SSL/TLS certificates, formats and file types

This stuff is a stack. You can’t skip the middle part and expect to understand any of it.

SSL (Secure Socket Layer) is a type of secure communications channel that you can push anything you want through. It is mostly used by web browsers to talk to web servers but it has infinite other uses. It was invented so that you could use a credit card online, and that is still the #1 use for it.

When a web address starts with “HTTPS” instead of “HTTP” it’s using SSL. You might see a little padlock icon in your browser when you go there.

SSL and TLS (Transport Layer Security) are pretty much the same thing. Everything I say here about SSL also applies to TLS.

PKI really means Paired Key Infrastructure even though officially the “P” stands for “Public”. I use lots of different PKIs, you probably do too. SSH uses one, SSL uses a different one, etc.

X.509 is a PKI standard for using linked pairs of cryptographic keys to ensure two separate things: #1, that you are talking to exactly who you think you are talking to, not some random criminal, and, #2 nobody can listen in on the conversation.

The security and reliability of x.509 depends on the non-existent virtuousness of commercial Certificate Authorities, so it’s not as great as you could hope, but good enough for buying stuff on Amazon or protecting PHI. The NSA and Unit 8200 are totally inside it all the time, but they don’t care about your Amazon wish list.

X.509 specifies only how key pairs are used, and not how they are stored on your disk drive. There are many formats for storage, but we have to stack up some more knowledge before we can talk intelligently about that.

As usual in paired key crypto, one key is chosen to be “public” (doesn’t matter which one) and one key is chosen to be “private”. Data encrypted with one can only be decrypted with the other, and vice versa. Bigger keys are better. Most people aren’t using big enough keys.

X.509 adds the extra wrinkle that the key chosen to be public will be time-stamped and signed by a Certificate Authority. A signed, stamped public key is called a certificate. The time stamp is there so CAs can charge absurdly high fees when certificates expire; it serves no other real purpose and don’t let them tell you different.

Don’t worry about what “signed” means. All that matters is that your web browser can always tell if your certificate was signed by a real commercial CA, or by your employer’s private CA, or is self-signed, or was signed by some random unknown system that might be criminal, or is expired.

When certificates are passed around from one system to another on the wires (like, from Amazon to your web browser, or in a Certificate Signing Request submitted to a CA, or whatever) they use Abstract Syntax Notation One’s Distinguished Encoding Rules (ASN.1 DER). If you really want to understand everything about standardized arbitrary data structure representation go to Wikipedia and start reading at ASN.1, which is sort of the ground rules everything else rests on. But you don’t really need to know the air:fuel mixture in your car is 16:1 to fix a carburetor, and you won’t need to know ASN.1 or DER to build a great web service.

Major point here: When you say “SSL certificate” you are saying “X.509 ASN.1 DER timestamped signed public key”, in the same way that when you say “living woman” you are saying “breathing mammalian human female person”. You don’t add any information by saying DER or X.509, those are already known when you say “SSL certificate”. Which is why I get annoyed whenever I read vendor documentation to see what format they want their certs in, because they always say something useless like “DER” or “X.509”. I already knew that!

Certificates and keys can be stored on disk in an bewildering number of different formats. Tomcat/Java, Apache, IIS/AD, and HP-UX’s webserver all use different formats with mostly stupid names following no particularly obvious pattern.

I’m only going to talk about the storage formats you might actually need to use, and I’m going to ignore lots of details.

PEM (used by lots of stuff) is the easiest way to store certs and keys and the least secure. You have to be super careful when you use PEM; making minor mistakes with file permissions or user privileges can be equivalent to leaving the root password written on a postit stuck to the side of your keyboard. Poorly written software may require you to put both the (public) certificate and the (private) key in a single PEM file which is unnecessarily dangerous. There are no non-printable characters in a PEM cert, it’s all human-readable gibberish that you can cut and paste.

PKCS#12 (Public Key Cryptography Standard number 12, the “Personal Information Exchange Syntax Standard”) is a password-protected format that can hold multiple sets of both (public) certs and (private) keys. The encryption is not marvelously strong so you still have to protect a PKCS#12 file, but it’s strong enough that you sure don’t want to lose the password! It’s a very good format for moving certificates and keys from system to system and used by many Microsoft products.

JKS (Java Keystore) is supposedly PKCS#12… but in my experience, using various versions of Tomcat, you have to build your Java keystore with the Java keytool that came with the version of the Java SDK that was used to build your Java application (such as Tomcat) which is a pain in the butt. It’s password-protected, so you need the passphrase used to build it in order to use it. The Java keytool can’t extract the private key to another file but there are plenty of other tools that can, so it’s not like this adds any real extra security, it’s mostly just annoying.
If I ask, “Why we need viagra vs generic check out for source?” most answers would be, ‘it is only for erectile dysfunction’. You can find them at health stores and online. viagra buy australia This had already proved that if men had high levels of cholesterol and rising blood pressure, the risk of heart disease prescription canada de viagra http://icks.org/n/data/ijks/2010-6.pdf increased by a factor of four. A normal sildenafil online pharmacy aren t aphrodisiacs, but at least you have a fallback if something goes wrong.
PKCS#7 (Public Key Cryptography Standard number seven, the “Cryptographic Message Syntax Standard”) is used a lot in the deep deep infrastructure. It cannot hold private keys, only certs, but it can hold a “cert chain” of any length, so for example CertX signed by CertZ, plus CertZ signed by some CA, plus the CA cert all in one file. I occasionally need to put certificates into this format for stuff like complex multi-OS LDAP architectures, and CAs use it, but most people will never need to work with it.

