<!--{{{-->
<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml' />
<!--}}}-->
Background: #fff
Foreground: #000
PrimaryPale: #8cf
PrimaryLight: #18f
PrimaryMid: #04b
PrimaryDark: #014
SecondaryPale: #ffc
SecondaryLight: #fe8
SecondaryMid: #db4
SecondaryDark: #841
TertiaryPale: #eee
TertiaryLight: #ccc
TertiaryMid: #999
TertiaryDark: #666
Error: #f88
/*{{{*/
body {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}

a {color:[[ColorPalette::PrimaryMid]];}
a:hover {background-color:[[ColorPalette::PrimaryMid]]; color:[[ColorPalette::Background]];}
a img {border:0;}

h1,h2,h3,h4,h5,h6 {color:[[ColorPalette::SecondaryDark]]; background:transparent;}
h1 {border-bottom:2px solid [[ColorPalette::TertiaryLight]];}
h2,h3 {border-bottom:1px solid [[ColorPalette::TertiaryLight]];}

.button {color:[[ColorPalette::PrimaryDark]]; border:1px solid [[ColorPalette::Background]];}
.button:hover {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::SecondaryLight]]; border-color:[[ColorPalette::SecondaryMid]];}
.button:active {color:[[ColorPalette::Background]]; background:[[ColorPalette::SecondaryMid]]; border:1px solid [[ColorPalette::SecondaryDark]];}

.header {background:[[ColorPalette::PrimaryMid]];}
.headerShadow {color:[[ColorPalette::Foreground]];}
.headerShadow a {font-weight:normal; color:[[ColorPalette::Foreground]];}
.headerForeground {color:[[ColorPalette::Background]];}
.headerForeground a {font-weight:normal; color:[[ColorPalette::PrimaryPale]];}

.tabSelected {color:[[ColorPalette::PrimaryDark]];
	background:[[ColorPalette::TertiaryPale]];
	border-left:1px solid [[ColorPalette::TertiaryLight]];
	border-top:1px solid [[ColorPalette::TertiaryLight]];
	border-right:1px solid [[ColorPalette::TertiaryLight]];
}
.tabUnselected {color:[[ColorPalette::Background]]; background:[[ColorPalette::TertiaryMid]];}
.tabContents {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::TertiaryPale]]; border:1px solid [[ColorPalette::TertiaryLight]];}
.tabContents .button {border:0;}

#sidebar {}
#sidebarOptions input {border:1px solid [[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel {background:[[ColorPalette::PrimaryPale]];}
#sidebarOptions .sliderPanel a {border:none;color:[[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel a:hover {color:[[ColorPalette::Background]]; background:[[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel a:active {color:[[ColorPalette::PrimaryMid]]; background:[[ColorPalette::Background]];}

.wizard {background:[[ColorPalette::PrimaryPale]]; border:1px solid [[ColorPalette::PrimaryMid]];}
.wizard h1 {color:[[ColorPalette::PrimaryDark]]; border:none;}
.wizard h2 {color:[[ColorPalette::Foreground]]; border:none;}
.wizardStep {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];
	border:1px solid [[ColorPalette::PrimaryMid]];}
.wizardStep.wizardStepDone {background:[[ColorPalette::TertiaryLight]];}
.wizardFooter {background:[[ColorPalette::PrimaryPale]];}
.wizardFooter .status {background:[[ColorPalette::PrimaryDark]]; color:[[ColorPalette::Background]];}
.wizard .button {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::SecondaryLight]]; border: 1px solid;
	border-color:[[ColorPalette::SecondaryPale]] [[ColorPalette::SecondaryDark]] [[ColorPalette::SecondaryDark]] [[ColorPalette::SecondaryPale]];}
.wizard .button:hover {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::Background]];}
.wizard .button:active {color:[[ColorPalette::Background]]; background:[[ColorPalette::Foreground]]; border: 1px solid;
	border-color:[[ColorPalette::PrimaryDark]] [[ColorPalette::PrimaryPale]] [[ColorPalette::PrimaryPale]] [[ColorPalette::PrimaryDark]];}

.wizard .notChanged {background:transparent;}
.wizard .changedLocally {background:#80ff80;}
.wizard .changedServer {background:#8080ff;}
.wizard .changedBoth {background:#ff8080;}
.wizard .notFound {background:#ffff80;}
.wizard .putToServer {background:#ff80ff;}
.wizard .gotFromServer {background:#80ffff;}

#messageArea {border:1px solid [[ColorPalette::SecondaryMid]]; background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]];}
#messageArea .button {color:[[ColorPalette::PrimaryMid]]; background:[[ColorPalette::SecondaryPale]]; border:none;}

.popupTiddler {background:[[ColorPalette::TertiaryPale]]; border:2px solid [[ColorPalette::TertiaryMid]];}

.popup {background:[[ColorPalette::TertiaryPale]]; color:[[ColorPalette::TertiaryDark]]; border-left:1px solid [[ColorPalette::TertiaryMid]]; border-top:1px solid [[ColorPalette::TertiaryMid]]; border-right:2px solid [[ColorPalette::TertiaryDark]]; border-bottom:2px solid [[ColorPalette::TertiaryDark]];}
.popup hr {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::PrimaryDark]]; border-bottom:1px;}
.popup li.disabled {color:[[ColorPalette::TertiaryMid]];}
.popup li a, .popup li a:visited {color:[[ColorPalette::Foreground]]; border: none;}
.popup li a:hover {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; border: none;}
.popup li a:active {background:[[ColorPalette::SecondaryPale]]; color:[[ColorPalette::Foreground]]; border: none;}
.popupHighlight {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
.listBreak div {border-bottom:1px solid [[ColorPalette::TertiaryDark]];}

.tiddler .defaultCommand {font-weight:bold;}

.shadow .title {color:[[ColorPalette::TertiaryDark]];}

.title {color:[[ColorPalette::SecondaryDark]];}
.subtitle {color:[[ColorPalette::TertiaryDark]];}

.toolbar {color:[[ColorPalette::PrimaryMid]];}
.toolbar a {color:[[ColorPalette::TertiaryLight]];}
.selected .toolbar a {color:[[ColorPalette::TertiaryMid]];}
.selected .toolbar a:hover {color:[[ColorPalette::Foreground]];}

.tagging, .tagged {border:1px solid [[ColorPalette::TertiaryPale]]; background-color:[[ColorPalette::TertiaryPale]];}
.selected .tagging, .selected .tagged {background-color:[[ColorPalette::TertiaryLight]]; border:1px solid [[ColorPalette::TertiaryMid]];}
.tagging .listTitle, .tagged .listTitle {color:[[ColorPalette::PrimaryDark]];}
.tagging .button, .tagged .button {border:none;}

.footer {color:[[ColorPalette::TertiaryLight]];}
.selected .footer {color:[[ColorPalette::TertiaryMid]];}

.error, .errorButton {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::Error]];}
.warning {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::SecondaryPale]];}
.lowlight {background:[[ColorPalette::TertiaryLight]];}

.zoomer {background:none; color:[[ColorPalette::TertiaryMid]]; border:3px solid [[ColorPalette::TertiaryMid]];}

.imageLink, #displayArea .imageLink {background:transparent;}

.annotation {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; border:2px solid [[ColorPalette::SecondaryMid]];}

.viewer .listTitle {list-style-type:none; margin-left:-2em;}
.viewer .button {border:1px solid [[ColorPalette::SecondaryMid]];}
.viewer blockquote {border-left:3px solid [[ColorPalette::TertiaryDark]];}

.viewer table, table.twtable {border:2px solid [[ColorPalette::TertiaryDark]];}
.viewer th, .viewer thead td, .twtable th, .twtable thead td {background:[[ColorPalette::SecondaryMid]]; border:1px solid [[ColorPalette::TertiaryDark]]; color:[[ColorPalette::Background]];}
.viewer td, .viewer tr, .twtable td, .twtable tr {border:1px solid [[ColorPalette::TertiaryDark]];}

.viewer pre {border:1px solid [[ColorPalette::SecondaryLight]]; background:[[ColorPalette::SecondaryPale]];}
.viewer code {color:[[ColorPalette::SecondaryDark]];}
.viewer hr {border:0; border-top:dashed 1px [[ColorPalette::TertiaryDark]]; color:[[ColorPalette::TertiaryDark]];}

.highlight, .marked {background:[[ColorPalette::SecondaryLight]];}

.editor input {border:1px solid [[ColorPalette::PrimaryMid]];}
.editor textarea {border:1px solid [[ColorPalette::PrimaryMid]]; width:100%;}
.editorFooter {color:[[ColorPalette::TertiaryMid]];}
.readOnly {background:[[ColorPalette::TertiaryPale]];}

#backstageArea {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::TertiaryMid]];}
#backstageArea a {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::Background]]; border:none;}
#backstageArea a:hover {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; }
#backstageArea a.backstageSelTab {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
#backstageButton a {background:none; color:[[ColorPalette::Background]]; border:none;}
#backstageButton a:hover {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::Background]]; border:none;}
#backstagePanel {background:[[ColorPalette::Background]]; border-color: [[ColorPalette::Background]] [[ColorPalette::TertiaryDark]] [[ColorPalette::TertiaryDark]] [[ColorPalette::TertiaryDark]];}
.backstagePanelFooter .button {border:none; color:[[ColorPalette::Background]];}
.backstagePanelFooter .button:hover {color:[[ColorPalette::Foreground]];}
#backstageCloak {background:[[ColorPalette::Foreground]]; opacity:0.6; filter:alpha(opacity=60);}
/*}}}*/
/*{{{*/
* html .tiddler {height:1%;}

body {font-size:.75em; font-family:arial,helvetica; margin:0; padding:0;}

h1,h2,h3,h4,h5,h6 {font-weight:bold; text-decoration:none;}
h1,h2,h3 {padding-bottom:1px; margin-top:1.2em;margin-bottom:0.3em;}
h4,h5,h6 {margin-top:1em;}
h1 {font-size:1.35em;}
h2 {font-size:1.25em;}
h3 {font-size:1.1em;}
h4 {font-size:1em;}
h5 {font-size:.9em;}

hr {height:1px;}

a {text-decoration:none;}

dt {font-weight:bold;}

ol {list-style-type:decimal;}
ol ol {list-style-type:lower-alpha;}
ol ol ol {list-style-type:lower-roman;}
ol ol ol ol {list-style-type:decimal;}
ol ol ol ol ol {list-style-type:lower-alpha;}
ol ol ol ol ol ol {list-style-type:lower-roman;}
ol ol ol ol ol ol ol {list-style-type:decimal;}

.txtOptionInput {width:11em;}

#contentWrapper .chkOptionInput {border:0;}

.externalLink {text-decoration:underline;}

.indent {margin-left:3em;}
.outdent {margin-left:3em; text-indent:-3em;}
code.escaped {white-space:nowrap;}

.tiddlyLinkExisting {font-weight:bold;}
.tiddlyLinkNonExisting {font-style:italic;}

/* the 'a' is required for IE, otherwise it renders the whole tiddler in bold */
a.tiddlyLinkNonExisting.shadow {font-weight:bold;}

#mainMenu .tiddlyLinkExisting,
	#mainMenu .tiddlyLinkNonExisting,
	#sidebarTabs .tiddlyLinkNonExisting {font-weight:normal; font-style:normal;}
#sidebarTabs .tiddlyLinkExisting {font-weight:bold; font-style:normal;}

.header {position:relative;}
.header a:hover {background:transparent;}
.headerShadow {position:relative; padding:4.5em 0 1em 1em; left:-1px; top:-1px;}
.headerForeground {position:absolute; padding:4.5em 0 1em 1em; left:0; top:0;}

.siteTitle {font-size:3em;}
.siteSubtitle {font-size:1.2em;}

#mainMenu {position:absolute; left:0; width:10em; text-align:right; line-height:1.6em; padding:1.5em 0.5em 0.5em 0.5em; font-size:1.1em;}

#sidebar {position:absolute; right:3px; width:16em; font-size:.9em;}
#sidebarOptions {padding-top:0.3em;}
#sidebarOptions a {margin:0 0.2em; padding:0.2em 0.3em; display:block;}
#sidebarOptions input {margin:0.4em 0.5em;}
#sidebarOptions .sliderPanel {margin-left:1em; padding:0.5em; font-size:.85em;}
#sidebarOptions .sliderPanel a {font-weight:bold; display:inline; padding:0;}
#sidebarOptions .sliderPanel input {margin:0 0 0.3em 0;}
#sidebarTabs .tabContents {width:15em; overflow:hidden;}

.wizard {padding:0.1em 1em 0 2em;}
.wizard h1 {font-size:2em; font-weight:bold; background:none; padding:0; margin:0.4em 0 0.2em;}
.wizard h2 {font-size:1.2em; font-weight:bold; background:none; padding:0; margin:0.4em 0 0.2em;}
.wizardStep {padding:1em 1em 1em 1em;}
.wizard .button {margin:0.5em 0 0; font-size:1.2em;}
.wizardFooter {padding:0.8em 0.4em 0.8em 0;}
.wizardFooter .status {padding:0 0.4em; margin-left:1em;}
.wizard .button {padding:0.1em 0.2em;}

#messageArea {position:fixed; top:2em; right:0; margin:0.5em; padding:0.5em; z-index:2000; _position:absolute;}
.messageToolbar {display:block; text-align:right; padding:0.2em;}
#messageArea a {text-decoration:underline;}

.tiddlerPopupButton {padding:0.2em;}
.popupTiddler {position: absolute; z-index:300; padding:1em; margin:0;}

.popup {position:absolute; z-index:300; font-size:.9em; padding:0; list-style:none; margin:0;}
.popup .popupMessage {padding:0.4em;}
.popup hr {display:block; height:1px; width:auto; padding:0; margin:0.2em 0;}
.popup li.disabled {padding:0.4em;}
.popup li a {display:block; padding:0.4em; font-weight:normal; cursor:pointer;}
.listBreak {font-size:1px; line-height:1px;}
.listBreak div {margin:2px 0;}

.tabset {padding:1em 0 0 0.5em;}
.tab {margin:0 0 0 0.25em; padding:2px;}
.tabContents {padding:0.5em;}
.tabContents ul, .tabContents ol {margin:0; padding:0;}
.txtMainTab .tabContents li {list-style:none;}
.tabContents li.listLink { margin-left:.75em;}

#contentWrapper {display:block;}
#splashScreen {display:none;}

#displayArea {margin:1em 17em 0 14em;}

.toolbar {text-align:right; font-size:.9em;}

.tiddler {padding:1em 1em 0;}

.missing .viewer,.missing .title {font-style:italic;}

.title {font-size:1.6em; font-weight:bold;}

.missing .subtitle {display:none;}
.subtitle {font-size:1.1em;}

.tiddler .button {padding:0.2em 0.4em;}

.tagging {margin:0.5em 0.5em 0.5em 0; float:left; display:none;}
.isTag .tagging {display:block;}
.tagged {margin:0.5em; float:right;}
.tagging, .tagged {font-size:0.9em; padding:0.25em;}
.tagging ul, .tagged ul {list-style:none; margin:0.25em; padding:0;}
.tagClear {clear:both;}

.footer {font-size:.9em;}
.footer li {display:inline;}

.annotation {padding:0.5em; margin:0.5em;}

* html .viewer pre {width:99%; padding:0 0 1em 0;}
.viewer {line-height:1.4em; padding-top:0.5em;}
.viewer .button {margin:0 0.25em; padding:0 0.25em;}
.viewer blockquote {line-height:1.5em; padding-left:0.8em;margin-left:2.5em;}
.viewer ul, .viewer ol {margin-left:0.5em; padding-left:1.5em;}

.viewer table, table.twtable {border-collapse:collapse; margin:0.8em 1.0em;}
.viewer th, .viewer td, .viewer tr,.viewer caption,.twtable th, .twtable td, .twtable tr,.twtable caption {padding:3px;}
table.listView {font-size:0.85em; margin:0.8em 1.0em;}
table.listView th, table.listView td, table.listView tr {padding:0 3px 0 3px;}

.viewer pre {padding:0.5em; margin-left:0.5em; font-size:1.2em; line-height:1.4em; overflow:auto;}
.viewer code {font-size:1.2em; line-height:1.4em;}

.editor {font-size:1.1em;}
.editor input, .editor textarea {display:block; width:100%; font:inherit;}
.editorFooter {padding:0.25em 0; font-size:.9em;}
.editorFooter .button {padding-top:0; padding-bottom:0;}

.fieldsetFix {border:0; padding:0; margin:1px 0px;}

.zoomer {font-size:1.1em; position:absolute; overflow:hidden;}
.zoomer div {padding:1em;}

* html #backstage {width:99%;}
* html #backstageArea {width:99%;}
#backstageArea {display:none; position:relative; overflow: hidden; z-index:150; padding:0.3em 0.5em;}
#backstageToolbar {position:relative;}
#backstageArea a {font-weight:bold; margin-left:0.5em; padding:0.3em 0.5em;}
#backstageButton {display:none; position:absolute; z-index:175; top:0; right:0;}
#backstageButton a {padding:0.1em 0.4em; margin:0.1em;}
#backstage {position:relative; width:100%; z-index:50;}
#backstagePanel {display:none; z-index:100; position:absolute; width:90%; margin-left:3em; padding:1em;}
.backstagePanelFooter {padding-top:0.2em; float:right;}
.backstagePanelFooter a {padding:0.2em 0.4em;}
#backstageCloak {display:none; z-index:20; position:absolute; width:100%; height:100px;}

.whenBackstage {display:none;}
.backstageVisible .whenBackstage {display:block;}
/*}}}*/
/***
StyleSheet for use when a translation requires any css style changes.
This StyleSheet can be used directly by languages such as Chinese, Japanese and Korean which need larger font sizes.
***/
/*{{{*/
body {font-size:0.8em;}
#sidebarOptions {font-size:1.05em;}
#sidebarOptions a {font-style:normal;}
#sidebarOptions .sliderPanel {font-size:0.95em;}
.subtitle {font-size:0.8em;}
.viewer table.listView {font-size:0.95em;}
/*}}}*/
/*{{{*/
@media print {
#mainMenu, #sidebar, #messageArea, .toolbar, #backstageButton, #backstageArea {display: none !important;}
#displayArea {margin: 1em 1em 0em;}
noscript {display:none;} /* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */
}
/*}}}*/
<!--{{{-->
<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>
<div class='headerShadow'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
</div>
<div class='headerForeground'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
</div>
</div>
<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>
<div id='sidebar'>
<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>
<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>
</div>
<div id='displayArea'>
<div id='messageArea'></div>
<div id='tiddlerDisplay'></div>
</div>
<!--}}}-->
<!--{{{-->
<div class='toolbar' macro='toolbar [[ToolbarCommands::ViewToolbar]]'></div>
<div class='title' macro='view title'></div>
<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date'></span>)</div>
<div class='tagging' macro='tagging'></div>
<div class='tagged' macro='tags'></div>
<div class='viewer' macro='view text wikified'></div>
<div class='tagClear'></div>
<!--}}}-->
<!--{{{-->
<div class='toolbar' macro='toolbar [[ToolbarCommands::EditToolbar]]'></div>
<div class='title' macro='view title'></div>
<div class='editor' macro='edit title'></div>
<div macro='annotations'></div>
<div class='editor' macro='edit text'></div>
<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser excludeLists'></span></div>
<!--}}}-->
To get started with this blank [[TiddlyWiki]], you'll need to modify the following tiddlers:
* [[SiteTitle]] & [[SiteSubtitle]]: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)
* [[MainMenu]]: The menu (usually on the left)
* [[DefaultTiddlers]]: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened
You'll also need to enter your username for signing your edits: <<option txtUserName>>
These [[InterfaceOptions]] for customising [[TiddlyWiki]] are saved in your browser

Your username for signing your edits. Write it as a [[WikiWord]] (eg [[JoeBloggs]])

<<option txtUserName>>
<<option chkSaveBackups>> [[SaveBackups]]
<<option chkAutoSave>> [[AutoSave]]
<<option chkRegExpSearch>> [[RegExpSearch]]
<<option chkCaseSensitiveSearch>> [[CaseSensitiveSearch]]
<<option chkAnimate>> [[EnableAnimations]]

----
Also see [[AdvancedOptions]]
<<importTiddlers>>
[[Resetting the SMU|Resetting_the_SMU]]
(Referenced [[here|http://www.maiamailguard.com/maia/wiki/AutoDelete]])

This refinement of Sebastian's method takes advantage of features in MySQL 4.x and later to encapsulate the deletions in a transaction so that data integrity is maintained even while new mail items are being received.

