec foo {} + ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
ma...@mohawksoft.com writes: Again, like I said, these do not address the problems. Specifically, the post about sparse volumes says nothing about how to keep a ZFS pool from growing out of control on a sparse presented to it from a SAN. It merely says give ZFS whole disks, which is stupid. What you are looking for is ATA TRIM support. It is an ANSI T.13 standard, which should tell you that your ire with ZFS is misplaced. *If*, and only *if* your disk abstraction supports ATA TRIM, it is possible for filesystems to communicate with the disk abstraction about blocks they have previously allocated, but are now free. ZFS has the problem, ext* has the problem, and in fact, anything that allocates blocks on a disk abstraction has the problem. As you yourself implied, for many decades, leaving garbage blocks didn't matter and so there was no way to communicate this to the disk. Your operating system may or may not support all the needed parts, because all of this is still bloody. Needing to free blocks from the spinning rust emulation is new. The OS, ZFS, and disks I'm running can all do TRIM, but I can't speak for yours. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Using sftp without a shell account
First off: check that the sshd on the mac isn't crashing. OS-X will hide this because they (re)start sshd out of launchd. My sftp -vv trace against a mac keeps going after yours stops. More generally, ssh traces are most useful from the server side. See what you get for /usr/sbin/sshd -dd -p 8022 and be sure to direct the client to that alternate port. Bill Horne b...@horne.net writes: I don't see an nsswitch.conf file on the machine. os-x isn't nss based. Apple does their own thing here, and it's been different from release to release. See if dscl is still there; it is/was the direct introspection tool for all things going through their nss-alike. Also, double check that the unix basics really do what you expect with: perl -MData::Dumper -e 'print Dumper([getpwnam(billhorne)])' for both local and ldap sourced users. You should get something that looks like the fields of a V7 passwd file. It's a Mac Mini, with a generic OS X Yosemite installation, and OS X Server 4.1 installed. There are a couple of local users, which are just administrative accounts. Everyone else is a network user, entered in Open DIrectory but not in the local machine. I'm hoping that Open Directory is close enough to OpenLDAP that I can transfer knowledge. Last time I touched os-x server, the LDAP server was openldap. Beware that the way you are trying to solve this problem isn't a way unix historically does well. The standard library calls (man getpwent) for users have no notion of where the user came from, because as far as that call is concerned, it's /etc/passwd, even when it isn't. PAM can be argued into doing what you want. You are likely to bleed. At least, that's what happens for me with every thought like I could get pam to It's unlikely that apple supplies a PAM module that does what you want. If you're lucky, somebody wrote one. For linux. You get to port it. Bet you a nickel you run into a show stopping bug in a part of os-x you can't fix. (For those who like to say os-x is just freebsd, it's just freebsd in the same that the gnu hurd is just bsd net 2). You might consider the keep it simple stupid approach of using ssh's AllowUser/AllowGroup settings. OS-X does not reward veering from the path, server more so. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Rejecting vs. bouncing with postfix
Richard Pieri richard.pi...@gmail.com writes: Rich Braun wrote: relayhost = (redacted) This is your problem. relayhost is where Postfix forwards (relays) mail when the specified recipient isn't local (read: does not exist in any of your local maps). Good catch. relay_recipient_maps. REQUIRED for any postfix configuration with relays set, or you are part of the problem. The map(s) must *fully enumerate* which addresses to accept. There is, unfortunately, no magic here, as everbody's mail system is wildly different (e.g. the one for my mind-numbingly simple setup is 2500 lines long, but blessedly computer generated from my alias file, password file, and mydomains list on the primary). ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Geoff Huston's talk at NANOG53
Tom Metro tmetro+...@gmail.com writes: 1. I believe it was at the February BLU talk where I heard that http://www.blu.org/meetings/2013/02/201005-hagerty.pdf That actually looks to be the bblisa version of the talk from 2010. See http://www.linnaean.org/~hag/blug-ipv6-20130220.pdf, page 10, or just skip that and go to the source matter at http://www.nanog.org/meetings/nanog37/presentations/alain-durand.pdf. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Comcast's IPv6 deployment
Tom Metro tmetro+...@gmail.com writes: Ah, perfect, those sides from Comcast's IPv6 Architect explains how the move to IPv6 was driven by their internal needs... I'll bet you'll find a lot of the glossed over bits in the slides expanded on in the audio recording: http://www.nanog.org/meeting-archives/nanog37/presentations/100million.ram In general, nanog talks have been really good ever the years for capturing details like this. I haven't listened to this one. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Home Routers