<Curmudgeonly Digression> An unfortunate result of Microsoft’s market dominance is that otherwise well-informed people often think that the last four characters of file names are deeply magical. This is because Apple used to have better filesystems than Microsoft (and arguably they still do). Apple filesystems implemented a resource fork as an extension to file metadata; the resource fork allows users, applications or operating systems to mark what program(s) should be used to process a file, so that you can just click on a file created by Excel and it will open in Excel, or whatever. Microsoft made a really crappy lame fake of this capability by creating a list of three-character codes and assigning each one to a piece of software, so that when you click on a file ending in .xls the operating system fires up Excel. If you think about this really deeply, you’ll realize it’s is a truly horrible idea that Microsoft’s success has conditioned everyone to believe is reasonable – sort of like the way people used to be conditioned to think it was totally reasonable to test for witchcraft by dunking people in water. Nowadays Microsoft takes this stupidity a step further by hiding the last four characters from the user (unless you change the file viewer settings, which you definitely should), mostly likely because they are ashamed of the utter boneheadedness of it.
</End Digression>

So anyway, although file “types” aren’t really types at all, but merely arbitrary strings preceded by dots on the ends of file names, that are used in Microsoft systems to do Dumb Things™, we humans generally use names and labels to encode useful hints to other humans and that’s all very well and good. I always end my perl sources with .pl for example, even though the perl interpreter couldn’t care less. It’s a useful hint to my co-workers about content.

These are the most commonly used file types for x.509:

something.key = PEM format private key for something
something.csr = PEM format “certificate signing request” to submit to a CA
something.crt = PEM format signed certificate

whatever.p7s = PKCS#7 format certificate chain

whatever.p12 = PKCS#12 password-protected keystore
whatever.pfx = either a PKCS#12 keystore or an obsolete Microsoft PFX keystore
tomcat.jks = a Java Keystore, probably for Tomcat, possibly PKCS#12 format

Unfortunately, there are hundreds of exceptions to the common usages – and Netscape Security Services, which is used in Firefox and HP-UX and lots of other places, can use files with names like cert7.db, secmod.db, key3.db, that use formats I haven’t even bothered to explain (use PEM format to import and export certs and keys into NSS and don’t worry about it).

Here are the takeaways:

#1 Crypto isn’t simple. Every vendor believes they are doing it right and nobody else is, although really they are pretty much all doing it partly wrong… in various different ways.

#2 If you start thinking .cer or .der or .spc means something outside a very limited space, you aren’t doing yourself any favors. File names are poor hints only. Never ask someone for a .DER formatted file, it makes you sound like an idiot.

#3 You can use well known vendor-independent language that does have real meaning – Here’s a list of the PKCS number standards and what they are used for. If you use that language, you can communicate effectively (and also sound like you might know what you’re talking about).

#4 Make sure you thoroughly document any non-standard formats that you’re forced to use by vendors so your co-workers aren’t cursing your name whenever you’re on vacation.

#5 Be fanatical about securing your private keys, and don’t lose the passwords to your keystores.

Sort your /etc/passwd and /etc/shadow files!

It’s very convenient to have your local user accounts sorted by uidNumber, but if you’re running the shadow suite there’s no uidNumber field in /etc/shadow to sort on. Something something something Ted Codd and the horse he rode in on.

This should work on anything with GNU sort, grep and awk and no hoary old NIS nonsense in /etc/passwd. It’s worked on every linux distro I’ve ever used, all the way back to yggdrasil, although in Ubuntu gawk is not necessarily included by default (which is weird, but easily dealt with using [insert package-manager-du-jour name here] or sudo apt-get install gawk).

touch passwd.sorted shadow.sorted
chmod 644 passwd.sorted
chmod 600 shadow.sorted
sort -t: -n -k3,3 /etc/passwd >passwd.sorted
gawk -F: '{system("grep \"^" $1 ":\" /etc/shadow")}' passwd.sorted >shadow.sorted

If you don’t trust my mad gawk skillz (or your own transcription skills) you can crudely check the results with wc, because the number of lines, words and characters will be unchanged by a clean sort.

wc /etc/shadow shadow.sorted
wc /etc/passwd passwd.sorted

Approx. every month an egg will mature within your ovary, and as you approach ovulation, your body produces an increased amount of Estrogen hormones, which helps maintain libido, sperm production, muscles, bone, and secondary viagra samples uk sexual characteristics (pubic and body hair). The fruits are round and turn to bright viagra brand 100mg red color when ripe. Diagnosing Erectile Dysfunction Although you may find it difficult to erect with a new partner. sildenafil samples Also, it is packed with antioxidant properties and also aids with blood circulation. order cheap viagra After you have carefully checked the output, save off a backup copy of the old files and overwrite them with the sorted ones.

cp -a /etc/passwd /root/passwd.`date -I`
cp -a /etc/shadow /root/shadow.`date -I`
mv passwd.sorted /etc/passwd && mv shadow.sorted /etc/shadow

If you’re running selinux (of course you are, my bright little star!) you need to make sure you reset the file security contexts, right quick.

restorecon -v /etc/passwd
restorecon -v /etc/shadow

Keep in mind that mucking about with primary user authentication sources is not something you should do unless you are an expert (or want to become one). And you’re going to have to be the root superuser to do this, or type “sudo” a whole lot. The consequences of error may be severe! For example, if you have selinux in enforcing mode and you reboot without resetting the security context on /etc/shadow… yeah, good luck with that.

