Autoclose. Closing a file when it is not in use sounds like a prudent thing to do. Yet I see files opening and closing all the time in the error log in SQL Server, even though I know that I never use the database except for viewing in Enterprise Manager. Does viewing a list of databases in Enterprise Manager make the files open? It makes sense to me to use autoclose on databases that I use only occasionally as import staging areas, and which I access for only a fraction of the time my online transaction processing (OLTP) database is in use. SQL Server Books Online says that the autoclose option is automatically set to YES for the SQL Server Personal Edition and to NO for all other editions. Has this option been included only for the Personal Edition?

Autoshrink. The autoshrink option also sounds helpful. However, would using autoshrink on my import staging areas, where I bring in quantities of data for short periods of time, keep these areas small for backups?

A
Autoclose is available in all editions of SQL Server 2000. The amount of memory you save by using this option is relatively small but might be important on memory-constrained systems running the Personal Edition. However, enabling autoclose for the other editions isn't a good idea, because every time you try to access the database, the query will be slowed by the amount of load time it takes to mount the database. As for the question about your files opening and closing, yes, when you enumerate a database in Enterprise Manager, you access the database, which opens the files.

Leaving autoshrink on for production systems also isn't a good practice (unless you really need to), because autoshrink might start when your system is otherwise busy with production work, and slow down the system. However, enabling this option is a good idea for desktop or remote systems that don't get a lot of DBA attention and whose databases could grow out of control before you detect the problem.

At tomorrow's Churchill Club event, Olli-Pekka Kallasvuo (Microsoft CEO Steve Ballmer calls him OPK!) will not be short of topics to discuss with Wall-Street Journal columnist, Walt Mossberg.

The Nokia CEO (pictured) chose indeed one hell of a week for the Finnish cell phone maker to make his tour in Silicon Valley.

First, amid a weak global economy and competitors slashing prices, experts have raised doubts that Nokia would be able to maintain its market share and hit profit-margin targets expected for this year.

Second, the Nordic company announced today that it is spinning off its firewall/VPN security appliances business unit located in Silicon Valley - throught the acquisition of Ipsilon Networks 11 years ago for $140 million - refocusing the Nokia For Business division squarely at mobility solutions. Funny enough, it was "OPK", then VP of Nokia Americas that spearheaded the acquisition!

However Nokia did also say that it'll quit the business of developing and selling it's own flavour of "behind the firewall" enterprise-class push email servers - that it got through the $430m acquisition of Intellisync 3 years ago - but instead resell the ones from IBM and Microsoft. No word on RIM's and a question we'll make sure to ask the handset maker chief this Wednesday.

"Nokia will no longer develop or market its own behind-the-firewall business mobility solutions, namely Nokia Intellisync Device Management, File Sync, Application Sync and Behind-the-Firewall (BTF) Wireless Email. Nokia will instead focus on bringing best-in-class devices and solutions to market for business customers by forging strategic relationships with leading enterprise technology vendors", reads the laconic statement.

Is Nokia unlucky in Silicon Valley?

Looks like 2 of Nokia's large investments in Silicon Valley, Ipsilon Networks and Intellisync, didn't finally paid off. And worse, Nokia CTO and the head of Nokia Research Center, Bob Ianucci, the man who established Nokia Labs in Palo Alto, Calif., has announced his resignation.

Finally, as we wrote earlier here, Nokia will launch its iPhone me-too clone, the "Tube", on Thursday and I suspect "OPK" will be more than willing to show it to us a few hours before the official release!

Of course all of that should reassure Nokia investors, partners, employees and customers on the company's sound strategy directions... or not!

Suicide bombing was popular in Palestine since broke second intifada in September 2000. The peak season in 2002 while happened 44 suicide bombings.

Until the present, there were 120 suicide bombings committed by Palestinians. Around 652 have been killed and 2,267 injured. These figures not included suicide bombers must be died.

Ten of the bombers were women, included Wafa Idris, a 28 year old widow who worked as paramedic. She has become the first female suicide bomber. There was also Fatimah Umar Mahmud Najar, a 64 year old widow and also grandmother of 41 grandchildren. She was also the oldest woman bomber.

Israeli military said 29 suicide bombers were under 18 year old. The Zionist soldiers also found the picture of baby suicide bomber while raided a house in Hebron, West Bank, in June 2002.

Suicide bombers have believed that they would get paradise as a reward for them. But Islamic clerics have divided in two opinions: allowed (halal) suicide bombing and prohibited (haram).

Suicide bombing is halal because of imbalance power between Palestinians and Israel. As founder of Hamas, Sheikh Ahmad Yassin said: “If we had fighting jets and missiles we will change our way of self defend in legitimate means.”

Islamic clerics who prohibited suicide bombing argued that the actors have killed themselves before killing their enemies. Sheikh Abdul Aziz bin Abdullah Bin Baz has affirmed that suicide bombing isn’t fair due to Al-Quran An-Nisa article 29: “Don’t kill your self.”

Prophet Muhammad has also said: “Anyone who kills his self by a mean therefore he will be tortured by that mean in the end of the day.” Ibnu Taimiyah said suicide bombing is haram and the actor will be eternal in hell.

In the fact, 22 suicide bombings were useless. There were no people and Israeli soldier killed except the bombers. Definitely, suicide bombers has caused their family lost their beloved ones.

Place : restaurant in Jerusalem

Time : 27 January 2002

Actor : Wafa Idris, a 28 year old widow who became paramedic (the first Palestinian female bomber)

Victim: two killed and more than forty injured

Place : checkpoint in West Bank

Time : 27 February 2002

Actor : Darin Abu Aisyah, 21 year old, student at the University of Nablus, West Bank