Start by creating the index on maia_mail.score as before:
{{{
CREATE INDEX maia_mail_idx_score ON maia_mail (score);
}}}
Next, create the view but use a temporary table to store it so that we can safely delete from the actual maia_mail table (since it's referenced in the view itself):
{{{
CREATE ALGORITHM = TEMPTABLE VIEW maia.HighScore AS
       SELECT maia_mail.id AS id
              FROM maia_mail
              WHERE maia_mail.score >= 20;
}}}

Now copy the following SQL code to a file (e.g. maia-autodelete.sql):
{{{
START TRANSACTION WITH CONSISTENT SNAPSHOT;
   DELETE FROM maia_mail_recipients
          WHERE mail_id IN (SELECT * FROM maia.HighScore);
   DELETE FROM maia_sa_rules_triggered
          WHERE mail_id IN (SELECT * FROM maia.HighScore);
   DELETE FROM maia_viruses_detected
          WHERE mail_id IN (SELECT * FROM maia.HighScore);
   DELETE FROM maia_banned_attachments_found
          WHERE mail_id IN (SELECT * FROM maia.HighScore);
   DELETE FROM maia_mail
          WHERE id IN (SELECT * FROM maia.HighScore);
COMMIT;
}}}
To execute the script, just feed it to MySQL:
{{{
mysql -u root -p maia < maia-autodelete.sql
}}}
Robert's original post can be found [[here|http://www.renaissoft.com/pipermail/maia-users/2007-July/010211.html]]. 
''Current Postmaster stuff''
Sendmail pulled down and built - DHW $HOME
customized majordomo
majordomo aliases are in seperate file
most lists are closed
blw is configured so that members of blw or baylisa can post
milter-regex
perl script in ~dhw looks at /var/log/syslog and summarizes things
Dahon TS061 Pictures

[img[http://www.cryptomonkeys.org/~louisk/images/dahon1.jpg]]
[img[http://www.cryptomonkeys.org/~louisk/images/dahon2.jpg]]
[img[http://www.cryptomonkeys.org/~louisk/images/dahon3.jpg]]
[img[http://www.cryptomonkeys.org/~louisk/images/dahon4.jpg]]
[img[http://www.cryptomonkeys.org/~louisk/images/dahon5.jpg]]
[[Cisco|http://www.cisco.com]] [[3560G]] switch

[[Cisco|http://www.cisco.com]] [[3550|Cisco_3550]] switch

[[Cisco|http://www.cisco.com]] [[3620]] router

[[Cisco|http://www.cisco.com]] [[2610]] router

[[Cisco|http://www.cisco.com]] [[PIX]] Firewall

[[Cisco|http://www.cisco.com]] VPN (vpnc) [[password|http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode]] [[decryption|Cisco-Decrypt]]

[[Cisco|http://www.cisco.com]] [[Virtualized ASA|Virtualized_Cisco_ASA]]
<html><pre>/* Decoder for password encoding of Cisco VPN client.
   Copyright (C) 2005 Maurice Massar
   Thanks to HAL-9000@evilscientists.de for decoding and posting the algorithm!

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
   
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

/*
   Requires libgcrypt version 1.1.90 or newer
   Compile with:
    gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
   Usage:
    ./cisco-decrypt DEADBEEF...012345678 424242...7261
 */

#include <stdio.h>
#include <stdlib.h>
#include <gcrypt.h>
#include <errno.h>

int hex2bin_c(unsigned int c)
{
        if ((c >= '0')&&(c <= '9'))
                return c - '0';
        if ((c >= 'A')&&(c <= 'F'))
                return c - 'A' + 10;
        if ((c >= 'a')&&(c <= 'f'))
                return c - 'a' + 10;
        return -1;
}

int hex2bin(const char *str, char **bin, int *len)
{
        char *p;
        int i, l;

        if (!bin)
                return EINVAL;

        for (i = 0; str[i] != '\0'; i++)
                if (hex2bin_c(str[i]) == -1)
                        return EINVAL;

        l = i;
        if ((l & 1) != 0)
                return EINVAL;
        l /= 2;

        p = malloc(l);
        if (p == NULL)
                return ENOMEM;

        for (i = 0; i < l; i++)
                p[i] = hex2bin_c(str[i*2]) << 4 | hex2bin_c(str[i*2+1]);

        *bin = p;
        if (len)
                *len = l;

        return 0;
}

int c_decrypt(char *ct, int len, char **resp, char *reslenp)
{
        const char *h1  = ct;
        const char *h4  = ct + 20;
        const char *enc = ct + 40;

        char ht[20], h2[20], h3[20], key[24];
        const char *iv = h1;
        char *res;
        gcry_cipher_hd_t ctx;
        int reslen;

        if (len < 48)
                return 0;
        len -= 40;

        memcpy(ht, h1, 20);

        ht[19]++;
        gcry_md_hash_buffer(GCRY_MD_SHA1, h2, ht, 20);

        ht[19] += 2;
        gcry_md_hash_buffer(GCRY_MD_SHA1, h3, ht, 20);

        memcpy(key, h2, 20);
        memcpy(key+20, h3, 4);
        /* who cares about parity anyway? */

        gcry_md_hash_buffer(GCRY_MD_SHA1, ht, enc, len);

        if (memcmp(h4, ht, 20) != 0)
                return -1;

        res = malloc(len);
        if (res == NULL)
                return -1;

        gcry_cipher_open(&ctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
        gcry_cipher_setkey(ctx, key, 24);
        gcry_cipher_setiv(ctx, iv, 8);
        gcry_cipher_decrypt(ctx, (unsigned char *)res, len, (unsigned char *)enc, len);
        gcry_cipher_close(ctx);

        reslen = len - res[len-1];
        res[reslen] = '\0';

        if (resp)
                *resp = res;
        if (reslenp)
                *reslenp = reslen;
        return 0;
}

int main(int argc, char *argv[])
{
        int i, len, ret = 0;
        char *bin, *pw;

        gcry_check_version(NULL);

        for (i = 1; i < argc; i++) {
                ret = hex2bin(argv[i], &bin, &len);
                if (ret != 0) {
                        perror("decoding input");
                        continue;
                }
                ret = c_decrypt(bin, len, &pw, NULL);
                free(bin);
                if (ret != 0) {
                        perror("decrypting input");
                        continue;
                }
                printf("%s\n", pw);
                free(pw);
        }

        exit(ret != 0);
}
</pre></html>
''Introduction''
This guide provides information that can be used to configure a Cisco PIX device running firmware version 6.x to support ~IPsec VPN client connectivity. If you have a PIX device running firmware version 7.x, please consult the HowtoCiscoAsa. The Shrew Soft VPN Client has been tested with Cisco products to ensure interoperability.
''Overview''
The configuration example described below will allow an ~IPsec VPN client to communicate with a single remote private network. The client uses the pull configuration method to acquire the following parameters automatically from the gateway.
IP Address
IP Netmask
DNS Servers
DNS Default Domain Suffix
DNS Split Network Domain List
Remote Network Topology
''Gateway Configuration''
This example assumes you have knowledge of the Cisco PIX gateway command line configuration interface. For more information, please consult your Cisco product documentation.
Interfaces
Two network interfaces are configured. The outside interface has a static public IP address of 1.1.1.2 which faces the internet. The inside interface has a static private IP address that faces the internal private network. The default gateway is configured as 1.1.1.2 via the outside interface.
{{{
nameif ethernet0 outside security0
nameif ethernet1 inside security100
ip address outside 1.1.1.2  255.255.255.224
ip address inside 172.17.0.6 255.255.0.0
route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
}}}
''Access List''
An access lists must be configured to define the ~IPSec policies. This is expressed with the source matching the local private network(s) and the destination matching the remote client network address pool. A single single local network of 172.17.0.0/16 and an address pool of 172.18.0.0/24 is defined.
{{{
access-list in2out permit ip 172.17.0.0 255.255.0.0 172.18.0.0 255.255.255.0
}}}
''Address Pool''
The IP address pool must be configured. Clients will be assigned private network addresses from a class C pool of 172.18.0.0/24.
{{{
ip local pool clientpool 172.18.0.2-172.18.0.11 mask 255.255.255.0
}}}
''User Authentication''
User authentication must be configured to support IKE extended authentication ( ~XAuth ). In this example, we use define user accounts locally on the PIX. It is possible to pass this authentication to a radius or an LDAP account server using the Cisco AAA authentication mechanism. For more information, please consult your cisco product documentation.
{{{
aaa-server LOCAL protocol local 
username bill password XXX encrypted privilege 2
username bob password XXX encrypted privilege 2
}}}
''ISAKMP Parameters''
The ISAKMP protocol must be enabled on the outside ( public ) interface and an ISAKMP policy must be configured. NAT Traversal is also enabled to allow clients to communicate effectively when their peer address is being translated. The keep alive packet rate is set to 20 seconds.
{{{
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp log 25
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption aes-256
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
}}}
''~IPsec Parameters''
A transform set and dynamic ~IPsec crypto map must be configured to support client VPN connections. The dynamic crypto map is then assigned to a standard crypto map and bound to the outside ( public ) interface. Local user authentication is also enabled.
{{{
crypto ipsec transform-set trset2 esp-aes-256 esp-md5-hmac 
crypto dynamic-map ipsec_map 1 set transform-set trset2
crypto map outside_map 65535 ipsec-isakmp dynamic ipsec_map
crypto map outside_map client authentication LOCAL 
crypto map outside_map interface outside
}}}
''VPN Group''
A VPN group must be defined to provide the client with dynamic configuration information. The client uses the VPN group name as its FQDN identity value and the VPN group password as its pre-shared key value.
{{{
vpngroup remoteClient address-pool clientpool
vpngroup remoteClient dns-server 172.17.0.2
vpngroup remoteClient default-domain abc.com
vpngroup remoteClient split-tunnel in2out
vpngroup remoteClient split-dns abc.com
vpngroup remoteClient idle-time 1800
vpngroup remoteClient password mypresharedkey
}}}
''Client Configuration''
The client configuration in this example is straight forward. Open the Access Manager application and create a new site configuration. Configure the settings listed below in the following tabs.
''General Tab''
The Remote Host section must be configured. This Host Name or IP Address is defined as 10.1.1.2 to match the PIX outside ( public ) interface address. The Auto Configuration mode should be set to ike config pull.
''Phase 1 Tab''
The Proposal section must be configured. The Exchange Type is set to aggressive and the DH Exchange is set to group 2 to match the PIX ISAKMP policy definition.
''Authentication Tab''
The client authentication settings must be configured. The Authentication Method is defined as Mutual PSK + ~XAuth.
''Local Identity Tab''
The Local Identity parameters are defined as Key Identifier with a Key ID String of ''remoteClient'' to match the PIX VPN group name.
''Remote Identity Tab''
The Remote Identity parameters are set to IP Address with the Use a discovered remote host address option checked to match the PIX ISAKMP identity parameter.
''Credentials Tab''
The Credentials Pre Shared Key is defined as ''mypresharedkey'' to match the PIX VPN group password.
''Known Issues''
Cisco gateways support a proprietary form of hybrid authentication which does not conform to RFC draft standards. At this time the Shrew Soft VPN Client does not support this authentication mode. We hope to add support for this in the future.
''Resources''
 [[Example PIX configuration|ExamplePIXconfiguration]]
 [[Example Client configuration|ExampleClientconfiguration]]
If you're already using clamav, I would highly recommend the add-on signatures from Sanesecurity, which are targeted at phish and scam mail.  I have found these signatures to be safe and very effective.  Adding these signatures add virtually no extra time to clamd scanning.
You will need a script run from cron to get updates a couple times a day; there are some very good user-contributed scripts available on the Sanesecurity web site.
http://www.sanesecurity.com/clamav/usage.htm

MSRBL also has some add-on signatures for clamav. These appear to also be safe, but mostly ineffective here - I suspect most of the spam they would stop is already rejected here by smtpd restrictions.  Others have reported better results, so YMMV.
http://www.msrbl.com/msrbl-spam
http://www.msrbl.com/msrbl-images

If you're interested in using SpamAssassin, running it under the control of amavisd-new as a post-queue content_filter is a good choice.  Note that SpamAssassin adds quite a bit of overhead in terms of CPU, RAM, and time.

There are a number of milters that use SpamAssassin that should work with postfix.  However, doing that kind of resource-intensive content inspection pre-queue will severely limit the number of smtpd processes that can be safely run. If you go this route, you will likely need to add more MX boxes to spread the load out. 
[[Monitoring]]
[[Security Planning|SecurityPlanning]]
[[FreeBSD|FreeBSD]]
[[Solaris|SolarisConsulting]]
[[Sendmail]]
[[Linksys]]
[[Bouncing|mailBounce]] mail
[[DNS|DNSTest]] testing (random ports)
[[Maia Mailguard|MaiaMailGuard]]
''Enable debugging (lots!)''
* cd ~Library/Preferences
* open com.pgp.engine.plist
* Change log level to 1005, enable debug menu item
* Save/Quit

''Restart Desktop''

''Encrypting with 128bit on the commandline''
{{{pgpwde --secure --cipher aes128 --disk 0 --user "user name" -p 'password'}}}
[[Personal]]

[[Work]]
Factory Defaults
<<<
Connect the serial cable to a terminal emulator of your choice and set to 115200,8,N,1 with flow control = none.

Power on the ~MD3000i and press "CTRL B" when it starts to boot.

Type 10 and hit enter for "Serial Interface Mode Menu"
Type 1 and hit enter for "Console Only"
Type Q and hit enter to exit
Type R and hit enter to reboot.

Watch the boot sequence and when you see "sodMain complete", hit enter and type "sysWipeZero 1" and hit enter.

The system will reset and go back to default settings.
<<<
0. Recompile/reinstall Dovecot with 'managesieve' option enabled:

# cd /usr/ports/mail/dovecot
# make config
(Enable same options as pho-postfix directions and also managesieve)
# make all install clean


1. Install dovecot-sieve:

# cd /usr/ports/mail/dovecot-sieve
# make all install clean

2. Edit /usr/local/etc/dovecot.conf and add these lines:

protocol lda {

..

&nbsp;mail_plugins = sieve

..

}

plugin {

..
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# The location of the user's active script:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sieve = /usr/local/virtual/%d/%n/.dovecot.sieve

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# If the user has no personal active script (i.e. if the file
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# indicated in sieve= does not exist), use this one:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sieve_global_path = /usr/local/etc/sieve/default.sieve

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# The include extension fetches the :personal scripts from this
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# directory. When ManageSieve is used, this is also where scripts
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# are uploaded.
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sieve_dir = /usr/local/virtual/%d/%n/sieve

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# The include extension fetches the :global scripts from this
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# directory.
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sieve_global_dir = /usr/local/etc/sieve/global
..

}

3. Set up global directory and scripts (empty for now):

# mkdir -p /usr/local/etc/sieve/global
# touch &nbsp;/usr/local/etc/sieve/global/default.sieve
# sievec /usr/local/etc/sieve/global

4. Set up my script.

# cd /usr/local/virtual/domain.tld/username

Edit ".dovecot.sieve" to add a test case:

require ["body", "fileinto", &nbsp;"regex"];

# test case
if header :comparator "i;ascii-casemap" :contains "Subject" "test" {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;fileinto "test";
}

((From this point on these are steps given in this URL:

http://lists.purplehat.org/pipermail/pho-postfix/2008-December/000394.html

5. Add vmail user:

# pw groupadd vmail
# pw useradd vmail -c VMail\ User -d /usr/local/virtual -s \
/usr/sbin/nologin

6. Change all references to UID/GID '125' to vmail's UID/GID in main.cf,
dovecot.conf and dovecot-ssl.conf.

Note that this does *not* include two references to postfix under auth
default:

auth default {
&nbsp;socket listen {
..
&nbsp;&nbsp;&nbsp;client {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# The client socket is generally safe to export to everyone.
Typical use
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# is to export it to your SMTP server so it can do SMTP AUTH lookups
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# using it.
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;path = /var/spool/postfix/private/auth
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;mode = 0660
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;user = postfix
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;group = postfix
&nbsp;&nbsp;&nbsp;}
&nbsp;}
}

Postfix would not accept mail when I changed 'postfix' to vmail's
UID/GID so I've left these alone.

7. Edit master.cf to use the vmail user in dovecot's deliver line:

dovecot &nbsp;&nbsp;unix &nbsp;- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;n &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;n &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;pipe
&nbsp;flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver \
-f ${sender} -d ${recipient}

8. Stop dovecot and postfix:

/usr/local/etc/rc.d/dovecot stop
/usr/local/etc/rc.d/postfix stop

9. Recursively change ownership for all virtual mail stuff to vmail's
UID/GID:

# chown -R vmail:vmail /usr/local/virtual

10. In /usr/local/etc/postfix/main.cf, change virtual_transport to
"dovecot":

virtual_transport = dovecot

11. In /usr/local/etc/dovecot.conf, uncomment master under "socket listen":

&nbsp;socket listen {
&nbsp;&nbsp;&nbsp;master {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# Master socket provides access to userdb information. It's
typically
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# used to give Dovecot's local delivery agent access to userdb so it
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# can find mailbox locations.
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;path = /var/run/dovecot/auth-master
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;mode = 0600
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# Default user/group is the one who started dovecot-auth (root)
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;user = <vmail UID>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;group = <vmail GID>
&nbsp;&nbsp;&nbsp;}
&nbsp;&nbsp;&nbsp;client {
	..
	}
}


12. Remove global permissions on dovecot's deliver LDA:

# chmod o-rx /usr/local/libexec/dovecot/deliver



13. Restart dovecot and postfix:

# /usr/local/etc/rc.d/dovecot start
# /usr/local/etc/rc.d/postfix start
{{{
n:version:2
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:1
n:network-notify-enable:1
n:client-wins-used:0
n:client-wins-auto:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:phase1-dhgroup:2
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-list-auto:1
s:network-host:1.1.1.2
s:client-auto-mode:pull
s:client-iface:virtual
s:network-natt-mode:enable
s:network-frag-mode:enable
s:auth-method:mutual-psk-xauth
s:ident-client-type:keyid
s:ident-server-type:address
s:ident-client-data:remoteClient
b:auth-mutual-psk:bXlzaGFyZWRzZWNyZXQ=
s:phase1-exchange:aggressive
s:phase1-cipher:auto
s:phase1-hash:auto
s:phase2-transform:auto
s:phase2-hmac:auto
s:ipcomp-transform:disabled
n:phase2-pfsgroup:-1
n:policy-nailed:0
}}}
{{{
! inside interface on 172.17/16 net.  Outside interface is 1.1.1.2 with 
! default gateway of 1.1.1.1
hostname rc-pix501-1
domain-name abc.com
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
ip address outside 1.1.1.2  255.255.255.224
ip address inside 172.17.0.6 255.255.0.0
route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
mtu outside 1500
mtu inside 1500
! in2out access list describes traffic from inside to vpn clients
! who will eventually be assigned Class C addresses in 172.18.0
names
access-list in2out permit ip 172.17.0.0 255.255.0.0 172.18.0.0 255.255.255.0 
! unencrypted traffic from the inside to the outside world will
! have the PIX's external IP address.  First nat command says don't nat traffic
! from inside machines to VPN clients
global (outside) 1 interface
nat (inside) 0 access-list in2out
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
! set up local authentication for these two users (will be used by XAUTH)
aaa-server LOCAL protocol local 
username bill password XXX encrypted privilege 2
username bob password XXX encrypted privilege 2
! ip address pool for assignments to VPN clients
ip local pool clientpool 172.18.0.2-172.18.0.11 mask 255.255.255.0
! enable AES256+MD5 ISAKMP on outside interface with pre-shared key
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp log 25
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption aes-256
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
! disable access control checking on traffic within IPSEC tunnels and enable
! AES256+MD5 transforms.  "... authentication LOCAL" enables XAUTH
sysopt connection permit-ipsec
crypto ipsec transform-set trset2 esp-aes-256 esp-md5-hmac 
crypto dynamic-map ipsec_map 1 set transform-set trset2
crypto map outside_map 65535 ipsec-isakmp dynamic ipsec_map
crypto map outside_map client authentication LOCAL 
crypto map outside_map interface outside
! vpngroup defines IP address pool and DNS/routing information that will be 
! pulled down by client.  "remoteClient" is the key identifier for the 
! client's local identity
vpngroup remoteClient address-pool clientpool
vpngroup remoteClient dns-server 172.17.0.2
vpngroup remoteClient default-domain abc.com
vpngroup remoteClient split-tunnel in2out
vpngroup remoteClient split-dns abc.com
vpngroup remoteClient idle-time 1800
vpngroup remoteClient password PreSharedKey
! PIX boilerplate follows
enable password XXX encrypted
passwd XXX encrypted
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
pager lines 24
ip audit info action alarm
ip audit attack action alarm
pdm location 172.17.0.0 255.255.0.0 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+ 
aaa-server TACACS+ max-failed-attempts 3 
aaa-server TACACS+ deadtime 10 
aaa-server RADIUS protocol radius 
aaa-server RADIUS max-failed-attempts 3 
aaa-server RADIUS deadtime 10 
http server enable
http 172.17.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 172.17.0.0 255.255.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
}}}
[img[http://www.freebsd.org/layout/images/beastie.png]]

Howto install [[FreeBSD|http://www.freebsd.org]]
Howto install [[FreeBSD|http://www.freebsd.org]] [[Sparc64|FreeBSD_Sparc64]]
Howto setup [[ZFS]]
Howto setup [[gmirror]]
Howto setup [[GELI]]
Linux [[PGP]] on [[FreeBSD|http://www.freebsd.org]]
[[VLAN/Link Aggregation|VlanLagg]]
[[iSCSI|FreeBSD_iSCSI]]
[[DHCP|isc-dhcpd]]
[[DePenguinator|http://www.daemonology.net/blog/2008-01-29-depenguinator-2.0.html]]
[[Net-SNMP|fbsd_netsnmp]]
[[Upgrade|FreeBSDupgradeNotes]]
[[SVN Mirroring]]
Right now, this is just a couple of notes on things that weren't straight forward in the installer.  More info can be found [[here|http://www.freebsdwiki.net/index.php/Sparc_-_Installing_FreeBSD]]

After the install, you need to setup openboot to boot the correct disk:label:
OK> setenv boot-device disk1:a
OK> setenv auto-boot? true
Suppose you want to use a remote iSCSI device, but you don't exactly trust either the storage or the network in between. Of course, there's a way around it :)
The setup presented here is very simple and will behave like this:

[iSCSI server] -- encrypted data on the server and over the wire -- [iSCSI client]

Note: all these instructions are valid for FreeBSD 7.0 - previous versions are probably missing some parts.
Setting up an iSCSI target

You can skip this section if you already have an iSCSI target (a "target" is where the data is stored, i.e. the "server" node of iSCSI).