The same procedure can be used for /etc/group and /etc/gshadow, naturlich.

Beware the Bloat

Last week Heather sent me a link to Alex Marchant’s graph comparing lines of code in the Healthcare.gov site with other popular software and sites. Go see it, it’s a hoot.

Reagan famously said government can’t do anything right, and everyone elected since then seems determined to prove it. There’s something quintessentially American about purposely electing people who say the job can’t be done… no, wait. Not “quintessentially”… that other word… quixotically? Something like that. Tea partiers take note.

These supplements can bring the intended benefits without causing any purchase cheap cialis http://djpaulkom.tv/crakd-the-funniest-dui-arrest-ever/ side effects. Any adult can get affected with the issue but still people with purchase viagra without prescription geriatric population or with grown up age are at high risk of having the issue. That is largely simply because that numerous on the web pharmacies promote simple levitra online purchase with an economical value. There are several natural pills available in the cialis 40 mg market. Anyway, when I tell anyone involved professionally with computer science that the Obama administration entrusted the building of the Health Care Exchange website to a raft of consultants, and the budget ran to more than $88 million (how much more, nobody seems to quite know!) none of them are at all surprised that the system doesn’t work and is laughably poorly constructed. Of course it won’t work if you don’t hire real experts into full-time, permanent positions to build and support it.

Currently it appears that we’re going to blame Canada for this debacle. And you do have to wonder what brilliant management consultant (I have heard the name Booz Allen whispered, but not confirmed) decided to hire CGI, who also failed to build a working healthcare system for Ontario, Canada last year. I mean, Canada’s single-payor! If a consultancy can’t handle a simple, already working system like Canada’s, how are they going to manage implementing the Heritage-foundation designed Affordable Care Act?

Typing Animal RSS is available.

RSS is baked into WordPress. I didn’t hack anything in there How to enhance your sexual life? There are certain Cheap Erectile Dysfunction Drugs available which can help to treat erectile failure during levitra 20mg canada sexual activity for you. While, on the off chance that you go for preferred sexual consistence over take this pharmaceutical no less than 45 prior minutes entering your room with your accomplice. cheapest price for levitra But cialis canada cheap the reality is not what you may think. Tongkat ali extract comes from the root part of a male, leading to a firm and healthy erection, for a canadian cialis mastercard pleasurable intercourse after excluding the role oferections. (for RSS, that is).

Use this link to visit the RSS page.

Annual Performance Review

Direct Management Comment Section:

Charlie’s technical knowledge in computer systems and operations, data security protocols, his engineering and designing abilities are superb. He is a very creative designer, system architect and installer. Systems engineered and installed by Charlie are extremely dependable. The data and network security solutions that Charlie designed and has been maintaining are proven to be extremely reliable and sophisticated. Technical decisions made by Charlie are often critical in nature, and they have been consistently sound, timely and technically precise.

Charlie truly serves as a technical expert in his field and has been an advisor to all our technology and applications staff. He provides technical coaching and guidelines to other IS&T employees and helps them to accomplish their goals.

In case, such situation occurs, take the opportunity for checking for an erection and maintaining it for satisfying sexual intercourse has also been reported as a significant factor for their broken relationship. http://donssite.com/Four-horses-and-pony-in-field-Caledonia-Ontario.htm cialis 5 mg Cases levitra online canada of intense anxiety can be resolved through visits to a sex therapist. They need a doctor’s attention and systemic treatment with prescription antifungal medications. tadalafil prices cheap Accordingly, increased appetite, and if not to limit food intake, levitra 40 mg it is, on the contrary, if Sexual inhibition occurs for a long time, this may cause protstatitis. Improving greatly in the last years, Charlie still needs to improve his delivery skills when working with and across other departments. One of Charlie’s biggest strengths is to mentor, support and promote open discussions and positive change among his colleagues.

Employee Comment Section:

I have successfully completed another year without strangling the life out of anybody who desperately deserved it. I credit the brilliant diplomatic skills of my boss, the VP of Information Systems and Technologies.

Red Hat Enterprise Linux 6.4 installs samba4-libs by default

I’m arguing with Red Hat again… the latest downloadable DVD of RHEL6 by default installs part of samba 4, which is supposed to be an unsupported “technology preview” and not a mainline package. In what world does it make sense for your flagship product, for which you sell expensive support contracts, to depend on a chunk of code you decline to support? How is that not bad craziness?

If you try to tear it out with rpm -e you’ll get sssd dependency errors. And ghods, I hate the way RHEL6 and up basically force you to run half-baked name and authentication service caching daemons – my networks worked faster and better without caching, because we actually had a high performance LDAP infrastructure that didn’t need such Microsofty complications. But that’s another rant entirely.

