Re: Speeding up scp over 10GigE, suggestions?
Thanks Christian Specifying the MAC you suggested makes a big jump in performance. SSH Options: [-o Ciphers=arcfour128 -o MACs=umac...@openssh.com] 98.65026953028924143858 MB/s 94.75118186708754888342 MB/s 93.67964795503113387533 MB/s 77.35326700132979443792 MB/s SSH Options: [-o Ciphers=arcfour128] 63.50306913748638001067 MB/s 63.09124016939771183475 MB/s 61.51859822693993063534 MB/s 52.67600175573777350882 MB/s On Thu, Jul 19, 2012 at 11:51:50AM +, Christian Weisgerber wrote: David Diggles da...@elven.com.au wrote: I am looking for ways to speed up scp over 10GigE. With parallel transfer of 4x 8GB files, I get the following test results with various ciphers. These tests maxed out 4 cores with encryption overhead. Assuming that crypto actually is your bottleneck, here are a few hints: First, use a faster MAC: -m umac...@openssh.com SSH Options: [-o Cipher=arcfour] SSH Options: [-o Cipher=blowfish] These only apply to the SSH1 protocol and are ignored otherwise. SSH Options: [-o Ciphers=arcfour] SSH Options: [-o Ciphers=blowfish-cbc] SSH Options: [-o Ciphers=aes256-ctr] SSH Options: [-o Ciphers=3des-cbc] There are really three interesting ciphers: aes128-ctr, aes128-cbc, and arcfour128. aes128-ctr is the default and already plenty fast. aes128-cbc used to be the default until a security problem with the way CBC mode is used in the SSH2 protocol was discovered. In principle it isn't any faster than aes128-ctr, but in practice it may be since it uses OpenSSL's optimized EVP_aes_128_cbc() function while aes128-ctr relies on calls to the low-level AES_encrypt() primitive. arcfour128 is the fastest cipher supported. (Plain arcfour may be a tad faster, but has known security problems.) -- Christian naddy Weisgerber na...@mips.inka.de
Re: Speeding up scp over 10GigE, suggestions?
The previous tests were reading from striped disks 4 spindles, writing to /dev/null This is the best so far, with fetching 4 compressed 500MB files on a remote ramdisk, local output going to /dev/null All on 10GigE in the same room. OUTDIR: [/dev/null] SSH Options: [-o Ciphers=arcfour128 -o MACs=umac...@openssh.com] 254.72636815920398009950 MB/s 225.55066079295154185022 MB/s 222.60869565217391304347 MB/s 237.03703703703703703703 MB/s Here is a test scp read from remote ramdisk, write to mounted cluster filesystem (over the same 10GigE link). OUTDIR: [/scatch/tmp] SSH Options: [-o Ciphers=arcfour128 -o MACs=umac...@openssh.com] 73.03851640513552068473 MB/s 72.72727272727272727272 MB/s 68.63270777479892761394 MB/s 68.35781041388518024032 MB/s I have compiled hpn-ssh but not yet tested it locally or over the wan. On Fri, Jul 20, 2012 at 05:33:33PM +1000, David Diggles wrote: Thanks Christian Specifying the MAC you suggested makes a big jump in performance. SSH Options: [-o Ciphers=arcfour128 -o MACs=umac...@openssh.com] 98.65026953028924143858 MB/s 94.75118186708754888342 MB/s 93.67964795503113387533 MB/s 77.35326700132979443792 MB/s SSH Options: [-o Ciphers=arcfour128] 63.50306913748638001067 MB/s 63.09124016939771183475 MB/s 61.51859822693993063534 MB/s 52.67600175573777350882 MB/s On Thu, Jul 19, 2012 at 11:51:50AM +, Christian Weisgerber wrote: David Diggles da...@elven.com.au wrote: I am looking for ways to speed up scp over 10GigE. With parallel transfer of 4x 8GB files, I get the following test results with various ciphers. These tests maxed out 4 cores with encryption overhead. Assuming that crypto actually is your bottleneck, here are a few hints: First, use a faster MAC: -m umac...@openssh.com SSH Options: [-o Cipher=arcfour] SSH Options: [-o Cipher=blowfish] These only apply to the SSH1 protocol and are ignored otherwise. SSH Options: [-o Ciphers=arcfour] SSH Options: [-o Ciphers=blowfish-cbc] SSH Options: [-o Ciphers=aes256-ctr] SSH Options: [-o Ciphers=3des-cbc] There are really three interesting ciphers: aes128-ctr, aes128-cbc, and arcfour128. aes128-ctr is the default and already plenty fast. aes128-cbc used to be the default until a security problem with the way CBC mode is used in the SSH2 protocol was discovered. In principle it isn't any faster than aes128-ctr, but in practice it may be since it uses OpenSSL's optimized EVP_aes_128_cbc() function while aes128-ctr relies on calls to the low-level AES_encrypt() primitive. arcfour128 is the fastest cipher supported. (Plain arcfour may be a tad faster, but has known security problems.) -- Christian naddy Weisgerber na...@mips.inka.de
Re: Re : Apache won't start after pecl-imagick installation
Hello, I'm coming back with this Apache startup that works fine but yesterday I added the -DSSL option in /etc/rc.conf but Apache won't start # /etc/rc.d/httpd start httpd(failed) I've looked at all the logs I could find but couldn't see why it failed. Is Apache SSL with lpthread supposed to work ? - Mail original - De : Mik J mikyde...@yahoo.fr À : misc@openbsd.org misc@openbsd.org Cc : Envoyé le : Mardi 8 mai 2012 22h08 Objet : Re : Apache won't start after pecl-imagick installation Thank you for your answer. I did use apachectl but after your email I followed your suggestions and it works. I have notice now that the command apachectl doesn't work at all now, when I read your email I thought that it wouldn't work for the first time only. I'm wondering if the apachectl command will end being deprecated if it doesn't allow apache to restart without us wondering if it has to pre load some libraries or not. Have a good day - Mail original - De : Stuart Henderson s...@spacehopper.org @ : misc@openbsd.org Cc : Envoyi le : Mardi 8 mai 2012 16h06 Objet : Re: Apache won't start after pecl-imagick installation On 2012-05-08, Mik J mikyde...@yahoo.fr wrote: Hello, I'm reinstalling my system from 4.9 to 5.1 I have installed pecl-imagick and stopped/started Apache but I have a seg fault (core dumped). If I uninstall this package Apache stops/starts nicely. I have read this page http://www.openbsd.org/faq/upgrade50.html#Pkgup The last point talks about my problem and advices to add in /etc/login.conf httpd:\ :setenv=LD_PRELOAD=/usr/lib/libpthread.so:\ :tc=daemon: This doesn't help, I still have the same problem with Apache. How did you start Apache? You will need to use /etc/rc.d/httpd restart (or reboot) so it's started from the system rc scripts for this to take effect, apachectl does not handle this. Also /usr/lib/libpthread.so doesn't exist so I replaced it with /usr/lib/libpthread.so.13.3 but still no success. No the instructions are correct, use /usr/lib/libpthread.so
