From hanulec Fri Jul 1 00:35:05 2005 From: hanulec (Michael Hanulec) Date: Fri, 1 Jul 2005 00:35:05 -0400 (EDT) Subject: [nycbug-talk] Anyone using Pentium-D? In-Reply-To: References: Message-ID: Pentinum-D is p4 based. this style of intel dual core architecture have two cores sharing the same fsb. intel has about two or three other designs in the works. they will be coming out w/ a p3-based centrino single socket/dual core platform which seems cool (in technology and wattage) but that will require another motherboard sytle, etc. right now (or maybe until intel really changes their game plan) your better off w/ the athlon64 or opteron dual cores (which will support quad cores in 2007). the amd architecture really shines when accessing memory in dual core configs. -- hanulec at hanulec.com cell: 858.518.2647 && 516.410.4478 http://www.hanulec.com EFnet irc && aol im: hanulec On Tue, 28 Jun 2005, Charles Sprickman wrote: > Hey all, > > I'm really bad at keeping up on all the processor news out there. It took > Apple's x86 announcement for me to find out about Intel's dual-core chips > (pentium-d). Other than the glossies on the intel site, has anyone here > toyed with these things? > > I've been shopping for some low-end dual processor stuff (used) in the > neighborhood of dual PIII-1GHz. Is the D based on P4 or PIII? Is it a > lemon, a stopgap, or a cost-efficient way to get dual processors without > going to Xeons? > > Any input is appreciated, I'm not up to speed on the latest and greatest (or > lamest). > > Thanks, > > Charles > > ___ > Charles Sprickman > NetEng/SysAdmin > Bway.net - New York's Best Internet - www.bway.net > spork at bway.net - 212.655.9344 > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > > > From spork Fri Jul 1 01:11:05 2005 From: spork (Charles Sprickman) Date: Fri, 1 Jul 2005 01:11:05 -0400 (EDT) Subject: [nycbug-talk] Anyone using Pentium-D? In-Reply-To: References: Message-ID: On Fri, 1 Jul 2005, Michael Hanulec wrote: > Pentinum-D is p4 based. this style of intel dual core architecture have two > cores sharing the same fsb. intel has about two or three other designs in > the works. they will be coming out w/ a p3-based centrino single socket/dual > core platform which seems cool (in technology and wattage) but that will > require another motherboard sytle, etc. After digging around some more I found that clock for clock, the D seems to run about 80% more expensive. Supermicro has some barebones combos that will take the chips, but again, the cost/performance doesn't seem to make sense yet. > right now (or maybe until intel really changes their game plan) your better > off w/ the athlon64 or opteron dual cores (which will support quad cores in > 2007). the amd architecture really shines when accessing memory in dual core > configs. We have looked at that, but I'm still a little gunshy about going to another FreeBSD architecture; I simply don't know anyone yet that uses it regularly. Perhaps it's totally fine, or we might end up buying a bunch of stuff to find that we bought all the wrong parts (as far as FBSD compatibility is concerned). And it pushes us to 5.x, which in this case we're not yet ready to do. Thanks for the input! Charles > -- > hanulec at hanulec.com cell: 858.518.2647 && 516.410.4478 > http://www.hanulec.com EFnet irc && aol im: hanulec > > On Tue, 28 Jun 2005, Charles Sprickman wrote: > >> Hey all, >> >> I'm really bad at keeping up on all the processor news out there. It took >> Apple's x86 announcement for me to find out about Intel's dual-core chips >> (pentium-d). Other than the glossies on the intel site, has anyone here >> toyed with these things? >> >> I've been shopping for some low-end dual processor stuff (used) in the >> neighborhood of dual PIII-1GHz. Is the D based on P4 or PIII? Is it a >> lemon, a stopgap, or a cost-efficient way to get dual processors without >> going to Xeons? >> >> Any input is appreciated, I'm not up to speed on the latest and greatest >> (or lamest). >> >> Thanks, >> >> Charles >> >> ___ >> Charles Sprickman >> NetEng/SysAdmin >> Bway.net - New York's Best Internet - www.bway.net >> spork at bway.net - 212.655.9344 >> >> _______________________________________________ >> % NYC*BUG talk mailing list >> http://lists.nycbug.org/mailman/listinfo/talk >> %Be sure to check out our Jobs and NYCBUG-announce lists >> %We meet the first Wednesday of the month >> >> >> > From matt Fri Jul 1 02:01:43 2005 From: matt (Matt Juszczak) Date: Fri, 1 Jul 2005 02:01:43 -0400 (EDT) Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050630210715.J67127@zoraida.natserv.net> References: <20050609094139.X20116@zoraida.natserv.net> <42A84F10.9050200@3phasecomputing.com> <20050630191144.K68756@neptune.atopia.net> <20050630210715.J67127@zoraida.natserv.net> Message-ID: <20050701020111.O75535@neptune.atopia.net> > I don't want to discourage the project, but most endeavours I have seen along > the lines of "let's make a job site" for xyz opensource don't go very far > because of lack of time of the people pushing it. I think I can make it work though. Plus, the site will run itself. Its already integrated with geocoder (my back end code), so you'll be able to search for jobs within amount of miles from you, etc. etc. I think it will work. -Matt From matt Fri Jul 1 02:03:23 2005 From: matt (Matt Juszczak) Date: Fri, 1 Jul 2005 02:03:23 -0400 (EDT) Subject: [nycbug-talk] [OT] FreeBSD 5.4 crashing? In-Reply-To: <42C4A2CA.6040409@bestweb.net> References: <20050630171245.S66383@neptune.atopia.net> <57d710000506301428f41525d@mail.gmail.com> <20050630174344.S66383@neptune.atopia.net> <20050630202218.P69972@neptune.atopia.net> <42C4A2CA.6040409@bestweb.net> Message-ID: <20050701020252.N75535@neptune.atopia.net> On Thu, 30 Jun 2005, Dan Casey wrote: > I had a bitch of a time with my FreeBSD 5.3 box. all types of random > stuff was happening.. Some programs would core dump randomly for no > reason. Rebooting the computer would actually lock it up instead of > shutting it down all the way.. Disabling hyperthreading fixed a few of > the problems Disable ACPI fixed everything else. Interesting, I actually disabled hyperthreading already. I also disabled IPF, which has made it stable since ... weird huh? If I have anymore problems I'll try ACPI as a last resort. Curious ... was your box SMP? From jbaltz Fri Jul 1 09:41:10 2005 From: jbaltz (Jerry B. Altzman) Date: Fri, 01 Jul 2005 09:41:10 -0400 Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050630191144.K68756@neptune.atopia.net> References: <20050609094139.X20116@zoraida.natserv.net> <42A84F10.9050200@3phasecomputing.com> <20050630191144.K68756@neptune.atopia.net> Message-ID: <42C547F6.7080801@3phasecomputing.com> On 06/30/05 07:15 PM, Matt Juszczak wrote: >> Perhaps it's time to start nycbug-freelancers :-) > I didn't want to post this to the full list because it contains an idea, > not really a reply.... but I did, so please don't read anymore if what > I'm doing violates the rules of this list.... Kinda orthogonal to the idea of having a freelancers' discussion list, though... //jbaltz -- jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 From bschonhorst Fri Jul 1 10:55:46 2005 From: bschonhorst (Brad Schonhorst) Date: Fri, 1 Jul 2005 10:55:46 -0400 Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050630191144.K68756@neptune.atopia.net> References: <20050609094139.X20116@zoraida.natserv.net> <42A84F10.9050200@3phasecomputing.com> <20050630191144.K68756@neptune.atopia.net> Message-ID: On Jun 30, 2005, at 7:15 PM, Matt Juszczak wrote: > >> Perhaps it's time to start nycbug-freelancers :-) >> > > > I didn't want to post this to the full list because it contains an > idea, not really a reply.... but I did, so please don't read > anymore if what I'm doing violates the rules of this list.... > > Anyway... > > I have bsdjobs.net .... the layout is there but the programming > isn't (yet). I'm trying to get it done by the end of the Summer. > The site will be 110% free, and I currently have a mailing list of > about 5 people who, at the time of me creating it, were very > interested. Hey Matt- Looks like a cool project. You might consider adding a link to or somehow tying into NYC*BUG's *BSD Resource Tracker. We have gradually been filling our database with people who provide technical support/consulting/software for BSD operating systems. http://nycbug.org/index.php?NAV=BSDTracker -Brad From george Fri Jul 1 10:56:48 2005 From: george (George R.) Date: Fri, 01 Jul 2005 10:56:48 -0400 Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: References: <20050609094139.X20116@zoraida.natserv.net> <42A84F10.9050200@3phasecomputing.com> <20050630191144.K68756@neptune.atopia.net> Message-ID: <42C559B0.5030002@sddi.net> Brad Schonhorst wrote: > > On Jun 30, 2005, at 7:15 PM, Matt Juszczak wrote: > >> >>> Perhaps it's time to start nycbug-freelancers :-) >>> >> >> >> I didn't want to post this to the full list because it contains an >> idea, not really a reply.... but I did, so please don't read anymore >> if what I'm doing violates the rules of this list.... >> >> Anyway... >> >> I have bsdjobs.net .... the layout is there but the programming isn't >> (yet). I'm trying to get it done by the end of the Summer. The site >> will be 110% free, and I currently have a mailing list of about 5 >> people who, at the time of me creating it, were very interested. > > > Hey Matt- > > Looks like a cool project. You might consider adding a link to or > somehow tying into NYC*BUG's *BSD Resource Tracker. We have gradually > been filling our database with people who provide technical > support/consulting/software for BSD operating systems. > > http://nycbug.org/index.php?NAV=BSDTracker > 1. a freelancers' list, although it may have been proposed in jest, is probably not necessary. 2. we also have a jobs list, which this bsdjobs.net could be cross-posted with. g From nomadlogic Fri Jul 1 11:37:00 2005 From: nomadlogic (pete wright) Date: Fri, 1 Jul 2005 08:37:00 -0700 Subject: [nycbug-talk] [OT] FreeBSD 5.4 crashing? In-Reply-To: <20050701020252.N75535@neptune.atopia.net> References: <20050630171245.S66383@neptune.atopia.net> <57d710000506301428f41525d@mail.gmail.com> <20050630174344.S66383@neptune.atopia.net> <20050630202218.P69972@neptune.atopia.net> <42C4A2CA.6040409@bestweb.net> <20050701020252.N75535@neptune.atopia.net> Message-ID: <57d7100005070108373c3e636d@mail.gmail.com> On 6/30/05, Matt Juszczak wrote: > On Thu, 30 Jun 2005, Dan Casey wrote: > > > I had a bitch of a time with my FreeBSD 5.3 box. all types of random > > stuff was happening.. Some programs would core dump randomly for no > > reason. Rebooting the computer would actually lock it up instead of > > shutting it down all the way.. Disabling hyperthreading fixed a few of > > the problems Disable ACPI fixed everything else. > > Interesting, I actually disabled hyperthreading already. I also disabled > IPF, which has made it stable since ... weird huh? If I have anymore > problems I'll try ACPI as a last resort. It's been my experience that ACPI stands for "A Crappy Power Interface" ;) not sure if it's the way it's been implemented in software or hardware, but I alway's disable it by default unless I a) know it will work well b) if there is some must have feature with ACPI that I need (This is not a FreeBSD only issue either, I have had problems with gnu/linux as well...) -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From matt Fri Jul 1 12:59:54 2005 From: matt (Matt Juszczak) Date: Fri, 1 Jul 2005 12:59:54 -0400 (EDT) Subject: [nycbug-talk] [OT] FreeBSD 5.4 crashing? In-Reply-To: <20050630235013.GA24847@sixshooter.v6.thrupoint.net> References: <20050630171245.S66383@neptune.atopia.net> <20050630235013.GA24847@sixshooter.v6.thrupoint.net> Message-ID: <20050701125915.T95727@neptune.atopia.net> > A couple more questions- > > - is every item in your config on the supported hardware list? > - did you previously run this hardware on 4.11? > > I remember seeing at least one benchmark that indicated that > OpenBSD performed poorly (not a perjorative use of this term- > I'm an OBSD fan), so if you need the speed, FreeBSD or NetBSD > are the way to go. Yea, I heard this also.... I just wish our freebsd install would stay stable. Without IPF, it seems to be ... knock on wood. From driodeiros Fri Jul 1 13:29:30 2005 From: driodeiros (David Rio Deiros) Date: Fri, 1 Jul 2005 10:29:30 -0700 Subject: [nycbug-talk] [OT] FreeBSD 5.4 crashing? In-Reply-To: <20050630171245.S66383@neptune.atopia.net> References: <20050630171245.S66383@neptune.atopia.net> Message-ID: <20050701172930.GA14312@david-rio-deiros-mac-mini.local> On Thu, Jun 30, 2005 at 05:17:59PM -0400, Matt Juszczak wrote: > Hi all, > > The past two weeks have been rough for me. I've had our production mail > server, FreeBSD 5.4, and our back end LDAP servers crashing. I've tried > everything, from upgrading to 5.4-STABLE, and now switching from IPF to PF > (which actually has made them not crash). Matt, First of all. I have just read the thread you started on the openbsd mailing list misc at . Damn it! I am scared.... there a couple of nasty emails in there. I consider this reply from Theo especially unnecessary: This is an openbsd list. please honour that. And that leads me to what I really wanted to tell you. Perhaps it is not going to help you but.... Have you considered NetBSD? I warranty, at least, that you won't get such a nasty emails from the mailing list. The idea of using FreeBSD4.11 is very interesting also. I see your concerns about the eventual dead of 4.X. I would consider dragonfly, which it is mainly based on 4.X FreeBSD. David From matt Fri Jul 1 13:34:15 2005 From: matt (Matt Juszczak) Date: Fri, 1 Jul 2005 13:34:15 -0400 (EDT) Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: References: <20050609094139.X20116@zoraida.natserv.net> <42A84F10.9050200@3phasecomputing.com> <20050630191144.K68756@neptune.atopia.net> Message-ID: <20050701133316.C96329@neptune.atopia.net> > Hey Matt- > > Looks like a cool project. You might consider adding a link to or somehow > tying into NYC*BUG's *BSD Resource Tracker. We have gradually been filling > our database with people who provide technical support/consulting/software > for BSD operating systems. > > http://nycbug.org/index.php?NAV=BSDTracker Sure, that would be awesome. I'd love to do that. I need to get the site done first. Its DEFINITELY going to happen this Summer, hopefully by the end of July. I've been wanting to setup some kind of versioning system, so a team of developers could add new features, make modifications, etc. etc. That way new modules could be built to integrate with certain things, and the site could be really successful. -Matt From matt Fri Jul 1 13:43:31 2005 From: matt (Matt Juszczak) Date: Fri, 1 Jul 2005 13:43:31 -0400 (EDT) Subject: [nycbug-talk] [OT] FreeBSD 5.4 crashing? In-Reply-To: <20050701172930.GA14312@david-rio-deiros-mac-mini.local> References: <20050630171245.S66383@neptune.atopia.net> <20050701172930.GA14312@david-rio-deiros-mac-mini.local> Message-ID: <20050701134053.E96329@neptune.atopia.net> > Matt, > > First of all. > I have just read the thread you started on the openbsd mailing list > misc at . Damn it! I am scared.... there a couple of nasty emails in > there. I consider this reply from Theo especially unnecessary: Agreed! I was just trying to find out some info :) After Theo's response and that other guy who completely put me down and thought I was a "fake", I had a lot of off-list responses for people who gave me great suggestions and told me to ignore the other negative responses. I think some people just don't know how some companies run. Some are actually like I described. Fast-paced, and not necessarilly by the book. > And that leads me to what I really wanted to tell you. Perhaps it is > not going to help you but.... Have you considered NetBSD? I warranty, > at least, that you won't get such a nasty emails from the mailing > list. I'd like to consider that as well. Just as fast and stable? > The idea of using FreeBSD4.11 is very interesting also. I see your > concerns about the eventual dead of 4.X. I would consider > dragonfly, which it is mainly based on 4.X FreeBSD. I've been sending emails back and forth between Matt Dillon. Based on his responses I don't think I'd be very interested in setting up DragonFly right now until its a bit more developed. -Matt From ike Fri Jul 1 14:20:00 2005 From: ike (Isaac Levy) Date: Fri, 1 Jul 2005 14:20:00 -0400 Subject: [nycbug-talk] encrypted swap roundup Message-ID: <8189F75B-A10B-4171-BE51-BB081EC57B23@lesmuug.org> Hi All, So after installing OSX 10.4 (Tiger) this week, it seems one of the host of goodies is now encrypted swap as an option: http://www.macosxhints.com/article.php?story=20050509170728423 Seems to be implemented in almost exactly the same way OpenBSD encrypted swap is (except apple gives you a GUI checkbox in System Prefs to "Use secure virtual memory", On OpenBSD: Edit /etc/sysctl.conf change: #vm.swapencrypt.enable=1 to: vm.swapencrypt.enable=1 This facility has been available in OpenBSD for a very long time. -- On FreeBSD, one can encrypt swap using GBDE, Geom Based Disk Encryption, http://www.freebsd.org/cgi/man.cgi? query=gbde&apropos=0&sektion=0&manpath=FreeBSD+5.4-RELEASE+and +Ports&format=html -or- http://tinyurl.com/7a76m http://segment7.net/projects/FreeBSD/encrypted_swap.txt -- On NetBSD, CGD, CryptoGraphic Disk, can be used to encrypt the swap volume: http://nycbug.org/index.php?NAV=Home&SUBM=20 http://mail-index.netbsd.org/tech-security/2003/04/17/0000.html -- Anyhow, the Darwin/OSX crypto got me initially exited, hope this post is useful to someone. Rocket- .ike From ike Fri Jul 1 16:08:35 2005 From: ike (Isaac Levy) Date: Fri, 1 Jul 2005 16:08:35 -0400 Subject: [nycbug-talk] [OT] FreeBSD 5.4 crashing? In-Reply-To: <20050701125915.T95727@neptune.atopia.net> References: <20050630171245.S66383@neptune.atopia.net> <20050630235013.GA24847@sixshooter.v6.thrupoint.net> <20050701125915.T95727@neptune.atopia.net> Message-ID: <3FCC1951-85AB-43C8-AB08-57FEC2AA08A9@lesmuug.org> Hi Matt, All, On Jul 1, 2005, at 12:59 PM, Matt Juszczak wrote: >> A couple more questions- >> >> - is every item in your config on the supported hardware list? >> - did you previously run this hardware on 4.11? >> >> I remember seeing at least one benchmark that indicated that >> OpenBSD performed poorly (not a perjorative use of this term- >> I'm an OBSD fan), so if you need the speed, FreeBSD or NetBSD >> are the way to go. >> > > > Yea, I heard this also.... I just wish our freebsd install would > stay stable. Without IPF, it seems to be ... knock on wood. Well, I'll throw this in, (hoping not to incite any religions wars over ipf/pf/ipfw), Basically, I'd think ipf is your problem. ON FreeBSD 5.3 onward, pf is a really celebrated part of the OS now- with nearly as much respect and attention given to it as OpenSSH. The previous default firewall for FreeBSD had been ipfw, *not* ipf, and with things like firewalls, I believe it's important, with high- volume anything, to stick close to whatever everyone puts in the base system. I'm basically saying that it wouldn't surprise me if your boxes stayed up for a *VERY* long time under load, now that you've gotten ipf out of the picture- (very few people are maintaining it on FreeBSD, to my understanding). my .02?, Rocket, .ike From okan Fri Jul 1 16:15:03 2005 From: okan (Okan Demirmen) Date: Fri, 1 Jul 2005 16:15:03 -0400 Subject: [nycbug-talk] encrypted swap roundup In-Reply-To: <8189F75B-A10B-4171-BE51-BB081EC57B23@lesmuug.org> References: <8189F75B-A10B-4171-BE51-BB081EC57B23@lesmuug.org> Message-ID: <20050701201503.GA94421@yinaska.pair.com> On Fri 2005.07.01 at 14:20 -0400, Isaac Levy wrote: > Hi All, > > So after installing OSX 10.4 (Tiger) this week, it seems one of the > host of goodies is now encrypted swap as an option: > > http://www.macosxhints.com/article.php?story=20050509170728423 > Seems to be implemented in almost exactly the same way OpenBSD > encrypted swap is (except apple gives you a GUI checkbox in System > Prefs to "Use secure virtual memory", > > On OpenBSD: > > Edit /etc/sysctl.conf > change: > > #vm.swapencrypt.enable=1 > to: > vm.swapencrypt.enable=1 this is the default as of a few months ago (2005/03/26) cheers, okan From ike Fri Jul 1 16:21:38 2005 From: ike (Isaac Levy) Date: Fri, 1 Jul 2005 16:21:38 -0400 Subject: [nycbug-talk] encrypted swap roundup In-Reply-To: <20050701201503.GA94421@yinaska.pair.com> References: <8189F75B-A10B-4171-BE51-BB081EC57B23@lesmuug.org> <20050701201503.GA94421@yinaska.pair.com> Message-ID: <1ABE7A53-A086-4066-962D-A727E77CC04B@lesmuug.org> Hey Okan, All, On Jul 1, 2005, at 4:15 PM, Okan Demirmen wrote: > On Fri 2005.07.01 at 14:20 -0400, Isaac Levy wrote: > >> >> On OpenBSD: >> >> Edit /etc/sysctl.conf >> change: >> >> #vm.swapencrypt.enable=1 >> to: >> vm.swapencrypt.enable=1 >> > > this is the default as of a few months ago (2005/03/26) > > cheers, > okan Do you mean that it's on by default a few months ago, or that the feature was included by default a few months ago? I'd been under the impression it had been a feature in OpenBSD for much longer- Rocket- .ike From okan Fri Jul 1 16:31:34 2005 From: okan (Okan Demirmen) Date: Fri, 1 Jul 2005 16:31:34 -0400 Subject: [nycbug-talk] encrypted swap roundup In-Reply-To: <1ABE7A53-A086-4066-962D-A727E77CC04B@lesmuug.org> References: <8189F75B-A10B-4171-BE51-BB081EC57B23@lesmuug.org> <20050701201503.GA94421@yinaska.pair.com> <1ABE7A53-A086-4066-962D-A727E77CC04B@lesmuug.org> Message-ID: <20050701203134.GB94421@yinaska.pair.com> On Fri 2005.07.01 at 16:21 -0400, Isaac Levy wrote: > Hey Okan, All, > > On Jul 1, 2005, at 4:15 PM, Okan Demirmen wrote: > > >On Fri 2005.07.01 at 14:20 -0400, Isaac Levy wrote: > > > >> > >>On OpenBSD: > >> > >>Edit /etc/sysctl.conf > >>change: > >> > >>#vm.swapencrypt.enable=1 > >>to: > >>vm.swapencrypt.enable=1 > >> > > > >this is the default as of a few months ago (2005/03/26) > > > >cheers, > >okan > > Do you mean that it's on by default a few months ago, or that the > feature was included by default a few months ago? > > I'd been under the impression it had been a feature in OpenBSD for > much longer- oh, yes...been there as an option for a long time...as of a few months ago, it became the default - to encrypt swap...sorry for not being more clear ;) cheers, okan From ike Fri Jul 1 16:35:40 2005 From: ike (Isaac Levy) Date: Fri, 1 Jul 2005 16:35:40 -0400 Subject: [nycbug-talk] encrypted swap roundup In-Reply-To: <20050701203134.GB94421@yinaska.pair.com> References: <8189F75B-A10B-4171-BE51-BB081EC57B23@lesmuug.org> <20050701201503.GA94421@yinaska.pair.com> <1ABE7A53-A086-4066-962D-A727E77CC04B@lesmuug.org> <20050701203134.GB94421@yinaska.pair.com> Message-ID: <436A0098-6530-4021-A5B0-29B4EA42A237@lesmuug.org> On Jul 1, 2005, at 4:31 PM, Okan Demirmen wrote: >> o you mean that it's on by default a few months ago, or that the >> feature was included by default a few months ago? >> >> I'd been under the impression it had been a feature in OpenBSD for >> much longer- >> > > oh, yes...been there as an option for a long time...as of a few months > ago, it became the default - to encrypt swap...sorry for not being > more > clear ;) > > cheers, > okan Danke'- Rocket- .ike From driodeiros Fri Jul 1 16:42:29 2005 From: driodeiros (David Rio Deiros) Date: Fri, 1 Jul 2005 13:42:29 -0700 Subject: [nycbug-talk] [OT] FreeBSD 5.4 crashing? In-Reply-To: <20050701134053.E96329@neptune.atopia.net> References: <20050630171245.S66383@neptune.atopia.net> <20050701172930.GA14312@david-rio-deiros-mac-mini.local> <20050701134053.E96329@neptune.atopia.net> Message-ID: <20050701204229.GA14793@david-rio-deiros-mac-mini.local> On Fri, Jul 01, 2005 at 01:43:31PM -0400, Matt Juszczak wrote: > >And that leads me to what I really wanted to tell you. Perhaps it is > >not going to help you but.... Have you considered NetBSD? I warranty, > >at least, that you won't get