Search Results

Search found 18489 results on 740 pages for 'which key'.

Page 310/740 | < Previous Page | 306 307 308 309 310 311 312 313 314 315 316 317  | Next Page >

• Running multiple copies of openssh-server (sshd) on Ubuntu

  - by cecilkorik

  I may be attacking this problem the wrong way, if so let me know. I have a server which is available through SSH from both the public internet and the local LAN. I would like to have two very different security policies for each, by running two copies of sshd with two different sshd_config files each on a different port. Some of the things I'd like to change is to allow password or public-key authentication on the LAN, but public-key only from the internet. All (real) users could login from the LAN side, but only certain authorized users would be individually whitelisted to login through the internet. As far as I can tell this requires having two different SSH daemons running on different ports with different sshd_configs. I am fine with the different ports part, I can easily forward port 22 to any port I want through my firewall. So my question is what is the best way to actually START the second sshd under Ubuntu 10.04 LTS. Is there a recommended way to do something like this? Surely I am not the first person with this sort of need. I have a bit of experience with upstart, and I can manually hack the second sshd into /etc/init/ssh.conf I suppose but I'm not sure if that will get overwritten by the package. However I do it, It's important to ensure both sshd processes always get restarted after any automatic or manual upgrade of the openssh-server package. Thanks in advance.

  Read the article

• How to make gpg2 flush the stream?

  - by Vi

  I want to get some slowly flowing data saved in encrypted form at the device which can be turned off abruptly. But gpg2 seems to not to flush it's output frequently and I get broken files when I try to read such truncated file. vi@vi-notebook:~$ cat asdkfgmafl asdkfgmafl ggggg ggggg 2342 2342 cat behaves normally. I see the output right after input. vi@vi-notebook:~$ gpg2 -er _Vi --batch ?pE??x...(more binary data here)....???-??.... asdfsadf 22223 sdfsdfasf Still no data... Still no output... ^C gpg: signal Interrupt caught ... exiting vi@vi-notebook:~$ gpg2 -er _Vi --batch /tmp/qqq skdmfasldf gkvmdfwwerwer zfzdfdsfl ^\ gpg: signal Quit caught ... exiting Quit vi@vi-notebook:~$ gpg2 " 2048-bit ELG key, ID 78F446CA, created 2008-01-06 (main key ID 1735A052) gpg: [don't know]: 1st length byte missing vi@vi-notebook:~$ # Where is my "skdmfasldf" How to make gpg2 to handle such case? I want it to put enough output to reconstruct each incoming chunk of input. (Also fsyncing after each output can be benefitial as an additional option). Should I use other tool (I need pubkey encryption).

  Read the article

• Autounmounting USB keys with FAT filesystem on Linux (RHEL5)

  - by niXar

  For security reasons, I have two workstations i front of me, and I can only transfer data between them through a USB key. As you can imagine, it can get quickly tiresome, but the most annoying is having to unmount the things before removing them. Not umounting them results in missing files most of the time, even if I remove them a while after having last written to them. Now, since they're only used for transferring smallish files, and each are basically written once and read once, I don't need the fancy pansy caching infrastructure that makes clean unmounting a necessary step. And since the data is always a copy of something I have at hand, I don't care if the filesystem croaks from time to time. But anyway the system doesn't need to force that on me, it could simply make sure everything is committed with a second, and works synchronously. Then when I remove the key, nothing is lost. Is there a way to do this? I would appreciate any other tips on handling this situation. Edit: it appears the situation has changed between RHEL5 and Fedora up to F11 on one hand, and F12 on the other. The latter use DeviceKit-disk, and I haven't quite figured out how to do this. The method provided below in gconf does not work anymore.

