From lists Sun Jan 1 20:56:37 2006 From: lists (Francisco Reyes) Date: Sun, 01 Jan 2006 20:56:37 -0500 Subject: [nycbug-talk] Security & monoculture References: <4399ABEA.3050504@sddi.net> Message-ID: George R. writes: > The issue of diversity and monoculture has been a major security debate > over the past several years. Catching up with all my lists in the offdays. :-) Was there a followup to your post? Don't see any.. > Anyway, more interested in opening the debate. . .. Although I understand the idea behind why Monoculture can be a problem, by the same token using multiple Operating systems or different programs (ie using two types of Firewal, but same OS).. has it's own set of problems. Although the discussion can go beyond Operating systems.. I will just discuss that one topic. I think it all comes down to the people implementing the system(s). Using a differetn OS, per se won't do much help if the people implementing it are not well versed in the second OS. Specially if a second OS is solely introduced for the effect of having more than one OS for security reasons. It is possible thet the people implementing the architecture may not be familiar with the second OS and end up compromising security because their lack of understanding of the second OS. In an ideal world, where the people installing both operating systems are familiar with both, or there are two sets of people and each group is familiar with one OS.. in that scenario I think OS diversity is good. From scottro Mon Jan 2 13:08:34 2006 From: scottro (Scott Robbins) Date: Mon, 2 Jan 2006 13:08:34 -0500 Subject: [nycbug-talk] confusion with NetBSD's PKG_OPTIONS Message-ID: <20060102180834.GA94434@mail.scottro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm trying to figure out how to use NetBSD's PKG_OPTIONS. I thought I understood from a doc on their site. http://www.netbsd.org/Documentation/pkgsrc/configuring.html#general-configuration However, I wanted to install a package called uim to input Japanese. The default options are anthy canna and gtk. I only wanted anthy and gtk. I tried make PKG_OPTIONS.uim="anthy gtk" install clean. As it was beginning the install I got a message to the effect that currently selected options were anthy, gtk and canna. There is a note that one can override this by setting PKG_DEFAULT_OPTIONS or the variable PKG_OPTIONS.uim. It then gave a message that the current value of PKG_OPTIONS.uim was anthy and gtk, which seemed to be what I wanted. However, then it began to try to install canna. In the end, I simply hacked options.mk to remove canna--I'd spent about a half hour googling and trying different combinations so it seemed time effective to take 30 seconds to hack options.mk. However, I'd like to figure out how it is supposed to work . (They mentioned adding it to /etc/mk.conf but said this was deprecated. At any rate, trying to do that with quotes around anthy gtk gave an error message--removing the quotes had the same effect as make PKG_OPTIONS="anthy gtk" showing that they were the value of the PKG_OPTIONS.uim variable but still trying to install canna. I also tried single quotes and, on a suggestion from the uim page env PKG_OPTIONS.uim='anthy gtk' make install clean, but had the same result, showing that the value was anthy and gtk but still trying to install canna.) I figure I'm missing something obvious so would be grateful for a syntax example. Thanks for any help, and be gentle, I'm feeling stupid enough as it is. - -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Anya: This isn't a relationship. You don't need me. All you care about is lots of orgasms. Xander: Okay, remember how we talked about private conversations? How they're less private when they're