Typical wireless APs are built with a 6 port, vlan capable ethernet switch. One is the internet port, four are the internal LAN ports, and one connects the system on a chip, with two vlans to allow the SoC to access both the LAN and internet networks. The only traffic that's handled entirely by the switch in the typical setup is traffic between the internal network ports. Everything else traverses the much slower SoC. Perhaps bridged, perhaps routed, but whatever it is, is done in software. It's worth keeping in mind if you're pushing one of these boxes hard. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] IPv6 Hardware
Chris O'Connell omegah...@gmail.com writes: I attended the BLU presentation this week. Really interesting topic, great presentation! One area that wasn't covered heavily was hardware. I'm curious, what hardware (switches, routers, wireless) are people using for their IPv6 in their home and their offices, and why? Thank you! I personally don't have much that I file under hardware that does ipv6. I can think of my switch, my printer, the wired mp3 player box, and a hotspot as hardware things. My printer is old enough to drive. The wired mp3 player isn't much younger. The switch is recent, and its management is ipv4 only. It switches v6 traffic without any trouble. I'm not expecting to disable v4 around here any time soon, so I can live with this. The hotspot I bought during my local hurricane sandy outage, and ipv6 just wasn't a priority. It's too bad, since t-mobile is among the furthest along mobile providers. I don't remember if I mentioned it during the talk, but t-mobile's v6 offering has 100% coverage, and is impressive in that it's the largest v6 *only* deployment I know of, where you reach the v4 net via nat64/dns64. The more software-y things around here that do it without trouble include win-XP, a few macs, linux + freebsd boxes, old cisco boxes I use for lab gear, some apple ios stuff, and my wireless AP running third party firmware. The AP's stock firmware claimed v6 support, but I had no interest in running it. Work's juniper boxes claim not to have any trouble with it, but I'm not likely to test that. They'll have other work to be doing. Several of work's printers claim to support it. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] nfs hard links
Edward Ned Harvey (blu) b...@nedharvey.com writes: Can you hard link a NFS mounted file to another NFS mounted file on the same NFS system? In general, the way to answer questions about capability with an RPC protocol is to find the .x file used by the RPC protocol compiler, rpcgen. On my system, that's /usr/include/rpcsvc/nfs_prot.x . In it, you will find: program NFS_PROGRAM { version NFS_VERSION { [...] nfsstat NFSPROC_LINK(linkargs) = 12; nfsstat NFSPROC_SYMLINK(symlinkargs) = 13; where this is the NFSv2 spec (#define NFS_VERSION 2 in a nearby header). The rest of the spec hints further that these do what you think. If still in doubt, NFS is rfc defined. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] nfs hard links
Bill Bogstad bogs...@pobox.com writes: Which as of the 1995 version 3 RFC, clearly defines LINK and SYMLINK protocol commands. Unfortunately, it also documents that some servers might not support LINK or even SYMLINK and introduces a FSINFO command that a client can use to determine ahead of time if a server supports these or other features. So the real answer is it depends on your local implementation. See Yes, well, there's always room for that :) I still have un-fond memories of a certain platform whose implementation of nfsv3 mknod() was panic(). ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Wake-inLAN
Jerry Feldman g...@blu.org writes: (I changed the subject on this to specifically reply to Dan. My motherboard purportedly supports WOL but there is no indication in the BIOS. I was never was able to get it to work. I set up port 9 on my router to allow that to pass. It has been a couple of years since I played with it. The mother board is a Tyan Thunder n6650 Rev. 1.0 Well, wol *is* fiddly, since one of the computers involved isn't playing by the usual rules :) You have to send a magic packet such that the sleeping host actually receives it. Lack of arp/ndp entries, and switching, can both get in the way of the send and receive it bit, since the host isn't running to participate in the usual requisites. Sending to an ethernet broadcast address can cut a lot of this out, but precludes direct wide area operation. And since it *is* fiddly and somewhat unusual, there's plenty of latitude for you vendor to have blown it. Lack of indication in the bios certainly isn't a good sign. All I can tell you is that it works reliably for me, and that the preceding paragraph outlines the issues I saw along the way for what I'm doing with it. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Home NAS redux
Mark Woodward ma...@mohawksoft.com writes: (non-laptop) hardware? I know you can use hdparm for the disk spindown, but does Wake-On-Lan really work? Yes, it does; I have two machines I use it with on a regular basis. One is a mac, the other is a generic pc from 2005 or so. The mac in particular gets woken up on a regular basis by remote programs. It's not generally known, but the WoL standard wakeup packet embeds in UDP without any trouble. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Getting OS/HW details?