HIPNOTERAPIA ERICKSONIANA Y PSICOLOGÍA POSITIVA
ESCUELA SISTÉMICA ARGENTINASEMINARIO TALLERAgosto / Septiembre 2012 HIPNOTERAPIA ERICKSONIANA Y PSICOLOGÍA POSITIVA CONSTRUYENDO EL ESTADO POSITIVO SUSTENTABLE EN PSICOTERAPIA HIPNOSIS ERICKSONIANA y PSICOLOGÍA POSITIVA: LOS APORTES DE LA INVESTIGACIÓN EN PSICOTERAPIA, RESILIENCIA, TERAPIA ORIENTADA A LAS SOLUCIONES, NARRATIVISMO, POSMODERNISMO, ONTOLOGÍA DEL LENGUAJE Y NEUROCIENCIAS AL SERVICIO DEL CAMBIO SUSTENTABLE Docente: Lic. Claudio DES CHAMPS (*) Modalidad Regular:Inicio: 09 de agosto (7 clases de 2 horas) / Fechas: 09, 16, 23 y 30 y de agosto y 06, 13 y 20 de SeptiembreHorarios: El mismo seminario será dado a 2 grupos, a elección de los participantes: * Primer grupo: de 13 a 15 hs; * Segundo grupo: de 19 a 21 hs Modalidad Intensiva: Inicio: Viernes 14 y Sábado 15 de Septiembre. Horario: 9 a 17 hs (Cada día) Toda persona es un individuo. Por lo tanto, la psicoterapia debería ser formulada de manera que responda a la particularidad de las necesidades de la persona, en vez de obligarla a ajustarse a una teoría hipotética de la conducta humana (J. Zeig y S.Gilligan.)¿Cree que su pasado determina su futuro? No se trata de una pregunta filosófica superficial. Según en qué medida consideremos que el pasado determina el futuro tenderemos o no, a ser un navío pasivo, incapaz de cambiar de trayecto de forma activa. Tales creencias son las culpables de la extrema inercia de muchas personas (Martin Seligman). Los datos neurológicos nos hacen enfocar la cuestión de un modo diferente: la sensación de ser feliz o desdichado depende probablemente de la connotación afectiva que le atribuya nuestro aparato de percibir el mundo. (Boris Cyrulnik)El objetivo de la Psicología Positiva es generar un viraje en la visión de la psicología, poniendo el foco no sólo en reparar sino especialmente, en construir recursos y desplegar cualidades positivas y elaborar guiones esperanzadores para el desarrollo y bienestar sustentable de los seres humanos. (C. Des Champs) HIPNOSIS ERICKSONIANA Y PSICOLOGÍA POSITIVA 2012 Propuesta: Presentar a la Hipnosis Ericksoniana , es decir a la psicoterapia creada por Milton Erickson desde sus principios y abordajes originarios, como fundadora de la psicoterapia sistémica y como pionera, inspiradora y plenamente vigente en el marco de las psicoterapias actuales y especialmente del abordaje de la Psicología Positiva. Objetivos: La materia tiene por objetivo, promover el conocimiento de los fundamentos teóricos y los principios básicos de la hipnosis ericksoniana, es decir del abordaje psicoterapéutico del reconocido terapeuta norteamericano, Milton Erickson. Se introducirán los conceptos esenciales y las múltiples técnicas derivadas de tales conceptos y de la cosmovisión, aspectos neurocientíficos, valores y filosofía de dicha práctica clínica. Dicha psicoterapia se presentará en primer lugar, como pionera y fundadora de la terapia estratégica sistémica en particular y de la práctica psicoterapéutica sistémica general, incluyendo los modelos y abordajes más recientes como el narrativismo y todos aquellos posmodernistas derivados de la epistemología constructivista, construccionista social y de la ontología del lenguaje. Y en segundo lugar, como fundadora, inspiradora y estimuladora del viraje en la psicología actual en general y en la psicoterapia en particular, encarnado en la propuesta de la Psicología Positiva y en sus antecesores, entre ellos, la logoterapia de Víctor Frankl, la Resiliencia, los aportes de las neurociencias y los conclusiones mas recientes de la investigación en psicoterapia, como por ejemplo la Alianza Terapéutica, conclusiones que atraviesan los modelos y teorías de las distintas escuelas psicoterapéuticas. Se introduce así al profesional en la innovadora y pionera propuesta psicoterapéutica de Milton Erickson, actualizándola con fundamentos de los avances en distintas áreas de la ciencia articulados entre sí, conectándolo de esta manera, con la esencia de las prácticas actuales en psicoterapia y especialmente, con el viraje propuesto por la Psicología Positiva. (*) El Lic. Des Champs es Psicólogo (UBA), psicoterapeuta de individuos, parejas y familia. Ex Coordinador del equipo de atención de Crisis del hospital de San isidro y del área de familia de operadas de mama del L. A. L. C. E. C . Docente universitario de grado y posgrado, introdujo y coordinó materias sistémicas y cognitivas e impartió seminarios de terapia familiar sistémica en la UBA, Universidad J. F. Kennedy y en el Instituto de Drogadependencia de la Universidad del Salvador dependiente de la Secretaría de Adicciones de la provincia de Buenos Aires, de la cual fue asesor en su especialidad. Ex profesor adjunto de la Carrera de Psicología de la Universidad Maimónides, a cargo de las materias Modelo Sistémico I y II. Profesor invitado a la
Re: Re : Apache won't start after pecl-imagick installation