1. Install the iscsi-target port.
2. Edit /usr/local/etc/iscsi/targets file and add lines similar to the following:

# NAME          DEVICE          START           LENGTH
extent0         /dev/da2        0               5GB
# NAME          ACCESS          STORAGE         NETMASK
target0         rw              extent0         10.0.0.0/24

These lines should be self-explanatory. If you need more help, see targets(5) or NetBSD's iscsi-target HOWTO.

3. Enable iscsi-target in /etc/rc.conf by adding the following line to it:

iscsi_target_enable="YES"

4. Start the server by running /usr/local/etc/rc.d/iscsi_target start. You should see something like the following outputted to the console:

Starting iscsi_target.
Reading configuration from `/usr/local/etc/iscsi/targets'
target0:rw:10.0.0.0/24
        extent0:/dev/da2:0:5368709120
DISK: 1 logical unit (10485760 blocks, 512 bytes/block), type iscsi fs
DISK: LUN 0: 5120 MB disk storage for "target0"
TARGET: TargetName is iqn.1994-04.org.netbsd.iscsi-target

Setting up the iSCSI initiator

The "initiator" is the client part in iSCSI, and it connects to the server. The following steps should be done on the client system.

1. Edit /etc/iscsi.conf and add the following lines:

target0 { # nickname
        targetaddress        = 10.0.0.102
        targetname           = iqn.1994-04.org.netbsd.iscsi-target:target0
}

2. Load the iscsi_initiator kernel module with:

# kldload iscsi_initiator
Also, add the following line to /etc/loader.conf to load the module on boot:
iscsi_initiator_load="YES"

3. Start the iSCSI session by running:

# iscontrol -n target0

Several lines should be output to the console, which should look like the following:
iscontrol[8516]: running
iscontrol[8516]: (pass3:iscsi0:0:0:0):  tagged openings now 0
iscontrol[8516]: cam_open_btl: no passthrough device found at 1:0:1
iscontrol[8516]: cam_open_btl: no passthrough device found at 1:0:2
iscontrol[8516]: cam_open_btl: no passthrough device found at 1:0:3
iscontrol: supervise starting main loop

More importantly, the kernel log (which you can see with tail /var/log/messages) should now contain something similar to this output:
Jan  4 23:17:08 client kernel: da0 at iscsi0 bus 0 target 0 lun 0
Jan  4 23:17:08 client kernel: da0:  Fixed Direct Access SCSI-3 device

This means the device da0 has been created - this is the local representation of the remote iSCSI drive.

3. Set up GEOM_GELI on the new device:

# geli init /dev/da0
The utility will ask you for a passphrase which will be used to encrypt the data. GEOM_ELI (as is the encryption layer known) has many more options, but the defaults are good enough. It will use AES encryption with sane defaults.

4. Load the GEOM_ELI kernel module:

# kldload geom_eli.ko
Also, add the following to /boot/loader.conf to load the module at boot time:
geom_eli_load="YES"

5. Attach the encrypted device:

# geli attach /dev/da0
Lines similar to the following should appear in the kernel log:
Jan  4 23:33:28 client kernel: GEOM_ELI: Device da0.eli created.
Jan  4 23:33:28 client kernel: GEOM_ELI: Encryption: AES-CBC 128
Jan  4 23:33:28 client kernel: GEOM_ELI:     Crypto: software

The device da0.eli has been created - this is the end-point device that can be used by file systems and for other purposes (swap, etc.).

6. Make the file system and mount it!

# newfs -U -L mydata /dev/da0.eli
A successful run of newfs looks something like this:
/dev/da0.eli: 5120.0MB (10485756 sectors) block size 16384, fragment size 2048
        using 28 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
        with soft updates
super-block backups (for fsck -b #) at:
 160, 376512, 752864, 1129216, 1505568, 1881920, 2258272, 2634624, 3010976, 3387328,
 3763680, 4140032, 4516384, 4892736, 5269088, 5645440, 6021792, 6398144,
 6774496, 7150848, 7527200, 7903552, 8279904, 8656256, 9032608, 9408960, 9785312, 
 10161664

Since we used a volume label for the file system, observe the following message in the kernel log:
Jan  4 23:38:17 client kernel: GEOM_LABEL: Label for provider da0.eli is ufs/mydata.

Now you can mount the file system:
# mount /dev/ufs/mydata /mydata

And that's it!

There are two points that can't be readily automated right now: the iscontrol step which starts the iSCSI initiator, and the geli requiring a password. The former can be approximated by creating a small shell script that does the step and putting it in /usr/local/etc/rc.d but the second cannot be, since the whole point of having an encrypted storage is that it isn't accessible by unwanted people.
The way this setup works is that the unencrypted data is used by the file system (as it should - you wouldn't be able to use it otherwise) via the da0.eli device. This data is encrypted and the encrypted data is written to da0 device. This is the iSCSI client device and the data is tranferred to the server in its encrypted form. The server and the network never see unencrypted data.
Due to GEOM's modularity, other components could be added to the data processing graph, such as journaling (gjournal), caching (gcache), etc. in which case the end-point device name will "grow" suffixes, such as da0.eli.journal. Even RAID levels can be added, though it makes little sense to do it on the client (it's perfectly fine on the server).
''7.0R -> 7.2R''

''System:''

''Ports:''
maia - disable spf query (and uninstall)
php5 - pkg_delete -f php5-pcre-5.2.6; pkgdb -F; portupgrade -o archivers/php5-zip archivers/pecl-zip; portupgrade -o devel/php5-json devel/pecl-json; portupgrade -o security/php5-hash security/pecl-hash; portupgrade -ap
1x [[FreeNAS 8.x|http://www.freenas.org/]]
1x Dell ~PowerEdge 2850 (2x Dual Core Xeon, 10GB RAM, 2x 72GB 15k SAS)
1x Dell ~PowerVault ~MD1000 (8x 2T SATA, 2x 32G SSD)

To configure LACP, configure ~FreeNAS, then the switch.
<<<
int port-channel 1
  switchport access 200
  description ~FreeNAS
int gi0/33
  channel-group 1 mode on
  channel protocol lacp
  description ~FreeNAS
int gi0/34
  channel-group 1 mode on
  channel protocol lacp
  description ~FreeNAS
int gi0/35
  channel-group 1 mode on
  channel protocol lacp
  description ~FreeNAS
int gi0/36
  channel-group 1 mode on
  channel protocol lacp
  description ~FreeNAS
int gi0/37
  channel-group 1 mode on
  channel protocol lacp
  description ~FreeNAS
int gi0/38
  channel-group 1 mode on
  channel protocol lacp
  description ~FreeNAS
<<<
[img[http://tedwise.com/wp-content/uploads/2009/02/picture-4.png]]
|Element |	Shell Command | Font | Location | Size | Update Period (sec) |
|The day |	date +%A | Helvetica, Regular, 27point with drop shadow | 10x, 727y | 200w x 40h | 60 |
|The month | date +%B | Helvetica, Regular, 36point with drop shadow | 10x, 750y | 200w x 50h | 60 |
|The day of the month | date +%d | Helvetica, Regular, 64point with drop shadow | 210x, 720y | 100w x 80h | 60 |
|The time | date "+%I:%M" | Helvetica, Bold, 72point with drop shadow | 20x, 780y |200w x 80h | 10 |
|am/pm | date +%p | Helvetica, Regular, 48point with drop shadow | 210x, 785y | 100w x 70h | 10 |
|The temperature | bin/weather.rb -t | Helvetica, Bold, 18point | 20x, 855y | 70w x 25h | 300 |
|The weather | bin/weather.rb -d <nowiki>|</nowiki> fmt -w 40 | Helvetica, Regular, 10point | 90x, 855y | 210w x 38h | 300 |
|When the weather was updated | bin/weather.rb -w | Helvetica, Regular, 8point | 35x, 878y | 64w x 25h | 300 |


//{{{
#!/usr/bin/ruby
require 'rss/2.0'
require 'open-uri'
require 'optparse'
require 'fileutils'
 
summary = false
forecast = false
temperature = false
today = false
weatherdate = false
 
opts = OptionParser.new
opts.on("-s") { |val| summary = true }
opts.on("-f") { |val| forecast = true }
opts.on("-t") { |val| temperature = true }
opts.on("-d") { |val| today = true }
opts.on("-w") { |val| weatherdate = true }
opts.parse!
 
# Check if another process is downloading the weather and block until it's done
while File.file?('/tmp/weather.rb.tmp.lck')
  sleep(0.1)
end
 
# Download the weather if it's out of date
if !File.file?("/tmp/weather.rb.tmp") || ((Time.now - File.mtime("/tmp/weather.rb.tmp")) > 1800)
  FileUtils.touch('/tmp/weather.rb.tmp.lck')
  `curl --silent -m 30 "http://rss.wunderground.com/auto/rss_full/<your-state>/<your-city>.xml?units=english" > /tmp/weather.rb.tmp`
  if File.size("/tmp/weather.rb.tmp") == 0
    FileUtils.rm("/tmp/weather.rb.tmp")
  end
  FileUtils.rm('/tmp/weather.rb.tmp.lck')
end
 
# Parse out the weather results
File.open('/tmp/weather.rb.tmp') do |f|
  response = f.read
  result = RSS::Parser.parse(response, false)
  result.items.each_with_index do |item, i|
    puts "#{item.title.gsub(/ - .*/, '')}"  if summary == true and i == 0
    puts "#{item.description.strip}\n\n" if forecast == true and i > 0
    puts "#{item.title.gsub(/Current Conditions : /, '').gsub(/,.*/, '')}" if temperature == true and i == 0
    puts "#{item.description.gsub(/Today - /,'').gsub(/Tonight - /,'').gsub(/This Afternoon - /,'').gsub(/[\r\n\t]/, '')}" if today == true and i == 1
    hour = item.pubDate.hour()
    if hour < 12
      ampm = "AM"
    else
      ampm = "PM"
    end
    if hour == 0
      hour = 12
    end
    if hour > 12
      hour = hour - 12
    end
    puts "#{item.pubDate.mon()}/#{item.pubDate.day()} #{hour}:#{'%02d' % item.pubDate.min()} #{ampm}" if weatherdate == true and i == 0
  end
end
//}}}
''Using growl for commandline status output''
growlnotify -s -m <output of the curl/perl command>
''Goal'': Ability to play music, and watch movies, DVDs, or TV shows all from one interface, with one remote (to rule them all)

''Hardware''
{{indent{[[Mac Mini|http://store.apple.com/us/browse/home/shop_mac/family/mac_mini?mco=MTE3MDM]]}}}
{{indent{{{indent{1GB RAM}}}}}}
{{indent{{{indent{80GB Disk}}}}}}
{{indent{{{indent{DVI -> Component for SD TV}}}}}}
{{indent{{{indent{1Gbit link connects mini and [[NAS|FreeNAS]]}}}}}}
{{indent{[[Logitech 720 Remote|http://www.logitech.com/index.cfm/remotes/universal_remotes/]][[Notes|Logitech_720_Notes]]}}}
{{indent{[[Apple BT keyboard|http://store.apple.com/us/product/MB167LL/A?fnode=MTY1NDA1Mg&mco=MjE0Njk2Mg]]}}}

''Software''
{{indent{[[XBMC|http://www.xbmc.org]]: Used to read files from my [[NAS|FreeNAS]]}}}
{{indent{[[iTunes|http://www.apple.com/itunes]]: Easy creation and management of playlists}}}
{{indent{[[DoubleTwist|http://www.doubletwist.com/dt/Home/Index.dt]]:Syncing media to my [[Nexus One|http://www.google.com/phone]]}}}
[[Storage]]
[[Cisco]]
[[HTPC]]
[[Apple_G5]]
<script label="&loz;" title="Redisplay initial page content without reloading">
	story.closeAllTiddlers(); restart(); refreshPageTemplate(); 
 	return false;
</script>
[[Configurations]]

IOPS per disk x No. of disks x Segment size = MB/sec
[[Privacy Addressing]]
Enable an Apple Mac OS X machine as a syslog server
Here is a small howto that describes how your Mac OS X machine can also receive logs from remote devices such as an Apple Airport Extreme. There are some howto's available online, but I guess that somethings have changed in 10.5, none seem to work perfectly.

Change syslogd configuration
# echo "local0.notice	 /var/log/airport.log" >> /etc/syslog.conf
Touch the logfile
# touch /var/log/airport.log
Change syslogd startup procedure
At the end of the file, uncomment the part to accept remote logging.
# cat /System/Library/LaunchDaemons/com.apple.syslogd.plist
{{{
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.apple.syslogd</string>
    <key>OnDemand</key>
    <false/>
    <key>ProgramArguments</key>
    <array>
<!--
Un-comment the following lines to run syslogd with a sandbox profile.
Sandbox profiles restrict processes from performing unauthorized
operations; so it may be necessary to update the profile
(/usr/share/sandbox/syslogd.sb) if any changes are made to the syslog
configuration (/etc/syslog.conf).
-->
<!--
<string>/usr/bin/sandbox-exec</string>
<string>-f</string>
<string>/usr/share/sandbox/syslogd.sb</string>
-->
<string>/usr/sbin/syslogd</string>
    </array>
<key>MachServices</key>
<dict>
<key>com.apple.system.logger</key>
<true/>
</dict>
<key>Sockets</key>
<dict>
<key>AppleSystemLogger</key>
<dict>
<key>SockPathName</key>
<string>/var/run/asl_input</string>
<key>SockPathMode</key>
<integer>438</integer>
</dict>
<key>BSDSystemLogger</key>
<dict>
<key>SockPathName</key>
<string>/var/run/syslog</string>
<key>SockType</key>
<string>dgram</string>
<key>SockPathMode</key>
<integer>438</integer>
</dict>
<!--
Un-comment the following lines to enable the network syslog protocol listener.
-->
<key>NetworkListener</key>
<dict>
<key>SockServiceName</key>
<string>syslog</string>
<key>SockType</key>
<string>dgram</string>
</dict>
</dict>
</dict>
</plist>
}}}
Restart syslogd
{{{
# launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
# launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
}}}
Open the firewall
Go the the System Preferences, click Security, open the Firewall tab and click the +. Select the file /usr/bin/syslog.
If you are unable to select the /usr directory, try this hack by opening a terminal and typing:
{{{
$ cd
$ ln -s /usr/bin
$ ln -s /usr/sbin
}}}
Now you can select the file (in your home directory) ./bin/syslog and ./sbin/syslogd
------------------------

Blackberry and Leopard
[[Blackberry I have|http://www.pocketmac.net/products/devices/blackberry_8830.html]]
[[Pocket Mac|http://www.discoverblackberry.com/discover/mac_solutions.jsp]]

------------------------
''Getting Time Machine to work on an Unsupported NAS''

Some of us may own Network Attached Storage (NAS) devices, and/or may feel that an Apple Time Capsule is too expensive, and hence would rather buy a seperate router, NAS and Hard Disk Drives. This guide will help you to enable Time Machine on any NAS, allowing you to have the functionality of a Time Capsule, with hardware of your own choosing.

   1. Prepare your NAS. Make sure it is fully functioning. This mini-guide assumes you already have one that is functioning well, and you know how to manage it.
   2. It would be preferable to assign your NAS a Static IP address. Check your router and NAS documentation for guidelines on how to do this.
   3. In OS X, open up Terminal and enter the following command to enable Time Machine to work with your NAS: defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
   4. Log out of OS X and Log in again. You do not need to reboot your machine.
   5. Time Machine saves backups in a very specific format, and we will use a sparsebundle to get this done. The sparsebundle name consists of your Computername_MACaddress.sparsebundle.
   6. Find the MAC address of the machine’s internal Ethernet port with ifconfig en0 | grep ether | sed s/://g | sed s/ether// in Terminal. This will return one line of output, which is the MAC address for the Ethernet port, which will be a string of 14 hexadecimal characters (letters and numbers, for example, 001ec4b8f9b3). 

Even if the network backups will be done using a different port (e.g. AirPort: usually en1), the system will use the MAC address of en0 as part of the system identifier.
   7. Make a new “sparsebundle” on a local disk (NOT the Time Machine disk!). This sparsebundle is a virtual filesystem image which we’ll copy to the NAS, and Time Machine will then access it remotely (that way Time Machine’s not limited by the filesystem features of whatever NAS it’s using: all the funky stuff happens within the sparsebundle). By default sparsebundles can keep growing until they fill up the NAS, but in this scenario we keep other things on the NAS as well as backups, and we’re going to limit the sparsebundle size to 70 GB.Enter the following command in Terminal:
      sudo hdiutil create -size 70g -type SPARSEBUNDLE -nospotlight -volname “Backup of My Mac” -fs “Case-sensitive Journaled HFS+” -verbose ./Computername_MACaddress. This will create a 70GB sparse-bundle as a case-sensitive, journaled HFS+ without spotlight indexing. Substitute variables in red for values you need. Computername_MACaddress may be in the form of “DansComputer_001ec4b8f9b3
   8. Log into your NAS and create a user Account (Eg, “TimeMachine”). You may want to assign disk space quotas for this user if you need to.
   9. On your NAS, create a shared folder (Eg, “TimeMachine”). Add the user account you created in step 8 above, and grant that user Read+Write privileges.
  10. In Finder, select Go>Connect to Server. For the server address, type smb://TimeMachine@ip-address-of-nas/TimeMachine. Click Connect and when prompted, enter the password and save in your keychain.
  11. Now copy your locally created sparsebundle into the TimeMachine share. If you did not change the folder when you entered command prompt, you may find this sparsebundle in your Home folder (/Users/yourusername).
  12. On your NAS, check to see that the file is copied under the correct user account.
  13. Open up Time Machine, select your “TimeMachine”-folder as the desired destination, and the backup will start.
  14. Tip: For the first backup it is recommended to connect via LAN, as you will be able to get a throughput of 10-30MB/sec.
  15. If your NAS allows for it, you may now hide your TimeMachine folder so they do not show up over the network share list.

------------------------
''AddressBook iSyncing''

''Step 1''

Open up Terminal.app, but if you aren’t confortable with the terminal you might want to follow this tip instead. Once you have Terminal open, navigate to ~/Library/Preferences/. We will need to edit the com.apple.iPod.plist file located here. First make a backup of this file then take a look at its contents. If the file is a binary file you will need to execute the following command:
plutil -convert xml1 com.apple.iPod.plist

Now you should be able to edit the file with your favorite text editor (TextWrangler, vim, etc). Change whatever number is below ‘Family ID’ to 10001 as shown below.
[img[http://www.zaphu.com/v1/wp-content/uploads/2008/05/plist-file.png]]
Save your changes and run the following command to convert the file back to a binary:
plutil -convert binary1 com.apple.iPod.plist

Note: You may want to duplicate the iPod entry to prevent this from being disabled by future iPod syncs. To do so copy everything contained within the <dict> and </dict> below,
<key>000B27111236C6CB</key>
<dict>
…
</dict>

and paste just below the original entry. Then simply change the <key> number slightly to prevent overwriting.
''Step 2''

Open Address Book and go to the Preferences-General pane and check the box to enable Synchronize with Gmail. You’ll be prompted to enter your Gmail account information (see below).
If you don’t have any iSync devices such as mobile phones or PDAs then you will also need to enable Yahoo syncing for this to work, see this guide for more information.

[img[http://www.zaphu.com/v1/wp-content/uploads/2008/05/gmail-sync-prefs.png]]



''Step 3''

Now open iSync.app and go to the Preferences panel. Check the box to show status in the menu bar (see below). Quit iSync.app.

[img[http://www.zaphu.com/v1/wp-content/uploads/2007/11/isync1.png]]

''Step 4''

Make sure iSync.app is not running and go the the iSync menu bar icon and select ‘Sync Now’. You will be prompted to replace or merge with your Google Gmail Address Book.