such a nasty emails from the mailing > >list. > > I'd like to consider that as well. Just as fast and stable? I cannot confirm the stability on SMP systems, but check out this paper. I know performance and stability over single cpu systems is very good. Actually, check out this paper: http://www.feyrer.de/NetBSD/gmcgarry/ Currently we have FreeBSD 5.4 and NetBSD 2.0.2 but still should be valid. I strongly recommend you to try 2.0.2. Check the last post from Isaac, he pointed out very interesting stuff about pf. > I've been sending emails back and forth between Matt Dillon. Based on his > responses I don't think I'd be very interested in setting up DragonFly > right now until its a bit more developed. Good to know it. From lists Fri Jul 1 16:44:48 2005 From: lists (Francisco Reyes) Date: Fri, 1 Jul 2005 16:44:48 -0400 (EDT) Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050701133316.C96329@neptune.atopia.net> References: <20050609094139.X20116@zoraida.natserv.net> <42A84F10.9050200@3phasecomputing.com> <20050630191144.K68756@neptune.atopia.net> <20050701133316.C96329@neptune.atopia.net> Message-ID: <20050701164304.S4316@zoraida.natserv.net> On Fri, 1 Jul 2005, Matt Juszczak wrote: > I've been wanting to setup some kind of versioning system, so a team of > developers could add new features, make modifications, etc. etc. That way > new modules could be built to integrate with certain things, and the site > could be really successful. How about CVS? For the project I do with a partner, we have found CVS to work ok. I am sure there are likely other options, but CVS comes with FreeBSD and likely most other BSDs. I could help you offlist to set it up and with the basic "how to". After the setup it's just a couple of commands that one needs to use. From lists Fri Jul 1 16:53:11 2005 From: lists (Hans Zaunere) Date: Fri, 1 Jul 2005 16:53:11 -0400 Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050701164304.S4316@zoraida.natserv.net> Message-ID: <0MKyxe-1DoSVd3xFu-0003bP@mrelay.perfora.net> > > I've been wanting to setup some kind of versioning system, so a team of > > developers could add new features, make modifications, etc. etc. That way > > new modules could be built to integrate with certain things, and the site > > could be really successful. > > How about CVS? > For the project I do with a partner, we have found CVS to work ok. I am > sure there are likely other options, but CVS comes with FreeBSD and likely > most other BSDs. I've just setup subversion and will likely be deploying it as well. While not as mature as CVS, it's a bit more elegant (read: cvs can be tricky). Administration is a bit easier, since it can hook into Apache 2 and uses the all-familiar URL techniques for remote access and user management. --- Hans Zaunere President, Founder New York PHP http://www.nyphp.org AMP Technology Supporting Apache, MySQL and PHP From lists Fri Jul 1 17:01:09 2005 From: lists (Francisco Reyes) Date: Fri, 1 Jul 2005 17:01:09 -0400 (EDT) Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <0MKyxe-1DoSVd3xFu-0003bP@mrelay.perfora.net> References: <0MKyxe-1DoSVd3xFu-0003bP@mrelay.perfora.net> Message-ID: <20050701165822.D4608@zoraida.natserv.net> On Fri, 1 Jul 2005, Hans Zaunere wrote: > I've just setup subversion and will likely be deploying it as well. > While not as mature as CVS, it's a bit more elegant (read: cvs can be >tricky). Administration is a bit easier, since it can hook into >Apache 2 and uses the all-familiar URL techniques for remote access and >user management. Did you come from a CVS background? For a small CVS user base (ie 2 or 3 people doing small, mostly no conflicting changes) do you see an advantage on switching to Subversion from CVS? From matt Fri Jul 1 17:06:25 2005 From: matt (Matt Juszczak) Date: Fri, 1 Jul 2005 17:06:25 -0400 (EDT) Subject: [nycbug-talk] [OT] FreeBSD 5.4 crashing? In-Reply-To: <3FCC1951-85AB-43C8-AB08-57FEC2AA08A9@lesmuug.org> References: <20050630171245.S66383@neptune.atopia.net> <20050630235013.GA24847@sixshooter.v6.thrupoint.net> <20050701125915.T95727@neptune.atopia.net> <3FCC1951-85AB-43C8-AB08-57FEC2AA08A9@lesmuug.org> Message-ID: <20050701170501.G1388@neptune.atopia.net> > I'm basically saying that it wouldn't surprise me if your boxes stayed up for > a *VERY* long time under load, now that you've gotten ipf out of the picture- > (very few people are maintaining it on FreeBSD, to my understanding). I just did a flood of mail to the machine, 20,000 messages in 10 minutes. It handled it fine. Usually, the mail server would crash over a long period of time, but I figure if there was anything seriously wrong that mail flood might have exploited it :) I really hope ipf was the problem. The unfortunate thing is now I'm running -STABLE on two servers where I probably dont need to .... however, -STABLE is pretty stable for the most part, from what I've seen, so I dont think I have to worry about that. Then, when 5.5-RELEASE comes out, all will be in synch again. -Ma From matt Fri Jul 1 17:07:42 2005 From: matt (Matt Juszczak) Date: Fri, 1 Jul 2005 17:07:42 -0400 (EDT) Subject: [nycbug-talk] [OT] FreeBSD 5.4 crashing? In-Reply-To: <20050701204229.GA14793@david-rio-deiros-mac-mini.local> References: <20050630171245.S66383@neptune.atopia.net> <20050701172930.GA14312@david-rio-deiros-mac-mini.local> <20050701134053.E96329@neptune.atopia.net> <20050701204229.GA14793@david-rio-deiros-mac-mini.local> Message-ID: <20050701170652.B1388@neptune.atopia.net> >> I've been sending emails back and forth between Matt Dillon. Based on his >> responses I don't think I'd be very interested in setting up DragonFly >> right now until its a bit more developed. > > Good to know it. Dont take this the wrong way :) Matt's Dragonfly is doing very well, and he told me that -HEAD was very stable, as well as the latest release. Its a personal decision for me not to switch to that quite yet :) So far, the project looks really good though. From matt Fri Jul 1 17:08:36 2005 From: matt (Matt Juszczak) Date: Fri, 1 Jul 2005 17:08:36 -0400 (EDT) Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050701164304.S4316@zoraida.natserv.net> References: <20050609094139.X20116@zoraida.natserv.net> <42A84F10.9050200@3phasecomputing.com> <20050630191144.K68756@neptune.atopia.net> <20050701133316.C96329@neptune.atopia.net> <20050701164304.S4316@zoraida.natserv.net> Message-ID: <20050701170754.M1388@neptune.atopia.net> > I could help you offlist to set it up and with the basic "how to". After the > setup it's just a couple of commands that one needs to use. Sure :) Maybe sometime this weekend or early next week .. that would be awesome. I think BSDJOBS will be successful if I have a lot of people working on it, especially since I dont know everything, and sometimes my ideas are dumb. From krook Fri Jul 1 17:31:20 2005 From: krook (Daniel Krook) Date: Fri, 1 Jul 2005 17:31:20 -0400 Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050701164304.S4316@zoraida.natserv.net> Message-ID: > On Fri, 1 Jul 2005, Matt Juszczak wrote: > > > I've been wanting to setup some kind of versioning > system, so a team of > > developers could add new features, make modifications, > etc. etc. That way > > new modules could be built to integrate with certain > things, and the site > > could be really successful. > > How about CVS? > For the project I do with a partner, we have found CVS to > work ok. I am > sure there are likely other options, but CVS comes with > FreeBSD and likely > most other BSDs. > > I could help you offlist to set it up and with the basic > "how to". After > the setup it's just a couple of commands that one needs to use. Matt, Not sure how much this will help you, but I have some notes available on setting up a CVS repository and then configuring Eclipse on Windows as a client to connect to it over SSH. There are lots of ways to connect to CVS from a workstation, I just happen to use Eclipse-based editors for most of my work and think they have a slick interface to CVS. This approach also avoids most of the complexity that Hans mentioned, though it depends how how you plan to do your development. The instructions say Solaris/Windows XP/WSAD, but most of the server parts should work on *BSD (or Linux) and with Eclipse 2.x or 3.x. http://krook.net/os/eclipse-cvs-setup.txt Good luck with the BSDJOBS project. Daniel Krook, Advisory IT Specialist Application Development, Production Services - Tools, ibm.com Personal: http://info.krook.org/ BluePages: http://bluepages.redirect.webahead.ibm.com/ BlogPages: http://blogpages.redirect.webahead.ibm.com/ From bob Fri Jul 1 17:32:26 2005 From: bob (Bob Ippolito) Date: Fri, 1 Jul 2005 11:32:26 -1000 Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050701165822.D4608@zoraida.natserv.net> References: <0MKyxe-1DoSVd3xFu-0003bP@mrelay.perfora.net> <20050701165822.D4608@zoraida.natserv.net> Message-ID: <609DE2C9-BDB1-495F-9EAB-52154B778794@redivi.com> On Jul 1, 2005, at 11:01 AM, Francisco Reyes wrote: > On Fri, 1 Jul 2005, Hans Zaunere wrote: > > >> I've just setup subversion and will likely be deploying it as well. >> While not as mature as CVS, it's a bit more elegant (read: cvs can be >> tricky). Administration is a bit easier, since it can hook into >> Apache 2 and uses the all-familiar URL techniques for remote >> access and user management. >> > > Did you come from a CVS background? > For a small CVS user base (ie 2 or 3 people doing small, mostly no > conflicting changes) do you see an advantage on switching to > Subversion from CVS? Yes. Subversion has a familiar command set for CVS users, yet it's faster, easier to administer, can rename directories, etc. -bob From louis Fri Jul 1 17:41:53 2005 From: louis (Louis Bertrand) Date: Fri, 1 Jul 2005 21:41:53 +0000 (UTC) Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050701165822.D4608@zoraida.natserv.net> References: <0MKyxe-1DoSVd3xFu-0003bP@mrelay.perfora.net> <20050701165822.D4608@zoraida.natserv.net> Message-ID: On Fri, 1 Jul 2005, Francisco Reyes wrote: > On Fri, 1 Jul 2005, Hans Zaunere wrote: > >> I've just setup subversion and will likely be deploying it as well. >> While not as mature as CVS, it's a bit more elegant (read: cvs can be >> tricky). Administration is a bit easier, since it can hook into >> Apache 2 and uses the all-familiar URL techniques for remote access and >> user management. > > Did you come from a CVS background? > For a small CVS user base (ie 2 or 3 people doing small, mostly no > conflicting changes) do you see an advantage on switching to Subversion from > CVS? > It depends on what you're doing. I'm setting up a versioning repository for teaching materials at school, and I think Subversion will handle binary files and directory tree refactoring more gracefully. Also, some users will be non technical and the Windows and Mac client side tools are easier to get into. For mostly text files in a stable file system hierarchy and command line user interface, CVS is lightweight and solid. Sheesh... some thread drift. Ciao --Louis From lists Fri Jul 1 17:54:57 2005 From: lists (Francisco Reyes) Date: Fri, 1 Jul 2005 17:54:57 -0400 (EDT) Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050701170754.M1388@neptune.atopia.net> References: <20050609094139.X20116@zoraida.natserv.net> <42A84F10.9050200@3phasecomputing.com> <20050630191144.K68756@neptune.atopia.net> <20050701133316.C96329@neptune.atopia.net> <20050701164304.S4316@zoraida.natserv.net> <20050701170754.M1388@neptune.atopia.net> Message-ID: <20050701175303.G4799@zoraida.natserv.net> On Fri, 1 Jul 2005, Matt Juszczak wrote: > Sure :) Maybe sometime this weekend or early next week .. that would be > awesome. Let me know. In particular I can help best in: DB design/architecture, setting up CVS, beta testing. :-) Warning... :-) I could do the DB .. if you are using PostgreSQL.. AND my time is streched pretty thing so could only work on this project a few hours per week.. but I am pretty sure I can knockout a DB design in a few hours. From lists Fri Jul 1 17:56:36 2005 From: lists (Francisco Reyes) Date: Fri, 1 Jul 2005 17:56:36 -0400 (EDT) Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: References: <0MKyxe-1DoSVd3xFu-0003bP@mrelay.perfora.net> <20050701165822.D4608@zoraida.natserv.net> Message-ID: <20050701175537.Y4799@zoraida.natserv.net> On Fri, 1 Jul 2005, Louis Bertrand wrote: > It depends on what you're doing. I'm setting up a versioning repository > for teaching materials at school, and I think Subversion will handle > binary files and directory tree refactoring more gracefully. Interesting. > For mostly text files in a stable file system hierarchy > and command line user interface, CVS is lightweight and solid. That describes most of my paid work. Maybe will give subversion a try for one of my hobby projects. From matt Fri Jul 1 18:42:47 2005 From: matt (Matt Juszczak) Date: Fri, 1 Jul 2005 18:42:47 -0400 (EDT) Subject: [nycbug-talk] Stablity fixed??? Maybe??? Message-ID: <20050701184128.J14538@neptune.atopia.net> Hi all, Part of this message I cross posted to freebsd-questions, but no one there is going to give me a good answer ... so I'd like a 2nd opinion :) After removing IPF and having a week of stability, we decided to put our mail server to the test today. I began flooding it with tons of mail messages using smtp-source at about 2 pm today. The server load jumped up to about 4.50 average. It eventually started denying requests, but after waiting a few minutes, it would accept them again (I was literally flooding it, I sent in all 1.2 million emails). I wrote a scipt to hammer it, so even after it would refuse the connection, it would hammer it again. Eventually, the machine started to not respond. I could ping it with successful replies, but could not SSH into it. The last message on the screen was "Could not write to /var/mail/thissucks", which was the account we were testing. I rebooted the machine, and all is fine. I'm not sure if this is still a sign of instability, or if this is a "Any idiot who would sent 1.2 million emails and a full flood for hours to a mail server should expect something like this to happen" message. Any input? Thanks! -Matt From louis Fri Jul 1 18:55:19 2005 From: louis (Louis Bertrand) Date: Fri, 1 Jul 2005 22:55:19 +0000 (UTC) Subject: [nycbug-talk] Stablity fixed??? Maybe??? In-Reply-To: <20050701184128.J14538@neptune.atopia.net> References: <20050701184128.J14538@neptune.atopia.net> Message-ID: On Fri, 1 Jul 2005, Matt Juszczak wrote: > Hi all, > > Part of this message I cross posted to freebsd-questions, but no one there is > going to give me a good answer ... so I'd like a 2nd opinion :) > > After removing IPF and having a week of stability, we decided to put > our mail server to the test today. > > I began flooding it with tons of mail messages using smtp-source at about 2 > pm today. The server load jumped up to about 4.50 average. It eventually > started denying requests, but after waiting a few minutes, it would accept > them again (I was literally flooding it, I sent in all 1.2 million emails). > > I wrote a scipt to hammer it, so even after it would refuse the connection, > it would hammer it again. Eventually, the machine started to not respond. > I could ping it with successful replies, but could not SSH into it. The > last message on the screen was "Could not write to /var/mail/thissucks", > which was the account we were testing. > > I rebooted the machine, and all is fine. I'm not sure if this is still a > sign of instability, or if this is a "Any idiot who would sent 1.2 million > emails and a full flood for hours to a mail server should expect something > like this to happen" message. > > Any input? > Maybe you filled up the partition that holds /var/mail? It could also be a file lock on the actual mailbox file. Or maybe you're running out of memory and the disk drive is getting hammered by both mail and swapping. Basically, get a hunch of where the problem is and devise some instrumentation to confirm it or rule it out. At the very least, monitor with top(1), systat(1) and friends. Ciao --Louis From george Fri Jul 1 18:55:54 2005 From: george (George R.) Date: Fri, 01 Jul 2005 18:55:54 -0400 Subject: [nycbug-talk] Stablity fixed??? Maybe??? In-Reply-To: <20050701184128.J14538@neptune.atopia.net> References: <20050701184128.J14538@neptune.atopia.net> Message-ID: <42C5C9FA.6030703@sddi.net> Matt Juszczak wrote: > Hi all, > > Part of this message I cross posted to freebsd-questions, but no one > there is going to give me a good answer ... so I'd like a 2nd opinion :) > > After removing IPF and having a week of stability, we decided to put > our mail server to the test today. > > I began flooding it with tons of mail messages using smtp-source at > about 2 pm today. The server load jumped up to about 4.50 average. It > eventually started denying requests, but after waiting a few minutes, it > would accept them again (I was literally flooding it, I sent in all 1.2 > million emails). > > I wrote a scipt to hammer it, so even after it would refuse the connection, > it would hammer it again. Eventually, the machine started to not respond. > I could ping it with successful replies, but could not SSH into it. The > last message on the screen was "Could not write to /var/mail/thissucks", > which was the account we were testing. > > I rebooted the machine, and all is fine. I'm not sure if this is still a > sign of instability, or if this is a "Any idiot who would sent 1.2 million > emails and a full flood for hours to a mail server should expect something > like this to happen" message. I assume you're tail'g /var/log/maillog or messages while this is happening. . . might be useful to know what's listed there. . . Did you try to telnet to 110. . . this would be useful since you'd obviously be seeing what the hypothetical remote box would see. I'd assume it would entertain telnet before ssh requests. . . I followed your thread (s) and just wanted to say, i had some bad experiences recently also with FBSD <=5.3, but one time is was (brand new) bad RAM. . . I would do the make install world ladi-doti, then make would bomb out at different times, but the OS seemed fine overall. Memtest showed me the light though. . . which was probably the only reasonable explanation to arbitrary crashes during make. . . g From matt Fri Jul 1 19:00:00 2005 From: matt (Matt Juszczak) Date: Fri, 1 Jul 2005 19:00:00 -0400 (EDT) Subject: [nycbug-talk] Stablity fixed??? Maybe??? In-Reply-To: References: <20050701184128.J14538@neptune.atopia.net> Message-ID: <20050701185951.H14873@neptune.atopia.net> > Maybe you filled up the partition that holds /var/mail? > It could also be a file lock on the actual mailbox file. > Or maybe you're running out of memory and the disk drive > is getting hammered by both mail and swapping. > Basically, get a hunch of where the problem is and devise > some instrumentation to confirm it or rule it out. > At the very least, monitor with top(1), systat(1) and friends. But I couldn't get back into the box :) From matt Fri Jul 1 19:02:00 2005 From: matt (Matt Juszczak) Date: Fri, 1 Jul 2005 19:02:00 -0400 (EDT) Subject: [nycbug-talk] Stablity fixed??? Maybe??? In-Reply-To: <42C5C9FA.6030703@sddi.net> References: <20050701184128.J14538@neptune.atopia.net> <42C5C9FA.6030703@sddi.net> Message-ID: <20050701190026.K14873@neptune.atopia.net> > I followed your thread (s) and just wanted to say, i had some bad experiences > recently also with FBSD <=5.3, but one time is was (brand new) bad RAM. . . > I would do the make install world ladi-doti, then make would bomb out at > different times, but the OS seemed fine overall. Memtest showed me the light > though. . . which was probably the only reasonable explanation to arbitrary > crashes during make. . . George, Thanks for your reply. Mem test is fine. I've compiled a kernel and done buildworld 5 times in one day, on a loop :) They all went fine. I actually ran portsdb in a loop too since that seems to be a fairly intensive process... The mail flood of 1.2 million emails looked good too until it started saying it couldn't write to the mail spool. Then idiot me did an ls -al /var/mail (which did a FULL request to ldap) and everything just hung from there, including console. Maybe I used up all available connections or something ... an ls -al usually takes a few minutes anyway cause nss and pam have to talk to ldap first, but this took about 15 and still no respone :) -Matt From bob Fri Jul 1 19:06:02 2005 From: bob (Bob Ippolito) Date: Fri, 1 Jul 2005 13:06:02 -1000 Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050701175537.Y4799@zoraida.natserv.net> References: <0MKyxe-1DoSVd3xFu-0003bP@mrelay.perfora.net> <20050701165822.D4608@zoraida.natserv.net> <20050701175537.Y4799@zoraida.natserv.net> Message-ID: <59BA5A31-F6E1-4579-8870-569ADE7950D6@redivi.com> On Jul 1, 2005, at 11:56 AM, Francisco Reyes wrote: > On Fri, 1 Jul 2005, Louis Bertrand wrote: > > >> It depends on what you're doing. I'm setting up a versioning >> repository >> for teaching materials at school, and I think Subversion will handle >> binary files and directory tree refactoring more gracefully. >> > > Interesting. > > >> For mostly text files in a stable file system hierarchy >> and command line user interface, CVS is lightweight and solid. >> > > That describes most of my paid work. Maybe will give subversion a > try for one of my hobby projects. Unless you're using wrappers, then subversion does nearly everything that CVS does, but better. If you're using wrappers, you probably don't need them anymore with Subversion.. but if you do, then you're mostly out of luck for now. -bob From lists Fri Jul 1 23:01:47 2005 From: lists (Hans Zaunere) Date: Fri, 1 Jul 2005 23:01:47 -0400 Subject: [nycbug-talk] Getting started in Consulting In-Reply-To: <20050701165822.D4608@zoraida.natserv.net> Message-ID: <0MKyxe-1DoYGM1Hq2-0004yW@mrelay.perfora.net> > > I've just setup subversion and will likely be deploying it as well. > > While not as mature as CVS, it's a bit more elegant (read: cvs can be > >tricky). Administration is a bit easier, since it can hook into > >Apache 2 and uses the all-familiar URL techniques for remote access and > >user management. > > Did you come from a CVS background? Yeah... > For a small CVS user base (ie 2 or 3 people doing small, mostly no > conflicting changes) do you see an advantage on switching to Subversion > from CVS? Although svn has been looking a little cleaner and more intuitive than cvs, it is still a new technology. If you already have experience and a comfort level with cvs, then it's probably ok - especially if you're not looking to play with the advanced features of svn, like Web Dav integration, etc. H From louis Sat Jul 2 18:53:56 2005 From: louis (Louis Bertrand) Date: Sat, 2 Jul 2005 22:53:56 +0000 (UTC) Subject: [nycbug-talk] Stablity fixed??? Maybe??? In-Reply-To: <20050701185951.H14873@neptune.atopia.net> References: <20050701184128.J14538@neptune.atopia.net> <20050701185951.H14873@neptune.atopia.net> Message-ID: On Fri, 1 Jul 2005, Matt Juszczak wrote: >> Maybe you filled up the partition that holds /var/mail? >> It could also be a file lock on the actual mailbox file. >> Or maybe you're running out of memory and the disk drive >> is getting hammered by both mail and swapping. >> Basically, get a hunch of where the problem is and devise >> some instrumentation to confirm it or rule it out. >> At the very least, monitor with top(1), systat(1) and friends. > > But I couldn't get back into the box :) > Oh, oops... Consider me smacked on the forehead. Ciao --Louis From nomadlogic Sun Jul 3 15:24:44 2005 From: nomadlogic (pete wright) Date: Sun, 3 Jul 2005 12:24:44 -0700 Subject: [nycbug-talk] Stablity fixed??? Maybe??? In-Reply-To: <20050701185951.H14873@neptune.atopia.net> References: <20050701184128.J14538@neptune.atopia.net> <20050701185951.H14873@neptune.atopia.net> Message-ID: <57d7100005070312243f9aeaee@mail.gmail.com> On 7/1/05, Matt Juszczak wrote: > > Maybe you filled up the partition that holds /var/mail? > > It could also be a file lock on the actual mailbox file. > > Or maybe you're running out of memory and the disk drive > > is getting hammered by both mail and swapping. > > Basically, get a hunch of where the problem is and devise > > some instrumentation to confirm it or rule it out. > > At the very least, monitor with top(1), systat(1) and friends. > > But I couldn't get back into the box :) so you where not monitoring the system while you where doing the test? you could also try running some combo of script+screen or syslog to get data of system resource usage/interrupt usage etc. this may give us more info into what exactly is going on your system when it stops responding...has the box wedged or are there just a ton of requests that are starving resources like sshd from responding... -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From scottro Sun Jul 3 16:19:47 2005 From: scottro (Scott Robbins) Date: Sun, 3 Jul 2005 16:19:47 -0400 Subject: [nycbug-talk] PCBSD revisited (and NetBSD-office) Message-ID: <20050703201947.GA15477@mail.scottro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's a lazy Sunday on a holiday weekend and I feel philosophical. PCBSD is growing quite rapidly, and of course, having its growing pains. My own feeling is that the BSDs are simply becoming more and more trendy and that it was an idea whose time had come. Even the FreeBSD developers in that recent interview (OS news?) said they thought it was a good thing. While it has brought in some folks who are asking the complete newcomer type questions, there are enough experienced folks around to answer the questions. Kris has also been able to move everything over to a BSD license (some of it had been GPL'd, which aggravated a lot of people, because he had thought he had to do it that way to work with some libraries.) In the meantime, a German developer has been working on his own desktopBSD. It's not ready yet, in a German interview he stated that he'd been working on it before PCBSD came out and he hopes people don't think he simply copied the idea. http://desktopbsd.sourceforge.net There is also NetBSD-office. It's a straightforward NetBSD with X installation, no differences there. It sets up some things in /etc/rc.conf that the user usually sets up by themself, and also has OpenOffice installed, as well as a few other things, such as firefox. Additionally, there are some scripts for flash and realplayer. Root's default shell is /usr/pkg/bin/bash, rather than a /bin/*sh but aside from that, little controversy. It includes KDE as its default desktop. Unlike PCBSD, its default boot is still in text mode. http://inst.aydogan.net/ - -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Xander: What's going on here? People are going all Felicity with their hair. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCyEhj+lTVdes0Z9YRAkZ3AJwJ5PkF09YEq1uJRgKhkgUUxNs0LACcCyYN egDkZpBAQSt9enbxhDyosI4= =2L+f -----END PGP SIGNATURE----- From matt Sun Jul 3 23:18:13 2005 From: matt (Matt Juszczak) Date: Sun, 3 Jul 2005 23:18:13 -0400 (EDT) Subject: [nycbug-talk] Stablity fixed??? Maybe??? In-Reply-To: <57d7100005070312243f9aeaee@mail.gmail.com> References: <20050701184128.J14538@neptune.atopia.net> <20050701185951.H14873@neptune.atopia.net> <57d7100005070312243f9aeaee@mail.gmail.com> Message-ID: <20050703231750.W81543@neptune.atopia.net> > so you where not monitoring the system while you where doing the test? > you could also try running some combo of script+screen or syslog to > get data of system resource usage/interrupt usage etc. this may give > us more info into what exactly is going on your system when it stops > responding...has the box wedged or are there just a ton of requests > that are starving resources like sshd from responding... I think its the ton of requests response ... the box hasn't done it since I added some changes into postfix's config. -matt From ike Mon Jul 4 17:03:06 2005 From: ike (Isaac Levy) Date: Mon, 4 Jul 2005 17:03:06 -0400 Subject: [nycbug-talk] Stablity fixed??? Maybe??? In-Reply-To: <20050703231750.W81543@neptune.atopia.net> References: <20050701184128.J14538@neptune.atopia.net> <20050701185951.H14873@neptune.atopia.net> <57d7100005070312243f9aeaee@mail.gmail.com> <20050703231750.W81543@neptune.atopia.net> Message-ID: <5C4DDB2A-3D10-4CE2-B21D-28BAD2BD7933@lesmuug.org> Hi Matt, Your comment made me want to share an experience from when I worked with a web hosting company, On Jul 3, 2005, at 11:18 PM, Matt Juszczak wrote: >> so you where not monitoring the system while you where doing the >> test? >> you could also try running some combo of script+screen or syslog to >> get data of system resource usage/interrupt usage etc. this may give >> us more info into what exactly is going on your system when it stops >> responding...has the box wedged or are there just a ton of requests >> that are starving resources like sshd from responding... >> > > I think its the ton of requests response ... the box hasn't done it > since I added some changes into postfix's config. This makes me ask myself, could your server be under deliberate malicious attack, and postfix is choking things? Here's why I come to that conclusion: At my small old web-hosting, we had over 1,000 hosted domains when I worked there- lots of activity. Mail, became our worst nightmare- (and time/money waster), because it most frequently became the target for spacker attacks. (Wired made up that word, it fits: http://www.encyclopedia-online.info/Spacker) There's serious money providing incentive for all the nastiest system crackers to own boxes for the spammers... Anyhow, we dealt with attacks of all shapes and sizes, but one I find relevant to your situation here: ATTACK: Email Subject string-overflow attacks. The attacker was sending massive volumes of spam (DDOS through bot-nets) to our box with over 256 characters in the subject heading. RESULT OF ATTACK: Cyrus was our MTA of choice then, with Exim as the LTA (On FreeBSD 4.x back then). This attack was aimed at an esoteric flaw in the mechanism Cyrus uses to hand off messages to Exim for local delivery, a queue which used BerkeleyDB would explode, and the MTA would hang, and die, without much to go on in the logs. INTERPERTED AIM OF ATTACK: There were other reports that attackers were performing this attack to try to get us to bring a fresh Cyrus box online to replace it, hoping that we'd bring it online and still be configuring it, so they could take advantage of the fresh box while we were configuring it- and attempt to root the system alltogether. This exact situation happened to another ISP, and they were effectively blackmailed- as the attacker didn't care if email came in/out from all the user accounts while they spammed, (and any other ISP's clients sure do!!!) In their case, they had to take down the mail servers, rebuild them offline, while dealing with a ton of support calls from angry customers who wanted their email. SHORT-TERM RESOLUTION: To find this problem, a few troubleshooting methods (out of many things) were valuable: ktrace was used to finally find the MTA was locking the server (we had no core dumps, anything, to go from) network sniffers (ettercap then) was used to scan all mail coming in, from a neighboring box- and we found the extra-long subject headings that way. google employed to find some esoteric notes on others who'd faced similar attacks, and we contacted them immediately. They shyly gave us info about how they resolved their attack, who attacked them etc..., and that helped us out a lot. LONG-TERM RESOLUTION: We riped out the part of Cyrus that talks to the LTA, the stuff which uses BerkelyDB, and replaced it with a different embedded DB- (skiplist), which was modified to mitigate this, and a number of other problems- and I believe that the Cyrus folks integrated a fix in a later release. All of that, just for the spackers. -- Anyhow, just thought I'd share the story, it may help you Matt, or help someone in the future. Mail is the roughest stuff to manage on the internet now IMHO- most attacked, most important... (which is why I now personally like to give it to Mail-specific hosting vendors, so I can focus on what I do... :) Rocket- .ike From lists Mon Jul 4 21:18:00 2005 From: lists (Francisco Reyes) Date: Mon, 4 Jul 2005 21:18:00 -0400 (EDT) Subject: [nycbug-talk] Tech publications to write for.. Message-ID: <20050704211351.A12733@zoraida.natserv.net> Other than Oreilly anyone knows of any other publisher that uses freelance writers for tech articles?.. specially if anyone has direct experience with a particular publisher. From dlavigne6 Mon Jul 4 21:41:41 2005 From: dlavigne6 (Dru) Date: Mon, 4 Jul 2005 21:41:41 -0400 (EDT) Subject: [nycbug-talk] Tech publications to write for.. In-Reply-To: <20050704211351.A12733@zoraida.natserv.net> References: <20050704211351.A12733@zoraida.natserv.net> Message-ID: <20050704212609.B555@dru.domain.org> On Mon, 4 Jul 2005, Francisco Reyes wrote: > Other than Oreilly anyone knows of any other publisher that uses freelance > writers for tech articles?.. specially if anyone has direct experience with a > particular publisher. Yup :-) 1. SysAdmin http://www.samag.com/ed/ You send Rikki an outline which she forwards to the editor for a yeah/nay. Ideas don't necessarily have to follow the editorial calendar. If the idea is accepted, you're given a deadline for the article. If it's accepted, it's worth around $300 USD, usually paid after the magazine publishes. Long process, decent exposure in a fairly respected mag. 2. Hakin9 http://www.haking.pl/en/index.php?page=author European security mag in 6 languages (they do the translations). You suggest the article. Pay isn't much and seems forever to arrive. Pretty decent exposure though in a very popular mag. Send article outline to Roman Polesek (romanp at hakin9.org). 3. Linux User & Developer http://www.linuxuser.co.uk/content/view/48/26/ UK Magazine which has a BSD section and has been bugging me to provide more BSD content (which I haven't time for at the moment). Haven't written for them yet so can't comment on lead time or payment. Try dropping Daniel James a line (danieljames at linuxuser.co.uk) and tell him I suggested he might be interested in some (BSD) technical content. Dru From lists Mon Jul 4 21:49:08 2005 From: lists (Francisco Reyes) Date: Mon, 4 Jul 2005 21:49:08 -0400 (EDT) Subject: [nycbug-talk] Tech publications to write for.. In-Reply-To: <20050704212609.B555@dru.domain.org> References: <20050704211351.A12733@zoraida.natserv.net> <20050704212609.B555@dru.domain.org> Message-ID: <20050704214244.U12733@zoraida.natserv.net> On Mon, 4 Jul 2005, Dru wrote: >> Other than Oreilly anyone knows of any other publisher that uses freelance >> writers for tech articles? Thanks!! > You send Rikki an outline which she forwards to the editor for a yeah/nay. > Ideas don't necessarily have to follow the editorial calendar. If the idea is > accepted, you're given a deadline for the article. >From the one article I submited to Oreilly I have learnt to write the article first.. then find a buyer for it. Otherwise I postpone writing it and that's not good when deadlines are involved.. I figure it would be very $$ helpfull to get 1 or 2 articles submited every month to different publications. > http://www.linuxuser.co.uk/content/view/48/26/ > UK Magazine which has a BSD section and has been bugging me to provide more > BSD content (which I haven't time for at the moment). Haven't written for > them yet so can't comment on lead time or payment. Try dropping Daniel James > a line (danieljames at linuxuser.co.uk) and tell him I suggested he might be > interested in some (BSD) technical content. Great! Will approach that lead first. From lists Tue Jul 5 00:11:36 2005 From: lists (Francisco Reyes) Date: Tue, 5 Jul 2005 00:11:36 -0400 (EDT) Subject: [nycbug-talk] Internet 768kb and up on a budget Message-ID: <20050705000518.I13551@zoraida.natserv.net> Any thoughts on what is the cheapest one could get more than 768Kb up without going to a T1 or SDSL? Currently very happy with AceDSL, but to get better than 768Kb up with them would have to spend $325. I would even be cheaper to get a second DSL.. Primarily looking to send backup files offsite, but it seems I will be burning DVDs instead. :-( The "daily" backups I like to send offiste are under 1GB.. but the weekly which includes images of windows machines is about 15Gb. :-( From alex Tue Jul 5 08:19:20 2005 From: alex (alex at pilosoft.com) Date: Tue, 5 Jul 2005 08:19:20 -0400 (EDT) Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <20050705000518.I13551@zoraida.natserv.net> Message-ID: On Tue, 5 Jul 2005, Francisco Reyes wrote: > Any thoughts on what is the cheapest one could get more than 768Kb up > without going to a T1 or SDSL? > > Currently very happy with AceDSL, but to get better than 768Kb up with > them would have to spend $325. I would even be cheaper to get a second > DSL.. Get two 3000/768 DSL lines, with them or with us, 2*50$. Some duct tape to do load balancing, done/done. > > Primarily looking to send backup files offsite, but it seems I will be > burning DVDs instead. :-( > > The "daily" backups I like to send offiste are under 1GB.. but the > weekly which includes images of windows machines is about 15Gb. :-( From george Tue Jul 5 08:52:02 2005 From: george (George R.) Date: Tue, 05 Jul 2005 08:52:02 -0400 Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: References: Message-ID: <42CA8272.2050607@sddi.net> alex at pilosoft.com wrote: > On Tue, 5 Jul 2005, Francisco Reyes wrote: > > >>Any thoughts on what is the cheapest one could get more than 768Kb up >>without going to a T1 or SDSL? >> >>Currently very happy with AceDSL, but to get better than 768Kb up with >>them would have to spend $325. I would even be cheaper to get a second >>DSL.. > > Get two 3000/768 DSL lines, with them or with us, 2*50$. Some duct tape to > do load balancing, done/done. I've always had better experiences with electrical tape . . . > >>Primarily looking to send backup files offsite, but it seems I will be >>burning DVDs instead. :-( >> >>The "daily" backups I like to send offiste are under 1GB.. but the >>weekly which includes images of windows machines is about 15Gb. :-( > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > > From jhlists Tue Jul 5 10:39:51 2005 From: jhlists (jh) Date: Tue, 05 Jul 2005 10:39:51 -0400 Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: References: Message-ID: <42CA9BB7.4040506@hirschman.net> alex at pilosoft.com wrote: > > Get two 3000/768 DSL lines, with them or with us, 2*50$. Some duct tape to > do load balancing, done/done. > Just imagine if some innovative DSL vendor came up with a "bonded" product (think Etherchannel for DSL) that allowed the end user to transparently do what the OP is looking to do. Perhaps they'd sell a preconfigured Soekris PC that was the "duct tape", so that even those that were only moderately technically enabled could take advantage of this. Perhaps they'd sell more than a few new DSL lines, at higher margin, than they would otherwise, and give even more users a reason to switch to their service. Would I trade my $50 single line for two bonded lines priced at $125-$150/month (and pay for the black box)? Most certainly. Perhaps, perhaps, perhaps. jh From alex Tue Jul 5 10:39:31 2005 From: alex (alex at pilosoft.com) Date: Tue, 5 Jul 2005 10:39:31 -0400 (EDT) Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <42CA9BB7.4040506@hirschman.net> Message-ID: On Tue, 5 Jul 2005, jh wrote: > Just imagine if some innovative DSL vendor came up with a "bonded" > product (think Etherchannel for DSL) that allowed the end user to > transparently do what the OP is looking to do. Perhaps they'd sell a > preconfigured Soekris PC that was the "duct tape", so that even those > that were only moderately technically enabled could take advantage of > this. No market for that. And a simple cisco 17xx will do the trick (two default routes, per-packet-load-balancing). > Perhaps they'd sell more than a few new DSL lines, at higher margin, > than they would otherwise, and give even more users a reason to switch > to their service. Would I trade my $50 single line for two bonded lines > priced at $125-$150/month (and pay for the black box)? Most certainly. If you are serious, we can help you out. Particularly now that the 'naked dsl' is available, you don't need to pay for second VZ phone line just to have DSL service. From jhlists Tue Jul 5 10:52:58 2005 From: jhlists (jh) Date: Tue, 05 Jul 2005 10:52:58 -0400 Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: References: Message-ID: <42CA9ECA.6020900@hirschman.net> alex at pilosoft.com wrote: > On Tue, 5 Jul 2005, jh wrote: > > >>Just imagine if some innovative DSL vendor came up with a "bonded" >>product (think Etherchannel for DSL) that allowed the end user to >>transparently do what the OP is looking to do. Perhaps they'd sell a >>preconfigured Soekris PC that was the "duct tape", so that even those >>that were only moderately technically enabled could take advantage of >>this. > > No market for that. And a simple cisco 17xx will do the trick (two default > routes, per-packet-load-balancing). I have no interest in configuring a cisco 17xx, but perhaps if one came preconfigured as part of such service. And provided that the net effect of doing this was to give me a pipe upstream faster than 768k for a single file transfer (which is the issue that I'm dealing with - clients needing large amounts of data from me as quickly as possible, but typically just one client at a time). > >>Perhaps they'd sell more than a few new DSL lines, at higher margin, >>than they would otherwise, and give even more users a reason to switch >>to their service. Would I trade my $50 single line for two bonded lines >>priced at $125-$150/month (and pay for the black box)? Most certainly. > > If you are serious, we can help you out. Particularly now that the 'naked > dsl' is available, you don't need to pay for second VZ phone line just to > have DSL service. > I'd be interested in something "turnkey", as per my comments aboved. jh From george Tue Jul 5 11:44:53 2005 From: george (George Georgalis) Date: Tue, 5 Jul 2005 11:44:53 -0400 Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <42CA9ECA.6020900@hirschman.net> References: <42CA9ECA.6020900@hirschman.net> Message-ID: <20050705154453.GA1800@ixeon.duo> On Tue, Jul 05, 2005 at 10:52:58AM -0400, jh wrote: >alex at pilosoft.com wrote: >>On Tue, 5 Jul 2005, jh wrote: >> >> >>>Just imagine if some innovative DSL vendor came up with a "bonded" >>>product (think Etherchannel for DSL) that allowed the end user to >>>transparently do what the OP is looking to do. Perhaps they'd sell a >>>preconfigured Soekris PC that was the "duct tape", so that even those >>>that were only moderately technically enabled could take advantage of >>>this. >> >>No market for that. And a simple cisco 17xx will do the trick (two default >>routes, per-packet-load-balancing). > >I have no interest in configuring a cisco 17xx, but perhaps if one came >preconfigured as part of such service. And provided that the net effect >of doing this was to give me a pipe upstream faster than 768k for a >single file transfer (which is the issue that I'm dealing with - clients >needing large amounts of data from me as quickly as possible, but >typically just one client at a time). I was suprised at Alex's point that two dsl lines would work. It's just a few command lines (once you know them) in Linux to load balance multiple gateways, and many linksys routers have an option for redundant gateways / loadbalancing for your lan. But I don't think either of these will increase max bandwidth of a given connection, ie, it may provide two 768K uplinks at the same time but not one 1536. Maybe there is some transfer protocol that can take advantage of two gateways, (rsync and cvsup come to mind) but I'm not sure if they would do it. An isp provided soekris for interface bridging does indeed sound like a good thing. // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org From alex Tue Jul 5 11:52:43 2005 From: alex (alex at pilosoft.com) Date: Tue, 5 Jul 2005 11:52:43 -0400 (EDT) Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <20050705154453.GA1800@ixeon.duo> Message-ID: On Tue, 5 Jul 2005, George Georgalis wrote: > I was suprised at Alex's point that two dsl lines would work. It's just > a few command lines (once you know them) in Linux to load balance > multiple gateways, and many linksys routers have an option for redundant > gateways / loadbalancing for your lan. > > But I don't think either of these will increase max bandwidth of a given > connection, ie, it may provide two 768K uplinks at the same time but not > one 1536. Maybe there is some transfer protocol that can take advantage > of two gateways, (rsync and cvsup come to mind) but I'm not sure if they > would do it. Correct, linux doesn't do per-packet-load-balancing. PPLB is not a perfect solution, however, it works in 99% of cases. (The cases where it doesn't work are things sensitive to packet reordering. Fortunately, all modern TCP stacks are OK with it). Doing PPLB on linux it is *probably* not so hard to hack in, but I haven't tried. You can also do link aggregation with mlpppoe (multilink ppp over ethernet). Very hacky, but I've done that. > An isp provided soekris for interface bridging does indeed sound like a > good thing. Why use soekris when you can use cisco. Although, on this mailing list, most people would probably say 'why use cisco when you can use soekris'... -alex From george Tue Jul 5 12:40:22 2005 From: george (George Georgalis) Date: Tue, 5 Jul 2005 12:40:22 -0400 Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: References: <20050705154453.GA1800@ixeon.duo> Message-ID: <20050705164022.GB1800@ixeon.duo> On Tue, Jul 05, 2005 at 11:52:43AM -0400, alex at pilosoft.com wrote: >On Tue, 5 Jul 2005, George Georgalis wrote: > >> I was suprised at Alex's point that two dsl lines would work. It's just >> a few command lines (once you know them) in Linux to load balance >> multiple gateways, and many linksys routers have an option for redundant >> gateways / loadbalancing for your lan. >> >> But I don't think either of these will increase max bandwidth of a given >> connection, ie, it may provide two 768K uplinks at the same time but not >> one 1536. Maybe there is some transfer protocol that can take advantage >> of two gateways, (rsync and cvsup come to mind) but I'm not sure if they >> would do it. >Correct, linux doesn't do per-packet-load-balancing. PPLB is not a >perfect solution, however, it works in 99% of cases. (The cases where it >doesn't work are things sensitive to packet reordering. Fortunately, all >modern TCP stacks are OK with it). > >Doing PPLB on linux it is *probably* not so hard to hack in, but I haven't >tried. > >You can also do link aggregation with mlpppoe (multilink ppp over >ethernet). Very hacky, but I've done that. > >> An isp provided soekris for interface bridging does indeed sound like a >> good thing. >Why use soekris when you can use cisco. Although, on this mailing list, >most people would probably say 'why use cisco when you can use soekris'... so you're saying you can support 2x dsl, for the cost of a second line, setup and equipment? (I don't know what cisco you are referring to, but cost and ease of use are certainly factors -- I think the real point is why don't you sell the stuff preconfigured so people who want 2x or 3x bandwidth can get it without integrating) why does everyone these days say it's easy for me, U(nderstand)TFM // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org From alex Tue Jul 5 12:42:03 2005 From: alex (alex at pilosoft.com) Date: Tue, 5 Jul 2005 12:42:03 -0400 (EDT) Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <20050705164022.GB1800@ixeon.duo> Message-ID: On Tue, 5 Jul 2005, George Georgalis wrote: > so you're