Maybe a stupid question, but did you create the certificate the steps in the FAQ? http://www.openbsd.org/faq/faq10.html#HTTPS On Fri, Jul 20, 2012 at 09:23:53AM +0100, Mik J wrote: Hello, I'm coming back with this Apache startup that works fine but yesterday I added the -DSSL option in /etc/rc.conf but Apache won't start # /etc/rc.d/httpd start httpd(failed) I've looked at all the logs I could find but couldn't see why it failed. Is Apache SSL with lpthread supposed to work ? - Mail original - De?: Mik J mikyde...@yahoo.fr ??: misc@openbsd.org misc@openbsd.org Cc?: Envoy? le : Mardi 8 mai 2012 22h08 Objet?: Re : Apache won't start after pecl-imagick installation Thank you for your answer. I did use apachectl but after your email I followed your suggestions and it works. I have notice now that the command apachectl doesn't work at all now, when I read your email I thought that it wouldn't work for the first time only. I'm wondering if the apachectl command will end being deprecated if it doesn't allow apache to restart without us wondering if it has to pre load some libraries or not. Have a good day - Mail original - De : Stuart Henderson s...@spacehopper.org @ : misc@openbsd.org Cc : Envoyi le : Mardi 8 mai 2012 16h06 Objet : Re: Apache won't start after pecl-imagick installation On 2012-05-08, Mik J mikyde...@yahoo.fr wrote: ? Hello, ? I'm reinstalling my system from 4.9 to 5.1 ? I have installed ? pecl-imagick and stopped/started Apache but I have a seg fault (core dumped). ? If I uninstall this package Apache stops/starts nicely. ? I have read this page http://www.openbsd.org/faq/upgrade50.html#Pkgup ? The last point talks about my ? problem and advices to add in /etc/login.conf ? httpd:\ :setenv=LD_PRELOAD=/usr/lib/libpthread.so:\ ? :tc=daemon: ? This doesn't help, ? I still have the same problem with Apache. How did you start Apache? You will need to use /etc/rc.d/httpd restart (or reboot) so it's started from the system rc scripts for this to take effect, apachectl does not handle this. ? Also /usr/lib/libpthread.so doesn't ? exist so I replaced it with /usr/lib/libpthread.so.13.3 but still no success. No the instructions are correct, use /usr/lib/libpthread.so
Full Disc Encryption - i want your opinions
Many today SSD and some magnetic disks have AES-128/256 encryption builtin. If BIOS supports it, it ask for password then send it to hard disk after which it decodes it's AES key so it start to work. No software crypto overhead, everything fine. My question - how secure it really is. One extremity is to assume it is certainly well done. Another - that there are encryption at all, just simple password check. Both are possible as there is no way to check. I want your opinions. Software encryption would make quite a bit overhead for my setup.
Re: Polish encoding on console in x window
On Thu, Jul 19, 2012 at 08:51:49PM +0200, Tomasz Marszal wrote: Hi Group. I have a question to polish users how to set up polish encoding in terminal in x windows in Open BSD 5.1 i386. LC_ALL and LC_LOCALE didnt work (works only in bash and i get strange signs instead of polish dialect signs. Setting wsconsctl keyboard.encoding=pl also dont give wanted result. Best Regards Tomek Marszal Hi, I do not have 5.1 i386, but in 5.2-beta amd64 this setting is working: /etc/kbdtype pl ~/.xsession export LC_CTYPE=pl_PL.UTF-8 ~/.profile export LC_CTYPE=pl_PL.UTF-8 ~/.Xdefaults XTerm*font:-misc-fixed-medium-r-normal--14-130-75-75-c-70-iso10646-1 In ksh i can type polish signs in filenames (but 'ls' dont display it correctly). Adam
Re: Polish encoding on console in x window
* Adam Bryt adam.b...@gmx.com [120720 10:56]: In ksh i can type polish signs in filenames (but 'ls' dont display it correctly). Install colorls or use ls | cat. -- Alexander Polakov | plhk.ru
Re: Full Disc Encryption - i want your opinions
Le 20/07/2012 11:12, Wojciech Puchar a écrit : Many today SSD and some magnetic disks have AES-128/256 encryption builtin. If BIOS supports it, it ask for password then send it to hard disk after which it decodes it's AES key so it start to work. No software crypto overhead, everything fine. My question - how secure it really is. One extremity is to assume it is certainly well done. Another - that there are encryption at all, just simple password check. Both are possible as there is no way to check. I want your opinions. Software encryption would make quite a bit overhead for my setup. As your disk is probably not 'open source' (?), you don't know if there is a really encryption, or if there is a secret password (as for some bios) that permits to access data. If I was you, I would prefer to use a software-based encryption (luks, softraid, ...), even if it has some disadvantages. Keep in memory that, whatever you do, if a guy has money and WANTS your data, he can get these. So, as long as you're not a terrorist, I think you can sleep quietly without take care of the CIA spy under your bed. But if you are, this spy just has to obtain the encryption method (or the global password, if there is) by giving $$ to the manufacturer of your disk, and then crack it. Some of the books I have are very funny at this point... I think that as long as it's not open source it's unsecure. This is me, and I could be wrong. In all cases, encrypt disk is more secure than not to encrypt disk. Maxime
Re: Polish encoding on console in x window
Thx its working on 5.1 but insted /etc/kbdtype pl i did /etc/wsconsctl keyboard.encoding=pl On Fri, 20 Jul 2012 12:24:07 +0200, Adam Bryt adam.b...@gmx.com wrote: On Thu, Jul 19, 2012 at 08:51:49PM +0200, Tomasz Marszal wrote: Hi Group. I have a question to polish users how to set up polish encoding in terminal in x windows in Open BSD 5.1 i386. LC_ALL and LC_LOCALE didnt work (works only in bash and i get strange signs instead of polish dialect signs. Setting wsconsctl keyboard.encoding=pl also dont give wanted result. Best Regards Tomek Marszal Hi, I do not have 5.1 i386, but in 5.2-beta amd64 this setting is working: /etc/kbdtype pl ~/.xsession export LC_CTYPE=pl_PL.UTF-8 ~/.profile export LC_CTYPE=pl_PL.UTF-8 ~/.Xdefaults XTerm*font:-misc-fixed-medium-r-normal--14-130-75-75-c-70-iso10646-1 In ksh i can type polish signs in filenames (but 'ls' dont display it correctly). Adam
Re: Re : Apache won't start after pecl-imagick installation
