me:
morning
what’s your opinion about javascript?

me:
hmm ok you’re on the same line as sans

http://isc.sans.org/diary.html?storyid=2457&rss

me:
i am “discovering” javascript the last months
(i know, 10 years late)
i think it rocks.
makes me totally reconsider the way webpages could work
building a part now where ppl can make teams, by drag and dropping members
without a single page refresh.

me:
yh i heard the 3.0 for the first time this week
what’s 3.0 btw?
no internet? borg?

me @ 07:15
like 2.0 is
gmta, rofl

Update
Another friend pointed me (after reading the above> to this userfriendly cartoon…

The missing link turned out to be using the “-r ” option in saslauthd.sh.
From the saslauthd man pages:

     -r      Combine the realm with the login (with an '@' sign in between).
             e.g.  login: "foo" realm: "bar" will get passed as login:
             "foo@bar".  Note that the realm will still be passed, which may
             lead to unexpected behavior.

On freeBSD, add this to rc.conf:

saslauthd_flags="-r -a getpwent"

And in /usr/local/lib/sasl2/smtpd.conf:

sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sql_engine: mysql
mech_list: login plain crammd6 digestmd5
sql_user: sql-user
sql_passwd: sql-pass
sql_database: postfix
sql_select: SELECT clear FROM postfix_users WHERE email = '%u@%r'
sql_verbose: yes

And don’t forget to restart the saslauthd after editing this file.

# saslauthd -v
saslauthd 2.1.21
authentication mechanisms: sasldb getpwent kerberos5 pam rimap

A couple of years ago we had a fire in our mission-control room, and we made some pictures. The final thing i’ve done 5 minutes ago with my root-account was scp-ing the fire pictures to gargleblaster.org.

So long and thanks for all the fish…

The pictures…subtitles are in Dutch.
The real amazing thing is that all those computers are still up and running.

The difference between priviliged useraccount and a “jailed” useraccount is a dot in the path of the home directory, for example: “/Users/./username”.

Being a little bit under stress and having not very much time, I couldn’t recall how to do that with OS X serveradmin.
Very frustrating. Googling and digging through the manuals didn’t give the answer where I was looking for.
Am I the only one who prefers the plain old /etc/passwd above netinfo?

But…today I recalled how I did it before.
And it’s so simple….(after mucking around with obscure CLI commands like nicl and serversetup)


clock timezone CET 01
clock summer-time CET recurring last Sunday March 2:00 last Sunday october 2:00
ntp server i.p.a.dr source interface
ntp server i.p.a.dr source interface


The clock timezone command is tricky…You have to specify your own timezone AND the offset against UTC.
A list of timezone abbr. which Cisco uses can be found here.

# show clock detail
09:27:34.357 CET Sun Mar 27 2005
Time source is NTP
Summer time starts 02:00:00 CET Sun Mar 27 2005
Summer time ends 02:00:00 CET Sun Oct 30 2005


Setup is easy. See this article on TaoSecurity.
After installing it boils down to this:

cd /usr/ports
portsnap fetch
portsnap update
make fetchindex
portsdb -u
portversion -v -l “<”
Check /usr/ports/UPDATING for information relating to my applications
portupgrade -varR

Total control :)

Transmit 3
Pix OS 7 (well, announced at least)
Wordpress 1.5

Transmit 3 have I bought today.
PIXos 7 will be a free upgrade (SMARTnet to the rescue)
Wordpress…2 out of 3 blogs already updated, gargleblaster will follow this weekend.

Transmit 3 kicks ass. Still clicking through the different new options. I know I’m going to love the “DockSend” option.
A year ago I thought that a graphical (s)FTP client was for lusers, but since my colo I couldn’t live without Transmit.

This took me more than 5 minutes. How to empty a postfix mailque completly:


postsuper -d ALL


It’s not in the manual.

Two other simple mechanisms which you could implement are:

1) restricting allowed useraccounts. Esp. if you don’t have a very common username like Jack or John:

AllowUsers secretuser othersecretuser@192.168.3.*

By adding the ipaddress you only allow login from that particular ipaddress for that particular user.

2) rectrict the number of tries for password guessing

MaxStartups 10:30:60


From the manpages:

Specifies the maximum number of concurrent unauthenticated con-
nections to the sshd daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.

Alternatively, random early drop can be enabled by specifying the
three colon separated values “start:rate:full” (e.g.,
“10:30:60″). sshd will refuse connection attempts with a proba-
bility of “rate/100” (30%) if there are currently “start”
(10) unauthenticated connections. The probability increases lin-
early and all connection attempts are refused if the number of
unauthenticated connections reaches “full” (60).

read more at this blogentry at ap-lawrence.

Enabling serial console with panther is very easy. If you know where to look.


/System/Library/StartupItems/SerialTerminalSupport/SerialTerminalSupport


Read this file. It has lots of information about the serial port.

After reading it, enter:

/System/Library/StartupItems/SerialTerminalSupport/SerialTerminalSupport start


This should enable console access. However not in my case. I have to connect through a console server at my colo, which operates at 9600. Apple enables a 57600 baudrate by default.

vi /etc/ttys


Look for the following line:

tty.serial "/usr/libexec/getty serial.57600" vt100 on secure

And change this to

tty.serial "/usr/libexec/getty serial.9600" vt100 on secure


give a

/System/Library/StartupItems/SerialTerminalSupport/SerialTerminalSupport restart


And I was able to connect.

If I had discovered the above earlier, I had saved myself for driving to my CoLo serverroom a couple weeks ago when I made a mistake with remotly configuring my en0.