From lists at genoverly.net  Thu Feb  1 10:42:27 2007
From: lists at genoverly.net (michael)
Date: Thu, 1 Feb 2007 10:42:27 -0500
Subject: [nycbug-talk] Suspenders Directions Linkage
In-Reply-To: <20070201034143.GA1967@SDF.LONESTAR.ORG>
References: <20070201034143.GA1967@SDF.LONESTAR.ORG>
Message-ID: <20070201104227.1e4d389e@dt.genoverly.com>

On Wed, 31 Jan 2007 22:41:43 -0500
"Jonathan C. Allen" <jca at sdf.lonestar.org> wrote:

> The Suspenders link on nycbug.org front page 404s -- here's a working
> link:
> 
>    http://www.suspendersbar.com/location.php
> 
> jca

ah, good catch.  And thanks for the correct url!
link: fixed

-- 

michael


(this address does not accept public email)



From pete at nomadlogic.org  Thu Feb  1 11:17:19 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Thu, 1 Feb 2007 08:17:19 -0800 (PST)
Subject: [nycbug-talk] Google
In-Reply-To: <45C14B76.7030403@penguinnetwerx.net>
References: <45C14B76.7030403@penguinnetwerx.net>
Message-ID: <48372.160.33.20.11.1170346639.squirrel@webmail.nomadlogic.org>


> Hey all,
>
> Has anyone else received anything from Google about a job offer?  I
> almost fell off my chair when I read the message from Celia a little
> while ago.
>
> Just curious..
>

that's funny.  last time i went through the interview process with them
things look good...then they wanted me to do a "programming exercise" and
needed it back in 24hours after emailing it to me.  i've got a day job
that pretty much eats up all my energy/time so i figured i'd rather not
burn any bridges here to try to work for a place that would probably start
me at the bottom of the heap...again.

maybe if i had one of those Phd's they are so hot for they'd have given me
a little slack.  oh well.

good luck, i've heard that it's actually a pretty interesting place to work!

-pete


--
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From pete at nomadlogic.org  Thu Feb  1 11:26:55 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Thu, 1 Feb 2007 08:26:55 -0800 (PST)
Subject: [nycbug-talk] funny sshd brute force user
Message-ID: <55173.160.33.20.11.1170347215.squirrel@webmail.nomadlogic.org>


thought someone on the list may enjoy this.  going through my morning
log's and the sshd brute force user popped up:

thisisnotyourexploit at some-ip

heh...maybe i'm just tired for thinking that's kinda funny :)

-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From attroppa at yahoo.com  Thu Feb  1 13:16:55 2007
From: attroppa at yahoo.com (Evgueni Tzvetanov)
Date: Thu, 1 Feb 2007 10:16:55 -0800 (PST)
Subject: [nycbug-talk] ipsec-tools racoon with Cisco VPN client...
Message-ID: <120350.18974.qm@web38111.mail.mud.yahoo.com>

Hi all,

I have compiled ipsec-tools-0.6.6. I have
the VPN working and it is pretty good, but I have a
problem connecting from a Cisco VPN client to it.

Please, any expert... I need a hint.
I have set routing between all networks as needed.

Here is my racoon setup script:

###### racoon configuration file
#
#

path certificate "/etc/racoon/certs";
path pre_shared_key "/etc/racoon/conf/psk.txt";

remote anonymous {
        exchange_mode aggressive;
        certificate_type x509 "myhost.crt"
"myhost.key";
        xauth_login <some_id_in_psk.txt>
        my_identifier asn1dn;
        lifetime time 2147483 sec;
        proposal_check obey;
        generate_policy on;
        nat_traversal on;
        verify_cert off;
        peers_certfile "cvpn.crt";
        passive on;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method
hybrid_rsa_server;
                dh_group 2;
        }
}

mode_cfg {
        network4 192.168.34.0;
        netmask4 255.255.255.0;
        dns4 <dns_ip_here>;
#        wins4 <wins_ip_here> (none);
}

sainfo anonymous {
        pfs_group 2;
        lifetime time 12 hour;
#        encryption_algorithm 3des, rijndael;
        encryption_algorithm 3des, blowfish 448,
rijndael;
        authentication_algorithm hmac_sha1, hmac_md5;
        #authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}

############## End of file ############

Here is also some racoon log (multigroup
authentication set on the Cisco VPN client):

======== snip ====================================
Jan 30 13:14:49 somehost racoon: INFO:
<some_network_ip_here>[4500] used as isakmp port
(fd=10)
Jan 30 13:14:49 somehost racoon: INFO:
<same_network_ip_here>[4500] used for NAT-T
Jan 30 13:14:49 somehost racoon: INFO: 127.0.0.1[500]
used as isakmp port (fd=11)
Jan 30 13:14:49 somehost racoon: INFO: 127.0.0.1[500]
used for NAT-T
Jan 30 13:14:49 somehost racoon: INFO: 127.0.0.1[4500]
used as isakmp port (fd=12)
Jan 30 13:14:49 somehost racoon: INFO: 127.0.0.1[4500]
used for NAT-T
Jan 30 13:14:49 somehost racoon: INFO:
fe80::203:2dff:fe09:4f4%eth2[500] used as isakmp port
(fd=13)
Jan 30 13:14:49 somehost racoon: INFO:
fe80::203:2dff:fe09:4f4%eth2[4500] used as isakmp port
(fd=14)
Jan 30 13:14:49 somehost racoon: INFO: ::1[500] used
as isakmp port (fd=15)
Jan 30 13:14:49 somehost racoon: INFO: ::1[4500] used
as isakmp port (fd=16)
Jan 30 13:15:46 somehost racoon: INFO: respond new
phase 1 negotiation:
<my_ip_here>[500]<=><peer_ip_here>[500]
Jan 30 13:15:46 somehost racoon: INFO: begin
Aggressive mode.
Jan 30 13:15:46 somehost racoon: INFO: received Vendor
ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Jan 30 13:15:46 somehost racoon: INFO: received Vendor
ID: DPD
Jan 30 13:15:46 somehost racoon: INFO: received broken
Microsoft ID: FRAGMENTATION
Jan 30 13:15:46 somehost racoon: INFO: received Vendor
ID: draft-ietf-ipsec-nat-t-ike-02
Jan 30 13:15:46 somehost racoon: INFO: received Vendor
ID: CISCO-UNITY
Jan 30 13:15:46 somehost racoon: INFO: Selected NAT-T
version: draft-ietf-ipsec-nat-t-ike-02
Jan 30 13:15:46 somehost racoon: INFO: Adding remote
and local NAT-D payloads.
Jan 30 13:15:46 somehost racoon: INFO: Hashing
<peer_ip_here>[500] with algo #2
Jan 30 13:15:46 somehost racoon: INFO: Hashing
<my_ip_here>[500] with algo #2
Jan 30 13:15:46 somehost racoon: ERROR: reject the
packet, received unexpecting payload type 0.
Jan 30 13:15:46 somehost racoon: ERROR: reject the
packet, received unexpecting payload type 0.
Jan 30 13:16:46 somehost racoon: ERROR: phase1
negotiation failed due to time up.
d323fbd4271cee91:019b13d5c189eefa
======== snip ====================================

The Cisco VPN client log:

======== snip ====================================
Peer supports DPD

<<< so far the two ends were talking OK, but... >>>

181    13:39:28.968  01/30/07  Sev=Warning/3   
IKE/0xE300007B
Failed to verify signature

182    13:39:28.968  01/30/07  Sev=Warning/2   
IKE/0xE3000099
Failed to authenticate peer (Navigator:904)

183    13:39:28.968  01/30/07  Sev=Info/4      
IKE/0x63000013
SENDING >>> ISAKMP OAK INFO (NOTIFY:INVALID_HASH_INFO)
to <my_ip_here>

184    13:39:28.968  01/30/07  Sev=Info/4      
IKE/0x63000013
SENDING >>> ISAKMP OAK INFO (NOTIFY:AUTH_FAILED) to
<my_ip_here>

185    13:39:28.968  01/30/07  Sev=Warning/2   
IKE/0xE30000A5
Unexpected SW error occurred while processing
Aggressive Mode negotiator:(Navigator:2237)

186    13:39:28.968  01/30/07  Sev=Info/4      
IKE/0x63000017
Marking IKE SA for deletion 
(I_Cookie=D641B870710DE91E R_Cookie=230E0103188A17C3)
reason = DEL_REASON_IKE_NEG_FAILED

187    13:39:29.875  01/30/07  Sev=Info/4      
IKE/0x6300004B
Discarding IKE SA negotiation
(I_Cookie=D641B870710DE91E R_Cookie=230E0103188A17C3)
reason = DEL_REASON_IKE_NEG_FAILED

188    13:39:29.875  01/30/07  Sev=Info/4      
CM/0x63100014
Unable to establish Phase 1 SA with server "<some IP
here>" because of "DEL_REASON_IKE_NEG_FAILED"

189    13:39:29.875  01/30/07  Sev=Info/5      
CM/0x63100025
Initializing CVPNDrv

190    13:39:29.875  01/30/07  Sev=Info/4      
IKE/0x63000001
IKE received signal to terminate VPN connection

191    13:39:29.906  01/30/07  Sev=Info/4      
IPSEC/0x63700014
Deleted all keys

192    13:39:29.906  01/30/07  Sev=Info/4      
IPSEC/0x63700014
Deleted all keys

193    13:39:29.906  01/30/07  Sev=Info/4      
IPSEC/0x63700014
Deleted all keys

194    13:39:29.906  01/30/07  Sev=Info/4      
IPSEC/0x6370000A
IPSec driver successfully stopped
======== snip ====================================

The pks.txt file is with 600 permissions and is in the
right place. It contains the useername/password pairs
in non-encrypted clean text format.

When I use certificates it is even worse -- I only get
the following line in racoon's logs:

Jan 30 13:51:45 somehost racoon: ERROR: not acceptable
Identity Protection mode

Thanks in advance!
ET



 
____________________________________________________________________________________
Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index


From dlavigne6 at sympatico.ca  Thu Feb  1 13:30:00 2007
From: dlavigne6 at sympatico.ca (Dru)
Date: Thu, 1 Feb 2007 13:30:00 -0500 (EST)
Subject: [nycbug-talk] ipsec-tools racoon with Cisco VPN client...
In-Reply-To: <120350.18974.qm@web38111.mail.mud.yahoo.com>
References: <120350.18974.qm@web38111.mail.mud.yahoo.com>
Message-ID: <20070201132925.T629@dru.domain.org>


Sounds like they aren't agreeing on policy. What's the config at the Cisco 
end?

Dru


On Thu, 1 Feb 2007, Evgueni Tzvetanov wrote:

> Hi all,
>
> I have compiled ipsec-tools-0.6.6. I have
> the VPN working and it is pretty good, but I have a
> problem connecting from a Cisco VPN client to it.
>
> Please, any expert... I need a hint.
> I have set routing between all networks as needed.
>
> Here is my racoon setup script:
>
> ###### racoon configuration file
> #
> #
>
> path certificate "/etc/racoon/certs";
> path pre_shared_key "/etc/racoon/conf/psk.txt";
>
> remote anonymous {
>        exchange_mode aggressive;
>        certificate_type x509 "myhost.crt"
> "myhost.key";
>        xauth_login <some_id_in_psk.txt>
>        my_identifier asn1dn;
>        lifetime time 2147483 sec;
>        proposal_check obey;
>        generate_policy on;
>        nat_traversal on;
>        verify_cert off;
>        peers_certfile "cvpn.crt";
>        passive on;
>        proposal {
>                encryption_algorithm 3des;
>                hash_algorithm sha1;
>                authentication_method
> hybrid_rsa_server;
>                dh_group 2;
>        }
> }
>
> mode_cfg {
>        network4 192.168.34.0;
>        netmask4 255.255.255.0;
>        dns4 <dns_ip_here>;
> #        wins4 <wins_ip_here> (none);
> }
>
> sainfo anonymous {
>        pfs_group 2;
>        lifetime time 12 hour;
> #        encryption_algorithm 3des, rijndael;
>        encryption_algorithm 3des, blowfish 448,
> rijndael;
>        authentication_algorithm hmac_sha1, hmac_md5;
>        #authentication_algorithm hmac_md5;
>        compression_algorithm deflate;
> }
>
> ############## End of file ############
>
> Here is also some racoon log (multigroup
> authentication set on the Cisco VPN client):
>
> ======== snip ====================================
> Jan 30 13:14:49 somehost racoon: INFO:
> <some_network_ip_here>[4500] used as isakmp port
> (fd=10)
> Jan 30 13:14:49 somehost racoon: INFO:
> <same_network_ip_here>[4500] used for NAT-T
> Jan 30 13:14:49 somehost racoon: INFO: 127.0.0.1[500]
> used as isakmp port (fd=11)
> Jan 30 13:14:49 somehost racoon: INFO: 127.0.0.1[500]
> used for NAT-T
> Jan 30 13:14:49 somehost racoon: INFO: 127.0.0.1[4500]
> used as isakmp port (fd=12)
> Jan 30 13:14:49 somehost racoon: INFO: 127.0.0.1[4500]
> used for NAT-T
> Jan 30 13:14:49 somehost racoon: INFO:
> fe80::203:2dff:fe09:4f4%eth2[500] used as isakmp port
> (fd=13)
> Jan 30 13:14:49 somehost racoon: INFO:
> fe80::203:2dff:fe09:4f4%eth2[4500] used as isakmp port
> (fd=14)
> Jan 30 13:14:49 somehost racoon: INFO: ::1[500] used
> as isakmp port (fd=15)
> Jan 30 13:14:49 somehost racoon: INFO: ::1[4500] used
> as isakmp port (fd=16)
> Jan 30 13:15:46 somehost racoon: INFO: respond new
> phase 1 negotiation:
> <my_ip_here>[500]<=><peer_ip_here>[500]
> Jan 30 13:15:46 somehost racoon: INFO: begin
> Aggressive mode.
> Jan 30 13:15:46 somehost racoon: INFO: received Vendor
> ID: draft-ietf-ipsra-isakmp-xauth-06.txt
> Jan 30 13:15:46 somehost racoon: INFO: received Vendor
> ID: DPD
> Jan 30 13:15:46 somehost racoon: INFO: received broken
> Microsoft ID: FRAGMENTATION
> Jan 30 13:15:46 somehost racoon: INFO: received Vendor
> ID: draft-ietf-ipsec-nat-t-ike-02
> Jan 30 13:15:46 somehost racoon: INFO: received Vendor
> ID: CISCO-UNITY
> Jan 30 13:15:46 somehost racoon: INFO: Selected NAT-T
> version: draft-ietf-ipsec-nat-t-ike-02
> Jan 30 13:15:46 somehost racoon: INFO: Adding remote
> and local NAT-D payloads.
> Jan 30 13:15:46 somehost racoon: INFO: Hashing
> <peer_ip_here>[500] with algo #2
> Jan 30 13:15:46 somehost racoon: INFO: Hashing
> <my_ip_here>[500] with algo #2
> Jan 30 13:15:46 somehost racoon: ERROR: reject the
> packet, received unexpecting payload type 0.
> Jan 30 13:15:46 somehost racoon: ERROR: reject the
> packet, received unexpecting payload type 0.
> Jan 30 13:16:46 somehost racoon: ERROR: phase1
> negotiation failed due to time up.
> d323fbd4271cee91:019b13d5c189eefa
> ======== snip ====================================
>
> The Cisco VPN client log:
>
> ======== snip ====================================
> Peer supports DPD
>
> <<< so far the two ends were talking OK, but... >>>
>
> 181    13:39:28.968  01/30/07  Sev=Warning/3
> IKE/0xE300007B
> Failed to verify signature
>
> 182    13:39:28.968  01/30/07  Sev=Warning/2
> IKE/0xE3000099
> Failed to authenticate peer (Navigator:904)
>
> 183    13:39:28.968  01/30/07  Sev=Info/4
> IKE/0x63000013
> SENDING >>> ISAKMP OAK INFO (NOTIFY:INVALID_HASH_INFO)
> to <my_ip_here>
>
> 184    13:39:28.968  01/30/07  Sev=Info/4
> IKE/0x63000013
> SENDING >>> ISAKMP OAK INFO (NOTIFY:AUTH_FAILED) to
> <my_ip_here>
>
> 185    13:39:28.968  01/30/07  Sev=Warning/2
> IKE/0xE30000A5
> Unexpected SW error occurred while processing
> Aggressive Mode negotiator:(Navigator:2237)
>
> 186    13:39:28.968  01/30/07  Sev=Info/4
> IKE/0x63000017
> Marking IKE SA for deletion
> (I_Cookie=D641B870710DE91E R_Cookie=230E0103188A17C3)
> reason = DEL_REASON_IKE_NEG_FAILED
>
> 187    13:39:29.875  01/30/07  Sev=Info/4
> IKE/0x6300004B
> Discarding IKE SA negotiation
> (I_Cookie=D641B870710DE91E R_Cookie=230E0103188A17C3)
> reason = DEL_REASON_IKE_NEG_FAILED
>
> 188    13:39:29.875  01/30/07  Sev=Info/4
> CM/0x63100014
> Unable to establish Phase 1 SA with server "<some IP
> here>" because of "DEL_REASON_IKE_NEG_FAILED"
>
> 189    13:39:29.875  01/30/07  Sev=Info/5
> CM/0x63100025
> Initializing CVPNDrv
>
> 190    13:39:29.875  01/30/07  Sev=Info/4
> IKE/0x63000001
> IKE received signal to terminate VPN connection
>
> 191    13:39:29.906  01/30/07  Sev=Info/4
> IPSEC/0x63700014
> Deleted all keys
>
> 192    13:39:29.906  01/30/07  Sev=Info/4
> IPSEC/0x63700014
> Deleted all keys
>
> 193    13:39:29.906  01/30/07  Sev=Info/4
> IPSEC/0x63700014
> Deleted all keys
>
> 194    13:39:29.906  01/30/07  Sev=Info/4
> IPSEC/0x6370000A
> IPSec driver successfully stopped
> ======== snip ====================================
>
> The pks.txt file is with 600 permissions and is in the
> right place. It contains the useername/password pairs
> in non-encrypted clean text format.
>
> When I use certificates it is even worse -- I only get
> the following line in racoon's logs:
>
> Jan 30 13:51:45 somehost racoon: ERROR: not acceptable
> Identity Protection mode
>
> Thanks in advance!
> ET
>
>
>
>
> ____________________________________________________________________________________
> Want to start your own business?
> Learn how on Yahoo! Small Business.
> http://smallbusiness.yahoo.com/r-index
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