Victim: five injured, included two Palestinians

Place : shopping centre in Jerusalem

Time : 29 March 2002

Actor : Ayat Akhras, a 18 year old girl

Victim: three killed and 20 injured

Place : bus stop in Jerusalem

Time : 12 April 2002

Actor : Andalib Takafka, a 20 year old girl

Victim: at least six killed and 80 injured

Place : shopping centre in Afula

Time : 19 May 2003

Actor : Hiba Daraghmih, 19 year old, student at the Al-Quds University

Victim: three killed and 93 injured

Place : restaurant in Haifa

Time : 4 Ocotber 2003

Actor : Hamadi taysir Jaradat, a 28 year old female attorney

Victim: 21 killed and 51 injured

Place : joint industrial compound of Israel-Palestine in Gaza Strip

Time : 14 January 2004

Actor : Reem Salih Riyashi, 22 year old, mother of two children

Victim: four killed

Place : Jerusalem

Time : 22 September 2004

Actor : Zainab Abu Salim, a 18 year old girl

Victim: two killed and 17 injured

Place : Bait Hanun, Gaza Strip

Time : 6 November 2006

Actor : Mirvat Massud, 18 yerad old, student at the Gaza Islamic University

Victim: two killed and an Israeli soldier injured

Place : Camp Jabaliyah, Gaza Strip

Time : 23 November 2006

Actor : Fatimah Umar Mahmud Najar, a 64 yerar old widow and grandmother of 41 grandchildren

Victim: three Israeli soldiers injured

BBC/Daily Mail/Faisal Assegaf

]]> http://thewestbunk.wordpress.com/?p=111 Wed, 24 Sep 2008 20:07:02 +0000 Scottster http://thewestbunk.it.wordpress.com/2008/09/24/life-in-check/ The ride from Tulkarem to Ramallah seems to be a bothersome one. Less than 80 kilometers between the two cities and there are three main checkpoints, never mind the odd flying checkpoint. And at each one you could have your ID checked, be detained for up to three hours or simply be delayed until the Israeli soldiers decide to let you through. Take note, that these are two cities within the West Bank and the route to get to each is far from the border with Israel. International laws (Geneva Convention IV, 64 to be exact) that say an occupying power cannot restrict movement of the local population aside – the man power to support these checkpoints weighed against the actual effectiveness of them in catching perpetrators, or possible terrorists simply defies reason. Here is an example.

I was in a service taxi heading home to Bethlehem, but the first stop was in Ramallah and I was on the route described above. First checkpoint, Anabta, near the Inaav settlement east of Tulkarem we go through without being stopped. Nice. We keep on bouncing through the landscape and quietly roll up to the second checkpoint, some 25 kilometers further south - Za’atara checkpoint. This time we get stopped. It is always a tense moment when you get stopped at the checkpoints. I know I will get through and I am doing absolutely nothing illegal by being here. But it is the questions that freak me out. I am the worst liar in the world and I stumble through the answers as I can’t just tell the guy I disagree with his whole existence in the West Bank. But this entry isn’t about me.

The soldier asked us all for our ID. He had a look at mine, held onto it, took the others, then he noticed one man sitting in the back didn’t hand his over. The man was removed from the taxi and told he couldn’t go through the checkpoint. I wanted to object, but he wasn’t detained, he wasn’t mistreated and he had lost his ID. Now, ok, it is his own fault he lost his ID and he should know better than to go through a checkpoint without it. But he was from Hebron to the south of Ramallah and applications for a new ID need to be done at the place of residence. So if he can’t get home to apply for a new one – and the process is a simple one, it take a day or two to get a replacement – how do they expect him to comply with their law?

“It makes no sense to stop him here,” replied the man next to me, who ended up being an ISM coordinator. Must he now go back to Tulkarem just to try to get to Hebron again? “They should take him to Hebron in their jeep.” All of us in the taxi looked through the back window to see him walk back the way we came. A long line of cars had gathered as we waited for the soldier to check all the IDs. Then given the ok to move on, we drove on, leaving him there at the checkpoint, surrounded by soldiers, and with no town in site.

I thought as we drove away that that man must have been so nervous as we drove through those checkpoints. I didn’t pick up any such vibe but it is all around me all the time. I feel it when I approach the checkpoints even though I am ultimately protected due to my foreign passport. The majority of Palestinians have done nothing wrong but in a society where you are presumed guilty and dangerous, you live a mental siege that creates an inability to feel confident.

We drove up the next hill. Around the bend and Atara checkpoint came into view, mere kilometers from Ramallah. The soldier waved us down…

Can happen when the fwx_alloc  table is full :

#fw tab -t fwx_alloc   -s
HOST                  NAME                               ID        #VALS    #PEAK     #SLINKS
localhost             fwx_alloc                        8187    150000 150000 0

#fw tab -t fwx_alloc
localhost:
-------- fwx_alloc --------
dynamic, id 8187, attributes: keep, sync, expires never, limit 150000, hashsize 131072

[...]

You can flush the table with the following command:

#fw tab -t fwx_alloc -x

FYI:

The fwx_cache table was introduced in VPN-1/ FireWall-1 NG FP3 and VPN-1/ FireWall-1 NG AI. The table is used as a cache for the NAT rule matched entries. If a specific connection (i.e. specific source IP address -> specific destination IP address) matches a NAT rule, the result of the rule match will be kept in this table. When the next such connection opens, the NAT rule match will not be performed, since that information is already in the cache table. The NAT cache table is intentionally smaller than the Connections table, since it is assumed that it will contain most of the common / frequent connections, therefore enabling NAT performance optimization.

(Israeli soldiers ordered us off the bus. I am wearing the tan hat, standing next to the pole. Photo taken by Nancy Hernandez, May 2008.)

The image above is of one of the interminable Israeli checkpoints used against the Palestinians. This particular one is a "permanent checkpoint" at which we were given extra attention.

The Israeli occupation makes the simple act of riding the bus, or actually just getting from one place to another, a stressful and even humiliating process. On the day that this photo was taken, a group of us were invited by Huwaida Arraf to al-Khader where we could participate in a protest against the construction of an Apartheid Wall and to speak with Palestinians living in the area who would be affected by the Israeli confiscation of their land. According to Electronic Intifada, this Wall is projected to take nearly 90% of the Palestinian land, seriously undermining the economy and culture of al-Khader.

The protest was over when we arrived. We arrived late since the bus we were riding had been stopped in route by the Israeli Army; two Israeli soldiers boarded the bus, one a blond, fair-skinned man, the other was browned-skinned with black hair. Both appeared to be in their late teens or early 20s. The blond-haired soldier clearly was in charge.

In Palestine, when you are stopped by the Israelis, you automatically gather your documents to prove that you have proper papers that "approve" your right to move about the area. For internationals such as myself, this document is the passport. For Palestinians, the papers can be an assortment that include identification papers and work permits properly stamped, signed, and dated.

