Similar Questions

• What does that mean 'APEX server has a vulnerable temporary Diffie-Hellman public key?

  Hello

  I use Oracle Cloud Services and I have already created and deployed a java (.war) via two managed servers.

  Now I use cloud services, but the concept should be the same: I would like to have access to the APEX (https://my_dbaaas_ip/apex/pdb1/), but I get the following security message:

  «The server has vulnerable temporary public Diffie-Hellman key...» »

  I also checked to calculate Service (network, safety rules) and port 443 is open and I also created a tunnel via ssh...

  Someone had the same warnng to access the APEX to develop the java application?

  Thank you very much

  Skender

  I think it's a problem of security defined by the Chrome browser...

  Now only accessed via a different browser and it worked!

  Skender

• Change of SSL/TLS group Diffie-Hellman on ASA 5520

  dh-group SSL control was introduced in 9.3 (2) which is not available to ASA 5520. Is others possible to force ssl vpn to use the diffie-hellman > 1024 bits on this system?

  Sorry miss-read the question.  As far as I know, we can't specify the Diffie-Hellman on the SAA group before 9.3 (2).

  --

  Please do not forget to select a correct answer and rate useful posts

• 38.1.0, getting new mail is no longer works. Bug CAUSE deadlock/weak Diffie-Hellman for key 1185060 SOLUTION mitigation requires the TLS/SSL security key length > = 1024

  That's about all. After the upgrade, I can no longer receive mail. I can send, but it does not put a copy in the "sent" folder and I get an error.

  "There was an error saving message in sent. Try again? »

  But the message on the other end.

  I checked the same email on my phone and Webmail accounts. No problem.

  I deleted the account and tried to add it back, but get an error:

  "Invalid username or password"
  "Setup could not be verified - is the name of user or wrong password?

  The user name and password are correct. Yet once, nothing changed with the account mail and it market in Webmail and on my iPhone.

  Any help would be greatly appreciated!

  Same problem here. In my case, I control the server. So I had my software update server admins and install a 2048-bit key instead of the old key of 768 bits. (By the way, for those who have their own server faced with this problem, you must switch to cPanel/WHM 11.5 to be able to upgrade the key. Older versions store more 768 bit keys for SSH.)

  Now, most of my accounts work. However, one account is always the error.

  When I check the error console, I find the following:

  Timestamp: 22/07/2015 08:44:35
  Error: An error occurred during a connection to [domain]: 143.

  Cannot communicate securely with counterpart: no common encryption algorithm.

  (Error code: ssl_error_no_cypher_overlap)

• What power of the Diffie-Hellman encryption and authentication hash group do you use?

  Hi guys,.

  I just want to understand what people are using and prefer the investigation.

  • Diffie-Hellman group do you use or do you think is enough?
  • What Type of encryption & bits do you use?
  • What Type of hash & bits do you use?
  • Do you use the same parameters for Phase 2?
  • Do you use the Diffie-Hellman PFS for Phase 2 group?

  To make things more neat, you can respond to the following format:

  Phase 1 ISAKMP policy

  • Diffie-Hellman Group 5
  • AES 128
  • SHA 384

  IPSec policy phase 2

  • No PFS
  • AES 256
  • SHA 256

  Andrew,

  Cisco's perspective on what the client should work at least.

  http://www.Cisco.com/Web/about/security/intelligence/nextgen_crypto.html#16

  M.

• I spent hours on web sites looking for advice clean my iMac - they were all dead ends.  I send a question to this 'Community' first, but must have done it badly because there was no trace of it.  I have the effect on this model beach ball

  I spent hours on web sites looking for advice clean my iMac - they were all dead ends.  I send a question to this 'Community' first, but must have done it badly because there was no trace of it.  I now have the beach on this computer ball effect.  Are there places I can delete cookies etc to help out?  Thank you for your help.

  horse8905

  Don't know what's happening, you do not give a lot of information, but if you have the constant beachballing (spinning wait cursor), which could mean that the hard drive is dying.

  Open Console.app in Applications > utilities. Filter, called "String Matching," right, high enter "I/o" without the quotes. What happens when you do this?