saying you can support 2x dsl, for the cost of a second line, > setup and equipment? (I don't know what cisco you are referring to, but > cost and ease of use are certainly factors -- I think the real point is > why don't you sell the stuff preconfigured so people who want 2x or 3x > bandwidth can get it without integrating) Yes, pretty much. On other hand, people who want more bandwidth should *really* invest into T1. Simply because, no matter what kind of DSL it is, if anything ever goes wrong with it, you are looking at 70 hours mean-time-to-repair. With T1, it is 4 hours. -alex From lists Tue Jul 5 19:53:53 2005 From: lists (Francisco Reyes) Date: Tue, 5 Jul 2005 19:53:53 -0400 (EDT) Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: References: Message-ID: <20050705195039.U21909@zoraida.natserv.net> On Tue, 5 Jul 2005 alex at pilosoft.com wrote: > On other hand, people who want more bandwidth should *really* invest into > T1. Simply because, no matter what kind of DSL it is, if anything ever > goes wrong with it, you are looking at 70 hours mean-time-to-repair. With > T1, it is 4 hours. But the price of a T1 is considerably higher than 2 DSLs. Besides let's not mix apples and oranges.. The 2 DSL aggregation is about increasing bandwith on a show string budget.. there was no mention of reliability.. although if I do go with a second DSL plan to get from a second company. In particular if I could get the Naked DSL you mentioned. At this point I am only researching my options, but I think a second DSL is in my future.. From driodeiros Tue Jul 5 20:07:40 2005 From: driodeiros (David Rio Deiros) Date: Tue, 5 Jul 2005 17:07:40 -0700 Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <20050705154453.GA1800@ixeon.duo> References: <42CA9ECA.6020900@hirschman.net> <20050705154453.GA1800@ixeon.duo> Message-ID: <20050706000740.GA13399@david-rio-deiros-mac-mini.local> On Tue, Jul 05, 2005 at 11:44:53AM -0400, George Georgalis wrote: > I was suprised at Alex's point that two dsl lines would work. It's > just a few command lines (once you know them) in Linux to load balance > multiple gateways Can you tell me those "few commands"? I didn't know it was so easy. From alex Tue Jul 5 20:22:13 2005 From: alex (alex at pilosoft.com) Date: Tue, 5 Jul 2005 20:22:13 -0400 (EDT) Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <20050706000740.GA13399@david-rio-deiros-mac-mini.local> Message-ID: On Tue, 5 Jul 2005, David Rio Deiros wrote: > On Tue, Jul 05, 2005 at 11:44:53AM -0400, George Georgalis wrote: > > I was suprised at Alex's point that two dsl lines would work. It's > > just a few command lines (once you know them) in Linux to load balance > > multiple gateways > > Can you tell me those "few commands"? I didn't know it was so easy. ip route add default nexthop via gatewayip1 nexthop via gatewayip2 -alex From george Tue Jul 5 21:30:19 2005 From: george (George Georgalis) Date: Tue, 5 Jul 2005 21:30:19 -0400 Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <20050706000740.GA13399@david-rio-deiros-mac-mini.local> References: <42CA9ECA.6020900@hirschman.net> <20050705154453.GA1800@ixeon.duo> <20050706000740.GA13399@david-rio-deiros-mac-mini.local> Message-ID: <20050706013019.GA3074@ixeon.duo> On Tue, Jul 05, 2005 at 05:07:40PM -0700, David Rio Deiros wrote: >On Tue, Jul 05, 2005 at 11:44:53AM -0400, George Georgalis wrote: >> I was suprised at Alex's point that two dsl lines would work. It's >> just a few command lines (once you know them) in Linux to load balance >> multiple gateways > >Can you tell me those "few commands"? I didn't know it was so easy. Well a few more than I remembered, but here's my notes; I think this works (add the iproute2 package if you don't have it), GATEWAY0 is used on a 6:1 ratio with GATEWAY1 (or vice versa?) GATEWAY0=216.254.97.1 GATEWAY1=65.185.37.22 NIC0=216.254.97.15 NIC1=65.185.37.21 route del default ip route add 0.0.0.0/0 via $GATEWAY0 table E0 ip route add 0.0.0.0/0 via $GATEWAY1 table E1 ip rule add from $NIC0 table E0 ip rule add from $NIC1 table E1 ip route add default scope global \ nexthop via $GATEWAY0 weight 6 \ nexthop via $GATEWAY1 weight 1 ip route flush cache Not sure what happens if a link fails and I wonder if it would work with one physical interface... // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org From driodeiros Tue Jul 5 22:16:11 2005 From: driodeiros (David Rio Deiros) Date: Tue, 5 Jul 2005 19:16:11 -0700 Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <20050706013019.GA3074@ixeon.duo> References: <42CA9ECA.6020900@hirschman.net> <20050705154453.GA1800@ixeon.duo> <20050706000740.GA13399@david-rio-deiros-mac-mini.local> <20050706013019.GA3074@ixeon.duo> Message-ID: <20050706021602.GA4923@david-rio-deiros-mac-mini.local> On Tue, Jul 05, 2005 at 09:30:19PM -0400, George Georgalis wrote: > Well a few more than I remembered, but here's my notes; I think this > works (add the iproute2 package if you don't have it), GATEWAY0 is > used on a 6:1 ratio with GATEWAY1 (or vice versa?) Thanks George. Do you know if this feature is implemented in BSD? As far as I know it is not. > GATEWAY0=216.254.97.1 > GATEWAY1=65.185.37.22 > NIC0=216.254.97.15 > NIC1=65.185.37.21 > route del default > ip route add 0.0.0.0/0 via $GATEWAY0 table E0 > ip route add 0.0.0.0/0 via $GATEWAY1 table E1 > ip rule add from $NIC0 table E0 > ip rule add from $NIC1 table E1 > ip route add default scope global \ > nexthop via $GATEWAY0 weight 6 \ > nexthop via $GATEWAY1 weight 1 > ip route flush cache > > > Not sure what happens if a link fails and I wonder if it would work with > one physical interface... One more question, does this system caches routes? If it does, It means that routes to often used sites will use always the same provider. Very interesting anyway. I have to read more about it. From alex Tue Jul 5 22:36:13 2005 From: alex (alex at pilosoft.com) Date: Tue, 5 Jul 2005 22:36:13 -0400 (EDT) Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <20050706021602.GA4923@david-rio-deiros-mac-mini.local> Message-ID: On Tue, 5 Jul 2005, David Rio Deiros wrote: > Thanks George. Do you know if this feature is implemented in BSD? As far > as I know it is not. With KAME patches, yes, bsd supports multipath. (RADIX_MPATH) (not on every *bsd, google for kame multipath). there's been some fbsd-native ecmp patches, google for 'multipath freebsd'. > > Not sure what happens if a link fails and I wonder if it would work > > with one physical interface... It will not detect link failures. Google for linux "dead gateway detection" patches > > One more question, does this system caches routes? If it does, It means > that routes to often used sites will use always the same provider. Yes, both linux and fbsd are route-cache-based. From george Tue Jul 5 23:25:45 2005 From: george (George Georgalis) Date: Tue, 5 Jul 2005 23:25:45 -0400 Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <20050706021602.GA4923@david-rio-deiros-mac-mini.local> References: <42CA9ECA.6020900@hirschman.net> <20050705154453.GA1800@ixeon.duo> <20050706000740.GA13399@david-rio-deiros-mac-mini.local> <20050706013019.GA3074@ixeon.duo> <20050706021602.GA4923@david-rio-deiros-mac-mini.local> Message-ID: <20050706032545.GA3257@ixeon.duo> On Tue, Jul 05, 2005 at 07:16:11PM -0700, David Rio Deiros wrote: >Do you know if this feature is implemented in BSD? As far as I know >it is not. Alex seems to know better than I... // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org From o_sleep Wed Jul 6 06:09:16 2005 From: o_sleep (Bjorn Nelson) Date: Wed, 6 Jul 2005 06:09:16 -0400 Subject: [nycbug-talk] Internet 768kb and up on a budget In-Reply-To: <20050705000518.I13551@zoraida.natserv.net> References: <20050705000518.I13551@zoraida.natserv.net> Message-ID: <32A87A83-5393-47B3-AE41-801171611B60@belovedarctos.com> Francisco, On Jul 5, 2005, at 12:11 AM, Francisco Reyes wrote: > Any thoughts on what is the cheapest one could get more than 768Kb > up without going to a T1 or SDSL? > > Currently very happy with AceDSL, but to get better than 768Kb up > with them would have to spend $325. I would even be cheaper to get > a second DSL.. I am getting 1.5M down/384k up with acedsl for $60/mo (used to be 1.5M down/256k up for $50/mo). I know that the 1.5M upgrade required you to be within a certain distance from the CO, but it was free (required a year contract). This is all adsl. -Bjorn From lists Wed Jul 6 08:30:47 2005 From: lists (Francisco Reyes) Date: Wed, 6 Jul 2005 08:30:47 -0400 (EDT) Subject: [nycbug-talk] Email providers Message-ID: <20050706082856.B33123@zoraida.natserv.net> Need to find a RELIABLE emaip provider ASAP. Any recommendations. Wasn't there an email company owned by one of our list members? Need to host about 50 email accounts.. at no more than $50. :-( The users do POP so there won't be much load/storage.. Only need about 3 users with 20MB quotas all others can be even 5MB.. From g Wed Jul 6 10:11:41 2005 From: g (Gordon Smith) Date: Wed, 06 Jul 2005 10:11:41 -0400 Subject: [nycbug-talk] Email providers In-Reply-To: <20050706082856.B33123@zoraida.natserv.net> Message-ID: <0IJ700EN5M63DKA0@mta1.srv.hcvlny.cv.net> You might want to use a web hosting plan with email support, then put up an index page and a 404 page and just use the email services. Check out aplus.net as a web host. I've purchased domains from their names4ever.com division for $8 w/o any other related commitments (e.g. no hosting agreement obligation etc.); their customer service has always been good to me. Looks like this plan might do the job - http://hosting.aplus.net/soloxr.html A suggestion for selection criteria, no matter who the host is: see if they have dedicated personnel who monitor spam blacklists to make certain that your domain/ip address stays off the lists in the event that their server is used as an open relay - or even if your domain is falsely accused of spamming. IMHO this is one of the things that illustrates the difference between a company that throws together a network and takes their customers' money vs. a professional service provider. Let us know how you make out. Cheers, Gordon -----Original Message----- Need to find a RELIABLE emaip provider ASAP. Any recommendations. Wasn't there an email company owned by one of our list members? Need to host about 50 email accounts.. at no more than $50. :-( The users do POP so there won't be much load/storage.. Only need about 3 users with 20MB quotas all others can be even 5MB.. From bschonhorst Wed Jul 6 10:18:26 2005 From: bschonhorst (Brad Schonhorst) Date: Wed, 6 Jul 2005 10:18:26 -0400 (EDT) Subject: [nycbug-talk] Email providers In-Reply-To: <20050706082856.B33123@zoraida.natserv.net> References: <20050706082856.B33123@zoraida.natserv.net> Message-ID: <58041.168.100.249.178.1120659506.squirrel@www.geekisp.com> > Need to find a RELIABLE emaip provider ASAP. > Any recommendations. You might look into GeekISP, I just moved our staff email accounts there in June. Its a small outfit but very affordable. Using OpenBSD, SquirrelMail, SpamAssassin, and QmailAdmin to manage your accounts. http://geekisp.com -Brad From lists Wed Jul 6 10:26:55 2005 From: lists (michael) Date: Wed, 6 Jul 2005 10:26:55 -0400 Subject: [nycbug-talk] Email providers In-Reply-To: <20050706082856.B33123@zoraida.natserv.net> References: <20050706082856.B33123@zoraida.natserv.net> Message-ID: <20050706102655.7e0c74da@genoverly.com> On Wed, 6 Jul 2005 08:30:47 -0400 (EDT) Francisco Reyes wrote: > Need to find a RELIABLE emaip provider ASAP. > Any recommendations. > > Wasn't there an email company owned by one of our list members? > > Need to host about 50 email accounts.. at no more than $50. :-( > The users do POP so there won't be much load/storage.. > > Only need about 3 users with 20MB quotas all others can be even 5MB.. > You may have been thinking of Bruno.. http://loftmail.com/about_us/index.html Michael -- From lists Wed Jul 6 10:26:37 2005 From: lists (Francisco Reyes) Date: Wed, 6 Jul 2005 10:26:37 -0400 (EDT) Subject: [nycbug-talk] Email providers In-Reply-To: <0IJ700EN5M63DKA0@mta1.srv.hcvlny.cv.net> References: <0IJ700EN5M63DKA0@mta1.srv.hcvlny.cv.net> Message-ID: <20050706102458.V33357@zoraida.natserv.net> On Wed, 6 Jul 2005, Gordon Smith wrote: > You might want to use a web hosting plan with email support, then put up an > index page and a 404 page and just use the email services. That's one of the options. There is one company I have always liked, http://addy.com, but they don't support IMAP. I am still waiting to hear from my client to see if they need IMAP. > Check out aplus.net as a web host. Thanks. Will take a look. > A suggestion for selection criteria, no matter who the host is: see if they > have dedicated personnel who monitor spam blacklists to make certain that > your domain/ip address stays off the lists in the event that their server is > used as an open relay Thanks for that advice.. An excellent point. From lists Wed Jul 6 10:41:19 2005 From: lists (Francisco Reyes) Date: Wed, 6 Jul 2005 10:41:19 -0400 (EDT) Subject: [nycbug-talk] Email providers In-Reply-To: <58041.168.100.249.178.1120659506.squirrel@www.geekisp.com> References: <20050706082856.B33123@zoraida.natserv.net> <58041.168.100.249.178.1120659506.squirrel@www.geekisp.com> Message-ID: <20050706104055.B33357@zoraida.natserv.net> On Wed, 6 Jul 2005, Brad Schonhorst wrote: > http://geekisp.com Thanks. Will take a look. From george Wed Jul 6 12:21:55 2005 From: george (George R.) Date: Wed, 06 Jul 2005 12:21:55 -0400 Subject: [nycbug-talk] Email providers In-Reply-To: <20050706104055.B33357@zoraida.natserv.net> References: <20050706082856.B33123@zoraida.natserv.net> <58041.168.100.249.178.1120659506.squirrel@www.geekisp.com> <20050706104055.B33357@zoraida.natserv.net> Message-ID: <42CC0523.1030407@sddi.net> Francisco Reyes wrote: > On Wed, 6 Jul 2005, Brad Schonhorst wrote: > >> http://geekisp.com > > > Thanks. Will take a look. And you should check out BSDTracker: http://nycbug.org/index.php?NAV=BSDTracker g From lists Wed Jul 6 12:59:23 2005 From: lists (Francisco Reyes) Date: Wed, 6 Jul 2005 12:59:23 -0400 (EDT) Subject: [nycbug-talk] Email providers In-Reply-To: <42CC0523.1030407@sddi.net> References: <20050706082856.B33123@zoraida.natserv.net> <58041.168.100.249.178.1120659506.squirrel@www.geekisp.com> <20050706104055.B33357@zoraida.natserv.net> <42CC0523.1030407@sddi.net> Message-ID: <20050706125021.C34298@zoraida.natserv.net> On Wed, 6 Jul 2005, George R. wrote: > http://nycbug.org/index.php?NAV=BSDTracker Thanks. Will do next time. Although the categories could use some changing.. :-) The current ones are very broad. From nikolai.fetissov Wed Jul 6 13:04:20 2005 From: nikolai.fetissov (Nikolai N. Fetissov) Date: Wed, 06 Jul 2005 13:04:20 -0400 Subject: [nycbug-talk] Email providers In-Reply-To: <58041.168.100.249.178.1120659506.squirrel@www.geekisp.com> References: <20050706082856.B33123@zoraida.natserv.net> <58041.168.100.249.178.1120659506.squirrel@www.geekisp.com> Message-ID: <42CC0F14.8030105@peachisland.com> Brad Schonhorst wrote: >>Need to find a RELIABLE emaip provider ASAP. >>Any recommendations. > > > You might look into GeekISP, I just moved our staff email accounts there > in June. Its a small outfit but very affordable. Using OpenBSD, > SquirrelMail, SpamAssassin, and QmailAdmin to manage your accounts. > > http://geekisp.com > > -Brad +10 for GeekISP. Using them for about a year, no complaints, excellent service and prompt support. Dave even shows up at nycbug meetings :) -- nick From driodeiros Wed Jul 6 13:24:23 2005 From: driodeiros (David Rio Deiros) Date: Wed, 6 Jul 2005 10:24:23 -0700 Subject: [nycbug-talk] Email providers In-Reply-To: <20050706082856.B33123@zoraida.natserv.net> References: <20050706082856.B33123@zoraida.natserv.net> Message-ID: <20050706172423.GA7047@david-rio-deiros-mac-mini.local> On Wed, Jul 06, 2005 at 08:30:47AM -0400, Francisco Reyes wrote: > Need to find a RELIABLE emaip provider ASAP. > Any recommendations. > > Wasn't there an email company owned by one of our list members? > > Need to host about 50 email accounts.. at no more than $50. :-( > The users do POP so there won't be much load/storage.. > > Only need about 3 users with 20MB quotas all others can be even 5MB.. Check out http://www.ziaspace.com/hosting/index.html. It is the company of one of the netbsd developers, John Klos. I am sure you can get a good price there. Let us know what you finally decide. David From spork Wed Jul 6 14:04:07 2005 From: spork (Charles Sprickman) Date: Wed, 6 Jul 2005 14:04:07 -0400 (EDT) Subject: [nycbug-talk] Email providers In-Reply-To: <20050706082856.B33123@zoraida.natserv.net> References: <20050706082856.B33123@zoraida.natserv.net> Message-ID: On Wed, 6 Jul 2005, Francisco Reyes wrote: > Need to find a RELIABLE emaip provider ASAP. > Any recommendations. Bway can do that, not sure if they can meet that price; we don't generally try to compete with the mass-market hosters. heyjoe at bway.net can provide the best price. The price gets better if you buy more stuff from us - we like working with consultants that bring in more business. Mail services are run on FreeBSD using qmail and vpopmail and a small "cluster" of spamd/clamav boxes. We offer ssl-enabled pop3, imap and smtp with all mail accounts. Thanks, Charles > Wasn't there an email company owned by one of our list members? > > Need to host about 50 email accounts.. at no more than $50. :-( > The users do POP so there won't be much load/storage.. > > Only need about 3 users with 20MB quotas all others can be even 5MB.. > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From ike Wed Jul 6 16:17:43 2005 From: ike (Isaac Levy) Date: Wed, 6 Jul 2005 16:17:43 -0400 Subject: [nycbug-talk] Email providers In-Reply-To: <20050706082856.B33123@zoraida.natserv.net> References: <20050706082856.B33123@zoraida.natserv.net> Message-ID: Hi All, On Jul 6, 2005, at 8:30 AM, Francisco Reyes wrote: > Need to host about 50 email accounts.. at no more than $50. :-( Seems people have the bases covered for reccomendations, I'm quite pleased with my loftmail email accounts- but wanted to bring up a more general email issue- People expect email to be pretty cheap, nearly free. With web- hosting, it's a lost-leader add-on product even- no profit is usually made from it there- and it often just bites. With that, I personally believe cheap notions of what email is about have hurt it's effectiveness as a communications medium- (read: spam). Companies don't have/make time to get into things like SecureID ideas with any resolve, it's just not cost effective. With that, most email service is focused on simply keeping things online- and mitigating the sea of spam by patching holes in the dam over and over... -- What are other people's expectations on the list, as to how much email should cost? Would people pay a premium for *really* good email, or do we all feel email should be as cheap as water? (For me, I can't bear to spend money on my own email, when I know I'm sending/ receiving mostly from shoddy accounts everyone else has, so what's the point...?) Trying to stay positive, Rocket- .ike From njt Wed Jul 6 17:14:08 2005 From: njt (N.J. Thomas) Date: Wed, 6 Jul 2005 17:14:08 -0400 Subject: [nycbug-talk] Email providers In-Reply-To: <42CC0F14.8030105@peachisland.com> References: <20050706082856.B33123@zoraida.natserv.net> <58041.168.100.249.178.1120659506.squirrel@www.geekisp.com> <42CC0F14.8030105@peachisland.com> Message-ID: <20050706211408.GA30210@ayvali.org> * Nikolai N. Fetissov : > Brad Schonhorst wrote: > > > Need to find a RELIABLE emaip provider ASAP. Any recommendations. > > > > You might look into GeekISP, I just moved our staff email accounts > > there in June. Its a small outfit but very affordable. Using > > OpenBSD, SquirrelMail, SpamAssassin, and QmailAdmin to manage your > > accounts. > > > > http://geekisp.com > > +10 for GeekISP. > Using them for about a year, no complaints, excellent service and > prompt support. Let me chime in as well. I've been with GeekISP for about 6 months now -- excellent service, no problems with them whatsoever. Very Unix centric (a plus in my book), great support, they know what they are doing. Thomas -- N.J. Thomas njt at ayvali.org Etiamsi occiderit me, in ipso sperabo From george Wed Jul 6 23:43:20 2005 From: george (George Georgalis) Date: Wed, 6 Jul 2005 23:43:20 -0400 Subject: [nycbug-talk] maildir client via smb for windows... Message-ID: <20050707034320.GA3276@ixeon.duo> Is there is a decent (netscape mail being the gold standard here) email client than can grok maildirs? I'm in a position where I need to setup pop for a client with the maildir already on his desktop.. // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org From tux Wed Jul 6 23:50:58 2005 From: tux (Kevin Reiter) Date: Wed, 06 Jul 2005 23:50:58 -0400 Subject: [nycbug-talk] maildir client via smb for windows... In-Reply-To: <20050707034320.GA3276@ixeon.duo> References: <20050707034320.GA3276@ixeon.duo> Message-ID: <42CCA6A2.6040801@penguinnetwerx.net> George Georgalis wrote: > Is there is a decent (netscape mail being the gold standard here) email > client than can grok maildirs? I'm in a position where I need to setup > pop for a client with the maildir already on his desktop.. Sylpheed and Sylpheed+claws comes immediately to mind, and it also works on Win32 if you ever need to use it cross-platform. GnuPG support built-in, too. I've used it off and on for years until Thunderbird came out.. hth -Kev From nikolai.fetissov Thu Jul 7 00:05:18 2005 From: nikolai.fetissov (Nikolai N. Fetissov) Date: Thu, 07 Jul 2005 00:05:18 -0400 Subject: [nycbug-talk] July meeting audio Message-ID: <42CCA9FE.3090101@peachisland.com> Folks, mp3 of Angelos' presentation is available at the usual place: http://www.peachisland.com/nycbug/ -- nick From tux Thu Jul 7 00:07:11 2005 From: tux (Kevin Reiter) Date: Thu, 07 Jul 2005 00:07:11 -0400 Subject: [nycbug-talk] maildir client via smb for windows... In-Reply-To: <42CCA6A2.6040801@penguinnetwerx.net> References: <20050707034320.GA3276@ixeon.duo> <42CCA6A2.6040801@penguinnetwerx.net> Message-ID: <42CCAA6F.4050402@penguinnetwerx.net> Kevin Reiter wrote: > George Georgalis wrote: > >> Is there is a decent (netscape mail being the gold standard here) email >> client than can grok maildirs? I'm in a position where I need to setup >> pop for a client with the maildir already on his desktop.. > > > Sylpheed and Sylpheed+claws comes immediately to mind, and it also works > on Win32 if you ever need to use it cross-platform. GnuPG support > built-in, too. I've used it off and on for years until Thunderbird came > out.. Sorry, forgot to post the URL for it (although it's in the ports tree): http://sylpheed.org http://claws.sylpheed.org I'd recommend the +claws version, as it's more feature-rich. Supports themes, plugins, and a bunch of other stuff as well. There's even a bunch of scripts you can grab on the site to do all kinds of neat things. -Kev From mspitzer Thu Jul 7 00:26:24 2005 From: mspitzer (Marc Spitzer) Date: Thu, 7 Jul 2005 00:26:24 -0400 Subject: [nycbug-talk] maildir client via smb for windows... In-Reply-To: <42CCAA6F.4050402@penguinnetwerx.net> References: <20050707034320.GA3276@ixeon.duo> <42CCA6A2.6040801@penguinnetwerx.net> <42CCAA6F.4050402@penguinnetwerx.net> Message-ID: <8c50a3c30507062126578b4c69@mail.gmail.com> On 7/7/05, Kevin Reiter wrote: > Kevin Reiter wrote: > > George Georgalis wrote: > > > >> Is there is a decent (netscape mail being the gold standard here) email > >> client than can grok maildirs? I'm in a position where I need to setup > >> pop for a client with the maildir already on his desktop.. > > > > > > Sylpheed and Sylpheed+claws comes immediately to mind, and it also works > > on Win32 if you ever need to use it cross-platform. GnuPG support > > built-in, too. I've used it off and on for years until Thunderbird came > > out.. seconded I like it and have used it. Just curious does thunderbird do it? marc > > Sorry, forgot to