Sometimes getting “Sync Now” to show up can be tricky, my only suggestion right now is to reboot and try again.

[img[http://www.zaphu.com/v1/wp-content/uploads/2008/04/sync-menubar.png]]

Repeat

Simply repeat steps 1-4 on any other Macs where you want your address book to be available.


To change the Google sync client type, open a terminal window and type (one line)
sudo defaults write /System/Library/PrivateFrameworks/GoogleContactSync.framework/Resources/ClientDescription Type 'server'

Then type the following one line command to restore the permissions on the plist file:
sudo chmod 644 /System/Library/PrivateFrameworks/GoogleContactSync.framework/Resources/ClientDescription.plist

------------------------
''Stop auto-switching in Spaces''

Problem: Spaces is great and all, but it forces me to sort by applications instead of tasks. For example, if I select {application} from the Dock, then it automatically switches me to the virtual desktop space in which I first started {application}. However, what I really wanted was to start another instance of {application} running in my current virtual desktop space. Assigning {application} to all desktops in the Spaces preferences isn't the solution, because then Spaces just drags around all {application} windows onto all desktop spaces.

Solution: Issue the following command in a Terminal or xterm (X11) window:

defaults write com.apple.dock workspaces-auto-swoosh -bool NO

Restart the Dock using the following command:

killall Dock

Spaces will now allow you to start multiple instances of an application in separate desktop spaces. Note that implementing this setting can result in confusing behavior if you have used the Spaces preferences to assign a specific application to a specific desktop spaces (although assigning appplications to all desktop spaces appears to be fine). Repeat with “NO” replaced by “YES” to restore the default behavior. The file modified by defaults in this case is ~/Library/Preferences/com.apple.Dock.plist.

OS Version Compatibility: Leopard (10.5.2+) only. 
[[WRT54G]]
[[WRT54GC]]
[[WAP55AG]]
Make the Library folder visable: sudo chflags nohidden Library

[[VerboseBooting]]

If xcodebuild complains about licensing: (as root) xcodebuild -license
Programming the Logitech 720 for use with XBMC

1. You must UNPAIR any Apple Remotes you have already paired with OS X in System Preferences -> Security -> General.

2. In XBMC's System Settings for Apple Remote, set it to Multi-Remote.

3. If you are interested in the ability to launch XBMC using the Menu button on your Harmony One, enable the Always On setting. Please note that this will prevent the use of the Harmony One OR any Apple Remote by any other applications, including Front Row, Sofa Control, Remote Buddy, Plex, etc.

4. We'll assume you've installed the Logitech Harmony Remote software and have already used it to configure other devices.

5. Create a new device of type "Media Center PC", brand Plex, and type "Plex Player" into the box.

6. Create a new Activity using this Plex Player device and any other devices you need (TVs, amps, etc). 

7. Rename this Activity something like "Watch XBMC"

8. Customize the buttons for this Activity as shown in these screenshots.

[img[http://www.cryptomonkeys.org/~louisk/images/logitech_harmony01.jpg]]
[img[http://www.cryptomonkeys.org/~louisk/images/logitech_harmony02.jpg]]
[img[http://www.cryptomonkeys.org/~louisk/images/logitech_harmony03.jpg]]
[img[http://www.cryptomonkeys.org/~louisk/images/logitech_harmony04.jpg]]
[img[http://www.cryptomonkeys.org/~louisk/images/logitech_harmony05.jpg]]
[img[http://www.cryptomonkeys.org/~louisk/images/logitech_harmony06.jpg]]
[img[http://www.cryptomonkeys.org/~louisk/images/logitech_harmony07.jpg]]
How to sync your ports tree using Subversion (over HTTP)
Audience: end users who cannot use rsync (873/tcp) due to firewalls, proxies, policy, etc.
Requires: MacPorts
Requires: Subversion
Leopard comes with subversion already installed. If you are using Tiger, or some other system which does not provide a subversion client, you will need to install subversion yourself. If you have a copy of the ports tree already, just run:

sudo port install subversion
If you do not have a copy of the ports tree, you can download the daily tarball by following the tarball howto.

Introduction

Some people live and work behind a firewall or proxy that block or otherwise break rsync, which is the primary means of getting updated portfiles in MacPorts. The following steps will switch your tree over to using subversion (over http) for syncing.

Note: replace "$prefix" with the location of your MacPorts install, which defaults to /opt/local.

Installation

Step 1: Checkout Initial Copy

cd $prefix/var/macports/sources
mkdir -p svn.macports.org/trunk/dports
cd svn.macports.org/trunk/dports 
svn co http://svn.macports.org/repository/macports/trunk/dports/ .
Configuration

Step 2: Configure MacPorts

Edit $prefix/etc/macports/sources.conf to comment out the rsync entry and add the "file" entry:

Note: don't forget to replace $prefix.

#rsync://rsync.macports.org/release/ports/ [default]
file:///$prefix/var/macports/sources/svn.macports.org/trunk/dports/ [default]
Optional Parts

Step 3: Test Sync

Run sync in debug mode and watch for "svn update" instead of "rsync" being used:

port -d sync 
[[The Deck]] 
[[Auto-Deleting|AutoDelete]] entries that score >= X
Backing up [[Apple Mail|http://www.mothsoftware.com/ma_1.html]]

Backups are important. As Joni Mitchell reminds us, “Don’t it always seem to go / that you don’t know what you’ve got ’til it’s gone”.

Details about what to backup in Mail are provided in a [[tech note from Apple|http://docs.info.apple.com/article.html?artnum=151500]]. A complete backup set of Mail includes the following:

   1. All the files located in ~/Library/Mail.

   2. The “Mail Downloads” folder located in ~/Library

   3. The “com.apple.mail.plist” file located in ~/Library/Preferences.

   4. The “AddressBook” folder located in ~/Library/Application Support

(”~” is a symbol for your user or home directory. “~/Library” is the Library folder in your home directory.)

There are at least five ways to do the backup:

1. You could simply copy those files onto a blank CD-Rom mounted on your Desktop and burn them off once a week.

2. You could incorporate those files in a daily or weekly backup using [[Dantz Retrospect|http://www.versiontracker.com/dyn/moreinfo/macosx/13108]], [[RsyncX|http://www.versiontracker.com/dyn/moreinfo/macosx/16814]], [[Synk|http://www.versiontracker.com/dyn/moreinfo/macosx/7842]], [[Deja Vu|http://www.versiontracker.com/dyn/moreinfo/macosx/16206]] or one of the many other backup apps. This is what I do. I use [[Deja Vu|http://www.versiontracker.com/dyn/moreinfo/macosx/16206]], because it is clean, flexible and easy and the developer is a nice guy. I back up email and documents daily and the Home directory once a week onto an external drive. With [[Deja Vu|http://www.versiontracker.com/dyn/moreinfo/macosx/16206]] scheduling, it’s a “set and forget” kind of thing.

3. If you have a .Mac account you could use the new [[Backup 3 software|http://www.apple.com/support/downloads/backup.html]] from Apple. It is very pretty, but seems rather slow on my PowerBook, although I’m trying it out for the first time today.

4. [[Mail Archiver X|http://www.mothsoftware.com/ma_1.html]] is a dedicated Mail backup app. It offers to backup your mail, and also to clean it for archiving. It can strip out HTML and other useless things, so that you only save the important parts of your correspondence. It also offers a browser to search and manipulate your mail archives.

* Currently, the release version of the software doesn’t support the new message format in Mail 2.0. I emailed the developers about this and they replied:

** The beta 2 of version 1.3 adds compatibility for Mail in 10.4…. Please be aware that a new and improved interface will be available in the next version of [[Mail Archiver X|http://www.mothsoftware.com/ma_1.html]]. If all goes well, a new beta can be ready within the next two weeks.

* It costs USD 34.95. Wait and see would be my advice.
5. You could use one of the archiving apps like [[MailSteward|http://www.hawkwings.net/2005/10/13/mailsteward-powerful-archiving-and-searching/]] or [[FastMailBase|http://www.hawkwings.net/2005/10/14/fastmailbase-more-archiving-for-apple-mail/]] which offer features above and beyond merely backing up your email. They won’t back up your preferences or your Address Book though.

[[Reconnoiter]]
[[Dovecot]]
Turn Cups Web Interface on/off: sudo cupsctl WebInterface=yes
<html>
<pre>
MySQL Replication Notes
Converting from MyISAM -> INNODB

NOTE: FULL TEXT SEARCH is not available using INNODB in the failure sort of way

    * dump the database, if reloading after, use --add-drop-table
    * sed -e 's/MyISAM/INNODB/g' dump.sql -> new-dump.sql
    * echo 'SET AUTOCOMMIT = 0;' > foo.sql && cat new-dump.sql >> foo.sql && echo 'COMMIT;' >> foo.sql && mv foo.sql new-dump.sql
          o This has the side effect of treating the entire db load as a single transaction, which will be much faster

Master1

    * grant replication slave on *.* to 'replication'@'%' identified by 'slave';
    * change master to master_host='<master2 IP>', master_port=3306, master_user='replication', master_password='slave';
    * slave start;

query_cache_type=1 
query_cache_size=100M 
set-variable = max_allowed_packet=50M 
server-id=1 
log_bin = /var/run/mysqld/mysql-bin.log 
auto_increment_increment        = 2 
auto_increment_offset           = 1 
query_cache_type=1 query_cache_size=100M set-variable = max_allowed_packet=50M server-id=1 log_bin = /var/run/mysqld/mysql-bin.log auto_increment_increment = 2 auto_increment_offset = 1
Master2

    * grant replication slave on *.* to 'replication'@'%' identified by 'slave';
    * change master to master_host='<master1 IP>', master_port=3306, master_user='replication', master_password='slave';
    * slave start;

query_cache_type=1 
query_cache_size=100M 
set-variable = max_allowed_packet=50M 
server-id=2 
log_bin = /var/run/mysqld/mysql-bin.log 
auto_increment_increment        = 2 
auto_increment_offset           = 2 
query_cache_type=1 query_cache_size=100M set-variable = max_allowed_packet=50M server-id=2 log_bin = /var/run/mysqld/mysql-bin.log auto_increment_increment = 2 auto_increment_offset = 2
Import the data

    * mysql -u root <database name> < dump.sql

Troubleshooting

To find out whether replication is/is not working and what has caused to stop it, you can take a look at the logs. On Debian, for example, MySQL logs to /var/log/syslog:
grep mysql /var/log/syslog 
 
server1:/home/admin# grep mysql /var/log/syslog 
May 29 09:56:08 http2 mysqld[1380]: 080529 9:56:08 [ERROR] Slave: Error 'Table 'mydb.taggregate_temp_1212047760' doesn't exist' on query. Default database: 'mydb'. Query: 'UPDATE thread AS thread,taggregate_temp_1212047760 AS aggregate 
May 29 09:56:08 http2 mysqld[1380]: ^ISET thread.views = thread.views + aggregate.views 
May 29 09:56:08 http2 mysqld[1380]: ^IWHERE thread.threadid = aggregate.threadid', Error_code: 1146 
May 29 09:56:08 http2 mysqld[1380]: 080529 9:56:08 [ERROR] Error running query, slave SQL thread aborted. Fix the problem, and restart the slave SQL thread with "SLAVE START". We stopped at log 'mysql-bin.001079' position 203015142 
server1:/home/admin# 
grep mysql /var/log/syslog server1:/home/admin# grep mysql /var/log/syslog May 29 09:56:08 http2 mysqld[1380]: 080529 9:56:08 [ERROR] Slave: Error 'Table 'mydb.taggregate_temp_1212047760' doesn't exist' on query. Default database: 'mydb'. Query: 'UPDATE thread AS thread,taggregate_temp_1212047760 AS aggregate May 29 09:56:08 http2 mysqld[1380]: ^ISET thread.views = thread.views + aggregate.views May 29 09:56:08 http2 mysqld[1380]: ^IWHERE thread.threadid = aggregate.threadid', Error_code: 1146 May 29 09:56:08 http2 mysqld[1380]: 080529 9:56:08 [ERROR] Error running query, slave SQL thread aborted. Fix the problem, and restart the slave SQL thread with "SLAVE START". We stopped at log 'mysql-bin.001079' position 203015142 server1:/home/admin#

You can see what query caused the error, and at what log position the replication stopped.

To verify that the replication is really not working, log in to MySQL:
mysql \-u root \-p 
mysql \-u root \-p

On the MySQL shell, run:
mysql> SHOW SLAVE STATUS \G 
 
If one of Slave_IO_Running or Slave_SQL_Running is set to No, then the replication is broken: 
 
mysql> SHOW SLAVE STATUS \G 
*************************** 1. row *************************** 
Slave_IO_State: Waiting for master to send event 
Master_Host: 1.2.3.4 
Master_User: slave_user 
Master_Port: 3306 
Connect_Retry: 60 
Master_Log_File: mysql-bin.001079 
Read_Master_Log_Pos: 269214454 
Relay_Log_File: slave-relay.000130 
Relay_Log_Pos: 100125935 
Relay_Master_Log_File: mysql-bin.001079 
Slave_IO_Running: Yes 
Slave_SQL_Running: No 
Replicate_Do_DB: mydb 
Replicate_Ignore_DB: 
Replicate_Do_Table: 
Replicate_Ignore_Table: 
Replicate_Wild_Do_Table: 
Replicate_Wild_Ignore_Table: 
Last_Errno: 1146 
Last_Error: Error 'Table 'mydb.taggregate_temp_1212047760' doesn't exist' on query. Default database: 'mydb'. 
Query: 'UPDATE thread AS thread,taggregate_temp_1212047760 AS aggregate 
SET thread.views = thread.views + aggregate.views 
WHERE thread.threadid = aggregate.threadid' 
Skip_Counter: 0 
Exec_Master_Log_Pos: 203015142 
Relay_Log_Space: 166325247 
Until_Condition: None 
Until_Log_File: 
Until_Log_Pos: 0 
Master_SSL_Allowed: No 
Master_SSL_CA_File: 
Master_SSL_CA_Path: 
Master_SSL_Cert: 
Master_SSL_Cipher: 
Master_SSL_Key: 
Seconds_Behind_Master: NULL 
1 row in set (0.00 sec) 
 
mysql> 
mysql> SHOW SLAVE STATUS \G If one of Slave_IO_Running or Slave_SQL_Running is set to No, then the replication is broken: mysql> SHOW SLAVE STATUS \G *************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 1.2.3.4 Master_User: slave_user Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.001079 Read_Master_Log_Pos: 269214454 Relay_Log_File: slave-relay.000130 Relay_Log_Pos: 100125935 Relay_Master_Log_File: mysql-bin.001079 Slave_IO_Running: Yes Slave_SQL_Running: No Replicate_Do_DB: mydb Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 1146 Last_Error: Error 'Table 'mydb.taggregate_temp_1212047760' doesn't exist' on query. Default database: 'mydb'. Query: 'UPDATE thread AS thread,taggregate_temp_1212047760 AS aggregate SET thread.views = thread.views + aggregate.views WHERE thread.threadid = aggregate.threadid' Skip_Counter: 0 Exec_Master_Log_Pos: 203015142 Relay_Log_Space: 166325247 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No Master_SSL_CA_File: Master_SSL_CA_Path: Master_SSL_Cert: Master_SSL_Cipher: Master_SSL_Key: Seconds_Behind_Master: NULL 1 row in set (0.00 sec) mysql>

2 Repairing The Replication

Just to go sure, we stop the slave:
mysql> STOP SLAVE; 
mysql> STOP SLAVE;

Fixing the problem is actually quite easy. We tell the slave to simply skip the invalid SQL query:
mysql> SET GLOBAL SQL_SLAVE_SKIP_COUNTER = 1; 
mysql> SET GLOBAL SQL_SLAVE_SKIP_COUNTER = 1;

This tells the slave to skip one query (which is the invalid one that caused the replication to stop). If you'd like to skip two queries, you'd use SET GLOBAL SQL_SLAVE_SKIP_COUNTER = 2; instead and so on.

That's it already. Now we can start the slave again...
mysql> START SLAVE; 
mysql> START SLAVE;

... and check if replication is working again:
mysql> SHOW SLAVE STATUS \G 
mysql> SHOW SLAVE STATUS \G
mysql> SHOW SLAVE STATUS \G 
*************************** 1. row *************************** 
Slave_IO_State: Waiting for master to send event 
Master_Host: 1.2.3.4 
Master_User: slave_user 
Master_Port: 3306 
Connect_Retry: 60 
Master_Log_File: mysql-bin.001079 
Read_Master_Log_Pos: 447560366 
Relay_Log_File: slave-relay.000130 
Relay_Log_Pos: 225644062 
Relay_Master_Log_File: mysql-bin.001079 
Slave_IO_Running: Yes 
Slave_SQL_Running: Yes 
Replicate_Do_DB: mydb 
Replicate_Ignore_DB: 
Replicate_Do_Table: 
Replicate_Ignore_Table: 
Replicate_Wild_Do_Table: 
Replicate_Wild_Ignore_Table: 
Last_Errno: 0 
Last_Error: 
Skip_Counter: 0 
Exec_Master_Log_Pos: 447560366 
Relay_Log_Space: 225644062 
Until_Condition: None 
Until_Log_File: 
Until_Log_Pos: 0 
Master_SSL_Allowed: No 
Master_SSL_CA_File: 
Master_SSL_CA_Path: 
Master_SSL_Cert: 
Master_SSL_Cipher: 
Master_SSL_Key: 
Seconds_Behind_Master: 0 
1 row in set (0.00 sec) 
 
mysql> 
mysql> SHOW SLAVE STATUS \G *************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 1.2.3.4 Master_User: slave_user Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.001079 Read_Master_Log_Pos: 447560366 Relay_Log_File: slave-relay.000130 Relay_Log_Pos: 225644062 Relay_Master_Log_File: mysql-bin.001079 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: mydb Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 447560366 Relay_Log_Space: 225644062 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No Master_SSL_CA_File: Master_SSL_CA_Path: Master_SSL_Cert: Master_SSL_Cipher: Master_SSL_Key: Seconds_Behind_Master: 0 1 row in set (0.00 sec) mysql>

As you see, both Slave_IO_Running and Slave_SQL_Running are set to Yes now.

Now leave the MySQL shell...
mysql> quit; 
mysql> quit;

... and check the log again:
grep mysql /var/log/syslog 
 
server1:/home/admin# grep mysql /var/log/syslog 
May 29 09:56:08 http2 mysqld[1380]: 080529 9:56:08 [ERROR] Slave: Error 'Table 'mydb.taggregate_temp_1212047760' doesn't exist' on query. Default database: 'mydb'. Query: 'UPDATE thread AS thread,taggregate_temp_1212047760 AS aggregate 
May 29 09:56:08 http2 mysqld[1380]: ^ISET thread.views = thread.views + aggregate.views 
May 29 09:56:08 http2 mysqld[1380]: ^IWHERE thread.threadid = aggregate.threadid', Error_code: 1146 
May 29 09:56:08 http2 mysqld[1380]: 080529 9:56:08 [ERROR] Error running query, slave SQL thread aborted. Fix the problem, and restart the slave SQL thread with "SLAVE START". We stopped at log 'mysql-bin.001079' position 203015142 
May 29 11:42:13 http2 mysqld[1380]: 080529 11:42:13 [Note] Slave SQL thread initialized, starting replication in log 'mysql-bin.001079' at position 203015142, relay log '/var/lib/mysql/slave-relay.000130' position: 100125935 
server1:/home/admin# 
grep mysql /var/log/syslog server1:/home/admin# grep mysql /var/log/syslog May 29 09:56:08 http2 mysqld[1380]: 080529 9:56:08 [ERROR] Slave: Error 'Table 'mydb.taggregate_temp_1212047760' doesn't exist' on query. Default database: 'mydb'. Query: 'UPDATE thread AS thread,taggregate_temp_1212047760 AS aggregate May 29 09:56:08 http2 mysqld[1380]: ^ISET thread.views = thread.views + aggregate.views May 29 09:56:08 http2 mysqld[1380]: ^IWHERE thread.threadid = aggregate.threadid', Error_code: 1146 May 29 09:56:08 http2 mysqld[1380]: 080529 9:56:08 [ERROR] Error running query, slave SQL thread aborted. Fix the problem, and restart the slave SQL thread with "SLAVE START". We stopped at log 'mysql-bin.001079' position 203015142 May 29 11:42:13 http2 mysqld[1380]: 080529 11:42:13 [Note] Slave SQL thread initialized, starting replication in log 'mysql-bin.001079' at position 203015142, relay log '/var/lib/mysql/slave-relay.000130' position: 100125935 server1:/home/admin#

The last line says that replication has started again, and if you see no errors after that line, everything is ok.
</pre>
</html>
''Sept. 28, 1998'' Programming 1 - [[Java|http://java.sun.com]] - I had a Mac.  Class required [[Java 1.0.2|http://java.sun.com/products/archive/]], Apple offered Java 1.0.1. *sigh*  I had the option of doing my labs in the CS Lab on Windows, or telnet to the Sun E10k and learn how to use [[Emacs|http://www.gnu.org/software/emacs/]] and UNIX shell.  Of course I had to choose the more difficult option.  I opted to learn UNIX.  Over the course of the next 3mo, I researched every option I could find on how I could do [[Java|http://java.sun.com]] programming on a Mac.  I only found 1 solution.  Run Linux (at the time, [[MkLinux|http://www.mklinux.org/]]).  This would let me have a modern [[JDK (1.0.2)||http://java.sun.com/products/archive/]] so I wouldn't have to suffer the horror of Windows or telnet to [[Solaris|http://www.sun.com/software/solaris/index.jsp]].  The only catch to this was that [[MkLinux|http://www.mklinux.org/]] wouldn't run on the Performa 5200 that I had gotten for school (not more than 4mo. old).