• DEAD-END ADOBE FLASH PLAYER 11 BUT NO PIC.

  DEAD-END ADOBE FLASH PLAYER 11 BUT NO PIC.   ALL THE PROGRAMS I'M LOOKING AT SAYS I NEED FLASH PLAYER 11, I HAVE SO INSTALLED SUCCESSFULLY BUT STILL ASKING ME TO INSTALL PROGRAMS.

  Hello

  Check with Support Adobe and their forums.

  Adobe - Support
  http://www.Adobe.com/support/

  Adobe - communities
  http://www.Adobe.com/communities/

  Adobe - Forums
  http://forums.Adobe.com/index.jspa

  ------------------------------------------

  You may need to uninstall Flash Player and reinstall.

  How to uninstall the Adobe Flash Player plug-in and ActiveX control - download utility uninstall
  http://kb2.Adobe.com/CPS/141/tn_14157.html

  Troubleshoot Flash Player installation | Windows
  http://kb2.Adobe.com/CPS/191/tn_19166.html

  Or

  Download Revo Uninstaller - free Version - and use it to uninstall Flash
  http://www.revouninstaller.com/revo_uninstaller_free_download.html

  Reset

  Now try Flash:

  Download Flash Player (do not install the Google toolbar unless you really want to).

  http://get.Adobe.com/flashplayer/

  or:

  Test of Shockwave and Flash players
  http://www.Adobe.com/Shockwave/welcome/

  http://www.Adobe.com/software/Flash/about/

  ---------------------------

  If there are still problems when running Flash Player:

  Troubleshooting drive stabiility and performance
  http://blogs.Adobe.com/JD/2010/02/troubleshooting_player_stabili.html

  Flash Player Support Forums<-- more="" knowledgeable="" flash="" player="" help="" available="">
  http://forums.Adobe.com/community/webplayers/flash_player

  I hope this helps.

  Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle="" -="" mark="" twain="" said="" it="">

• Server has a small ephemeral Diffie-Hellman public key ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

  Hello

  I first Cisco and I get the following error when I go to open a session. I used IE, Chrome, Firefox, but have the same condition. To get the solution.

  Server has a low public key ephemeral Diffie-Hellman

  ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

  Create a new shortcut and click on the link provided to run the program.  Make sure that Chrome is in the right place of the folder.

• Diffie-Hellman - ASA firewall groups

  Hi all

  A couple of questions I hope you can help me with that.

  Please can you tell me where I would change the Diffie-Hellman group for phase 1 on an ASA firewall and is - it possible on the ASDM?

  Also, you must enable PFS have to DH on the phase 2?

  Thank you very much

  Alex

  Hello Alex,.

  You can change the Diffie-Hellman group for phase 1 of ASA by configuring the following command:

  crypto ISAKMP policy

  Group

  To configure the same ASDM, go to the

  Configuration > VPN Site to Site > connection profiles > add/edit

  You will find in settings, IPsec, encryption algorithms. Click on 'Manage' icon on the right of "IKE policy". Click OK.

  Click on Add/Edit and there will be an option to change the Diffie-Hellman group.

  And finally, what about the PFS application, you can enable PFS to be DH in phase 2. activation of PFS will force a new Exchange of key DH for phase 2.

  Note: it is not mandatory, its optional. If its configured on one side, then it must be on the remote side as well.

  Kind regards

  Dinesh Moudgil

• Server has a weak and ephemeral Diffie-Hellman public key

  Seems 45 Chrome and Firefox 40 block ciphers DHE

  Today, we get the following errors when you browse the vRO Web Interface (and the Configuration interface)

  Tested with the device of the two vRO 6.0.1 and 6.0.2 versions

  Everyone knows this?  And is there no work around better than using the '-cipher-suite-blacklist = "parameter in Chrome?

  I have raised a support ticket with VMware, but thought it would be an idea to post here as well.

  Chrome:

  

  Server has a weak and ephemeral Diffie-Hellman public key

  ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

  Hide details

  This error can occur when you connect to a secure (HTTPS) server. This means that the server tries to establish a secure connection, but because of a disastrous misconfiguration, the connection would be not sure at all!