post the URL for it (although it's in the ports tree): > > http://sylpheed.org > http://claws.sylpheed.org > > I'd recommend the +claws version, as it's more feature-rich. Supports > themes, plugins, and a bunch of other stuff as well. There's even a bunch > of scripts you can grab on the site to do all kinds of neat things. > > -Kev > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From nycbug Thu Jul 7 08:55:11 2005 From: nycbug (Raymond Lai) Date: Thu, 7 Jul 2005 08:55:11 -0400 Subject: [nycbug-talk] Email providers In-Reply-To: References: <20050706082856.B33123@zoraida.natserv.net> Message-ID: <20050707125511.GA15720@syntax.cyth.net> On Wed, Jul 06, 2005 at 04:17:43PM -0400, Isaac Levy wrote: > What are other people's expectations on the list, as to how much > email should cost? Would people pay a premium for *really* good > email, or do we all feel email should be as cheap as water? (For me, > I can't bear to spend money on my own email, when I know I'm sending/ > receiving mostly from shoddy accounts everyone else has, so what's > the point...?) I pay for good e-mail. I pay in money and in time to administer my own domain. I just don't like having my e-mail held by anyone by myself. I also don't like having domains disappearing and having to inform everyone, ``Please e-mail me at this address instead!'' -Ray- From tux Thu Jul 7 09:53:51 2005 From: tux (Kevin Reiter) Date: Thu, 07 Jul 2005 09:53:51 -0400 Subject: [nycbug-talk] maildir client via smb for windows... In-Reply-To: <8c50a3c30507062126578b4c69@mail.gmail.com> References: <20050707034320.GA3276@ixeon.duo> <42CCA6A2.6040801@penguinnetwerx.net> <42CCAA6F.4050402@penguinnetwerx.net> <8c50a3c30507062126578b4c69@mail.gmail.com> Message-ID: <42CD33EF.5080507@penguinnetwerx.net> Marc Spitzer wrote: > seconded I like it and have used it. Just curious does thunderbird do it? No idea. I haven't really had time lately to look into it. If I hear anything, I'll post it. -Kev From jesse Thu Jul 7 10:00:31 2005 From: jesse (Jesse Callaway) Date: Thu, 7 Jul 2005 10:00:31 -0400 Subject: [nycbug-talk] July meeting audio In-Reply-To: <42CCA9FE.3090101@peachisland.com> References: <42CCA9FE.3090101@peachisland.com> Message-ID: <200507071000.31992.jesse@theholymountain.com> On Thursday 07 July 2005 12:05 am, Nikolai N. Fetissov says: > Folks, > mp3 of Angelos' presentation is available > at the usual place: http://www.peachisland.com/nycbug/ Thanks again. This is such a great service. It really adds to the knowledge base in a way which powerpoints and documents can't. -jesse From jesse Thu Jul 7 10:06:48 2005 From: jesse (Jesse Callaway) Date: Thu, 7 Jul 2005 10:06:48 -0400 Subject: [nycbug-talk] maildir client via smb for windows... In-Reply-To: <42CD33EF.5080507@penguinnetwerx.net> References: <20050707034320.GA3276@ixeon.duo> <8c50a3c30507062126578b4c69@mail.gmail.com> <42CD33EF.5080507@penguinnetwerx.net> Message-ID: <200507071006.48785.jesse@theholymountain.com> On Thursday 07 July 2005 09:53 am, Kevin Reiter says: > Marc Spitzer wrote: > > seconded I like it and have used it. Just curious does thunderbird do > > it? > > No idea. I haven't really had time lately to look into it. If I hear > anything, I'll post it. > > -Kev Thunderbird needs either POP or IMAP. Kmail is another which supports reading off of the local filesystem. I'm using it now, but only because I'm too lazy to change it (and set up POP). It's an OK program and the only problems are GUI related, and thus will be ironed out I assume. But the problems are bad. The toolbar buttons have a mind of their own. -jesse From g Thu Jul 7 10:08:44 2005 From: g (Gordon Smith) Date: Thu, 07 Jul 2005 10:08:44 -0400 Subject: [nycbug-talk] Email providers Message-ID: <0IJ900BH5GMOHP00@mta4.srv.hcvlny.cv.net> > I pay for good e-mail. I pay in money and in time to administer > my own domain. I just don't like having my e-mail held by anyone > by myself. I also don't like having domains disappearing and having > to inform everyone, ``Please e-mail me at this address instead!'' I couldn't agree more, yet reliable email vendors do play an important role in the lives of overburdened technical staff - and who isn't overburdened nowadays? It boils down to the old time vs. money tradeoff: if we spend $x, do we recapture more than $x worth of time? Cheers, Gordon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nycbug.org/pipermail/talk/attachments/20050707/8bb71beb/attachment.html From tux Thu Jul 7 10:16:33 2005 From: tux (Kevin Reiter) Date: Thu, 07 Jul 2005 10:16:33 -0400 Subject: [nycbug-talk] Email providers In-Reply-To: <20050706211408.GA30210@ayvali.org> References: <20050706082856.B33123@zoraida.natserv.net> <58041.168.100.249.178.1120659506.squirrel@www.geekisp.com> <42CC0F14.8030105@peachisland.com> <20050706211408.GA30210@ayvali.org> Message-ID: <42CD3941.3060009@penguinnetwerx.net> N.J. Thomas wrote: > * Nikolai N. Fetissov : > >>Brad Schonhorst wrote: >> >>>>Need to find a RELIABLE emaip provider ASAP. Any recommendations. >>> >>>You might look into GeekISP, I just moved our staff email accounts >>>there in June. Its a small outfit but very affordable. Using >>>OpenBSD, SquirrelMail, SpamAssassin, and QmailAdmin to manage your >>>accounts. >>> >>>http://geekisp.com >> >>+10 for GeekISP. >>Using them for about a year, no complaints, excellent service and >>prompt support. > > > Let me chime in as well. I've been with GeekISP for about 6 months now > -- excellent service, no problems with them whatsoever. Very Unix > centric (a plus in my book), great support, they know what they are > doing. After about a year with GeekISP, I have no complaints whatsoever. I'm not going to post another long-winded story about why I'm happy with them, since I've already done that (available in the archives). GeekISP r0x. 'Nuff said. (Sorry I haven't had a chance to try out the services of our other members, but maybe sometime soon I'll be making a few calls..) -Kev From nycbug Thu Jul 7 10:38:37 2005 From: nycbug (Raymond Lai) Date: Thu, 7 Jul 2005 10:38:37 -0400 Subject: [nycbug-talk] July meeting audio In-Reply-To: <42CCA9FE.3090101@peachisland.com> References: <42CCA9FE.3090101@peachisland.com> Message-ID: <20050707143837.GB20366@syntax.cyth.net> On Thu, Jul 07, 2005 at 12:05:18AM -0400, Nikolai N. Fetissov wrote: > Folks, > mp3 of Angelos' presentation is available > at the usual place: http://www.peachisland.com/nycbug/ This was a talk I really really really wanted to see, but something came up at the last moment and I missed it. Is it possible to get the slides as well? -Ray- From nycbug Thu Jul 7 10:41:21 2005 From: nycbug (Raymond Lai) Date: Thu, 7 Jul 2005 10:41:21 -0400 Subject: [nycbug-talk] July meeting audio In-Reply-To: <20050707143837.GB20366@syntax.cyth.net> References: <42CCA9FE.3090101@peachisland.com> <20050707143837.GB20366@syntax.cyth.net> Message-ID: <20050707144121.GC20366@syntax.cyth.net> On Thu, Jul 07, 2005 at 10:38:37AM -0400, Raymond Lai wrote: > On Thu, Jul 07, 2005 at 12:05:18AM -0400, Nikolai N. Fetissov wrote: > > Folks, > > mp3 of Angelos' presentation is available > > at the usual place: http://www.peachisland.com/nycbug/ > > This was a talk I really really really wanted to see, but something > came up at the last moment and I missed it. Is it possible to get > the slides as well? Oh, and thanks for the audio recordings! Very much appreciated! -Ray- From nycbug Thu Jul 7 11:31:58 2005 From: nycbug (Raymond Lai) Date: Thu, 7 Jul 2005 11:31:58 -0400 Subject: [nycbug-talk] July meeting audio In-Reply-To: <42CD3F7F.2070807@cs.columbia.edu> References: <42CCA9FE.3090101@peachisland.com> <20050707143837.GB20366@syntax.cyth.net> <42CD3F7F.2070807@cs.columbia.edu> Message-ID: <20050707153158.GA31875@syntax.cyth.net> On Thu, Jul 07, 2005 at 10:43:11AM -0400, Angelos D. Keromytis wrote: > Slides are at > http://www.cs.columbia.edu/~angelos/NYCBUG/ Thank you! > Raymond Lai wrote: > >On Thu, Jul 07, 2005 at 12:05:18AM -0400, Nikolai N. Fetissov wrote: > > > >>Folks, > >>mp3 of Angelos' presentation is available > >>at the usual place: http://www.peachisland.com/nycbug/ > > > > > >This was a talk I really really really wanted to see, but something > >came up at the last moment and I missed it. Is it possible to get > >the slides as well? > > > >-Ray- From mickey Thu Jul 7 12:33:33 2005 From: mickey (Michael Shalayeff) Date: Thu, 7 Jul 2005 12:33:33 -0400 (EDT) Subject: [nycbug-talk] audio link Message-ID: <200507071633.j67GXXMf002958@lucifier.net> re i think it would be way more useful if link to audio from the angelos' talk would be an actual link not just a cut&paste raw material (: cu -- paranoic mickey (my employers have changed but, the name has remained) From george Thu Jul 7 12:56:11 2005 From: george (George Georgalis) Date: Thu, 7 Jul 2005 12:56:11 -0400 Subject: [nycbug-talk] maildir client via smb for windows... In-Reply-To: <200507071006.48785.jesse@theholymountain.com> References: <20050707034320.GA3276@ixeon.duo> <8c50a3c30507062126578b4c69@mail.gmail.com> <42CD33EF.5080507@penguinnetwerx.net> <200507071006.48785.jesse@theholymountain.com> Message-ID: <20050707165611.GA3980@ixeon.duo> On Thu, Jul 07, 2005 at 10:06:48AM -0400, Jesse Callaway wrote: >On Thursday 07 July 2005 09:53 am, Kevin Reiter says: >> Marc Spitzer wrote: >> > seconded I like it and have used it. Just curious does thunderbird do >> > it? >> >> No idea. I haven't really had time lately to look into it. If I hear >> anything, I'll post it. >> >> -Kev > >Thunderbird needs either POP or IMAP. Kmail is another which supports reading >off of the local filesystem. I'm using it now, but only because I'm too lazy >to change it (and set up POP). It's an OK program and the only problems are >GUI related, and thus will be ironed out I assume. But the problems are bad. >The toolbar buttons have a mind of their own. Well if I wasn't clear the primary requirement is that it runs on Windows. Webmail is already available for this account, but presently I'm setting up pop3d so a windows client on the lan can pop the Unix maildir (which is already on their desktop via samba) from Netscape mail, which is, in turn, saved in mbox format on the Unix disk, via the same samba share. (SIGH) It looks like Thunderbird could support maildir through extensions, but one doesn't seem to exist. // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org From tux Thu Jul 7 13:17:21 2005 From: tux (Kevin Reiter) Date: Thu, 07 Jul 2005 13:17:21 -0400 Subject: [nycbug-talk] maildir client via smb for windows... In-Reply-To: <20050707165611.GA3980@ixeon.duo> References: <20050707034320.GA3276@ixeon.duo> <8c50a3c30507062126578b4c69@mail.gmail.com> <42CD33EF.5080507@penguinnetwerx.net> <200507071006.48785.jesse@theholymountain.com> <20050707165611.GA3980@ixeon.duo> Message-ID: <42CD63A1.5070502@penguinnetwerx.net> George Georgalis wrote: > On Thu, Jul 07, 2005 at 10:06:48AM -0400, Jesse Callaway wrote: > >>On Thursday 07 July 2005 09:53 am, Kevin Reiter says: >> >>>Marc Spitzer wrote: >>> >>>>seconded I like it and have used it. Just curious does thunderbird do >>>>it? >>> >>>No idea. I haven't really had time lately to look into it. If I hear >>>anything, I'll post it. >>> >>>-Kev >> >>Thunderbird needs either POP or IMAP. Kmail is another which supports reading >>off of the local filesystem. I'm using it now, but only because I'm too lazy >>to change it (and set up POP). It's an OK program and the only problems are >>GUI related, and thus will be ironed out I assume. But the problems are bad. >>The toolbar buttons have a mind of their own. > > > > Well if I wasn't clear the primary requirement is that it runs on > Windows. Webmail is already available for this account, but presently > I'm setting up pop3d so a windows client on the lan can pop the Unix > maildir (which is already on their desktop via samba) from Netscape > mail, which is, in turn, saved in mbox format on the Unix disk, via the > same samba share. (SIGH) > > It looks like Thunderbird could support maildir through extensions, but > one doesn't seem to exist. Sylpheed+claws, plus there's a plugin for what you need. The download is on Sourceforge (includes the GTK+ Win32 installer), and the other downloads you can grab right from the main site. -Kev From spork Thu Jul 7 14:28:26 2005 From: spork (Charles Sprickman) Date: Thu, 7 Jul 2005 14:28:26 -0400 (EDT) Subject: [nycbug-talk] July meeting audio In-Reply-To: <20050707143837.GB20366@syntax.cyth.net> References: <42CCA9FE.3090101@peachisland.com> <20050707143837.GB20366@syntax.cyth.net> Message-ID: On Thu, 7 Jul 2005, Raymond Lai wrote: > On Thu, Jul 07, 2005 at 12:05:18AM -0400, Nikolai N. Fetissov wrote: >> Folks, >> mp3 of Angelos' presentation is available >> at the usual place: http://www.peachisland.com/nycbug/ > > This was a talk I really really really wanted to see, but something > came up at the last moment and I missed it. Is it possible to get > the slides as well? Yeah, the irony is I'm just blocks from every meeting, but 6:00 p.m., well, that's like banker's hours to me. :) Having the audio archives and all slides on the nycbug site would be really nice for those that don't fit the meeting schedule. Charles > -Ray- > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From hzs202 Thu Jul 7 14:40:09 2005 From: hzs202 (Hakim Singhji) Date: Thu, 7 Jul 2005 14:40:09 -0400 Subject: [nycbug-talk] Minimum Install w/ X11 on Virtual PC Message-ID: Hi All, I am going to install FreeBSD 5.4 on MS Virtual PC. My PC (IBM Thinkpad R51) only has 256MB of RAM available. I do not want to install Gnome or KDE however I would like the benefits of colors in text editors, backgrounds, etc. as this is going to be a testing environment for application development. What is the best way to go about doing this? In VPC I allot approximately 96MB of RAM for the Virtual Machine and I was thinking 256MB for virtual SWAP (would that even help... the default is like 166MB for 96MB of RAM... or something like that. Again... how can I get the most out of x11/xorg with out using a great deal of resources? Best, -- Hakim Singhji hzs202 at nyu.edu "Where danger is, grows the saving power also" (qtd. in Heidegger 28). From jbaltz Thu Jul 7 15:34:51 2005 From: jbaltz (Jerry B. Altzman) Date: Thu, 07 Jul 2005 15:34:51 -0400 Subject: [nycbug-talk] July meeting audio In-Reply-To: References: <42CCA9FE.3090101@peachisland.com> <20050707143837.GB20366@syntax.cyth.net> Message-ID: <42CD83DB.50405@3phasecomputing.com> On 07/07/05 02:28 PM, Charles Sprickman wrote: > Yeah, the irony is I'm just blocks from every meeting, but 6:00 p.m., > well, that's like banker's hours to me. :) And some of us just have stuff only on Weds. eves during the summer :-( Thanks for the postings! > Charles //jbaltz -- jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 From scottro Thu Jul 7 16:03:41 2005 From: scottro (Scott Robbins) Date: Thu, 7 Jul 2005 16:03:41 -0400 Subject: [nycbug-talk] Minimum Install w/ X11 on Virtual PC In-Reply-To: References: Message-ID: <20050707200341.GA27985@uws1.starlofashions.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Jul 07, 2005 at 02:40:09PM -0400, Hakim Singhji wrote: > Hi All, > > I am going to install FreeBSD 5.4 on MS Virtual PC. My PC (IBM > Thinkpad R51) only has 256MB of RAM available. I do not want to > install Gnome or KDE however I would like the benefits of colors in > text editors, backgrounds, etc. as this is going to be a testing > environment for application development. > > What is the best way to go about doing this? In VPC I allot > approximately 96MB of RAM for the Virtual Machine and I was thinking > 256MB for virtual SWAP (would that even help... the default is like > 166MB for 96MB of RAM... or something like that. If I understand your question, you'd like a window manager that is pretty light but has the ability to do backgrounds and the like. Both rxvt and aterm are lightweight xterms that can show backgrounds as they run--there is also eterm, but it's more resource intensive. As for the window manager itself, I like fluxbox, and it's considered relatively light. There is weewm, which can have a background image--actually, I think most of them can now, using xsetbg. Fluxbox has fbsetbg which will set a background, but does require some other program to do that--some people use feh, xv and xli are two other programs that can work with fbsetbg to set your background. I hope I've understood that aspect of your question. If not, apologies for wasting your time. - -- Scott Robbins GPG KeyID EB3467D6 ( 1B848 077D 66F6 9DB0 FDC2 A409 FA54 D575 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCzYqd+lTVdes0Z9YRApO9AJ43TJNzDlkyrOj3A+7TiVevl9W+FACdFVhQ BdnWUecCa8GxxOzbuwFjRlQ= =j3gM -----END PGP SIGNATURE----- From driodeiros Thu Jul 7 17:05:39 2005 From: driodeiros (David Rio Deiros) Date: Thu, 7 Jul 2005 14:05:39 -0700 Subject: [nycbug-talk] July meeting audio In-Reply-To: <42CCA9FE.3090101@peachisland.com> References: <42CCA9FE.3090101@peachisland.com> Message-ID: <20050707210539.GA25397@david-rio-deiros-mac-mini.local> On Thu, Jul 07, 2005 at 12:05:18AM -0400, Nikolai N. Fetissov wrote: > Folks, > mp3 of Angelos' presentation is available > at the usual place: http://www.peachisland.com/nycbug/ Thank you very much. It is highly appreciated! David From tux Thu Jul 7 19:04:24 2005 From: tux (Kevin Reiter) Date: Thu, 07 Jul 2005 19:04:24 -0400 Subject: [nycbug-talk] ports question Message-ID: <42CDB4F8.4020707@penguinnetwerx.net> Hey all, Here's a stupid question - is there a way to download the files for a port you want to install without actually installing it at that time? Here's my situation: I'm leaving on vacation tomorrow for a week, and won't have net access, but I'd like to install a few apps offline via ports, and I'd like to avoid looking for the files, checking the MD5, blah blah blah before I leave, since that would take entirely too long. Is there an automagic way to accomplish this? (Kinda like Debian's apt-get thing for you Linux gurus.) TIA, -Kev From nomadlogic Thu Jul 7 19:10:01 2005 From: nomadlogic (pete wright) Date: Thu, 7 Jul 2005 16:10:01 -0700 Subject: [nycbug-talk] ports question In-Reply-To: <42CDB4F8.4020707@penguinnetwerx.net> References: <42CDB4F8.4020707@penguinnetwerx.net> Message-ID: <57d7100005070716105cf9110e@mail.gmail.com> On 7/7/05, Kevin Reiter wrote: > Hey all, > > Here's a stupid question - is there a way to download the files for a > port you want to install without actually installing it at that time? > man 7 ports i think you are interested in make fetch or make fetch-recursive -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From tux Thu Jul 7 19:14:13 2005 From: tux (Kevin Reiter) Date: Thu, 07 Jul 2005 19:14:13 -0400 Subject: [nycbug-talk] ports question In-Reply-To: <57d7100005070716105cf9110e@mail.gmail.com> References: <42CDB4F8.4020707@penguinnetwerx.net> <57d7100005070716105cf9110e@mail.gmail.com> Message-ID: <42CDB745.7030906@penguinnetwerx.net> pete wright wrote: > On 7/7/05, Kevin Reiter wrote: > >>Hey all, >> >>Here's a stupid question - is there a way to download the files for a >>port you want to install without actually installing it at that time? >> > > man 7 ports > > i think you are interested in make fetch or make fetch-recursive That did the trick - thanks! From dlavigne6 Thu Jul 7 19:18:22 2005 From: dlavigne6 (Dru) Date: Thu, 7 Jul 2005 19:18:22 -0400 (EDT) Subject: [nycbug-talk] ports question In-Reply-To: <42CDB4F8.4020707@penguinnetwerx.net> References: <42CDB4F8.4020707@penguinnetwerx.net> Message-ID: <20050707191753.I583@dru.domain.org> On Thu, 7 Jul 2005, Kevin Reiter wrote: > Hey all, > > Here's a stupid question - is there a way to download the files for a port > you want to install without actually installing it at that time? > > Here's my situation: I'm leaving on vacation tomorrow for a week, and won't > have net access, but I'd like to install a few apps offline via ports, and > I'd like to avoid looking for the files, checking the MD5, blah blah blah > before I leave, since that would take entirely too long. Is there an > automagic way to accomplish this? (Kinda like Debian's apt-get thing for you > Linux gurus.) /usr/ports/misc/porteasy Dru From tux Thu Jul 7 19:18:35 2005 From: tux (Kevin Reiter) Date: Thu, 07 Jul 2005 19:18:35 -0400 Subject: [nycbug-talk] ports question In-Reply-To: <20050707191753.I583@dru.domain.org> References: <42CDB4F8.4020707@penguinnetwerx.net> <20050707191753.I583@dru.domain.org> Message-ID: <42CDB84B.4030306@penguinnetwerx.net> Dru wrote: > > > On Thu, 7 Jul 2005, Kevin Reiter wrote: > >> Hey all, >> >> Here's a stupid question - is there a way to download the files for a >> port you want to install without actually installing it at that time? >> >> Here's my situation: I'm leaving on vacation tomorrow for a week, and >> won't have net access, but I'd like to install a few apps offline via >> ports, and I'd like to avoid looking for the files, checking the MD5, >> blah blah blah before I leave, since that would take entirely too >> long. Is there an automagic way to accomplish this? (Kinda like >> Debian's apt-get thing for you Linux gurus.) > > > > /usr/ports/misc/porteasy > > Dru I love you guys and gals :) From george Thu Jul 7 20:44:36 2005 From: george (George R.) Date: Thu, 07 Jul 2005 20:44:36 -0400 Subject: [nycbug-talk] London discussion on Schneier Message-ID: <42CDCC74.50608@sddi.net> I assume many people have Bruce Schneier's RSS feed going, but anyway. . http://www.schneier.com/blog/archives/2005/07/london_transpor.html He doesn't provide much insight as he's on vacation, but there's some useful comments below. Certainly many of who were in NYC 9/11 will live with the fear for a long time. Additionally, I think most of us also fear the effects of this attack, most notably with the continued attack on civil liberties in the US. I guess this basically guarantees the full renewel of the USA Patriot Act. g From george Thu Jul 7 20:48:31 2005 From: george (George R.) Date: Thu, 07 Jul 2005 20:48:31 -0400 Subject: [nycbug-talk] Minimum Install w/ X11 on Virtual PC In-Reply-To: <20050707200341.GA27985@uws1.starlofashions.com> References: <20050707200341.GA27985@uws1.starlofashions.com> Message-ID: <42CDCD5F.5060408@sddi.net> Scott Robbins wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, Jul 07, 2005 at 02:40:09PM -0400, Hakim Singhji wrote: > >>Hi All, >> >>I am going to install FreeBSD 5.4 on MS Virtual PC. My PC (IBM >>Thinkpad R51) only has 256MB of RAM available. I do not want to >>install Gnome or KDE however I would like the benefits of colors in >>text editors, backgrounds, etc. as this is going to be a testing >>environment for application development. >> >>What is the best way to go about doing this? In VPC I allot >>approximately 96MB of RAM for the Virtual Machine and I was thinking >>256MB for virtual SWAP (would that even help... the default is like >>166MB for 96MB of RAM... or something like that. > > > If I understand your question, you'd like a window manager that is > pretty light but has the ability to do backgrounds and the like. > Both rxvt and aterm are lightweight xterms that can show backgrounds as > they run--there is also eterm, but it's more resource intensive. > > As for the window manager itself, I like fluxbox, and it's considered > relatively light. There is weewm, which can have a background > image--actually, I think most of them can now, using xsetbg. Fluxbox > has fbsetbg which will set a background, but does require some other > program to do that--some people use feh, xv and xli are two other > programs that can work with fbsetbg to set your background. > > I hope I've understood that aspect of your question. If not, apologies > for wasting your time. I'm not sure what you asking specifically either, but as Scott says, there are plenty of lightweight window managers to use. . . XFCE/XFCE4 can be pretty too. I have XFCE4 running very nicely with 64 meg of RAM on a iMAC with OBSD 3.6. But the real reason I'm posting is that it's a bad idea to cross-post, as you did with freebsd questions. Etiquette-wise it's ugly; and in terms of discussoin coherency and continuity. g From scottro Thu Jul 7 21:06:23 2005 From: scottro (Scott Robbins) Date: Thu, 7 Jul 2005 21:06:23 -0400 Subject: [nycbug-talk] Minimum Install w/ X11 on Virtual PC In-Reply-To: <42CDCD5F.5060408@sddi.net> References: <20050707200341.GA27985@uws1.starlofashions.com> <42CDCD5F.5060408@sddi.net> Message-ID: <20050708010623.GA69350@mail.scottro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Jul 07, 2005 at 08:48:31PM -0400, George R. wrote: > Scott Robbins wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > >On Thu, Jul 07, 2005 at 02:40:09PM -0400, Hakim Singhji wrote: > >>Hi All, > >>I am going to install FreeBSD 5.4 on MS Virtual PC. My PC (IBM > >>Thinkpad R51) only has 256MB of RAM available. I do not want to > >>install Gnome or KDE however I would like the benefits of colors in > >>text editors, backgrounds, etc. as this is going to be a testing > >>environment for application development. > > > But the real reason I'm posting is that it's a bad idea to cross-post, as you > did with freebsd questions. Etiquette-wise it's ugly; and in terms of > discussoin coherency and continuity. This is how we learn not to do such things. :) The OP also posted the question on bsdforums (where I, hopefully nicely, lectured him) Anyway, I think it's worth posting this link of a faq of mine. It's a FAQ for a few Linux mailing lists aimed at newcomers, and the section linked here deals specifically with netiquette. http://home.nyc.rr.com/computertaijutsu/linfaq.html#netiquette Hakim, don't feel badly--we all do this at the beginning. :) - -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Xander: All right, where is he? Where's the creep who turned me into a spider-eating man-bitch? Buffy: He's gone. Xander: Dammit. You know what? I'm sick of this. I'm tired of being the guy who eats insects and gets the funny syphilis. As of this moment, it's over. I'm through being everybody's butt-monkey! Buffy: Check. No more butt-monkey. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCzdGP+lTVdes0Z9YRApgtAJ9Q/tjWhD206q+mseKGPClE7snVvwCdGPXy lLFpe5fdUQw8c+pA08BLfgM= =kktR -----END PGP SIGNATURE----- From george Thu Jul 7 23:06:06 2005 From: george (George Georgalis) Date: Thu, 7 Jul 2005 23:06:06 -0400 Subject: [nycbug-talk] maildir client via smb for windows... In-Reply-To: <42CD63A1.5070502@penguinnetwerx.net> References: <20050707034320.GA3276@ixeon.duo> <8c50a3c30507062126578b4c69@mail.gmail.com> <42CD33EF.5080507@penguinnetwerx.net> <200507071006.48785.jesse@theholymountain.com> <20050707165611.GA3980@ixeon.duo> <42CD63A1.5070502@penguinnetwerx.net> Message-ID: <20050708030606.GD11902@sta.duo> On Thu, Jul 07, 2005 at 01:17:21PM -0400, Kevin Reiter wrote: >Sylpheed+claws, plus there's a plugin for what you need. The download >is on Sourceforge (includes the GTK+ Win32 installer), and the other >downloads you can grab right from the main site. for some reason I read Sylpheed / Claws as a unix only or web app (don't remember which now), but indeed it looks good, w32 binaries and everything... however the maildir plugin does not appear on the w32 downloads and it looks like a standard c program. I cannot imagine a painless install on my bosses XP system. Maybe I can make a request to the w32 maintainer for a build with the maildir plugin... Thanks for the suggestion anyway. :-} // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org From nomadlogic Thu Jul 7 23:38:43 2005 From: nomadlogic (pete wright) Date: Thu, 7 Jul 2005 20:38:43 -0700 Subject: [nycbug-talk] maildir client via smb for windows... In-Reply-To: <20050708030606.GD11902@sta.duo> References: <20050707034320.GA3276@ixeon.duo> <8c50a3c30507062126578b4c69@mail.gmail.com> <42CD33EF.5080507@penguinnetwerx.net> <200507071006.48785.jesse@theholymountain.com> <20050707165611.GA3980@ixeon.duo> <42CD63A1.5070502@penguinnetwerx.net> <20050708030606.GD11902@sta.duo> Message-ID: <57d7100005070720381b7fb18@mail.gmail.com> On 7/7/05, George Georgalis wrote: > On Thu, Jul 07, 2005 at 01:17:21PM -0400, Kevin Reiter wrote: > >Sylpheed+claws, plus there's a plugin for what you need. The download > >is on Sourceforge (includes the GTK+ Win32 installer), and the other > >downloads you can grab right from the main site. > > for some reason I read Sylpheed / Claws as a unix only > or web app (don't remember which now), but indeed it > looks good, w32 binaries and everything... however > the maildir plugin does not appear on the w32 downloads > and it looks like a standard c program. I cannot imagine > a painless install on my bosses XP system. if you have an extra xp system you may want to try using cygwin to build a static binary... -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From joshmccormack Fri Jul 8 11:52:06 2005 From: joshmccormack (Josh McCormack) Date: Fri, 08 Jul 2005 11:52:06 -0400 Subject: [nycbug-talk] Looking for RAM Message-ID: <42CEA126.9000106@travelersdiary.com> Does anyone have 2 256MB 168 pin DIMM RAM modules for a Dell OptiPlex GX110. CT190046 SDRAM, PC100 CL=2 Non-parity ? Josh From matt Sat Jul 9 13:42:59 2005 From: matt (Matt Juszczak) Date: Sat, 9 Jul 2005 13:42:59 -0400 (EDT) Subject: [nycbug-talk] MBOX format vs. maildir, good pop3 server? Message-ID: <20050709134150.C75018@neptune.atopia.net> Hi all, We're running about 5,000 users on mbox format, and aren't ready to switch quite yet to mail dir (most users are POP3). Dovecot .99.x has been giving us some problems with locking, a bunch of our mail spools keep getting corrupted. Can anyone recommend a good POP3 and IMAP daemon? Thanks! -Matt From o_sleep Sat Jul 9 13:58:42 2005 From: o_sleep (Bjorn Nelson) Date: Sat, 9 Jul 2005 13:58:42 -0400 Subject: [nycbug-talk] MBOX format vs. maildir, good pop3 server? In-Reply-To: <20050709134150.C75018@neptune.atopia.net> References: <20050709134150.C75018@neptune.atopia.net> Message-ID: <4B119980-7AF0-4CC0-8076-801BFC9F4408@belovedarctos.com> Matt, On Jul 9, 2005, at 1:42 PM, Matt Juszczak wrote: > Hi all, > > We're running about 5,000 users on mbox format, and aren't ready to > switch quite yet to mail dir (most users are POP3). > > Dovecot .99.x has been giving us some problems with locking, a > bunch of our mail spools keep getting corrupted. > > Can anyone recommend a good POP3 and IMAP daemon? We have been using courier-imap (pop3 included) for about 50,000 users, works fine except you have to set the client to use INBOX. namespace. We just started testing IMAP-Proxy which is built in as well. This allows you to have multiple imap/pop3 servers look like just one from the user perspective. -Bjorn From matt Sat Jul 9 14:04:57 2005 From: matt (Matt Juszczak) Date: Sat, 9 Jul 2005 14:04:57 -0400 (EDT) Subject: [nycbug-talk] MBOX format vs. maildir, good pop3 server? In-Reply-To: <4B119980-7AF0-4CC0-8076-801BFC9F4408@belovedarctos.com> References: <20050709134150.C75018@neptune.atopia.net> <4B119980-7AF0-4CC0-8076-801BFC9F4408@belovedarctos.com> Message-ID: <20050709140435.Y75478@neptune.atopia.net> > We have been using courier-imap (pop3 included) for about 50,000 users, works > fine except you have to set the client to use INBOX. namespace. We just > started testing IMAP-Proxy which is built in as well. This allows you to > have multiple imap/pop3 servers look like just one from the user perspective. Isn't that for the maildir format only? From o_sleep Sat Jul 9 20:35:53 2005 From: o_sleep (Bjorn Nelson) Date: Sat, 9 Jul 2005 20:35:53 -0400 Subject: [nycbug-talk] MBOX format vs. maildir, good pop3 server? In-Reply-To: <20050709140435.Y75478@neptune.atopia.net> References: <20050709134150.C75018@neptune.atopia.net> <4B119980-7AF0-4CC0-8076-801BFC9F4408@belovedarctos.com> <20050709140435.Y75478@neptune.atopia.net> Message-ID: <46E92749-D39C-4B83-822C-283031D5C0E6@belovedarctos.com> I think courier-imap supports mbox, if you require it. -Bjorn On Jul 9, 2005, at 2:04 PM, Matt Juszczak wrote: >> We have been using courier-imap (pop3 included) for about 50,000 >> users, works fine except you have to set the client to use INBOX. >> namespace. We just started testing IMAP-Proxy which is built in >> as well. This allows you to have multiple imap/pop3 servers look >> like just one from the user perspective. >> > > Isn't that for the maildir format only? > From george Mon Jul 11 12:30:11 2005 From: george (George R.) Date: Mon, 11 Jul 2005 12:30:11 -0400 Subject: [nycbug-talk] poll. . . Message-ID: <42D29E93.2020401@sddi.net> As those at last week's meeting know, we are considering a mini-NYCBSDCon in September. There's a poll on the www site. . . decent feedback there will give us some indication of interest. . . g From george Mon Jul 11 18:27:13 2005 From: george (George R.) Date: Mon, 11 Jul 2005 18:27:13 -0400 Subject: [nycbug-talk] webcasting. . . Message-ID: <42D2F241.3000004@sddi.net> Anyone interested in webcasting the meetings?. . . without my long, boring introductions, of course. g From kacanski_s Tue Jul 12 09:01:59 2005 From: kacanski_s (Aleksandar Kacanski) Date: Tue, 12 Jul 2005 06:01:59 -0700 (PDT) Subject: [nycbug-talk] webcasting. . . In-Reply-To: <42D2F241.3000004@sddi.net> Message-ID: <20050712130159.20566.qmail@web53601.mail.yahoo.com> I think that is good idea for dad's like me... I could help if need arises, George. Thanks, /s --- "George R." wrote: > Anyone interested in webcasting the meetings?. . . > without my long, > boring introductions, of course. > > g > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce > lists > %We meet the first Wednesday of the month > Aleksandar (Sasha) Kacanski __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From george Tue Jul 12 12:41:21 2005 From: george (George R.) Date: Tue, 12 Jul 2005 12:41:21 -0400 Subject: [nycbug-talk] USENIX security in Baltimore Message-ID: <42D3F2B1.4060203@sddi.net> Is anyone planning on going to USENIX security: http://www.usenix.org/events/sec05/ I am thinking a lot about it. . . but wanted to see if anyone else was considering. . . g From george Tue Jul 12 12:43:42 2005 From: george (George R.) Date: Tue, 12 Jul 2005 12:43:42 -0400 Subject: [nycbug-talk] webcasting. . . In-Reply-To: <20050712130159.20566.qmail@web53601.mail.yahoo.com> References: <20050712130159.20566.qmail@web53601.mail.yahoo.com> Message-ID: <42D3F33E.6000601@sddi.net> Aleksandar Kacanski wrote: > I think that is good idea for dad's like me... > I could help if need arises, George. Yes, there are a number of daddies and mommies here. . . and remote satellites around the country and world. Is there anything *you* could do on this? I know the interest for passive receivers is there. . . . g From max Tue Jul 12 13:06:03 2005 From: max (max) Date: Tue, 12 Jul 2005 12:06:03 -0500 Subject: [nycbug-talk] webcasting. . . In-Reply-To: <42D3F33E.6000601@sddi.net> References: <20050712130159.20566.qmail@web53601.mail.yahoo.com> <42D3F33E.6000601@sddi.net> Message-ID: <20050712170603.GA49565@neuropunks.org> Well, I would think if apple store provides decent bandwidth, it would be possible to setup audio->shoutcast forwarder->shoutcast remote server->internet streaming. I have a server setup with icecast at the moment to stream some random music. Its pretty bandwidth-intensive, and I've never worked with local audio source forwarded to remote server for actual distribution, so I'm personally fuzzy on implementation, but im sure its possible. Since I have a server colo'ed at pilosoft (go alex) i can certainly waste some of his bandwidth for this : ) On Tue, Jul 12, 2005 at 12:43:42PM -0400, George R. wrote: > Aleksandar Kacanski wrote: > >I think that is good idea for dad's like me... > >I could help if need arises, George. > > Yes, there are a number of daddies and mommies here. . . and remote > satellites around the country and world. > > Is there anything *you* could do on this? I know the interest for > passive receivers is there. . . . > > g > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From alex Tue Jul 12 13:07:19 2005 From: alex (alex at pilosoft.com) Date: Tue, 12 Jul 2005 13:07:19 -0400 (EDT) Subject: [nycbug-talk] webcasting. . . In-Reply-To: <20050712170603.GA49565@neuropunks.org> Message-ID: On Tue, 12 Jul 2005, max wrote: > Well, I would think if apple store provides decent bandwidth, it would > be possible to setup audio->shoutcast forwarder->shoutcast remote > server->internet streaming. I have a server setup with icecast at the > moment to stream some random music. Its pretty bandwidth-intensive, and > I've never worked with local audio source forwarded to remote server for > actual distribution, so I'm personally fuzzy on implementation, but im > sure its possible. Since I have a server colo'ed at pilosoft (go alex) i > can certainly waste some of his bandwidth for this : ) Werd up, we have bandwidth coming out of our ears, and certainly don't mind it being used for a good cause. -alex From max Tue Jul 12 14:08:52 2005 From: max (max) Date: Tue, 12 Jul 2005 13:08:52 -0500 Subject: [nycbug-talk] webcasting. . . In-Reply-To: References: <20050712170603.GA49565@neuropunks.org> Message-ID: <20050712180852.GA67213@neuropunks.org> Well, Google says: http://www.daniweb.com/techtalkforums/thread6875.html a guide to setup live audio on linux using a soundcard(gasp) icecast/ices combo. Looks real easy enough. Setup audio with ices on your laptop, configure ices to forward to remote server X, and as long as there is enough pipe and a static ip, you have a stream. Another thing i found: http://darkice.sourceforge.net/ Pretty much same thing, also in ports. And you can prolly always ask apple for another favor since they make darwin streaming server, and probably have static ip/enough pipe. George, wanna shell? : ) its a jail, ill give you root On Tue, Jul 12, 2005 at 01:07:19PM -0400, alex at pilosoft.com wrote: > On Tue, 12 Jul 2005, max wrote: > > > Well, I would think if apple store provides decent bandwidth, it would > > be possible to setup audio->shoutcast forwarder->shoutcast remote > > server->internet streaming. I have a server setup with icecast at the > > moment to stream some random music. Its pretty bandwidth-intensive, and > > I've never worked with local audio source forwarded to remote server for > > actual distribution, so I'm personally fuzzy on implementation, but im > > sure its possible. Since I have a server colo'ed at pilosoft (go alex) i > > can certainly waste some of his bandwidth for this : ) > Werd up, we have bandwidth coming out of our ears, and certainly don't > mind it being used for a good cause. > > -alex > From george Tue Jul 12 14:18:58 2005 From: george (George R.) Date: Tue, 12 Jul 2005 14:18:58 -0400 Subject: [nycbug-talk] webcasting. . . In-Reply-To: <20050712180852.GA67213@neuropunks.org> References: <20050712170603.GA49565@neuropunks.org> <20050712180852.GA67213@neuropunks.org> Message-ID: <42D40992.60602@sddi.net> max wrote: > Well, Google says: > http://www.daniweb.com/techtalkforums/thread6875.html > a guide to setup live audio on linux using a soundcard(gasp) icecast/ices combo. Looks real easy enough. Setup audio with ices on your laptop, configure ices to forward to remote server X, and as long as there is enough pipe and a static ip, you have a stream. > Another thing i found: http://darkice.sourceforge.net/ > Pretty much same thing, also in ports. > And you can prolly always ask apple for another favor since they make darwin streaming server, and probably have static ip/enough pipe. > > George, wanna shell? : ) > its a jail, ill give you root Awesome. . . thanks Alex and Max. I'm asking for volunteers to do this and organize. Needless to say, I'm a bit preoccupied during the meetings specifically and with NYCBUG in general to take this on too. . . (speakers, colo, NYCBSDCon?. . .). This is practically like a second full-time job for me. I would assume the Apple store would be interested in assisting us to some extent. . . So Max, you taking this on? George From max Tue Jul 12 14:30:05 2005 From: max (max) Date: Tue, 12 Jul 2005 13:30:05 -0500 Subject: [nycbug-talk] webcasting. . . In-Reply-To: <42D40992.60602@sddi.net> References: <20050712170603.GA49565@neuropunks.org> <20050712180852.GA67213@neuropunks.org> <42D40992.60602@sddi.net> Message-ID: <20050712183005.GB67594@neuropunks.org> Sounds good, Ill contact you offlist. The more people help out/have something to contribute, the always better though : ) On Tue, Jul 12, 2005 at 02:18:58PM -0400, George R. wrote: > max wrote: > >Well, Google says: > >http://www.daniweb.com/techtalkforums/thread6875.html > >a guide to setup live audio on linux using a soundcard(gasp) icecast/ices > >combo. Looks real easy enough. Setup audio with ices on your laptop, > >configure ices to forward to remote server X, and as long as there is > >enough pipe and a static ip, you have a stream. Another thing i found: > >http://darkice.sourceforge.net/ > >Pretty much same thing, also in ports. > >And you can prolly always ask apple for another favor since they make > >darwin streaming server, and probably have static ip/enough pipe. > > > >George, wanna shell? : ) > >its a jail, ill give you root > > Awesome. . . thanks Alex and Max. > > I'm asking for volunteers to do this and organize. Needless to say, I'm > a bit preoccupied during the meetings specifically and with NYCBUG in > general to take this on too. . . (speakers, colo, NYCBSDCon?. . .). > This is practically like a second full-time job for me. > > I would assume the Apple store would be interested in assisting us to > some extent. . . > > So Max, you taking this on? > > George > From nycbug Tue Jul 12 15:15:58 2005 From: nycbug (Ray Lai) Date: Tue, 12 Jul 2005 15:15:58 -0400 Subject: [nycbug-talk] USENIX security in Baltimore In-Reply-To: <20050712191350.GA27251@syntax.cyth.net> References: <42D3F2B1.4060203@sddi.net> <20050712191350.GA27251@syntax.cyth.net> Message-ID: <20050712191558.GB27251@syntax.cyth.net> On Tue, Jul 12, 2005 at 12:41:21PM -0400, George R. wrote: > Is anyone planning on going to USENIX security: > > http://www.usenix.org/events/sec05/ > > I am thinking a lot about it. . . but wanted to see if anyone else was > considering. . . This looks great, I'm definitely attending. Are you staying for the whole thing? -Ray- From spork Tue Jul 12 15:45:13 2005 From: spork (Charles Sprickman) Date: Tue, 12 Jul 2005 15:45:13 -0400 (EDT) Subject: [nycbug-talk] webcasting. . . In-Reply-To: <42D3F33E.6000601@sddi.net> References: <20050712130159.20566.qmail@web53601.mail.yahoo.com> <42D3F33E.6000601@sddi.net> Message-ID: On Tue, 12 Jul 2005, George R. wrote: > Aleksandar Kacanski wrote: >> I think that is good idea for dad's like me... >> I could help if need arises, George. > > Yes, there are a number of daddies and mommies here. . . and remote > satellites around the country and world. > > Is there anything *you* could do on this? I know the interest for passive > receivers is there. . . . I've got a very expensive camera and a laptop capable of either just recording to HD for later transfer or real-time encoding. But your meetings happen while I'm at work. :) C > g > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From max Tue Jul 12 16:05:27 2005 From: max (max) Date: Tue, 12 Jul 2005 15:05:27 -0500 Subject: [nycbug-talk] webcasting. . . In-Reply-To: References: <20050712130159.20566.qmail@web53601.mail.yahoo.com> <42D3F33E.6000601@sddi.net> Message-ID: <20050712200527.GA46520@neuropunks.org> Thats actually a good point. Are we doing audio-only, or video too? Latest icecast supports video streaming via theora, never did that though. Darwin server would be another great alternative. Hardware is another part, I have a laptop with firewire on it, but thats pretty much it. My neighbor has a video camera, but i would have to ask. On Tue, Jul 12, 2005 at 03:45:13PM -0400, Charles Sprickman wrote: > On Tue, 12 Jul 2005, George R. wrote: > > >Aleksandar Kacanski wrote: > >>I think that is good idea for dad's like me... > >>I could help if need arises, George. > > > >Yes, there are a number of daddies and mommies here. . . and remote > >satellites around the country and world. > > > >Is there anything *you* could do on this? I know the interest for passive > >receivers is there. . . . > > I've got a very expensive camera and a laptop capable of either just > recording to HD for later transfer or real-time encoding. But your > meetings happen while I'm at work. :) > > C > > >g > >_______________________________________________ > >% NYC*BUG talk mailing list > >http://lists.nycbug.org/mailman/listinfo/talk > >%Be sure to check out our Jobs and NYCBUG-announce lists > >%We meet the first Wednesday of the month > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From marco Tue Jul 12 17:38:54 2005 From: marco (Marco Scoffier) Date: Tue, 12 Jul 2005 17:38:54 -0400 Subject: [nycbug-talk] OpenBSD questions... Message-ID: <20050712213854.GD16466@ns.metm.org> Ok I have some random questions: I build a raid 5 on three disks each has a bootable /dev/sd[0-2]a partition, with a raid enabled kernel which then auto configs the raidctl root partition over the three /dev/sd[0-2]d partitions. I believe I am running off the original kernel in the "a" partition not the kernel saved in the raid. Is this correct? They are all the same right now, and I have rebooted too many times today to want to test this out... I was looking to apply the security patches to 3.7 as there is the sudo issue and a zlib problem, but these are only patches to the source code. I cvs'd down the source from Mickey's NY Internet repository, and tried to make just "sudo" and "compress", rather than the whole /usr/src but the compilation is bombing out. Is this the only way of keeping abreast of the security patches? Can't find a binary sudo and compress... What do you guys do? Thanks, -- Marco From nycbug Tue Jul 12 18:11:38 2005 From: nycbug (Ray Lai) Date: Tue, 12 Jul 2005 18:11:38 -0400 Subject: [nycbug-talk] OpenBSD questions... In-Reply-To: <20050712213854.GD16466@ns.metm.org> References: <20050712213854.GD16466@ns.metm.org> Message-ID: <20050712221138.GC21303@syntax.cyth.net> On Tue, Jul 12, 2005 at 05:38:54PM -0400, Marco Scoffier wrote: > Ok I have some random questions: > > I build a raid 5 on three disks each has a bootable /dev/sd[0-2]a > partition, with a raid enabled kernel which then auto configs the > raidctl root partition over the three /dev/sd[0-2]d partitions. I > believe I am running off the original kernel in the "a" partition not > the kernel saved in the raid. Is this correct? They are all the same > right now, and I have rebooted too many times today to want to test > this out... > > I was looking to apply the security patches to 3.7 as there is the > sudo issue and a zlib problem, but these are only patches to the source > code. I cvs'd down the source from Mickey's NY Internet repository, and > tried to make just "sudo" and "compress", rather than the whole /usr/src but > the compilation is bombing out. Is this the only way of keeping abreast > of the security patches? Can't find a binary sudo and compress... > What do you guys do? I think you have a -current source when you want -stable. -Ray- From marco Tue Jul 12 18:43:54 2005 From: marco (Marco Scoffier) Date: Tue, 12 Jul 2005 18:43:54 -0400 Subject: [nycbug-talk] OpenBSD questions... In-Reply-To: <20050712221138.GC21303@syntax.cyth.net> References: <20050712213854.GD16466@ns.metm.org> <20050712221138.GC21303@syntax.cyth.net> Message-ID: <20050712224354.GI16466@ns.metm.org> On Tue, Jul 12, 2005 at 06:11:38PM -0400, Ray Lai wrote: >On Tue, Jul 12, 2005 at 05:38:54PM -0400, Marco Scoffier wrote: >> >> I was looking to apply the security patches to 3.7 as there is the >> sudo issue and a zlib problem, but these are only patches to the source >> code. I cvs'd down the source from Mickey's NY Internet repository, and >> tried to make just "sudo" and "compress", rather than the whole /usr/src but >> the compilation is bombing out. Is this the only way of keeping abreast >> of the security patches? Can't find a binary sudo and compress... >> What do you guys do? > >I think you have a -current source when you want -stable. > I don't think so. I checked it out using this little script, which I think should give me the patch branch. #!