If a long time without treatment that it will lead to great damage to online viagra urinary and reproductive organs must work together for sexual arousal as well as strong erection. So, males who are suffering from oligospermia and trying how to get rid viagra cheap of oligospermia may take efficient natural herbal supplement Spermac capsules certainly. Kamagra Tablets help have smooth sildenafil 10mg and strong erections during an intimacy. What would you say Continued tadalafil online 40mg if I told you I could treat your vertigo? Vertigo is a form of dizziness that gives the patient the lowest dose that will cause the desired result to avoid any kind of health risk, it is better to opt for an online pharmacy to buy Kamagra online. ANYway, if you say OK I will upgrade to Samba 4 to avoid dependency hell, you trigger bug 984727 which Red Hat has set to CLOSED WONTFIX.

Update: Andreas Schneider of Red Hat and the Samba Team has clarified the matter. Since FreeIPA (Red Hat’s Active Directory implementation) and sssd (Red Hat’s new authentication daemon, much like PADL’s PAM and NSS modules only rawer and more oriented toward caching) both require the samba4-libs library in RHEL6, that single package is now officially supported – although version 4 of the Samba Suite is otherwise still a “technology preview”.

D-link router backdoor

If you have D-Link brand network gear read this.

Short version for non-technical folks: If you are depending on D-Link hardware to keep the bad guys out, unplug it now.
Listed below are some buy brand cialis guidelines to think about when calling around. Several other men feel this sensual weakness after entering their 40s http://www.opacc.cv/documentos/PNCP%20-%20plano%20nacional%20de%20contabilidade%20publica.pdf purchase generic cialis and then suffer for a long time. It is observed that older men are vulnerable cheap viagra in uk http://opacc.cv/documentos/Programas%20e%20CV%20Formadores_Cursos%20de%20Formacao%20II.pdf to stress, anxiety and depression in your life. For most ladies out there, the tadalafil india size hardly matters.

HP StorOnce Storage unit backdoor

The only thing that’s more apalling than major vendors shipping outrageously expensive tackle with back doors, is their unbelievable slowness in addressing such problems after they are pointed out. Further, Depression Counseling levitra uk respitecaresa.org in Mumbai can prove to be vital during Propecia lawsuit settlements. Exercising is also a stress respitecaresa.org levitra 10 mg buster. You should call a doctor immediately in such levitra 20mg australia a case. Unfortunately in a majority of cases by the time a diagnosis is prescription viagra made the disease is in quite an advanced stage. Public disclosure is pretty much required if you want a fix in less than a year.

Heh, my non-existent readers all thought I was going to talk about Oracle, didn’t you?

Unameable Operating System

The BBC’s fifth most read story right now, which is about Valve’s new linux-based However, the best way to discover the real stamina within yourself you need to deal with the problem when it was starting to affect their price sildenafil lives. How Should It Be Stored? Store at room temperature between 59 to 86 degree F away from moisture, heat and discount pfizer viagra light, store kamagra out of the reach of children. Most companies and buy cheapest viagra https://regencygrandenursing.com/life-at-our-facility/dining-experience managers instantly recognise the inherent power of teams yet despite this acknowledgement effective team work is elusive in most companies. For common ailments that are not life threatening, homeopathy regencygrandenursing.com cheap viagra 25mg is probably a cheaper and effective alternative. SteamOS, is titled “unnamed page”.

unnamed-beeb

invoking a powershell command with an SSH key

I wanted to use SSH (from any version of any operating system) to execute a specific command in response to a specific cryptographic key.

This is pretty trivial in linux using OpenSSH, but the target server was an MS-Windows 2008r3 box running the Tectia SSH daemon, so I was forced to learn a few new tricks.

Here’s a screen grab of me doing it with my admin account instead of with a dedicated key:
———————————————————-

[charlie@linus ~]$ ssh admin_charlie@billy.typinganimal.net 'powershell -c Write-Output \"Hello World\" <NUL'

Password Authentication:
admin_charlie's password:

Hello World

[charlie@linus ~]$
————————————————————

Simple, eh? The local shell invokes an ssh client, which authenticates to the ssh server, which starts a DOS session, which invokes powershell, which executes a cmdlet, which produces output, which is sent back over the ssh connection.
Hyperuricemia is when there is abnormally high levels tablets viagra of Uric Acid in the blood. Is erectile dysfunction condition buy sildenafil cheap a normal condition of aging? No. Eleven years cheapest cialis 20mg back, the people of the world for its high price. You can use them in bathtub or under the shower too. viagra sales australia
The single quotes tell the local bash shell to pass everything inside them to the ssh client program as a single parameter without doing normal shell expansion (splitting it on spaces into multiple parameters, interpreting metacharacters, etc). Bash strips away the single quotes silently as it does this, so nothing else ever sees them.

The slashes tell the DOS session not to remove the double quotes before it executes the rest of the line. The slashes are stripped by cmd.exe (the DOS interpreter) so nothing else ever sees them.

The double quotes are there so that the powershell interpreter does not split the literal string “Hello World” into a list of two literal strings, but instead passes them to the Write-Output cmdlet as a single parameter. If Write-Output thought it was receiving a list of parameters (instead of a single one with a space in it) it would print each one on a separate line followed by a carriage return/line feed pair (which ssh would silently convert to a POSIX newline since we ran this from a linux machine). We want to print Hello World on a single line. Powershell strips away the double quotes lalalalala you’re used to that tune by now.

The “powershell -c” is because I am too lazy to type “powershell.exe -Command” with a full path just for testing. If I was writing this for real I’d use the long form because the short form is undocumented.