''Dec. 25, 1998'' I managed to talk Mom into getting the pair of PowerMac 8600 units that were on clearance at the University Book store (where I worked and got an additional discount).  These were the 200MHz PPC 604e with an AV I/O board.  One was for her (to replace the SE30 she'd had for 5-6yrs), the second was to replace my Performa 5200.

''Jan. 1999'' I picked up a Hitachi 21" display to go with my shiny new PowerMac 8600.  I started experimenting with [[MkLinux|http://www.mklinux.org/]].  It was a pretty big learning curve for somebody used to Mac OS 6-8.  The (compressed) [[Linux|http://www.linux.org]] [[kernel (2.1.x)|http://www.kernel.org/pub/linux/kernel/v2.1/]] was stored in the System Folder on the Mac side, and a control panel allowed you to pick which OS during the boot.  After about 20 installs of [[MkLinux|http://www.mklinux.org/]] I finally got all the settings correct and successfully booted [[Linux|http://www.linux.org]] to a command-line login.  This got me able to do my [[java|http://java.sun.com]] homework in my dorm room.  You'd think I'd reached my goal, I could relax and enjoy it.  After a little while, [[MkLinux|http://www.mklinux.org/]] was replaced by [[LinuxPPC|http://penguinppc.org/]].  I spent the next 4 years discovering new features/capabilities in Linux and generally trying to learn everything I could about how it worked, how to break it, and how to fix it.

''Spring of 2001'' I started volunteering in the Research Lab at school.  There I was reintroduced to [[Solaris|http://www.sun.com/software/solaris/index.jsp]] and Sun hardware.  I didn't fool around with it too much, but there were some Ultra 5 boxes that weren't being used, installed Solaris 8 a few times, did a little playing around.

''Summer of 2001'' I was introduced to [[FreeBSD|http://www.freebsd.org]].  On the surface it seemed a lot like Linux, but under the hood, it was totally different.  I played with it a bit, but had trouble finding documentation, and it wasn't long before I reverted back to the Linux I knew how to work.

''Fall of 2001'' I took over the management of the Research Lab.

''Summer of 2002'' I got a second introduction to [[FreeBSD|http://www.freebsd.org]].  By this time I had tried every major [[Linux|http://www.linux.org]] distribution (RedHat, Slackware, Mandrake, Debian, Gentoo) and was tired of either the community behind the distribution, or the distribution itself.  I had investigated [[Solaris|http://www.sun.com/software/solaris/index.jsp]], and I was running my own server (Sun E4500) as a production web/mail/etc. server.  I had tried [[IRIX|http://www.sgi.com/products/software/irix/]] on SGI Indy (as well as [[Linux|http://www.linux.org]] on Indy).  [[IRIX|http://www.sgi.com/products/software/irix/]] turned out to be a PITA, mostly due to licensing of dev tools, and lack of community for 3rd party pkgs.  [[Solaris|http://www.sun.com/software/solaris/index.jsp]] was OK as a server, but for a desktop it was wanting.  Things I thought were basic, [[Solaris|http://www.sun.com/software/solaris/index.jsp]] didn't offer them, such as wireless.  It took a little bit, but [[FreeBSD|http://www.freebsd.org]] [[4.8|http://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-i386/]] supported my Thinkpad x30, including the 802.11b.

''2002-2003 School year'' - This year I took a parallel programming class and learned how to use [[lam MPI|http://www.lam-mpi.org/]].  The instructor was teaching us how to have multiple instances running on a single computer.  This seemed silly to me.  I also knew that we had 22 ancient workstations sitting in a closet.  A friend and I decided we would put together a Beowulf cluster so we could do real parallel programming.  It sounds silly, but the combined compute power of the cluster was about the same as a "modern" laptop or desktop.  It would however, more properly model parallel execution of code, and that was the real goal.

''Summer of 2003'' I spent doing my Capstone project.  The project comprised changing the networking of the lab from being behind the campus firewalls to out in front of them.  It required configuration of a PIX (don't ever use these as routers, they are horrible routers) to segment the network into a DMZ and a private network.  The DMZ would contain a myraid of servers to provide web, DNS, CVS, and mail services for the lab, while the private network contained all the workstations.  There was also a parallel compute cluster (generation 2) comprised of (not kidding here) a master node (Sun SPARC center 1000 with StorageArray 1010 acting as NFS storage) and 22 slave nodes (Sun Ultra 2).  The creation of the compute cluster was one of the more interesting projects I got to do.  I learned how to do automated installations with [[Sun's JumpStart|http://www.sun.com/bigadmin/content/jet/]].  Once I got that under control, I added [[cfengine|http://www.cfengine.org]] to the mix.  This took longer to get a handle on, and then a while to get all my configurations defined.  Once all this was setup, I was able to do the OS install and production deployment for each node in 15min.  I could also do all the installs in parallel.  Adding new nodes to the cluster was about a 20min process.  Very cool.

''2003-2004'' Senior year.
[[IPv6]]
Mountain Lion [[Notes|MountainLionNotes]]
Lion [[Notes|LionNotes]]
Snow Leopard [[Notes|SnowLeopardNotes]]
Leopard [[Notes|LeopardNotes]]
Tiger [[Notes|TigerNotes]]

[[MacPorts]]
[[GeekTool]]
[[Growl]]
[[Mail.app]]

[[TFTP Setup|TFTPsetup]]
[img[http://www.pgp.com/images/navtop_logo.jpg]]

Install:
* emulators/linux_base-fc4
* textproc/linux-libxml2
* create ~/.pgp or it will complain about "permission denied" in obscure ways
* you can use existing gnupg keys, just copy them to the .pgp directory and change the extension to skr
* may want to add /compat/linux/usr/bin to your PATH so you don't have to keep typing it in

[[Debugging Desktop|DebuggingPGPDesktop]]
[[IPSec VPN|Cisco_IPSec VPN]]
[[Hardware]]
[[Software]]
[[Photography]]
[[Bicycles]]
[[Wishlist]]
[[Nerdly Inspiration|Nerdly_Inspiration]]
[[TiddlyWiki]]
[[BayLISA]]
[[Magic The Gathering]]
Digital Workflow:
1. Copy RAW files from CF -> HD
2. Import images into [[myTracks|http://www.mytracks4mac.com/myTracks/Start.html]] and assign location
3. Import images into Lightroom
4. Scan images and select rejects (OOF, etc..)
5. Scan images and select Picks
6. Select Picks and apply develop settings
7. Export Picks to Web/Disk

Installing Canon Updaters on OSX:
1. mount the .dmg and drag the updater within it to your desktop.
2. right-click on the updater and "Show Package Contents"
3. navigate to Contents>Resources and delete the "update.plist" file.
4. now, double click the Updater you dragged to the desktop in step 2 and it will install.
An update to this - there is now a package within the package called SDI.Bundle and update.plist has been moved to here.

For [[FreeBSD|http://www.freebsd.org]]/Linux, check out
* graphics/ufraw - The Unidentified Flying Raw ([[UFRaw|http://ufraw.sourceforge.net]]) is a utility to read and manipulate raw images from digital cameras. It can be used on its own or as a Gimp plug-in. It reads raw images using Dave Coffin's raw conversion utility - ~DCRaw. ~UFRaw supports basic color management using Little CMS, allowing the user to apply color profiles. For Nikon users ~UFRaw has the advantage that it can read the camera's tone curves. Even if you don't own a Nikon, you can still apply a Nikon curve to your images.

<html>
<p>
Instantly Switching 1Ds Autofocus Modes

One of the biggest technical challenges in photography is focusing; choosing what element of the image should be the center of focus and locking focus on that element quickly and accurately. The 45-point autofocus system of the 1Ds is fast and usually accurate, but at times it will lock focus on something other than the intended center of focus, especially if there is an obstruction in front of the main subject. In that situation, autofocus can still be used, but it needs to be limited to a single focus sensor so that the camera knows exactly what the intended subject is. In other situations, manual focus may be necessary to achieve the desired effect. Additionally, in low light situations the autofocus system requires more time to lock focus on the subject and the delay this causes can result in missing the desired shot. If the distance to the main subject is not fluctuating, it can be desirable to lock focus and then take multiple shots quickly without any intervening focus delays.<br>
<br>
The Canon EOS-1Ds has numerous custom functions that can be used to configure the way the camera works, and they can be set to accommodate all of these situations easily. The first thing to do is to "register" the center autofocus sensor by pressing the AF point selector button (just to the right of the * button), rotating the command dials to select the center autofocus sensor, then simultaneously pressing the X and Flash Exposure Lock buttons. Then set Custom Function 4 to option 1 so that autofocus with all 45 focus sensors is initiated when the * button on the back of the camera is pressed (it's under the tip of your right thumb when holding the camera normally), and exposure lock occurs on shutter release half-press. Next, set Custom Function 18 to 2 to autofocus with center sensor only by pressing the X button. (This button is just to the left of the * button.) With this combination of settings, you can instantly switch between manual focus (don't press any button and turn the focus ring on the lens) autofocus with center sensor only (press X button) and autofocus with all 45 sensors (press * button). The X and * buttons are right under the tip of your right thumb, and with a little practice you can switch between them instantly by touch without having to take your eye from the viewfinder. Not having autofocus tied to the shutter button takes a little getting used to, but the control and flexibility it offers is well worth the time it takes to learn.<br>
<br>
If this doesn't seem to work, press X, then press the AF point select button (the button to the right of the * button) and select all focus sensors; the entire outer circle of focus points will light up. Then press the * button and you should be focusing with all 45 AF sensors. You can also use this technique to manually select a single non-center focus sensor and instantly switch between the non-center sensor and the center sensor with the * and X buttons.
</p>
</html>


| Item + Review |   |
| [[Canon EOS-1Ds|http://www.dpreview.com/reviews/CanonEOS1Ds/]] | [[http://www.dpreview.com/reviews/CanonEOS1Ds/|http://www.dpreview.com/reviews/CanonEOS1Ds/]] |
| [[Canon EF-50mm f/1.4 USM|http://www.dpreview.com/lensreviews/canon_50_1p4_c16/]] | [[http://www.dpreview.com/lensreviews/canon_50_1p4_c16/|http://www.dpreview.com/lensreviews/canon_50_1p4_c16/]] |
| [[Canon EF 16-35mm f/2.8L II USM|http://www.usa.canon.com/cusa/consumer/products/cameras/ef_lens_lineup/ef_16_35mm_f_2_8l_ii_usm]]  | |
| [[Canon EF 70-200mm f/2.8L IS II USM|http://www.usa.canon.com/cusa/consumer/products/cameras/ef_lens_lineup/ef_70_200mm_f_2_8l_is_ii_usm]] | |
| [[Tamrac Adventure 9 Backpack|http://www.tamrac.com/frame_adv.htm]] | |
| [[Kirk FR-1|http://www.bhphotovideo.com/c/product/555225-REG/Kirk_FR_1_FR_1_Macro_Focusing_Rail.html]] | $269.95 |
| [[Acratech GP Ball Head|http://acratech.net/product.php?productid=69]] | $399.00 |
| [[Giottos MT9360 Tripod|http://www.giottos.com/MT-9.htm]] | $170.00 |
| [[Acratech Universal L Bracket|http://acratech.net/product.php?productid=71]] | $230.00 |
| Item + Review |   |
| [[Canon G9|http://www.dpreview.com/reviews/canonG9/]] | |
| [[Canon WP-DC21| ]] | |
| [[Canon LA-DC58H Conversion Lens Adapter G9|http://www.amazon.com/Canon-Conversion-Adapter-Digital-Cameras/dp/B000JILHDC/ref=pd_bbs_sr_4?ie=UTF8&s=electronics&qid=1206760197&sr=8-4]] | |
| [[Canon TC-DC58C Tele Converter Lens G9|http://www.amazon.com/Canon-TC-DC58C-Converter-Digital-Cameras/dp/B000JILHF0/ref=pd_bbs_sr_7?ie=UTF8&s=electronics&qid=1206760197&sr=8-7]] | |
| [[Canon WC-DC58B Wide Converter Lens G9|http://www.amazon.com/Canon-WC-DC58B-Converter-Digital-Cameras/dp/B000JILHFU/ref=pd_bbs_sr_9?ie=UTF8&s=electronics&qid=1206760197&sr=8-9]] | |
| Item + Review |   |
| [[Epson Stylus Photo R2400|http://www.epson.com/cgi-bin/Store/consumer/consDetail.jsp?BV_UseBVCookie=yes&oid=53540920]] |  |
| Item + Review |   |
| [[Gorillapod Flexible Tripod|http://www.amazon.com/Joby-GP3-01EN-Gorillapod-SLR-Zoom-Flexible/dp/B000KFRSG4/ref=pd_bbs_sr_2?ie=UTF8&s=electronics&qid=1206580697&sr=8-2]] |  |
Many operating systems use the ~EUI-64 algorithm to generate ~IPv6 addresses. This algorithm derives the last 64 bits of the ~IPv6 address using the MAC address. Many see this as a privacy problem. The last half of your IP address will never change, and with MAC addresses being somewhat unique, the interface ID becomes close to a unique "cookie" identifying your system.

As a result, ~RFC3041 introduces "privacy enhanced" addresses which will change and are created by hashing the MAC address. Of course, each operating system has its own way to enable privacy enhanced addresses.

''Windows 7:''
You can use "netsh" to enable and configure privacy enhanced addresses. Use

netsh interface ipv6 show privacy 
to query the status, and

netsh interface ipv6 set privacy state=enabled 
to enable it. In my testing, privacy enhanced addresses were enabled and I wasn't actually able to disable them (a possible bug?).

''OS X:''
OS X uses the sysctl command to change various kernel parameters, including privacy enhanced addresses. By default, ~EUI-64 is used.

To enable, run 

sudo sysctl -w net.inet6.ip6.use_tempaddr=1
and cycle the interfaces (ifconfig en0 down; ifconfig en0 up). However, to have this setting survive a reboot, create a file called /etc/sysctl.conf and add the line:

 

net.inet6.ip6.use_tempaddr=1

''Linux:''
as root, similar to OS X, update the respective /proc entries

echo 1 > /proc/sys/net/ipv6/conf/all/use_tempaddr
echo 1 > /proc/sys/net/ipv6/conf/default/use_tempaddr
echo 1 > /proc/sys/net/ipv6/conf/eth0/use_tempaddr
Linux uses an /etc/sysctl.conf file, just like OS X, to make these changes persistent during reboots.
autoconf
./configure LDFLAGS=-L/usr/local/lib CPPFLAGS=-I/usr/local/include
change src/Makefile.in stratcond.conf -> stratcon.conf
mkdir /usr/local/java/lib
edit crontab to have correct location of psql
[[Apple Support KB|http://support.apple.com/kb/HT1436?viewlocale=en_US]]
Power Mac G5 (Late 2005)
To reset the SMU on a Power Mac G5 (Late 2005) computer, either use the steps listed above for the Power Mac G5 (Late 2004) or:

Turn off the computer by selecting Shut Down from the Apple menu or by holding the power button until the computer turns off.
Open and remove both the metallic outer door and the inner plastic air deflector.
Remove the fan assembly immediately to the left of the processor module.
Press the SMU reset button on the logic board.
Replace the fan assembly, air deflector, and outer door.
Turn on the computer.
The SMU reset button is located underneath the lower bank of system memory slots, as shown below:


Unlike earlier models of Power Mac G5 or Power Mac G4 computers, the Power Mac G5 (Late 2004) and (Late 2005) models do not have a PMU. This functionality has been replaced by the SMU.
<html>
<pre>
Secure Shell (ssh and Its Friends)
By default ssh on the Mac is not set up to accept incoming connections.  So from the Mac you could use scp to copying files in or out, but you couldn't sit at a remote machine and connect to the Mac.  So, to get ssh started, issue this command:

  sudo /sbin/service ssh start

You should just have to issue that command once and it will then be running the next time you reboot or whatever.

Alternatively, Aaron Whiteman clued me in to the "proper" way to start ssh.  Open "System Preferences", choose "Sharing", and select "Remote Login".  Done!

Aaron also writes:

Look into "SSH Agent" (http://www.phil.uu.nl/~xges/ssh/), which puts your ssh keys in the keychain, doing the same as what ssh-agent/ssh-add do on a unix box.  It also has the added benifits of being able to set env variables before you are completely logged in, so Terminal.app and any other MacOS application have them as needed.

General instructions for generating keys (and getting this going on a generic box) can be found here.

For the Mac, first generate these keys (and put the "pub" part on the machines you want to get to).  Then start SSH Agent and click the "Add Identity..." button.  You want to add the id_dsa file.  Enter your password to unlock the keys and then you should be done! No more need to enter passwords for your ssh-related connections (well, until you log-out and log-in again or shut down SSH Agent).

If you use SSH Agent, be sure to go to its Preferences and check the "Make Agent Global" box.

I also have found it very useful (especially in the context of using a cluster), to be able to get authentication working from the command line.  That requires that you issue various commands that, among other things, set some environmental variables.  Since I don't know how to set environmental variables of the parent process via a shell script, instead I wrote a script which will echo the commands I need to run.  I then copy those commands and paste them back onto the command line.  Here is the shell script (commands are shamelessly stolen from http://mah.everybody.org/docs/ssh):

#!/bin/bash -norc

echo This is not a true script!  Copy the following commands onto the
echo "command line (and you will be prompted for your password)."
echo
cat - <<EOF
==========================================================================
SSHAGENT=/usr/bin/ssh-agent
SSHAGENTARGS="-s"
if [ -z "\$SSH_AUTH_SOCK" -a -x "\$SSHAGENT" ]; then
    eval \`\$SSHAGENT \$SSHAGENTARGS\`
    trap "kill \$SSH_AGENT_PID" 0
fi
ssh-add ~/.ssh/id_dsa
==========================================================================

EOF
exit

########################################################################
# This gives the commands to fire up ssh-agent from the command line.
# 
# You can copy the follow commands into the command line manually.
# That's the only way I know to have the environmental variables
# properly set.
#
# These commands were shamelessly stolen from:
#    http://mah.everybody.org/docs/ssh
########################################################################

SSHAGENT=/usr/bin/ssh-agent
SSHAGENTARGS="-s"
if [ -z "$SSH_AUTH_SOCK" -a -x "$SSHAGENT" ]; then
    eval `$SSHAGENT $SSHAGENTARGS`
    trap "kill $SSH_AGENT_PID" 0
fi
ssh-add ~/.ssh/id_dsa



Note that this shell script also includes a copy of the commands at the bottom of the file.  To get the command to be written properly using cat, a few characters had to be quoted (using the backslash character).  The version at the end of the file has these "quotes" removed and hence can be cut from the file verbatim and pasted to the command line.  Nevertheless, the echoed commands which appear on the screen after running the script should be ready to cut-and-paste too (since they will then lack the quotes).

Terry Jones pointed out that there is a way to work-around the problem of setting environmental variables in the parent process. Instead of using a shell script, use a shell function. To quote Terry:

So instead of a file called mycommand

#!/bin/sh
export MYVAR=fred

create a file called ~/.bash-functions with

mycommand (){
    export MYVAR=fred
}


and then from your shell (from your .bash_profile most likely),
you just

  . ~/.bash-functions

(or source ~/.bash-functions if you insist).

That seems like a much cleaner way to do things.

