|
Grex > Helpers > #137: Grex System Announcements - Winter 2004/2005 |  |
|
| Author |
Message |
| 25 new of 219 responses total. |
kalbaugh
|
|
response 90 of 219:
| 
Jan 3 15:24 UTC 2005 |
What happened to all my files?!!!
|
albaugh
|
|
response 91 of 219:
|
Jan 3 15:48 UTC 2005 |
My files have returned just as mysteriously as they disappeared, and my mail
has been restored too. :-)
|
gull
|
|
response 92 of 219:
|
Jan 3 20:08 UTC 2005 |
Re resp:82: I agree with you for the most part...however, a system
hitting its maximum open file limit falls more into the
'misconfiguration' category than the 'stability' category. You have to
remember that very, very few systems these days have the number of users
logging on simultaneously that Grex does. It's not surprising that the
default, shipping configuration of OpenBSD needs a little tweaking.
Most OpenBSD systems are used as network firewalls or the like.
|
twenex
|
|
response 93 of 219:
|
Jan 3 20:09 UTC 2005 |
Fair enough.
|
steve
|
|
response 94 of 219:
|
Jan 3 23:13 UTC 2005 |
User mail files now live in their own partition, meaning that we have
lots of space for them now. We're at about 14% utilitzation at the moment.
There are still more things to do with mail but I think things are going
ok now.
Also removed about 24,000 entries in the mail spool that were some form
of mail bombing.
|
twenex
|
|
response 95 of 219:
|
Jan 3 23:29 UTC 2005 |
Like, yay. Thanks!
|
mfp
|
|
response 96 of 219:
|
Jan 3 23:35 UTC 2005 |
http://www.jewsforjesus.org/
|
janc
|
|
response 97 of 219:
|
Jan 4 02:44 UTC 2005 |
I had allocated a disk partition for mail (/var/mail) but I had left it
commented out in /etc/fstab (because normally during development we don't want
to mount the production mail directory). I forgot to uncomment it, so the
separate partition was never mounted and the mail, instead, all ended up on
the /var disk partition, which was never intended to be big enough to hold
it. Oops.
Thanks to the staffers who figured this out and copied things into the
proper mail partition.
Grex shouldn't be hitting it's maximum open file limit. When I built Grex's
kernel, I just took the default size and doubled it. Obviously this didn't
do the job. I need to review what limits exist and how they are configured
to fine tune this. Ideally things should be set up so that no one user can
consume all the system's resources.
|
janc
|
|
response 98 of 219:
|
Jan 4 04:08 UTC 2005 |
By the way, Grex's web pages (including backtalk) are now accessible with teh
"https" protocol.
So you can run backtalk at "https://www.grex.org/cgi-bin/backtalk"
We don't have a real certificate (those cost more money than Grex can
afford), so it's just a crappy self-issued certificate. However, you should
be able to tell your browser to accept it and not have to worry about it.
Even with the crappy certificate you'll be improving the security of your
connection to Grex substantially. (With the old "http" protocol you password
was sent over the net in the clear with each connection.) I recommend this
for all users.
|
aruba
|
|
response 99 of 219:
|
Jan 4 16:40 UTC 2005 |
I'll be sending out paper receipts to people who donated to Grex last year
and would like a receipt for tax purposes. So if you'd like a receipt for
your donations, let me know.
|
tsty
|
|
response 100 of 219:
|
Jan 5 00:02 UTC 2005 |
thank janc and the others who made this new system and made the transition
so smooth. stunning! applause!! applause!!
|
jep
|
|
response 101 of 219:
|
Jan 5 03:30 UTC 2005 |
re resp:98: I notice I get a constant stream of pop-ups:
Security Information
This page contains both secure and nonsecure
items.
Do you want to display the nonsecure items?
Is this because the Backtalk buttons are accessible only via "http"?
I'd really like a fix if possible.
Thanks!
|
janc
|
|
response 102 of 219:
|
Jan 5 04:18 UTC 2005 |
Hmmm...interesting. I haven't looked at the code, but yes, very likely the
buttons are being fetched from a plain http URL. However, the buttons are
not in a directory where authentication is required either, so your password
is not being sent in the http requests for the buttons. So why in the world
would we want to encrypt those requests? There's nothing secret about
backtalk buttons. Encrypting them just adds extra overhead on Grex and on
your browser. So I can't think of any sensible reason to encrypt button
requests except to make your silly browser happy. (By the way, what silly
browser is that anyway?) I should probably do it to make silly browser's
happy. Sigh.
|
mooncat
|
|
response 103 of 219:
|
Jan 5 15:39 UTC 2005 |
It's happened to me a couple times, I'm using Internet Exploder... er,
Explorer. ;) Not my fault, it's the only thing work offers and
downloads are not allowed.
|
twenex
|
|
response 104 of 219:
|
Jan 5 15:43 UTC 2005 |
I prefer the term "Exploiter", though the way things are going we might get
a bit less exploitation soon.
|
blaise
|
|
response 105 of 219:
|
Jan 5 17:13 UTC 2005 |
Personally, I prefer "Insecure Explorer".
|
albaugh
|
|
response 106 of 219:
|
Jan 5 17:50 UTC 2005 |
> the way things are going we might get a bit less exploitation soon
Something developing on the MS front?
|
twenex
|
|
response 107 of 219:
|
Jan 5 17:55 UTC 2005 |
No, but Firefox is picking up momentum. A US university (for example) (was
it Princeton?) - just sent an email to all its staff and students urging them
to drop IE for Firefox, because IE is so insecure.
|
jep
|
|
response 108 of 219:
|
Jan 5 18:21 UTC 2005 |
I was using IE from home. Sorry to ask for a fix to such a stupid
problem (and yes, it *is* a stupid problem). Does Firefox handle it
better?
I won't be using https as long as I have to keep clicking on pop-ups in
order to use it.
|
twenex
|
|
response 109 of 219:
|
Jan 5 18:25 UTC 2005 |
Firefox can block popups, but that might disable the secure login itself in
this case. The only other fix I can think of is to email the webmaster and
ask him politely to write better code!
|
blaise
|
|
response 110 of 219:
|
Jan 5 18:32 UTC 2005 |
That's not a popup in the usual sense of the word; it's a browser dialog
window. IIRC, Firefox does not complain about mixed secure and insecure
items on a page; if I am wrong then it has a "never complain about this"
checkbox on the dialog.
|
twenex
|
|
response 111 of 219:
|
Jan 5 18:33 UTC 2005 |
Oh, those. duh. Jim's solution sounds like a winner, though.
|
tod
|
|
response 112 of 219:
|
Jan 5 18:50 UTC 2005 |
ANy of you ever delete the certificate authority roots out of your browsers
and start from scratch?
|
gull
|
|
response 113 of 219:
|
Jan 5 19:53 UTC 2005 |
Nope. Why, you don't trust Versign? ;)
|
cross
|
|
response 114 of 219:
|
Jan 5 20:36 UTC 2005 |
This response has been erased.
|