When the two soldiers entered the bus, we passengers held out our papers for them to view. Internationals may or may not get used to the young soldiers habit of keeping their fingers on their gun-triggers. One also needs to remember that the Israeli Army does not want photos taken of them at checkpoints. If confronted by a soldier, an international can sometimes get away with taking photos by acting like a simple "American tourist" just taking pictures--and perhaps will only receive a command to put cameras away. Other times, soldiers will confiscate cameras.

The blond-haired soldier walked down the bus aisle, stopping to inspect closely a few of the papers and otherwise barking out questions and orders to the passengers. His partner followed, staying mute. When the pair arrived at the seat in front of me, the blond soldier was dissatisfied with the passenger's papers and he ordered the young Palestinian man off the bus.

Arraf, who translated for us, explained that the soldier accused the passenger of having invalid work papers. Through the bus window, I watched as the Palestinian man was surrounded by four Israeli soldiers who interrogated him. These "interrogations" can end in several ways including the possibility that the passenger is taken elsewhere for further questioning or even arrest based upon the equivalent of "probable cause" due to soldiers dissatisfaction with the answers or with the signature on the paper---or even their mood at that moment. Obviously when this happens, the passenger is unable to make it to work or school or to keep other appointments for that day. In this case, the soldiers finally allowed the young man back onto the bus and we resumed our route.

We arrived at the site late, but a young man who was expecting us had waited. We then walked on the trafficway, monitored for a while by an Israeli military truck, while our colleagues pointed out the site of the impending Apartheid Wall and the nearby Israeli settlements. This illegal Wall, because it will swallow up so much more Palestinian land, will destroy the economic sustainability of Al-Khader---no doubt, the probable intent of Israel under the guise of "security" from those that they are terrorizing. Manifest Destiny relies upon a plethora of such smoke and mirrors.

The walls and settlements come with "settler-only" roads on which Palestinians are banned from traveling; at times, this roads have been annexed thereby forcing the Palestinians to find other routes; these "new" roads (with their checkpoints) can add hours to travel and create such situations in which an individual is forced to find a new, approved route that now imposes several hours on him to get to his farmland---when it previously took him 10 minutes. These walls and settlements also involve the Israeli confiscation of farming land, sources of water, housing, and the destruction of sites important for social, historical, cultural, and public health reasons.

While walking next to the trafficway, we were honked at by Israelis who yelled profanities and other derogatory phrases. Our guide was in his mid-20s and had spent 6 years in prison for his pro-Palestinian activism; he had been locked up at the age of 16 and had been released through an Israeli act of amnesty. However, his mobility was curtailed and so he was unable to join us back in Jerusalem which was our main base during our stay in the West Bank. We would meet up with him again at a refugee camp.

We spent the afternoon observing and witnessing the Israeli destruction to al-Khader, including an Palestinian elementary school which the Israelis had shut down. As we began walking to find a place to eat, an Israeli military truck stopped us. Two soldiers got out of the front, and four got out of the back, with their ever-present fingers on their gun triggers. We were forced to answer their questions for approximately half an hour. They let us go but kept us under surveillance for a while.

After we ate, we caught a bus (in the above photo) to return to Jerusalem. About midway back, we arrived at a checkpoint and this time we were all ordered off the bus. After a while, the soldiers motioned me to the front of the line to ask me a few questions about the group I was traveling with. Then they checked our papers, and upon receiving the approval of the armed teenagers in military gear, we resumed our bus ride back to the hotel.

Resources:

Al-Khader: http://electronicintifada.net/v2/article9348.shtml

]]> http://lastwoman.wordpress.com/?p=99 Sat, 20 Sep 2008 14:23:16 +0000 julia good fox http://lastwoman.it.wordpress.com/2008/09/20/checkpoint-3/

OCCUPIED WEST BANK—In “Checkpoint 2," I briefly discussed the gate-keeping process at these sites without describing the Apartheid Wall of which the checkpoints are a component. Before I continue writing on checkpoints, I would like to offer a few facts about the wall.

Apartheid Wall Facts:

• The Apartheid Wall is sometimes is referred to as a “partition,” a “security fence,” and a “separation barrier.” These terms attempt to turn attention away from the reality of what the wall actually is: a wall designed to impose Apartheid on the Palestinian People.
• In 2004, The International Court of Justice at The Hague issued a resolution calling for Israel to halt construction of the wall, and to dismantle the sections that it already had built.
• If completed, the Apartheid Wall will be an estimated 403 miles in length and will have annexed or grabbed even more Palestinian territory including sources of water and farm lands.
• Construction of the Apartheid Wall will demolish Palestinian homes, schools, farms, and businesses and will isolate communities.
• The Apartheid Wall will “require” a buffer zone of 30 - 100 yards wide for electric fences, trenches, cameras, sensors, and security patrols.
• Construction of the Apartheid Wall involves massive destruction to the environment and will create ecological and climate adversities.
  
• Israel has surrounded Gaza Strip on three sides by an Apartheid Wall (and a heavily patrolled-Mediterranean Sea to the west), effectively making it the largest prison in the world. At this time, it is nearly impossible for Palestinians to leave Gaza and for Palestinians and other people to enter the area. B’tselem and other human rights groups are documenting the current environmental and humanitarian crisis occurring in Gaza.

(Above: Image showing loss of Palestinian land to the Israelis. In Stage 4 (far right), Gaza is on the right side and the West Bank (which contains Bethlehem, Jerusalem, and Ramallah) is on the left. The Apartheid Wall will grab even more land from the Palestinians. Source: http://www.ccmep.org/delegations/maps/palestine.html)

• The construction of the Apartheid Wall involves dozens of concrete, information technology, and other types of companies. They include Catepiller, Inc. and Motorola.
• In addition to the wall, the Israelis use other barriers to discourage or prevent Palestinians from enjoying freedom of movement, including wires, boulders, and trenches.
• Obvious parallels to other walls include the Berlin Wall (1961-1989). More recently, the United States has begun to construct a wall along the U.S.-Mexico border. The U.S. Department of Homeland Security awarded contracts for this wall to Boeing and an Israeli-company, Elbit Systems(which is also participating in the Apartheid Wall). The U.S. also is constructing walls in Iraq.