  Read the article

• Freebsd jail for an small company - checklist - what shouldn't forget

  - by cajwine

  Looking for an checklist for an "small company freebsd/jail server". Having pretty common starting point: FreeBSD jail (remote/headless) for the company: public web, email, ftp server, and private (maybe in the future partially public) wiki (foswiki) 4 physical persons, (6 email addresses) + one admin - others will never use ssh) have already done usual hardening on the host side (like pf, sshguard etc). my major components are: dovecot, exim, apache22, proftpd, perl5.14. Looking for an checklist, what I shouldn't forget. My plan: openssl self-signed certificates for exim, dovecot and proftpd (wildcard keys) openssl self-signed certificate for apache (later will go for "trusted-signed" key) My questions are: is is an "good practice" having one pair of wildcard SSL-certificates for many programs? (exim, dovecot, proftpd) - or should I generate one key for each service? should I add all 4 persons as standard (unix) users, or I should go with virtual users? Asking because: have only small count of users, and it is more simple to configure everything (exim, dovecot) for local users ($HOME/Maildir), plus ability to set $HOME/.forward/vacation and etc. is here some (special) things what I should consider? (e.g. maybe, in the future we want setup our own webmail - will make this any difference?) any other recommendation? Thank you, hoping that this question fit into the http://serverfault.com/faq under the: Server and Business Workstation operating systems, hardware, software Operations, maintenance, and monitoring Looking for an checklist, but please explain why you're recommending it. See Good Subjective, Bad Subjective. related: What's your suggested mail server configuration for a FreeBSD server?

  Read the article

• _default_ VirtualHost overlap on port 443, the first has precedence

  - by Mohit Jain

  I have two ruby on rails 3 applications running on same server, (ubuntu 10.04), both with SSL. Here is my apache config file: <VirtualHost *:80> ServerName example1.com DocumentRoot /home/me/example1/production/current/public </VirtualHost> <VirtualHost *:443> ServerName example1.com DocumentRoot /home/me/example1/production/current/public SSLEngine on SSLCertificateFile /home/me/example1/production/shared/example1.crt SSLCertificateKeyFile /home/me/example1/production/shared/example1.key SSLCertificateChainFile /home/me/example1/production/shared/gd_bundle.crt SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM </VirtualHost> <VirtualHost *:80> ServerName example2.com DocumentRoot /home/me/example2/production/current/public </VirtualHost> <VirtualHost *:443> ServerName example2.com DocumentRoot /home/me/example2/production/current/public SSLEngine on SSLCertificateFile /home/me/example2/production/shared/iwanto.crt SSLCertificateKeyFile /home/me/example2/production/shared/iwanto.key SSLCertificateChainFile /home/me/example2/production/shared/gd_bundle.crt SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM </VirtualHost> Whats the issue: On restarting my server it gives me some output like this: * Restarting web server apache2 [Sun Jun 17 17:57:49 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence ... waiting [Sun Jun 17 17:57:50 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence On googling why this issue is coming I got something like this: You cannot use name based virtual hosts with SSL because the SSL handshake (when the browser accepts the secure Web server's certificate) occurs before the HTTP request, which identifies the appropriate name based virtual host. If you plan to use name-based virtual hosts, remember that they only work with your non-secure Web server. But not able to figure out how to run two ssl application on same server. Can any one help me?

  Read the article

• Switching from Onboard intel to Nvidia Dedicated GPU

  - by Anarkie

  How can I switch from Intel onboard grpahics to Nvidia Dedicated GPU? When I go to windows screen resolution I see intel. I cant change it. I go to Device Manager, I see both Adapters are there and Nvidia is known.I disabled intel, I didnt see any option to set one as primary so I disabled intel, black screen!Reboot and re-enable intel. I right click on the desktop, choose "Nvidia Control Panel" and on 3D options I chose the desired game I want to play, High performance Nvidia, but it didnt switch when I started the game. Then I made preferred GPU in the global settings High performance Nvidia for everything it still didnt change.I understand to save the battery etc. there is a switch option between these two but I dont see this switch when it is necessary, I cant also switch manually?Is there a manual switch FN key?I looked but couldnt find. Why I want to do this? 1) Better game peformance. 2) I want to play an old game from 2002(Diablo 2 LOD), when I start the game there are black bars on the sides, so screen becomes just smaller which I dislike!I heard this is intel's specification to center the display.But instead I would like to scale or expand it to fit widescreen(fullscreen).Which should be possible with Nvidia. My Notebook Specs: Fujitsu Lifebook AH531, Win7 , 64 bit, i5, intel HD graphics onboard, Nvidia GT 525. I didnt install Nvidia later, it was always installed and ready from the moment I turned on the computer first time. How I determined that the cards werent switched when I am playing the game: with the windows key I exited from the game, then looked at screen resolutions menu, still saw intel, also the game was still with black bars.I know intel GPU should enough for Diablo 2 but I am interested in this answer for further games, I dont always play Diablo, what if I install an up to date game for example?Then Intel will not be sufficient.I would like to learn the switch option.