From attroppa at yahoo.com  Thu Feb  1 16:02:00 2007
From: attroppa at yahoo.com (Evgueni Tzvetanov)
Date: Thu, 1 Feb 2007 13:02:00 -0800 (PST)
Subject: [nycbug-talk] ipsec-tools racoon with Cisco VPN client...
In-Reply-To: <20070201132925.T629@dru.domain.org>
Message-ID: <845942.546.qm@web38110.mail.mud.yahoo.com>


--- Dru <dlavigne6 at sympatico.ca> wrote:

> 
> Sounds like they aren't agreeing on policy. What's
> the config at the Cisco 
> end?
> 
> Dru
> 
> 
> On Thu, 1 Feb 2007, Evgueni Tzvetanov wrote:
> 
> > Hi all,
> >
> > I have compiled ipsec-tools-0.6.6. I have
> > the VPN working and it is pretty good, but I have
> a
> > problem connecting from a Cisco VPN client to it.
> >
> > Please, any expert... I need a hint.
> > I have set routing between all networks as needed.
> >
> > Here is my racoon setup script:
> >
> > ###### racoon configuration file
> > #
> > #
> >
> > path certificate "/etc/racoon/certs";
> > path pre_shared_key "/etc/racoon/conf/psk.txt";
> >
> > remote anonymous {
> >        exchange_mode aggressive;
> >        certificate_type x509 "myhost.crt"
> > "myhost.key";
> >        xauth_login <some_id_in_psk.txt>
> >        my_identifier asn1dn;
> >        lifetime time 2147483 sec;
> >        proposal_check obey;
> >        generate_policy on;
> >        nat_traversal on;
> >        verify_cert off;
> >        peers_certfile "cvpn.crt";
> >        passive on;
> >        proposal {
> >                encryption_algorithm 3des;
> >                hash_algorithm sha1;
> >                authentication_method
> > hybrid_rsa_server;
> >                dh_group 2;
> >        }
> > }
> >
> > mode_cfg {
> >        network4 192.168.34.0;
> >        netmask4 255.255.255.0;
> >        dns4 <dns_ip_here>;
> > #        wins4 <wins_ip_here> (none);
> > }
> >
> > sainfo anonymous {
> >        pfs_group 2;
> >        lifetime time 12 hour;
> > #        encryption_algorithm 3des, rijndael;
> >        encryption_algorithm 3des, blowfish 448,
> > rijndael;
> >        authentication_algorithm hmac_sha1,
> hmac_md5;
> >        #authentication_algorithm hmac_md5;
> >        compression_algorithm deflate;
> > }
> >
> > ############## End of file ############
> >
> > Here is also some racoon log (multigroup
> > authentication set on the Cisco VPN client):
> >
> > ======== snip ====================================
> > Jan 30 13:14:49 somehost racoon: INFO:
> > <some_network_ip_here>[4500] used as isakmp port
> > (fd=10)
> > Jan 30 13:14:49 somehost racoon: INFO:
> > <same_network_ip_here>[4500] used for NAT-T
> > Jan 30 13:14:49 somehost racoon: INFO:
> 127.0.0.1[500]
> > used as isakmp port (fd=11)
> > Jan 30 13:14:49 somehost racoon: INFO:
> 127.0.0.1[500]
> > used for NAT-T
> > Jan 30 13:14:49 somehost racoon: INFO:
> 127.0.0.1[4500]
> > used as isakmp port (fd=12)
> > Jan 30 13:14:49 somehost racoon: INFO:
> 127.0.0.1[4500]
> > used for NAT-T
> > Jan 30 13:14:49 somehost racoon: INFO:
> > fe80::203:2dff:fe09:4f4%eth2[500] used as isakmp
> port
> > (fd=13)
> > Jan 30 13:14:49 somehost racoon: INFO:
> > fe80::203:2dff:fe09:4f4%eth2[4500] used as isakmp
> port
> > (fd=14)
> > Jan 30 13:14:49 somehost racoon: INFO: ::1[500]
> used
> > as isakmp port (fd=15)
> > Jan 30 13:14:49 somehost racoon: INFO: ::1[4500]
> used
> > as isakmp port (fd=16)
> > Jan 30 13:15:46 somehost racoon: INFO: respond new
> > phase 1 negotiation:
> > <my_ip_here>[500]<=><peer_ip_here>[500]
> > Jan 30 13:15:46 somehost racoon: INFO: begin
> > Aggressive mode.
> > Jan 30 13:15:46 somehost racoon: INFO: received
> Vendor
> > ID: draft-ietf-ipsra-isakmp-xauth-06.txt
> > Jan 30 13:15:46 somehost racoon: INFO: received
> Vendor
> > ID: DPD
> > Jan 30 13:15:46 somehost racoon: INFO: received
> broken
> > Microsoft ID: FRAGMENTATION
> > Jan 30 13:15:46 somehost racoon: INFO: received
> Vendor
> > ID: draft-ietf-ipsec-nat-t-ike-02
> > Jan 30 13:15:46 somehost racoon: INFO: received
> Vendor
> > ID: CISCO-UNITY
> > Jan 30 13:15:46 somehost racoon: INFO: Selected
> NAT-T
> > version: draft-ietf-ipsec-nat-t-ike-02
> > Jan 30 13:15:46 somehost racoon: INFO: Adding
> remote
> > and local NAT-D payloads.
> > Jan 30 13:15:46 somehost racoon: INFO: Hashing
> > <peer_ip_here>[500] with algo #2
> > Jan 30 13:15:46 somehost racoon: INFO: Hashing
> > <my_ip_here>[500] with algo #2
> > Jan 30 13:15:46 somehost racoon: ERROR: reject the
> > packet, received unexpecting payload type 0.
> > Jan 30 13:15:46 somehost racoon: ERROR: reject the
> > packet, received unexpecting payload type 0.
> > Jan 30 13:16:46 somehost racoon: ERROR: phase1
> > negotiation failed due to time up.
> > d323fbd4271cee91:019b13d5c189eefa
> > ======== snip ====================================
> >
> > The Cisco VPN client log:
> >
> > ======== snip ====================================
> > Peer supports DPD
> >
> > <<< so far the two ends were talking OK, but...
> >>>
> >
> > 181    13:39:28.968  01/30/07  Sev=Warning/3
> > IKE/0xE300007B
> > Failed to verify signature
> >
> > 182    13:39:28.968  01/30/07  Sev=Warning/2
> > IKE/0xE3000099
> > Failed to authenticate peer (Navigator:904)
> >
> > 183    13:39:28.968  01/30/07  Sev=Info/4
> > IKE/0x63000013
> > SENDING >>> ISAKMP OAK INFO
> (NOTIFY:INVALID_HASH_INFO)
> > to <my_ip_here>
> >
> > 184    13:39:28.968  01/30/07  Sev=Info/4
> > IKE/0x63000013
> > SENDING >>> ISAKMP OAK INFO (NOTIFY:AUTH_FAILED)
> to
> > <my_ip_here>
> >
> > 185    13:39:28.968  01/30/07  Sev=Warning/2
> > IKE/0xE30000A5
> > Unexpected SW error occurred while processing
> > Aggressive Mode negotiator:(Navigator:2237)
> >
> > 186    13:39:28.968  01/30/07  Sev=Info/4
> > IKE/0x63000017
> > Marking IKE SA for deletion
> > (I_Cookie=D641B870710DE91E
> R_Cookie=230E0103188A17C3)
> > reason = DEL_REASON_IKE_NEG_FAILED
> >
> > 187    13:39:29.875  01/30/07  Sev=Info/4
> > IKE/0x6300004B
> > Discarding IKE SA negotiation
> > (I_Cookie=D641B870710DE91E
> R_Cookie=230E0103188A17C3)
> > reason = DEL_REASON_IKE_NEG_FAILED
> >
> > 188    13:39:29.875  01/30/07  Sev=Info/4
> > CM/0x63100014
> > Unable to establish Phase 1 SA with server "<some
> IP
> > here>" because of "DEL_REASON_IKE_NEG_FAILED"
> >
> > 189    13:39:29.875  01/30/07  Sev=Info/5
> > CM/0x63100025
> 
=== message truncated ===



The Cisco VPN Client (v.4.8.x is what I have)
configuration is as follows:


Mutual group authentication
Enabled Transport Tunneling with IPSec over UDP
(NAT/PAT)

I use a very easy example with user/password as
vpnuser/vpnpass.

I have my own CA and signed certificates with it.
Cisco accepts it and they are recognizing each other's
cert. But in this case certs are not used anyway.

There is not may options to set on the Cisco client.
Very limited...

Thanks!
ET



 
____________________________________________________________________________________
Get your own web address.  
Have a HUGE year through Yahoo! Small Business.
http://smallbusiness.yahoo.com/domains/?p=BESTDEAL


From lavalamp at spiritual-machines.org  Thu Feb  1 17:05:33 2007
From: lavalamp at spiritual-machines.org (Brian A. Seklecki)
Date: Thu, 1 Feb 2007 17:05:33 -0500 (EST)
Subject: [nycbug-talk] ipsec-tools racoon with Cisco VPN client...
In-Reply-To: <20070201132925.T629@dru.domain.org>
References: <120350.18974.qm@web38111.mail.mud.yahoo.com>
	<20070201132925.T629@dru.domain.org>
Message-ID: <20070201134258.W36486@arbitor.digitalfreaks.org>

On Thu, 1 Feb 2007, Dru wrote:

>
> Sounds like they aren't agreeing on policy. What's the config at the Cisco
> end?

In my experience; the Cisco VPN Client is a highly simplified IPSEC engine 
that relies heavily on extra proprietary in-bound/in-line data to help it 
negotiate.

This is how Cisco accomplishes all kinds out-of-RFC-spec features like 
DNS-interception, two-phase challenge-authentication.

Getting to it to talk to Racoon might be a lot of shots-in-the-dark kind 
of work.  Unless there's an advanced mode / registry hacks that I don't 
know about.

~BAS

>
> Dru
>



From dlavigne6 at sympatico.ca  Thu Feb  1 17:48:44 2007
From: dlavigne6 at sympatico.ca (Dru)
Date: Thu, 1 Feb 2007 17:48:44 -0500 (EST)
Subject: [nycbug-talk] ipsec-tools racoon with Cisco VPN client...
In-Reply-To: <20070201134258.W36486@arbitor.digitalfreaks.org>
References: <120350.18974.qm@web38111.mail.mud.yahoo.com>
	<20070201132925.T629@dru.domain.org>
	<20070201134258.W36486@arbitor.digitalfreaks.org>
Message-ID: <20070201174533.K629@dru.domain.org>



On Thu, 1 Feb 2007, Brian A. Seklecki wrote:

> On Thu, 1 Feb 2007, Dru wrote:
>
>> 
>> Sounds like they aren't agreeing on policy. What's the config at the Cisco
>> end?
>
> In my experience; the Cisco VPN Client is a highly simplified IPSEC engine 
> that relies heavily on extra proprietary in-bound/in-line data to help it 
> negotiate.
>
> This is how Cisco accomplishes all kinds out-of-RFC-spec features like 
> DNS-interception, two-phase challenge-authentication.
>
> Getting to it to talk to Racoon might be a lot of shots-in-the-dark kind of 
> work.  Unless there's an advanced mode / registry hacks that I don't know 
> about.