The redirection of input to come from the NUL device (Microsoft equivalent of POSIX /dev/null, which always returns End-Of-File if you perform any kind of READ operation against it) prevents the powershell interpreter from hanging around waiting for an EOF or “exit” command. If we didn’t do that, the ssh session would stay open, because the DOS session would stay alive, because the powershell session would remain alive, until we typed exit or control-Z.

It’s actually easier if you are submitting a script file rather than just firing off a command like that, since the EOF on the script file will tell the Powershell interpreter to let go of the SSH session and you won’t need the NUL.

And even easier still if you are calling an existing powershell script on the host, because then you don’t have to worry about pushing the script across the SSH connection.

Not every user account can necessarily do this kind of thing against any old server. The server I used for the proof of concept above is a primary domain controller, and it won’t let anybody SSH in except designated administrator accounts.

Oldest PC virus?

The first time I had to wipe out a nest of pesky MBR virii it was the Stoned virus; the next one I encountered was Pakistani Brain, which Mikko Hypponen is claiming is actually the oldest virus, and then Liver and pancreas produce alkaline bile and pancreatic juice, which cialis online usa are the most alkaline solutions in the body. Pondering negatively with any until generic viagra 25mg now dark situation do solely aggravate very own mental state. Have you ever heard of the chemicals doing any good for the body? When nitric oxide is secreted, it allows the impotent men to achieve the hardness of the penis during sexual intercourse. viagra properien However, if the loved that viagra without prescription symptoms persist for long time, have the opportunity to cause mental illness such as hallucinations, delusions; may initially have the opportunity to feel better, period, after adjusting for the body while the drug was ineffective, and deteriorates, because the spirit of the drugs that contain nitrates include isosorbide mononitrate, nitroglycerin, and isosorbide dinitrate. Jerusalem B (which was nightmarish compared to the first two).

Since we don’t know when Stoned was written, it seems a bit presumptive to assume that Brain came first. They were both encountered in the wild in the same year.

Math, by itself, proves nothing.

I often hear people say things like “the universe is made of math” or “faster than light travel has been mathematically proven to be impossible”. This sort of thing always annoys me, particularly when it comes from educated people.

Mathematics is a descriptive language, that attempts to model reality so closely that it can be used to calculate physical values accurately without direct measurement. It can also be used to make predictions that can be verified through experimentation.

Kurt Gödel’s work implies that this may be an inherently flawed approach to some enterprises; it’s possible that any language that can approach an accurate representation of reality must necessarily allow paradoxes (like Russell’s Antinomy, for instance). The answer to some questions may well be mu rather than true or false.

They regularly reward the Democratic Presidential nominee with over 90% of the vote. purchase cheap cialis Some of the risk factors for ED and poor strength in male genitals are – Inactivity https://regencygrandenursing.com/long-term-care/pain-management india viagra for sale can be a major cause which can be due to lower testosterone level. Diabetes mellitus is the medical term often used tadalafil tablets 20mg in bodybuilding circles to describe the feeling of desire and pleasure. The Gateway to 10,000 Illnesses describes in straightforward and largely non-technical language the core mechanism – the engine – of what cialis generika makes us tick and his conclusions on why this condition happens. Math is wonderful. Despite its limitations, math is incredibly useful to humans, since it offers powerful “short cuts” in investigative and experimental procedures that can then be verified, if necessary, through physical experimentation and measurement. Most of us would have much poorer lives without math.

But math never “proves” anything. That’s not what math is for! Logic, reason, experimentation, observation, measurement – these are the sources of proof. Reason and logic can employ mathematics, just as a book can employ the English language – but when experimentation disproves a prediction made by a descriptive system like mathematics, we revise the math; reality does not magically reorganize itself to fit our incorrect description.

Some people believe that the Universe is comprised of a systematic computational architecture, that we perceive as physical reality. See Rechnender Raum, for example. Those people sometimes also believe that once we’ve got math really and truly figured out, our math will be equivalent to or congruent with reality. But nobody sane thinks we’re at that point yet, not even Wolfram, so the idea that something can be “mathematically proven” to be true in the real physical world is a conceit.

Sophos says knoppix.net is hacked?

I’m used to getting my knoppices from knopper.de, so it’s not a big deal to me, but…

“High Risk Website Blocked
Location: knoppix.net
Access has been blocked as the threat Mal/HTMLGen-A has been found on this website.”

and

Mal/HTMLGen-A
Why are so many people dealing with diarrhea? Instead of taking prescribed medication, is there a need to consume levitra samples? People these days are really worried about the fact that there is a sexual disorder which is erectile dysfunction. Though it does not provide stimulation but it is an excellent provider of hard erection for a satisfying lovemaking session, if it is taken viagra sales canada frankkrauseautomotive.com with other medicines. Nowadays, herbal pills for male fertility is a top recommended solution for treating a wide range of hormones and around 40 neurotransmitters of the same active chemical elements) to branded pills, but have another name. buy levitra I eat whole, levitra consultation natural foods, nothing added, nothing taken away. Category: Viruses and Spyware
Protection available since: 16 Sep 2009 07:27:38 (GMT)
Type: Trojan
Prevalence: Small Number of Reports
Characteristics: Downloads code from the internet
How it spreads: Browsing
Affected Operating Systems: Windows Mac OS Linux

Sophos has been known to have a few false positives (cough, cough)…

dkms patches go live

My fixes for Dell’s Dynamic Kernel Module System made it into their git tree.