Hello David, Yes I did create it, if there is a configuration problem then I don't see anything in the logs. I'm wondering how to debug this. - Mail original - De : David Diggles da...@elven.com.au À : misc@openbsd.org Cc : Envoyé le : Vendredi 20 juillet 2012 11h07 Objet : Re: Re : Apache won't start after pecl-imagick installation Maybe a stupid question, but did you create the certificate the steps in the FAQ? http://www.openbsd.org/faq/faq10.html#HTTPS On Fri, Jul 20, 2012 at 09:23:53AM +0100, Mik J wrote: Hello, I'm coming back with this Apache startup that works fine but yesterday I added the -DSSL option in /etc/rc.conf but Apache won't start # /etc/rc.d/httpd start httpd(failed) I've looked at all the logs I could find but couldn't see why it failed. Is Apache SSL with lpthread supposed to work ? - Mail original - De?: Mik J mikyde...@yahoo.fr ??: misc@openbsd.org misc@openbsd.org Cc?: Envoy? le : Mardi 8 mai 2012 22h08 Objet?: Re : Apache won't start after pecl-imagick installation Thank you for your answer. I did use apachectl but after your email I followed your suggestions and it works. I have notice now that the command apachectl doesn't work at all now, when I read your email I thought that it wouldn't work for the first time only. I'm wondering if the apachectl command will end being deprecated if it doesn't allow apache to restart without us wondering if it has to pre load some libraries or not. Have a good day - Mail original - De : Stuart Henderson s...@spacehopper.org @ : misc@openbsd.org Cc : Envoyi le : Mardi 8 mai 2012 16h06 Objet : Re: Apache won't start after pecl-imagick installation On 2012-05-08, Mik J mikyde...@yahoo.fr wrote: ? Hello, ? I'm reinstalling my system from 4.9 to 5.1 ? I have installed ? pecl-imagick and stopped/started Apache but I have a seg fault (core dumped). ? If I uninstall this package Apache stops/starts nicely. ? I have read this page http://www.openbsd.org/faq/upgrade50.html#Pkgup ? The last point talks about my ? problem and advices to add in /etc/login.conf ? httpd:\ :setenv=LD_PRELOAD=/usr/lib/libpthread.so:\ ? :tc=daemon: ? This doesn't help, ? I still have the same problem with Apache. How did you start Apache? You will need to use /etc/rc.d/httpd restart (or reboot) so it's started from the system rc scripts for this to take effect, apachectl does not handle this. ? Also /usr/lib/libpthread.so doesn't ? exist so I replaced it with /usr/lib/libpthread.so.13.3 but still no success. No the instructions are correct, use /usr/lib/libpthread.so
Re: Re : Apache won't start after pecl-imagick installation
On Fri, Jul 20, 2012 at 12:20:38PM +0100, Mik J wrote: Hello David, Yes I did create it, if there is a configuration problem then I don't see anything in the logs. I'm wondering how to debug this. Start apache on the command line as httpd and you'll probably see the error. -Otto - Mail original - De?: David Diggles da...@elven.com.au ??: misc@openbsd.org Cc?: Envoy? le : Vendredi 20 juillet 2012 11h07 Objet?: Re: Re : Apache won't start after pecl-imagick installation Maybe a stupid question, but did you create the certificate the steps in the FAQ? http://www.openbsd.org/faq/faq10.html#HTTPS On Fri, Jul 20, 2012 at 09:23:53AM +0100, Mik J wrote: Hello, I'm coming back with this Apache startup that works fine but yesterday I added the -DSSL option in /etc/rc.conf but Apache won't start # /etc/rc.d/httpd start httpd(failed) I've looked at all the logs I could find but couldn't see why it failed. Is Apache SSL with lpthread supposed to work ? - Mail original - De?: Mik J mikyde...@yahoo.fr ??: misc@openbsd.org misc@openbsd.org Cc?: Envoy? le : Mardi 8 mai 2012 22h08 Objet?: Re : Apache won't start after pecl-imagick installation Thank you for your answer. I did use apachectl but after your email I followed your suggestions and it works. I have notice now that the command apachectl doesn't work at all now, when I read your email I thought that it wouldn't work for the first time only. I'm wondering if the apachectl command will end being deprecated if it doesn't allow apache to restart without us wondering if it has to pre load some libraries or not. Have a good day - Mail original - ? De : Stuart Henderson s...@spacehopper.org ? @ : misc@openbsd.org ? Cc : ? Envoyi le : Mardi 8 mai 2012 16h06 ? Objet : Re: Apache won't start after pecl-imagick installation ? On 2012-05-08, Mik J mikyde...@yahoo.fr wrote: ? Hello, ? I'm reinstalling my system from 4.9 to 5.1 ? I have installed ? pecl-imagick and stopped/started Apache but I have a seg fault (core ? dumped). ? If I uninstall this package Apache stops/starts nicely. ? I have read this page http://www.openbsd.org/faq/upgrade50.html#Pkgup ? The last point talks about my ? problem and advices to add in /etc/login.conf ? httpd:\ :setenv=LD_PRELOAD=/usr/lib/libpthread.so:\ ? :tc=daemon: ? This doesn't help, ? I still have the same problem with Apache. How did you start Apache? You will need to use /etc/rc.d/httpd restart ? (or reboot) so it's started from the system rc scripts for this to take ? effect, apachectl does not handle this. ? Also /usr/lib/libpthread.so doesn't ? exist so I replaced it with /usr/lib/libpthread.so.13.3 but still no success. ? No the instructions are correct, use /usr/lib/libpthread.so
Re: load now over 1.00 all the time (i386, MP)
well... every problem has its solution -- eventually. i have noticed first that if i dont start an xsession (as in only xdm is on), the load can go under 1.00 but the reason couldnt be Xorg, as that is running already if xdm is started. so i started suspecting the programs in my .xsession. and indeed, after killing gkrellm, the mysterious 1.00 load disappeared. start it again: creeps up to 1.00 again. i thought it might be my .gkrellm2 configuration, but starting afresh produces the same result. none of the gkrellm users see this? i am running -current all the time... -f ps. crossposting to ports@ -- climate is what you expect. weather is what you get.
