Re: time stamp of LV creation?
I don't about the straight forward answer to your question, but you may found the data in the LVM logs (if not too many operation were done). Amos Shapira wrote: Hello, Is there any way to find out when was an LVM2 volume last: 1. Created 2. Accessed 3. Modified? I'm looking for something similar to inode's ctime/mtime/atime. Otherwise - is there a way to attach some arbitrary attribute onto the volume's meta-data, so an automatic script can record things it does to the volume? I'm asking this because I regularly rebuild Xen DomU's inside Logical Volumes (on CentOS 5) and would like to have a feel of the age of volumes I find lying around (there is a limit to how far a naming convention can take you). I can probably record in files inside the volumes but then it's a bit complicated to access these files from the Dom0 (need to kpartx the volume, mount it etc). Thanks, --Amos = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Lior Kaplan [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: time stamp of LV creation?
2008/7/17 Lior Kaplan [EMAIL PROTECTED]: I don't about the straight forward answer to your question, but you may found the data in the LVM logs (if not too many operation were done). Thanks but that wouldn't take me any further than where I am now. You see - in order to record the data from the LVM logs I'll have to copy it somewhere. I already have this information since it's the time when the script which created the LVM runs. What I hope is to find a way to record the data together with the LVM itself (or better - just get it from the LVM's automatically maintained meta data) instead of having to keep a separate database of LVM creation times. Cheers, --Amos = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Dropbear SSH
Hi everybody, Does anyone have experience with DropBear SSH server/client (http://matt.ucc.asn.au/dropbear/dropbear.html)? The context is an embedded product with AMCC PPC460, Linux (say, 2.6.25 or later), and busybox (1.10 or later) as the base, being defined/designed now. The target audience is top tier customers, such as governments, Fortune-whatever companies, major financial institutions, etc. SSH access is essential (need ssh client, sshd, ssh-keygen, scp, whatever dependencies there are). Busybox does not provide SSH functionality by itself, and recommends Dropbear (http://busybox.net/tinyutils.html). I would like to be quite sure that DropBear has the functionality and the security that the target market requires. So far, what I see in the docs is as follows: * Judging by Changelog, Dropbear is in version 0.51, and the development is not very active. This may be because it is very stable and very secure, or may be because there are not many development resources. * Uses LibTomCrypt rather than SSL - can anyone comment on security/functionality? I see my choces as DropBear vs. OpenSSH, compiled and linked for busybox. I am not particularly concerned about CPU or RAM, but I have a rather serious shortage of (flash) storage in the system. In our estimate, OpenSSH will take at least 10 times more storage than DropBear (between 1.2 and 1.5M rather than 110K Dropbear claims). What I am interested to know is whether DropBear is a good substitute for OpenSSH in terms of: * functionality * full compatibility * security * stability * etc. Any comments/experiences? Thanks a lot in advance, -- Oleg Goldshmidt | [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Dropbear SSH
My customer is using dropbear. It is easy to compile and use. We did connected to it from SSH client and also tried reverse SSH. It seem to be very stable. As for security I don't have enough experience to comment. -- Ori Idan On Thu, Jul 17, 2008 at 1:42 PM, Oleg Goldshmidt [EMAIL PROTECTED] wrote: Hi everybody, Does anyone have experience with DropBear SSH server/client (http://matt.ucc.asn.au/dropbear/dropbear.html)? The context is an embedded product with AMCC PPC460, Linux (say, 2.6.25 or later), and busybox (1.10 or later) as the base, being defined/designed now. The target audience is top tier customers, such as governments, Fortune-whatever companies, major financial institutions, etc. SSH access is essential (need ssh client, sshd, ssh-keygen, scp, whatever dependencies there are). Busybox does not provide SSH functionality by itself, and recommends Dropbear (http://busybox.net/tinyutils.html). I would like to be quite sure that DropBear has the functionality and the security that the target market requires. So far, what I see in the docs is as follows: * Judging by Changelog, Dropbear is in version 0.51, and the development is not very active. This may be because it is very stable and very secure, or may be because there are not many development resources. * Uses LibTomCrypt rather than SSL - can anyone comment on security/functionality? I see my choces as DropBear vs. OpenSSH, compiled and linked for busybox. I am not particularly concerned about CPU or RAM, but I have a rather serious shortage of (flash) storage in the system. In our estimate, OpenSSH will take at least 10 times more storage than DropBear (between 1.2 and 1.5M rather than 110K Dropbear claims). What I am interested to know is whether DropBear is a good substitute for OpenSSH in terms of: * functionality * full compatibility * security * stability * etc. Any comments/experiences? Thanks a lot in advance, -- Oleg Goldshmidt | [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- ספרים וסיפורים שכתבתי: http://www.thestories.org