A tcpdump on the racoon end should show which parts of the policy aren't
matching up as Phase 1 is in clear text. You could then try modifying the
racoon end accordingly. The proprietary bits probably will take a registry 
hack (the proprietary stuff is much easier to override on a pix, at least 
you have a command line interface instead of some GUI hiding everything).

Dru


From attroppa at yahoo.com  Thu Feb  1 19:37:42 2007
From: attroppa at yahoo.com (Evgueni Tzvetanov)
Date: Thu, 1 Feb 2007 16:37:42 -0800 (PST)
Subject: [nycbug-talk] ipsec-tools racoon with Cisco VPN client...
In-Reply-To: <20070201174533.K629@dru.domain.org>
Message-ID: <963306.70698.qm@web38106.mail.mud.yahoo.com>


--- Dru <dlavigne6 at sympatico.ca> wrote:

> 
> 
> On Thu, 1 Feb 2007, Brian A. Seklecki wrote:
> 
> > On Thu, 1 Feb 2007, Dru wrote:
> >
> >> 
> >> Sounds like they aren't agreeing on policy.
> What's the config at the Cisco
> >> end?
> >
> > In my experience; the Cisco VPN Client is a highly
> simplified IPSEC engine 
> > that relies heavily on extra proprietary
> in-bound/in-line data to help it 
> > negotiate.
> >
> > This is how Cisco accomplishes all kinds
> out-of-RFC-spec features like 
> > DNS-interception, two-phase
> challenge-authentication.
> >
> > Getting to it to talk to Racoon might be a lot of
> shots-in-the-dark kind of 
> > work.  Unless there's an advanced mode / registry
> hacks that I don't know 
> > about.
> 
> 
> A tcpdump on the racoon end should show which parts
> of the policy aren't
> matching up as Phase 1 is in clear text. You could
> then try modifying the
> racoon end accordingly. The proprietary bits
> probably will take a registry 
> hack (the proprietary stuff is much easier to
> override on a pix, at least 
> you have a command line interface instead of some
> GUI hiding everything).
> 
> Dru
> 

Thanks Dru,

I posted this question, because there was something
somewhere I read... Obviously someone had done it.

I wanted to avoid this pain, but I guess will have to
tweak the code. It is all bits and pieces when facing
a gui on the other end as Brian said it already. :)

I'll let you know how it goes.

Best!
ET



 
____________________________________________________________________________________
Don't get soaked.  Take a quick peak at the forecast
with the Yahoo! Search weather shortcut.
http://tools.search.yahoo.com/shortcuts/#loc_weather


From marco at metm.org  Thu Feb  1 19:44:26 2007
From: marco at metm.org (Marco Scoffier)
Date: Thu, 1 Feb 2007 19:44:26 -0500
Subject: [nycbug-talk] Postgresql remote connection security
Message-ID: <20070202004426.GB18252@ns.metm.org>

Hey all,

Just putting out feelers about how you feel about the security of the
postgresql remote connection auth types

I am setting up a new box with a couple jails and rather than run a
different database in each jail, I thought I would consolidate the
databases for different applications into one postgresql instance (you
know like a real database).

I have control over both the client IPs and the server of course, and
was going to use md5 auth-type.  Any concerns ?  Should I use ident ?
It seems that if I had large numbers of users from different clients
machines I would need ident, but I am not too clear on the difference.

I was not planning to use SSL for all the web-site back-end connections
(because it's all public information anyway).  But will use SSL for the
one webmail application.  SSL protects against snooping the connection,
but would it protect against snooping the password also?

Anyway, sorry about these basic questions 
Just looking for thoughts, 
or to hear from others doing similar things.

Thanks,

--
Marco


From pete at nomadlogic.org  Fri Feb  2 12:05:31 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Fri, 2 Feb 2007 09:05:31 -0800 (PST)
Subject: [nycbug-talk] Postgresql remote connection security
In-Reply-To: <20070202004426.GB18252@ns.metm.org>
References: <20070202004426.GB18252@ns.metm.org>
Message-ID: <26167.160.33.20.11.1170435931.squirrel@webmail.nomadlogic.org>


> Hey all,
>
> Just putting out feelers about how you feel about the security of the
> postgresql remote connection auth types
>
> I am setting up a new box with a couple jails and rather than run a
> different database in each jail, I thought I would consolidate the
> databases for different applications into one postgresql instance (you
> know like a real database).
>
> I have control over both the client IPs and the server of course, and
> was going to use md5 auth-type.  Any concerns ?  Should I use ident ?
> It seems that if I had large numbers of users from different clients
> machines I would need ident, but I am not too clear on the difference.
>
> I was not planning to use SSL for all the web-site back-end connections
> (because it's all public information anyway).  But will use SSL for the
> one webmail application.  SSL protects against snooping the connection,
> but would it protect against snooping the password also?
>
> Anyway, sorry about these basic questions
> Just looking for thoughts,
> or to hear from others doing similar things.
>


Generally I think this may be a good idea (consolidating your database
instances) although there are a couple things I'd be weary of - especially
if this is in a shared hosting environment.

You may expose yourself to resource limitation "attacks" or more likely
bugs in customer written code.  I do not think postgres has a feature
similar to Oracles DRM (database resource management) that will allow you
to ensure that specific database's will have enough resources to continue
to operate - and conversely limit the amount of resources queries against
a specific DB can consume.  We use this feature as an added layer of
protection against poorly written SQL code that may starve other databases
running on our cluster.  So that's one thing to consider.

regarding auth - I'd defiantly use SSL sockets along side an encrypted
authentication scheme (md5).  I can't imagine the overhead of an SSL
socket will add that much burden to your server and clients - so why not
add another layer of security if you can?

just my 2bit's.
-pete

--
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From mikel.king at techally.com  Fri Feb  2 15:52:52 2007
From: mikel.king at techally.com (Mikel King)
Date: Fri, 2 Feb 2007 15:52:52 -0500
Subject: [nycbug-talk] Digg campaign for Daemon News...
Message-ID: <02434D14-6E1A-4491-A086-7DCDFA7D115D@techally.com>

If anyone has a moment to spare, we could really use a few more diggs.

	http://digg.com/apple/Stupid_Launchd_Tricks

After digging the link feel free to stop by BSDNews and add a comment.

Thanks,
Mikel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070202/0735dc91/attachment.htm>

From lavalamp at spiritual-machines.org  Sat Feb  3 14:39:58 2007
From: lavalamp at spiritual-machines.org (Brian A. Seklecki)
Date: Sat, 3 Feb 2007 14:39:58 -0500 (EST)
Subject: [nycbug-talk] Photos from 06 Con
Message-ID: <20070203143724.X89976@arbitor.digitalfreaks.org>


http://gallery.nycbug.org/index.php?cat=16

Does anyone have, or know of anyone who might have, any photos from 
Columbia?

I'll even take unfinished raw files.


Thanks,
 	-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
 	       http://www.spiritual-machines.org/


From skreuzer at f2o.org  Sat Feb  3 15:22:44 2007
From: skreuzer at f2o.org (Steven Kreuzer)
Date: Sat, 3 Feb 2007 15:22:44 -0500
Subject: [nycbug-talk] Photos from 06 Con
In-Reply-To: <20070203143724.X89976@arbitor.digitalfreaks.org>
References: <20070203143724.X89976@arbitor.digitalfreaks.org>
Message-ID: <F3C36D61-FCAE-44BB-BBD0-6764D33D961A@f2o.org>


On Feb 3, 2007, at 2:39 PM, Brian A. Seklecki wrote:

>
> Does anyone have, or know of anyone who might have, any photos from
> Columbia?

You can find the photos I took at http://flickr.com/photos/skreuzer/ 
tags/nycbsdcon/

SK


From lavalamp at spiritual-machines.org  Sat Feb  3 16:56:00 2007
From: lavalamp at spiritual-machines.org (Brian A. Seklecki)
Date: Sat, 3 Feb 2007 16:56:00 -0500 (EST)
Subject: [nycbug-talk] ipsec-tools racoon with Cisco VPN client...
In-Reply-To: <963306.70698.qm@web38106.mail.mud.yahoo.com>
References: <963306.70698.qm@web38106.mail.mud.yahoo.com>
Message-ID: <20070203165524.V89976@arbitor.digitalfreaks.org>


There is no shortage of discussion on this topic on the misc at openbsd list 
regarding isakmpd(8).  I still grimace every time.

~BAS

> a gui on the other end as Brian said it already. :)
>
> I'll let you know how it goes.


From rambiusparkisanius at gmail.com  Mon Feb  5 15:10:08 2007
From: rambiusparkisanius at gmail.com (Ivan "Rambius" Ivanov)
Date: Mon, 5 Feb 2007 15:10:08 -0500
Subject: [nycbug-talk] Notes for the meeting about Subversion of 7 Feb
Message-ID: <89ce7f740702051210u17cb0294j4107a0840cc39c02@mail.gmail.com>

Hello,

I am currently preparing my notes for the Subversion presentation on 7
Feb. I started to upload my notes and I thought you might want to see
them in advance, although they are not fully complete. The link is
http://vania.sourceforge.net/svnnotes-en/.

See you on Wednesday.

Thanks and regards
Ivan

-- 
Tangra Mega Rock: http://www.radiotangra.com


From rambiusparkisanius at gmail.com  Mon Feb  5 16:26:05 2007
From: rambiusparkisanius at gmail.com (Ivan "Rambius" Ivanov)
Date: Mon, 5 Feb 2007 16:26:05 -0500
Subject: [nycbug-talk] Notes for the meeting about Subversion of 7 Feb
In-Reply-To: <45C790AF.4070101@3phasecomputing.com>
References: <89ce7f740702051210u17cb0294j4107a0840cc39c02@mail.gmail.com>
	<45C790AF.4070101@3phasecomputing.com>
Message-ID: <89ce7f740702051326l3a7a3bcv997c6dd67681cbc6@mail.gmail.com>

Hello Jerry,

On 2/5/07, Jerry B. Altzman <jbaltz at 3phasecomputing.com> wrote:
> on 2007-02-05 15:10 Ivan "Rambius" Ivanov said the following:
> > I am currently preparing my notes for the Subversion presentation on 7
> > Feb. I started to upload my notes and I thought you might want to see
> > them in advance, although they are not fully complete. The link is
> > http://vania.sourceforge.net/svnnotes-en/.
>
> As a very heavy-duty SVN user and someone who supports it for a living,
> my favorite topic to include is "how to do an in-place import of a
> active directory".

If I understand correctly you have a directory on your local
filesystem and you want to add its content to a Subversion repository.
I assume that you want to store the config files for your machine

Usually this is done using svn import, but the problem here is that
after you import it, you have to check out the new copy and delete the
old one. If the directory contains important files like configurations
for a server, it is not wise to risk with a delete. For example, I
store my Apache configuration files in a Subversion repository and I
added /usr/local/etc/httpd in it in the following way:

$ svn mkdir http://my-svn-server/my-repo/usr
$ svn mkdir http://my-svn-server/my-repo/usr/local
$ svn mkdir http://my-svn-server/my-repo/usr/local/etc
$ svn mkdir http://my-svn-server/my-repo/usr/local/etc/apache

This creates the directories directly on the repostory; it does not
touch your local filesystem.

After I have created the directory structure in the repository, I do

$ svn co http://my-svn-server/my-repo/usr/local/etc/apache /usr/local/etc/apache

At this point /usr/local/etc/apache is under svn control. Now I decide
which files from it I want to be versioned, for example httpd.conf is
a perfect candidate:

$ cd /usr/local/etc/apache
$ svn add httpd.conf
$ svn commit -m "original httpd.conf" httpd.conf

Now, httpd.conf is under version control and every time I change it, I
check it in.

Regards
Ivan

-- 
Tangra Mega Rock: http://www.radiotangra.com


From carton at Ivy.NET  Mon Feb  5 18:49:22 2007
From: carton at Ivy.NET (Miles Nordin)
Date: Mon, 05 Feb 2007 18:49:22 -0500
Subject: [nycbug-talk] Google
In-Reply-To: <48372.160.33.20.11.1170346639.squirrel@webmail.nomadlogic.org>
	(Peter Wright's message of "Thu, 1 Feb 2007 08:17:19 -0800 (PST)")
References: <45C14B76.7030403@penguinnetwerx.net>
	<48372.160.33.20.11.1170346639.squirrel@webmail.nomadlogic.org>
Message-ID: <oqwt2wf9ml.fsf@castrovalva.Ivy.NET>

>>>>> "pw" == Peter Wright <pete at nomadlogic.org> writes:

    pw> "programming exercise" and needed it back in 24hours

I interviewed with them for the SRE team in NYC a little less than a
year ago.  I don't really want other potential employers
pre-interviewing me by reading mailing list archives, but what the
hell maybe I can save you some time.

I'll tell you what, I'll paste the message I was going to post here:

 http://web.Ivy.NET/~carton/t0.txt

then delete it after a few days.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070205/1c86b1ce/attachment.bin>

From pete at nomadlogic.org  Mon Feb  5 20:50:45 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Mon, 5 Feb 2007 17:50:45 -0800 (PST)
Subject: [nycbug-talk] pkgsrc debugging tips
Message-ID: <26812.160.33.20.11.1170726645.squirrel@webmail.nomadlogic.org>

hey all - i was hoping someone here may be able to offer some debugging
tips when working on pkgsrc.  i've usually had zero problems working with
it on Net/Open/FreeBSD, but am running into some "fun" when trying to get
p5-XML-Parser built on RHEL4 (red hat ent. linux 4).

i've ping'd the pkgsrc-users@ list, but was hoping someone here may have
experience shoe-horning pkgsrc onto a rhel system they wouldn't mind
sharing.

thanks!
-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From mspitzer at gmail.com  Mon Feb  5 21:45:49 2007
From: mspitzer at gmail.com (Marc Spitzer)
Date: Mon, 5 Feb 2007 21:45:49 -0500
Subject: [nycbug-talk] pkgsrc debugging tips
In-Reply-To: <26812.160.33.20.11.1170726645.squirrel@webmail.nomadlogic.org>
References: <26812.160.33.20.11.1170726645.squirrel@webmail.nomadlogic.org>
Message-ID: <8c50a3c30702051845n18e20e50v5ab2dd497d07d8ef@mail.gmail.com>

Check your paths, putting the pkgsrc binaries first might help.  It
did help me on solaris 10, now if I could only figure out how to get
sqlite-tcl to link in librt I would be happy.  and I did ty LIBS and
the other library config pkgsrc variable.

marc

On 2/5/07, Peter Wright <pete at nomadlogic.org> wrote:
> hey all - i was hoping someone here may be able to offer some debugging
> tips when working on pkgsrc.  i've usually had zero problems working with
> it on Net/Open/FreeBSD, but am running into some "fun" when trying to get
> p5-XML-Parser built on RHEL4 (red hat ent. linux 4).
>
> i've ping'd the pkgsrc-users@ list, but was hoping someone here may have
> experience shoe-horning pkgsrc onto a rhel system they wouldn't mind
> sharing.
>
> thanks!
> -pete
>
>
> --
> ~~oO00Oo~~
> Peter Wright
> pete at nomadlogic.org
> www.nomadlogic.org/~pete
> 310.869.9459
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


-- 
Freedom is nothing but a chance to be better.
Albert Camus


From jschauma at netmeister.org  Mon Feb  5 21:43:01 2007
From: jschauma at netmeister.org (Jan Schaumann)
Date: Mon, 5 Feb 2007 18:43:01 -0800
Subject: [nycbug-talk] pkgsrc debugging tips
In-Reply-To: <26812.160.33.20.11.1170726645.squirrel@webmail.nomadlogic.org>
References: <26812.160.33.20.11.1170726645.squirrel@webmail.nomadlogic.org>
Message-ID: <20070206024301.GA17325@netmeister.org>

Peter Wright <pete at nomadlogic.org> wrote:
 
> i've ping'd the pkgsrc-users@ list, but was hoping someone here may have
> experience shoe-horning pkgsrc onto a rhel system they wouldn't mind
> sharing.

