aelius

Folosesc des un adaptor usb to serial pentru a ma conecta pe diverse echipamente. Dupa update-ul la Mavericks, am constatat ca nu ma mai pot conecta. Cam aceiasi problema a fost si la Lion. macbook ~$ cd Work/ macbook Work$ curl -o osx-pl2303.kext.tgz http://www.xbsd.nl/pub/osx-pl2303.kext.tgz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 52512 100 52512 0 0 177k 0 --:--:-- --:--:-- --:--:-- 178k macbook Work$ tar zxvf osx-pl2303.kext.tgz x osx-pl2303.kext/ x osx-pl2303.kext/Contents/ x osx-pl2303.kext/Contents/Info.plist x osx-pl2303.kext/Contents/MacOS/ x osx-pl2303.kext/Contents/Resources/ x osx-pl2303.kext/Contents/Resources/COPYING x osx-pl2303.kext/Contents/Resources/English.lproj/ x osx-pl2303.kext/Contents/Resources/English.lproj/InfoPlist.strings x osx-pl2303.kext/Contents/MacOS/osx-pl2303 macbook Work$ cd osx-pl2303.kext macbook osx-pl2303.kext$ ls Contents macbook osx-pl2303.kext$ cd .. macbook Work$ sudo cp -R osx-pl2303.kext /System/Library/Extensions/ Password: macbook Work$ sudo chmod -R 755 /System/Library/Extensions/osx-pl2303.kext/ macbook Work$ sudo chown -R root:wheel /System/Library/Extensions/osx-pl2303.kext/ macbook Work$ sudo kextload /System/Library/Extensions/osx-pl2303.kext macbook Work$ sudo kextcache -system-cache macbook Work$ kextstat|grep 2303 138 0 0xffffff7f820ee000 0xb000 0xb000 nl.bjaelectronics.driver.PL2303 (1.0.0d1) <110 36 5 4 3> Functioneaza perfect driverul. Sursa: xbsd.nl - PL2303 Serial USB on OSX Lion

Salut, Uitandu-ma la adresa ta ip, nu cred ca ai vreo sansa. Se foloseste squid/proxy local, sunt filtre, etc. De ce vrei sa faci asta ?

Nu am patit chestii de genul dar banuiesc ca se intampla ocazional din cauza unui echipament prost configurat la ISP. (cei la care este serverul dedicat cu RST-ul) Am folosit cateva luni bune ceva echipamente de la Fortinet si se intampla des sa fie blocati clientii legitimi (cand era prea mare queue-ul, la atacuri sau pur si simplu considera el ca sunt pachete invalide). Chestia cu anuntatul adresei ip ca blackhole in sesiunile externe BGP imi pare lame rau. Asta nu e filtrare. Poti spune ca ISP-ul iti face denial of service catre tot ce nu e in tara.

Decand o fi gura langa vagin nu am idee Mai continua legea oricum, era "fara acordul acesteia"

Dupa mine, nu as tine cont de vreo regula scrisa. Ma enerveaza la culme cei cu root0 uid0 eth0 si porcarii de genul. In rest, intrebarile diverse, chiar daca par putin cretine, nu ma deranjaza. Chiar si o idee cretina se poate materializa in ceva ok (care la inceput pare cretina)