  In this case, the server must be fixed. Google Chrome will not use unsecured connections to protect your privacy.

  Learn more about this problem.

  Firefox:

  

  The secure connection failed

  An error occurred during a connection to vro-device - hostname:8283. SSL has received a low ephemeral Diffie-Hellman key in the handshake message exchange the server key. (Error code: ssl_error_weak_server_ephemeral_dh_key)

  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

  Contact the web site owners to inform them of this problem.

  You can try to change the two server.xml file in: / etc/vco/app-server and/etc/vco/configuration in the update of the file server.xml "ciphers" attribute by removing TLS_DHE_... ciphers. Then, restart the vco-server, vco-configuration services server vco and vco-configuration services

• Invalid key exception: no type of key: public key RSA Sun, 1024 bits

  I'm trying to recover Microsoft Keystore certificates and extract its key using SunMSCAPI in the jdk 1.6. It gives me an exception for invalid key when I try to wrap the symmetric key (what was once to perform AES encryption on data), using the RSA algorithm.
  
  Code snippet:

             // RSA 1024 bits Asymmetric encryption of Symmetric AES key              
              // List the certificates from Microsoft KeyStore using SunMSCAPI.
                    System.out.println("List of certificates found in Microsoft Personal Keystore:");
  
                     KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI"); 
                     ks.load(null, null) ;
                     Enumeration en = ks.aliases() ;
                     PublicKey RSAPubKey = null;
                     Key RSAPrivKey = null;
                     int i = 0;
                     while (en.hasMoreElements()) {
                          String aliasKey = (String)en.nextElement() ;              
                          X509Certificate c = (X509Certificate) ks.getCertificate(aliasKey) ;     
                          String sss = ks.getCertificateAlias(c);
                          if(sss.equals("C5151997"))
                          {
                          System.out.println("---> alias : " + sss) ;
                          i= i + 1;
                          String str = c.toString();
                          System.out.println(" Certificate details : " + str ) ;
                        RSAPubKey = c.getPublicKey();
                          RSAPrivKey = ks.getKey(aliasKey, null);  //"mypassword".toCharArray()
                          Certificate[] chain = ks.getCertificateChain(aliasKey);     
                          }
                     }
                     
                     System.out.println("No of certificates found from Personal MS Keystore: " + i);
                  
              // Encrypt the generated Symmetric AES Key using RSA cipher      
                      Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", ks.getProvider().getName());            
                     rsaCipher.init(Cipher.WRAP_MODE, RSAPubKey);
                     byte[] encryptedSymmKey = rsaCipher.wrap(aeskey);    
                     System.out.println("Encrypted Symmetric Key :" + new String(encryptedSymmKey));
                     System.out.println("Encrypted Symmetric Key Length in Bytes: " + encryptedSymmKey.length);
                     
                     // RSA Decryption of Encrypted Symmetric AES key
                     rsaCipher.init(Cipher.UNWRAP_MODE, RSAPrivKey);
                     Key decryptedKey = rsaCipher.unwrap(encryptedSymmKey, "AES", Cipher.SECRET_KEY);

  Output:
  
  List of certificates in Microsoft personal Keystore:
  -> alias: C5151997
  Certificate details:]
  [
  Version: V3
  Object: CN = C5151997, O = SAP - AG, C = OF
  Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  
  Key: Sun public key RSA 1024 bits
  modulus: 171871587533146191561538456391418351861663300588728159334223437391061141885590024223283480319626015611710315581642512941578588886825766256507714725820048129123720143461110410353346492039350478625370269565346566901446816729164309038944197418238814947654954590754593726047828813400082450341775203029183105860831
  public exponent: 65537
  Validity: [from: Mon Jan 24 18:17:49 IST 2011,]
  [To: Wed Jan 23 18:17:49 IST 2013]
  Issuer: CN = SSO_CA, O = SAP - AG, C = OF
  Serial number: [4d12c509 eb85 00000005]
  