If all else fails, try

make PKG_DEBUG_LEVEL=2 >/tmp/log 2>&1

*Lots* of debugging output.

-Jan

-- 
As we all know, reality is a mess.
	Larry Wall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070205/944c568e/attachment.bin>

From jlam at pkgsrc.org  Tue Feb  6 09:30:23 2007
From: jlam at pkgsrc.org (Johnny C. Lam)
Date: Tue, 06 Feb 2007 09:30:23 -0500
Subject: [nycbug-talk] pkgsrc debugging tips
In-Reply-To: <26812.160.33.20.11.1170726645.squirrel@webmail.nomadlogic.org>
References: <26812.160.33.20.11.1170726645.squirrel@webmail.nomadlogic.org>
Message-ID: <45C890FF.9080004@pkgsrc.org>

Peter Wright wrote:
> hey all - i was hoping someone here may be able to offer some debugging
> tips when working on pkgsrc.  i've usually had zero problems working with
> it on Net/Open/FreeBSD, but am running into some "fun" when trying to get
> p5-XML-Parser built on RHEL4 (red hat ent. linux 4).
> 
> i've ping'd the pkgsrc-users@ list, but was hoping someone here may have
> experience shoe-horning pkgsrc onto a rhel system they wouldn't mind
> sharing.

Check the .*.log files in the work directory ... they usually have a lot 
of useful debugging output.  I don't remember off-hand if you need 
PKG_DEBUG_LEVEL > 0 to trigger the useful debugging output.

	Cheers,

	-- Johnny Lam <jlam at pkgsrc.org>


From pete at nomadlogic.org  Tue Feb  6 11:33:23 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Tue, 6 Feb 2007 08:33:23 -0800 (PST)
Subject: [nycbug-talk] pkgsrc debugging tips
In-Reply-To: <45C890FF.9080004@pkgsrc.org>
References: <26812.160.33.20.11.1170726645.squirrel@webmail.nomadlogic.org>
	<45C890FF.9080004@pkgsrc.org>
Message-ID: <50736.160.33.20.11.1170779603.squirrel@webmail.nomadlogic.org>


> Peter Wright wrote:
>> hey all - i was hoping someone here may be able to offer some debugging
>> tips when working on pkgsrc.  i've usually had zero problems working
>> with
>> it on Net/Open/FreeBSD, but am running into some "fun" when trying to
>> get
>> p5-XML-Parser built on RHEL4 (red hat ent. linux 4).
>>
>> i've ping'd the pkgsrc-users@ list, but was hoping someone here may have
>> experience shoe-horning pkgsrc onto a rhel system they wouldn't mind
>> sharing.
>
> Check the .*.log files in the work directory ... they usually have a lot
> of useful debugging output.  I don't remember off-hand if you need
> PKG_DEBUG_LEVEL > 0 to trigger the useful debugging output.
>

thanks all for the input, i'll generate some debugging info today and see
what i can dig up.

-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From george at galis.org  Tue Feb  6 13:42:01 2007
From: george at galis.org (George Georgalis)
Date: Tue, 6 Feb 2007 13:42:01 -0500
Subject: [nycbug-talk] Notes for the meeting about Subversion of 7 Feb
In-Reply-To: <89ce7f740702051326l3a7a3bcv997c6dd67681cbc6@mail.gmail.com>
References: <89ce7f740702051210u17cb0294j4107a0840cc39c02@mail.gmail.com>
	<45C790AF.4070101@3phasecomputing.com>
	<89ce7f740702051326l3a7a3bcv997c6dd67681cbc6@mail.gmail.com>
Message-ID: <20070206184201.GK21386@run.galis.org>

On Mon, Feb 05, 2007 at 04:26:05PM -0500, Ivan Rambius Ivanov wrote:
>Hello Jerry,
>
>On 2/5/07, Jerry B. Altzman <jbaltz at 3phasecomputing.com> wrote:
>> on 2007-02-05 15:10 Ivan "Rambius" Ivanov said the following:
>> > I am currently preparing my notes for the Subversion presentation on 7
>> > Feb. I started to upload my notes and I thought you might want to see
>> > them in advance, although they are not fully complete. The link is
>> > http://vania.sourceforge.net/svnnotes-en/.
>>
>> As a very heavy-duty SVN user and someone who supports it for a living,
>> my favorite topic to include is "how to do an in-place import of a
>> active directory".
>
>If I understand correctly you have a directory on your local
>filesystem and you want to add its content to a Subversion repository.
>I assume that you want to store the config files for your machine
>
>Usually this is done using svn import, but the problem here is that
>after you import it, you have to check out the new copy and delete the
>old one. If the directory contains important files like configurations
>for a server, it is not wise to risk with a delete. For example, I
>store my Apache configuration files in a Subversion repository and I
>added /usr/local/etc/httpd in it in the following way:
>
>$ svn mkdir http://my-svn-server/my-repo/usr
>$ svn mkdir http://my-svn-server/my-repo/usr/local
>$ svn mkdir http://my-svn-server/my-repo/usr/local/etc
>$ svn mkdir http://my-svn-server/my-repo/usr/local/etc/apache
>
>This creates the directories directly on the repostory; it does not
>touch your local filesystem.
>
>After I have created the directory structure in the repository, I do
>
>$ svn co http://my-svn-server/my-repo/usr/local/etc/apache /usr/local/etc/apache
>
>At this point /usr/local/etc/apache is under svn control. Now I decide
>which files from it I want to be versioned, for example httpd.conf is
>a perfect candidate:
>
>$ cd /usr/local/etc/apache
>$ svn add httpd.conf
>$ svn commit -m "original httpd.conf" httpd.conf
>
>Now, httpd.conf is under version control and every time I change it, I
>check it in.

Nice summary.

Any comments on using commit triggers, svn:ignore, and keyword
expansion?

eg if log files are going to co exist with the checkout do you
need to ignore them? where is your ignore file? how do you trigger
an update to a staging (or live) checkout with commit, or commit
to a specific (log) file in the repo (hook script)? I'm thinking
for desktop checkout htdoc mods and/or staging/production restarts
with httpd.conf &c checkin.  I miss "local keyword expansion"
from cvs, is there any way to enable svn keyword expansion for an
entire repo, or does it need setting per file? how do you manage
that?

BTW I see your doc is missing the NetBSD section,

cd /usr/pkgsrc/devel/subversion && make clean install

that seems to work anywhere pkgsrc is in use.

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><


From okan at demirmen.com  Tue Feb  6 17:08:10 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Tue, 6 Feb 2007 17:08:10 -0500
Subject: [nycbug-talk] got stuff?
Message-ID: <20070206220810.GU19672@clam.khaoz.org>

since we are a community of users i'd like to offer a few items that i'm
looking to sell.

	4 x sun drive caddies - free
	2 x soekris vpn 1411 (mini-pci) - $40 each
		- never been removed from packaging
		- these still go for $68 new from soekris.com
	1 x sharp zaurus sl-c3200 - $400
		- still expensive here in the states (~$600-800 new)
		- original packaging
		- in perfect condition
                - openbsd -current installed; (but if you want me to
                slap the default linux install on, i'll do it
                (begrudgingly of course), however since the work as
                already been done to load openbsd, netbsd install would
                be trivial.
	wi(4) and ne(4) cf cards - offer
		- basically for the zaurus

feel free to ask questions or make offers.

cheers,
okan


From af.dingo at gmail.com  Wed Feb  7 12:00:44 2007
From: af.dingo at gmail.com (Jeff Quast)
Date: Wed, 7 Feb 2007 12:00:44 -0500
Subject: [nycbug-talk] got stuff?
In-Reply-To: <20070206220810.GU19672@clam.khaoz.org>
References: <20070206220810.GU19672@clam.khaoz.org>
Message-ID: <c1feb8190702070900q13c56d53kaf38554843c32114@mail.gmail.com>

On 2/6/07, Okan Demirmen <okan at demirmen.com> wrote:
> since we are a community of users i'd like to offer a few items that i'm
> looking to sell.
>        1 x sharp zaurus sl-c3200 - $400
>                - still expensive here in the states (~$600-800 new)
>                - original packaging
>                - in perfect condition
>                - openbsd -current installed; (but if you want me to
>                slap the default linux install on, i'll do it
>                (begrudgingly of course), however since the work as
>                already been done to load openbsd, netbsd install would
>                be trivial.

I already have a zaurus, but I'd have jumped on this offer. I paid
$420 at www.conics.net plus ridiculous shipping charges for a used
SL-3000... $515 after everything, and it is noticably used (scratches,
etc.).

Wim sells brand new zaurus of this model http://zaurus.kd85.com/ for
749 euroes, yahoo converts that to $975 USD...

If any of you are looking for portable bsd, this is it. OpenBSD
supports the zaurus wonderfuly. The ports/ system works great, and
they provide binary packages.


From mspitzer at gmail.com  Thu Feb  8 00:20:20 2007
From: mspitzer at gmail.com (Marc Spitzer)
Date: Thu, 8 Feb 2007 00:20:20 -0500
Subject: [nycbug-talk] Mercurial: a distributed version control system
Message-ID: <8c50a3c30702072120j2e34f136h1b4c0d5ec9c2d232@mail.gmail.com>

Its called Mercurial, here is a google talk:
http://video.google.com/videoplay?docid=-7724296011317502612
and here is a good white paper to start
http://www.selenic.com/mercurial/wiki/index.cgi/Presentations?action=AttachFile&do=get&target=ols-mercurial-paper.pdf

-- 
Freedom is nothing but a chance to be better.
Albert Camus


From nikolai at fetissov.org  Thu Feb  8 15:37:23 2007
From: nikolai at fetissov.org (nikolai)
Date: Thu, 8 Feb 2007 15:37:23 -0500 (EST)
Subject: [nycbug-talk] February 2007 meeting audio
Message-ID: <15366.63.66.6.15.1170967043.squirrel@www.geekisp.com>

Folks,
mp3 of Ivan's presentation is online at
http://www.fetissov.org/public/nycbug/
--
 Nikolai


From rambiusparkisanius at gmail.com  Thu Feb  8 15:52:38 2007
From: rambiusparkisanius at gmail.com (Ivan "Rambius" Ivanov)
Date: Thu, 8 Feb 2007 15:52:38 -0500
Subject: [nycbug-talk] February 2007 meeting audio
In-Reply-To: <15366.63.66.6.15.1170967043.squirrel@www.geekisp.com>
References: <15366.63.66.6.15.1170967043.squirrel@www.geekisp.com>
Message-ID: <89ce7f740702081252i32d752e7vd63eb7462261bf3e@mail.gmail.com>

Hello Nikolai,

On 2/8/07, nikolai <nikolai at fetissov.org> wrote:
> Folks,
> mp3 of Ivan's presentation is online at
> http://www.fetissov.org/public/nycbug/
Thank you very much for the audio recording.

Regards
Ivan

-- 
Tangra Mega Rock: http://www.radiotangra.com


From ike at lesmuug.org  Sun Feb 11 15:26:18 2007
From: ike at lesmuug.org (Isaac Levy)
Date: Sun, 11 Feb 2007 15:26:18 -0500
Subject: [nycbug-talk] AsiaBSDCon, March 8-11
Message-ID: <ABDA8372-D7AB-40E7-A936-B329978295D4@lesmuug.org>

Hey All,

The fine folks running AsiaBSDCon are looking to spread the word  
about the conference, the schedule is now online!  Pretty excellent  
lineup, their tutorial sessions all look pretty hardcore.  It seems  
to me the heavy focus of the conference is of course on BSD's  
strength in ISP and heavy network contexts- (no KDE tuning sessions?  
What?!).
Also, of note, lots of IPV6 stuff at this conference, (in *the*  
country which actually runs *production* grade IPV6 infrastructure!)

I'll be there, and would love some company...

(please note, USD conversions are subject to change, just posted here  
for our convenience)

CHECK OUT THE SCHEDULE:
http://asiabsdcon.org/timetable.html

AsiaBSDCon 2007
University of Tokyo, Tokyo, Japan
Thursday, March 8 to Sunday, March 11th, 2007

Registration Fees
Delegate (non-student):
   10,000JPY, ($83usd) (until February 28, 2007)
   12,000JPY ($99usd) (after February 28, 2007)
Student:
   3,500JPY ($29usd) (regardless of the above periods)

Full-day Tutorial:
   12,000JPY/class ($99usd)
   (6,000JPY ($49usd) for students)
Half-day Tutorial:
   6,000JPY/class ($49usd)
   (3,000JPY ($24usd) for students)


--
As an aside, it's 'off season' travel to Tokyo from the US, so if you  
book tickets soon, it's the cheapest time of year to go (right before  
the Cherry Blossom spring season [like $700-800]).

Rocket-
.ike




From george at ceetonetechnology.com  Tue Feb 13 12:54:37 2007
From: george at ceetonetechnology.com (George R.)
Date: Tue, 13 Feb 2007 12:54:37 -0500
Subject: [nycbug-talk] in town. ..
Message-ID: <45D1FB5D.3060403@ceetonetechnology.com>

Jason Dixon will be in town tomorrow night and will be up for cocktails
if anyone's interested.

Email me off list and cc Jason if you're game. . . and yes, it's V-day
tomorrow, so please don't use this as an excuse to anger your better halves.