Finally, there is a chance you may have to add the following to /etc/ssh_config to get things working:

  Host *
     PubkeyAuthentication yes
</pre>
</html>
* Crontab entries
{{{
30 01 * * * root echo "svnsync started at `date`" >>/var/log/svnsync.log && /usr/local/bin/svnsync sync --non-interactive file:///svn/freebsd/src/base >>/var/log/svnsync.log; echo "svnsync ended at `date` exit status $?" >>/var/log/svnsync.log
30 03 * * * root echo "svnsync started at `date`" >>/var/log/svnsync.log && /usr/local/bin/svnsync sync --non-interactive file:///svn/freebsd/src/base >>/var/log/svnsync.log; echo "svnsync ended at `date` exit status $?" >>/var/log/svnsync.log
1 1 * * 0-5 root /usr/local/etc/cvs-repo-freebsd -p > /dev/null
1 4 * * 0-5 root /usr/local/etc/cvs-repo-freebsd -p > /dev/null
1 1 * * 6    root /usr/local/etc/cvs-repo-freebsd -p -s > /dev/null
1 4 * * 6    root /usr/local/etc/cvs-repo-freebsd -p -s > /dev/null
}}}
* csup(1) mirroring script
{{{
#!/bin/sh -
#
# Script to re-sync a CVS repository.  Based on a script that Julian
# Elischer had last modified before I got my grubby hands on it and
# twisted it beyond recognition.
#                                 -- David Wolfskill
# Further twisted - Louis Kowolowski
#

PATH=/bin:/usr/bin:/sbin:/usr/sbin

#
# Refresh the cvs tree.
#
test_mode=""
do_ports=""
do_strictrcs=""
while getopts "pst" COMMAND_LINE_ARGUMENT ; do
  case "${COMMAND_LINE_ARGUMENT}" in
  p)
    do_ports="yes"
    ;;
  s)
    do_strictrcs="yes"
    ;;
  t)
    test_mode="yes"
    ;;
  esac
done
CVSROOT=/cvs;export CVSROOT
FBSDROOT=${CVSROOT}/freebsd
#LOG=/var/tmp/cvsup.log
LOG=/var/tmp/csup.log
#H_LOG=/var/log/cvsup-history.log
H_LOG=/var/log/csup-history.log
CMD_PFX=""
HALTFILE=/usr/local/etc/cvsup/cvsupd.HALT
if [ "${test_mode}" = "yes" ]; then
  echo "Test mode; logging to /dev/tty instead of ${LOG} and ${H_LOG}..."
  LOG=/dev/tty
  H_LOG=/dev/tty
  CMD_PFX="echo Would issue"
fi

umask 002
SUPFILE=/tmp/$$.supfile
RELEASE="release=cvs"
HOSTBASE="hostbase=/cvs"
BASE="base=/cvs/freebsd"
PREFIX="prefix=/cvs/freebsd"
#OPTIONS="delete old use-rel-suffix"
OPTIONS="delete use-rel-suffix"
if [ "${do_strictrcs}" = "yes" ]; then
	OPTIONS="${OPTIONS} strictrcs"
fi

echo "" > ${LOG}
${CMD_PFX} touch ${HALTFILE}
echo "new CVSup requests disabled at `date`" > ${LOG}
cvsupd="stopped"
if [ -d ${FBSDROOT} ]; then
	s=`/usr/local/bin/fastest_cvsup -Q -c us`
    if ping -q -c 3 ${s} >/dev/null ; then
      SERVER=${s}
    fi
    if [ -z "${SERVER}" ]; then
      echo "Unable to reach CVSup server ${s}" >>${LOG}
      continue
    fi
    echo "CVSup begin from ${SERVER} at `date`" >>${H_LOG}

    HOST="host=${SERVER}"
    #ARGS="${RELEASE} ${HOST} ${HOSTBASE} ${BASE} ${PREFIX} ${OPTIONS}"
    ARGS="${RELEASE} ${HOST} ${BASE} ${PREFIX} ${OPTIONS}"

    cat >${SUPFILE} <<DONE

cvsroot-all ${ARGS}
src-all ${ARGS}
ports-all ${ARGS}
doc-all ${ARGS}

DONE

    if [ "${test_mode}" = "yes" ]; then
      echo "Supfile is:"
      cat ${SUPFILE} >/dev/tty
    fi

    if ${CMD_PFX} /usr/bin/csup -1 -g -L1 ${SUPFILE} >>$LOG 2>&1; then
      echo "CVSup ended from ${SERVER} at `date`" >>${H_LOG}
      echo "CVSup ended from ${SERVER} at `date`" >>${LOG}
      chgrp -R wheel ${FBSDROOT} >>$LOG 2>&1
      chmod -R g+rw ${FBSDROOT} >>$LOG 2>&1
      ${CMD_PFX} /bin/rm -f ${HALTFILE}
      echo "new CVSup requests enabled at `date`" >> ${LOG}
      cvsupd="started"
	  ${CMD_PFX} cd /usr/doc && ${CMD_PFX} cvs -Rr update -d -P >>$LOG 2>&1
      if [ "${do_ports}" = "yes" ]; then
        ${CMD_PFX} cd /usr/ports && ${CMD_PFX} cvs -Rr update -d -P >>$LOG 2>&1
        echo "/usr/ports update ended at `date`" >>${LOG}
      else
        echo "/usr/ports update skipped at `date`" >>${LOG}
      fi
      break
    fi
fi
if [ "${cvsupd}" = "stopped" ]; then
  ${CMD_PFX} /bin/rm -f ${HALTFILE}
  echo "new CVSup requests enabled at `date`" >> ${LOG}
fi
rm ${SUPFILE}
}}}
Authenticaed Sending:
<html>
<pre>
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl # Drop the "p" if you want to allow non-encrypted login
dnl # (e.g. for testing your configuration)
dnl #
define(`', `A p')dnl
</pre>
</html>

REGEXP

qr/^
    ([^\n]{14})              : [ ]
    from         = ([^\n]+?) , [ ]
    size         = (\d+?)    , [ ]
    class        = (-? \d+?) , [ ]
    nrcpts       = (\d+?)    , [ ]
    (?: msgid    = ([^\n]+?) , [ ])?
    (?: bodytype = ([^\n]+?) , [ ])?
    (?: proto    = ([^\n]+?) , [ ])?
    (?: daemon   = ([^\n]+?) , [ ])?
    relay        = ([^\n]+)
/x;

qr/^
    ([^\n]{14})  : [ ]
    rejecting      [ ]
    commands       [ ]
    from           [ ]
    ([^\n]+?)      [ ]
    due            [ ]
    to             [ ]
    pre-greeting   [ ]
    traffic
/x;

qr/^
    ([^\n]{14}) : [ ]
    (<[^\n]+?>)
    \. \. \.      [ ]
    User          [ ]
    unknown
/x;

qr/^
    ([^\n]{14}) : [ ]
    ([^\n]+)      [ ]
    did           [ ]
    not           [ ]
    issue
/x;

qr/^
    ([^\n]{14}) : [ ]
    lost          [ ]
    input         [ ]
    channel       [ ]
    from          [ ]
    ([^\n]+)      [ ]
    to            [ ]
    MTA           [ ]
    after         [ ]
    data
/x;

qr/^
    ([^\n]{14}) : [ ]
    lost          [ ]
    input         [ ]
    channel       [ ]
    from          [ ]
    ([^\n]+)      [ ]
    to            [ ]
    MTA           [ ]
    after         [ ]
    rcpt
/x;

qr/^
    WorkList  [ ]
    for       [ ]
    ([^\n]+?) [ ]
    maxed     [ ]
    out       [ ]
    at        [ ]
    (\d+)
/x;

qr/^
    ([^\n]{14}) : [ ]
    timeout       [ ]
    waiting       [ ]
    for           [ ]
    input         [ ]
    from          [ ]
    ([^\n]+?)     [ ]
    during        [ ]
    server        [ ]
    cmd           [ ]
    read
/x;

qr/^
    ([^\n]{14}) : [ ]
    collect     : [ ]
    premature     [ ]
    EOM         : [ ]
    unexpected    [ ]
    close
/x;

qr/^
    ([^\n]{14})             : [ ]
    ruleset     = ([^\n]+?) , [ ]
    arg1        = ([^\n]+?) , [ ]
    relay       = ([^\n]+?) , [ ]
    reject      = (\d+?)      [ ]
    ([\d \.]+?)               [ ]
    Domain
    [^\n]+
    resolve
/x;

qr/^
    ([^\n]{14})             : [ ]
    ruleset     = ([^\n]+?) , [ ]
    arg1        = ([^\n]+?) , [ ]
    relay       = ([^\n]+?) , [ ]
    reject      = (\d+?)      [ ]
    ([\d \.]+?)               [ ]
    ([^\n]+?)
    \. \. \.                  [ ]
    Domain
    [^\n]+
    exist
/x;

qr/^
    ([^\n]{14}) : [ ]
    collect     : [ ]
    premature     [ ]
    EOM         : [ ]
    Connection    [ ]
    reset         [ ]
    by            [ ]
    ([^\n]+)
/x;

qr/^
    STARTTLS = ([^\n]+?)  , [ ]
    relay    = ([^\n]+?)  , [ ]
    version  = ([^\n]+?)  , [ ]
    verify   = ([^\n]+?)  , [ ]
    cipher   = ([^\n]+?)  , [ ]
    bits     = ([\d \|]+)
/x;

qr/^
    runqueue  : [ ]
    Flushing    [ ]
    queue       [ ]
    from        [ ]
    ([^\n]+?)   [ ]
    \(
    pri         [ ]
    (\d+)     , [ ]
    LA          [ ]
    (\d+)     , [ ]
    (\d+)       [ ]
    of          [ ]
    (\d+)
/x;

qr/^
    ([^\n]{14})             : [ ]
    to          = ([^\n]+?) , [ ]
    delay       = ([^\n]+?) , [ ]
    (?: xdelay  = ([^\n]+?) , [ ])?
    mailer      = ([^\n]+?) , [ ]
    pri         = (\d+?)    , [ ]
    (?: relay   = ([^\n]+?) , [ ])?
    (?: dsn     = ([^\n]+?) , [ ])?
    stat        = ([^\n]+)
/x;

qr/^
    ruleset     = (.+?)  , [ ]
    arg1        = (.+?)  , [ ]
    arg2        = (.+?)  , [ ]
    (?: relay   = (.+?)  , [ ])?
    reject      = (\d+?)   [ ]
    ([\d \.]+?)            [ ]
    Rejected:              [ ]
    ([\d \.]+?)            [ ]
    listed                 [ ]
    at                     [ ]
    (.+)
/x;

qr/^
    (.{14})              : [ ]
    Milter               : [ ]
    to          = (.+?)  , [ ]
    reject      = (\d+?)   [ ]
    ([\d \.]+?)            [ ]
    server                 [ ]
    \[
    (.+?)
    \]                     [ ]
    for                    [ ]
    (.+?)                  [ ]
    rejected               [ ]
    address                [ ]
    saying               : [ ]
    (.+)
/x;

qr/^
    (.{14})              : [ ]
    Milter               : [ ]
    from    = (.+?)      , [ ]
    reject      = (\d+?)   [ ]
    ([\d \.]+?)            [ ]
    invalid                [ ]
    domain                 [ ]
    name
/x;

qr/^
    (.{14})            : [ ]
    SYSERR \( root \)  : [ ]
    collect            : [ ]
    I \/ O               [ ]
    error                [ ]
    on                   [ ]
    connection           [ ]
    from                 [ ]
    (.+?)              , [ ]
    from               = (.+?)
/x;

qr/^
    (.{14})    : [ ]
    collect    : [ ]
    unexpected   [ ]
    close        [ ]
    on           [ ]
    connection   [ ]
    from         [ ]
    (.+?)      , [ ]
    sender     = (.+)
/x;
Start by loading the Directory Services 'launchctl /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist'

Then we can use dscl to manipulate things.
(improvement?)
Ideas and notes
[[VerboseBooting]]

Set printing options that aren't in the gui [[here|http://localhost:631/admin/]]

[[SingleUser Repairs]]
[[Networking]]
[[FreeBSD]]
[[OSX]]
[[Xen]]
[[FreeNAS]]
[[PGP]]
[[WordPress]]
<html>
<pre>
# If DB_File then I would suggest setting 'bayes_learn_to_journal 1' in
# spam.assassin.prefs.conf as from experience it will reduce the lock
# contention and speed-up batch processing considerably.
bayes_learn_to_journal 1
</pre>
</html>

cbl.abuseat.org is a feed to xbl.spamhaus.org. If you dig around on abuseat's site, they have a policy prohibiting using cbl directly if you'd need a datafeed to use xbl.

The other feed into xbl is the open proxy list from njabl, and they have no such restrictions.

bl.spamcop.net works pretty well, but does have some significant FPs now that they list backscatter sites (in the SpamAssassin 3.2 mass-checks, the hits on spamcop were 87.1% spam, and therefore 12.9% nonspam)

mail-abuse.org isn't free, and hasn't been for years. It's now a part of Trend's "Email Reputation Services", which is a for-pay service.


In general you might want to look at the STATISTICS file that comes with SA and see what the SpamAssassin mass-checks came up with. A "perfect" spam rule will have a S/O of 1.0 (for 100% of matches being spam, 0% nonspam), so look for RBL tests (RCVD_IN_*) with S/O's above 0.95 (95% spam, 5% nonspam). Also look for ones that match a decent amount of mail, because a perfectly accurate list with really low hit-rate isn't helpful. I'd look for at least 5% in the spam% column.

http://svn.apache.org/repos/asf/spamassassin/branches/3.2/rules/STATISTICS-set3.txt


This Perl module allows SpamAssassin to make use of the results of DSpam. This is my first hack at it and it is working very well in my production environment. All comments/concerns are certainly welcome.

DSpam Perl Module: [[dspam.pm]]
DSpam Config File: [[dspam.cf]]

When using dspam in conjuction with SpamAssassin and amavisd-new, amavisd-new automatically has dspam calculate the probabability of a message being HAM/SPAM and then insert headers. If you have SA installed, the dspam information goes to waste. That is unless you take advantage of this plugin. Using dspam’s results, this module adds a tag/token to the message that SA picks up and based on the score you assign it in the ruleset configuration file, it adds/subtracts that score.

To use this module, put the perl module in /usr/share/perl5/Mail/SpamAssassin/Plugin/ (or wherever your SA Plugin dir is). Put the config file (dspam.cf) with the rest of the SpamAssassin config files (usually located in /etc/spamassassin). First, edit the local.cf file and add the following line anywhere in the file:
include dspam.cf

Next, edit the init.pre file and add the following line anywhere near the other lodplugin lines (Note: This should be the Perl @INC path to the location that you put your dspam.pm plugin):

loadplugin Mail::SpamAssassin::Plugin::dspam

Then edit the dspam.cf and put your desired values for each of the hits. Start low to see how the response is and watch your logs closely.

I have also found it handy to create METAs that where SA reads a message as BAYES_99 and dspam reads a message as DSPAM_SPAM_99 add a substantial amount of points. The same goes for the reverse, if SA reads a message at BAYES_00 and dspam reads that same message at DSPAM_HAM_99, then subtract a substantial number of points.

Links:
This SpamAssassin plugin is listed on the SpamAssassin Wiki Custom Plugins page.


SpamAssassin extra rules/scripts
http://www.sanesecurity.com/clamav/usage.htm
http://taint.org/2007/08/15/004348a.html
[[Sun L1000]]
[[IOPS]]
[[Dell MD3000i]]
711227
default from ATL for L1000 and L1800 
|Name | Number | Type | Casting Cost | Summary |
|>|>|>|>|>| ''Black'' |
| Demonic Tutor | 1 | Sorcery | 1B | Search library for one card and put in hand |
|>|>|>|>|>| @@color(green):''Green''@@ |
| Regrowth | 1 | Sorcery | 1@@color(green):G@@ | Take 1 card from graveyard and put in hand |
|>|>|>|>|>| @@color(red):''Red''@@ |
| Red Elemental Blast | 2 | Instant | @@color(red):R@@ | Counters blue spell or destroys blue card in play |
|>|>|>|>|>| @@color(blue):''Blue''@@ |
| Mana Drain | 2 | Interrupt | @@color(blue):UU@@ | Counter target spell, gain X colorless mana next turn; x = casting cost of countered spell |
| Counterspell | 1 | Interrupt | @@color(blue):UU@@ | Counter target spell |
| Ancestral Recall | 1 | Instant | @@color(blue):U@@ | Target player draws three cards |
| Amnesia | 1 | Sorcery | 3@@color(blue):UUU@@ | Look at players hand, player discards all non-land cards |
| Recall | 1 | Sorcery | XX@@color(blue):U@@ | discard X cards, draw X cards from graveyard, remove recall from game |
| Braingeyser | 1 | Sorcery | X@@color(blue):UU@@ | Target player draws X cards |
| Dissipate | 3 | Interrupt | 1@@color(blue):UU@@ | Counter target spell, remove it from game |
| Time Walk | 1 | Sorcery | 1@@color(blue):U@@ | Take one extra turn |
| Time Twister | 1 | Sorcery | 2@@color(blue):U@@ | shuffle hand, graveyard, library, redeal 7 new cards |
|>|>|>|>|>| ''Land'' |
| Maze Of Ith | 1 | Land |>| Target attacking creature becomes untapped, no damage done |
| Library Of Alexandria | 1 | Land |>| Tap to draw one card, only if you have 7 in hand |
| Strip Mine | 4 | Land |>| 1 colorless mana, or destroy target land |
| Volcanic Island | 2 | Land |>| 1 @@color(blue):U@@ or 1 @@color(red):R@@ mana |
| Tundra | 4 | Land |>| 1 @@color(blue):U@@ or 1 W mana |
| Island | 4 | Land |>| 1 @@color(blue):U@@ mana |
| Plains | 3 | Land |>| 1 W mana |
|>|>|>|>|>| ''Artifact'' |
| Black Lotus | 1 | Mono Artifact | 0 | Add 3 mana of any color |
| Mox Emerald | 1 | Mono Artifact | 0 | Add 1 @@color(green):G@@ mana |
| Mox Perl | 1 | Mono Artifact | 0 | Add 1 W mana |
| Mox Jet | 1 | Mono Artifact | 0 | Add 1 B mana |
| Mox Ruby | 1 | Mono Artifact | 0 | Add 1 @@color(red):R@@ mana |
| Mox Saphire | 1 | Mono Artifact | 0 | Add 1 @@color(blue):U@@ mana |
| Disrupting Scepter | 2 | Mono Artifact | CCC | Oponent discards card of choice, only during controllers turn |
| Mirror Universe | 1 | Mono Artifact | CCCCCC | Switch life totals with oponent |
| Sol Ring | 1 | Mono Artifact | C | 2 C mana |
| Jayemdae Tome | 1 | Mono Artifact | CCCC | 4C, Draw a card |
| Ivory Tower | 1 | Continuous Artifact | C | Gain 1 life for each card in hand above 4 |
|>|>|>|>|>| ''White'' |
| Disenchant | 4 | Instant | 1W | Destroy artifact or enchantment |
| Moat | 2 | Enchantment | 2WW | Non-flying creatures can't attact |
| Serra Angel | 2 | Summon Angel | 3WW | Flying, non-tapping |
| Swords To Plowshares | 4 | Instant | W | Target creature is removed from game, controller gains life equal to power |

|>|>|>|>|>| Sideboard |
| Name | Number | Type | Casting Cost | Summary |
|>|>|>|>|>| ''Artifact'' |
| Feldon's Cane | 1 | Mono Artifact | C | |
| Disrupting Scepter | 1 | Mono Artifact | CCC | Target Oponent chooses and discards one card, only used during controllers turn |
| Jayemdae Tome | 1 | Mono Artifact | CCCC | Controller draws 1 card |
|>|>|>|>|>| @@color(red):''Red''@@ |
| Red Elemental Blast | 2 | Instant | @@color(red):R@@ | Counters blue spell or destroys blue card in play |
| Blood Moon | 2 | Enchantment | 2@@color(red):R@@ | All nonbasic lands become mountains |
| Fireball | 2 | Sorcery | X@@color(red):R@@ | X damage to target(s) divided evenly |
|>|>|>|>|>| ''White'' |
| Moat | 1 | Enchantment | 2WW | Non-flying creatures can't attack |
| Divine Offering | 2 | Instant | 1W|Destroy artifact, gain life equal to casting cost |
| Circle of Protection: Red | 2 | Enchantment | 1W | Prevent all damage from a single red source |
[[Tiddly Formatting|Tiddly_Formatting]]
<html>
<iframe height = "100%" width = "100%" src = "http://tiddlywiki.org/wiki/TiddlyWiki_Markup">
</html>
If you, like me, come from a strong UNIX background, then I think you’ll really enjoy the following tip. By default, the OS X boot sequence is hidden from the user. This doesn’t sit well with me and so I’ve sought out a way to make it show me exactly what was going on (instead of simply showing the small Apple logo and the rotating circle).