/bin/sh export CVSROOT=anoncvs at anoncvs.nyc.openbsd.org:/cvs cd /usr cvs checkout -P -rOPENBSD_3_7 src Just rechecked out the source, it seems there is a missing header file. Script started on Tue Jul 12 18:38:07 2005 # cd /usr/src/usr.bin/sudo/ # make ===> lib cc -O2 -pipe -Wall -I. -D_PATH_SUDO_NOEXEC="/usr/libexec/sudo_noexec.so" -I/usr/src/usr.bin/sudo/lib/.. -c lex.yy.c -o lex.yy.o /usr/src/usr.bin/sudo/lib/../parse.lex:54:22: sudo.tab.h: No such file or directory /usr/src/usr.bin/sudo/lib/../parse.lex:62: error: syntax error before "yylval" /usr/src/usr.bin/sudo/lib/../parse.lex:62: warning: type defaults to `int' in declaration of `yylval' /usr/src/usr.bin/sudo/lib/../parse.lex:62: warning: data definition has no type or storage class /usr/src/usr.bin/sudo/lib/../parse.lex: In function `yylex': /usr/src/usr.bin/sudo/lib/../parse.lex:106: error: `DEFVAR' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:106: error: (Each undeclared identifier is reported only once /usr/src/usr.bin/sudo/lib/../parse.lex:106: error: for each function it appears in.) /usr/src/usr.bin/sudo/lib/../parse.lex:134: error: `WORD' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:162: error: `COMMAND' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:177: error: `DEFAULTS_USER' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:180: error: `DEFAULTS_RUNAS' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:183: error: `DEFAULTS_HOST' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:186: error: `DEFAULTS' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:195: error: `HOSTALIAS' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:198: error: `CMNDALIAS' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:201: error: `USERALIAS' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:205: error: `RUNASALIAS' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:212: error: `NOPASSWD' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:218: error: `PASSWD' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:223: error: `NOEXEC' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:228: error: `EXEC' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:235: error: `NETGROUP' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:242: error: `USERGROUP' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:248: error: `NTWKADDR' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:260: error: `RUNAS' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:266: error: `ALL' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:270: error: `ALIAS' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:335: error: `COMMENT' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex:357: error: `ERROR' undeclared (first use in this function) /usr/src/usr.bin/sudo/lib/../parse.lex: In function `fill': /usr/src/usr.bin/sudo/lib/../parse.lex:377: error: request for member `string' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:378: error: request for member `string' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:386: error: request for member `string' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:388: error: request for member `string' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:390: error: request for member `string' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex: In function `fill_cmnd': /usr/src/usr.bin/sudo/lib/../parse.lex:400: error: request for member `command' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:401: error: request for member `command' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:407: error: request for member `command' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:409: error: request for member `command' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex: In function `fill_args': /usr/src/usr.bin/sudo/lib/../parse.lex:421: error: request for member `command' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:432: error: request for member `command' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:433: error: request for member `command' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:436: error: request for member `command' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:437: error: request for member `command' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:441: error: request for member `command' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:445: error: request for member `command' in something not a structure or union /usr/src/usr.bin/sudo/lib/../parse.lex:448: error: request for member `command' in something not a structure or union *** Error code 1 Stop in /usr/src/usr.bin/sudo/lib. *** Error code 1 Stop in /usr/src/usr.bin/sudo. # exit Script done on Tue Jul 12 18:38:31 200 -- Marco From nycbug Tue Jul 12 19:01:37 2005 From: nycbug (Ray Lai) Date: Tue, 12 Jul 2005 19:01:37 -0400 Subject: [nycbug-talk] OpenBSD questions... In-Reply-To: <20050712224354.GI16466@ns.metm.org> References: <20050712213854.GD16466@ns.metm.org> <20050712221138.GC21303@syntax.cyth.net> <20050712224354.GI16466@ns.metm.org> Message-ID: <20050712230137.GA26248@syntax.cyth.net> On Tue, Jul 12, 2005 at 06:43:54PM -0400, Marco Scoffier wrote: > On Tue, Jul 12, 2005 at 06:11:38PM -0400, Ray Lai wrote: > >On Tue, Jul 12, 2005 at 05:38:54PM -0400, Marco Scoffier wrote: > >> > >> I was looking to apply the security patches to 3.7 as there is the > >> sudo issue and a zlib problem, but these are only patches to the source > >> code. I cvs'd down the source from Mickey's NY Internet repository, and > >> tried to make just "sudo" and "compress", rather than the whole /usr/src but > >> the compilation is bombing out. Is this the only way of keeping abreast > >> of the security patches? Can't find a binary sudo and compress... > >> What do you guys do? > > > >I think you have a -current source when you want -stable. > > > > I don't think so. I checked it out using this little script, which I > think should give me the patch branch. > > #!/bin/sh > export CVSROOT=anoncvs at anoncvs.nyc.openbsd.org:/cvs > cd /usr > cvs checkout -P -rOPENBSD_3_7 src > > Just rechecked out the source, it seems there is a missing header file. > > Script started on Tue Jul 12 18:38:07 2005 > # cd /usr/src/usr.bin/sudo/ > # make Please read the instructions on how to rebuild sudo/compress in the patches. -Ray- From louis Tue Jul 12 17:48:08 2005 From: louis (Louis Bertrand) Date: Tue, 12 Jul 2005 21:48:08 +0000 (UTC) Subject: [nycbug-talk] OpenBSD questions... In-Reply-To: <20050712213854.GD16466@ns.metm.org> References: <20050712213854.GD16466@ns.metm.org> Message-ID: On Tue, 12 Jul 2005, Marco Scoffier wrote: > Ok I have some random questions: > > I build a raid 5 on three disks each has a bootable /dev/sd[0-2]a > partition, with a raid enabled kernel which then auto configs the > raidctl root partition over the three /dev/sd[0-2]d partitions. I > believe I am running off the original kernel in the "a" partition not > the kernel saved in the raid. Is this correct? They are all the same > right now, and I have rebooted too many times today to want to test > this out... > I use raidframe but only for the non-root filesystems. I have a dedicated root disk for the kernel and / filesystem. It keeps things simpler for me. Probably not the answer you're looking for. Grab a beer and psych yourself for yet another reboot... Ciao --Louis From marco Tue Jul 12 19:18:48 2005 From: marco (Marco Scoffier) Date: Tue, 12 Jul 2005 19:18:48 -0400 Subject: [nycbug-talk] OpenBSD questions... In-Reply-To: <20050712230137.GA26248@syntax.cyth.net> References: <20050712213854.GD16466@ns.metm.org> <20050712221138.GC21303@syntax.cyth.net> <20050712224354.GI16466@ns.metm.org> <20050712230137.GA26248@syntax.cyth.net> Message-ID: <20050712231848.GA27521@ns.metm.org> >On Tue, Jul 12, 2005 at 06:43:54PM -0400, Marco Scoffier wrote: >> Just rechecked out the source, it seems there is a missing header file. >> >> Script started on Tue Jul 12 18:38:07 2005 >> # cd /usr/src/usr.bin/sudo/ >> # make > On Tue, Jul 12, 2005 at 07:01:37PM -0400, Ray Lai wrote: >Please read the instructions on how to rebuild sudo/compress in the >patches. > Gotcha. All patched up. Thanks. Then rebuild sudo: cd usr.bin/sudo make obj make depend make make install -- Marco From marco Tue Jul 12 19:39:32 2005 From: marco (Marco Scoffier) Date: Tue, 12 Jul 2005 19:39:32 -0400 Subject: [nycbug-talk] OpenBSD questions... In-Reply-To: References: <20050712213854.GD16466@ns.metm.org> Message-ID: <20050712233932.GB27521@ns.metm.org> On Tue, Jul 12, 2005 at 09:48:08PM +0000, Louis Bertrand wrote: > >I use raidframe but only for the non-root filesystems. I have a dedicated >root disk for the kernel and / filesystem. It keeps things simpler for me. >Probably not the answer you're looking for. Grab a beer and psych yourself >for yet another reboot... > I did that also. I had an ide that I would boot off of and then 3 scsi's would take over with the root and other partitions in a raid. But the ide disk died perhaps with the heat. I first noticed because the clock was mysteriously set back to 1979?? After freaking that I had been hacked cause I didn't upgrade to 3.7, kicking myself in the head for rebooting a machine that no longer had a workable kernel, I forced myself to figure out how to boot off any of the three 256m partitions on the head of each disk in the raid array. There is this excellent guide: http://argon18.com/raid_openbsd.html which makes the whole process seem pretty easy. But it got me to thinking about which kernel is runnng when you raidctl -A root raid0 after having set the option RAID_AUTOCONFIG ... and of course the answer is in the manpage: the kernel must reside outside the raid. -A root dev Make the RAID set auto-configurable, and also mark the set as be- ing eligible to contain the root partition. A RAID set config- ured this way will override the use of the boot disk as the root device. All components of the set must be of type RAID in the disklabel. Note that the kernel being booted must currently re- side on a non-RAID set and, in order to have the root file system correctly mounted from it, the RAID set must have its `a' parti- tion (aka raid[0..n]a) set up. No more reboots ! I did yank a disk and test booting off the other two, tres cool... -- Marco From max Wed Jul 13 11:51:57 2005 From: max (max) Date: Wed, 13 Jul 2005 10:51:57 -0500 Subject: [nycbug-talk] HUGE process size for httpd Message-ID: <20050713155157.GA79392@neuropunks.org> Hello, I noticed this when I ran top today: 92011 httpsd 4 0 175M 0K accept 0:25 0.00% 0.00% 56850 httpsd 4 0 175M 0K accept 0:25 0.00% 0.00% The 175M is the total process size, RES size is 0k so I am assuming the whole thing is swapped out. There are 10 procs like this, 5 for httpd 5 for httpsd ( I separate those for different users/daemons). This is on a machine that has httpd compiled with mm-1.3.1 as per mod_ssl/apache guide (both httpd and httpsd are). Is that whats doing it? The apache server config with all the virtual hosts and everything else is certainly nothing special or big, the only modules active is php/pgsql/dav/mod_ssl and there is almost 0 traffic on that host right now. Would it make sense that all the modules loaded from apache can make the process size so big? Or is this an mm thing? The biggest question is, should I be worried about this? Ive never seen a process so large while not actively running. Is there anything I can do to really find out what makes it so large? Any insight appreciated! max From bruno Wed Jul 13 12:22:04 2005 From: bruno (bruno) Date: Wed, 13 Jul 2005 12:22:04 -0400 Subject: [nycbug-talk] HUGE process size for httpd In-Reply-To: <20050713155157.GA79392@neuropunks.org> References: <20050713155157.GA79392@neuropunks.org> Message-ID: <20050713162204.GR20463@loftmail.com> On Wed, Jul 13, 2005 at 10:51:57AM -0500, max wrote: > Hello, > I noticed this when I ran top today: > 92011 httpsd 4 0 175M 0K accept 0:25 0.00% 0.00% > 56850 httpsd 4 0 175M 0K accept 0:25 0.00% 0.00% > > The 175M is the total process size, RES size is 0k so I am assuming the whole thing is swapped out. There are 10 procs like this, 5 for httpd 5 for httpsd ( I separate those for different users/daemons). > This is on a machine that has httpd compiled with mm-1.3.1 as per mod_ssl/apache guide (both httpd and httpsd are). Is that whats doing it? Probably PERL. > The apache server config with all the virtual hosts and everything else is certainly nothing special or big, the only modules active is php/pgsql/dav/mod_ssl and there is almost 0 traffic on that host right now. > Would it make sense that all the modules loaded from apache can make the process size so big? Or is this an mm thing? Its probably mod_perl. You might want to remove mm, I'm not sure it is recommend anymore, but just an idea you better check with google or someone who knows this stuff better. > The biggest question is, should I be worried about this? Ive never seen a process so large while not actively running. You could check perl scripts for memory leaks.. But it might be normal. Maybe recycle httpd children faster, to release memory but that is probably not the correct way to fix this if it is not suppose to take so much memory. > Is there anything I can do to really find out what makes it so large? You could enable apache server-status (detailed) and see what causes it, what script or whatever. It could be someone uploading a file, and so on. A PERL and/or programming expert would know more. I hope this helps at least a bit. bruno From max Wed Jul 13 12:53:46 2005 From: max (max) Date: Wed, 13 Jul 2005 11:53:46 -0500 Subject: [nycbug-talk] HUGE process size for httpd In-Reply-To: <20050713162204.GR20463@loftmail.com> References: <20050713155157.GA79392@neuropunks.org> <20050713162204.GR20463@loftmail.com> Message-ID: <20050713165346.GA56306@neuropunks.org> Well, mod_perl isnt being used, and there arent any perl scripts on the machine, its all php for anything dynamic. I am going to do the server-status thing, see from there. I have a pretty good suspicion it might be mm, i couldnt confirm on their site tho, and apparently my google query constructing skill sucks. Also, I dont think this would be related to the actual server load, since the process resident size in memory is 0K, its just sitting there waiting for a connection. Off to read mm documentation.. On Wed, Jul 13, 2005 at 12:22:04PM -0400, bruno wrote: > On Wed, Jul 13, 2005 at 10:51:57AM -0500, max wrote: > > Hello, > > I noticed this when I ran top today: > > 92011 httpsd 4 0 175M 0K accept 0:25 0.00% 0.00% > > 56850 httpsd 4 0 175M 0K accept 0:25 0.00% 0.00% > > > > The 175M is the total process size, RES size is 0k so I am assuming > the whole thing is swapped out. There are 10 procs like this, 5 for > httpd 5 for httpsd ( I separate those for different users/daemons). > > This is on a machine that has httpd compiled with mm-1.3.1 as per > mod_ssl/apache guide (both httpd and httpsd are). Is that whats doing > it? > > Probably PERL. > > > The apache server config with all the virtual hosts and everything > else is certainly nothing special or big, the only modules active is > php/pgsql/dav/mod_ssl and there is almost 0 traffic on that host right > now. > > > Would it make sense that all the modules loaded from apache can make > the process size so big? Or is this an mm thing? > > Its probably mod_perl. > You might want to remove mm, I'm not sure it is recommend anymore, but > just an idea you better check with google or someone who knows this > stuff better. > > > The biggest question is, should I be worried about this? Ive never > seen a process so large while not actively running. > > You could check perl scripts for memory leaks.. > But it might be normal. > Maybe recycle httpd children faster, to release memory but that is > probably not the correct way to fix this if it is not suppose to take > so much memory. > > > Is there anything I can do to really find out what makes it so large? > > You could enable apache server-status (detailed) and see what causes > it, what script or whatever. It could be someone uploading a file, and > so on. A PERL and/or programming expert would know more. > I hope this helps at least a bit. > > bruno > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From ike Wed Jul 13 14:30:03 2005 From: ike (Isaac Levy) Date: Wed, 13 Jul 2005 14:30:03 -0400 Subject: [nycbug-talk] HUGE process size for httpd In-Reply-To: <20050713165346.GA56306@neuropunks.org> References: <20050713155157.GA79392@neuropunks.org> <20050713162204.GR20463@loftmail.com> <20050713165346.GA56306@neuropunks.org> Message-ID: Word, Max- just to confirm your not crazy, your not crazy. You have a problem on your hands. On Jul 13, 2005, at 12:53 PM, max wrote: > Well, mod_perl isnt being used, and there arent any perl scripts on > the machine, its all php for anything dynamic. Could mod_php, PHP, or anything PHP relies on, (zlib?), be compromised? (I mention zlib because I'm assuming this mem. problem is new, and so is the zlib vulnerability?) > I am going to do the server-status thing, see from there. That should be really useful in tracking this down, also, I've had good results using ktrace in debugging problems like this too- (I'm assuming this box is FreeBSD?) Start a trace, start apache processes, see what happens...? (even if the output is overly verbose and full of useless junk, it'll have paths and useful stuff to grok for... > I have a pretty good suspicion it might be mm, i couldnt confirm on > their site tho, and apparently my google query constructing skill > sucks. Muahahahahaha good-stuff for the ways of google-fu: http://www.google.com/help/operators.html > Also, I dont think this would be related to the actual server load, > since the process resident size in memory is 0K, its just sitting > there waiting for a connection. > Off to read mm documentation.. My .02?, Good luck man- Rocket- .ike From george Wed Jul 13 17:54:04 2005 From: george (George R.) Date: Wed, 13 Jul 2005 17:54:04 -0400 Subject: [nycbug-talk] meetings update Message-ID: <42D58D7C.9090307@sddi.net> As an FYI, we will be meeting at the Apple Store for the August 3rd meeting. Also, I was at a new place only two blocks from the Apple Store today, called Tennessee Mountain Soho, at 143 Spring. Block below Prince. I'd propose we move there, since we could probably get the whole second floor, which includes a small outdoor patio :-) The food was good and they do have a bar, with pricing similar to the other place. If anyone checks it out, let me know if you give it a thumbs up or down OFFLIST. g From george Thu Jul 14 14:27:56 2005 From: george (George Georgalis) Date: Thu, 14 Jul 2005 14:27:56 -0400 Subject: [nycbug-talk] network kvm Message-ID: <20050714182756.GA7364@sta.duo> I've never used a network kvm, only read about them in ads. So, I was wondering if one will really fit my requirement or if there is a better solution. The idea is to keep people out of a noisy server room. At least one box in there is running X, and we'd like console access to see bios post on as many as feasible (eg 6 vs all ~30). Most of these hosts have no available pci for realweasel, etc. The best solution would be a regular kvm which can run vga/keyboard/mouse at ~100" from the console switch. Is there a device like this available? What other options are there? (was thinking a kvm that serves vnc or some such to a rack box, which runs vncclient and X, and from which ssh X forwarding can be used to get the console...) There is copper Gb throughout. // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org From matt Thu Jul 14 14:40:07 2005 From: matt (Matt Juszczak) Date: Thu, 14 Jul 2005 14:40:07 -0400 (EDT) Subject: [nycbug-talk] OT: Spam box: same or different box? Message-ID: <20050714143754.N40269@neptune.atopia.net> Hi all, Wanted the opinion of a few experts after I got no responses elsewhere :) We've got our new mail server up and running, integrated with LDAP. Postfix is setup to do virtual domains only (there is no local-host-names). We want to setup amivisd-new with spamassassin and an anti virus filter. We're wondering if we should set this up on the new mail server (which is dual 3.06 ghz with 4 gb RAM running FreeBSD, so the load is low as anything, even for our 6000+ accounts), or if we should create a new box, that acts as a "gateway", with the same config we have now, expect that filters the spam and then relays it to the new mail server if need be. Either way, I dont want to put a webserver setup on the new mail server, so if we put the spam filtering on the new mail server I'd either do an nfs mount to store the quarantine info (and then it would be accessed from a different server) or some other solution. Any ideas? :) -Matt From alex Thu Jul 14 14:42:51 2005 From: alex (alex at pilosoft.com) Date: Thu, 14 Jul 2005 14:42:51 -0400 (EDT) Subject: [nycbug-talk] network kvm In-Reply-To: <20050714182756.GA7364@sta.duo> Message-ID: On Thu, 14 Jul 2005, George Georgalis wrote: > I've never used a network kvm, only read about them in ads. So, I was > wondering if one will really fit my requirement or if there is a better > solution. > > The idea is to keep people out of a noisy server room. At least one box > in there is running X, and we'd like console access to see bios post on > as many as feasible (eg 6 vs all ~30). Most of these hosts have no > available pci for realweasel, etc. > > The best solution would be a regular kvm which can run > vga/keyboard/mouse at ~100" from the console switch. Is there a device > like this available? > > What other options are there? (was thinking a kvm that serves vnc or > some such to a rack box, which runs vncclient and X, and from which ssh > X forwarding can be used to get the console...) There is copper Gb > throughout. You want Dell 2161DS and SIP extenders and SIP modules. Depending where you buy, your cost for 128 ports (full system) will be between 100$ and 200$ per port. From alex Thu Jul 14 16:22:04 2005 From: alex (alex at pilosoft.com) Date: Thu, 14 Jul 2005 16:22:04 -0400 (EDT) Subject: [nycbug-talk] network kvm In-Reply-To: <42D6C925.9090705@tbwachiat.com> Message-ID: On Thu, 14 Jul 2005, Steve Rieger wrote: > >You want Dell 2161DS and SIP extenders and SIP modules. Depending where > >you buy, your cost for 128 ports (full system) will be between 100$ and > >200$ per port. > why cant you just get as many ports as you need on a kvm that has a tcp > remote option. a) Cause those KVMs are expensive, and per-port cost will be higher than Dell solution. b) Dell uses cat5 wiring between the devices and the KVM switch. It is really nice and cuts on clutter. -alex From george Thu Jul 14 16:35:06 2005 From: george (George Georgalis) Date: Thu, 14 Jul 2005 16:35:06 -0400 Subject: [nycbug-talk] network kvm In-Reply-To: References: <20050714182756.GA7364@sta.duo> Message-ID: <20050714203506.GE12750@ixeon.duo> On Thu, Jul 14, 2005 at 02:42:51PM -0400, alex at pilosoft.com wrote: >On Thu, 14 Jul 2005, George Georgalis wrote: > >> I've never used a network kvm, only read about them in ads. So, I was >> wondering if one will really fit my requirement or if there is a better >> solution. >> >> The idea is to keep people out of a noisy server room. At least one box >> in there is running X, and we'd like console access to see bios post on >> as many as feasible (eg 6 vs all ~30). Most of these hosts have no >> available pci for realweasel, etc. >> >> The best solution would be a regular kvm which can run >> vga/keyboard/mouse at ~100" from the console switch. Is there a device >> like this available? >> >> What other options are there? (was thinking a kvm that serves vnc or >> some