Just two days before Apple has disclosed a critical Security flaw in the SSL implementation on the iOS software that would allow man-in-the-middle attacks to intercept the SSL data by spoofing SSL servers. Dubbed as CVE-2014-1266, the so-called ‘goto fail;’ vulnerability in which the secure transport failed to validate the authenticity of the connection has left millions of Apple users vulnerable to Hackers and Spy Agencies, especially like the NSA. Last Friday, Apple had also released updated version iOS 7.0.6 to patch the vulnerability, which was first discovered in Apple's iOS Devices, but later company had acknowledged its presence in Mac OSX also, that could allow hackers to intercept email and other communications that are meant to be encrypted in iPhone, iPad and Mac computer. Affected versions include iOS up to version 7.0.5 and OS X before 10.9.2. Security Researchers confirmed, 'Nearly all encrypted traffic, including usernames, passwords, and even Apple app updates can be captured.' with man-in-the-middle attack. Apple Vulnerability and NSA I am sure; you still remember the NSA's DROPOUTJEEP Hacking Tool, implant for Apple iOS devices that allows the NSA to remotely control and monitor nearly all the features of an iPhone, including text messages, Geo-Location, microphone and the Camera. DROPOUTJEEP program was developed in 2008 to conduct espionage on iPhone users, which was revealed by the documents provided by Edward Snowden a month ago. "The initial release of DROPOUTJEEP will focus on installing the implant via close access methods." document reads. According to the vulnerability details published by a Google's Security Researcher 'Adam Langley', a basic mistake in a line of the SSL Encryption code almost screwed up the iOS SSL certificate verification process with an open invitation for the NSA's Prying Eyes. "This sort of subtle bug deep in the code is a nightmare," Adam Langley said on his blog, "I believe that it's just a mistake, and I feel very bad for whoever might have slipped in an editor and created it." Security researchers, Jacob Applebaum said last December, "Either the NSA has a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves." Although, those old techniques are no longer in circulation, but the NSA has a track record of continually evading the privacy of users by exploiting vulnerabilities in various softwares and obviously NSA's capabilities have improved significantly in the past five years. In the DROPOUTJEEP document, the NSA also admitted, 'A remote installation capability will be pursued for a future release.' That means, it's practically possible that the NSA had already discovered this iOS SSL flaw in an effort to hack iPhone users' remotely by sniffing data and spoofing them to install malware. An Unanswered Question 'Was the Apple intentionally injected backdoors for NSA or the flaw was an accident???' If it was an accident, then Apple would have been able to release patches for both iOS and Mac OS X at the same time, instead of releasing the patches for both, it silently released a fix for iOS devices on Friday night, but when the cryptographers and security experts began criticizing the company for leaving OS X without the patch, they finally acknowledged Mac OS X too; But it's the 4th day after disclosure and no patch yet has been released for Mac OS X. Also, Apple contacted CVE (Common Vulnerabilities and Errors database) on 8th January 2014 to reserve the bug number CVE 2014-1266 for the SSL vulnerability and later they have released updated iOS 7.1, which was also vulnerable to the flaw that Apple had already discovered. However, Apple categorically denied working with the NSA on a backdoor after it was accused last December of creating a way for the US intelligence agency NSA to access contacts and other data in iPhones. On Dec. 31, Apple spokesperson released a statement saying: In 2013, The US Department of Defense passed Apple's iOS 6 for the Government use, that means if the NSA was aware of this flaw, they didn't seem to have informed them. To Check, whether your web browser is vulnerable to SSL flaw, Click here and to be safe, you are recommended to use an alternate web browser, rather than Safari web browser and avoid using public and unsecured networks. UPDATE: Apple has finally today releases Mac OS X 10.9.2, which includes a fix for a major SSL security flaw and bringing with it a number of "improvements to the stability, compatibility and security of your Mac." Source: Apple's SSL Vulnerability might allow NSA to hack iOS Devices Remotely - The Hacker News ---- Nota: "Security Researchers confirmed, 'Nearly all encrypted traffic, including usernames, passwords, and even Apple app updates can be captured.' with man-in-the-middle attack." Sa fim seriosi, in Franta au redirectat google si i-au pus un certificat manarit pentru a snifa utilizatorii. Sunt scule hardware pentru interceptare la nivel de isp de cel putin 8 ani. Da chiar au luat-o razna toti cu NSA-ul ...

31 este numar prim; 531 nu este

mareste si txqueuelen pe interfata de retea ifconfig eth0 |grep txqueuelen ifconfig eth0 txqueuelen 5000 Hai ca deschidem un thread deseara despre posibilitatile de filtrare cu iptables, ipfilter, packet filter. Cred ca or sa fie mai multi interesati. Ideea e ca odata ajunse conexiunile sa fie procesate de aplicatii, este prea tarziu (atacul si-a atins scopul)

InnoDB este row-level locking. La aplicatiile intensive, MyISAM produce incarcarea serverelor.

@gogusan: Merci pentru post. Nu utilizez protectia dos din nginx pentru ca filtrez inainte cu iptables. Nu vreau sa filtrez pachetele la nivelul ala si prefer ca pachetele sa nu fie acceptate de server. multi_accept on; # nu este ok pentru ca se produce aglomerare. 4x64000 -> este setat foarte mare pentru a fi sigur ca imi sunt acceptate toate conexiunile (de asemenea, in sysctl sunt valori f. mari) 5 core -> aici nu inteleg, nu exista five core