You can do one of two things. If you occasionally want to see the bootup sequence, then simply hold down cmd-V after you’ve hit the power button (until you see text on the screen). If you’d like to enable this verbose output each time your machine boots, then execute the following command from a terminal:

sudo nvram boot-args="-v"
I used this on CentOS 5.2 under vmware.
In CentOS 5.2 installation i chosed development tools and untick everything other (except some editors).
For the disk configuration i deleted suggested LVM/PVM (very important) and make my own hda2 and hda3 partition (hda1 is boot,100mb), hda2 is swap of 512mb, hda3 is rest of 8gb image i chosed in vmware.
Then, after the install and boot i downloaded 2.6.26.5 kernel (latest) in the /usr/src/kernels/ and extract it with tar xvfj linux-2.6.26.6.bz2.
I then get the bigphysarea patch from here:
http://www.feise.com/~jfeise/Downloads/zr36120/bigphysarea-2.6.26.diff
and put it into the extracted linux directory (linux-2.6.26.5).
Then, i run patch -p1 < bigphysarea-2.6.26.diff.
After that i do
cp /boot/config-2.6.18-92.el5 /usr/src/kernels/linux-2.6.26.5/.config
make menuconfig
Here i ticked the “Support for big physical area reservation” and unticked all unneded stuff like linux video, sound, bluetooth, wireless etc…
I also unticked to build relocable kernel and 64bit support)
(relocable kernel cannot be built for some reason and 64bit support is incompatible with bigphysarea patch, and if you miss my instructions about lvm, kernel wouldn’t recognize it - no lvm support).
I then saved the config and do
make all
make install
make modules_install
Then with “nano /boot/grub/grub.conf” i edited the file and added one line above other boots:
title Cisco_ASA (8.02)
root (hd0,0)
kernel /vmlinuz_asa root=/dev/hda3 rw console=tty0 console=ttyS0,9600n8 auto nousb ide1=noprobe bigphysarea=16384 hda=980,16,32
initrd /asa802-k8
Then i did:
mkdir /asa
cd /asa
and downloaded and extracted the ASA image from here:
http://rs7l34.rapidshare.com/files/39992741/dl/802.zip
doing wget http://rs7l34.rapidshare.com/files/39992741/dl/802.zip
unzip 802.zip
hexdump -C asa802-k8.bin > asa802-k8.hd
grep “1f 8b 08 00 1d” asa802-k8.hd
ls -la asa802-k8.bin
tail -c 13334352 asa802-k8.bin > asa802-k8.gz
gzip -d asa802-k8.gz
mkdir /asa_mount
cd /asa_mount
cpio -i –make-directories < ../asa/asa802-k8
In /asa_mount directory i got all files extracted
Then i copied the file asa802-k8 to /boot (there the centos is holding the boot files, like kernel) with
cp /asa/asa802-k8
cp /asa_mount/vmlinuz /boot

That’s all for the linux.
Now i downloaded vmwaregateway.exe and started it with:
vmwaregateway.exe -t
Then connected to it with putty: localhost, port 567
In VMWARE configuration on serial ports i put:
* Use named pipe
\\.\pipe\vmwaredebug
This end is client
Other end is application
* Yield cpu….
Then i started the centos and under grub i chosed the first configuration
Cisco_ASA (8.02)
I got only Uncompressing kernel…
But in the putty window i got all the output.
That’s all.
 cloned_interfaces="lagg0 vlan0 vlan1"
ifconfig_em0="up"
ifconfig_em1="up"
ifconfig_lagg0="laggproto failover laggport em0 laggport em1 up"
ifconfig_vlan0="vlan 2 vlandev lagg0 up"
ifconfig_vlan1="vlan 3 vlandev lagg0 up"
ifconfig_vlan0_alias0="inet 192.160.132.20/24"
ifconfig_vlan0_alias1="inet 192.160.132.22/24"
ifconfig_vlan0_alias2="inet 192.160.132.23/24"
ifconfig_vlan0_alias3="inet 192.160.132.24/24"
ifconfig_vlan0_alias4="inet 192.160.132.25/24"
ifconfig_vlan0_alias5="inet 192.160.132.26/24"
ifconfig_vlan0_alias6="inet 192.160.132.27/24"
ifconfig_vlan0_alias7="inet 192.160.132.28/24"
ifconfig_vlan0_alias8="inet 192.160.132.29/24"
ifconfig_vlan0_alias9="inet 192.160.132.30/24"
ifconfig_vlan0_alias10="inet 192.160.132.31/24"
ifconfig_vlan0_alias11="inet 192.160.132.32/24"
ifconfig_vlan0_alias12="inet 192.160.132.33/24"
ifconfig_vlan0_alias13="inet 192.160.132.34/24"
ifconfig_vlan1_alias0="inet 192.168.1.41/24"
ifconfig_vlan1_alias1="inet 172.16.0.20/24"
Default IP 192.168.1.246, doesn't give any indication that it's on the network, not accessible for several minutes (5-10)
Default login "" password "admin"
Default IP 192.168.1.1
Default login "" password "admin"
Default IP 192.168.1.1
Default login "" password "admin"
[[Amazon List|http://www.amazon.com/gp/registry/registry.html?ie=UTF8&type=wishlist&id=2EK9KTI5GFYQ3"]]

<html>
<!--
''Photography''
Full frame [[Sensor cleaner|http://www.amazon.com/Digital-Survival-PRO-KIT-Eclipse/dp/B001B6DLTE]]
[[EF 70-200mm f/2.8L IS II USM|http://www.amazon.com/Canon-70-200mm-II-Telephoto-Cameras/dp/B0033PRWSW/ref=sr_1_1?ie=UTF8&qid=1290828989&sr=8-1]]

''Tools''
[[Screwdriver set|http://www.skhandtool.com/products/screwdrivers/product.aspx?ID=4589&view=view]]
[[Parts container|http://prostores2.carrierzone.com/servlet/viewtainercom/Detail?no=4]] - Any color, split-top, qty. 10

''Misc''
[[RFID blocking CC sleeves|http://www.idstronghold.com/Credit-Card-RFID-Blocking-Sleeves/products/5/]]
[[Garden Gnome|http://www.etsy.com/listing/82863548/unpainted-combat-garden-gnome-in]]

''Shirts''

''Computer''

''Phone''

''Guns''

''Movies/TV''

''Music''
[[Loreena McKennitt - An Ancient Muse|http://www.amazon.com/Ancient-Muse-Loreena-McKennitt/dp/B000J3EEBY/ref=sr_1_1?ie=UTF8&s=music&qid=1257180934&sr=8-1]]
[[Loreena McKennitt - Mediterranean Odyssey|http://www.amazon.com/Mediterranean-Odyssey-Loreena-McKennitt/dp/B002MTTZ6M/ref=sr_1_3?ie=UTF8&s=music&qid=1265866827&sr=8-3]]
[[Loreena McKennitt - The Visit|http://www.amazon.com/Visit-Loreena-McKennitt/dp/B000J233U8/ref=ntt_mus_ep_dpi_lnk]]
[[Loreena McKennitt - The Mask and Mirror|http://www.amazon.com/Mask-Mirror-Loreena-McKennitt/dp/B000J233TE/ref=sr_1_5?ie=UTF8&s=music&qid=1265866827&sr=8-5]]
[[Dubai Chill Lounge 1|http://www.amazon.com/Dubai-Chill-Lounge/dp/B001W35LSU/ref=sr_1_2?ie=UTF8&s=dmusic&qid=1256011020&sr=8-2]]
[[Dubai Chill Lounge 2|http://www.amazon.com/Dubai-Chill-Lounge-Vol-2/dp/B000BV5SH8/ref=sr_1_1?ie=UTF8&s=music&qid=1256011020&sr=8-1]]
[[Dubai Chill Lounge 3|http://www.amazon.com/Dubai-Chill-Lounge-Vol-3/dp/B000GUJZXM/ref=sr_1_3?ie=UTF8&s=music&qid=1256011020&sr=8-3]]
[[Asskickers|http://cdbaby.com/cd/asskickers]]
[[Macao Cafe: Balearic Lounge Collection, Vol. 1|http://tinyurl.com/685xzh]]
[[Macao Cafe: Balearic Lounge Collection, Vol. 2|http://tinyurl.com/6qf35v]]
[[Macao Cafe: Balearic Lounge Collection, Vol. 4|http://tinyurl.com/64glmh]]
[[Macao Cafe: Balearic Lounge Collection, Vol. 3|http://tinyurl.com/567usa]]
[[Café del Mar, Vol. 1|http://tinyurl.com/565b7k]]
[[Café del Mar, Vol. 2|http://www.amazon.com/Café-del-Mar-Ibiza-Vol/dp/B0000074XB/ref=sr_1_1?ie=UTF8&s=music&qid=1255899471&sr=8-1]]
[[Café del Mar, Vol. 3|http://tinyurl.com/6aa97c]]
[[Café del Mar, Vol. 4|http://www.amazon.com/Cafe-Del-Mar-%28Series%29/e/B000AQ3W3Q/ref=ntt_mus_gen_pel]]
[[Café del Mar, Vol. 5|http://tinyurl.com/6gbvuo]]
[[Café del Mar, Vol. 6|http://tinyurl.com/6dbj4y]]
[[Café del Mar, Vol. 7|http://tinyurl.com/5gd5zt]]
[[Café del Mar, Vol. 8|http://tinyurl.com/5khv2b]]
[[Café del Mar, Vol. 9|http://tinyurl.com/65jqty]]
[[Café del Mar, Vol. 10|http://tinyurl.com/6ez8y7]]
[[Café del Mar, Vol. 11|http://www.amazon.com/Cafe-Del-Mar-Volumen-Once/dp/B00026WSUW/ref=sr_1_1?ie=UTF8&s=music&qid=1255899529&sr=8-1]]
[[Café del Mar, Vol. 12|http://www.amazon.com/Café-del-Mar-Volumen-Doce/dp/B0009JM3WA/ref=sr_1_1?ie=UTF8&s=music&qid=1255899562&sr=8-1]]
[[Café del Mar, Vol. 13|http://tinyurl.com/6c69ba]]
[[Café del Mar, Vol. 14|http://tinyurl.com/5n89tc]]
[[Café del Mar, Vol. 15|http://tinyurl.com/5b9fug]]
[[Buddha Bar 1|http://www.amazon.com/Buddha-Bar-Claude-Challe/dp/B00009XBYK/ref=sr_1_1?ie=UTF8&s=music&qid=1255899585&sr=8-1]]
[[Buddha Bar 2|http://www.amazon.com/Buddha-Bar-Vol-II-Claude-Challe/dp/B00004TRET/ref=sr_1_4?ie=UTF8&s=music&qid=1255899585&sr=8-4]]
[[Buddha Bar 3|http://tinyurl.com/6n527j]]
[[Buddha Bar 4|http://tinyurl.com/65ay35]]
[[Buddha Bar 5|http://tinyurl.com/5k5t2y]]
[[Buddha Bar 6|http://tinyurl.com/67o9xg]]
[[Buddha Bar 7|http://tinyurl.com/679mzw]]
[[Buddha Bar 8|http://tinyurl.com/55fq65]]
[[Buddha Bar 9|http://tinyurl.com/62mdzy]]
[[Buddha Bar 10|http://tinyurl.com/5rggux]]
[[Buddha Bar|http://tinyurl.com/5mnpb8]]
[[Buddha Bar Vol. II|http://tinyurl.com/6lkx69]]
[[Buddha Bar Vol. III|http://tinyurl.com/6xrah2]]
[[Ultra.Dance 05|http://tinyurl.com/dz7a4w]]
[[Ultra.Chilled 04|http://tinyurl.com/bjjzls]]
[[Ultra.Chilled 05|http://tinyurl.com/cks789]]
[[Ultra.Trance 05|http://tinyurl.com/bbvtr7]]
[[Ultra.Trance 07|http://tinyurl.com/bcdg8o]]
[[Ultra.Trance 08|http://tinyurl.com/bcdg8o]]
Acoustic Soul
Beneath The Surface
Surrender: The Unexpected
KMFDM: Angst
KMFDM: UAIOE
KMFDM: What Do You Know Deutschland?
KMFDM: Don't Blow Your Top
KMFDM: Naive/Hell To Go
Grace: If I Could Fly
Paul Oakenfold: Bust A Groove
Journeys By DJ: Paul Oakenfold
Global Underground: Oslo
A Voyage Into Trance (Deluxe)
Paul Oakenfold: Perfecto Collection 2
Perfecto Presents... Paul Oakenfold: Great Wall
Resident: 2 Years Of Paul Oakenfold At Cream
Starry Eyed Surprise (Enhanced)
Paul Oakenfold: Travelling
Paul Oakenfold: Ny (V.7)
Perfecto Chills Vol. 1
Southern Sun (Enhanced)
Andrea Bocilli: Sueno

''Books''


''Legos''
(links are for reference of what set looks like)

''Idea Books''
[[Idea Book 226|http://www.bricklink.com/catalogItem.asp?B=226]]
[[Idea Book 250|http://www.bricklink.com/catalogItemPic.asp?B=250]]
[[Idea Book 260|http://www.bricklink.com/catalogItemPic.asp?B=260]]
[[Idea Book 6000|http://www.bricklink.com/catalogItem.asp?B=6000]]
[[Idea Book 697|http://www.bricklink.com/catalogItem.asp?B=697]]
[[Idea Book 7777|http://www.bricklink.com/catalogItem.asp?B=7777]]
[[Idea Book 8888|http://www.bricklink.com/catalogItem.asp?B=8888]]
[[Idea Book 8889|http://www.bricklink.com/catalogItem.asp?B=8889]]
[[Idea Book 8890|http://www.bricklink.com/catalogItem.asp?B=8890]]
[[Idea Book 8891|http://www.bricklink.com/catalogItem.asp?B=8891]]
[[Idea Book B506|http://www.bricklink.com/catalogItem.asp?B=B506]]

''Expert Builder''
[[Tractor Set #952|http://www.bricklink.com/catalogItem.asp?S=952-1]]
[[Motorcycle #8857|http://www.bricklink.com/catalogItem.asp?S=8857-2]]
[[Go-Cart #948|http://www.bricklink.com/catalogItem.asp?S=948-1]]
[[Engine #8858|http://www.bricklink.com/catalogItem.asp?S=8858-2]]
[[Auto Chassis #8860|http://www.bricklink.com/catalogItem.asp?S=8860-1]]
[[Power Truck #8848|http://www.bricklink.com/catalogItem.asp?S=8848-1]]
[[Bulldozer #951|http://www.bricklink.com/catalogItem.asp?S=951-1]]
[[Auto Car Chassis #853 |http://www.bricklink.com/catalogItem.asp?S=853-1]]
[[Auto Car Chassis #8860 |http://www.bricklink.com/catalogItem.asp?S=8860-1]]
[[Backhoe #8862|http://www.bricklink.com/catalogItem.asp?S=8862-1]]
[[Airtech Claw Rig #8868|http://www.bricklink.com/catalogItem.asp?S=8868-1]]
[[Whirlwind Rescue #8856|http://www.bricklink.com/catalogItem.asp?S=8856-1]]
[[Universal Building Set #8034|http://www.bricklink.com/catalogItem.asp?S=8034-1]]
[[Mobile Crane #8421|http://www.bricklink.com/catalogItem.asp?S=8421-1]]
[[Pneumatic Backhoe #8455|http://www.bricklink.com/catalogItem.asp?S=8455-1]]
[[Pneumatic Forklift #8843|http://www.bricklink.com/catalogItem.asp?S=8843-1]]

''Space''
Galaxy Explorer #928 http://www.bricklink.com/catalogItem.asp?S=928-1
Space Cruiser #487 http://www.bricklink.com/catalogItem.asp?S=487-1
Space Command Center #926 http://www.bricklink.com/catalogItem.asp?S=926-1
Transport Ship #924 http://www.bricklink.com/catalogItem.asp?S=924-1
Alpha-1 RocketBase #483 http://www.bricklink.com/catalogItem.asp?S=483-1
Space Set #1593 http://www.bricklink.com/catalogItem.asp?S=1593-1
Mobile Tracking Station #452 http://www.bricklink.com/catalogItem.asp?S=452-1
One Man Space Ship #918 http://www.bricklink.com/catalogItem.asp?S=918-1
Space Station #6970 http://www.bricklink.com/catalogItem.asp?S=6970-1

''Universal Sets''
Universal Motorized Building Set #744 http://www.bricklink.com/catalogItem.asp?S=744-1
Universal Building Set #733 http://www.bricklink.com/catalogItem.asp?S=733-1

''Brick Arms''
Black Bandit http://brickarms.com/Toys/Minifigs/Bandit_Black.aspx
Gray Bandit http://brickarms.com/Toys/Minifigs/Bandit_Gray.aspx
White Bandit http://brickarms.com/Toys/Minifigs/Bandit_White.aspx
WW2 US Marine Sargent http://brickarms.com/Toys/Minifigs/WW2_US_Marine_Sargent.aspx
WW2 US Sargent http://brickarms.com/Toys/Minifigs/WW2_US_Sargent.aspx
Spy Bond http://brickarms.com/Toys/Minifigs/SpyBond.aspx
Colonial Marine http://brickarms.com/Toys/Minifigs/ColonialMarine.aspx
WW2 German SS Major http://brickarms.com/Toys/Minifigs/WW2_German_SS_Major.aspx
WW2 German Colonel http://brickarms.com/Toys/Minifigs/WW2_German_Colonel.aspx
WW2 German Soldier Grenadier http://brickarms.com/Toys/Minifigs/WW2_German_Soldier_Grenadier.aspx
WW2 German Soldier Gunner http://brickarms.com/Toys/Minifigs/WW2_German_Soldier_Gunner.aspx
WW2 German Soldier PanzerGren http://brickarms.com/Toys/Minifigs/WW2_German_Soldier_PanzerGren.aspx
Arsenal Pack http://brickarms.com/Toys/Weapons_Packs/Arsenal_Pack.aspx
-->
</html>
htaccess for wp-admin
<<<
# These are the lines that do the password protection.
# You probably already created them while reading through the tutorial linked above.
AuthUserFile /path/to/your/htpasswd
AuthType basic
AuthName "Restricted Resource"
require valid-user # This is the whitelisting of the ajax handler
<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any 
</Files>
<<<
<html>
<a href="http://ipv6.he.net/certification/scoresheet.php?pass_name=lkowolowski" target="_blank"><img src="http://ipv6.he.net/certification/create_badge.php?pass_name=lkowolowski&badge=3" width=229 height=137 border=0 alt="IPv6 Certification Badge for lkowolowski"></img></a>
</html>
[[Consulting]]

[[Hosting]]

[[CV|http://www.cryptomonkeys.org/~louisk/cv/]]

[[Security|SecurityNotes]]
Before starting the OS install

    * Setup raid groups as such:
          ** 2 disks in RAID1 for OS install
          ** all remaining disks setup in RAID10 for VMs
    * Be sure to install the x86_64 (64 bit) version of Centos, it will allow both 64 and 32-bit VMs to run at the same time.

OS Install / Disk layout

    * sda is the RAID1 disks.
          ** sda1 is 100MB, mounted at /boot, formatted as ext2 or ext3. Also make sure it is set as a primary partition in the options.
          ** sda2 is the same size as the RAM installed on the machine, formatted as swap and primary partition
          ** sda3 is the remaining space, mounted at /, formatted as ext3 and primary partition

    * sdb is the RAID10 disks.
          ** DO NOT FORMAT OR OTHERWISE USE THIS DISK AT THIS TIME

OS Install / Installation options

    * Be sure to check the "Virtualization" option during the install process.

Post Install / Prepping LVM

    * Run "yum update" to update all packages
          ** This process can take quite some time.
    * To prep sdb for LVM, run pvcreate /dev/sdb
          ** Output should tell of some success
    * Create the volume group: vgcreate <insert shortname of machine here> /dev/sdb
         ** ie: vgcreate xenpod02 /dev/sdb on xenpod02.pgp.com
    * Create a logical volume for the VM: lvcreate -L<size in GB>G -n <name of VM> <machine name from above>
          ** ie: lvcreate -L50G -n tinderwin8c xenpod02
    * The path layout for accessing the LV is: /dev/<machine name>/<VM name>
          ** ie: /dev/xenpod02/tinderwin8c
    * For xen configuration files, you can also use the following path: /dev/mapper/<machine name>-<VM name>
          ** ie: /dev/mapper/xenpod02-tinderwin8c

Post Install / OS Install

    * Visit http://wiki.centos.org/HowTos/Xen/InstallingCentOSDomU for some ideas


pvcreate /dev/foo
vgcreate volName /dev/foo

Yum repo for new(er) Xen (3.3.x): http://www.gitco.de/repo/

http://jailtime.org/download:centos:v5.2 for images
Recommended reading:

[[FreeBSD|http://www.freebsd.org]]'s [[ZFS|http://wikipedia.org/wiki/ZFS]] [[wiki|http://wiki.freebsd.org/ZFS]]
[[Sun|http://www.sun.com]]'s [[OpenSolaris|http://www.opensolaris.org/os/]] [[ZFS|http://www.opensolaris.org/os/community/zfs/]]

How to install FreeBSD 7.0 under ZFS

ZFS is an exciting new file system developed by Sun and recently ported to FreeBSD. Many people are excited by the possibilities of ZFS (including us) as it promises to simplify a great many things. It offers:

    * increased reliability through checksums, multiple copies of data and self-healing RAID
    * elimination of that dreaded “oh, if only I’d made the /var partition larger” feeling. Partitions can now be resized at any time and in fact can each be allocated up to the full size of the storage media.
    * built-in compression and encryption
    * built-in NFS file sharing
    * clean, easy to use toolset for creating storage pools, volumes and much more
    * snapshots and rollbacks for backups

Read more about some of the powerful commands here
Installing ZFS on FreeBSD

Since it is early days for ZFS on BSD, the installer doesn’t yet support ZFS natively. So there are a few tricks to getting it up and running. Also, you cannot boot directly from a ZFS partition since adding that functionality to the boot loader in FreeBSD is a huge undertaking.
Step One: installing FreeBSD

    * Boot up on the FreeBSD Current 7.0 CD
    * Choose Country and Locale
    * Go Custom install
    * Partition fdisk with Auto option (one slice, whole disk)
    * Disklabel with options

  A: 512Mb   UFS2  /
  B: swap
  D: rest of disk

To create D you’ll need to enter any mount point you want and then use the M option to clear it. This ensures that it will not mount or be created as a file system.
* Distribution choose Minimal install
* Media Select CD/DVD

System will install to the small 512Mb UFS root partition you created.
Step Two: creating the ZFS pool

    * Once installation is complete, remove CD and reboot into our new FreeBSD system.
    * Boot into FreeBSD partition and select “4” for single user mode.
    * Hit ENTER to accept /bin/sh shell.