George


From jkeen at verizon.net  Tue Feb 13 18:42:25 2007
From: jkeen at verizon.net (James Keenan)
Date: Tue, 13 Feb 2007 18:42:25 -0500
Subject: [nycbug-talk] Perl Seminar NY Tues Feb 20 Agenda
Message-ID: <991D6B30-0D07-47C1-BD80-89BED896A9CD@verizon.net>

I had the pleasure of attending the BSD users group meeting last week  
at Suspenders.  I attended the conference at Columbia U. in Sept  
2006, but had not attended a user group meeting.

Those of you who use Perl may recognize "inside-out objects" as one  
of the hot Perl topics in the last two years.  Our local user group,  
Perl Seminar NY, will have *the* leading expert on this subject speak  
at our meeting next Tuesday, Feb 20, 6:15-8:15pm.

Main presentation:
Jerry D Hedden
Using Object::Inside Out

Inside-out objects are a competing paradigm to Perl's traditional
'blessed hash' object model. This presentation goes into detail on
how to develop inside-out object classes using the Object::InsideOut
module (http://search.cpan.org/dist/Object-InsideOut/).

We meet at NYPC User Group
481 8 Ave
Suite 550
between West 34 & 35 Sts (Ramada New Yorker)

... on the 3rd Tuesday of each month from October to May.  A more  
complete description:  http://tech.groups.yahoo.com/group/perlsemny/ 
message/698

Thank you very much.
JIm Keenan


From jpb at sixshooter.v6.thrupoint.net  Wed Feb 14 05:14:16 2007
From: jpb at sixshooter.v6.thrupoint.net (Jim Brown)
Date: Wed, 14 Feb 2007 10:14:16 +0000
Subject: [nycbug-talk] L2TP/IPSec VPN Stress Testing
Message-ID: <20070214101416.GB83945@sixshooter.v6.thrupoint.net>


Greetings Everyone,

I need to perform VPN stress testing on a Cisco ASA setup
we have here in the ThruPoint lab.  Our requirements are
that the setup should handle about 1000 simultaneous connections.

I've looked around for VPN stress testing options and there 
just don't seem to be that many that are, ahem, reasonably priced.
(Ixia 250 new: over $100K, and leasing is 15% list/month- 3 month min.)


Further detail:  We are using MS L2TP/IPSec for the client,
so whatever I use has to be able to generate L2TP/IPSec
sessions.  To get started we'll use preshared keys.  We'll test
certs later.

Clients are Microsoft XP using the Microsoft L2TP/IPSec client.

So, I'm really trying to emulate 1000 Win XP L2TP/IPSec users
connecting at the same time.

I do have about 50 PCs (maybe even more) I can throw at this thing,
so I just need to figure out how to get 50 PCs to generate L2TP/IPSec
connections.

Is there a BSD solution I can use here?

All ideas welcomed!

Best Regards,
Jim B.



From pete at nomadlogic.org  Wed Feb 14 11:59:39 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Wed, 14 Feb 2007 08:59:39 -0800 (PST)
Subject: [nycbug-talk] L2TP/IPSec VPN Stress Testing
In-Reply-To: <20070214101416.GB83945@sixshooter.v6.thrupoint.net>
References: <20070214101416.GB83945@sixshooter.v6.thrupoint.net>
Message-ID: <12601.160.33.20.11.1171472379.squirrel@webmail.nomadlogic.org>


>
> Greetings Everyone,
>
> I need to perform VPN stress testing on a Cisco ASA setup
> we have here in the ThruPoint lab.  Our requirements are
> that the setup should handle about 1000 simultaneous connections.
>
> I've looked around for VPN stress testing options and there
> just don't seem to be that many that are, ahem, reasonably priced.
> (Ixia 250 new: over $100K, and leasing is 15% list/month- 3 month min.)
>
>
> Further detail:  We are using MS L2TP/IPSec for the client,
> so whatever I use has to be able to generate L2TP/IPSec
> sessions.  To get started we'll use preshared keys.  We'll test
> certs later.
>
> Clients are Microsoft XP using the Microsoft L2TP/IPSec client.
>
> So, I'm really trying to emulate 1000 Win XP L2TP/IPSec users
> connecting at the same time.
>
> I do have about 50 PCs (maybe even more) I can throw at this thing,
> so I just need to figure out how to get 50 PCs to generate L2TP/IPSec
> connections.
>
> Is there a BSD solution I can use here?
>
> All ideas welcomed!
>
> Best Regards,
> Jim B.
>

not really a BSD solution but would it be possible to use something like
VMware server (which is free) on the PC's to get close to the number of
clients you want (10 xp instances per PC * 50 pc's = 500 connections).  it
may not be quick, or even feasible - but with a little batch scripting you
could be able to generate the traffic you'd expect to see.  vmware server
does allow you to do snapshot's of your instance - so theoretically you
could clone a snapshot of a configured XP host which may save some time on
the front end.

also, not sure what type of gear you have available - but i did some work
with NetApp iSCSI LUN cloning to produce a pretty similar environment as
well.  create a VM instance, clone the lun and export that image to
another VM.  NetApp's do some tricks where cloned images will share as
much common data as possible, allocating new blocks as needed when the
clones start to differ (i.e. /bin may use the same blocks accross multiple
LUN's, but /var/tmp would differ).

anywho, this sounds like a fun project ;)

-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From KReiter at insidefsi.net  Wed Feb 14 15:39:46 2007
From: KReiter at insidefsi.net (Kevin Reiter)
Date: Wed, 14 Feb 2007 15:39:46 -0500
Subject: [nycbug-talk] Installing Perl Module: DBD::mysql
Message-ID: <184B0715C3D74243B86F872B55C340E7037BB928@fsi32.fsidp.insidefsi.com>

All,

I'm trying to install the DBD::mysql Perl module (via the CPAN shell) on FreeBSD 6.2, and it's looking to login to the local MySQL database during the 'make test' portion of the install, resulting in a failed install:

Failed 23/26 test scripts, 11.54% okay. 414/419 subtests failed, 1.19% okay.
*** Error code 255

Stop in /root/.cpan/build/DBD-mysql-4.001.
  /usr/bin/make test -- NOT OK
Running make install
  make test had returned bad status, won't install without force


I noticed that it's looking for a running database (it's running on localhost), but how do I pass the password to the command in order for it to successfully login?

cpan> install DBD::mysql
Running install for module DBD::mysql
Running make for C/CA/CAPTTOFU/DBD-mysql-4.001.tar.gz
  Is already unwrapped into directory /root/.cpan/build/DBD-mysql-4.001
  Has already been processed within this session
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/00base.............ok
t/10dsnlist..........DBI connect('test','',...) failed: Access denied for user 'root'@'localhost' (using password: NO) at t/10dsnlist.t line 45
Cannot connect: Access denied for user 'root'@'localhost' (using password: NO)
        Either your server is not up and running or you have no
        permissions for acessing the DSN DBI:mysql:test.
        This test requires a running server and write permissions.
        Please make sure your server is running and you have
        permissions, then retry.


Any help would be greatly appreciated.

Kev


Kevin Reiter
Senior Security Engineer
Financial Services, Inc.
21 Harristown Road
Glen Rock, New Jersey 07452
(201)652-6000, ext. 588
PGP ID: 0xEE665233

This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed.  If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein.  Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.




From george at ceetonetechnology.com  Wed Feb 14 16:29:24 2007
From: george at ceetonetechnology.com (George R.)
Date: Wed, 14 Feb 2007 16:29:24 -0500
Subject: [nycbug-talk] [Fwd: Update]
Message-ID: <45D37F34.204@ceetonetechnology.com>

Jason Dixon and crew are in town, through the snow and sleet.

Feel free to contact him offlist if interested.

George

-------- Original Message --------
Subject: Update
Date: Wed, 14 Feb 2007 16:25:14 -0500

Hi guys-

We just slid into town (literally) around 3:30pm.  Catching the last
session of the day, then not sure what else.  Supposed to be going to
some receptions this evening, but I'm sure I'll cut out early.  We're
staying in the Marriott Marquis in Times Square (1535 Broadway).  If
anyone has any good ideas for dinner/beer in the area, I'm up for
suggestions.  We also brought along our poker "gear" if anyone's up
for it afterwards.

Feel free to pass on to NYCBUG.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net



From spork at bway.net  Wed Feb 14 18:54:27 2007
From: spork at bway.net (Charles Sprickman)
Date: Wed, 14 Feb 2007 18:54:27 -0500 (EST)
Subject: [nycbug-talk] OpenBSD 4.0 + VMware Server
Message-ID: <Pine.OSX.4.64.0702141847300.14179@white.nat.fasttrackmonkey.com>

Hi all,

Anyone had success with the above combo?

I've had no problems with it booting, but during the install I'm having an 
odd issue - when I hit "enter" after a selection, it repeats.  Meaning if 
the sequence were something like "are you happy with the partitions 
(Y/n)?" and then "Do you really want to continue (y/N)", I'll hit enter on 
the first one and then it's as if I'd pressed enter again on the next 
selection (which quits the installer).

Tried different terminal types, etc.

VMware Server is the latest free version, and I'm using the X app as a 
client to create new virtual servers.  Did not see the same thing when 
installing FreeBSD 4.11/6.2 or when installing NetBSD 3.0.

Any ideas before I go to one of the OBSD lists?

Thanks,

Charles


From lavalamp at spiritual-machines.org  Wed Feb 14 19:20:39 2007
From: lavalamp at spiritual-machines.org (Brian A. Seklecki)
Date: Wed, 14 Feb 2007 19:20:39 -0500 (EST)
Subject: [nycbug-talk] OpenBSD 4.0 + VMware Server
In-Reply-To: <Pine.OSX.4.64.0702141847300.14179@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0702141847300.14179@white.nat.fasttrackmonkey.com>
Message-ID: <20070214191723.G59589@arbitor.digitalfreaks.org>

On Wed, 14 Feb 2007, Charles Sprickman wrote:

> Hi all,
>
> Anyone had success with the above combo?

I run OpenBSD 4.0/i386-STABLE for my bsd-appliance project development 
needs inside a WinXP and a Linux 2.6 host.  Version 1.0.1 build-29996.

No keyboard problems here.  Standard Dell hardware.  Mostly PS/2 
keyboards.

Did you try disabling USB passthrough?

~BAS


From talk-owner at lists.nycbug.org  Wed Feb 14 17:12:57 2007
From: talk-owner at lists.nycbug.org (talk-owner at lists.nycbug.org)
Date: Wed, 14 Feb 2007 17:12:57 -0500
Subject: [nycbug-talk] Installing Perl Module: DBD::mysql
Message-ID: <A6A3332C-5FB0-4875-A4AD-E96A5DF1D28F@lists.nycbug.org>

On Feb 14, 2007, at 3:39 PM, Kevin Reiter wrote:

> I noticed that it's looking for a running database (it's running on  
> localhost), but how do I pass the password to the command in order  
> for it to successfully login?

IIRC:

read the source on cpan -- it should be an envelope variable that you  
can set
i think you can also disable the tests completely with an envelope  
variable too



// Jonathan Vanasco

| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -






From jpb at sixshooter.v6.thrupoint.net  Wed Feb 14 17:19:08 2007
From: jpb at sixshooter.v6.thrupoint.net (Jim Brown)
Date: Wed, 14 Feb 2007 22:19:08 +0000
Subject: [nycbug-talk] OpenBSD 4.0 + VMware Server
In-Reply-To: <20070214191723.G59589@arbitor.digitalfreaks.org>
References: <Pine.OSX.4.64.0702141847300.14179@white.nat.fasttrackmonkey.com>
	<20070214191723.G59589@arbitor.digitalfreaks.org>
Message-ID: <20070214221908.GA86694@sixshooter.v6.thrupoint.net>

* Brian A. Seklecki <lavalamp at spiritual-machines.org> [2007-02-14 20:15]:
> On Wed, 14 Feb 2007, Charles Sprickman wrote:
> 
> > Hi all,
> >
> > Anyone had success with the above combo?
> 
> I run OpenBSD 4.0/i386-STABLE for my bsd-appliance project development 
> needs inside a WinXP and a Linux 2.6 host.  Version 1.0.1 build-29996.
> 
> No keyboard problems here.  Standard Dell hardware.  Mostly PS/2 
> keyboards.
> 
> Did you try disabling USB passthrough?
> 
> ~BAS


I run the same on linux host.  works ok, afaict.  still testing however...

Jim B.



From jpb at sixshooter.v6.thrupoint.net  Wed Feb 14 17:24:26 2007
From: jpb at sixshooter.v6.thrupoint.net (Jim Brown)
Date: Wed, 14 Feb 2007 22:24:26 +0000
Subject: [nycbug-talk] OpenBSD 4.0 + VMware Server
In-Reply-To: <Pine.OSX.4.64.0702141847300.14179@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0702141847300.14179@white.nat.fasttrackmonkey.com>
Message-ID: <20070214222426.GB86694@sixshooter.v6.thrupoint.net>

* Charles Sprickman <spork at bway.net> [2007-02-14 19:50]:
> Hi all,
> 
> Anyone had success with the above combo?
> 
> I've had no problems with it booting, but during the install I'm having an 
> odd issue - when I hit "enter" after a selection, it repeats.  Meaning if 
> the sequence were something like "are you happy with the partitions 
> (Y/n)?" and then "Do you really want to continue (y/N)", I'll hit enter on 
> the first one and then it's as if I'd pressed enter again on the next 
> selection (which quits the installer).
> 
> Tried different terminal types, etc.
> 
> VMware Server is the latest free version, and I'm using the X app as a 
> client to create new virtual servers.  Did not see the same thing when 
> installing FreeBSD 4.11/6.2 or when installing NetBSD 3.0.
> 
> Any ideas before I go to one of the OBSD lists?
> 
> Thanks,
> 
> Charles


I'd also check to see if the keyboard repeat rate is settable in the BIOS.

And see if you can figure out if your terminal line discipline is messed up- 
maybe it's getting CR and LF and acting on both.

All I can think of...

Jim B.




From KReiter at insidefsi.net  Thu Feb 15 09:24:48 2007
From: KReiter at insidefsi.net (Kevin Reiter)
Date: Thu, 15 Feb 2007 09:24:48 -0500
Subject: [nycbug-talk] Installing Perl Module: DBD::mysql
In-Reply-To: <54709CF2-FE12-44A2-8CE7-A05077459DC2@2xlp.com>
Message-ID: <184B0715C3D74243B86F872B55C340E7037BB94E@fsi32.fsidp.insidefsi.com>

I wound up going into the cpan/build/.. directory and doing a perl Makefile.PL and passing all the variables on the commandline, then following it up with a make / make test / make install, and it did the trick.

I also tried using pkg_add, but the box didn't like the versions of the MySQL client modules installed.

Thanks everyone for all the suggestions and info.