in front of my friends? Spike: Oh we're not your friends. Go on. Giles: Please don't -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDuWwi+lTVdes0Z9YRArsXAKCQg1NujhHcaRyYndEjQXX8fmwtawCfbR0Y qPKOkTI2BIjjPSmFeLIh/rU= =jGw2 -----END PGP SIGNATURE----- From jschauma Mon Jan 2 13:36:50 2006 From: jschauma (Jan Schaumann) Date: Mon, 2 Jan 2006 13:36:50 -0500 Subject: [nycbug-talk] confusion with NetBSD's PKG_OPTIONS In-Reply-To: <20060102180834.GA94434@mail.scottro.net> References: <20060102180834.GA94434@mail.scottro.net> Message-ID: <20060102183650.GD17220@netmeister.org> Scott Robbins wrote: > As it was beginning the install I got a message to the effect that > currently selected options were anthy, gtk and canna. There is a note > that one can override this by setting PKG_DEFAULT_OPTIONS or the > variable PKG_OPTIONS.uim. It then gave a message that the current value > of PKG_OPTIONS.uim was anthy and gtk, which seemed to be what I wanted. On my pkgsrc (which isn't entirely up to date) it also says: Deprecated variable USE_CANNA set to YES, use PKG_DEFAULT_OPTIONS+=canna instead. So this is where it pulls the canna in from for me. If I run $ make USE_CANNA=no It tells me: Deprecated variable USE_CANNA set to NO, use PKG_DEFAULT_OPTIONS+=-canna instead. But it does not pull in canna. So running: $ make PKG_OPTIONS.uim="anthy gtk -canna" Seems to be what you want, I think. I admit this is not really the least confusing method. :-) -Jan -- ``Californians have gotten to the point of being completely intolerant of non-diversity.'' -- Larry Wall -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.nycbug.org/pipermail/talk/attachments/20060102/a37e06dd/attachment.bin From scottro Mon Jan 2 15:03:11 2006 From: scottro (Scott Robbins) Date: Mon, 2 Jan 2006 15:03:11 -0500 Subject: [nycbug-talk] confusion with NetBSD's PKG_OPTIONS In-Reply-To: <20060102183650.GD17220@netmeister.org> References: <20060102180834.GA94434@mail.scottro.net> <20060102183650.GD17220@netmeister.org> Message-ID: <20060102200311.GB95423@mail.scottro.net> On Mon, Jan 02, 2006 at 01:36:50PM -0500, Jan Schaumann wrote: > Scott Robbins wrote: > > > As it was beginning the install I got a message to the effect that > > currently selected options were anthy, gtk and canna. There is a note > > that one can override this by setting PKG_DEFAULT_OPTIONS or the > > variable PKG_OPTIONS.uim. It then gave a message that the current value > > of PKG_OPTIONS.uim was anthy and gtk, which seemed to be what I wanted. > > On my pkgsrc (which isn't entirely up to date) it also says: > > Deprecated variable USE_CANNA set to YES, use PKG_DEFAULT_OPTIONS+=canna > instead. > > So this is where it pulls the canna in from for me. If I run > > $ make USE_CANNA=no > > It tells me: > > Deprecated variable USE_CANNA set to NO, use PKG_DEFAULT_OPTIONS+=-canna > instead. > > But it does not pull in canna. So running: > > $ make PKG_OPTIONS.uim="anthy gtk -canna" > > Seems to be what you want, I think. > > I admit this is not really the least confusing method. :-) Yup, but it worked perfectly. Thanks. One little example in TFM page would have saved me a great deal of time. Thanks again. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Anya: What a day. Gimme a beer. Bartender: (deadpan) ID. (Anya glares at him.) Bartender: (deadpan) ID. Anya: I'm eleven hundred and twenty years old! Just gimme a frickin' beer! Bartender: (deadpan) ID. Anya: (sigh) Gimme a Coke. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.nycbug.org/pipermail/talk/attachments/20060102/6c8efde8/attachment.bin From schmonz Mon Jan 2 15:09:16 2006 From: schmonz (Amitai Schlair) Date: Mon, 2 Jan 2006 15:09:16 -0500 Subject: [nycbug-talk] Re: confusion with NetBSD's PKG_OPTIONS In-Reply-To: <20060102183650.GD17220@netmeister.org> References: <20060102180834.GA94434@mail.scottro.net> <20060102183650.GD17220@netmeister.org> Message-ID: On Jan 2, 2006, at 1:36 PM, Jan Schaumann wrote: > $ make PKG_OPTIONS.uim="anthy gtk -canna" > > Seems to be what you want, I think. In the options framework, if you want to enable options that are disabled by default, you just name them; if you want to disable options that are enabled by default, you have to prefix them with a "-". In this case, since anthy and gtk are enabled by default and you want to keep them, you don't need to mention them explicitly; and since canna is enabled by default and you don't want it, you need a "- canna" somewhere. The sum total of which is: PKG_OPTIONS.uim=-canna I recommend putting this in /etc/mk.conf so it works the way you want if you ever have to rebuild, without having to remember anything. :-) - Amitai From scottro Mon Jan 2 15:18:31 2006 From: scottro (Scott Robbins) Date: Mon, 2 Jan 2006 15:18:31 -0500 Subject: [nycbug-talk] confusion with NetBSD's PKG_OPTIONS In-Reply-To: <20060102200311.GB95423@mail.scottro.net> References: <20060102180834.GA94434@mail.scottro.net> <20060102183650.GD17220@netmeister.org> <20060102200311.GB95423@mail.scottro.net> Message-ID: <20060102201831.GA95617@mail.scottro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > On Mon, Jan 02, 2006 at 01:36:50PM -0500, Jan Schaumann wrote: > > Scott Robbins wrote: > > > > > > $ make PKG_OPTIONS.uim="anthy gtk -canna" > > > > Seems to be what you want, I think. > > > > I admit this is not really the least confusing method. :-) > > Interestingly enough, after a bit of experimentation, it seems that the default options are installed by err, default. That is, in this case, if one simply typed make PKG_OPTIONS.uim="-canna" it will install anthy and gtk. It also seems as if one doesn't need a + sign. For example, mutt-devel installs ssl by default. Doing PKG_OPTIONS="slang" will install slang and ssl. Interesting. Apparently not yet well-documented, the packages man page doesn't even mention the show-options target. On the other hand, I'm not that familiar with NetBSD, so it might be in some other very obvious place (the show-options target was mentioned in the netbsd.org's page on using pkgsrc.) - -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Buffy: Could I be seeing Billy's asteroid body? Giles: Astral body, and I don't know. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDuYqW+lTVdes0Z9YRArRdAJ4rBHOFL9GCPcQWkN9BlrmpIdy0QACguWzG J6U9/QlsRmTMdqtfCOwwew8= =FpqE -----END PGP SIGNATURE----- From lists Mon Jan 2 15:18:47 2006 From: lists (michael) Date: Mon, 2 Jan 2006 15:18:47 -0500 Subject: [nycbug-talk] ipmi Message-ID: <20060102151847.434dd49b@wit.genoverly.home> So.. I am looking over the bitchin' new ipmi output in OpenBSD from 'sysctl hw.sensors'. This is really fantastic stuff. I am thinking about what sensors to have sensorsd watch for me. But before I do, I have to figure out what each sensor is. I've read the man pages(man 3|8 sysctl), but still am not clear. Anyone know much about this? How do I determine which sensor is which? For instance, I have eight generic Temps.. which is the CPU? How do I determine what good upper/lower limits should be? Should I reference the hardware owner's manual? hw.sensors.0=ipmi0, Temp, OK, temp, 45.00 degC / 113.00 degF hw.sensors.1=ipmi0, Temp, OK, temp, 50.00 degC / 122.00 degF hw.sensors.2=ipmi0, Ambient Temp, OK, temp, 26.00 degC / 78.80 degF hw.sensors.3=ipmi0, Planar Temp, OK, temp, 37.00 degC / 98.60 degF hw.sensors.4=ipmi0, Riser Temp, OK, temp, 29.00 degC / 84.20 degF hw.sensors.5=ipmi0, Temp, OK, temp, 40.00 degC / 104.00 degF