"Windows Server vine preinstalat pe mai mult de 50% din noile servere cumparate." - Poate Supermicro ceva (nu stiu exact). La HP, DELL nu e nimic instalat pe ele. De acord, furnizorii hardware incearca sa vanda cat mai multe odata cu un server (licente os, licenta ilo, etc ...). In aproximativ 5 ani de dat servere dedicate, doar doi clienti au inchiriat servere cu windows (unul un DL380 si altul un DL580). Windows server nu are cum sa dispara, cel putin nu vad cum. Fiecare OS este cu scopul lui. In orice caz, au si ei solutii foarte decente si stabile: Hyper V, Microsoft Exchange Server. Nu sunt cu solutiile windows, dar astea doua chiar sunt reusite. Imi mai place windows mobile. Este foarte fluid si stabil fata de Android. Gresala microsoft-ului este ca nu sunt apropiati de developeri si majoritatea aplicatiilor sunt closed-source.

Man, @Undeath ce ti-a facut ? Si cam ce vrei sa-i facem lui Nemessis ? Nu cumva vrei sa-i dam si ban lui Nytro pe forumul lui ?

Vezi bre @IMAGINARY, astazi te vaitai ca o muiere in calduri pe threadul ala cu abuzurile moderatorilor. Sincer, omul ala a facut filelistul si ne folosim toti de munca lui. Chiar daca nu ai account acolo, respecta munca oamenilor. Nu va place cand va vorbim urat dar dati cu nuca-n perete pe orice thread.

Nu am asa incredere in benchmark-uri. Am incercat direct pe servere aflate in productie cu aplicatii web intensive. Se vedea clar la diferenta de incarcare cat si la numarul de procese aflate in waiting pe mysql (inainte si dupa) Sunt curios pe MyISAM cum se comporta, cam pe toate serverele testate se folosea InnoDB.

Daca utilizati SSD-uri, este o idee buna sa inlocuiti MySQL cu Percona. Veti fi uimit de castigul de performanta. Chiar si cu HDD-uri obisnuite, o sa aveti un castig de 10-30 % in performanta. Adaugam repo-urile in '/etc/apt/sources.list' echo "deb http://repo.percona.com/apt wheezy main" >> /etc/apt/sources.list echo "deb-src http://repo.percona.com/apt wheezy main" >> /etc/apt/sources.list Adaugam key-ul pentru apt apt-key adv --keyserver keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A Facem un apt-get update pentru o lista cu pachetele actualizate apt-get update Instalam percona server, percona client si common files (fisiere de configuratie, etc) apt-get install percona-server-common-5.5 percona-server-client-5.5 percona-server-server-5.5 Un config se poate vedea aici # File '/etc/mysql/my.cnf' [client] port = 3306 socket = /var/run/mysqld/mysqld.sock [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /run/shm lc-messages-dir = /usr/share/mysql skip-external-locking bind-address = 127.0.0.1 key_buffer = 600M max_allowed_packet = 1200M open_files_limit = 4096 thread_stack = 192K thread_cache_size = 8 myisam-recover = BACKUP max_connections = 1000 max_user_connections = 100 table_cache = 512 thread_concurrency = 2 query_cache_limit = 128M query_cache_size = 16M log_slow_queries = /var/log/mysql/mysql-slow.log long_query_time = 2 expire_logs_days = 10 max_binlog_size = 100M [mysqldump] quick quote-names max_allowed_packet = 1200M [mysql] [isamchk] key_buffer = 16M # # * IMPORTANT: Additional settings that can override those from this file! # The files must end with '.cnf', otherwise they'll be ignored. # !includedir /etc/mysql/conf.d/ Nota: configul este doar ca exemplu, nu-i dati copy/paste in sistemele voastre fara sa stiti cu exactitate ce fac acele variabile. Ele sunt calculate in in functie de resurse si aplicatii. Pagina oficiala percona: http://www.percona.com/ Documentatie: http://www.percona.com/docs/wiki/