The checkpoints and the Apartheid Wall are among the most well-known symbols of the Israeli-perpetuated Apartheid system. In addition, the system includes Apartheid-based citizenship papers, permits, license papers, and color-coding. It includes roads on which Palestinians are forbidden to drive. It involves disinformation, doublespeak and other uses of language and imagery in the media, politics, educational system, and popular culture.

To echo the sentiments of Boaz Okon, the Apartheid Wall, indeed the entire Apartheid system against the Palestinians, is an act of which the Israelis, the U.S. and other nations will not be able to forgive themselves.

- Julia Good Fox

June 2008

For more information, see:

World Court Resolution

Wall Information from The Electronic Intifada

What is a Separation Barrier?

Palestinian Environmental NGOs Network

(Graffiti is one response to the Israel-constructed Apartheid Wall. This stenciled image is at a Ramallah checkpoint. Photo taken by Julia Good Fox, June 2008.)

OCCUPIED WEST BANK — Let’s be clear about this. The Israeli checkpoint system in the West Bank is an absolutely ruthless act of anger, viciousness, and power. It is generally said that the Israeli system is designed to control Palestinian movement. Yet any international’s experience with the system will confirm that the Israelis have set up the routine as an attempt to dehumanize the Palestinians. The Israelis use the simple experience and necessity of travel as another opportunity to expose the Palestinians to feelings of humiliation and powerlessness and, at times, to even ensure their deaths. Such is a life spent in occupation and under Apartheid.

B'Tselem, a human rights organization, estimates that there are approximately 100 permanent checkpoints in the West Bank, an area which is only 5,860 km2 (about the size of Delaware). In addition to these permanent checkpoints, Israel props up dozens of ad-hoc or “flying” sites each week in different locations. The Israeli Army, the Israel Border Patrol, and private (civilian) security companies staff the permanent and flying checkpoints.

At checkpoints, Israeli soldiers look through bags, check for papers, and pull individuals for interrogation. The logic of the Israelis who staff the checkpoints is an equation of ever-changing amounts of mercurial attitudes and capriciousness, and always contains the threat of physical brutality.

The checkpoint system affects public health, education, the economy, and simple community activities. Lines at the checkpoints can be long and there is never a guarantee that a Palestinian will be allowed through. In fact, there is not even a guarantee that a checkpoint will be open. If it is closed, then Palestinians will be unable to cross at that area. Students, teachers, and professors can never be certain that they will make it to class; employees do not know if they will be able to work; the religious do not know if they will be allowed to worship at the mosque or church; relatives and friends cannot be sure that they will see each other as planned.

Israeli soldiers even will detain Palestinian women who are in labor; such cruelty resulted in at least five women in 2007 giving birth at a checkpoint. Israel uses the checkpoints to deny other forms of healthcare to the Palestinians. B’Tselem and the United Nations OCHA Occupied Palestinian Territory office are documenting the role played by the checkpoints (and the accompanying apartheid permit system) in causing deaths of Palestinians.

(Above: This is a 2001 image of the checkpoint locations. source: http://www.ccmep.org/delegations/maps/palestine.html .)

The checkpoint system produces multiple stresses. As Dr. Frantz Fanon described in his works and to which the UN, NGOs, and ordinary women and men also can attest, the stresses of living with this Apartheid system seeps into the souls of individuals and can influence familial and social relationships. At certain checkpoints, Israel male and female soldiers, often in their late teens, prohibit Palestinian male teen-agers and young men between the ages of 16-35 from crossing. What are the consequences of such experiences, to be constantly confronted or ordered about by young Israelis carrying weapons and whose finger is always on the trigger of these guns, for Palestinian teen-agers and young adults?

And one cannot help but wonder about the Israeli soldier at the checkpoint. Perhaps he is only in his late teens. What does he do to relieve the day’s events, a day when he prevented a sick person from accessing health care, when he prevented someone from getting to work, when he forced a Palestinian woman to give birth at the checkpoint.

Clearly, the checkpoint is a system that removes the humanity from its Israeli participants.

- Julia Good Fox
June 2008

For more information about the checkpoints, see:
http://www.ochaopt.org
http://www.btselem.org/english/Freedom_of_Movement/Index.asp http://www.btselem.org/english/statistics/Casualties_Full_Data.asp?Category=21&region=WB

Ed

2008.09.16

Hanna Barag, active member of Machsom Watch, an Israeli checkpoint monitoring organisation.

Turned out here we get definitions for interactive session : cat /etc/bashrc
<CUT>   

# By default, log out the user after three minutes of unattended prompt
export TMOUT=180
export SHELL=/bin/bash
# Take into account idle setting of cpshell, if available
if [ -f /etc/cpshell/cpshell.state ]; then
   idle=`grep idle /etc/cpshell/cpshell.state | sed s/idle=//`
   if [ $idle"UNDEFINED" = "UNDEFINED" ]; then
          idle=3
   fi
   export TMOUT=`expr $idle \* 60`
fi

So to change the default timeout for ssh session you can:

1) Set idle variable in /etc/cpshell/cpshell.state to be later multiplied

cat /etc/cpshell/cpshell.state
audit=100
idle=100
scroll=1

2) Change last export directly to whatever you wish:

export TMOUT=7000  ; in seconds

I personally when working on client's firewall am setting it manually  when long  debug session is expected:

[Expert@cp]# TMOUT=700
[Expert@cp]# export TMOUT

The law getting kicked in the rocks? Or the law throwing its rocks in our face?

Let me explain briefly for those who may not be in the know before I get into the story. Ramadan is simply speaking the Muslim holy month recognized in the ninth month of the Islamic calendar (not always on the same date every year) and Muslims fast from sunrise to sunset. It is especially important for the Muslims to pray at Al-Aqsa Mosque in the Old City of Jerusalem, the third holiest site of Islam, during Ramadan. Hence many Palestinians attempt to get across the Bethlehem checkpoint from all over southern West Bank. The Israeli government is generally more lenient during this time and men and women of a certain age may pass the checkpoint without permits – more about that later and in other posts. OK – read more about Ramadan here because I’m not Muslim, nor an expert.

And so the story continues.