  Read the article

• System occasionally hangs boot process with SLES 11

  - by ThaMe90

  I have several (new) systems on which I had to install SLES11 on. However, after a few (though not every) reboots, the system hangs during the boot sequence. It will only continue after I physically press a key on the keyboard. From what I've found in the dmesg log from a failed boot is the following: [ 22.170276] sd 0:0:0:0: [sda] Mode Sense: b7 00 00 08 [ 22.171155] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 22.182760] sda: sda1 sda2 sda3 [ 22.383424] sd 0:0:0:0: [sda] Attached SCSI disk [ 22.545372] PM: Marking nosave pages: 000000000009a000 - 0000000000100000 [ 22.545377] PM: Marking nosave pages: 00000000bf780000 - 0000000100000000 [ 22.546217] PM: Basic memory bitmaps created [ 22.590380] PM: Basic memory bitmaps freed [ 22.596284] PM: Starting manual resume from disk [ 22.602319] PM: Resume from partition 8:1 [ 22.602321] PM: Checking hibernation image. [ 22.602479] PM: Error -22 checking image file [ 22.602481] PM: Resume from disk failed. [ 22.718727] kjournald starting. Commit interval 15 seconds [ 22.718960] EXT3-fs (sda3): using internal journal [ 22.718964] EXT3-fs (sda3): mounted filesystem with ordered data mode [ 1555.644404] udevd version 128 started [ 1555.697664] input: Power Button as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input0 [ 1555.707961] ACPI: Power Button [PWRB] I've looked around the internet for the PM: Resume from disk failed. message, but this seems to only be important when restoring the system after a hybernate, i.e. restore from the hdd. But this is not my situation. I only get this after a reboot, as I said before. The timestamp [ 1555.xxxxxx] is only the result of me pressing a key on the keyboard. Any suggestions on how to proceed? As I am getting stuck on this issue.

  Read the article

• Rewrite a url on Nginx

  - by Ido B

  I tried to use this - location / { root /path.to.app/; index index.php index.html; rewrite ^/(.*)$ /check_register.php?key=$1 break; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /path.to.app/$fastcgi_script_name; include fastcgi_params; } And its didn't work , This is my full config - user www-data www-data; worker_processes 4; events { worker_connections 3072; } http { include mime.types; default_type application/octet-stream; access_log off; sendfile on; tcp_nopush on; tcp_nodelay off; keepalive_timeout 15; gzip on; gzip_comp_level 3; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } location / { root /path.to.app/; index index.php index.html; rewrite ^/(.*)$ /check_register.php?key=$1 break; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /path.to.app/$fastcgi_script_name; include fastcgi_params; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } include /usr/local/nginx/sites-enabled/*; } How can i make it work?

  Read the article

• Error code 1005 (errno: 121) upon create table while restoring MySQL database from a dump

  - by Jonathan

  I have a linux prod machine and a Win7 64bit dev machine. My workflow includes dumping the production MySQL database on the linux machine and restoring it in my local MySQL database on the windows machine (using SQLyog). This worked fine for a long time. Following some trouble, I formatted and reinstalled my windows dev machine. Since then I'm unable to restore the db on it. I keep receiving the following error: Query: CREATE TABLE `auth_group` ( `id` int(11) NOT NULL auto_increment, `name` varchar(80) collate utf8_unicode_ci NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci Error occured at:2010-06-26 17:16:14 Line no.:30 Error Code: 1005 - Can't create table 'ap_site.auth_group' (errno: 121) Notice that this is the first create table statement in the sql dump file. This error occurs both on MySQL Community Server 5.1.41 and 5.1.48 and with SQLyog Community 8.0.4 and 8.5.1. I really don't know what's different in my configuration from before the reinstall and now and why does it have this effect. Restoring from sql dump is something I need to keep on doing, so I need a permanent fix and not a tailored workaround.