Re: Re : Apache won't start after pecl-imagick installation
Hello Otto, I was confused if I could start it manually or not. There was indeed a little mistake in the configuration regarding the paths of the certificate. It's now solved. Thank you to both of you - Mail original - De : Otto Moerbeek o...@drijf.net À : Mik J mikyde...@yahoo.fr Cc : misc@openbsd.org misc@openbsd.org Envoyé le : Vendredi 20 juillet 2012 14h22 Objet : Re: Re : Apache won't start after pecl-imagick installation On Fri, Jul 20, 2012 at 12:20:38PM +0100, Mik J wrote: Hello David, Yes I did create it, if there is a configuration problem then I don't see anything in the logs. I'm wondering how to debug this. Start apache on the command line as httpd and you'll probably see the error. -Otto - Mail original - De?: David Diggles da...@elven.com.au ??: misc@openbsd.org Cc?: Envoy? le : Vendredi 20 juillet 2012 11h07 Objet?: Re: Re : Apache won't start after pecl-imagick installation Maybe a stupid question, but did you create the certificate the steps in the FAQ? http://www.openbsd.org/faq/faq10.html#HTTPS On Fri, Jul 20, 2012 at 09:23:53AM +0100, Mik J wrote: Hello, I'm coming back with this Apache startup that works fine but yesterday I added the -DSSL option in /etc/rc.conf but Apache won't start # /etc/rc.d/httpd start httpd(failed) I've looked at all the logs I could find but couldn't see why it failed. Is Apache SSL with lpthread supposed to work ? - Mail original - De?: Mik J mikyde...@yahoo.fr ??: misc@openbsd.org misc@openbsd.org Cc?: Envoy? le : Mardi 8 mai 2012 22h08 Objet?: Re : Apache won't start after pecl-imagick installation Thank you for your answer. I did use apachectl but after your email I followed your suggestions and it works. I have notice now that the command apachectl doesn't work at all now, when I read your email I thought that it wouldn't work for the first time only. I'm wondering if the apachectl command will end being deprecated if it doesn't allow apache to restart without us wondering if it has to pre load some libraries or not. Have a good day - Mail original - ? De : Stuart Henderson s...@spacehopper.org ? @ : misc@openbsd.org ? Cc : ? Envoyi le : Mardi 8 mai 2012 16h06 ? Objet : Re: Apache won't start after pecl-imagick installation ? On 2012-05-08, Mik J mikyde...@yahoo.fr wrote: ? Hello, ? I'm reinstalling my system from 4.9 to 5.1 ? I have installed ? pecl-imagick and stopped/started Apache but I have a seg fault (core ? dumped). ? If I uninstall this package Apache stops/starts nicely. ? I have read this page http://www.openbsd.org/faq/upgrade50.html#Pkgup ? The last point talks about my ? problem and advices to add in /etc/login.conf ? httpd:\ :setenv=LD_PRELOAD=/usr/lib/libpthread.so:\ ? :tc=daemon: ? This doesn't help, ? I still have the same problem with Apache. How did you start Apache? You will need to use /etc/rc.d/httpd restart ? (or reboot) so it's started from the system rc scripts for this to take ? effect, apachectl does not handle this. ? Also /usr/lib/libpthread.so doesn't ? exist so I replaced it with /usr/lib/libpthread.so.13.3 but still no success. ? No the instructions are correct, use /usr/lib/libpthread.so
Re: Full Disc Encryption - i want your opinions
As your disk is probably not 'open source' (?), you don't know if there is a really encryption, or if there is a secret password (as for some bios) that permits to access data. thats exactly what i fear about. it is even possible that there are no encryption at all. Keep in memory that, whatever you do, if a guy has money and WANTS your data, he can get these. So, as long as you're not a terrorist, No i am not a terrorist yet ;) So final conclusion - just use software encryption. Thank you.
NFS and mounted dirs by hotplug-diskmount
Hi all: I have one computer acting as NFS server for some directories. One of these directories is /vol, where the hotplug-diskmount daemon mounts external disks (usually FAT32). The problem is that whereas NFS is working well (rest of dirs are available through my local network) those mounted by hotplug-diskmount are missing. I can't see any of this dirs. If I export these dirs in /etc/exports for NFS, then I see this dirs but no content is shown inside them. Any idea about this? I suspect it's something related to the hotplug-diskmount internals but maybe there's a solution... Thanks in advance, Jes
Re: NFS and mounted dirs by hotplug-diskmount
available through my local network) those mounted by hotplug-diskmount are missing. I can't see any of this dirs. If I export these dirs in /etc/exports for NFS, then I see this dirs but no content is shown inside them. NFS AFAIK will never work this way. reload mountd after mounting new device. try to automate it. Still - no idea if NFS can server from non-unix partitions. NFS is very tightly bound to unix filesystem internals IMHO, unlike say samba or ftpd. you may try userspace nfs server too.
kvm and Openbsd 5.1
Hi list, today I've installed OpenBSD 5.1 amd64 on a kvm (linux slackware) kvm version is 1.0.1. Starting machine with 4 core, and bsd.mp it crash. Disabling mpbios see only one core and not smp. Then, I've updated kvm to 1.1.1 but the results are the same. There is someone that has started obsd on kvm and avoid this problem? This problem is kvm related? Another, someone has tried obsd 5.1 on ESX? Thanks in advance.