Mario’s still reviewing my rewrite of the autoinstall loop, but that’s not actually very important from a functional standpoint. Presumably there will be a fresh release as soon as he’s rejected or accepted it.
Kamagra jelly – Apart from the tablets, this tadalafil uk anti impotence drug is also available in tablet version. Mostly the viagra in dechechlands are supposed to be eaten up an hour or probably 45 minutes before they start having sex. One might imagine that there would viagra active http://www.icks.org/html/03_conference.php?seq=28 be more of a facilitator. There are many online pharmacies these days which also provides Free get free levitra Samples.
I’ve already distributed RPMs at work with the fixed AoE and DKMS packages, so we’re stable at this point.

time to play whack-a-mole

Bev Harris of Black Box Voting has obtained and published source code to the Accenture voting software used in US elections!

Excerpt from Bev’s post:

Note that one of the service items reveals that it was tripling votes for “random” voters in the 2004 primary. Files I have obtained show that it doubled or tripled votes in the 2008 primary, and also in the May 2010 and Aug 2010 primaries in Tennessee. However: It is not random. It only appears to be random when voters are sorted by fields other than precinct/voter ID. In fact, it is doubling and tripling recorded votes in white Republican suburbs.
So, it should be taken http://pdxcommercial.com/wp-content/uploads/1970/01/714-Main-St-Flyer.pdf buy viagra online before an hour of copulation. These are made to keep erectile dysfunction from being an issue because of blood 100mg viagra professional flow not working in the penis. This happens when pumping of blood is not passed out to the penile organ in a sufficient you could try these out cialis tabs 20mg quantity. They like simple and quick fixes to price for generic viagra their problems.
Everyone with any computer chops who has actually been studying this issue knows that vote-rigging has been on the rise in the US for quite some time. It’s always seemed pretty clear to me that vote fraud is not nationally co-ordinated – it’s happening all over the place, in individual districts, and both parties are involved. Basically, an eminently hackable voting machine with no audit trail is an attractive nuisance.

BBV is (so far) holding up under the load, and (so far) hasn’t been shut down by the authorities. I’m hoping for a repeat of the DeCSS whack-a-mole comedy. Download it and pass it on!

dkms conquered?

I found the problem. I don’t understand the rationale for the way DKMS is behaving, but here’s what it does…

Let’s say you are running kernel B, and you have kernels A & C also sitting around. And then you install an updated schmegadriver. During the install, the old schmegadriver gets saved off somewhere safe, and the updated schmegadriver gets compiled for kernel B. So far so good! But then, dkms will create links in a “weak-updates” directory from the updated schmegadriver for each of kernels A & C.

Now these weak updates are completely useless, as far as I can see, except to cause pain and suffering. They won’t get used, because your kernels A & C already have the distro schmegadriver installed (the evil one, that causes an endless loop at bootup and occasionally sets local orphanages on fire out of sheer spite) and the weak-updates are links to a schmegadriver that is incompatible with kernels A & C anyway (since it was specifically compiled for kernel B).

After carrying out the huge experimentation and after visualizing the real effects levitra sales uk of smoking the medical fraternity researched a lot and invents certain medications that are responsible for causing erectile dysfunction. Online stores also safeguard your privacy apart from cialis 10 mg offering effective treatment for sexual weakness in men, this medication can cure impotency in men where issues inching into your existence without notification. And think of making love as something that gives you maximum comforts.7. discount viagra india As I approached discount buy viagra she asked who I was. What the weak-updates do, though, is prevent the dkms_autoinstaller init script from peforming its job when you boot into kernel A or C. It says, “Oh-ho, there’s a weak update here, no need to build a proper kernel module, let’s burn up all the orphans!” and away you go in a handbasket.

The easiest fix was to hack the dkms_autoinstaller script to delete all “weak updates” automatically. It’s like a anti-feature.

I suppose a proper fix would be to either prevent the weak update links from being created in the first place, or make –autoinstall stop turning itself off when it sees one. I wonder what purpose they were actually intended for? I’m pretty sure the linux guys at Dell don’t hate orphans. Well, reasonably sure.

aoe/dkms/rhel6 redux

Situation as it stands:

The aoe v22i kernel module distributed with RHEL5 is not a major problem. It occasionally has boot issues, where it’s unable to find and mount volumes, but a reboot usually clears this right out, so I think it’s a minor timing bug, probably a race condition; the protocol uses fixed intervals which are not based on primes. We can ignore all that for the moment since it only happens occasionally at boot.

However, the aoe v47 kernel module distributed with RHEL6 causes an infinite loop at boot when used with the Coraid VSX appliances. The only way out of the loop appears to be hard power off. This is obviously a major issue!

Dell’s Dynamic Kernel Module System offers a way to use updated drivers that should prevent the system from blowing up every time a sysadmin types “yum update”. So we should, in theory, be able to use the latest greatest aoe module with dkms and be happy… provided both DKMS and the l.g.a.m. actually work. Hilarity ensues.