  Certificate extensions: 6
  [1]: ObjectId: 2.5.29.14 criticality = false
  [SubjectKeyIdentifier
  [KeyIdentifier
  0000: 07 E5 83 A1 B2 B7 DF 6 b 4 b 67 1 and 9 D 42 C9 0 D F4... kKg... A.M..
  0010: 35 76 D3 F7 5v...
  ]
  ]
  
  [2]: ObjectId: 2.5.29.35 criticality = false
  [AuthorityKeyIdentifier
  [KeyIdentifier
  0000: E4 C4 2 93 20 AF DA 4 C 53 68 4A C0 CE E7 F2, 30. .. L.ShJ... 0
  0010: 0C 3 B 8 C 9 A. ;.
  ]
  
  ]
  
  [3]: ObjectId: 1.3.6.1.4.1.311.21.7 criticality = false
  Unknown extension: coded DER BYTE string =
  0000: 04 30 30 2 06 26 2 b 06 01 04 01 82 37 15 08 82.00... & +... 7...
  0010: D1 E1 73 E4 84 FE 0B FD 84 8 B 15 83 E5 1B 90 83... s.............
  0020: 43 81 62 84 B1 A1 E6 DA 50 14 02 01 64 02 9TH D3... C.b... P...d.
  0030: 01 1B...
  
  
  [4]: ObjectId: 2.5.29.17 criticality = false
  [SubjectAlternativeName
  RFC822Name: [email protected]
  ]
  
  [5]: ObjectId: 2.5.29.15 criticality = true
  [KeyUsage
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  ]
  
  [6]: ObjectId: 2.5.29.19 criticality = true
  BasicConstraints:]
  CA:false
  PathLen: undefined
  ]
  
  ]
  Algorithm: [SHA1withRSA]
  Signature:
  0000: B3 C5 8 66 92 F4 CC D7 ED 6 51 12 63 52 18 B9... f... mQ.c... R.
  0010: B8 A6 78 7 78 18 ED F7 DA 71 09 AE 49 23 C8 C9... .. x...x. q... I have #.
  0020: F5 2F 32 0F D1 C0 08 4 2 B 6 D 3 C B9 5F 5B B5 11. 2 /... L + m <... _ [.]
  0030: 05 D9 CA E6 F9 0 a 94 14 E7 C6 7 a 63 DB FE E5 CE... z.c...
  94 0040:48 8 c 0D 77 92 59 34 6 77 1 a 24 FE E3 C1 H...w. Y .4nw$...
  0050: 0 B 52 6 D8 HAS 7TH 22 13 71 F8 AF 17 64 4F C8 D1 D7... RJ. ». q... dO
  0060: 83 EA 2D 6a CA 7F C3 84 37 15 FE 99 73 1 D 7 C D1... - j... 7... s...
  0070:6 B4 99 09 62 B9 0F 18 33 4 66 C6 7 a 9F C0 DB m... b... 3L. FZ...
  
  ]
  None of the found certificates in personal key MS: 1
  Exception in thread "main" java.security.InvalidKeyException: unsupported key type: RSA Sun public key, 1024 bits
  modulus: 171871587533146191561538456391418351861663300588728159334223437391061141885590024223283480319626015611710315581642512941578588886825766256507714725820048129123720143461110410353346492039350478625370269565346566901446816729164309038944197418238814947654954590754593726047828813400082450341775203029183105860831
  public exponent: 65537
  at sun.security.mscapi.RSACipher.init(RSACipher.java:176)
  at sun.security.mscapi.RSACipher.engineInit(RSACipher.java:129)
  at javax.crypto.Cipher.init(DashoA13*..)
  at javax.crypto.Cipher.init(DashoA13*..)
  at com.sap.srm.crpto.client.applet.CryptoClass.main(CryptoClass.java:102)
  
  Published by: sabre150 on July 18, 2011 03:47
  
  Added [code] tags to make the code readable.