Noah Friedman friedman aaat splode dawt com maintains a shell script that is basically GNU autoconf's hosttype detection logic, standalone. It doesn't need root, but in some obscure situations may require a C compiler. It is certainly thermonuclear overkill for your situation, but will offer plenty of hints at technique if you really do feel the need to trim it down. ftp://ftp.splode.com/pub/users/friedman/inits/init-7.4.tar.gz contains a copy in init-7.4/bin/hosttype . ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] I'm looking for a lightweight nntp client
Lightweight would be a shell script that uses netcat for the post. #!/bin/sh msgid=`date +%y%m%d-%h%...@linnaean.org` perl -pe 's/\n/\r\n/' _EOF_ | nc localhost 119 takethis $msgid Path: you!me Newsgroups: linnaean.test Message-ID: $msgid Date: `date +%a, %d %b %Y %H:%M:%S %z` From: Daniel Hagerty h...@linnaean.org Subject: $1 `cat` . quit _EOF_ You use it like this: $ /tmp/post this is a subject /tmp/body 200 perdition.linnaean.org InterNetNews server INN 2.4.6 ready 239 20121028-112...@linnaean.org 205 . $ If all goes well, you should see a 2xx line for the server banner, a 2xx reply for the takethis, and another 2xx response for the quit. This script uses takethis for the post; I can't imagine any news server doesn't implement it by now. Older ihave is possible, but a few more lines and more room for wrong. All of the headers are required; adjust them as needed. The perl bit is to handle NNTP demanding MS-DOS style crlf line endings. It does absolutely no error checking, doesn't attempt to quote any body line containing a sole ., and hasn't had its rabies shots. Most of these things could be done, but would take it over the ten minute example. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Some Java questions
Jerry Feldman gaf.li...@gmail.com writes: We have an important client-related Java issue. We are trying to reproduce a client's problem, but they are using a very large host (96GB/8CPU) and we just were able to upgrade a VM to 4CPUs and 64GB for this project. I would like to know if there are any good run-time tuning parameters that my coworker can set to use more of the memory. (We are using Java SE Run java -X; it'll dump the help for the (non-standard and subject to change without notice) -X options. A couple of the memory related ones I've used before include: -Xmssizeset initial Java heap size -Xmxsizeset maximum Java heap size ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] T-Mobile pre-paid plans
Tom Metro tmetro+...@gmail.com writes: Doug wrote: Our carrier is T-Mobile, using their pay-as-you-go, no data plan. ... In a year's time, we pay T-Mobile $400 for all our minutes (4x1000). If you don't use many voice minutes you can actually get by for as little as $100 per *year* per phone with T-Mobile. (That's the minimum you pay to keep the account from expiring, and it gets you a pile (considering voice minutes are in declining need) of minutes.) Less. I forget the precise details, but it's something like: once you've given them $100, any subsequent minutes purchased will both add to the pile, and refresh the expiration timer on any current minutes you have, for one year. I've given them around $130 for nearly two years of talking. $20 for a quarter's worth of assessment, $100 to extend it all out a year, and $10 several months ago to refresh the expiration timer. Have about $40 of time left, which I expect will be gone before the year is up in December or so. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] bash output buffering
John Abreau abre...@gmail.com writes: On Wed, Jun 13, 2012 at 7:06 AM, Edward Ned Harvey b...@nedharvey.com wrote: A command inside of bash generates output every second (ping) redirected to a file. If you run the command on an interactive shell, then you can tail -f the file, and see the output live as it happens. But if you run the command inside an at script, or a cron script, you tail -f the file... And nothing appears for a few minutes, and then it all appears suddenly. This is bash buffering the output of ping, before redirecting to file. All of which is a level above the OS filesystem buffering. What you're describing is the difference between OS tty buffering vs OS filesystem buffering. This has nothing at all to do with bash; both occur below bash at the OS level. The difference is that OS filesystem buffering is block-oriented, and OS tty buffering is character-oriented. Just to add something to google for, Ed is probably dealing with stdio buffering. setvbuf(3). Technically libc, rather than the OS. I don't know if bash exposes anyway to fiddle with it, a brief google mentioned an LD_PRELOAD hack. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Any Postfix + ipv6 people out there?