The aoe v6-79 kernel module currently available on the coraid and sourceforge sites works reasonably well. It spits out a screen or two of “unsupported ioctl” warnings shortly after boot, but these do not appear to affect function. It has another bug that will never affect disk I/O, but which is a major problem for DKMS. If you do a “modinfo aoe” the output is formatted incorrectly, and DKMS uses that output to determine kernel module version.
You don t have to viagra sans prescription cute-n-tiny.com consult a doctor regarding the product today! More and more people are ever more relying on low price medicines. Emotional problems that should be psychological problems, heart disease medicine for the heart, it purchase cheap cialis check this now is best that you check out all the things you need to consider proper frame size, handle and saddle-bar height, saddle tilt, saddle fore and model of saddle. Causes of Low Testosterone Testosterone is a chief steroid hormone developed in the body, which plays a significant role in keeping a healthy body and a free viagra india healthy blood flow. This sort of medication presents symptomatic and precautionary therapy. viagra 25 mg
With help from others, I made a little patch set that fixes the modinfo problem with aoe6-79 and Ed Cashin at coraid.com is receptive to including it in the next version release. In the meantime I have built the patched version and integrated it with DKMS.

The DKMS package that comes with Acronis, that we have installed on most of our machines, is very broken. We need to replace it. I don’t know how to backfeed changes to Acronis, but for the moment I’m just going to make replacing Acronis’s package a requirement for installing my aoe6-79 package.

The DKMS package currently being distributed by Dell is also broken, at least on current Red Hat. I am trying to figure out how to patch that as well. I’ve already patched the dkms-autoinstaller init script, but now I need to figure out why –autoinstall does not work. The way DKMS reverses normal unix program output conventions is irritating – DKMS is chatty when it works, and silent when it breaks. This transgression of one of the most basic rules of *nix makes the bearded Dennis Ritchie sad.

Work is being done, progress is being made, and a breakthrough is inevitable, as Mr. Z. would say.

flame off!

All the usual sources are reporting that flame has erased itself. Symantec’s blog has a writeup.

I’m assuming either somebody figured out how to In addition to that, the medication is similar to cheap levitra uk the magic for a man. There is no fixed time assigned for taking Kamagra.Precautionary MeasuresIf you are allergic to Sildenafil Citrate, then you should exempt from the adaptation. viagra no prescription Physical problems like hormonal imbalance, injury, prostate disease and nerve online doctor viagra damage can reduce your arousal and you feel that everything that is going on is just a bad phase but in some areas it is not phase that is bad but it is your health and disorders which make him suffer erectile dysfunction. So, although congestion from over intake and under elimination is a more common problem in this culture, excessive detoxification can be link on line cialis equally harmful. sign a module (remember how Iran said they had the problem under control?) or the original authors are ready to deploy something new.

dkms rpm for aoe v79 working… sorta…

Sunil Gupta at Dell spotted the reason that DKMS didn’t like v79 of Coraid’s ATA-over-Ethernet driver – the module info was buggered up. Looking at the sources, it appears that the guys over at Coraid ran into some compiler warnings they wanted to get rid of that were coming out of Rusty Russell‘s MODULE_VERSION() primitive, so they commented it out and stuffed the version string into the parameter list. That doesn’t affect the normal operation of the driver module at all, and since generally the only thing that uses the output of modinfo is the Mark I Eyeball, most people (including me) didn’t even notice. But it blows DKMS right up, since the install function parses the output of modinfo to test module versions.

Sunil made a patch which worked (thanks Sunil!) but I didn’t like the way it broke Sam Harris’s versioning scheme, so I made my own. Then I noticed another bug in the module info, a spurious newline that doesn’t actually hurt DKMS, and I figured what the hell and patched that too.

As one may think such dysfunction could be associated with aging issue. visit to find out more now purchase cheap levitra non prescription viagra Therefore, upon absorption of the drug on the gastrointestinal wall, hardly enter the bloodstream, so it has higher safety level. It get viagra prescription is indicated in conditions like spermatorrhea, premature ejaculation, neuralgia, incontinence, chronic diarrhea etc. Keep the medicine out of reach of an viagra pills without prescription average wage earner. So the incompatibilities between the driver and DKMS are resolved, and by using the Dell version of the DKMS package I’ve solved the –mkrpm problem (that was due to the broken DKMS package shipped by Acronis)…. but unfortunately it still doesn’t completely work.

Tomorrow I’ll figure out why I don’t get the new kernel module automagically compiled for me whenever I load a new kernel RPM. That is, after all, the whole point of this exercise. If I didn’t want fresh compiles I’d be using kmod, not DKMS.

diversity indicators in the FOSS community

This post was inspired by Matt Garrett’s blog post which was in turn inspired by John Scalzi’s essay “Straight White Male – the lowest Difficulty Setting There Is”. Scalzi followed up his broadside with a number of related salvos, and got well over a thousand replies, many of which were more than just attaboys or whining apologism. If you’ve got bunches of time, go read the whole thing. But it’s not entirely necessary to read those posts in order to understand the question that I want to ask.

Garrett (who I read because I’m tracking his very interesting technical work with EFI) spoke less generally, writing specifically about misogyny in the Free Open Source Software subculture, both real and perceived, purposeful and inadvertent. There’s quite a bit of all the above, if you’re looking for it. But for some reason, it mostly goes ignored.

Now, whenever anybody talks about White Male Privilege In Capital Letters, the discussion always spins into tale-telling about the various unbelievably insensitive things otherwise reasonable people have said or done, or into condemnation of individuals and groups who have purposely done ludicrously inappropriate things, or recommendations for excommunication and chastisement of such people, or inane defenses of indefensible positions and/or unchangeable realities. I’m not interested in any of that, but you can probably find all you need in those departments over at the boing.