such to a rack box, which runs vncclient and X, and from which ssh >> X forwarding can be used to get the console...) There is copper Gb >> throughout. >You want Dell 2161DS and SIP extenders and SIP modules. Depending where >you buy, your cost for 128 ports (full system) will be between 100$ and >200$ per port. I was hoping for something in the $800 to $2000 range, 6 to 30 ports. Oh, can we do that in 20 ports? Isn't there somebody that can send kvm control signals over cat-5, eg vga/kbd/mouse to black box to cat5 to kvm extension jack? something else? I seem to remember kvm extenders but I don't know if this is their application or what they are... ...Google to the rescue http://www.kvm-switches-online.com/0dt23008a.html $20, there is a few others to choose from, now I need 8 or 16 port kvm switch without ip :} ...don't see more than four, unless they come with IP and extra $1500. Any big KVM switches like this around? // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org From alex Thu Jul 14 16:43:41 2005 From: alex (alex at pilosoft.com) Date: Thu, 14 Jul 2005 16:43:41 -0400 (EDT) Subject: [nycbug-talk] network kvm In-Reply-To: <20050714203506.GE12750@ixeon.duo> Message-ID: On Thu, 14 Jul 2005, George Georgalis wrote: > Isn't there somebody that can send kvm control signals over cat-5, eg > vga/kbd/mouse to black box to cat5 to kvm extension jack? something > else? I seem to remember kvm extenders but I don't know if this is their > application or what they are... > > ...Google to the rescue > http://www.kvm-switches-online.com/0dt23008a.html $20, there is a few > others to choose from, now I need 8 or 16 port kvm switch without ip :} Er, its 180$. > ...don't see more than four, unless they come with IP and extra $1500. > Any big KVM switches like this around? chiwanese 16-port KVM switches (traditional style, KVM cables, like belkin) are ~250$ or so (plus 5-10$ for each cable kit). From george Thu Jul 14 17:19:27 2005 From: george (George Georgalis) Date: Thu, 14 Jul 2005 17:19:27 -0400 Subject: [nycbug-talk] network kvm In-Reply-To: References: <20050714203506.GE12750@ixeon.duo> Message-ID: <20050714211927.GC10594@sta.duo> On Thu, Jul 14, 2005 at 04:43:41PM -0400, alex at pilosoft.com wrote: >On Thu, 14 Jul 2005, George Georgalis wrote: > >> Isn't there somebody that can send kvm control signals over cat-5, eg >> vga/kbd/mouse to black box to cat5 to kvm extension jack? something >> else? I seem to remember kvm extenders but I don't know if this is their >> application or what they are... >> >> ...Google to the rescue >> http://www.kvm-switches-online.com/0dt23008a.html $20, there is a few >> others to choose from, now I need 8 or 16 port kvm switch without ip :} >Er, its 180$. doh! >> ...don't see more than four, unless they come with IP and extra $1500. >> Any big KVM switches like this around? >chiwanese 16-port KVM switches (traditional style, KVM cables, like >belkin) are ~250$ or so (plus 5-10$ for each cable kit). The last kvm I bought was windows only (doh!), yes this 4 port kvm used no software but did something funny with ps2 IRQ (me didn't know there was such a thing, maybe only in windows) and it would only work with M$ crap. ...so I'm looking for a rack kvm that works with Unix -- can't believe I'm asking but I'd like to go with a component someone has tried already -- okay so maybe should bite the bullet and expect the rest of them to work with unix... So here's my short list, typically no cables included, and we are going for high but sub-carrier quality: http://www.pcuniverse.com/product.asp?pid=2773975&m_id=13 ALTUSEN KH0116 - KVM / audio switch - 16 ports - 1 U - rack-mountable - stackabl by ATEN Technology $543.21 http://www.shopharmony.com/product.asp?file=NEXTAG&i=F1DA116T http://www.shopharmony.com/product.asp?i=F1DA116T Belkin F1DA116T OmniView Pro2 16-Port KVM Switch w/On-Screen Display PS/2 & USB (F1D-A116T) $409.00 http://www.provantage.com/buy-7trpk00a-16-port-kvm-switch-ps-2-rackmount-1u-w-osd-adapter-tripp-lite-switches-cables-b022-016-shopping.htm Tripp Lite - 16-Port KVM Switch PS/2 Rackmount 1U w/OSD & Adapter $461.18 Anybody have experience with these? // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org From kacanski_s Thu Jul 14 20:40:04 2005 From: kacanski_s (Aleksandar Kacanski) Date: Thu, 14 Jul 2005 17:40:04 -0700 (PDT) Subject: [nycbug-talk] network kvm In-Reply-To: <20050714211927.GC10594@sta.duo> Message-ID: <20050715004005.86950.qmail@web53603.mail.yahoo.com> Check this links, you will be able to get some cheap hardware and open source software that will allow you to do what you want. Opengear CM4000 remote console servers http://okvm.sourceforge.net/ thanks, /s --- George Georgalis wrote: > On Thu, Jul 14, 2005 at 04:43:41PM -0400, > alex at pilosoft.com wrote: > >On Thu, 14 Jul 2005, George Georgalis wrote: > > > >> Isn't there somebody that can send kvm control > signals over cat-5, eg > >> vga/kbd/mouse to black box to cat5 to kvm > extension jack? something > >> else? I seem to remember kvm extenders but I > don't know if this is their > >> application or what they are... > >> > >> ...Google to the rescue > >> http://www.kvm-switches-online.com/0dt23008a.html > $20, there is a few > >> others to choose from, now I need 8 or 16 port > kvm switch without ip :} > >Er, its 180$. > > doh! > > >> ...don't see more than four, unless they come > with IP and extra $1500. > >> Any big KVM switches like this around? > >chiwanese 16-port KVM switches (traditional style, > KVM cables, like > >belkin) are ~250$ or so (plus 5-10$ for each cable > kit). > > The last kvm I bought was windows only (doh!), yes > this 4 port kvm used > no software but did something funny with ps2 IRQ (me > didn't know there > was such a thing, maybe only in windows) and it > would only work with M$ > crap. > > ...so I'm looking for a rack kvm that works with > Unix -- can't believe > I'm asking but I'd like to go with a component > someone has tried already > -- okay so maybe should bite the bullet and expect > the rest of them to > work with unix... > > So here's my short list, typically no cables > included, and we are going > for high but sub-carrier quality: > > http://www.pcuniverse.com/product.asp?pid=2773975&m_id=13 > ALTUSEN KH0116 - KVM / audio switch - 16 ports - 1 U > - rack-mountable - > stackabl by ATEN Technology $543.21 > > http://www.shopharmony.com/product.asp?file=NEXTAG&i=F1DA116T > http://www.shopharmony.com/product.asp?i=F1DA116T > Belkin F1DA116T OmniView Pro2 16-Port KVM Switch > w/On-Screen Display > PS/2 & USB (F1D-A116T) $409.00 > > http://www.provantage.com/buy-7trpk00a-16-port-kvm-switch-ps-2-rackmount-1u-w-osd-adapter-tripp-lite-switches-cables-b022-016-shopping.htm > Tripp Lite - 16-Port KVM Switch PS/2 Rackmount 1U > w/OSD & Adapter $461.18 > > Anybody have experience with these? > > // George > > > -- > George Georgalis, systems architect, administrator > Linux BSD IXOYE > http://galis.org/george/ cell:646-331-2027 > mailto:george at galis.org > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce > lists > %We meet the first Wednesday of the month > Aleksandar (Sasha) Kacanski __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From lists Fri Jul 15 10:41:54 2005 From: lists (Hans Zaunere) Date: Fri, 15 Jul 2005 10:41:54 -0400 Subject: [nycbug-talk] HUGE process size for httpd In-Reply-To: <20050713165346.GA56306@neuropunks.org> Message-ID: <0MKz1m-1DtRNy137G-0007mQ@mrelay.perfora.net> > Well, mod_perl isnt being used, and there arent any perl scripts on the > machine, its all php for anything dynamic. > I am going to do the server-status thing, see from there. > I have a pretty good suspicion it might be mm, i couldnt confirm on their > site tho, and apparently my google query constructing skill sucks. > Also, I dont think this would be related to the actual server load, since > the process resident size in memory is 0K, its just sitting there waiting > for a connection. > Off to read mm documentation.. How many SSL certs are you handling? It's possible that mm is actually using all that memory, and since it's shared, may not be a resident part of the httpd process itself, as you mention. H From lists Fri Jul 15 11:25:18 2005 From: lists (michael) Date: Fri, 15 Jul 2005 11:25:18 -0400 Subject: [nycbug-talk] USENIX security in Baltimore In-Reply-To: <42D3F2B1.4060203@sddi.net> References: <42D3F2B1.4060203@sddi.net> Message-ID: <20050715112518.627420a3@genoverly.com> On Tue, 12 Jul 2005 12:41:21 -0400 "George R." wrote: > Is anyone planning on going to USENIX security: > > http://www.usenix.org/events/sec05/ > > I am thinking a lot about it. . . but wanted to see if anyone else was > considering. . . > > g I have been wanting to go since I talked to Richard Bejtlich at BSDCAN. But, man, did you see the prices? I do not have that kind of budget. Michael -- From mickey Fri Jul 15 11:13:39 2005 From: mickey (Michael Shalayeff) Date: Fri, 15 Jul 2005 11:13:39 -0400 (EDT) Subject: [nycbug-talk] USENIX security in Baltimore In-Reply-To: <20050715112518.627420a3@genoverly.com> from michael at "Jul 15, 2005 11:25:18 am" Message-ID: <200507151513.j6FFDd9Q031316@lucifier.net> Making, drinking tea and reading an opus magnum from michael: > On Tue, 12 Jul 2005 12:41:21 -0400 > "George R." wrote: > > > Is anyone planning on going to USENIX security: > > > > http://www.usenix.org/events/sec05/ > > > > I am thinking a lot about it. . . but wanted to see if anyone else was > > considering. . . > > > > g > > I have been wanting to go since I talked to Richard Bejtlich at BSDCAN. But, man, did you see the prices? I do not have that kind of budget. there is an incentive for ya -- write a paper! (: cu -- paranoic mickey (my employers have changed but, the name has remained) From lists Fri Jul 15 13:25:54 2005 From: lists (michael) Date: Fri, 15 Jul 2005 13:25:54 -0400 Subject: [nycbug-talk] VPN vs IPsec Message-ID: <20050715132554.6c912f9f@genoverly.com> After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection. Two alternatives to WEP are OpenVPN and IPsec. According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely." The paper goes on to support OpenVPN. Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster. I know there are a lot of variables to examine, but... 1. Does anyone bother to secure wifi beyond WEP? 2. Are OpenVPN and IPsec good alternatives? 3. Of those which makes more sense for a wifi installation? Michael -- From george Fri Jul 15 13:38:09 2005 From: george (George R.) Date: Fri, 15 Jul 2005 13:38:09 -0400 Subject: [nycbug-talk] VPN vs IPsec In-Reply-To: <20050715132554.6c912f9f@genoverly.com> References: <20050715132554.6c912f9f@genoverly.com> Message-ID: <42D7F481.3050604@sddi.net> michael wrote: > After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I > have been reading up on securing a wifi connection. Two alternatives > to WEP are OpenVPN and IPsec. > > According to a SANS white paper > (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are > either too expensive or too difficult to use securely." The paper > goes on to support OpenVPN. > while there are some great documents in the SANS reading room, don't use it as the ultimate truth. . . > Angelos gave an informative talk and even put up graphs that showed > IPsec pushes more/faster. > But with a more complex setup. . . as a drawback, say, versus an SSH tunnel. > I know there are a lot of variables to examine, but... 1. Does anyone > bother to secure wifi beyond WEP? Personally, no, since no WPA support in FBSD until 6.0. The point of securing a home network, IMHO, is just to keep out the errant fools. That's *if* you decide you don't want your network open, ie, Ike. Nor have I opted anything like IPSec. . although Dan did: http://www.freebsddiary.org/ipsec-wireless.php No significant production wlans to speak of. . . 2. Are OpenVPN and IPsec good > alternatives? 3. Of those which makes more sense for a wifi > installation? I really think this depends on preference. Going VPN or IPSec is great for you if you don't have welcomed visitors on your network. It's enough of a hassle giving a WEP key to buddies as it is. Of course, it's nice going a step higher if you really don't want anyone sniffing your traffic. . . g From mickey Fri Jul 15 13:17:12 2005 From: mickey (Michael Shalayeff) Date: Fri, 15 Jul 2005 13:17:12 -0400 (EDT) Subject: [nycbug-talk] VPN vs IPsec In-Reply-To: <20050715132554.6c912f9f@genoverly.com> from michael at "Jul 15, 2005 01:25:54 pm" Message-ID: <200507151717.j6FHHCfV017393@lucifier.net> Making, drinking tea and reading an opus magnum from michael: > After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection. Two alternatives to WEP are OpenVPN and IPsec. > > According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely." The paper goes on to support OpenVPN. > > Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster. > > I know there are a lot of variables to examine, but... > 1. Does anyone bother to secure wifi beyond WEP? > 2. Are OpenVPN and IPsec good alternatives? > 3. Of those which makes more sense for a wifi installation? it's really hard to answer your question as you have left out every bit of information that would allow to make any answer. in fact it's just a troll post (; cu -- paranoic mickey (my employers have changed but, the name has remained) From george Fri Jul 15 13:41:51 2005 From: george (George R.) Date: Fri, 15 Jul 2005 13:41:51 -0400 Subject: [nycbug-talk] VPN vs IPsec In-Reply-To: <200507151717.j6FHHCfV017393@lucifier.net> References: <200507151717.j6FHHCfV017393@lucifier.net> Message-ID: <42D7F55F.4010000@sddi.net> Michael Shalayeff wrote: > Making, drinking tea and reading an opus magnum from michael: > >>After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection. Two alternatives to WEP are OpenVPN and IPsec. >> >>According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely." The paper goes on to support OpenVPN. >> >>Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster. >> >>I know there are a lot of variables to examine, but... >>1. Does anyone bother to secure wifi beyond WEP? >>2. Are OpenVPN and IPsec good alternatives? >>3. Of those which makes more sense for a wifi installation? > > > it's really hard to answer your question as you have left out > every bit of information that would allow to make any answer. > > in fact it's just a troll post (; MW has been known to troll on this list. We allow him to get away with it since he puts 15 hours a week into NYCBUG-related stuff. but who's the worse than a troll with his inaccurate time? Here's a cool site MS: http://www.openntpd.org/ ;-' g From nomadlogic Fri Jul 15 14:07:27 2005 From: nomadlogic (pete wright) Date: Fri, 15 Jul 2005 11:07:27 -0700 Subject: [nycbug-talk] VPN vs IPsec In-Reply-To: <20050715132554.6c912f9f@genoverly.com> References: <20050715132554.6c912f9f@genoverly.com> Message-ID: <57d7100005071511075912cc51@mail.gmail.com> On 7/15/05, michael wrote: > After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection. Two alternatives to WEP are OpenVPN and IPsec. > > According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely." The paper goes on to support OpenVPN. > > Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster. > > I know there are a lot of variables to examine, but... > 1. Does anyone bother to secure wifi beyond WEP? > 2. Are OpenVPN and IPsec good alternatives? > 3. Of those which makes more sense for a wifi installation? > On a similar topic, have you checked out nocatauth? (http://nocat.net/) I think this address a larger issue with wifi networks than that of encryption of data (which is very important, but can be addressed with end user security policies i.e. using ssh and https). notcatauth provides a way to track who is using your network, and doing so in such a way that users can be notified about terms of use for your network. -p > Michael > > > -- > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From nycbug Fri Jul 15 14:48:50 2005 From: nycbug (Ray Lai) Date: Fri, 15 Jul 2005 14:48:50 -0400 Subject: [nycbug-talk] VPN vs IPsec In-Reply-To: <42D7F481.3050604@sddi.net> References: <20050715132554.6c912f9f@genoverly.com> <42D7F481.3050604@sddi.net> Message-ID: <20050715184850.GA20767@syntax.cyth.net> On Fri, Jul 15, 2005 at 01:38:09PM -0400, George R. wrote: > michael wrote: > >I know there are a lot of variables to examine, but... 1. Does anyone > >bother to secure wifi beyond WEP? > > Personally, no, since no WPA support in FBSD until 6.0. The point of > securing a home network, IMHO, is just to keep out the errant fools. > That's *if* you decide you don't want your network open, ie, Ike. > > Nor have I opted anything like IPSec. . although Dan did: > > http://www.freebsddiary.org/ipsec-wireless.php > > No significant production wlans to speak of. . . Or if you want to implement it on OpenBSD (as you mentioned the OpenBSD IPsec stack), check out . -Ray- From george Fri Jul 15 15:05:19 2005 From: george (George Georgalis) Date: Fri, 15 Jul 2005 15:05:19 -0400 Subject: [nycbug-talk] VPN vs IPsec In-Reply-To: <57d7100005071511075912cc51@mail.gmail.com> References: <20050715132554.6c912f9f@genoverly.com> <57d7100005071511075912cc51@mail.gmail.com> Message-ID: <20050715190519.GA14022@ixeon.duo> On Fri, Jul 15, 2005 at 11:07:27AM -0700, pete wright wrote: >On 7/15/05, michael wrote: >> After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection. Two alternatives to WEP are OpenVPN and IPsec. >> >> According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely." The paper goes on to support OpenVPN. >> >> Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster. >> >> I know there are a lot of variables to examine, but... >> 1. Does anyone bother to secure wifi beyond WEP? >> 2. Are OpenVPN and IPsec good alternatives? >> 3. Of those which makes more sense for a wifi installation? >> > >On a similar topic, have you checked out nocatauth? >(http://nocat.net/) > >I think this address a larger issue with wifi networks than that of >encryption of data (which is very important, but can be addressed with >end user security policies i.e. using ssh and https). notcatauth >provides a way to track who is using your network, and doing so in >such a way that users can be notified about terms of use for your >network. > ...somebody at bsdcan suggested, let the dhcp connect you to a https that gives your ip a gw after passwd cgi, don't know about release... I want to setup a wap on dmz, for wireless dhcp that gets a host lan ip for gw. Only way to reach it is via openvpn to host. inet---fw/DMZ------wap--* \ \ host---LAN the fw gives gw to host ip only wap gives LAN ip of host as gw wap client must openvpn connect to host to access gw ip from dhcp keeps the wap off the lan, nothing fancy on the client, which can be any OS and the host doesn't have to give anything _but_ gw, if that's desired, and no route changes after dhcp. The motivation of this design is too allow the wap client full access to the LAN... I'm still thinking about a few ways to make dns available or maybe I should take a closer look at nocatauth ;) // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org From max Fri Jul 15 15:52:50 2005 From: max (max) Date: Fri, 15 Jul 2005 14:52:50 -0500 Subject: [nycbug-talk] VPN vs IPsec In-Reply-To: <20050715132554.6c912f9f@genoverly.com> References: <20050715132554.6c912f9f@genoverly.com> Message-ID: <20050715195250.GA71349@neuropunks.org> IPsec worked great for me to secure all comms between my colo'ed machine and home network. It uses racoon to do ike and freebsd has good userland toos for this. You need to create tunnels though, and apply ipsec policy, but of course thats what shell scripting is for. NoCatAuth was what I heard also as primary recommendation for this, since the point would be to protect dhcp leases on your network (from what i understand). If you want to be real paranoid, lock up mac addresses on the wap. And I dont think keeping your wifi network open is a good idea at all - everytime i see one my hands itch to load up some script kiddie toys i have and find some korean ip's.. just my redundant 2c.. On Fri, Jul 15, 2005 at 01:25:54PM -0400, michael wrote: > After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection. Two alternatives to WEP are OpenVPN and IPsec. > > According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely." The paper goes on to support OpenVPN. > > Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster. > > I know there are a lot of variables to examine, but... > 1. Does anyone bother to secure wifi beyond WEP? > 2. Are OpenVPN and IPsec good alternatives? > 3. Of those which makes more sense for a wifi installation? > > Michael > > > -- > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From mspitzer Fri Jul 15 15:54:10 2005 From: mspitzer (Marc Spitzer) Date: Fri, 15 Jul 2005 15:54:10 -0400 Subject: [nycbug-talk] VPN vs IPsec In-Reply-To: <20050715132554.6c912f9f@genoverly.com> References: <20050715132554.6c912f9f@genoverly.com> Message-ID: <8c50a3c305071512544451d495@mail.gmail.com> On 7/15/05, michael wrote: > After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection. Two alternatives to WEP are OpenVPN and IPsec. > > According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely." The paper goes on to support OpenVPN. > > Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster. > > I know there are a lot of variables to examine, but... > 1. Does anyone bother to secure wifi beyond WEP? > 2. Are OpenVPN and IPsec good alternatives? > 3. Of those which makes more sense for a wifi installation? You forgot pptp, done correctly on a proper os it is not a security problem. Now my one remembered PITA from the one time I set up open vpn was that each client had to have its own port assigned on the server, this was using udp. Not bad for 5 or 10 users but I would hate to manage it for a few hundred or more. Happy weekend to all, marc > > Michael > > > -- > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From mickey Fri Jul 15 15:57:57 2005 From: mickey (Michael Shalayeff) Date: Fri, 15 Jul 2005 15:57:57 -0400 (EDT) Subject: [nycbug-talk] VPN vs IPsec In-Reply-To: <42D7F55F.4010000@sddi.net> from "George R." at "Jul 15, 2005 01:41:51 pm" Message-ID: <200507151957.j6FJvvF1023576@lucifier.net> Making, drinking tea and reading an opus magnum from George R.: [Charset ISO-8859-1 unsupported, filtering to ASCII...] > Michael Shalayeff wrote: > > Making, drinking tea and reading an opus magnum from michael: > > > >>After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection. Two alternatives to WEP are OpenVPN and IPsec. > >> > >>According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely." The paper goes on to support OpenVPN. > >> > >>Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster. > >> > >>I know there are a lot of variables to examine, but... > >>1. Does anyone bother to secure wifi beyond WEP? > >>2. Are OpenVPN and IPsec good alternatives? > >>3. Of those which makes more sense for a wifi installation? > > > > > > it's really hard to answer your question as you have left out > > every bit of information that would allow to make any answer. > > > > in fact it's just a troll post (; > > MW has been known to troll on this list. We allow him to get away with > it since he puts 15 hours a week into NYCBUG-related stuff. so what is better linux or windows ? (: > but who's the worse than a troll with his inaccurate time? only because my time differs from yours does not mean it's inaccurate (: > Here's a cool site MS: http://www.openntpd.org/ oh. uh does not help cu -- paranoic mickey (my employers have changed but, the name has remained) From swygue Fri Jul 15 16:25:22 2005 From: swygue (swygue) Date: Fri, 15 Jul 2005 16:25:22 -0400 Subject: [nycbug-talk] looking for a member Eastern Parkway Message-ID: Today I pulled up next to someone I met at NYCBUG meeting. It was at the red light at Eastern Parkway, you know who you are. Email me off the list. --