There were four of us there and we were on checkpoint monitoring duty. We split up. One in front of the cement barrier before the actual Separation Barrier, one at the metal detectors inside the terminal, one at the ID booths and one counting the number of Palestinians that are actually allowed through the terminal. I was supposed to be at the metal detectors but after getting through the first turnstile I was bounced, grabbed by the police and forced to go back to the Bethlehem side. They don’t much want foreign nationals inside the terminal. So back I went. There is only so much arguing one can do.

Once back beyond the cement barriers I saw that some United Nations officials had arrived. They were supposed to be there over an hour ago. The situation had deteriorated at all sections of the terminal and we needed help. The soldiers were getting hot and angry at the teaming masses of people and that mass was growing. I was afraid that the situation was going to turn violent if some kind of organized chaos wasn’t created. I wasn’t sure if the UN guys were going to help with that. And the people grew hot and the sun rose.

We were in a tight group with two UN officials, four of us, four foreigners and we stood out. We were a target for frustration. While people pushed and shoved and lost their shoes in the mass, we stood and chatted. “Who are the journalists here?!”, exclaimed one man. We feebly pointed to some by the wall…no journalists here. “See, see how they use propaganda!” he shouted referring to a soldier who had lifted a young boy above the pushing people and sat with him at the cement barrier. “While we suffer the media come and make it look like it is the Israeli’s who make things better”. It wasn’t a media stunt and the boy was handed to the soldier by his mother but the scene represented a deeper anger. We nodded in understanding and noticed others were lining up to be vocal.

One pushed in and shouted and spat in Arabic, counting our faults on his fingers. “You organizations come here. For six years you come here and write reports and nothing, nothing has changed! Why are you here? What good do you do?”. And I have to agree with him. We probably don’t do much good in the broader issue. But we are here now and we can help with particular problems now. We can help minimise the abuse and loss of dignity just by being here. The international community is watching. And this means sweet bugger all to his livelihood and children’s future.

Again, we nodded it off. We did understand and he was right, we weren’t fixing it. Probably the most widely reported and documented occupation in history and still it deteriorates. We write reports and take pictures and earn a salary and the arguments that all we do is make the occupation work better rings louder and louder. I will leave that argument for a later post but I renew my duty now, because it is this now in which people need me. As people suffer today, I can help to relieve that in anyway I can. So I interfere when I have to, help where I can, and take pictures when I want to. And in this time I hope that those with greater powers than me will fix it. I refuse to get frustrated like some of the UN personnel who complain that these people don’t appreciate them. If you think people don’t appreciate you, maybe you should work a little harder, arrive on time, and don’t leave before it’s over.

Prayer time is 11:45 and inside the terminal over 300 men were still waiting in the queue and outside the barrier. Those who did not even get past the first barrier kneel in prayer in the hot sun and far from their holy site. When you forcibly prevent people from practicing their religion you ask for trouble.

The third Friday of Ramadan is coming closer.

(Check out some more photos from checkpoints here)

If Clark was expecting a free run to give a party political broadcast which, as Adam Smith  noted, she had when she announced the election this afternoon, she'd have been disappointed.

Most of the interview centred on why Clark didn't say what she knew about Winston Peters and the donations debacle and her handling of that.

The interview is on line here.

EnCase cannot directly access PointSec encrypted hard drives. I understand that PointSec (owned by Checkpoint) may be talking to EnCase and working on a decryption solution. Today, however, there is no seamless way to forensically access PointSec encrypted data without going through a decryption of the hard drive first. More information may be found at http://www.guidancesoftware.com/products/ef_modules.aspx#eds, and http://www.guidancesoftware.com/products/pop_dlx.aspx?ref=ef – registration may be necessary.

Normal procedure for investigation startup:

1. Acquire the drive with EnCase.
2. Start the examination.

Procedure for investigation involving PointSec decryption:

1. Acquire raw, encrypted hard disk image to be examined using dd or dcfldd. Hash and compare to the original disk.
2. Acquire the decryption key file.
3. Using PointSec software, write to a floppy disk using the decryption passphrase. This boot floppy is used to decrypt the target hard disk.
4. Use dd or dcfldd to create a bit for bit image of the floppy disk.
5. Set up a new Virtual Machine, using VMWare, and point to the floppy disk image as the floppy disk drive, and to the raw encrypted hard drive image as the VM hard disk.
6. Start up the VM, booting from the floppy image.
7. After keying in the appropriate passphrase(s), the hard disk image will be decrypted as if it were the original hard drive.
8. Go out for beer and peanuts. Take your time.
9. Add the decrypted image to EnCase as the subject drive of the investigation. New hashes will have to be taken, and everyone will have to trust that the data has not changed even though the hash has.
10. Start the examination.

PointSec and EnCase – Send flowers
Here are the steps, in a perfect world, to start the investigation with a future EnCase version that speaks PointSec:

1. Acquire the encrypted drive with EnCase.
2. Key in the password.
3. Start the examination.

Perhaps we all need to send an encouraging card or some flowers to the meetings, and tell those guys we want to see a group hug, today. We need to feel the love!

J. Michael Butler, GCFA Gold #56 is an Information Security Consultant employed by a fortune 500 application service provider who processes over half of the approximately $5 trillion of U.S. residential mortgage debt. He also authored his company's enterprise wide information security policies.

BTW this script made it 100% clear there was some problem with Exchange over which I had no control - from firewall its port 25 answered very erratically - once ok , 10 times connection refused. So after a double check

client found that from LAN and VPN it also wasn't stable as he first thought .