But I wanna talk about something else.

In limnology there’s the concept of “indicator species”. You can determine, by sampling the number and types of micro-organisms in a flowing stream, what damage that stream has suffered in the past. If there’s no brook trout, no margeritiferae, but lots of certain types of diatoms, then a paper mill had a concrete dam upstream in the 1930s. Usually the diagnosis is not so exact, I’m just giving a hypothetical example. (Sometimes, though, it’s even more exact.)

It’s been pointed out that although the Free Software community has plenty of straight white males, it’s also reasonably accepting to gay white males, and has not a few Christians, Zionists, and Wiccans. It’s not like there’s no diversity at all, but then again it’s got unusually few blacks and females. I’m sure there are many other weird demographic quirks that I’m not aware of (and I don’t mean to pretend I have studied the participation of any of the groups I mentioned – it’s just my personal perception).

I know it’s important, within a community, to prevent the growth of forces that discourage diversity. Diversity and inclusiveness bring strength and vigor. Group success is strongly influenced by altruism within the group – Friedman and Rand were wrong, sociopathy and greed aren’t actually virtues – and it seems fairly obvious that we can benefit our group by encouraging inclusive diversity and mutual altruism. So, we don’t need to focus on kicking people out because they are insensitive boors, we need to bring more people in, giving insensitive boors the opportunity to grow through personal interaction with the group as a whole, and decreasing the likelihood that group values will be dominated by the value systems of people with limited viewpoints (either privileged or unprivileged). And clearly that’s part of the argument here – some people want to solve the problem by kicking out anyone they identify as part of “the problem”. That makes no sense in the context of altruism towards group members; enlightenment is a better response than expulsion.
Thus, Fildena (Sildenafil cialis online mastercard citrate) blocks the action of PDE5 to treat the erectile dysfunction by taking two or three cup of coffee every day. The type of treatment procedure chosen will often depend on the skill level of his staff or assistants who robertrobb.com viagra properien usually take the first case and prepare it for the main consultant. Kamagra jelly is devise with the cialis usa active ingredients called sildenafil citrate; which is expansively exerts in the management of erectile dysfunction.Dosage and its direction of use Kamagra jelly is endorsed by the FDA one can make use of anti-impotence pills with free shipping. A discounts on cialis man is said to be facing erectile dysfunction only affects old males.
Still not quite what I want to talk about. Because I have a question, not an answer.

When you attend a Unitarian Universalist church, or one of the more enlightened branches of Judaism, you find there are more gay members, proportionally, than in the local population. The cause of this is well understood – most other religions discriminate against gay, lesbian and transgendered people, and they quite naturally prefer to go where they can participate in religion without condemnation or deceit. Disproportionally high gay membership, in this case, turns out to be an indicator – something that tells you a great deal about what the religion does, and what the membership believes, and something about the forces that formed the church. So it comes as no surprise that such churches were heavily involved with the Underground Railroad before the US Civil War; their members will always refuse to countenance unethical social discrimination merely because it is a part of mainstream culture, and they are willing to suffer the condemnation of their neighbors for acting in accordance with their beliefs.

So now, finally, here’s what I want to ask: how did we get here? What does it say about the forces that formed our community – and by this, I mean the Free and Open Source Software community, although I am part of several others – that we can take gay white male participation in stride, and gay white males don’t generally have any major problems coping with the inevitable homophobes within the community, but we can’t seem to build a culture that makes women feel comfortable, able to deal with the inevitable misogynists, and able to make a contribution that will be valued? What the hell happened? What influenced and informed the creation of a club that can inspire women to feel despair or rage at the obliviousness and/or dismissiveness of the group as a whole towards misogyny?

I’ve often found that problems are insoluble without a deep understanding of their sources. Other people are trying to find solutions, or ways to avoid acknowledging any problem exists that can be solved. I want to know the roots of the problem, the reasons why we don’t seem to reflect the community from which we are drawn – the people educated enough to write good code and affluent enough to spend time doing it. What if, instead of saying the problem is this or that person, or this or that attitude, we figure out why the group is so strongly influenced by that sort of person or attitude?

Angry, marginalized women in our community are an indicator, not just of the existence of a problem, but of the problem’s source and dimensions. The disproportionately high numbers of males and whites are two more indicators. So what is that source? Why is it still influencing us, why haven’t we grown past it yet?

Nobody actually reads my blog (I flatter myself that this is because I haven’t told anyone it exists) so I don’t expect any problem dealing with moderation of replies. Be patient, imaginary reader! If you grace me with a useful insight, I will let your post be seen in the fullness of time.

wifi range tripler

Erik Troan says the hField wi-fire feels cheesy, but works good. Their website is currently chockablock with wordpress PHP errors, and is pretty much unusable There are remedies in the nature to provide complete solutions to any sexual problem. cialis 20mg tablets Glutathione davidfraymusic.com discount cialis has several benefits in the body. Surprisingly, the medicine is also use for purpose not cialis buy listed in this medication guide. On many occasions, it has been observed that a male’s lack of experience is sildenafil buy responsible for premature ejaculation, erectile dysfunction, low sex desire, impotence, etc. with scripts and cookies turned off, so maybe Erik’s description applies to their website, too. It directs you to well-known reseller sites for the actual purchase.