Kev

-----Original Message-----
From: Jonathan Vanasco [mailto:jvanasco at 2xlp.com]
Sent: Wednesday, February 14, 2007 5:13 PM
To: Kevin Reiter
Cc: NYCBUG (E-mail)
Subject: Re: [nycbug-talk] Installing Perl Module: DBD::mysql



On Feb 14, 2007, at 3:39 PM, Kevin Reiter wrote:

> I noticed that it's looking for a running database (it's running on  
> localhost), but how do I pass the password to the command in order  
> for it to successfully login?

IIRC:

read the source on cpan -- it should be an envelope variable that you  
can set
i think you can also disable the tests completely with an envelope  
variable too



// Jonathan Vanasco

| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -



This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed.  If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein.  Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.




From rambiusparkisanius at gmail.com  Thu Feb 15 15:10:29 2007
From: rambiusparkisanius at gmail.com (Ivan "Rambius" Ivanov)
Date: Thu, 15 Feb 2007 15:10:29 -0500
Subject: [nycbug-talk] NetBSD, Apache and mod_python problems
Message-ID: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>

Hello,

I have a machine running NetBSD 3.1 with Apache Httpd 2.2.3 installed
from pkgsrc. Yesterday I tried to install mod_python from ap2-python
pkgsrc package and it compiled and installed successfully.

However, when I tried to load mod_python module, apache refused to
start. The following error is dumped to /var/log/httpd/error_log:

[Thu Feb 15 03:11:14 2007] [emerg] (28)No space left on device:
Couldn't create accept lock (/usr/pkg/var/accept.lock.524) (5)

First, I did check if I have empty space:

$ df -h
Filesystem    Size      Used     Avail Capacity  Mounted on
/dev/wd0a     8.0G     983M      6.7G    12%    /
/dev/wd0e     7.7G     230K      7.3G     0%    /home
kernfs        1.0K     1.0K        0B   100%    /kern

Next, I verified that the apache user and group had write permissions
to /usr/pkg/var directory

$ ls -al /usr/pkg/
drwxrwx---   2 www   www     512 Jan 28 03:14 var

Finally, I googled around and I found some references that apache is
unable to create semaphores[1]. I stared "ipcs -s" command, but there
are no semaphores.

Could you please help me with using mod_python on NetBSD?

Regards
Ivan

[1]http://www.webpipe.net/howto/Apache_accept_lock_fix

-- 
Tangra Mega Rock: http://www.radiotangra.com


From okan at demirmen.com  Thu Feb 15 15:27:52 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 15 Feb 2007 15:27:52 -0500
Subject: [nycbug-talk] NetBSD, Apache and mod_python problems
In-Reply-To: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>
References: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>
Message-ID: <20070215202752.GA19672@clam.khaoz.org>

On Thu 2007.02.15 at 15:10 -0500, Ivan Rambius Ivanov wrote:
> Hello,
> 
> I have a machine running NetBSD 3.1 with Apache Httpd 2.2.3 installed
> from pkgsrc. Yesterday I tried to install mod_python from ap2-python
> pkgsrc package and it compiled and installed successfully.
> 
> However, when I tried to load mod_python module, apache refused to
> start. The following error is dumped to /var/log/httpd/error_log:
> 
> [Thu Feb 15 03:11:14 2007] [emerg] (28)No space left on device:
> Couldn't create accept lock (/usr/pkg/var/accept.lock.524) (5)
> 
> First, I did check if I have empty space:
> 
> $ df -h
> Filesystem    Size      Used     Avail Capacity  Mounted on
> /dev/wd0a     8.0G     983M      6.7G    12%    /
> /dev/wd0e     7.7G     230K      7.3G     0%    /home
> kernfs        1.0K     1.0K        0B   100%    /kern

df -i ?

> Next, I verified that the apache user and group had write permissions
> to /usr/pkg/var directory
> 
> $ ls -al /usr/pkg/
> drwxrwx---   2 www   www     512 Jan 28 03:14 var
> 
> Finally, I googled around and I found some references that apache is
> unable to create semaphores[1]. I stared "ipcs -s" command, but there
> are no semaphores.
> 
> Could you please help me with using mod_python on NetBSD?
> 
> Regards
> Ivan
> 
> [1]http://www.webpipe.net/howto/Apache_accept_lock_fix
> 
> -- 
> Tangra Mega Rock: http://www.radiotangra.com
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month


From rambiusparkisanius at gmail.com  Thu Feb 15 15:41:50 2007
From: rambiusparkisanius at gmail.com (Ivan "Rambius" Ivanov)
Date: Thu, 15 Feb 2007 15:41:50 -0500
Subject: [nycbug-talk] NetBSD, Apache and mod_python problems
In-Reply-To: <20070215202752.GA19672@clam.khaoz.org>
References: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>
	<20070215202752.GA19672@clam.khaoz.org>
Message-ID: <89ce7f740702151241pc364700t1d6c350315e1aac5@mail.gmail.com>

Hello Okan,

On 2/15/07, Okan Demirmen <okan at demirmen.com> wrote:
>
> df -i ?
>

# df -i

shows the following:

Filesystem  1K-blocks      Used     Avail Capacity  iused    ifree
%iused  Mounted on
/dev/wd0a     8418870   1006898   6991030    12%   146831   901231    14%   /
/dev/wd0e     8065046       230   7661564     0%      162  1007964
0%   /home
kernfs              1         1         0   100%      896      128
87%   /kern

I have enough space on /. I do not think that /usr/pkg/var/accept.lock
file will occupy more than 6.7 GB which is the free space on /.

Regards
Ivan

-- 
Tangra Mega Rock: http://www.radiotangra.com


From okan at demirmen.com  Thu Feb 15 15:53:53 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 15 Feb 2007 15:53:53 -0500
Subject: [nycbug-talk] NetBSD, Apache and mod_python problems
In-Reply-To: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>
References: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>
Message-ID: <20070215205353.GB19672@clam.khaoz.org>

On Thu 2007.02.15 at 15:10 -0500, Ivan Rambius Ivanov wrote:
> Hello,
> 
> I have a machine running NetBSD 3.1 with Apache Httpd 2.2.3 installed
> from pkgsrc. Yesterday I tried to install mod_python from ap2-python
> pkgsrc package and it compiled and installed successfully.
> 
> However, when I tried to load mod_python module, apache refused to
> start. The following error is dumped to /var/log/httpd/error_log:
> 
> [Thu Feb 15 03:11:14 2007] [emerg] (28)No space left on device:
> Couldn't create accept lock (/usr/pkg/var/accept.lock.524) (5)
> 
> First, I did check if I have empty space:
> 
> $ df -h
> Filesystem    Size      Used     Avail Capacity  Mounted on
> /dev/wd0a     8.0G     983M      6.7G    12%    /
> /dev/wd0e     7.7G     230K      7.3G     0%    /home
> kernfs        1.0K     1.0K        0B   100%    /kern
> 
> Next, I verified that the apache user and group had write permissions
> to /usr/pkg/var directory
> 
> $ ls -al /usr/pkg/
> drwxrwx---   2 www   www     512 Jan 28 03:14 var
> 
> Finally, I googled around and I found some references that apache is
> unable to create semaphores[1]. I stared "ipcs -s" command, but there
> are no semaphores.

ok, so not an inode problem...and you say ipcs shows nothing?

> Could you please help me with using mod_python on NetBSD?
> 
> Regards
> Ivan
> 
> [1]http://www.webpipe.net/howto/Apache_accept_lock_fix
> 
> -- 
> Tangra Mega Rock: http://www.radiotangra.com
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month


From rambiusparkisanius at gmail.com  Thu Feb 15 16:12:11 2007
From: rambiusparkisanius at gmail.com (Ivan "Rambius" Ivanov)
Date: Thu, 15 Feb 2007 16:12:11 -0500
Subject: [nycbug-talk] NetBSD, Apache and mod_python problems
In-Reply-To: <20070215205353.GB19672@clam.khaoz.org>
References: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>
	<20070215205353.GB19672@clam.khaoz.org>
Message-ID: <89ce7f740702151312r119d0c88vdcc6eb205fc516cd@mail.gmail.com>

Hello Okan,

On 2/15/07, Okan Demirmen <okan at demirmen.com> wrote:
> ok, so not an inode problem...and you say ipcs shows nothing?
>
OK, now apache is not running. ipcs shows the following:

# ipcs -s
IPC status from <running system> as of Thu Feb 15 16:06:50 2007

Semaphores:
T        ID     KEY        MODE       OWNER    GROUP

No semaphores are shown.

Maybe I should give more details: In /usr/pkg/etc/httpd/httpd.conf I
load mod_python with the following directive:

LoadModule python_module lib/httpd/mod_python.so

An attempt to start apache dumps that error in error_log:

# date
Thu Feb 15 16:09:29 EST 2007
# /etc/rc.d/apache start
Starting apache.
# tail -n 1 /var/log/httpd/error_log
[Thu Feb 15 16:09:44 2007] [emerg] (28)No space left on device:
Couldn't create accept lock (/usr/pkg/var/accept.lock.3659) (5)

And apache is not running.

When I comment out LoadModule directive for mod_python, apache starts
successfully. This makes me believe that mod_python causes the
problem.

Regards
Ivan

-- 
Tangra Mega Rock: http://www.radiotangra.com


From pete at nomadlogic.org  Thu Feb 15 16:29:20 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Thu, 15 Feb 2007 13:29:20 -0800 (PST)
Subject: [nycbug-talk] NetBSD, Apache and mod_python problems
In-Reply-To: <89ce7f740702151312r119d0c88vdcc6eb205fc516cd@mail.gmail.com>
References: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>
	<20070215205353.GB19672@clam.khaoz.org>
	<89ce7f740702151312r119d0c88vdcc6eb205fc516cd@mail.gmail.com>
Message-ID: <41420.160.33.20.11.1171574960.squirrel@webmail.nomadlogic.org>


> Hello Okan,
>
> On 2/15/07, Okan Demirmen <okan at demirmen.com> wrote:
>> ok, so not an inode problem...and you say ipcs shows nothing?
>>
> OK, now apache is not running. ipcs shows the following:
>
> # ipcs -s
> IPC status from <running system> as of Thu Feb 15 16:06:50 2007
>
> Semaphores:
> T        ID     KEY        MODE       OWNER    GROUP
>
> No semaphores are shown.
>
> Maybe I should give more details: In /usr/pkg/etc/httpd/httpd.conf I
> load mod_python with the following directive:
>
> LoadModule python_module lib/httpd/mod_python.so
>
> An attempt to start apache dumps that error in error_log:
>
> # date
> Thu Feb 15 16:09:29 EST 2007
> # /etc/rc.d/apache start
> Starting apache.
> # tail -n 1 /var/log/httpd/error_log
> [Thu Feb 15 16:09:44 2007] [emerg] (28)No space left on device:
> Couldn't create accept lock (/usr/pkg/var/accept.lock.3659) (5)
>
> And apache is not running.
>
> When I comment out LoadModule directive for mod_python, apache starts
> successfully. This makes me believe that mod_python causes the
> problem.
>

hmm...maybe a ktrace of starting up httpd will help.  atleast it'll what
mod_python is doing that is causing the problem.

-pete



-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From okan at demirmen.com  Thu Feb 15 16:33:23 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 15 Feb 2007 16:33:23 -0500
Subject: [nycbug-talk] NetBSD, Apache and mod_python problems
In-Reply-To: <89ce7f740702151312r119d0c88vdcc6eb205fc516cd@mail.gmail.com>
References: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>
	<20070215205353.GB19672@clam.khaoz.org>
	<89ce7f740702151312r119d0c88vdcc6eb205fc516cd@mail.gmail.com>
Message-ID: <20070215213323.GC19672@clam.khaoz.org>

On Thu 2007.02.15 at 16:12 -0500, Ivan Rambius Ivanov wrote:
> # date
> Thu Feb 15 16:09:29 EST 2007
> # /etc/rc.d/apache start
> Starting apache.
> # tail -n 1 /var/log/httpd/error_log
> [Thu Feb 15 16:09:44 2007] [emerg] (28)No space left on device:
> Couldn't create accept lock (/usr/pkg/var/accept.lock.3659) (5)
> 
> And apache is not running.
> 
> When I comment out LoadModule directive for mod_python, apache starts
> successfully. This makes me believe that mod_python causes the
> problem.

ok then yes, if removing it "fixes" the problem, the issue is mod_python.

i don't know anything about mod_python, but it's got something to do
with a failure to create mutexes, i think.


From rambiusparkisanius at gmail.com  Thu Feb 15 16:42:21 2007
From: rambiusparkisanius at gmail.com (Ivan "Rambius" Ivanov)
Date: Thu, 15 Feb 2007 16:42:21 -0500
Subject: [nycbug-talk] NetBSD, Apache and mod_python problems
In-Reply-To: <41420.160.33.20.11.1171574960.squirrel@webmail.nomadlogic.org>
References: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>
	<20070215205353.GB19672@clam.khaoz.org>
	<89ce7f740702151312r119d0c88vdcc6eb205fc516cd@mail.gmail.com>
	<41420.160.33.20.11.1171574960.squirrel@webmail.nomadlogic.org>
Message-ID: <89ce7f740702151342k1228a35ckdf6fe05d245ae477@mail.gmail.com>

Hello Peter,

On 2/15/07, Peter Wright <pete at nomadlogic.org> wrote:
>
> hmm...maybe a ktrace of starting up httpd will help.  atleast it'll what
> mod_python is doing that is causing the problem.

I started
# ktrace httpd

and I am attaching ktrace.out

Regards
Ivan

-- 
Tangra Mega Rock: http://www.radiotangra.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ktrace.out
Type: application/octet-stream
Size: 449327 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070215/7eff19cb/attachment.obj>

From lavalamp at spiritual-machines.org  Thu Feb 15 22:46:38 2007
From: lavalamp at spiritual-machines.org (Brian A. Seklecki)
Date: Thu, 15 Feb 2007 22:46:38 -0500 (EST)
Subject: [nycbug-talk] NetBSD, Apache and mod_python problems
In-Reply-To: <89ce7f740702151342k1228a35ckdf6fe05d245ae477@mail.gmail.com>
References: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>
	<20070215205353.GB19672@clam.khaoz.org>
	<89ce7f740702151312r119d0c88vdcc6eb205fc516cd@mail.gmail.com>
	<41420.160.33.20.11.1171574960.squirrel@webmail.nomadlogic.org>
	<89ce7f740702151342k1228a35ckdf6fe05d245ae477@mail.gmail.com>
Message-ID: <20070215224609.X59589@arbitor.digitalfreaks.org>



If it is indeed trying to setup share mem, maybe you're running a 
non-GENERIC kernel w/o Sys-V shmem?

Ktrace tells all.