General telnet client script :

[Expert@cp]# awk -v ip=192.168.0.1 -v port=25 -f telnet.awk

Where:

  ip - IP to connect to

  port - port to connect to

#!/usr/bin/awk
#This is a simple telnet emulation script purpose of which
# is to try to connect to a given IP on a given port using TCP
# and print to the terminal few lines received from the server
# if session is established. It has no functionality but to
# establish a TCP connection and print out received text from the
# server, after that it just exits.It was created to debug
# connectivity issues on Checkpoint NGX firewall that has no built
# in telnet client .
# Client
     BEGIN {
       ("/inet/tcp/0/" ip "/" port ) |& getline
       print $0
       close(("/inet/tcp/0/" ip "/" port ))
     }

Next is the same cript with add on for port 80 - to get some response from web server:

#!/usr/bin/awk
     BEGIN {
   Portandip = ("/inet/tcp/0/" ip "/" port )
   print "GET /  HTTP/1.1\n\n" |& Portandip
   while  ( (("/inet/tcp/0/" ip "/" port ) |& getline)>0)
       print $0
       close(("/inet/tcp/0/" ip "/" port ))
     }

In August, The Hungarians cut the barbed wire at the their border with Austria, creating the first hole in the Eastern Bloc. Thousands of East Germans flocked there and ran, crying with relief and anger, across the border. Thousands more travelled to the West German embassies in Prague and Warsaw and set up camp, creating a diplomatic nightmare in German-German relations. Finally, the regime agreed to let them out, on the condition that the trains taking them to West Germany travel through the GDR. Honecker hoped to humiliate the ‘expellees’ by confiscating their identity papers. And he wanted them to fear (as they did) that he would stop the trains and arrest the passengers.

Honecker’s plans backfired. The people on eh trains ripped up their identity papers with tears of joy. Thousands flocked to the stations to see if they could climb aboard, and to cheer on their compatriots.

In early October, Leipzig was a flashpoint. Petrol-station attendants were refusing to refill police vehicles; the children of servicemen were being barred from crèches. Those who worked in the centre of town near the Nikolairkirche were sent home early. Hospitals called for more blood. people made their wills and said things they wanted their children to remember, before going out to demonstrations. There were rumours of tanks and helicopters and water cannon coming, but then so were the postcards from friends who had already reached the west. The people went on to the streets.'

[Stasiland, Anna Funder]

I’ve been commissioned to make a new game based around the theme of politics and play for the Delfina Foundation in November.

For a while I’ve been interested in the idea of exploring that moment at which public protest becomes collective action. I’m interested in what it takes to risk ridicule, or anger, or imprisonment, or worse to be one of the first comers. I’m interested in their relationship to everybody else, what the circumstances need to be for that initial spark to become an invitation and for that invitation to be accepted. I’m interested in how sea changes happen.

Is there a moment at which standing up and being counted becomes the status quo? Sinking into the warm anonymity of mass protest like Franz in The Unbearable Lightness of Being. When I was at university I created a show where the audience was sat on the stage while an actor sat in the auditorium. At a certain point she encouraged someone to come forward and join her. There was no response. She even offered a fiver to anyone who came forward. In the end (as people are taught to do in pressure situations) she singled out one person who she demanded come and join her, which she did. She then asked someone else and so on. Very quickly there was a sea change; people as one got up and moved across. Decisive independent action had at a point tipped into collective acquiescence. I’m interested in that point.

I’m interested in how people’s relationship to the space they inhabit can change so quickly and so dramatically. In another beautiful passage from Stasiland Anna Funder talks about the breakneck speed with which the various Stasi headquarters went from being sites of terror and symbols of power to museums smelling of the sad old men who used to run these people’s lives. She describes the faces of ordinary East German’s as they walked through those endless corridors of fading brown linoleum, not knowing whether the laugh or throw up.

All it takes is a peculiar series of coincidences. A siren somewhere nearby. Two people happen to be running in the same direction. Maybe a bottle smashes accidentally. Heads turn. Suddenly you feel, in a wave of giddy confusion and excitement and fear, that something is happening. The world has changed. Then it passes. The siren fades. The runners catch their bus. Someone stands sheepishly over a broken beer bottle outside a busy pub. People carry on.

If as Michel de Cereau suggests, our movement through the streets is like the word when it is spoken – urban planning realised in the action of walking – I want to find a way of rearticulating familiar geographies. Of introducing people to the idea that those streets and squares and buildings can be spoken in a different way. I want to get them to try a few alternatives on for size. To play with what the city can mean.

Whatever it turns out to be, I’d like this game to be a kind of sister game to Checkpoint, the game I created for the Hide and Seek festival that involved people smuggling objects from one side of a blockade to another. That game was inspired by the stories of the valiant, startlingly creative ways in which people in East and West Germany found of smuggling things (and people) from one side of the wall to the other.

I’d quite like to make a trilogy of games around the bizarre, disturbing world created in East Germany; the most all-consuming surveillance state the world has ever seen. People found themselves crushed by a fear of the state and a fear of each other; suspended between the suffocating confines of their own reality and the imagined freedom that stood so tantalisingly close behind several meters of barbed wire and concrete wall.

Part of my reason for wanting to create this trilogy is as a way of confronting more head on the question that has come up (in more or less polite ways) a few times recently. Focussing such time and attention on this particular theme will at least, hopefully, give me the opportunity to answer that question, which, put most bluntly is: Isn’t it a bit smug and inappropriate to be making games out of people’s genuine suffering and genuine acts of bravery and sacrifice?

To which I guess my response is – it depends what you mean by games.

Obviously some kind of Iron Curtain themed climbing wall or a game of Hide and Seek with everyone dressed as Stasi officers would be pretty hard to defend (though probably, painfully, very easy to pitch to Channel 4). But my interest in games is less about the content or the aesthetic and more about the provocation it offers to those who are involved.

What I love about gaming is discovering alternatives models of engagement with an idea or a theme or even a narrative. I love that it opens up ways of engaging with something that feel simple and accessible and robust, borrowing from all the games we used to play as children.

Thinking doesn’t necessarily have to be something that happens sitting down.
Freud described dreaming as being thinking through doing. You think you are doing things – running, talking, flying – but it’s all in your head. It’s just a different way of thinking through problems or insecurities or ideas that you can’t find any other way of understanding.

For me, gaming is just another kind of theatre. A theatre that encourages you to be active, to be creative, in a way that feels comfortable and familiar and fun. So a game constructed around history or tragedy or suffering is a just a piece of theatre that invites you to confront and explore those things in a way that is possibly both familiar (in it’s structure) and unfamiliar (in it’s content) at the same time. It asks you to think about those issues through doing; through play. And hopefully in doing so you learn new things and relate to that alien experience in a way you wouldn’t by simply reading about it or watching a film or a play about it. And so, for me, it’s not just valid but, indeed, vital; a connection with other lives that you couldn’t have in any other way.

Russians 'agree Georgia deadline'

Russia has conditionally agreed to remove its forces from Georgian land - excluding Abkhazia and South Ossetia - by the second week of October.