Re: kvm and Openbsd 5.1
Hi, Le 20 juil. 2012 à 19:29, Alessandro Baggi a écrit : Hi list, today I've installed OpenBSD 5.1 amd64 on a kvm (linux slackware) kvm version is 1.0.1. Starting machine with 4 core, and bsd.mp it crash. Disabling mpbios see only one core and not smp. Then, I've updated kvm to 1.1.1 but the results are the same. There is someone that has started obsd on kvm and avoid this problem? This problem is kvm related? Another, someone has tried obsd 5.1 on ESX? I have 5.0 and 5.1 working well, with 2 vCPU, on my ESXi 5. Cheers, Jo
Taller de Coaching Ejecutivo
Apreciable Ejecutivo: TIEM de México Empresa Líder en Capacitación y Actualización de Capital Humano Ponemos a su disposición este excelente taller denominado: Coaching Ejecutivo Ciudad de México, el día 27 de Julio de 2012 Inscríbase 5 días antes de la fecha del Curso y obtenga un descuento del 15% con Inversión Inmediata No deje pasar esta oportunidad e Invierta en su Desarrollo Personal y Profesional No vienes a aprender de nosotros, vas a aprender de ti mismo El coaching es un proceso personal que se lleva a través de una metodología de acompañamiento personal o grupal en donde tu mismo encontraras los resultados que estas buscando llevando tu potencial al máximo en el desarrollo de habilidades y cumplimiento de objetivos además del mejoramiento en el desempeño profesional. En el coaching encontraras: Auto conocimiento Maximizar tus capacidades de aprendizaje Maximizar tu desempeño Establecer metas y objetivos claros y medibles Identificar tus propios obstáculos Explorar tus propias oportunidades Dirigido a: Toda persona interesada en mejorar sus habilidades Gerenciales y de Supervisión Personas que tengan responsabilidad de dirigir personas y equipos Empresarios, Directores, Gerentes, Supervisores y Líderes con personal a su cargo Duración: 05 horas Guía Temática: Organización y personas Beneficios del coaching Definiciones de coaching Personas vs organización Disciplinas: cambio remediativo y cambio generativo Roles del coaching Proceso del coaching Análisis de los diferentes tipos del coaching Modelo de competencias Análisis y valoración de resultados Para mayor información, favor de responder este correo con los siguientes datos: Empresa: Nombre: Ciudad: Teléfono: O si lo prefiere comuníquese a los teléfonos: Del DF al 5611-0969 con 10 líneas Interior del País Lada sin Costo 01 800 900 TIEM (8436) Aceptamos todas las TDC y Débito. **Promoción: 3 meses sin Intereses pagando con American Express **Aplica solo con Inversión Normal ®Todos los Derechos Reservados ©2011 TIEM Talento e Innovación Empresarial de México Este Mensaje le ha sido enviado como usuario de TIEM de México o bien un usuario le refirió para recibir este boletín. Como usuario de TIEM de México, en este acto autoriza de manera expresa que TIEM de México le puede contactar vía correo electrónico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de él y reporte su cuenta respondiendo este correo con el subject BAJABD Tenga en cuenta que la gestión de nuestras bases de datos es de suma importancia y no es intención de la empresa la inconformidad del receptor.
Re: kvm and Openbsd 5.1
Second that! Works great =) I have 5.0 and 5.1 working well, with 2 vCPU, on my ESXi 5. Cheers, Jo
Re: Full Disc Encryption - i want your opinions
On Fri, 20 Jul 2012 17:33:26 +0200 (CEST) Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: As your disk is probably not 'open source' (?), you don't know if there is a really encryption, or if there is a secret password (as for some bios) that permits to access data. thats exactly what i fear about. it is even possible that there are no encryption at all. There are certain Seagate Momentus disks that do AES encryption in hardware. This means that they use an AES key to encrypt the data, and you need a (BIOS-)password to unlock this key at boot. So whenever you change the password, it's just that - the AES key stays the same. You need to make sure that your BIOS also has an option to reset the AES key (e.g. the Thinkpad laptops can do this with an official BIOS patch). Otherwise you rely on the manufacturer that he doesn't keep a list of the default AES keys ;) Keep in memory that, whatever you do, if a guy has money and WANTS your data, he can get these. So, as long as you're not a terrorist, No i am not a terrorist yet ;) ACK. What kind of threat do you want to counter, who is your adversary... [1], [2] So final conclusion - just use software encryption. Thank you. Yes and no. Again, what threat are you looking at. If your adversary can get physical access to your machine (evil maid attack), he can install a root kit or key logger - which would defeat any software crypto. In this case you need full disk encryption AND make it difficult to flash the BIOS or replace hardware parts (how about an identical keyboard with a built-in sniffer?). The average user should protect himself against unwanted data disclosure (e.g. stolen laptop or lost USB disk). Software crypto is perfectly fine for this. kind regards, Robert [1] http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis [2] http://xkcd.com/538/
Re: Full Disc Encryption - i want your opinions
There are certain Seagate Momentus disks that do AES encryption in hardware. This means that they use an AES key to encrypt the data, and you need a (BIOS-)password to unlock this key at boot. So whenever you change the password, it's just that - the AES key stays the same. You that's how all FDE drives work. Already a problem as only BIOS can activate password, there are no command line tool. And no idea how would it work if more than one disk with FDE is installed on system. Yes and no. Again, what threat are you looking at. If your adversary can get physical access to your machine (evil maid attack), he can install a root kit or key logger - which would defeat any software no concern on evil maid really. But simple theft from outside is definitely possible, and DID happened long in the past in spite of some control. Possibility of theft done for data, not machine is very likely. So lets narrow question - can such thief, with help of some kind of specialist - recover data from FDE encrypted drive without password? to install a boot-time key logger you would need to get here twice, once to shutdown server and install keylogger (which cannot be unnoticed!!!) and second time to actually steal it. checking out that unencrypted part didn't change after unplanned reboot is good idea. thanks!