  Read the article

• bind would not work unless allow-query is "any"

  - by adrianTNT

  I have this in /etc/named.conf, I commented the default values and set my own under it. My domain would not load in browser unless I set allow-query to "any", is this OK, what should I edit? If is localhost or 127.0.0.1; 10.0.1.0/24; domain would not load. I tried the 127.. thing because it mentioned it here: http://wiki.mandriva.com/en/Testing:Bind Bind version is 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 OS is CentOS 6.0. options { // listen-on port 53 { 127.0.0.1; }; listen-on port 53 { any; }; //listen-on-v6 port 53 { ::1; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; //allow-query { localhost; }; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; };

  Read the article

• AHCI, Windows 7 and can only boot with Windows DVD present

  - by Rob Pridham

  Foolishly, I installed Windows 7 with my new SSD set to IDE. I would like to change it to AHCI. I have done this before, with a different motherboard. What happens: I set the controller to AHCI in the BIOS; I also check correct boot order On boot, I get the 'BOOTMGR not found' error I use the Windows Recovery Console on the DVD Diskpart etc can see the disks, and bootrec claims to have rewritten the MBR/bootloader I reboot, same problem Recovery Console again and it detects a problem, fixes, reboots Recovery Console again and it detects the OS, and a problem - fixes, reboots I ignore the 'press any key to boot from DVD' prompt Windows boots fine I restart without the DVD and I'm back to square one That optional 'press a key to boot from DVD' stage is something that the recovery process introduces - normally you have to choose to boot to the DVD at the BIOS stage. You also see this when installing Windows. I suspect that whatever temporary state that is is compatible with AHCI - but not the standard it returns to. I have done the msahci/iaStorV registry hacks to no avail (this worked with the previous board). I can put it back to IDE where normal service is resumed. The board is an Asus M5A99X, the southbridge is AMD SB950, and this is Windows 7 x64. I would quite like not to have to reinstall it again. Any ideas as to what I can do as a permanent fix?

  Read the article

• Server slowdown

  - by Clinton Bosch

  I have a GWT application running on Tomcat on a cloud linux(Ubuntu) server, recently I released a new version of the application and suddenly my server response times have gone from 500ms average to 15s average. I have run every monitoring tool I know. iostat says my disks are 0.03% utilised mysqltuner.pl says I am OK other see below top says my processor is 99% idle and load average: 0.20, 0.31, 0.33 memory usage is 50% (-/+ buffers/cache: 3997 3974) mysqltuner output [OK] Logged in using credentials from debian maintenance account. -------- General Statistics -------------------------------------------------- [--] Skipped version check for MySQLTuner script [OK] Currently running supported MySQL version 5.1.63-0ubuntu0.10.04.1-log [OK] Operating on 64-bit architecture -------- Storage Engine Statistics ------------------------------------------- [--] Status: +Archive -BDB -Federated +InnoDB -ISAM -NDBCluster [--] Data in MyISAM tables: 370M (Tables: 52) [--] Data in InnoDB tables: 697M (Tables: 1749) [!!] Total fragmented tables: 1754 -------- Security Recommendations ------------------------------------------- [OK] All database users have passwords assigned -------- Performance Metrics ------------------------------------------------- [--] Up for: 19h 25m 41s (1M q [28.122 qps], 1K conn, TX: 2B, RX: 1B) [--] Reads / Writes: 98% / 2% [--] Total buffers: 1.0G global + 2.7M per thread (500 max threads) [OK] Maximum possible memory usage: 2.4G (30% of installed RAM) [OK] Slow queries: 0% (1/1M) [OK] Highest usage of available connections: 34% (173/500) [OK] Key buffer size / total MyISAM indexes: 16.0M/279.0K [OK] Key buffer hit rate: 99.9% (50K cached / 40 reads) [OK] Query cache efficiency: 61.4% (844K cached / 1M selects) [!!] Query cache prunes per day: 553779 [OK] Sorts requiring temporary tables: 0% (0 temp sorts / 34K sorts) [OK] Temporary tables created on disk: 4% (4K on disk / 102K total) [OK] Thread cache hit rate: 84% (185 created / 1K connections) [!!] Table cache hit rate: 0% (256 open / 27K opened) [OK] Open file limit used: 0% (20/2K) [OK] Table locks acquired immediately: 100% (692K immediate / 692K locks) [OK] InnoDB data size / buffer pool: 697.2M/1.0G -------- Recommendations ----------------------------------------------------- General recommendations: Run OPTIMIZE TABLE to defragment tables for better performance MySQL started within last 24 hours - recommendations may be inaccurate Enable the slow query log to troubleshoot bad queries Increase table_cache gradually to avoid file descriptor limits Variables to adjust: query_cache_size (> 16M) table_cache (> 256)

  Read the article

• How to setup the Mac OS X Terminal so it's *just peachy*?