# mount -w / 

Now create a Disk pool using the D label we prepared during the install. In this example we have a SATA disk at ad4.

# zpool create tank /dev/ad4s1d

Firstly stop ZFS from creating default mountpoints for shares

# zfs set mountpoint=none tank

Create some extra/common mountpoints

# zfs create tank/root
# zfs create tank/usr
# zfs create tank/var
# zfs create tank/tmp

Now set the mountpoints of the shares

# zfs set mountpoint=/tank tank/root
# zfs set mountpoint=/tank/usr tank/usr
# zfs set mountpoint=/tank/var tank/var
# zfs set mountpoint=/tank/tmp tank/tmp

Have a look to what we have done

#df -h

#zfs list

Beautiful isn’t it? :)

Edit /etc/rc.conf and enable ZFS

# echo 'zfs_enable="YES"' >> /etc/rc.conf

Now copy the UFS bootable slice to the ZFS mountpoint. This gives us a workable FreeBSD installation under ZFS.

# find -x / | cpio -pmd /tank 

(you can ignore any errors here if you get them)
Step Three: solving the ZFS boot problem

The problem which remains is that FreeBSD will not be able to boot directly into ZFS since the bootloader doesn’t know anything about ZFS. So a little trick is that we put the kernel onto /boot which lives on the UFS partition. This gets the system running to the point where ZFS can be mounted and the rest of the boot proceeds.

Remove the /tank/boot just copied over from the UFS system:

# rm -rf /tank/boot

Now make the directory in which our UFS partition will be mounted. This will be useful later on when we want to update the contents of that slice from a running system. We also need to make sure that when the ZFS is booting up it can see the UFS bootdir.

# mkdir /tank/bootdir
# cd /tank
# ln -s bootdir/boot boot

Now we tell the loader on the UFS slice to load and boot from the contents of the ZFS volume:

# echo 'zfs_load="YES"' >>  /boot/loader.conf
# echo 'vfs.root.mountfrom="zfs:tank/root"'  >>  /boot/loader.conf

Edit /tank/etc/fstab so our UFS slice is mounted in the right location for when ZFS boots.

/dev/ad4s1a  /bootdir        ufs     rw      1       1 

When we reboot in a minute, we want the ZFS tank to mount in /var /usr /tmp and/ and not within the /tank location it is now. So set the true mountpoints:

# zfs set mountpoint=/tmp tank/tmp
# zfs set mountpoint=/usr tank/usr
# zfs set mountpoint=/var tank/var

Set root mount point to ’legacy’ so ZFS won’t try to mount it automatically. It should already have been mounted by the loader:

# cd /
# zfs set mountpoint=legacy tank/root

All Done!

Reboot and login as root. df -h and zfs list and you will see everything.

# df -h
Filesystem          Size     Used     Avail Capacity  Mounted on
tank/root           282G     454M     281G      0%    /
devfs               1.0K     1.0K     0B      100%    /dev
/dev/ad4s1a         496M     317M     139M     69%    /bootdir
tank/tmp            281G     1.1M     281G      0%    /tmp
tank/usr            287G     5.7G     281G      2%    /usr
tank/var            281G      76M     281G      0%    /var

# zfs list
NAME       USED  AVAIL  REFER  MOUNTPOINT
tank       6.27G  281G     454M    none
tank/root  16.2M  51.3G  16.2M  legacy
tank/tmp   1.10M  281G     1.10M    /tmp
tank/usr    5.75G  281G     5.75G    /usr
tank/var   75.5M  281G     75.5M    /var

All is done. :) Basic install completed. At this point you might want to install a more complete version of FreeBSD, install the ports system or anything else you normally do.
Creating a Mirror

That was pretty exciting.

Now let’s say that we have some important data on that drive and we are pretty keen not to lose it. So, let’s add another drive as a mirror under ZFS. In some ways this is even superior to a hardware RAID setup since ZFS is able to monitor the checksums on the disk and automatically detect which of the two drives has corrupted a block of data, transparently using the other and repairing if necessary.

    * Install the HDD and boot up on the system.
    * Login as root
    * Run sysinstall
    * Enter Custom Install
    * Partition fdisk with Auto option (one slice, who disk) and press ’w’ to write changes
    * Label with options

  A: 512Mb   /
  B: swap
  D: rest of disk empty (for zfs later) 

and once again, press ’w’ to save changes and state ’YES’ to the question it asks you about applying now. You’ll need to make this identical to the labels on the first drive.
* Exit sysinstall.

Check out what we have:

#zpool status

Add the 2nd drive to our mirror (our second drive comes up as ad6)

# zpool attach tank ad4s1d ad6s1d
# zpool status

and it will now show the two HDD’s in a mirror

  pool: tank
 state: ONLINE
 scrub: none requested
config:

        NAME        STATE     READ WRITE CKSUM
        tank        ONLINE       0     0     0
          mirror    ONLINE       0     0     0
            ad4s1d  ONLINE       0     0     0
            ad6s1d  ONLINE       0     0     0

errors: No known data errors

Now we have a mirror, but if we lose the first drive we will need the contents of the UFS slice copied to the second drive in order to reboot.

# newfs /dev/ad6s1a
# mkdir /mnt/bootdir
# mount /dev/ad6s1a /mnt/bootdir
# find -x /bootdir | cpio -pmd /mnt

This gives us another ready to use system on the 2nd HDD in case we have a failure on the 1st HDD with all the necessary zfs tools to move forward.
/boot/Loader.conf tweaks

As you know, ZFS within Freebsd is and Experimental system and there are still some bugs to iron out, if the system has so much disk access you crash, you can kernel panic with “kmem_suballoc” you can fix this by placing the following in /boot/loader.conf.

vm.kmem_size_max=”512M”
vm.kmem_size=”512M”
vfs.zfs.zil_disable=1

The amount for the kmem size is up to you but if you make sit too large you will kernel panic on boot up.
Disaster recovery

(Maybe necessary if you have just completed the before mentioned tweaks and rebooted)

With the way we have setup our system if the ZFS fails to boot or function for whatever reason we can still boot off the original minimal install at any time. To do this do the following:

    * Boot up
    * Choose #6 (Escape to Loader Prompt) at the boot menu.
    * Suppress the mounting of the ZFS volumes like this and disable the zfs module:

# unset vfs.root.mountfrom
# disable-module zfs

    * Suppress of kmem sizes

# unset vm.kmem_size
# unset vm.kmem_size_max

    * Single user mode and boot

# set boot_single
# boot

    * Login

and edit the /boot/loader.conf as necessary

# df -h
# zpool list

You will notice that it has not picked up the ZFS drives or the pool. Never fear we can import it!

#zpool import -d /boot/zfs

This loads the zpool data so the libraries can find the information it needs, now we need to import our pool using an alternate root.

#zpool import -f -R /tank tank

And check out that it has worked.

# df -h
# zpool list

Useful Commands

Create a mirror

#zpool create -m /usr/local/www/ mirror <mirror name> ad4s1g ad6s1g

Show available pool/resources

#zfs list

Show Status of Disk/pool

#zfs status

Changing Mount points for created resources

#zfs set mountpoint=/<mountpoint> <pool resources>

Data Limiting

# zfs set quota=10g testpool/testfs/dir1

(logically limits space)

# zfs set reservation=20g testpool/testfs/dir2

(logically preallocates space)

Unloading a kernel and choosing another one (in the boot loader mode)

''Upgrading'' (such as 7.x -> 8.x)
* Follow steps in /usr/src/UPDATING
* buildworld/kernel
* reboot single user
* mount -o rw tank/root /
* mount -t zfs tank/usr /usr
* mount -t zfs tank/var /var
* cd /usr/src
* mergemaster -U -u 0022 -p
* rm -fr /usr/include.old && date && mv /usr/include{,.old} && date
* make NO_FSCHG=yes installworld
* make delete-old
* mergemaster -U -u 0022 -i
* reboot


# unload kernel
# boot/boot/kernel.old/kernel
--------------------------------

Replacing a failed drive

zpool replace tank <disk>
zpool status

--------------------------------
Ok... 
the scripts are at: 
http://dist.k1.com.br/scripts/baselist_amd64 
http://dist.k1.com.br/scripts/baselist_i386 
http://dist.k1.com.br/scripts/makebootdisk 
http://dist.k1.com.br/scripts/zfsetup 

install these scripts on /root 

makebootdisk: 
formats the disk (or usb stick) at da0,da1...) make a bsdlabel on it 
and using the baselist file, copies the running system files into the 
USB 
it will work on FreeBSD versions greater 7.0 
this way the usb is bootable, have a filesystem on it. 
the same root password... 
you can fix the files /etc/rc.conf, /boot/loader.conf in the usb 
filesystem in 
order for it to boot from your kernel. 
remeber to check for an "a" partition on your usb stick 

the script needs to have access to install bash (pkg_add -r bash) so it 
needs internet of a package repository with bash in it. 

Once boot from your usb stick, you can do the same procedure to 
transport the running system to another disk 
if you intend to make a zfs running filesytem on the target disk (hd) 
make the disklabel (bsdlabel) this way 
a: 1gb 16 unused 
b: 4gb * swap 
d: * * unused 
that is: 
a partition 1gb at offset 16 
b swap partition 4gb after partion A 
d: the rest of the disk (this will hold the zpool). 

the makebootdisk will install a running system on A (about 300mb...) 


ZFSETUP 
is a script that, when boot from the hd created with makebootdisk 
moves the running system (booted from "a" partition) to the the zfspool 
created, in the "d" partition mentioned above.. 
it edits the loader.conf in order to boot on zfs.. in order to boot 
from 

After that, you are running on ZFS... 
Make sure you compile with --enable-mfd-rewrites to allow for 64bit counters
(This will keep network graphs from going above ~120Mbit)
''Setup''

------------------------
''Replacing a failed disk''

gmirror forget mirror/gm0
gmirror insert mirror/gm0 <newDisk>

------------------------
lease-file-name "/var/db/dhcpd.leases";
ddns-update-style none;
authoritative;
option agent.circuit-id 2 ;
default-lease-time 3100;        # 51 minutes.
max-lease-time 604800;          # 1 week


subnet 10.10.10.0 netmask 255.255.255.0 {
        option routers 10.10.10.1;
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.10.10.255;

        # The latest input from layer-9 required us to shift the dynamic
        # range from the top half of the subnet down to the bottom half.
        # This pool clause will elicit NAKs for the old leases while the
        # clients migrate.  Remember to remove this once they've all booted
        # once or expired.
        pool {
                range 10.10.10.12 10.10.10.127;
}
if exists agent.circuit-id
{
        log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", 
leased-ad
dress), " is connected to interface ",
        binary-to-ascii (10, 8, "/", suffix ( option agent.circuit-id, 
2)), " (a
dd 1 to port number!), VLAN ",
        binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 
2, 2)),
  " on switch ",
        binary-to-ascii(16, 8, ":", substring( option agent.remote-id, 
2, 6))));

        log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", 
leased-ad
dress),
        " raw option-82 info is CID: ", binary-to-ascii (10, 8, ".", 
option agen
t.circuit-id), " AID: ",
        binary-to-ascii(16, 8, ".", option agent.remote-id)));


Eric Anderson wrote:

> Dan Ross wrote:
>
>> Eric,
>> Thanks I have tried using that in my conf file but the original 
>> author didnt seem to know where he got his stuff for data entries.  I 
>> am struggling to even understand his logging entry in the conf file.  
>> How does one submit a mail to the isc-org.  dhcp server mailing 
>> list.  I have the entry in my conf file but no entries are added to 
>> my log file even though the server spews out an address.  Any ideas?
>
>
> Can you post your config file?  (minus any extra junk we don't need)
>
> Eric
>
>
>
>> Eric Anderson wrote:
>>
>>> Dan Ross wrote:
>>>
>>>> Hello;
>>>> I am trying to configure my freebsd ISC dhcp server to support and 
>>>> log option 82 requests.  Can anybody direct me to a how to page or 
>>>> even maybe render some assistance if they have done this before?
>>>
>>>
>>>
>>>
>>> I don't know all the details, but maybe these snippets and links can 
>>> help you:
>>>
>>> agent.circuit-id is also known as option 82
>>>
>>> http://www.archivum.info/dhcp-server%40isc.org/2005-02/msg00026.html
>>> http://www.archivum.info/dhcp-server%40isc.org/2005-06/msg00142.html
>>>
>>> man dhcp-options
>>> man dhcp-eval
>>>
>>> http://www.faqs.org/rfcs/rfc3046.html
>>>
>>> dhcpd.conf hints:
>>> Top of dhcpd.conf (you may have to do this, you may not):
>>> option agent.circuit-id code 82 = string;  # is it a string?
>>>
>>> That's all I could conjure up..
>>>
>>> Eric
>>>
<html>
<pre>
bounce_queue_lifetime = 2d
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 30
default_process_limit = 500
disable_vrfy_command = yes
html_directory = no
in_flow_delay = 0s
initial_destination_concurrency = 1000
local_recipient_maps = 
mail_owner = postfix
mailbox_size_limit = 102400000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maximal_backoff_time = 300s
maximal_queue_lifetime = 5d
message_size_limit = 52428800
minimal_backoff_time = 100s
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 168.61.15.0/24, 127.0.0.0/8
newaliases_path = /usr/local/bin/newaliases
qmgr_message_recipient_limit = 100000
queue_directory = /var/spool/postfix
rbl_reply_maps = hash:/$config_directory/rbl_reply
readme_directory = no
relay_domains = /usr/local/etc/postfix/relay
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_destination_concurrency_limit = 100
smtp_helo_timeout = 30s
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:/tmp/postfix_smtpcache
smtp_use_tls = yes
smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 10
smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/access_client,        permit
smtpd_error_sleep_time = 0
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_recipient_limit = 100000
smtpd_recipient_restrictions = permit_mynetworks,
          reject_unauth_destination,
         check_recipient_access hash:/usr/local/etc/postfix/pre_rbl_trialdisabledlist,
         check_client_access hash:/usr/local/etc/postfix/pre_rbl_whitelist,
         check_policy_service unix:private/policy,
         reject_rbl_client ST8STXEZCKZJGT8L6242848WKFQBAZH.r.mail-abuse.com,
         check_recipient_access hash:/usr/local/etc/postfix/pre_rbl_skipqillist,
         reject_rbl_client ST8STXEZCKZJGT8L6242848WKFQBAZH.q.mail-abuse.com,
         reject_unknown_sender_domain,
         warn_if_reject reject_unknown_hostname,
         warn_if_reject reject_non_fqdn_hostname,
         warn_if_reject reject_unauth_pipelining,
         warn_if_reject reject_unknown_recipient_domain,
         warn_if_reject reject_non_fqdn_recipient,
         warn_if_reject reject_unknown_client,
         warn_if_reject reject_invalid_hostname,
         warn_if_reject reject_non_fqdn_sender,
         permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = 
smtpd_soft_error_limit = 5
smtpd_timeout = 30s
smtpd_tls_CAfile = /usr/local/etc/postfix/cert/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/etc/postfix/cert/in.sjc.mx.trendmicro.com-cert.pem
smtpd_tls_key_file = /usr/local/etc/postfix/cert/in.sjc.mx.trendmicro.com-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:/tmp/postfix_smtpdcache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/random
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
parent_domain_matches_subdomains = 
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
# Cyrus-imapd
mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
</pre>
<pre>
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
disable_vrfy_command = yes
html_directory = no
local_destination_concurrency_limit = 5
local_destination_recipient_limit = 300
mail_owner = postfix
mailbox_size_limit = 102400000
mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 192.160.132.0/24, 127.0.0.0/8
parent_domain_matches_subdomains =
   debug_peer_list,
   fast_flush_domains,
   mynetworks,
   permit_mx_backup_networks,
   qmqpd_authorized_clients,
   smtpd_access_maps
readme_directory = no
smtp_destination_concurrency_limit = 100
smtp_helo_timeout = 30s
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 10
smtpd_error_sleep_time = 0
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_recipient_limit = 100000
smtpd_recipient_restrictions =
   permit_mynetworks,
   reject_unauth_destination,
   warn_if_reject reject_unknown_sender_domain,
   warn_if_reject reject_unknown_hostname,
   warn_if_reject reject_non_fqdn_hostname,
   warn_if_reject reject_unauth_pipelining,
   warn_if_reject reject_unknown_recipient_domain,
   warn_if_reject reject_non_fqdn_recipient,
   warn_if_reject reject_unknown_client,
   warn_if_reject reject_invalid_hostname,
   warn_if_reject reject_non_fqdn_sender
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = 
smtpd_soft_error_limit = 5
smtpd_timeout = 30s
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/txt.com.signed.cert.pem
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/txt.com.key.pem
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/random
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/valias
virtual_mailbox_domains = hash:/usr/local/etc/postfix/vdomains
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
virtual_transport = lmtp:unix:/var/imap/socket/lmtp
</pre>
</html>

As you have not posted your whole configuration ('postconf -n' output) that cannot be answered with certainty. It depends on whether you have set smtpd_delay_reject=no or if you are using the default behavior of postponing the evaluation of helo, client, and sender restrictions until the recipient phase. Many people don't bother splitting up the pre-data restrictions between smtpd_helo_restrictions, smtpd_client_restrictions, smtpd_sender_restrictions, and smtpd_recipient_restrictions, because of that useful default behavior.

You may run into enough trouble with reject_non_fqdn_helo_hostname (the modern name for reject_non_fqdn_hostname) due to a lot of sloppiness in the configuration of mail servers that handle wanted mail. If you deal with a lot of small to medium sized businesses outside of the IT industry, maintaining a whitelist against that rule can become a daily chore.

An alternative is check_helo_access with a regexp or pcre map. The map might look something like the one below (mine, partly sanitized) and catch most of the bad actors and the careless admins but put the exceptions right next to the rules:
| REGEX | Response |
| /^localhost\./ | REJECT you are not me |
| /^\[*192\.168\.254\.12/ | REJECT you are not me |
| /^\[*66\.73\.230\.190/ | REJECT you are not on my network |
| /^\[*66\.73\.230\.18[4-9]/ | REJECT you are not on my network |
| /^\[*127\.0\.0\./ | REJECT you are not me |
| /^hostname\.in\.my\.mx\.records$/ | REJECT you are not me |
| /^my\.internal\.true\.hostname$/ | REJECT you are not me |
| /^virtual\.domain\.i\.service$/ | REJECT you are not me |
| /^scconsult.com$/ | REJECT you are not me |
| /^some\.fools\.exchange\.local/ | DUNNO |
| /\.local$/ | REJECT You are not local to me |
| /\.localdomain$/ | REJECT You are not local to me |
| /^-/ | REJECT Stop being so negative |
| /^nonfqdnthatilike$/ | DUNNO |
| /^[^.]*$/ | REJECT Care to qualify that claim? |
| /user.veloxzone.com.br$/ | REJECT Veloxzone user space not welcome here. |
| /^mail.com$/ | REJECT Suresh says that no one is mail.com |


Note that this depends on permit_mynetworks and/or permit_sasl_authenticated to protect truly local and/or authenticated clients. The 'DUNNO' lines are the exceptions. The rest of the rules catch the observed behaviors of some spammers in using HELO arguments that claim one or another sort of local identity, start with a '-', or have no periods (i.e. non-FQDN hostnames) The last 2 catch the tangle of botnets using a Brazilian ISP and a once-common habit of bots using 'mail.com' in HELO.

The advantage to this approach is that it lets you do the fairly simple thing that reject_non_fqdn_helo_hostname does, whitelist against it directly, and add in other things that are useful in looking at HELO names.
<html>
<pre>
ST8STXEZCKZJGT8L6242848WKFQBAZH.r.mail-abuse.com 550 Service unavailable; $rbl_class [$rbl_what] blocked using Trend Micro RBL+.  Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=$rbl_what${rbl_reason?; $rbl_reason}
</pre>
<pre>
ST8STXEZCKZJGT8L6242848WKFQBAZH.q.mail-abuse.com 450 Service temporarily unavailable; $rbl_class [$rbl_what] blocked using Trend Micro Network Anti-Spam Service.  Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=$rbl_what${rbl_reason?; $rbl_reason}
</pre>
</html>