Re: Full Disc Encryption - i want your opinions
On Fri, 20 Jul 2012 21:55:52 +0200 (CEST) Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: There are certain Seagate Momentus disks that do AES encryption in hardware. This means that they use an AES key to encrypt the data, and you need a (BIOS-)password to unlock this key at boot. So whenever you change the password, it's just that - the AES key stays the same. You that's how all FDE drives work. Already a problem as only BIOS can activate password, there are no command line tool. And no idea how would it work if more than one disk with FDE is installed on system. According to Seagate, the password is set using the normal ATA commands. So I *assume* that you can use the atactl tool for this. The BIOS does nothing else... Yes and no. Again, what threat are you looking at. If your adversary can get physical access to your machine (evil maid attack), he can install a root kit or key logger - which would defeat any software no concern on evil maid really. But simple theft from outside is definitely possible, and DID happened long in the past in spite of some control. Possibility of theft done for data, not machine is very likely. So lets narrow question - can such thief, with help of some kind of specialist - recover data from FDE encrypted drive without password? to install a boot-time key logger you would need to get here twice, once to shutdown server and install keylogger (which cannot be unnoticed!!!) and second time to actually steal it. *) If someone can get in once unnoticed, he can do it twice. Or the root kit sends the data out as part of other network traffic. Etc. *) A power failure can be simulated. Or a hardware failure. But again, then you are looking at a sophisticated attacker. They might also have other means (how much does your admin earn? your security guy? can he be bribed? blackmailed? threatened?). You probably just want to protect against someone breaking into your server room and stealing the HDs. In this case do a normal system install (unencrypted), and encrypt the data disks. Make the admin type in the password after reboot, via SSH or the console. Don't store the keys on the system disk ;) checking out that unencrypted part didn't change after unplanned reboot is good idea. thanks! You would have to do this in another system, since you can't trust this system anymore. This is lots of manual work - is it worth in your situation? Some other idea: remove the local system disk. Create a read only system on a CD (+ ramdisk for /tmp, send logs to another server) and boot from this. Or boot it from the (protected, physically separated server-)LAN. In the end it is always a cost/benefit (effort/threat) decision... don't overdo it. kind regards, Robert
Contato,sexta-feira, 20 de julho de 2012
Contato Site Assunto: OrcamentoNome: Marcos S SousaEmail: macossousa.compras@gmail.comTelefone: (11) 3904- 1478Mensagem: Bom dia gostaria de um orcamento sobre alguns itens,que necessito com urgencia. Orcamento-doc.pdf 78K Visualizar Baixar
Como Eficientar el Presupuesto Acotado y Recortado
copy; 2012 Conference Corporativo S.C. Incluye Temas Criacute;ticos Sobre: Cierre de Gestioacute;n, Observaciones y Responsabilidades Asista a los 45 Mejores Cursos en Meacute;xico de la Serie: CONTABILIDAD Y FINANZAS Cursos, Contenidos y Metodologiacute;as Desarrollados en Alianza con las Mejores Universidades Europeas con Calidad ISO 9000. Haga click para desplegar informacioacute;n Curso 1 Solventar Observaciones. (NUEVO) Curso 2 Libro Blanco y las Memorias Documentales del Sector Puacute;blico Mexicano. (NUEVO) Curso 3 Elaboracioacute;n Puntual de las Memorias Documentales. (NUEVO) Curso 4 Acta de Entrega Recepcioacute;n y Rendicioacute;n de Cuentas. (NUEVO) Curso 5 Servicio Profesional de Carrera. Curso 6 Defensa Estrateacute;gica de los Servidores Puacute;blicos. Curso 7 Coacute;mo Enfrentar con Eacute;xito Auditoriacute;as Gubernamentales. Curso 8 Ley Federal de Responsabilidades Administrativas. Curso 9 (Nueva)Ley Federal Anticorrupcioacute;n. Curso 10 Derecho Laboral Burocraacute;tico. Curso 11 Matriz de Administracioacute;n de Riesgos (MAR). Curso 12 Lineamientos sobre Indicadores para Medir los Avances Fiacute;sicos Financieros y la MIR. Curso 13 Coacute;mo Ejecutar Adecuaciones Presupuestarias. Curso 14 Contabilidad Gubernamental en la Transparencia de las Finanzas Puacute;blicas (Incluye Ley). Curso 15 Anaacute;lisis Integral de las Disposiciones del CONAC. Curso 16 Clasificador por Objeto del Gasto. Curso 17 Ley Federal de Presupuesto y Responsabilidad Hacendaria y su Reglamento. Curso 18 Contabilidad Gubernamental en la Armonizacioacute;n Contable y el Nuevo Plan Nacional de Cuentas. Curso 19 Normas de Informacioacute;n Financiera Generales y Gubernamentales (NIF 2012). Curso 20 Manual de Contabilidad Gubernamental. Curso 21 (Nueva) Ley de la Firma Electroacute;nica Avanzada para Servidores Puacute;blicos. Curso 22 Presupuesto Basado en Resultados (PBR) Curso 23 Manual Administrativo de Aplicacioacute;n General en Materia de Recursos Financieros. (Incluye IMPLEMENTACIOacute;N TOTAL) Curso 24 Marco Loacute;gico para la Evaluacioacute;n del PBR. Curso 25 (Nueva)Investigacioacute;n de Mercados y los Criterios de Evaluacioacute;n para Adquisiciones. Curso 26 Archivonomiacute;a Gubernamental. Curso 27 Almacenes e Inventarios Gubernamentales. Curso 28 COMPRANET 5.0 (Licitaciones Electroacute;nicas de las Adquisiciones). Curso 29 COMPRANET 5.0 (Licitaciones Electroacute;nicas de las Obras Puacute;blicas). Curso 30 Ley de Adquisiciones. Curso 31 Ley de Obras Puacute;blicas. Curso 32 Licitaciones y Contrataciones de las Adquisiciones. Curso 33 Licitaciones y Contrataciones de las Obras Puacute;blicas. Curso 34 Criterios de Evaluacioacute;n de Propuestas Econoacute;micas en Obra Puacute;blica. Curso 35 Manual Administrativo de Aplicacioacute;n General en Materia de Adquisiciones. (Incluye IMPLEMENTACIOacute;N TOTAL) Curso 36 Manual Administrativo de Aplicacioacute;n General en Materia de Obras Puacute;blicas. (Incluye IMPLEMENTACIOacute;N TOTAL) Curso 37 Manual Administrativo de Recursos Materiales y Servicios Generales. (Incluye IMPLEMENTACIOacute;N TOTAL) Curso 38 Manual Administrativo de Recursos Humanos. (Incluye IMPLEMENTACIOacute;N TOTAL) Curso 39 Manual Administrativo Sobre Tecnologiacute;as de la Informacioacute;n y Comunicaciones (TIC). Curso 40 Disposiciones en Materia de Control Interno y su Manual Administrativo.(Incluye IMPLEMENTACIOacute;N TOTAL) Curso 41 (Nuevo)Manual del Servicio Profesional de Carrera para el Gobierno Federal Mexicano. Curso 42 Manual de Transparencia.(Incluye IMPLEMENTACIOacute;N TOTAL) Curso 43 Capiacute;tulo 1000 y el Nuevo Manual De Percepciones de los Servidores Puacute;blicos. Curso 44 Auditoriacute;as, Revisiones y Visitas de Inspeccioacute;n. Curso 45 (Nueva)Ley de Asociaciones Puacute;blico-Privadas (LAPP). Curso 46 (Nueva)Ley Federal de Archivos Atencioacute;n Ejecutiva Centro de Atencioacute;n Telefoacute;nica: DF y Aacute;rea Metropolitana (55) 91 40 30 30 Lada sin costo: (01 800) 439 66 66 Correo dirigido a: ESTE MAIL CUMPLE CON LAS POLiacute;TICAS ANTISPAM INTERNACIONALES Y LOCALES. Para darse de baja soacute;lo haga click aquiacute;