  - by kch

  Hi all, My Terminal is awesome, has every detail just right (for me anyway), and now I'm setting up a few new macs around here and I have no idea whatsoever how to get their terminals to a pretty state. My user account is rather old, has been migrated over many OS X releases and machines, so my Terminal setup has grown rather organically over the years. What I need is a recipe to start from scratch, so 1) I know what I've done, and 2) I can reproduce it anywhere. Things I'm looking for: Full UTF8 support. Setting LC_*, displaying characters correctly, accepting input… I hear this got much easier in 10.5, maybe it all works out of the box now? Setup of OS X-style keyboard text navigation (option-arrows, etc) How you particularly handle meta-key support? (other than ESC'ing your way around) Other things to help our n00bs get around in the shell, such as: List of useful default key bindings (^A, ^D, etc…) Mac-specific .profile, .inputrc goodness Mac-specific tools such as pbpaste & pbcopy, Open Terminal Here, etc If at all possible, a list of files to copy over to another machine that encompasses all the changes made to tune the Terminal. (dotrc files, plists, etc) And, well, anything else really. Just keep the scope on the Mac OS X Terminal application, rather than general unix setup and tools. I think a collection of incomplete answers would be a good start. Post one or two things you remember having done, we'll vote them up, and after a few days I'll try to compile it all into a summary answer.

  Read the article

• Postfix connects to wrong relay?

  - by Eric

  I am trying to set up postfix on my ubuntu server in order to send emails via my isp's smtp server. I seem to have missed something because the mail.log tells me: Jan 19 11:23:11 mediaserver postfix/smtp[5722]: CD73EA05B7: to=<[email protected]>, relay=new.mailia.net[85.183.240.20]:25, delay=6.2, delays=5.7/0.02/0.5/0, dsn=4.7.0, status=deferred (SASL authentication failed; server new.mailia.net[85.183.240.20] said: 535 5.7.0 Error: authentication failed: ) The relay "new.mailia.net[85.183.240.20]:25" was not set up by me. I use "relayhost = smtp.alice.de". Why is postfix trying to connect to a different server? Here is my main.cf: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mediaserver alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = mediaserver, localhost.localdomain, , localhost relayhost = smtp.alice.de mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all myorigin = /etc/mailname inet_protocols = all sender_canonical_maps = hash:/etc/postfix/sender_canonical smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_password smtp_sasl_security_options = noanonymous Output of postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all inet_protocols = ipv4 mailbox_size_limit = 0 mydestination = mediaserver, localhost.localdomain, , localhost myhostname = mediaserver mynetworks = 127.0.0.0/8 myorigin = /etc/mailname readme_directory = no recipient_delimiter = relayhost = smtp.alice.de sender_canonical_maps = hash:/etc/postfix/sender_canonical smtp_generic_maps = hash:/etc/postfix/generic smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_password smtp_sasl_security_options = noanonymous smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes

  Read the article

• Troubles Installing Windows 7 via USB. Flat install?

  - by Brian

  Hi friends, I've been struggling with this for a while. Windows 7 64-bit Enterprise edition just will not install on my Shuttle K45 system via a USB key. It hangs out during the install while copying files or while creating the partitions. The system is pretty standard and low-tech: IDE hard drives, no CD, 2G RAM. I am not sure what of the problem. Other than the Shuttle, I have a Apple MacBook Pro. On the MPB, I am running OS X, and Mint Linux and Window XP over Parallels. I have an ISO of Win7 that works (I installed it as a Parallels VM to make sure). I have used UltraISO and MS Windows 7 USB/DVD Download Tool to write it to the 8G USB key. Both seem to copy all the files correctly (with UltraISO, I asked it to verify). It boots via USB and the install looks just fine. Until it hangs, most of the time with a copying error of 0x80070241. So now I am trying to figure out if there are other ways I can install Windows 7 on this Shuttle system that has no CD drive. I've heard about a flat installation, however those all seem to be doing something from within Windows. I do have access to a command prompt from the Windows 7 install. Does anyone know if/how I can prep the Shuttle hard drive with Windows 7 installation and have Windows 7 install from the hard disk. I do not have an external enclosure for the IDE HD and I do not have any other system I can hook up to the hard drives. I do have an external Maxtor OneTouch drive available.