  A little research indicates the key classes gets by

                        RSAPubKey = c.getPublicKey();
                             RSAPrivKey = ks.getKey(aliasKey, null);  //"mypassword".toCharArray()
  

  are sun.security.rsa.RSAPublicKeyImpl and sun.security. * mscapi *. RSAPrivateKey. It seems that Cipher objects from the SunMSCAPI provider cannot accept class sun.security.rsa.RSAPublicKeyImpl RSA public keys and that the SunMSCAPI will accept only class sun.security.mscapi.RSAPrivateKey RSA private keys.

  This came in another form a couple of years. It makes sense because the packaging/encryption with a public key does not represent a security problem (there no secret in cryptographic operations) once done outside MSCAPI can use any provider who has the ability , BUT unpacking/decryption must be done with the SunMSCAPI provider which it delegates to the MSCAPI.

  My test code of work based on your code for implementation of this approach is:

          // RSA 1024 bits Asymmetric encryption of Symmetric AES key
          // List the certificates from Microsoft KeyStore using SunMSCAPI.
          System.out.println("List of certificates found in Microsoft Personal Keystore:");
  
          KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
          ks.load(null, null);
          Enumeration en = ks.aliases();
          PublicKey RSAPubKey = null;
          Key RSAPrivKey = null;
          int i = 0;
          while (en.hasMoreElements())
          {
              String aliasKey = (String) en.nextElement();
              X509Certificate c = (X509Certificate) ks.getCertificate(aliasKey);
              String sss = ks.getCertificateAlias(c);
              if (sss.equals("rsa_key")) // The alias for my key - make sure you change it back to your alias
              {
                  System.out.println("---> alias : " + sss);
                  i = i + 1;
                  String str = c.toString();
                  System.out.println(" Certificate details : " + str);
                  RSAPubKey = c.getPublicKey();
           System.out.println(RSAPubKey.getClass().getName());
                 RSAPrivKey = ks.getKey(aliasKey, null);  //"mypassword".toCharArray()
          System.out.println(RSAPrivKey.getClass().getName());
                  Certificate[] chain = ks.getCertificateChain(aliasKey);
              }
          }
          System.out.println(ks.getProvider().getName());
          System.out.println("No of certificates found from Personal MS Keystore: " + i);
          Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");//, ks.getProvider().getName());       !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
              rsaCipher.init(Cipher.WRAP_MODE, RSAPubKey);
          byte[] keyBytes =
          {
              1, 2, 3, 4, 5, 6, 7, 8, 2, 3, 4, 5, 6, 7, 8, 9
          };
          SecretKey aeskey = new SecretKeySpec(keyBytes, "AES");
          byte[] encryptedSymmKey = rsaCipher.wrap(aeskey);
          System.out.println("Encrypted Symmetric Key :" + Arrays.toString(encryptedSymmKey));
          System.out.println("Encrypted Symmetric Key Length in Bytes: " + encryptedSymmKey.length);
  
          // RSA Decryption of Encrypted Symmetric AES key
          Cipher unwrapRsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", ks.getProvider().getName());       //!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
          unwrapRsaCipher.init(Cipher.UNWRAP_MODE, RSAPrivKey);
          Key decryptedKey = unwrapRsaCipher.unwrap(encryptedSymmKey, "AES", Cipher.SECRET_KEY);
          System.out.println("Decrypted Symmetric Key :" + Arrays.toString(decryptedKey.getEncoded())); // Matches the 'keyBytes' above
  

• Slideshow of Bridge CS4 64 bit will not end with the ESC key

  I just installed CS4 64 bit on a new computer with Windows 7 64 bit. I did the update now bridge sees my 5 d MkII Canon CR2 files but when I enter slideshow... which I use a lot to quickly examine images, I can not finish the slide show with the normal key ESC shot... Which really kills the utility of the slide show. Suggestions to do this at work or in other ways to close the slide show? Now, the only option is to croll through all images in the folder in which point slide show closes.

  Although there is no such thing as the 64-bit CS4, CS4 32 bit should work fine on a 64-bit computer.

  That cannot be done new is average, it's perfect.  See if the ESC key works with other programs. This function should be controlled by the operating system.

• Double click on the arrow to the left on the tab bar creates a new tab at the end of the right hand.