Russian President Dmitry Medvedev said the pull-out would happen once 200 EU monitors deployed to South Ossetia.

Speaking after meeting French President Nicolas Sarkozy, Mr Medvedev said the withdrawal was dependent on guarantees that Georgia would not use force again.

But he made no mention of withdrawing troops from South Ossetia or Abkhazia.

And he defended Russia's controversial decision to recognise the independence of both breakaway regions, saying the move was "irrevocable".

Criticism of US

Among the measures announced after the Moscow talks, Mr Medvedev said there would be international talks on the conflict, which would take place in Geneva on 15 October.

And Russia agreed to remove a key checkpoint from near the port of Poti within a week.

NEW PEACE MEASURES Russia to close checkpoints between Poti and Senaki within a week Some 200 EU monitors in South Ossetia by 1 October Russian forces to withdraw from undisputed land within 10 days of monitors deploying International talks on the conflict to be held in Geneva on 15 October

Again Mr Medvedev made the pledge conditional on Georgia signing a pledge not to use force against Abkhazia.

Afterwards he said the EU delegation had handed him a letter, signed by Georgian President Mikhail Saakashvili, pledging not to use force.

The Russian president confirmed that his troops would pull out "from the zones adjacent to South Ossetia and Abkhazia to the line preceding the start of hostilities".

"This withdrawal will be implemented within 10 days after the deployment in these zones of international mechanisms, including not less than 200 observers from the European Union, which must take place not later than 1 October 2008," he said.

But he was uncompromising in his tone towards the Georgian government and the US.

"[Georgia] is trying to reinforce its military capability and some of our partners, especially the United States, are helping them in that."

'Fruitful' talks

The two leaders took part in more than three hours of talks, which also involved the EU foreign policy chief, Javier Solana, and the European Commission head, Jose Manuel Barroso.

Mr Sarkozy, who was pressing Russia to meet the terms of a ceasefire agreement he helped broker on 12 August, described the meeting as "fruitful".

The two leaders were in talks for more than three hours

He said the exact details of the Geneva talks were still under discussion, stressing that the issue of refugees returning to their homes would be at the heart of the meeting.

Russia's call for international talks on the status of the two breakaway regions - part of the 12 August ceasefire deal - proved highly controversial.

President Saakashvili flatly rejected attempts to throw their status into doubt.

Mr Sarkozy will now fly to Tbilisi and run through the latest deal with Mr Saakashvili.

Russian troops entered Georgia on 7 August after responding to Georgian attempts to reassert its control in South Ossetia.

The two regions have had de facto independence since a civil war in the early 1990s, and Moscow has strongly backed their breakaway governments. ]]> http://jehingr.wordpress.com/?p=144 Fri, 05 Sep 2008 07:36:00 +0000 jehingr http://jehingr.it.wordpress.com/2008/09/05/a-review-of-tom-bihns-checkpoint-flyer-day-one/

I have been a customer and fan of Tom Bihn's bags for many years.  You can find a link to them in my Blogroll.  Recently, Tom (yes, there really is a Tom Bihn who is the top guy at Tom Bihn) developed a new computer bag which complies with the new TSA rules and allows you to put your bag through the X-ray machine without removing your computer.  Darcy, who handles customer relations for Tom contacted me and asked me to evaluate this new bag - the Checkpoint Flyer.  Yes, I get to keep the bag, so I am being compensated for this review, which was prepared for their forums.  With that out of the way, here is day one of my experiences with the Checkpoint Flyer.

----------------------------------------

When I arrived home today after running some errands, our one-eyed Irish Setter SUE let me know that she had rescued a box from the clutches of the UPS man.  She told me that it was from somebody named Tom Bihn (actually it was from Darcy, but SUE’s reading skills aren’t always top notch).

Let’s see what’s in it.  The box contains (1) Absolute Strap, (1) Packing Cube: Western Flyer Small Mesh, (1)  Packing Cube: Western Flyer Small Fabric, and (1) Checkpoint Flyer.

That certainly is a nice looking bunch of loot.  I really like the Crimson outer flap on the Checkpoint Flyer.  I'm not as enthused about the grey/white checked interior color scheme, or that the Packing Cubes are identical to the interior of the bag itself.  But that is awfully minor nit-picking so early.

Let's take a closer look at the bag.  Figure 4

 shows the bag empty and all closed up as if ready for travel.  To get it ready for the X-ray machine, you just unbuckle the two buckles at the bottom of the bag an spread it open as shown in Figure 5

and lay it on the belt.  Flip the (red) flap back into it's original position and it is ready to go (Figure 6).

  Your laptop, in my case a 17-inch G4 Mac PowerBook, fits very snugly into the part that is flipped out (Figure 7).  The laptop case is clearly labeled "THIS SECTION FOR LAPTOP ONLY" on a tag in the case.  This is the magic trick that allows the Checkpoint Flyer to fly through the X-ray machine.

Normally, I carry all of my computer related gear in one of Tom Bihn's fabulous Empire Builder cases.  The Empire Builder is a huge bag.  Because it has so much carrying capacity, I tend to bring everything (often including the proverbial kitchen sink) with me - see Figure 8.

I knew that the Checkpoint Flyer would not hold EVERYTHING that I normally pack into my Empire Builder.  But I was really surprised at how little I had to leave out.  Figure 9

 shows the three things that didn't make it into the Checkpoint Flyer - a Radtech bluetooth mouse, my Kensington universal power adapter kit, and a firewire cable that apparently I didn't need to be carrying anyhow.

So what did make it into the Checkpoint Flyer?  Simply all of this (Figure 10):

Now, let's dissect how all of that made it into the bag.  Into the front flap (Figure 11)

 went my reading material for the trip (2 large paperbacks), my travel alarm clock, my iPod, and my earphones (Figure 12).

In the two compartments under the front flap I put some cables, some pens, a couple of MMC cards, the power supply for my Mac and my Airport Express.  They are laying on top of the laptop compartment in Figure 13.