Re: Dropbear SSH
Hi, Some 2 cents == I am not affiliated with Mocana nor do I gain anything from writing this == Not sure if it helps, but another alternative is Mocana, I seen quite a few people/companies use it (Israeli), RAD is one of the names to comes to mind. Mocana is a complete package - i.e. gives you everything you need, SSL, SSH, etc, but the down side is it costs money. --- Regarding DropBear, a few vulnerabilities have been discovered in dropbear over the years: Dropbear SSH Server DoS http://www.securiteam.com/securitynews/5YP012AI0A.html Dropbear SSH Server Format String Vulnerability http://www.securiteam.com/unixfocus/5VP0E2AAUS.html Dropbear SSH Server svr_ses.childpidsize Buffer Overflow http://www.securiteam.com/unixfocus/6A00M0AEUQ.html But nothing since 2006 :) So I guess its ok, for the time being. I am not trying to say it is less/or more secure, but not having any public vulnerabilities in a product makes me jitter with fear :D, what is unknown scares me :) On Thursday 17 July 2008 13:42:25 Oleg Goldshmidt wrote: Hi everybody, Does anyone have experience with DropBear SSH server/client (http://matt.ucc.asn.au/dropbear/dropbear.html)? The context is an embedded product with AMCC PPC460, Linux (say, 2.6.25 or later), and busybox (1.10 or later) as the base, being defined/designed now. The target audience is top tier customers, such as governments, Fortune-whatever companies, major financial institutions, etc. SSH access is essential (need ssh client, sshd, ssh-keygen, scp, whatever dependencies there are). Busybox does not provide SSH functionality by itself, and recommends Dropbear (http://busybox.net/tinyutils.html). I would like to be quite sure that DropBear has the functionality and the security that the target market requires. So far, what I see in the docs is as follows: * Judging by Changelog, Dropbear is in version 0.51, and the development is not very active. This may be because it is very stable and very secure, or may be because there are not many development resources. * Uses LibTomCrypt rather than SSL - can anyone comment on security/functionality? I see my choces as DropBear vs. OpenSSH, compiled and linked for busybox. I am not particularly concerned about CPU or RAM, but I have a rather serious shortage of (flash) storage in the system. In our estimate, OpenSSH will take at least 10 times more storage than DropBear (between 1.2 and 1.5M rather than 110K Dropbear claims). What I am interested to know is whether DropBear is a good substitute for OpenSSH in terms of: * functionality * full compatibility * security * stability * etc. Any comments/experiences? Thanks a lot in advance, -- Noam Rathaus CTO [EMAIL PROTECTED] http://www.beyondsecurity.com Know that you are safe. Beyond Security Finalist for the Red Herring 100 Global Awards 2007 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Dropbear SSH
Hi Oleg, No experience with Dropbear, but I've used LibTomCrypt in a couple of projects, and it rocks. You can configure it to the level of paranoia you're comfortable with, e.g., scrubbing memory that contains keying material, etc. - the typical security/performance and time/space tradeoffs. Of course, having a solid crypto library is a necessary but *not* sufficient condition for a secure application, as it's trivial to misuse crypto in a way that leaves you totally insecure. HTH, Rony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oleg Goldshmidt Sent: Thursday, July 17, 2008 1:42 PM To: Linux-IL Subject: Dropbear SSH Hi everybody, Does anyone have experience with DropBear SSH server/client (http://matt.ucc.asn.au/dropbear/dropbear.html)? The context is an embedded product with AMCC PPC460, Linux (say, 2.6.25 or later), and busybox (1.10 or later) as the base, being defined/designed now. The target audience is top tier customers, such as governments, Fortune-whatever companies, major financial institutions, etc. SSH access is essential (need ssh client, sshd, ssh-keygen, scp, whatever dependencies there are). Busybox does not provide SSH functionality by itself, and recommends Dropbear (http://busybox.net/tinyutils.html). I would like to be quite sure that DropBear has the functionality and the security that the target market requires. So far, what I see in the docs is as follows: * Judging by Changelog, Dropbear is in version 0.51, and the development is not very active. This may be because it is very stable and very secure, or may be because there are not many development resources. * Uses LibTomCrypt rather than SSL - can anyone comment on security/functionality? I see my choces as DropBear vs. OpenSSH, compiled and linked for busybox. I am not particularly concerned about CPU or RAM, but I have a rather serious shortage of (flash) storage in the system. In our estimate, OpenSSH will take at least 10 times more storage than DropBear (between 1.2 and 1.5M rather than 110K Dropbear claims). What I am interested to know is whether DropBear is a good substitute for OpenSSH in terms of: * functionality * full compatibility * security * stability * etc. Any comments/experiences? Thanks a lot in advance, -- Oleg Goldshmidt | [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Dropbear SSH