Derek Atkins de...@ihtfp.com writes: In either case it is most likely a postfix configuration issue, but I'm at a loss for how to fix it. I added [fe80::]/10 to mynetworks, but I haven't been able to figure out how to get it to output more debugging to tell me exactly which rules are affecting the mail. fe80:: addresses are lacking meaning without a scope indicator. Try [fe80::%eth0]/10 for mynetworks, rather than what you did. That it even let you say that is probably a bug. Scoped addressing is a corner case, with all of the bugs that come with it. Are you sure you wouldn't rather be using a relatively debugged scopeless address? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Any Postfix + ipv6 people out there?
Derek Atkins de...@ihtfp.com writes: Yes, I'm sure. I need this to work for a while during a transition phase. Right now my ipv6 address space is over a tunnel that I do not want to use for general traffic, which is why I don't want to just turn on v6 for everything. I'd be happy to somehow turn off link local addresses, but I don't know how to do that, frankly. But honestly it should be straightforward to debug postfix to figure out why it's blocking my local hosts when they come in via v6 link-local but not when they come in via v6-public or via v4. ULA (rfc4193, fd00::/8 addresses that you generate randomly, don't need scope)? You can't turn link local off, it's similar to I want to run tcp without this pesky IP thing. Unlike link-local, ULA isn't magic no-routing, avoid selecting this address sauce. Much like rfc1918 in these regards. ACL processing is a specific area that's prone to breakage when something has a slight flub in link-local handling. The fact that it let you specify nonsense without complaining doesn't make me feel warm and fuzzy about it's handling of link local being 100% sane. Can't help you with the detailed postfix debugging, it hasn't given me a lot of reason to get that angry with in longer than memory for that level of detail. The source is somewhat approachable as I remember, if only to find out how to crank the debugging up. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] More Fun in ZFSland
Richard Pieri richard.pi...@gmail.com writes: I chose encrypted block devices. Once I made the decision to encrypt at all it was a simple jump to encrypt everything. It was a little more work for the initial setup than creating encrypted containers but it will be less work down the line to maintain it. Are you familiar with zvol? Your maintence concern makes it sound like you may not be. I certainly can't think of anything I've done with mine past creation that resembles maintain. zfs create -V 10G pool/myzvol produces a 10 gigabyte block device in /dev/zvol/pool/myzvol (give or take how your OS handles the details), that gets it blocks from your zpool. The major price is that your encrypted volume will have travel through the zpool layer twice. But you won't pay for encryption on your music library. Which way you want to pay is your call, obviously. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] BTRFS
Edward Ned Harvey b...@nedharvey.com writes: Anybody using btrfs in production? I know it says all over it, not ready for production and so forth. But it's like dangling a big piece of candy in front of a child with a sticker that says Do not eat. ;-) I've had a somewhat bad experience, I'd like to share, and see if others reason, performance would grind to a halt, and some processes were unkillable, and stuff like that. I suspected btrfs, but didn't have any Unkillable processes almost always involve a kernel bug. The major exception I'm aware of is nfs hard mounts, and even that problem is sometimes viewed as a design error in the typical unix vfs layer. When you see a process that won't die, it's usually in ps's state D: an uninteruptible short term wait (think microseconds) that obviously isn't short term. Ask ps for the wchan of these processes. You might need to ask for it wider, since the symbol is frequently long and truncating. This symbol will point at the subsystem participating in your bug; it may not be the responsible one, but involved. Maybe the thing going to sleep in the first place, maybe the thing that it was supposed to wake it up, maybe the sleeper's caller. Hopefully you get the idea; it narrows down the field quite a bit. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] The RSA Keying links
Edward Ned Harvey b...@nedharvey.com writes: Clearly, sometime after installing your OS, after the OS has gained entropy, you should generate new server ssh keys. (And re-generate any SSL/TLS keys that you may have previously created using openssl without sufficient entropy.) The question is, how do you know when your server has gained some entropy? /dev/random blocks on lack of entropy. /dev/urandom does the best it can with whatever's available, which is to say it will make up plausibly random looking data that may not be random. For state introspection, your OS will vary: * Linux has /proc/sys/kernel/random. * FreeBSD has a sysctl tree kern.random. * NetBSD has an rndctl utility that will mention the state of the pool. Read the man page for random on your respective OS for details. Note that the BSD's won't give you the right manual page without -a or an explicit mention of section 4, for device driver manual pages. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] sed and ANSI sequences
David Kramer da...@thekramers.net writes: You see, the color variables are actually not inside the quotes. That part works fine. The problem I'm having is the ANSI color escape codes are being printed instead of interpreted. Your problem is that you aren't asking sed to print an escape, you're asking for either 'e' or '\e', depending on which particular example. This works, for example: esc=`printf '\033'` random_escape=${esc}bar sed -e 's/foo/'$random_escape'/' $ echo foobaz | sh /tmp/esctest.sh |cat -v ^[barbaz The important part is you need to generate an actual escape somehow. Further, this assumes that sed will pass that escape through unmolsted, which works for me, but may not do so for you. Here, I used printf, but you might be able to use echo, depending on your implementation. tr might work. If there's a way in sed to directly specify arbitrary escapes, I don't know what it is. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Lost email?