Ideea de a folosi nginx cu ssl ca frontend pentru apache cred ca este foarte buna din urmatoarele motive: - Se comporta ca un tcp offloader oferind ceva protectie extra pentru webserver (in caz de atacuri http(s)) - Scade timpul de acces pe site (spre diferenta de apache simplu cu SSL) vhost config server { listen 188.240.88.4:443; server_name rstcenter.com www.rstcenter.com; keepalive_timeout 60; ssl on; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers aRSA:!eNULL:!EXP:!LOW:-RC4:-3DES:!SEED:!MD5:!kPSK:!kSRP:-kRSA:@STRENGTH:AES128-SHA:DES-CBC3-SHA:RC4-SHA; ssl_prefer_server_ciphers on; ssl_session_cache shared:TLSSL:30m; ssl_session_timeout 10m; ssl_certificate /etc/nginx/ssl/rstcenter.com.combined.crt; ssl_certificate_key /etc/nginx/ssl/rstcenter.com.key; more_set_headers "X-Secure-Connection: true"; add_header Strict-Transport-Security max-age=3456000; location / { proxy_pass http://127.0.0.1:1234; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; } Un nginx.conf se poate vedea aici (nu este cel default) user www-data; worker_processes 4; worker_priority -1; pid /var/run/nginx.pid; worker_rlimit_nofile 640000; worker_cpu_affinity 0001 0010 0100 1000; events { worker_connections 64000; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 20; keepalive_requests 10000; types_hash_max_size 2048; client_max_body_size 128M; client_body_buffer_size 128k; connection_pool_size 8192; request_pool_size 8k; server_names_hash_bucket_size 2048; server_tokens off; resolver 127.0.0.1; resolver_timeout 2s; reset_timedout_connection on; more_set_headers "Server: Apache"; more_set_headers "X-XSS-Protection: 1; mode=block"; more_set_headers "X-Frame-Options: sameorigin"; more_set_headers "X-Content-Type-Options: nosniff"; open_file_cache max=147000 inactive=30s; open_file_cache_valid 60s; open_file_cache_min_uses 2; open_file_cache_errors on; include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; gzip_static on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_min_length 500; gzip_http_version 1.0; gzip_types text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript text/plain; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } Note: - Nginx este instalat pe Debian (pachetul este 'nginx-extras') - Apache il rulez listat pe 127.0.0.1 port 1234 - Certificatul site-ului (CRT-ul) este concatenat din crt-ul domeniului + certificatul intermediar

Ca sa-si dea seama ca e prost, trebuie totusi sa-i mearga mintea. Nu ?

Daca cineva se adreseaza cu un limbaj civilizat, raspundem si noi la fel. Nu cred ca o sa ai respect daca vorbesti cu un vocabular academic unui golan sau unui incult. @IMAGINARY, sa nu exageram: https://rstforums.com/forum/81904-sqli-udmr-ro-full.rst#post527348 https://rstforums.com/forum/81739-interviu-cu-nytro-old-2.rst#post526923 - aici l-ai jignit pe nytro ca seamana cu tiganul ala

Pune mana pe carte ba, nu iti mai bate joc de limba romana. Hai sa promovam stiinta: https://rstforums.com/forum/80614-server-cpu-overloads.rst - nu stii sa instalezi un tool sau sa determini o mica problema de overload pe un server https://rstforums.com/forum/81392-scanner-de-smpt-windows.rst#post524040 - aici o arzi cu scannerul pe ip-ul de acasa. https://rstforums.com/forum/81270-cont-steam-hack.rst#post523125 - cauti hacår pt. cont de steam ?

Pai scrie in titlul threadului ce este.

Ba labare. Era categoria SHOW OFF. Unde cacat e show off-ul din postul tau infect ? Ti-am mutat frumos threadul. As fi putut sa-ti dau warn sau ban pentru ca deschizi threaduri de rahat in categorie gresita. Utilizator de windows. Tipic mirc generation. Team-CrackerS, iauzi la el ... Daca esti tare-n pula hai sa ne intalnim sa ne ardem. Daca nu, besi in pula noastra de copil obosit. Ban permanent la toti care ati postat aici.

Adica ... sa-ti faca harakiri sau cum? sau e demigreze de la demi-sec. (vin). Vezi ca e denigreze Va mut threadul la cos sa nu luati ban, radeti acolo in el cat vreti.

Ce cauta rahatul asta la show off mircarilor ?

h05th - ban permanent. ala vinde carduri si cacaturi si tu recomanzi. hai ca esti tare. parahack - ban permanent. orice chestie legata de frauda atrage ban permanent. adresele voastre ip au fost scrise public in posturi, sa stie lumea cine sunteti si cu ce va ocupati. Muie! La munca.

@neox: Si ce faci daca iti este periclitata securitatea unui intreg server de la un site. Mai aveam un amic de s-a trezit cu psybnc-uri pe server (si cica e sysadmin - defapt asa crede el) Ca idee: E bine sa le stii pentru tine, nu ca le-ar cere un angajator.