  Read the article

• Does SNI represent a privacy concern for my website visitors?

  - by pagliuca

  Firstly, I'm sorry for my bad English. I'm still learning it. Here it goes: When I host a single website per IP address, I can use "pure" SSL (without SNI), and the key exchange occurs before the user even tells me the hostname and path that he wants to retrieve. After the key exchange, all data can be securely exchanged. That said, if anybody happens to be sniffing the network, no confidential information is leaked* (see footnote). On the other hand, if I host multiple websites per IP address, I will probably use SNI, and therefore my website visitor needs to tell me the target hostname before I can provide him with the right certificate. In this case, someone sniffing his network can track all the website domains he is accessing. Are there any errors in my assumptions? If not, doesn't this represent a privacy concern, assuming the user is also using encrypted DNS? Footnote: I also realize that a sniffer could do a reverse lookup on the IP address and find out which websites were visited, but the hostname travelling in plaintext through the network cables seems to make keyword based domain blocking easier for censorship authorities.

  Read the article

• Howto setup neocomplcache?

  - by eddy

  I just started using vim and saw a cool plugin: [neocomplcache].(http://www.vim.org/scripts/script.php?script_id=2620) My Problem is, that I can't get it to work properly. After installing, I took the example config from the help files of neocomplcache and added the lines to my .vimrc At first I wanted to create a simple latex file (there are snippets for tex). After typing "begi" there appears a menu, I can choose between the snippets with TAB or <C-n>. But how do I get them to expand? <C-k> does not work, but I don't understand why. ======== .vimrc: ======== .... " Plugin key-mappings. imap <C-k> <Plug>(neocomplcache_snippets_expand) smap <C-k> <Plug>(neocomplcache_snippets_expand) inoremap <expr><C-g> neocomplcache#undo_completion() inoremap <expr><C-l> neocomplcache#complete_common_string() " Recommended key-mappings. " <CR>: close popup and save indent. inoremap <expr><CR> neocomplcache#smart_close_popup() ."\<CR>" " <TAB>: completion. inoremap <expr><TAB> pumvisible() ? "\<C-n>" : "\<TAB>" " <C-h>, <BS>: close popup and delete backword char. inoremap <expr><C-h> neocomplcache#smart_close_popup()."\<C-h>" inoremap <expr><BS> neocomplcache#smart_close_popup()."\<C-h>" inoremap <expr><C-y> neocomplcache#close_popup() inoremap <expr><C-e> neocomplcache#cancel_popup() ...

  Read the article

• Force encoding with IIS 7

  - by Cédric Boivin

  I try to force encoding with IIS 7. When I add in the http response headers the key : Content-Type and value charset=utf-8 i got this key content-type : text/html,content-type=utf-8 it's there a way to remove the comma ? Thanks Justin for your answer. But it's seen don't work. There is my config, i need to do that for asp classic. <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <staticContent> <remove fileExtension=".html" /> <remove fileExtension=".hxt" /> <remove fileExtension=".htm" /> <remove fileExtension=".asp" /> <mimeMap fileExtension=".htm" mimeType="text/html" /> <mimeMap fileExtension=".hxt" mimeType="text/html" /> <mimeMap fileExtension=".html" mimeType="text/html" /> <mimeMap fileExtension=".asp" mimeType="text/html; charset=UTF-8" /> </staticContent> </system.webServer> </configuration>