On Thu, Jul 17, 2008 at 3:29 PM, Noam Rathaus [EMAIL PROTECTED] wrote: Hi, Some 2 cents == I am not affiliated with Mocana nor do I gain anything from writing this == Not sure if it helps, but another alternative is Mocana, I seen quite a few people/companies use it (Israeli), RAD is one of the names to comes to mind. Mocana is a complete package - i.e. gives you everything you need, SSL, SSH, etc, but the down side is it costs money. Hi Noam, And lean on storage, too. I am not sure it helps, for logistical reasons, but thanks for the pointer. But nothing since 2006 :) So I guess its ok, for the time being. I am not trying to say it is less/or more secure, but not having any public vulnerabilities in a product makes me jitter with fear :D, what is unknown scares me :) Is it really secure or just not used enough? ;-) Has DropBear (or LibTomCrypt) ever been audited? I'd think that you would be one of those in the know... ;-) -- Oleg Goldshmidt | [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Dropbear SSH
Hi, On Thursday 17 July 2008 19:42:54 Oleg Goldshmidt wrote: On Thu, Jul 17, 2008 at 3:29 PM, Noam Rathaus [EMAIL PROTECTED] wrote: Hi, Some 2 cents == I am not affiliated with Mocana nor do I gain anything from writing this == Not sure if it helps, but another alternative is Mocana, I seen quite a few people/companies use it (Israeli), RAD is one of the names to comes to mind. Mocana is a complete package - i.e. gives you everything you need, SSL, SSH, etc, but the down side is it costs money. Hi Noam, And lean on storage, too. I am not sure it helps, for logistical reasons, but thanks for the pointer. But nothing since 2006 :) So I guess its ok, for the time being. I am not trying to say it is less/or more secure, but not having any public vulnerabilities in a product makes me jitter with fear :D, what is unknown scares me :) Is it really secure or just not used enough? ;-) Has DropBear (or LibTomCrypt) ever been audited? I'd think that you would be one of those in the know... ;-) I know OpenSSH has been extensively audited - and in turn found to be vulnerable - where as DropBear and libTomCrypt are less common, and in such less audited - however their code base is a lot smaller, making it harder for issues to hide in it. What I usually tell my customers, don't rely on obscurity to protect you, rely on response time - if an issue (security) arises address it as soon as possible with a patch, a firmware upgrade, etc, don't expect software developers to be flawless :) -- Noam Rathaus CTO [EMAIL PROTECTED] http://www.beyondsecurity.com Know that you are safe. Beyond Security Finalist for the Red Herring 100 Global Awards 2007 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Version 0.102 of Culmus fonts released
Hello all, I'm glad to announce the availability of the new release of Culmus fonts. This release updates just one font family - David. Despite a minor version number increase, this update introduces a major change. The new David font is published in the TrueType format with OpenType features. With appropriate software it would be able to display Hebrew diacritics in a proper manner. Visually, all weights were lightened and made more spacious. Note that this introduces some incompatibility with older versions. With transition to the new release the same text in David will take more space on a page, even though the line spacing remains the same. I'm sorry to mess up your carefully laid out documents, but I sincerely believe that the new incarnation looks better and is more legible than the old one. On the contents level, the font family has been expanded with several new features: New bold-Italic weight Extended punctuation symbols (ellipsis, dashes, etc.) Currency symbols (pound, euro) As usual, the fonts can be downloaded from the site of the Culmus project: http://culmus.sourceforge.net. Please give them a try and let me know your comments or suggestions. The rpm file was tested on a rather ancient SuSE 10.1 system, but I hope it works with newer ones too. Since this release introduces a new TrueType file format, I kindly ask package maintainers to refrain from propagating it into automatic update systems for two or three days. This should allow bugs to surface, if there are any, and give me time to fix them before the fonts are distributed to the larger community. A note to package maintainers: this release comes with a source package (culmus-src-0.102.tar.gz). This package contains the FontForge sources of David font, and I would be truly grateful if they are distributed in the same manner as all other source packages. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