  With Firefox 29.0.1 by double clicking on the arrows on the right in the tab bar or the left creates a new tab at the end of the right hand of the tab bar. It is embarrassing behavior that violates standards around UI design click and double-click. A double-click should extend the behavior of the single click rather than do something completely different (opening a new tab). An example would be, in a Word, a single click selects a Word, double click selects the sentence and a triple click selects the paragraph. Note that this is a separate issue from double click the tab bar itself to create a new tab.

  When there are more tabs on the tabs in the window toolbar, that highlight the tabs on the side will not hold show tab in use. I can click on the left and right arrows at the end of the tab bar to scroll the bar in this sense to bring a tab I want to select in the display. I believe that the double click on the arrow to the left would scroll the bar completely to the right, exposing the tab on the left Double click on the right arrow would scroll the bar left entirely exposing the rightmost tab.

  It is a logical extension and expected behavior of single click. Single click - scroll once (seems to be the value of the tab in three), double-click on - scroll all the way.

  For now, if I want to access the tab on the left, I have to click the arrow slowly and carefully until I get to it. I used only one quick click on the arrow to the left until that shponkah stop scrolling without having to count how many clicks. It is possible that my simple quick clicks were actually double-click. However, the bar tabs would stop scrolling when it reaches the end.

  Now, the behavior is really annoying and unexpected. Double click on left dead entirely right tabs completely left arrow and creates a new tab at the end of the right hand. Ditto the arrow right in the opposite direction.

  While I can (maybe) see that the value of a double click on the tab bar itself to create a new tab, double click on one of the scroll arrows should show a new tab.

  Double click on the arrows of the tab should scroll the tab fully for this purpose bar. If the tab bar is already entirely Scrolls towards ending extra clicks (single, double and triple...) should be ignored.

  I like the idea of opening a new tab to the right of the one that has the focus. This should be an option of the contextual right click menu.

  That should not occur if you click the scroll buttons in the tab bar.
  A double-click should act as page up/down and move a full screen and a triple click should move to the left (first tab) or the right (last) until now tab.

  Start Firefox in Safe Mode to check if one of the extensions (Firefox/tools > Modules > Extensions) or if hardware acceleration is the cause of the problem.

  • Put yourself in the DEFAULT theme: Firefox/tools > Modules > appearance
  • Do NOT click on the reset button on the startup window Mode safe
  • https://support.Mozilla.org/KB/safe+mode
  • https://support.Mozilla.org/KB/troubleshooting+extensions+and+themes

• Process Firefox32 fails to put an end to the exit.

  When I leave the Firefox.exe Firefox 8 * 32 process does not end and must be completed manually before I can open Firefox again.

  Had to roll back to 6.02
  Win7 64 bit.

  If the Firefox process does not stop when you close Firefox, the process is "hooked".

  Please read the bandages of a hyperlink.

• VI locked at the end of the sequence

  Hello

  I'm pretty new to LabVIEW and very new to TestStand, so I hope it's just a case of me being a bit thick.

  I have a sequence calling a few screws it is a mixture of purely based on windows screws and a host of Windows VI for an FPGA on VI.

  If I test a scenario with the file in a sequence, then all is well. If, however, I try to run it again, it seems that the VI is not running at the end of the sequence (in spite of fill a TestStand get its test result data). I get the following error information:

  Details:

  Close the file to Test Controller.vi-> Test Controller.vi.ProxyCaller
  LabVIEW: An input parameter is not valid. For example if the input is a path, the path can contain a character not allowed by the operating system such as? or @.
  =========================
  NOR-488: Command requires GPIB controller charge controller.

  Error code:

  1; User-defined error code.

  Any help would be greatly appreciated. I've been hunting around for help, manuals, forums and the internet in general for much of the day without success.

  See you soon,.

  Simon

  It must unload the VI if all measures that use the VI have a similar setting. If the VI is used nowhere else, charge time is actually the longest of all the places where it is used. Also if an another VI which is always loaded as references that VI will effectively keep the vi loaded. Since all unload unloads all the modules, it is possible that somehow made VI refers to VI another you always load.

  Hope this helps,

  -Doug