  Read the article

• AutoHotKey temporarily rebind Winkey

  - by wes

  I've got a wireless keyboard that puts some media keys on top of the Function keys, so that by default F4 is actually lock (Rwin & l) and Fn+F4 is a real F4. So I'd like to basically switch those around. Here's what the key history shows: VK SC Type Up/Dn Elapsed Key ------------------------------------- 73 03E d 17.32 F4 ; Fn+F4 73 03E u 0.16 F4 5C 15C d 2.96 Right Windows ; F4 4C 026 d 0.00 L 5C 15C u 0.13 Right Windows 4C 026 u 0.00 L This doesn't do anything: SC15C & SC026::MsgBox,Pressed F4 But this prints that I hit F4 then goes to the login screen: Rwin & l::MsgBox,Pressed F4 So how can I stop it from switching to the login screen? Ideally I'd like F4 (which registers as Rwin & l) to just send F4, Fn+F4 to send Rwin & l, and also have them work with other keys (e.g., a manual !F4 should still close a window). Is this possible?

  Read the article

• BIND: forward 1st level zone

  - by raven

  First of all: sorry for the language, English is not my primary language. I have star-like DNS structure with many filials (more that 2): ^ | v filialNS_1.filial_1.city.local <---- ns.main.city.local <---- filialNS_2.filial_2.city.local ^ | v ns.mail.city.local is slave of all filials zones filialNS_1 is master of filial_1.city.local filialNS_2 is master of filial_2.city.local filialNS_N is master of filial_N.city.local I want to: serve DNS queries for xxx.filial_N.city.local with filialNS_N.filial_N.city.local forward all queries for xxx.xxx.xxx.local from filialNS_N to ns.main.city.local forward other queries to our provider's DNS on filial (or google-public-dns or anything else) FILIAL CONFIG named.conf zone "filial_1.city.local" { type master; file "/etc/namedb/dynamic/filial_1.city.local"; allow-update { key DHCP_UPDATER; }; allow-transfer { <ns.main.city.local IP address> }; }; zone "2.76.10.in-addr.arpa" { type master; file "/etc/namedb/dynamic/2.76.10.in-addr.arpa"; allow-update { key DHCP_UPDATER; }; allow-transfer { <ns.main.city.local IP address> }; }; zone "local." { type forward; forward only; forwarders { <ns.main.city.local IP address> }; }; nslookup server.filial_1.city.local - works fine nslookup server.main.city.local Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find server.main.city.local: NXDOMAIN Where am I going wrong?

  Read the article

• F2 in Paste mode

  - by dotancohen

  Vim has a terrific paste mode, in which abbreviations and mappings are ignored. Frustratingly, even keys that do not map to pastable ASCII characters, such as the function keys, are pasted literally. For instance the key F2 is pasted as <F2>. Is there anyway around this? Note that pastetoggle can in fact be mapped to a function key to easily leave paste mode, however the function that I am writing changes other values when entering or leaving paste mode (such as enabling or disabling line numbers and other things). Therefore I would really like to find a workaround. For reference, here is the current version of the function (that gets stuck in paste mode): iab if if<Space>(<Space>{{<Esc>kA<Left><Left><Left><Left><C-R>=Eatchar('\s')<CR> " Triple-toggle Insert Modes: coding, prose, and paste let g:insertModeGlobal=1 function! Te() if g:insertModeGlobal==3 " Was in paste insert mode, go to coding insert mode set nu set nopaste let g:insertModeGlobal=4 endif if g:insertModeGlobal==2 " Was in prose insert mode, go to paste insert mode set nolinebreak nnoremap j j nnoremap k k nnoremap gj gj nnoremap gk gk set relativenumber execute ":Signs" iab if if<Space>(<Space>{{<Esc>kA<Left><Left><Left><Left><C-R>=Eatchar('\s')<CR> set nonu set paste let g:insertModeGlobal=3 endif if g:insertModeGlobal==1 " Was in coding insert mode, go to prose insert mode set linebreak nnoremap j gj nnoremap k gk nnoremap gj j nnoremap gk k set number execute ":DisableSigns" iab if if let g:insertModeGlobal=2 endif if g:insertModeGlobal==4 let g:insertModeGlobal=1 endif endfunction