Re: Full Disc Encryption - i want your opinions
I have been using softraid full disk encryption, with the exception of the /altroot partition, on my laptop. I have no real threat. I just want it so that if someone wants to go through my laptop, they can't without my permission. With OpenBSD's full disk encryption, and a locking screen saver, there is no known way into my system, with any amount of resources available. The overhead isn't a problem unless I'm copying huge amounts of data, which is rare. The very first thing that occurred to me when reading about your BIOS level AES disk encryption is what is the weakest link in it. Cracking the AES is the last thing anyone would want to do, assuming it's genuine. Unless the implementation is open source, you could have something like a password utility that only accepts 4 characters, even if you type 50, uses the bios version for entropy, or other serious issues. There are underground folks who will use all their resources to look for and find such vulnerabilities, and we don't really know one way or the other if the implementation is good, unless of course it is open source. On Fri, Jul 20, 2012 at 2:12 AM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: Many today SSD and some magnetic disks have AES-128/256 encryption builtin. If BIOS supports it, it ask for password then send it to hard disk after which it decodes it's AES key so it start to work. No software crypto overhead, everything fine. My question - how secure it really is. One extremity is to assume it is certainly well done. Another - that there are encryption at all, just simple password check. Both are possible as there is no way to check. I want your opinions. Software encryption would make quite a bit overhead for my setup.
Curso de Ortografía y Redacción para Ejecutivos Cierre de reservaciones
Si no puede visualizar correctamente este correo, le pedimos que lo arrastre a su Bandeja de Entrada Apreciable Ejecutivo: TIEM de México Empresa Líder en Capacitación y Actualización de Capital Humano Le recuerda que el curso de: Ortografía y Redacción para Ejecutivos Esta programado en la Ciudad de México para el día 26 de Julio de 2012 Una parte importante de la imagen y la personalidad es la facilidad o dificultad con la cual nos expresamos y logramos despertar el interés de nuestro interlocutor o lector. Este importante seminario le ofrece la oportunidad de desarrollar habilidades y técnicas que le permitirán tener una comunicación escrita eficaz para expresarse correctamente con claridad, fluidez y precisión, en los diferentes tipos de documentos que se requieran en su área de trabajo. Tu participación te permitirá: 1. Obtener un aprendizaje significativo de los acentos y las letras. 2. Valorar la lectura como el medio para mejorar la ortografía y la redacción. 3. Saber cómo desarrollar un estilo de redacción. 4. Tips para actualizar y modernizar los escritos administrativos. 5. Aprender a realizar escritos concisos y sencillos. 6. Facilitar la tarea de trasmitir las ideas. 7. Saber cómo utilizar correctamente los diferentes documentos. 8. Evitar la repetición o la corrección de errores. Para mayor información, favor de responder este correo con los siguientes datos: Empresa: Nombre: Ciudad: Teléfono: o si lo prefiere comuníquese a los teléfonos: Del DF al 5611-0969 con 10 líneas Interior del País Lada sin Costo 01 800 900 TIEM (8436) Aceptamos todas las TDC y Débito. Promoción: 3 meses sin Intereses pagando con American Express ®Todos los Derechos Reservados ©2011 TIEM Talento e Innovación Empresarial de México Este Mensaje le ha sido enviado como usuario de TIEM de México o bien un usuario le refirió para recibir este boletín. Como usuario de TIEM de México, en este acto autoriza de manera expresa que TIEM de México le puede contactar vía correo electrónico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de él y reporte su cuenta respondiendo este correo con el subject BAJABD Tenga en cuenta que la gestión de nuestras bases de datos es de suma importancia y no es intención de la empresa la inconformidad del receptor.
Re: Full Disc Encryption - i want your opinions
Being realistic however, if you offered 1000 random people a $1000 prize to get into your system, using the BIOS AES disk encryption, it's unlikely any of them would pull it off. With softraid, I am only lacking rootkit protection, by doing a sha1sum on my /altroot partition, from the encrypted system, during boot, which is simple enough to set up, but I have no reason to. On Fri, Jul 20, 2012 at 9:12 PM, Robert Connolly robertconnolly1...@gmail.com wrote: I have been using softraid full disk encryption, with the exception of the /altroot partition, on my laptop. I have no real threat. I just want it so that if someone wants to go through my laptop, they can't without my permission. With OpenBSD's full disk encryption, and a locking screen saver, there is no known way into my system, with any amount of resources available. The overhead isn't a problem unless I'm copying huge amounts of data, which is rare. The very first thing that occurred to me when reading about your BIOS level AES disk encryption is what is the weakest link in it. Cracking the AES is the last thing anyone would want to do, assuming it's genuine. Unless the implementation is open source, you could have something like a password utility that only accepts 4 characters, even if you type 50, uses the bios version for entropy, or other serious issues. There are underground folks who will use all their resources to look for and find such vulnerabilities, and we don't really know one way or the other if the implementation is good, unless of course it is open source. On Fri, Jul 20, 2012 at 2:12 AM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: Many today SSD and some magnetic disks have AES-128/256 encryption builtin. If BIOS supports it, it ask for password then send it to hard disk after which it decodes it's AES key so it start to work. No software crypto overhead, everything fine. My question - how secure it really is. One extremity is to assume it is certainly well done. Another - that there are encryption at all, just simple password check. Both are possible as there is no way to check. I want your opinions. Software encryption would make quite a bit overhead for my setup.