In the large interior compartment (Figure 14)

 I put a lot of stuff.  It should be noted that the two packing cubes would fit side-by-side into this compartment.  I didn't end up using them for this trip, but I will probably explore that in a future load-out.  There are two large pouches at the back of this main compartment.  Into one of them went an old blue Snake Charmer filled with the cables, stand, etc. for my Maxtor firewire external drive and my Kensington mouse.  Into the other pouch went the drive itself, snugly wrapped up in a grey Domke wrap.  I also got a zippered folio/notepad with some papers, my beanbag wrist rest, a mouse pad, and some more cables.  It all fit, but was very crowded as you can see in Figure 15.

In Figures 16

and 17

you can see what the fully loaded Checkpoint Flyer looks like.  In Figure 18

, my father graciously models the loaded bag, while SUE sniffs the load.  Just for reference, Dad stand 5-foot, 9-inches tall (SUE is somewhat shorter).

And just for completeness, Figure 19

 shows the backside of the bag.

If this is going to be my primary bag, I'm going to have to either reorganize in some miraculous fashion or carry less stuff.  The real test will begin tomorrow (or actually just a few hours later this morning) when I start carrying it through airport checkpoints.  Will the convenience be worth the trade off?  Tune in later on this same Bat-channel and I'll let you know what I find.

Pros:

Looks great

Holds more than I anticipated

Good organizational capabilities

Checkpoint fly-by (to be tested)

Awesome Tom Bihn construction will last forever

Cons:

Doesn't hold as much as an Empire Builder (is that really a con?)

Pricey - but not really for the quality and innovation

I apologize if some of my Figures got pretty out of synch with my text.  It's early, and I have to go catch a flight soon.  

A more detailed set of photos can be found at:

 Flickr set

North County Times SAN MARCOS ---- Three drivers were arrested on suspicion of drunken driving at a sobriety checkpoint Sunday night in San Marcos, officials said.

A total of 963 vehicles passed through the checkpoint, which was setup at 1600 San Elijo Road from 7 p.m. Sunday until 1 a.m. Monday, sheriff's deputies said.

For more of this NC TIMES story, click on the URL below:

http://nctimes.com/articles/2008/09/02/news/inland/san_marcos/doc48bcec632d02a548249514.tx

Users are (IIRC) in $FWDIR/conf/fwauth.NDB. It's not a text file. You need to use fwm dbexport to export them into a readable format.

Checkpoint has a visualization tool as well cpdb2html that exports it into html file, with complete ruleset and objects, users etc

In $FWDIR/conf

Edit user.def.NGX_R60 on the SmartCenter or on the relevant CMA on the Provider-1

#define NON_VPN_TRAFFIC_RULES (src=1.1.1.1 or src=2.2.2.2 ,dst=1.1.1.1 or dst=2.2.2.2)

Install the policy

Clear SAs

Enjoy

• Go into expert mode and add users to the /etc/scpusers file.  Create the file if necessary.
• Restart sshd using the command service sshd restart

Enable IP Forwarding - sk25818

• Go into expert mode and type the command "echo 1 > /proc/sys/net/ipv4/ip_forward"

Enable SSH Public key Authentication - sk30366

• Go into expert mode
• mkdir  $HOME/.ssh
• chmod 0700 $HOME/.ssh
• touch $HOME/.ssh/authorized_keys
• chmod 0600 $HOME/.ssh/authorized_keys
• vi $HOME/.ssh/authorized_keys
• :$ (goes to the last line of the file)
• A (appends to the end of the line)
• paste in the key that you have copied from the client
• esc (get out of insert mode)
• : x (save the file and exit)

Restrict a public key authentication to a single command

This recipe is useful if you want to restrict users to a particular operation such as shutdown or reboot.

• Go into expert mode
• edit /home/admin/.ssh/authorized_keys
• Paste in the new key or modify the old key
• At the beginning of the line containing the key insert command="/sbin/shutdown -h now"
• Save and exit
• Change the shell for admin  using the command usermod -s /bin/bash -U admin
• If you prefer to go into the cpshell when logging in interactively then execute the command "echo exec /bin/cpshell > /etc/profile.d/zchngshell.sh

Increase OSPF adjacency memberships on SecurePlatform Pro

• Go into expert mode
• vi /etc/rc.d/init.d/rc.local
• add the line " echo 50 > /proc/sys/net/ipv4/igmp_max_memberships"
• save and exit (: x)

* The first packets of any new TCP session, unless a "template" exists.
* The first packet of any new UDP session.
* All traffic that matches a service that uses a resource.
* All traffic that matches a service that is inspected by a SmartDefence or Web Intelligence feature.
* All traffic that is supposed to be dropped or rejected, according to the rule base.
* All traffic that matches a rule, whose source or destination is the gateway itself.
* All traffic that matches a rule with a security server.
* All traffic that matches a rule with user authentication or session authentication.
* Non-TCP/UDP/GRE/ESP trafic (e.g. ICMP, IGRP, etc.)
* All multicast traffic. **** Prior to IPSO-3.9. In IPSO-3.9 has support for Multicast PIM acceleration for IP225x. IPSO-4.2 supports Multicast PIM acceleration for all Nokia Platforms.
* All fragmented traffic.
* All traffic with IP options.
* RST packets, when the "Spoofed Reset Protection" feature is activated.
* Traffic that violates stateful inspection paradigm or that is suspected to be spoofed.
* Rules where the service has an INSPECT handler (e.g. FTP control connection)
* Rules with action "encrypt" with no VPN H/W Accelerator card.
* All VoIP traffic
* All VPN traffic with IP Compression enabled.
* All directed broadcast traff

Connection establishment acceleration ("templates" mechanism)

In order to enhance connection establishment acceleration, a mechanism attempts to "group together" all connections that match a particular service and whose sole discriminating element is the source port. This type of "grouping" enables even the very first packets of a TCP handshake to be accelerated. This is very useful on short connections, in which the percentage of TCP handshake traffic is very high.

The very first packets of the first connection on the same service will be forwarded to the security gateway, which will then create a "template" of the connection and notify the SecureXL device. Any subsequent TCP establishments on the same service (where only the source port is different) will already be accelerated (as well as any other traffic, of course).

Conditions that will prevent a template from being created:

* All connections that cannot be discriminated ONLY by the source port.
* Traffic subject to NAT.
* VPN traffic.
* Non-trivial TCP/UDP connections (FTP, H323, etc.).
* Non-TCP/UDP traffic.