  Read the article

• Dell laptop keyboard doesn't work

  - by Tam

  I'm trying to fix my in-laws laptop, it's a Dell Studio 1745 that's running Windows 7 64 bit. The problem is that most of the keys on the keyboard do not work. The function keys work and the caps lock and numpad keys work, but no other keys do. If I hit the F2 key enough times when starting up, I can get to the BIOS, but after that even the function keys stop working. If I let it go all the way to the Windows login screen, I can see that the caps lock and num lock work - little images on screen actually appear, but they don't toggle the state of the key, i.e.,capslock is always off, numlock is always off. Using the fn+function combo works, so changing the brightness, etc. works fine. I'm stumped. I've tried disconnecting power and battery and leaving it for an hour or so before starting up but that hasn't helped either. Also - this might be a red herring - the touchpad is failing as well, the MS Device Manager says that it's failing with status 10, "unable to start device"

  Read the article

• SSH agent forwarding on debian squeeze

  - by nfvindaloo

  Im trying to set up SSH forwarding like this osx debianA debianB I can connect to debianA fine, using ssh -A and it has the following env vars when i do: SSH_AGENT_PID=1543 SSH_AUTH_SOCK=/tmp/ssh-giwdYY1542/agent.1542 SSH_CLIENT='92.233.199.x 38954 22' SSH_CONNECTION='92.233.199.x 38954 108.171.179.x 22' SSH_TTY=/dev/pts/0 When i try to connect to debianB, the agent is not used! ssh -v output ends with: debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/nic/.ssh/id_rsa debug1: Trying private key: /home/nic/.ssh/id_dsa debug1: Next authentication method: password Then im asked for a password. I have not set any ForwardAgent no directives in ssh_config and dont have a .ssh/config at all. sshd_config has not got AllowAgentForwarding in it. I have tried all of these directives as yes also. debianA and debianB both have identical ssh_config and sshd_config (verified with diff) so the really weird thing is connecting OSX debianB debianA works fine!! Im totally out of ideas! Has anyone come across this before? Cheers! NFV

  Read the article

• Cloning a git repository from a machine running OS X

  - by Mike

  Hi folks, I'm trying to host a git repository from my home OS X machine, and I'm stuck on the last step of cloning the repository from a remote system. Here's what I've done so far: On the OS X (10.6.6) machine (heretofore dubbed the "server") I created a new admin user Logged into the new user's account Installed git Created an empty git repository via "git init" Turned on remote login Set port mapping on my router (airport extreme) to send ssh traffic to the server Added a ".ssh" directory to the user's home directory From the remote machine (also an OS X 10.6.6 machine), I sent that machine's public key to the server using scp and the login credentials of the user created in step 1 To test that the server would use the remote machine's public key, I ssh'd to the server using the username of the user created in step 1 and indeed was able to connect successfully without being asked for a password I installed git on the remote machine From the remote machine I attempted to "git clone ssh://[email protected]:myrepo" (where "user", "my.server.address", and "myrepo" are all replaced by the actual username, server address and repo folder name, respectively) However, every time I try the command in step 11, I get asked to confirm the server's RSA fingerprint, then I'm asked for a password, but the password for the user I set up for that machine never works. Any advice on how to make this work would be greatly appreciated!

  Read the article

• server_name seems to be ignored in nginx

  - by user46171

  I have two domains set up in nginx.conf. Both are using SSL with their own certificates, and proxy to Apache. However the second domain is completely ignored, and nginx always resolves to the first domain. I can't see what in the issue is with this configuration, having set the server_name in each case correctly (as far as I can see): http { include mime.types; default_type application/octet-stream; keepalive_timeout 65; upstream site { # real IP addresses masked server xx.xxx.x.xxx; server xx.xxx.x.xxx; } server { # this domain always works listen 443; server_name *.first-site.com; ssl on; ssl_certificate /var/ssl/first-site.crt; ssl_certificate_key /var/ssl/first-site.key; location / { access_log off; proxy_connect_timeout 15; proxy_next_upstream error; proxy_pass http://site; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Protocol https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; } } server { # this domain is ignored, always resolves to first-site.com listen 443; server_name *.second-site.com; ssl on; ssl_certificate /var/ssl/second-site.crt; ssl_certificate_key /var/ssl/second-site.key; location / { access_log off; proxy_connect_timeout 15; proxy_next_upstream error; proxy_pass http://site; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Protocol https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; } } }

  Read the article

< Previous Page | 306 307 308 309 310 311 312 313 314 315 316 317  | Next Page >