~BAS

On Thu, 15 Feb 2007, Ivan "Rambius" Ivanov wrote:

> Hello Peter,
>
> On 2/15/07, Peter Wright <pete at nomadlogic.org> wrote:
>> 
>> hmm...maybe a ktrace of starting up httpd will help.  atleast it'll what
>> mod_python is doing that is causing the problem.
>
> I started
> # ktrace httpd
>
> and I am attaching ktrace.out
>
> Regards
> Ivan
>
> -- 
> Tangra Mega Rock: http://www.radiotangra.com
>

l8*
 	-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
 	       http://www.spiritual-machines.org/

"...from back in the heady days when "helpdesk" meant nothing, "diskquota"
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ktrace.out
Type: application/octet-stream
Size: 449327 bytes
Desc: 
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070215/40518468/attachment.obj>
-------------- next part --------------
_______________________________________________
% NYC*BUG talk mailing list
http://lists.nycbug.org/mailman/listinfo/talk
%Be sure to check out our Jobs and NYCBUG-announce lists
%We meet the first Wednesday of the month

From rambiusparkisanius at gmail.com  Fri Feb 16 02:44:37 2007
From: rambiusparkisanius at gmail.com (Ivan "Rambius" Ivanov)
Date: Fri, 16 Feb 2007 09:44:37 +0200
Subject: [nycbug-talk] NetBSD, Apache and mod_python problems
In-Reply-To: <20070215224609.X59589@arbitor.digitalfreaks.org>
References: <89ce7f740702151210m53e2150cs130a0fda320e421b@mail.gmail.com>
	<20070215205353.GB19672@clam.khaoz.org>
	<89ce7f740702151312r119d0c88vdcc6eb205fc516cd@mail.gmail.com>
	<41420.160.33.20.11.1171574960.squirrel@webmail.nomadlogic.org>
	<89ce7f740702151342k1228a35ckdf6fe05d245ae477@mail.gmail.com>
	<20070215224609.X59589@arbitor.digitalfreaks.org>
Message-ID: <89ce7f740702152344g5f8a5585mb6812e4902bab173@mail.gmail.com>

Hello Brian,

On 2/16/07, Brian A. Seklecki <lavalamp at spiritual-machines.org> wrote:
>
>
> If it is indeed trying to setup share mem, maybe you're running a
> non-GENERIC kernel w/o Sys-V shmem?
I am running a generic kernel - the one that comes with NetBSD
installation. I have not precompiled it.

> Ktrace tells all.
>
Unfortunately, I am not so skillful in NetBSD and in reading ktrace output :(

However, the reason is really related with lacking some Sys-V stuff.
The default value for AcceptMutex is sysvsem, and for some reason it
is not happy with it. According to httpd documentation AcceptMutex's
value can be flock, fcntl, posixsem, pthread or sysvsem.

It rejects completely pthread saying

Syntax error on line 31 of /usr/pkg/etc/httpd/httpd.conf:
pthread is an invalid mutex mechanism; Valid accept mutexes for this
platform and MPM are: default, flock, fcntl, sysvsem, posixsem.

sysvsem does not work either, although accepted. The remaining: flock,
fcntl, posixsem  work and I am bale to execute python scripts in
apache.

I would be very grateful if you give me more details about the
different mutexes in apache and explain me why sysvsem and posixsem do
not work.

Regards
Ivan

-- 
Tangra Mega Rock: http://www.radiotangra.com


From jonathan at kc8onw.net  Mon Feb 19 14:11:36 2007
From: jonathan at kc8onw.net (Jonathan Stewart)
Date: Mon, 19 Feb 2007 14:11:36 -0500
Subject: [nycbug-talk] Cable modem load balancing
Message-ID: <45D9F668.9000806@kc8onw.net>

Hello Wise Ones :)

I'm looking at trying to set up outgoing load balancing similar to what 
is described here [1] but with my current setup my second gateway would 
actually be on my internal lan. Can this work, possibly with an alias on 
the internal interface or would each gateway have to be on it's own 
physical interface?  I have complete control over addressing and going 
to static addressing is fine if I have to.

Here is an attempt at an ASCII art diagram of my physical setup.

--------    ------------      --------------
|modem1|----|bsd router|------|dlink switch|
--------    ------------      --------------
                                      |
     ----------------------------------
     |       |         |<-(switch port)
-------  -------  ---------
|host1|  |host2|  |linksys|
-------  -------  ---------
                       |<-(wan port)
                   --------
                   |modem2|
                   --------

Thanks for your time,
Jonathan

[1] http://openbsd.org/faq/pf/pools.html#outgoing


From spork at bway.net  Tue Feb 20 18:48:41 2007
From: spork at bway.net (Charles Sprickman)
Date: Tue, 20 Feb 2007 18:48:41 -0500 (EST)
Subject: [nycbug-talk] remote, headless FreeBSD install
Message-ID: <Pine.OSX.4.64.0702201836320.289@white.nat.fasttrackmonkey.com>

Howdy,

Anyone here familiar with a current tutorial on doing a pxe-boot install?

I'm finding a ton of stuff on Google, but it is all fairly dated and deals 
with the 4.x branch.

There is a dead SoC project that really taunted me:

http://wiki.freebsd.org/MarkusBoelter

Anything else?

Thanks,

Charles


From jca at sdf.lonestar.org  Wed Feb 21 02:21:02 2007
From: jca at sdf.lonestar.org (Jonathan C. Allen)
Date: Wed, 21 Feb 2007 07:21:02 +0000
Subject: [nycbug-talk] Soekris/Wireless Recommendations
Message-ID: <20070221072102.GA20794@SDF.LONESTAR.ORG>

I want to replace my home wireless router with a Soekris box
most likely running monowall.  Anyone have hardware recommendations
for this?  The net4826 looks good, but I'm not sure what
kind of wireless hardware I need to add to the box.

Also, can anyone recommend good wireless cards for use with *BSD?
I'm looking for a decent pcmcia card for laptops and may need some
pci cards for mini-itx boxes soon.

jca



From mhernandez at ocsny.com  Wed Feb 21 07:16:15 2007
From: mhernandez at ocsny.com (Michael Hernandez)
Date: Wed, 21 Feb 2007 07:16:15 -0500
Subject: [nycbug-talk] Soekris/Wireless Recommendations
In-Reply-To: <20070221072102.GA20794@SDF.LONESTAR.ORG>
References: <20070221072102.GA20794@SDF.LONESTAR.ORG>
Message-ID: <5378D4B4-6E91-4DF8-8D47-6B3BDDFF93C7@ocsny.com>


On Feb 21, 2007, at 2:21 AM, Jonathan C. Allen wrote:

> I want to replace my home wireless router with a Soekris box
> most likely running monowall.  Anyone have hardware recommendations
> for this?

You can look around on netgate.com for some supported wireless cards  
and antennae.

One thing you should be warned about in regards to a soekris box is  
that you should NOT get a "vpn" card. These "hardware crypto  
acceleration" cards do nothing but break ssh connections whenever  
they are used, at least with openbsd. I suggest you look at the  
soekris list archives and search for vpn1411... you'll find that  
quite a few users got this card thinking it would improve things but  
instead found the contrary.

The soekris box you choose depends... I suggest not getting one with  
a pci slot - it's really not very useful and there are many mini-pci  
cards that handle the wireless work just fine.


Mike H



From mikel.king at techally.com  Wed Feb 21 14:43:48 2007
From: mikel.king at techally.com (Mikel King)
Date: Wed, 21 Feb 2007 14:43:48 -0500
Subject: [nycbug-talk] Day Light Savings time changes on March 11
Message-ID: <F197720C-9FBA-42A7-B43F-A3085D63FE7C@techally.com>

I have learned that upgrading to FreeBSD 5.5 or 6.2 will install the  
necessary patches to the for the zone info. I have also heard that:  
If you don't want to or can not upgrade, then installing misc/ 
zoneinfo port and rerun tzsetup will also correct the issue. I am  
curious about the state of the DST changes under the other BSDs. Does  
anyone have any information for Net, Open, etc...?

Cheers,
Mikel

ps: I do know that 90% of the DST patches for Mac OS X Tiger were  
deployed during the 10.4.5 update, and Apple recently issue a tz  
update for the remaining handful of zones that were just ratified.  
And that the new update requires 10.4.8 to already be applied.




From compustretch at gmail.com  Wed Feb 21 18:16:02 2007
From: compustretch at gmail.com (forest )
Date: Wed, 21 Feb 2007 18:16:02 -0500
Subject: [nycbug-talk] Day Light Savings time changes on March 11
In-Reply-To: <F197720C-9FBA-42A7-B43F-A3085D63FE7C@techally.com>
References: <F197720C-9FBA-42A7-B43F-A3085D63FE7C@techally.com>
Message-ID: <c2f754300702211516i5d4409d3w1b4a58cfc692a32d@mail.gmail.com>

On 2/21/07, Mikel King <mikel.king at techally.com> wrote:
>
> installing misc/zoneinfo port and rerun tzsetup will also correct the
> issue.


Just wanted to add I'm also interested in how Net & Open are handling this.
If anyone has any links or knows how.

chrs,

-forest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070221/a4fb78e2/attachment.htm>

From okan at demirmen.com  Wed Feb 21 18:51:07 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Wed, 21 Feb 2007 18:51:07 -0500
Subject: [nycbug-talk] Day Light Savings time changes on March 11
In-Reply-To: <c2f754300702211516i5d4409d3w1b4a58cfc692a32d@mail.gmail.com>
References: <F197720C-9FBA-42A7-B43F-A3085D63FE7C@techally.com>
	<c2f754300702211516i5d4409d3w1b4a58cfc692a32d@mail.gmail.com>
Message-ID: <20070221235107.GC3463@clam.khaoz.org>

On Wed 2007.02.21 at 18:16 -0500, forest  wrote:
> On 2/21/07, Mikel King <mikel.king at techally.com> wrote:
> >
> >installing misc/zoneinfo port and rerun tzsetup will also correct the
> >issue.
> 
> 
> Just wanted to add I'm also interested in how Net & Open are handling this.
> If anyone has any links or knows how.

http://www.openbsd.org/errata.html


From riegersteve at gmail.com  Wed Feb 21 19:08:16 2007
From: riegersteve at gmail.com (steve rieger)
Date: Wed, 21 Feb 2007 16:08:16 -0800
Subject: [nycbug-talk] Day Light Savings time changes on March 11
In-Reply-To: <F197720C-9FBA-42A7-B43F-A3085D63FE7C@techally.com>
References: <F197720C-9FBA-42A7-B43F-A3085D63FE7C@techally.com>
Message-ID: <45DCDEF0.9060402@gmail.com>

Mikel King wrote:
> I have learned that upgrading to FreeBSD 5.5 or 6.2 will install the  
> necessary patches to the for the zone info. I have also heard that:  
> If you don't want to or can not upgrade, then installing misc/ 
> zoneinfo port and rerun tzsetup will also correct the issue. I am  
> curious about the state of the DST changes under the other BSDs. Does  
> anyone have any information for Net, Open, etc...?

this site doesnt address the bsd variants but has most others

http://www.par3concepts.com/scripts_tools/dst_timezone_updates.shtml



-- 
eats the blues for breakfast,
does unix for rent,
plays harp for food,
will play the flute for kicks
rides for the freedom

www.up-south.com


From lavalamp at spiritual-machines.org  Wed Feb 21 20:01:53 2007
From: lavalamp at spiritual-machines.org (Brian A. Seklecki)
Date: Wed, 21 Feb 2007 20:01:53 -0500 (EST)
Subject: [nycbug-talk] Day Light Savings time changes on March 11
In-Reply-To: <20070221235107.GC3463@clam.khaoz.org>
References: <F197720C-9FBA-42A7-B43F-A3085D63FE7C@techally.com>
	<c2f754300702211516i5d4409d3w1b4a58cfc692a32d@mail.gmail.com>
	<20070221235107.GC3463@clam.khaoz.org>
Message-ID: <13363.206.16.237.16.1172106113.squirrel@mail.digitalfreaks.org>


NetBSD pulled those changes into various branches (tzdata 2006...K? M? J?
something) several months ago.

You can check the cvs changelogs on src/share/zoneinfo for netbsd-2 and
netbsd-3 branches.

~BAS

On Wed, February 21, 2007 6:51 pm, Okan Demirmen wrote:
> On Wed 2007.02.21 at 18:16 -0500, forest  wrote:
>> On 2/21/07, Mikel King <mikel.king at techally.com> wrote:
>> >
>> >installing misc/zoneinfo port and rerun tzsetup will also correct the
>> >issue.
>>
>>
>> Just wanted to add I'm also interested in how Net & Open are handling
>> this.
>> If anyone has any links or knows how.
>
> http://www.openbsd.org/errata.html
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


-- 
l8r* --
    ~ Brian A. Seklecki

"From back in the heady days when 'Help Desk' meant nothing, 'Disk Quota'
meant everything, and lives could be bought and sold for a couple of pages
of laser printout...and frequently were."



From o_sleep at belovedarctos.com  Wed Feb 21 20:21:56 2007
From: o_sleep at belovedarctos.com (Bjorn Nelson)
Date: Wed, 21 Feb 2007 20:21:56 -0500
Subject: [nycbug-talk] Day Light Savings time changes on March 11
In-Reply-To: <F197720C-9FBA-42A7-B43F-A3085D63FE7C@techally.com>
References: <F197720C-9FBA-42A7-B43F-A3085D63FE7C@techally.com>
Message-ID: <6772281A-8970-4692-9B48-8018446F891C@belovedarctos.com>

All,

On Feb 21, 2007, at 2:43 PM, Mikel King wrote:

> installing misc/zoneinfo port and rerun tzsetup will also correct  
> the issue.

Just thought I would add to this, jre's need to be upgraded as well.   
Those supporting the US dst changes: 1.3.1_18, 1.4.2_11, 5.0_u6, 6
http://java.sun.com/developer/technicalArticles/Intl/USDST_Faq.html

-Bjorn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070221/b50fa74b/attachment.htm>

From af.dingo at gmail.com  Thu Feb 22 06:41:36 2007
From: af.dingo at gmail.com (Jeff Quast)
Date: Thu, 22 Feb 2007 06:41:36 -0500
Subject: [nycbug-talk] Soekris/Wireless Recommendations
In-Reply-To: <5378D4B4-6E91-4DF8-8D47-6B3BDDFF93C7@ocsny.com>
References: <20070221072102.GA20794@SDF.LONESTAR.ORG>
	<5378D4B4-6E91-4DF8-8D47-6B3BDDFF93C7@ocsny.com>
Message-ID: <c1feb8190702220341v14124ba5q7f7f74c34ccbdd64@mail.gmail.com>

On 2/21/07, Michael Hernandez <mhernandez at ocsny.com> wrote:
>
> On Feb 21, 2007, at 2:21 AM, Jonathan C. Allen wrote:
>
> > I want to replace my home wireless router with a Soekris box
> > most likely running monowall.  Anyone have hardware recommendations
> > for this?
>
> The soekris box you choose depends... I suggest not getting one with
> a pci slot - it's really not very useful and there are many mini-pci
> cards that handle the wireless work just fine.
>

the pci slots on the soekris scare me. I've heard tell far too many
people burn their boards by plugging in the wrong card the wrong
direction. If I get a soekris to replace my wrap (need a pcmcia slot),
I'll be getting one without pci.