Jack Coats j...@coats.org writes: But in the future you might configure a 'secondary email server'. [how to setup a secondary mail server. ] With a really important addition for modern mail servers: You must, must, must ensure that any mail the secondaries accepts will deliver, without bounce, on the primary. If b...@example.com is non-deliverable on the primary, secondaries must reject this recipient at SMTP layer. If this is not true, you will generate backscatter spam, possibly ending up on blacklists, etc, etc. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: tcl/tk question
Jerry Feldman g...@blu.org writes: tcl/tk script. All well and good. The one question I have is how can I detect in a script that an X server is running. Most people use putty from their Windows laptops, and I want the script to run in text mode if they have not run ssh -X (or if Exceed is not running). One method would be to check the $DISPLAY. But if they use Putty, the -X option would be set. If I run wish(1) it returns 0, but does print out a line of text, Application initialization failed: that I could check and switch to text mode. I'm looking for a better way of testing. As far as the usual X architecture is concerned, you don't. You set DISPLAY to indicate X support. If you don't have X support, you communicate this to apps by not setting DISPLAY. If your users insist on doing the wrong thing, your approach will probably work. Other routes include using a cheap X query tool, like xdpyinfo, xrdb, xlsclients, etc. If I had problems with users miscommunicating X support to apps like this, I'd try to handle it in the login environment, rather than in a particular app. Your app probably isn't alone in doing the wrong thing with a bogus DISPLAY. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: IPv6 and Firewall traversal
Edward Ned Harvey b...@nedharvey.com writes: Second of all, the question I asked has no relation to NAT. Does anyone want to re-read the OP and reply about the firewall rules and allowing of inbound traffic on IPv6? I am aware of no such protocol effort in v6. http://tools.ietf.org/html/draft-ietf-v6ops-ipv6-cpe-router-09 http://tools.ietf.org/html/draft-ietf-v6ops-cpe-simple-security-16 Per the latter: To avoid the need for IPv6 applications to use techniques like STUN for opening and maintaining dynamic filter state, something similar to NAT-PMP and UPnP-IGD but without actually supporting NAT could be deployed. Alas, no consensus has yet emerged in the Internet engineering community as to what is most appropriate for residential IPv6 usage scenarios. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: IPv6 and Firewall traversal
Daniel Hagerty h...@linnaean.org writes: I am aware of no such protocol effort in v6. In the ietf, anyway. http://upnp.org/specs/gw/igd2/ has bits specifically directed towards ipv6. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: oracle xe question
Jerry Feldman g...@blu.org writes: We use oracle XE for some of our products. Normally, when XE is installed everything is installed in /usr/lib/oracle/xe. I want to be able to move the physical database (/usr/lib/oracle/xe/oradata/) to another HD. Certainly one way to do this is to simply move the entire directory and symlink oradata to the new location or simply move the entire xe tree. It's been a long time, but if the combination of memory and a quick glance at something modern is something to go by: There is a config file in ${ORACLE_HOME}/dbs/init${ORACLE_SID}.ora . It will have some paths in it, most critically the control_files. The control files, in turn, contain all the other pathnames that oracle knows about. You don't change paths in the (binary) control file yourself, you let oracle do it with appropriate alter ... statements, like alter tablespace foo rename datafile '/path/to/original' to '/new/path' I wouldn't be surprised if somebody has written a utility for it. I wouldn't be suprised if you'd rather do it the unix way, as oracle's way seems much more work without some coding support. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss