How to prevent your PEN drive from VIRUS

How to prevent your PEN drive from VIRUS

• Connect your Pen Drive or USB drive to your computer.
• Now a dialogue window will popup asking you to choose among the options as Don’t choose any of them , Just simply click Cancel.
• *Now go to Start–> Run and type cmd to open the Command Prompt window .
• *Now go to My Computer and Check the Drive letter of your USB drive or Pen Drive. ( E.g. If it is written Kingston (I:) , then I: will be the drive letter .)
• *In the Command Window ( cmd ) , type the drive letter: and Hit Enter .
• *Now type dir/w/o/a/p and Hit Enter
• *You will get a list of files . In the list , search if anyone of the following do exist
• 1. Autorun.inf
• 2. New Folder.exe
• 3. Bha.vbs
• 4. Iexplore.vbs
• 5. Info.exe
• 6. New_Folder.exe
• 7. Ravmon.exe
• 8. RVHost.exe or any other files with .exe Extension .
• If you find any one of the files above , Run the command attrib -h -r -s -a *.* and Hit Enter.
• Now Delete each File using the following Command del filename ( E.g del autorun.inf ) .
• That’s it . Now just scan your USB drive with the anti virus you have to ensure that you made your Pen Drive free of Virus .

Remove Recycled Virus

To manually remove it follow the following steps (Note you should understand what you’re about to do, you try it at your own risk!)

1. Boot your system in Safemode
2. Go to command prompt, in Drive C do the following commands.
3. Type -> ATTRIB -H -R -S AUTORUN.INF then press enter
4. Type -> DEL AUTORUN.INF then press enter
5. Type -> ATTRIB -H -R -S Recycled then press enter
6. In Windows Explorer in Safemode, remove the folder Recycled in drive C use Shift-Delete to delete the folder.
7. Repeat Step 3 to 6 for all drives of your system including the USB drive.
8. Search for CTFMON.EXE in your system using the Search of Windows found in Start Menu. If you find a file that is not located in C:\WINDOWS\SYSTEM32, delete it immediately. Dont forget to empty the recycle bin afterwards (Usually the virus will copy itself in the Startup folder of the Startmenu. Check if the file is present there and delete it then.)

How to install Alfresco Application

As per my client request today I have installed Alfresco Enterprise version in my window platform.It is very good Open source CMS tools.My client using this tool only for Document Management

Here I am Posting the installtion steps

Installation Guide Alfresco Application

1. Install Tomcat Application server in Alfresco Folder
2. Configure Tomcat for Alfresco Application

 Create the directories required for an Alfresco installation:

1. Create the shared/classes directory.
2. Create the shared/lib directory.

       Open the <TOMCAT-HOME>/conf/catalina.properties file.
       Change the value of the shared.loader= property to the following: shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar

        Edit the <TOMCAT_HOME>/conf/server.xml file as below
<Connector port="80" protocol="HTTP/1.1" URIEncoding="UTF-8"
               connectionTimeout="20000"
               redirectPort="8443" />
Save server.xml file
        Go C:\Alfresco\tomcat\bin folder and edit catlina bat file
Add the value as
:noJuliConfig
set JAVA_OPTS=%JAVA_OPTS% %LOGGING_CONFIG%  -Xms128m -Xmx512m -Xss96k -XX:MaxPermSize=160m

3. Install My Sql and set path in environment variable and make sure MySQL are running by command mode also.

4. MySQL database Configuration

Put jdbc  mysql-connector-java-5.1.7-bin jar file under the C:\Alfresco\tomcat\lib

Run database file script which is provided by Alfresco for database creation.

Make sure alfresco database is created

4. Configuration Alfresco application.

Extract the setup WAR file

alfresco.war file and share.war files from C:\alfresco-enterprise-3.4.1\web-server\webapps to the appropriate location for your application server. For example, for Tomcat, move the .war files to the <TOMCAT_HOME>/webapps directory.

Edit the /shared/classes.alfresco-global.properties.sample file from      C:\alfresco-enterprise-3.4.1\web-server\shared\classes with your configuration settings.

     Save the file without the .sample extension.

Move the alfresco-global.properties file to <classpathRoot>. For example, <TOMCAT_HOME>/shared/classes

Create the the folder structure as below mentioned

bin and licenses folder taken from as a copy from C:\alfresco-enterprise-3.4.1 setup file location

Copy alfresco folder from  C:\alfresco-enterprise-3.4.1\web-server\shared\classes to C:\Alfresco\tomcat\shared\classes
Edit the alfresco-global.properties

Put  your license file (XYZ.lic.installed) to location        C:\Alfresco\tomcat\shared\classes\alfresco\extension\license with rename the file

XYZ.lic (remove only postfix extension).

5. Restart the Tomcat  -- Deploy your alfresco as well as share application

During deployment getting some exception or error please ignore.

Check alfresco application

http://localhost:8080/alfresco 

By default user ID: admin

                  Password: admin

Check share application
http://localhost:8080/share   (admin/admin)

New Track for OpenSSO-->OpenAM

A Norwegian startup is assuming responsibility for maintaining an open source web authentication technology originally developed by Sun Microsystems, and seemingly neglected by Oracle, which purchased Sun in January. The company, ForgeRock, has released a new version of Sun's Open Single Sign On (OpenSSO) Enterprise software, called OpenAM, that adheres to the OpenSSO roadmap established by Sun.
"It's a pretty easy migration path for all the customers who have found themselves stranded on OpenSSO. They can safely migrate to a current version," said Simon Phipps, chief strategy officer at ForgeRock, and former chief open source officer at Sun. Phipps was one of a number of employees who have joined ForgeRock since Oracle's purchase of Sun.
Oracle continues to display a page on its website for OpenSSO, though it has removed the free downloadable version of the product. The company has not made any announcements about future releases of the software, and did not respond to a request for comment.

In February, ForgeRock issued its first release of OpenAM, the name was changed for trademark reasons, which was basically a snapshot of Sun OpenSSO Enterprise 8. OpenAM 9.5 is the first version that upgrades the software from the Sun version.

The software package includes a number of updates, including the ability to support version 2 of the Security Assertion Markup Language (SAML), a standard for exchanging authorisation information across different systems. It also includes a new monitoring framework, and a new version of the directory server, called OpenDS. Patches issued since the last release of OpenSSO have also been rolled into the new version, and various bugs have been fixed as well.
Sun created OpenSSO in 2005 as an open source version of the Sun Java System Access Manager, licensing the software under the Common Development and Distribution Licence (CDDL). The software was designed for large transactional websites that require users to log in and keep accounts.
"This enterprise identity middleware was actually a big success at Sun. It was doing very well at competing with IBM, Oracle and CA," Phipps said. The company estimates that OpenSSO has a customer base in "the low four digits," said Allan Foster, who heads US operations for the company and is a former Sun support manager for OpenSSO.
"Pretty much every day we get an email from some company that was doing an evaluation of OpenSSO, and they want to move on to a pilot or even a full-production deployment, and they discovered that they can't buy a subscription to it, so they come to us," Phipps said.
Upgrading from OpenSSO Enterprise 8 to OpenAM version 9.5 should be a largely painless transition, Phipps promised. Those using the older version of OpenDS may have to do some work to upgrade to the newer version of that server but "on the whole, customers will find that this is a pretty seamless update," Phipps said.
While the software itself is open source, ForgeRock sells enterprise subscriptions for support and maintenance. At least one other company, OSSTech in Japan, is also working on and selling support for OpenAM. OpenAM is one component of ForgeRock's I3 enterprise platform, which also includes OpenESB (an enterprise service bus), OpenIdM (an identity access manager) and OpenPortal.

Last week, at the O'Reilly Open Source Conference (OSCON), Phipps gave a talk about how an open source project can survive after it loses corporate support. In addition to working with OpenAM, Phipps is also on the governing board for OpenSolaris, another open source software package inherited by Oracle whose future remains uncertain.
In the case of OpenSolaris, Phipps noted that there are portions of the operating systems that are not open source, and so assuming control of the software would be difficult for the OpenSolaris community, or another company. Another roadblock to OpenSolaris' survival outside of Oracle is that most of the engineers who worked on OpenSolaris were Sun Microsystems employees, and now are Oracle employees. Unless Oracle allows them to continue contributing to the code base, it is doubtful that enough outside expertise exists to keep maintaining and improving the OS.
In the case of OpenSSO, ForgeRock has hired a significant number of ex-Sun engineers who are familiar with the product. Most did not develop the software itself, but rather worked as customer support specialists who were highly knowledgeable with the code base, Phipps said.

After more than 18 months of development, Norway-based ForgeRock has announced the availability of version 9.5 of its OpenAM access management product. Discussing the announcement, ForgeRock chief strategy officer and former Chief Open Source Officer at Sun Microsystems Simon Phipps said, “This is an important milestone for the OpenAM community”, adding that, “This achievement marks the first fully community-sourced release of OpenAM. We’re very pleased that users of OpenSSO Enterprise 8 can easily and freely migrate to OpenAM 9.5 now that the updates have been made.”
OpenAM 9.5 features fine-grained authorisation based on XACML, a new monitoring framework and enhanced multi-platform support. Other changes include the addition of enterprise single sign-on, and various speed, reliability and performance enhancements. The underlying replication architecture has also received a number of changes, including updates to the federation implementation and use of the OpenDS 2.3 engine in the embedded configuration store.
OpenAM is based on Sun's OpenSSO product which Oracle have apparently abandoned. The open source authentication, authorisation, entitlement and federation product was rescued for the community by ForgeRock in February and renamed OpenAM for trademark reasons. OpenAM is complemented by a range of ForgeRock's other products: OpenESB, OpenIdM and OpenPortal (based on LifeRay).
More details about the release can be found in the official press release and in the release notes. OpenAM 9.5 is available to download from the ForgeRock downloads page.

CSR Decoder to decode your Certificate Signing Request

As per my client request need to check our application base generated CSR to varify that it contains the correct information. A Certificate Signing Request is a block of encoded text it can'nt be possible to verify with our eye.
"
Use this CSR Decoder to decode your Certificate Signing Request and and verify that it contains the correct information. A Certificate Signing Request is a block of encoded text that contains information about the company that an SSL certificate will be issued to and the SSL public key. Once a CSR is created it is difficult to verify what information is contained in it because it is encoded. Since certificate authorities use the information in CSRs to create the certificate, you need to decode CSRs to make sure the information is accurate. To check CSRs and view the information inside of them, simply paste your CSR into the box below and the AJAX CSR Decoder will do the rest. Your CSR should start with "-----BEGIN CERTIFICATE REQUEST----- " and end with "-----END CERTIFICATE REQUEST----- ". If you are interested, you can also learn more about Certificate Signing Requests. Once you have your CSR, use our SSL Wizard to find the best SSL provider.


"I am searching some ways in google and found that one of site where i got my solution's.

So I am posting the site name -->http://www.sslshopper.com/csr-decoder.html

Open SSO now OpenAM selection criteria

If we have few hundreds applications (web-based and non web-based).  Need to have a concise selection criteria for them.

There are 2 types of policy agents available from OpenSSO:

1. Web Policy Agent

2. J2EE Policy Agent

In order to integrate applications for Single Sign-On with OpenSSO, they must be:

1. web-based

2. authenticate with a common authentication repository

3. supported by available policy agents from OpenSSO

If applications are customizable, Web Policy Agent will be chosen. Otherwise, if applications are pure J2EE-based that utilize the Java Authentication and Authorization Service (JAAS), then J2EE Policy Agent will be chosen.

If the above 2 criteria cannot be met, then ESSO will be chosen.

Global Password Policy in Sun Directory Server 5.2

Global Password Policy in Sun Directory Server 5.2

 

bash-3.00# ldapsearch -p 389 -D "cn=Directory Manager" -b "cn=Password Policy,cn=config" objectclass=*

Enter bind password: 

version: 1

dn: cn=Password Policy,cn=config

objectClass: top

objectClass: passwordPolicy

cn: Password Policy

passwordInHistory: 0

passwordStorageScheme: SSHA

passwordUnlock: on

passwordMustChange: off

passwordNonRootMayResetUserpwd: off

passwordWarning: 86400

passwordExpireWithoutWarning: on

passwordLockout: off

passwordMinLength: 6

passwordMaxFailure: 3

passwordMaxAge: 8640000

passwordResetFailureCount: 600

passwordisglobalpolicy: off

passwordChange: on

passwordExp: off

passwordLockoutDuration: 3600

passwordCheckSyntax: off

passwordMinAge: 0

passwordRootdnMayBypassModsChecks: off

Active Directory and LDAP

Active Directory and LDAP------
Provides a directory for a Microsoft network:

Centrally manage

Central security

Central user administration

Integrates with DNS

Information replication

Provides all the services a domain controller did

LDAP vs Databases

·       Read-write ratio - LDAP is read optimized

·         Extensibility - LDAP schemas are more easily changed

·         Distribution - with LDAP data can be near where it is

·         needed, and highly distributed

·         Replication - with LDAP data can be stored in multiple

·         locations

·         Different performance - directories used for many

·         different applications, and queries are usually simpler,

·         but many more of them

·         Data sharing - LDAP is designed for sharing data,

·         databases designed for one application

·         Database objects have complex relationships

·         Transaction model - LDAP transactions are simple -

usually changing one entry, databases can modify

much more

·         Size of information - LDAP is better at storing small bits

of information

·         Type of information - LDAP stores information in

attributes

·         Naming model - LDAP is hierachical

·         Schemas - database schemas are entirely user defined,

directories have core schemas to help interoperability

·         Standards are more important for directories - LDAP

clients can talk to any LDAP server.

What is DSML

DSML

Directory Service Markup Language combines directory services technology (LDAP ) with XML syntax to provide an easy way to share and use personalized data across company and technology boundaries.

The DSML effort was announced by creator Bowstreet on July 12, 1999. Initiative supporters include AOL-Netscape, Sun Microsystems, Oracle, Novell, Microsoft, and IBM

Q:What is a "Directory Service Markup Language"?A vocabulary and schema (a structured framework) for describing the structure and content of directory services information in an XML Document. Directory information can then be easily used by any application that makes use of XML, including browsers and e-commerce applications - enabling frictionless e-commerce.
Q:What is DSML.org?
This Web site is intended to provide more information on the DSML spec, its partners and future developments. Here you will find most recent news and events surrounding the DSML initiative.
Q: How can I view the specification?
To download a zip file containing the full DSML 1.0 specification, the DTD and the Biztalk schema formats, click here.
Q:Who were the founding members of the standard?Bowstreet introduced the initial draft of the DSML specification. The founding members at the time were IBM, Microsoft, Novell, Oracle and the Sun-Netscape Alliance. The working group of dsml.org has sent the final draft of the specification to OASIS.
Q:Who is developing and working on DSML 2.0?
Many organizations, including the founding members of DSML.org have signed up to work on the technical committe, which will further develop the DSML standard.
Q: Why has DSML been created?
To standardize the way directory services information is represented in XML. With a recognized standard, applications can be written to make use of DSML and capture the scalability, replication, security and management strengths of directory services.
Q: What's special about DSML that makes it an essential building block for e-commerce applications?
Directories are the best tools for managing the meta-data about resources. XML is the best way to describe application/resource data for use on the Web. DSML is the markup language that provides the missing piece that allows these two to work together, and provides a common ground for all XML-based applications to make better use of directories.
Q: What is the difference between LDAP and DSML?
The Lightweight Directory Access Protocol (LDAP) is intended to provide a means for accessing directory information. DSML provides the means for reading and understanding directory content in XML. So, DSML is actually very synergistic with LDAP.
Q: You say it's synergistic, but how?
DSML is an XML-Schema, not an access protocol. DSML still depends on an access protocol such as LDAP to get data from individual directories. DSML provides a standard for creating XML documents from the information that LDAP delivers.
Q: When will DSML-compatible products be available?The Bowstreet Web Automation Factory^TM is the first commercial product to support DSML. Oracle has also announced that it has entered a joint development agreement with Siemens to create a new directory product based on DSML.
Q: How do consumers benefit from DSML-compliant Web businesses?
DSML will enable customers to use directory information from, and exchange directory information with, their customers and partners, regardless of the specific directories at the remote sites. DSML also fosters a new computing approach in which XML-enabled applications leverage business functionality and services, managed in directories and delivered via the Web.
Q: How does the DSML effort relate to the Directory Interoperability Forum?
These two efforts focus on different aspects of directory services standards. DSML is focused on specifying how directory content and structure is described using XML. DIF is focused on extending the core LDAP protocol to include more cross directory SDKs and synchronization. There is no dependency or overlap between the two efforts.
Q: Why are directories a good foundation for e-commerce Web applications?
Directory services provide an optimal way of naming, describing and finding information and resources while managing the relationship between the resources. Typically, directory services software stores and manages access to detailed information about a company's IT assets, including people and business processes and resources - for internal use. But analysts believe that directory services software is also the best way to store this type of information for expanding e-business or e-commerce purposes. Since directory services software offers high levels of security, location independence, granular access and easy replication, and combined with the advantages of XML, it can become a powerful enabler of e-commerce and e-business.
Directory services software is a mature, time-tested technology that's been in use in client/server environments for several years. So, many customers already have directories that can be extended to manage applications over extranets. All the leading directory service vendors - including Novell, IBM and Microsoft - are working on solutions that extend directories to e-business.
Q: What are DSML applications suited for?
DSML enables directories to support whole new classes of XML-based applications, such as:

• e-commerce and e-business
• Distributed Web Applications
• Internet Native Network Management
• Customer Support Federated Directory Management
• Supply Chain Management

Q:How does DSML relate to XML?
DSML is an XML-Schema for representing Directory Services content and structure. An XML-Schema is a format for specifying rules covering the structure and content of XML documents. DSML will be defined using a Document Content Description (DCD) (see W3C-DCD spec at http://www.w3.org/TR/NOTE-dcd ).
XML (for eXtensible Markup Language) is widely considered to be the core language of e-business. It is a syntax that standardizes how task-focused information is shared across the Internet. XML provides for both context and interoperability of data, thereby enabling dynamic activities. Also, since XML is self-describing, specific XML-based applications can interact with each other without special programming to integrate them.
Q: How are directory services relevant to enterprise Web deployments?
Directories enable corporate computing resources - including information and users - to be dynamically and securely matched over networks. By mixing that capability with XML, highly intelligent extranets can enable customized applications to be created "on the fly" with minimal programming.
Q: How does DSML relate to Novell's DirXML?
DirXML is a technology built on top of Novell's NDS eDirectory. It exposes NDS change events (additions, modifications, deletions) through an XML interface. DirXML also has a query interface which allows you to query and retrieve NDS information in XML format.
DSML is an open, industry standard specification that describes how directory data should be represented in XML format. Novell has publicly stated that it will be supporting DSML.
Q: What is the difference between DSML and SOAP?
The Simple Object Access Protocol (SOAP) defines the use of XML and HTTP to access services, objects, and servers in a platform-independent manner. It is designed as a programming protocol. DSML is a data definition specification which can be transported within SOAP.

Interview Question's--Sun IDM

Interview Question's--Sun IDM

What is Sun IDM and basic features?

What is Reconciliation and Active Synchronization?

How to Configure Active Sync and provision the user in AD?

Diference between Full and Incremental Reconcilaition?

Difference between Checkout Objet,check out view and Get object with example?

How to write customize adapter?

What is work Item?

Difference between Derivation,Default,Expansion and Valiadtaion tag?

How call User Form from workflow?

How to call workflow from form?

What is approval workflow,can you explain it with example?

Can you explain the different situation of reconcilation?

Difference between Unassigned and Unmatched situation?

Difference Between Confirmation and Correlation rule?

What is the baseContext of a Form used with Work Item(s)?

Differnece between Adapter and Connector?

What is identity template?

What is difference between <contains> and <containsall> tag?

How to call Java class from Xpress languange?

How many ways to data load in Sun IDM?

What is Bulk refresh?

What is SPMl and How to configure SPML?

What is difference between xprees language and XMl language?

What is the difference between an application server and a Web server?

What is password Sync and How it is configure?

What is difference between Form and Process mapping?

How can I get the session?

What is difference between Select and Multiselect class in Form?

How do I associate a Workflow TaskDefinition with a User Form?

How do I trace workflow?

How can I get a list of all Users?

What is resultlimit in workflow and how can define?

What actually sends the email in workflow?

What is ExposedVariable, EditableVariables syntax?

How to exclude the resoucre for password synchronization?

What is difference between List and Map?

How many interfaces in Sun IDM

What is self registartion and How it can enable?

What is Roles and Rules?

Diffrence between Business Role,Application Role,Asset Role and IT role?

Identity & access management product's

Vendor	Product
CA	CA Identity Manager
	CA Role & Compliance Manager
	CA SiteMinder
	CA SOA Security Manager
	CA Federation Manager
	CA Embedded Entitlements Manager
	CA Single Sign-On
	CA Directory
	CA Access Control
Courion	AccountCourier
	RoleCourier
	ComplianceCourier
	PasswordCourier
	CertificateCourier
Hitachi ID Systems	Hitachi ID Management Suite
IBM	Tivoli Identity Manager
	Tivoli Federated Identity Manager
	Tivoli Security Policy Manager
	Tivoli Access Manager for Enterprise Single Sign-On
	Tivoli Directory Server
	Tivoli Directory Integrator
	Tivoli Compliance Insight Manager
	Tivoli Security Information and Event Manager
	Tivoli Access Manager for e-business
Sun Microsystems(Now Oracle)	Sun Identity Manager(Oracle Waveset)
	Sun Role Manager(OA)
	Sun Compliance Manager
	Sun OpenSSO Enterprise(Oracle Open SSO)
	Sun Directory Server Enterprise Edition(ODSEE)
Microsoft	Active Directory Domain Services
	Active Directory Federation Services
	Active Directory Lightweight Directory Services
	Active Directory Certificate Services
	Forefront Identity Manager
	Intelligent Application Gateway
SAP	SAP NetWeaver Identity Management
	SAP BusinessObjects Access Control application
Novell	Compliance Management Platform
	Identity Manager and Roles Based Provisioning Module
	Designer for Identity Manager
	Access Manager
	eDirectory
Oracle	Oracle Identity Manager
	Oracle Access Manager
	Oracle Identity Federation
	Oracle Internet Directory
	Oracle Virtual Directory

Two Directory servers listening on ports 389/636, on one server

The following procedure outlines how to configure a two (or more instances) of Sun Java Directory Server, both listening on non-secure port 389 and secure port 636.

This is useful in application testing where all applications require port 389/636 but you need two distinct Directories to ensure that data and configurations do not collide.

This procedure requires that you add a second virtual network interface.

View the current network settings

# ifconfig -a

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1

inet 127.0.0.1 netmask ff000000

dmfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2

inet 10.200.131.36 netmask ffffff00 broadcast 10.200.131.255

ether 0:3:ba:7a:bb:ed

Create the second virtual interface

# ifconfig dmfe0:1 plumb

Assign an ip address to it

# ifconfig dmfe0:1 10.200.131.82 up

Add the secondhostname to /etc/hosts(or DNS)

# Internet host table

#

127.0.0.1 localhost

10.200.132.101 10.200.132.101

10.200.131.36 firsthostname.example.com firsthostname loghost

10.200.131.82 secondhostname.example.com secondhostname

Confirm the network interface is working

# ping 10.200.131.82

10.200.131.82 is alive

# ping secondhostname

secondhostname is alive

Create an instance of DSEE.

• Ensure that you specify the second host name with the -h parameter
• Temporarily provide a secure and non-secure port that is not in use (otherwise the create command will fail since ports 389 and 636 are already in use)

#/opt/SUNWdsee/ds6/bin/dsadm create -h secondhostname -p 1389 -P 1636 /var/opt/SUNWdsee/dsins2

Edit the dse.ldif of the new instance

• Add the two lines in blue below
• Change the the port numbers to 389 and 636 respectively.

#vi /var/opt/SUNWdsee/dsins2/config/dse.ldif

dn: cn=config

cn: config

.

.

.

nsslapd-enquote-sup-oc: off

nsslapd-listenhost: secondhostname

nsslapd-securelistenhost: secondhostname

nsslapd-localhost: secondhostname

nsslapd-schemacheck: on

nsslapd-syntaxcheck: off

nsslapd-requires-bind-password: on

nsslapd-rewrite-rfc1274: off

nsslapd-return-exact-case: on

nsslapd-port: 389

nsslapd-localuser: root

.

.

.

nsslapd-security: on

nsslapd-secureport: 636

Start the second instance

#/opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/dsins2

# Waiting for server to start...

Server started: pid=9570