May just go with a via c3 anyway for my needs...


From rockmy11 at yahoo.com  Thu Feb 22 07:22:44 2007
From: rockmy11 at yahoo.com (pretty pretty)
Date: Thu, 22 Feb 2007 04:22:44 -0800 (PST)
Subject: [nycbug-talk] hi everyone!!
Message-ID: <95461.54113.qm@web62104.mail.re1.yahoo.com>

Hi guys.

Just want to say hi..

I'm contactable at rockmy11 at yahoo.com

rockmy11 at yahoo.com

 
---------------------------------
Bored stiff? Loosen up...
Download and play hundreds of games for free on Yahoo! Games.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070222/1d6d7915/attachment.htm>

From lavalamp at spiritual-machines.org  Thu Feb 22 11:05:27 2007
From: lavalamp at spiritual-machines.org (Brian A. Seklecki)
Date: Thu, 22 Feb 2007 11:05:27 -0500 (EST)
Subject: [nycbug-talk] Soekris/Wireless Recommendations
In-Reply-To: <c1feb8190702220341v14124ba5q7f7f74c34ccbdd64@mail.gmail.com>
References: <20070221072102.GA20794@SDF.LONESTAR.ORG>
	<5378D4B4-6E91-4DF8-8D47-6B3BDDFF93C7@ocsny.com>
	<c1feb8190702220341v14124ba5q7f7f74c34ccbdd64@mail.gmail.com>
Message-ID: <20070222110309.B84901@arbitor.digitalfreaks.org>

On Thu, 22 Feb 2007, Jeff Quast wrote:

>>> most likely running monowall.  Anyone have hardware recommendations

It is odd that you should ask...I'm putting together a list of 
vendors/OEMs.

Hopefully I'll be able to build/maintain a list of *BSD-friendly vendors / 
manufacturers a la linuxdevices.com at the bsd-appliance project:

http://code.google.com/p/bsd-appliance/wiki/HardwareVendors

~BAS


From pete at nomadlogic.org  Thu Feb 22 11:12:04 2007
From: pete at nomadlogic.org (Pete Wright)
Date: Thu, 22 Feb 2007 11:12:04 -0500
Subject: [nycbug-talk] Soekris/Wireless Recommendations
In-Reply-To: <20070221072102.GA20794@SDF.LONESTAR.ORG>
References: <20070221072102.GA20794@SDF.LONESTAR.ORG>
Message-ID: <20070222161201.GA25995@sunset.nomadlogic.org>

On Wed, Feb 21, 2007 at 07:21:02AM +0000, Jonathan C. Allen wrote:
> I want to replace my home wireless router with a Soekris box
> most likely running monowall.  Anyone have hardware recommendations
> for this?  The net4826 looks good, but I'm not sure what
> kind of wireless hardware I need to add to the box.
> 
> Also, can anyone recommend good wireless cards for use with *BSD?
> I'm looking for a decent pcmcia card for laptops and may need some
> pci cards for mini-itx boxes soon.
> 

looks like Soren has released the net5501 which looks like a nice
upgrade from the 4501 i've been running w/o issues for the past several
years (since '03 i think...).  I would not hesitate to email one of the
soekris engineering tech lists (soekris-tech@).  It also looks like
there is a list of vendors that sell soekris compatible cards...the
www.metrix.net site seems to have some decent minipci cards supporting
802.11B/G


-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From george at ceetonetechnology.com  Thu Feb 22 11:16:20 2007
From: george at ceetonetechnology.com (George R.)
Date: Thu, 22 Feb 2007 11:16:20 -0500
Subject: [nycbug-talk] Soekris/Wireless Recommendations
In-Reply-To: <20070222110309.B84901@arbitor.digitalfreaks.org>
References: <20070221072102.GA20794@SDF.LONESTAR.ORG>	<5378D4B4-6E91-4DF8-8D47-6B3BDDFF93C7@ocsny.com>	<c1feb8190702220341v14124ba5q7f7f74c34ccbdd64@mail.gmail.com>
	<20070222110309.B84901@arbitor.digitalfreaks.org>
Message-ID: <45DDC1D4.1010503@ceetonetechnology.com>

Brian A. Seklecki wrote:
> On Thu, 22 Feb 2007, Jeff Quast wrote:
> 
>>>> most likely running monowall.  Anyone have hardware recommendations
> 
> It is odd that you should ask...I'm putting together a list of 
> vendors/OEMs.
> 
> Hopefully I'll be able to build/maintain a list of *BSD-friendly vendors / 
> manufacturers a la linuxdevices.com at the bsd-appliance project:
> 
> http://code.google.com/p/bsd-appliance/wiki/HardwareVendors
> 
> ~BAS

Interesting Brian . . .

We've had a number of discussions on composing a public NYCBUG list of
hardware that is BSD-friendly and compatible.  . but as developers from
the projects themselves know, this is a nightmare particularly when it
comes to undocumented revision changes, firmware upgrades, etc.

However, it would probably be more useful to take your approach, which
is to look at the actual manufacturers, although no approach is perfect.

The best place, IMHO, is still each project's hardware compatibility
list, and things should be fine. . .

It would be nice if the project developers weren't forced to be tails on
the asses and the manufacturers played nice, of course.

Frankly, it might even be useful to list prepackaged OEM boxes by model
numbers and all to simplify for some.  For instance, we know that you
can't go wrong with this Dell Optiplex model number, as a shortcut.

Certainly dmesgd on our www site helps to some extent.

And the undocumented changes, however, remain the big unknown. . .

George


From dlavigne6 at sympatico.ca  Sat Feb 24 10:10:56 2007
From: dlavigne6 at sympatico.ca (Dru)
Date: Sat, 24 Feb 2007 10:10:56 -0500 (EST)
Subject: [nycbug-talk] OpenBSD 4.0 Crash Course
Message-ID: <20070224100945.I635@dru.domain.org>


I doubt anyone has heard of the latest (pdf) BSD book published by 
O'Reilly so here is a link to my review of it:

http://blogs.ittoolbox.com/unix/bsd/archives/the-openbsd-40-crash-course-14715

Dru


From george at ceetonetechnology.com  Sat Feb 24 10:26:01 2007
From: george at ceetonetechnology.com (George R.)
Date: Sat, 24 Feb 2007 10:26:01 -0500
Subject: [nycbug-talk] OpenBSD 4.0 Crash Course
In-Reply-To: <20070224100945.I635@dru.domain.org>
References: <20070224100945.I635@dru.domain.org>
Message-ID: <45E05909.6090709@ceetonetechnology.com>

Dru wrote:
> I doubt anyone has heard of the latest (pdf) BSD book published by 
> O'Reilly so here is a link to my review of it:
> 
> http://blogs.ittoolbox.com/unix/bsd/archives/the-openbsd-40-crash-course-14715
> 
> Dru

It was razed on Undeadly a while back. . . .

http://tinyurl.com/32qvvb

George


From george at ceetonetechnology.com  Mon Feb 26 22:23:37 2007
From: george at ceetonetechnology.com (George R.)
Date: Mon, 26 Feb 2007 22:23:37 -0500
Subject: [nycbug-talk] FreeNAS
Message-ID: <45E3A439.1090605@ceetonetechnology.com>

In the fall there were some discussions about FreeNAS by Pete. . .

Ike came back with some insight, but I'm wondering now if there are more
experiences that they and others have had.

It would be a nice extra tool for us in the very near future, and live
experiences are appreciated.

George


From spork at bway.net  Tue Feb 27 00:55:08 2007
From: spork at bway.net (Charles Sprickman)
Date: Tue, 27 Feb 2007 00:55:08 -0500 (EST)
Subject: [nycbug-talk] setting php.ini from httpd.conf
Message-ID: <Pine.OSX.4.64.0702270045520.289@white.nat.fasttrackmonkey.com>

Hi all,

I currently have the need to run a few instances of apache on one host. 
This is now very simple with the apache20 port in FreeBSD - the rc.d 
script allows you to start up multiple instances of apache like so:

apache2_enable="YES"
apache2_profiles="foo bar"
apache2ssl_foo_enable="YES"
apache2ssl_bar_enable="YES"
apache2_foo_configfile="/usr/local/etc/apache2/httpd-foo.conf"
apache2_bar_configfile="/usr/local/etc/apache2/httpd-bar.conf"

Works great.

However I want to run php in both and I want to have each read a different 
php.ini.  I've been googling my brains out on this, and digging through 
the php docs, but I'm not seeing a way to do this.  The php docs mention 
how you can set some php.ini values, but no info on telling it to load an 
entirely different php.ini:

http://us3.php.net/configuration.changes

Setting environment values in apache has no effect on this either unless 
you are running php as a cgi.  I saw some random posts about throwing a 
php.ini in the server and/or doc root, but that seems to do nothing (and 
both apache instances need the same doc root/server root anyhow).

I'm baffled, as this seems like something that would be pretty common, no?

Thanks,

Charles


From jba at analogue.net  Tue Feb 27 01:35:51 2007
From: jba at analogue.net (jeffrey.arnold)
Date: Tue, 27 Feb 2007 01:35:51 -0500 (EST)
Subject: [nycbug-talk] setting php.ini from httpd.conf
In-Reply-To: <Pine.OSX.4.64.0702270045520.289@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0702270045520.289@white.nat.fasttrackmonkey.com>
Message-ID: <Pine.LNX.4.64.0702270133290.25037@phase.nyc.analogue.net>

On Tue, 27 Feb 2007, Charles Sprickman wrote:

> However I want to run php in both and I want to have each read a different
> php.ini.

In your apache config file:

PHPIniDir '/path/to/php/conf/php-foo.ini'

I usually stick these in my <VirtualHost> config segments.

Best,
-jba
__
  [jba at analogue.net] :: analogue.networks.nyc :: http://analogue.net


From spork at bway.net  Tue Feb 27 02:17:42 2007
From: spork at bway.net (Charles Sprickman)
Date: Tue, 27 Feb 2007 02:17:42 -0500 (EST)
Subject: [nycbug-talk] setting php.ini from httpd.conf
In-Reply-To: <Pine.LNX.4.64.0702270133290.25037@phase.nyc.analogue.net>
References: <Pine.OSX.4.64.0702270045520.289@white.nat.fasttrackmonkey.com>
	<Pine.LNX.4.64.0702270133290.25037@phase.nyc.analogue.net>
Message-ID: <Pine.OSX.4.64.0702270217050.289@white.nat.fasttrackmonkey.com>

On Tue, 27 Feb 2007, jeffrey.arnold wrote:

> On Tue, 27 Feb 2007, Charles Sprickman wrote:
>
>> However I want to run php in both and I want to have each read a different
>> php.ini.
>
> In your apache config file:
>
> PHPIniDir '/path/to/php/conf/php-foo.ini'
>
> I usually stick these in my <VirtualHost> config segments.

Thanks!  Works like a charm.

May I ask you where you found that?  Searching "phpinidir" on php.net 
turns up nothing...

Thanks,

Charles

> Best,
> -jba
> __
> [jba at analogue.net] :: analogue.networks.nyc :: http://analogue.net
>


From jba at analogue.net  Tue Feb 27 02:31:42 2007
From: jba at analogue.net (jeffrey.arnold)
Date: Tue, 27 Feb 2007 02:31:42 -0500 (EST)
Subject: [nycbug-talk] setting php.ini from httpd.conf
In-Reply-To: <Pine.OSX.4.64.0702270217050.289@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0702270045520.289@white.nat.fasttrackmonkey.com>
	<Pine.LNX.4.64.0702270133290.25037@phase.nyc.analogue.net>
	<Pine.OSX.4.64.0702270217050.289@white.nat.fasttrackmonkey.com>
Message-ID: <Pine.LNX.4.64.0702270226190.25037@phase.nyc.analogue.net>

On Tue, 27 Feb 2007, Charles Sprickman wrote:

> Thanks!  Works like a charm.
>

Glad i could help.

> May I ask you where you found that?  Searching "phpinidir" on php.net turns 
> up nothing...
>

One of my co-workers and i wandering through the sources about 2 years 
ago. :-) It is actually documented in the runtime configuration part of 
the php install guide now though:

http://www.php.net/manual/en/configuration.php

Best,
-jba
__
  [jba at analogue.net] :: analogue.networks.nyc :: http://analogue.net


From lavalamp at spiritual-machines.org  Wed Feb 28 15:49:32 2007
From: lavalamp at spiritual-machines.org (Brian A. Seklecki)
Date: Wed, 28 Feb 2007 15:49:32 -0500 (EST)
Subject: [nycbug-talk] OpenBSD 4.0 + VMware Server
In-Reply-To: <20070214222426.GB86694@sixshooter.v6.thrupoint.net>
References: <Pine.OSX.4.64.0702141847300.14179@white.nat.fasttrackmonkey.com>
	<20070214222426.GB86694@sixshooter.v6.thrupoint.net>
Message-ID: <20070228154812.V84901@arbitor.digitalfreaks.org>


FYI I'm able to simulate this behavior under *very* high host-system CPU 
load (NetBSD build.sh w/ -j10 on GNU/Linux host running VMWare Server) 
-- 2.6ghz CPU?

~BAS

On Wed, 14 Feb 2007, Jim Brown wrote:

> * Charles Sprickman <spork at bway.net> [2007-02-14 19:50]:
>> Hi all,
>>
>> Anyone had success with the above combo?
>>
>> I've had no problems with it booting, but during the install I'm having an


From lavalamp at spiritual-machines.org  Wed Feb 28 15:53:28 2007
From: lavalamp at spiritual-machines.org (Brian A. Seklecki)
Date: Wed, 28 Feb 2007 15:53:28 -0500 (EST)
Subject: [nycbug-talk] setting php.ini from httpd.conf
In-Reply-To: <Pine.OSX.4.64.0702270045520.289@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0702270045520.289@white.nat.fasttrackmonkey.com>
Message-ID: <20070228155038.D84901@arbitor.digitalfreaks.org>

On Tue, 27 Feb 2007, Charles Sprickman wrote:

> Hi all,
>
> I currently have the need to run a few instances of apache on one host.

FYI Bill and I are experimening with a modified version of that script for 
Slony-I for replicating unique tablesets (multiple-client configurations, 
where different databases require different authentication credentials and 
PostgreSQL connect strings)

(watch out for browswer CR/LF problems):

http://people.collaborativefusion.com/~seklecki/slon.in-profiles