hw.sensors.6=ipmi0, Temp, OK, temp, 40.00 degC / 104.00 degF hw.sensors.7=ipmi0, Temp, OK, temp, 50.00 degC / 122.00 degF hw.sensors.8=ipmi0, Temp, OK, temp, 50.00 degC / 122.00 degF hw.sensors.9=ipmi0, Ambient Temp, OK, temp, 23.00 degC / 73.40 degF hw.sensors.10=ipmi0, Planar Temp, OK, temp, 40.00 degC / 104.00 degF hw.sensors.11=ipmi0, Riser Temp, OK, temp, 40.00 degC / 104.00 degF hw.sensors.12=ipmi0, Temp, WARNING, temp, 40.00 degC / 104.00 degF hw.sensors.13=ipmi0, Temp, WARNING, temp, 40.00 degC / 104.00 degF hw.sensors.14=ipmi0, CMOS Battery, OK, volts_dc, 3.15 V hw.sensors.15=ipmi0, CMOS Battery, OK, volts_dc, 3.10 V hw.sensors.16=ipmi0, FAN 1 RPM, OK, fanrpm, 1800 RPM hw.sensors.17=ipmi0, FAN 2 RPM, OK, fanrpm, 5025 RPM hw.sensors.18=ipmi0, FAN 3 RPM, OK, fanrpm, 5100 RPM hw.sensors.19=ipmi0, FAN 4 RPM, OK, fanrpm, 4950 RPM hw.sensors.20=ipmi0, FAN 5 RPM, OK, fanrpm, 4950 RPM hw.sensors.21=ipmi0, FAN 6 RPM, OK, fanrpm, 5025 RPM hw.sensors.22=ipmi0, FAN 1 RPM, CRITICAL, fanrpm, 1800 RPM hw.sensors.23=ipmi0, FAN 2 RPM, CRITICAL, fanrpm, 1800 RPM hw.sensors.24=ipmi0, FAN 3 RPM, CRITICAL, fanrpm, 1800 RPM hw.sensors.25=ipmi0, FAN 4 RPM, CRITICAL, fanrpm, 1800 RPM hw.sensors.26=ipmi0, FAN 5 RPM, OK, fanrpm, 1800 RPM hw.sensors.27=ipmi0, FAN 6 RPM, OK, fanrpm, 1800 RPM hw.sensors.28=ipmi0, FAN 7 RPM, OK, fanrpm, 1800 RPM hw.sensors.29=ipmi0, FAN 8 RPM, OK, fanrpm, 1800 RPM hw.sensors.30=ipmi0, Status , OK, indicator, On hw.sensors.31=ipmi0, Status , OK, indicator, On hw.sensors.32=ipmi0, Intrusion, OK, indicator, Off -- Michael -- Michael From scottro Mon Jan 2 15:22:20 2006 From: scottro (Scott Robbins) Date: Mon, 2 Jan 2006 15:22:20 -0500 Subject: [nycbug-talk] Re: confusion with NetBSD's PKG_OPTIONS In-Reply-To: References: <20060102180834.GA94434@mail.scottro.net> <20060102183650.GD17220@netmeister.org> Message-ID: <20060102202220.GB95617@mail.scottro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Jan 02, 2006 at 03:09:16PM -0500, Amitai Schlair wrote: > On Jan 2, 2006, at 1:36 PM, Jan Schaumann wrote: > > >$ make PKG_OPTIONS.uim="anthy gtk -canna" > > > >Seems to be what you want, I think. > > In the options framework, if you want to enable options that are disabled by > default, you just name them; if you want to disable options that are enabled by > default, you have to prefix them with a "-". In this case, since anthy and gtk > are enabled by default and you want to keep them, you don't need to mention > them explicitly; and since canna is enabled by default and you don't want it, > you need a "-canna" somewhere. The sum total of which is: > > PKG_OPTIONS.uim=-canna Heh, see my next post, which I wrote before seeing yours. :) > > I recommend putting this in /etc/mk.conf so it works the way you want if you > ever have to rebuild, without having to remember anything. :-) According to that page on pkgsrc, using mk.conf for this is deprecated. On the other hand, many knowledgeable NetBSD folks seem to feel that putting these things in mk.conf is the best idea. Thanks for confirming that it isn't necessary to put in the default options. As I said in my last post, that seemed to be the case, but I wasn't positive. - -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Wicca girl: We come together, daughters of Gaia, sisters to the moon. We walk with the darkness, the wolf at our side. Through the waterfall of power, to the blackest heart of eternity. I think we should have a bake sale. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDuYt8+lTVdes0Z9YRAgBRAKCUlMI+EQO8u6VTf2zjyS525V3RCgCfXdR3 ZaMUxTeJ7i0YUs65+C3p08g= =Gh7c -----END PGP SIGNATURE----- From schmonz Mon Jan 2 15:25:03 2006 From: schmonz (Amitai Schlair) Date: Mon, 2 Jan 2006 15:25:03 -0500 Subject: [nycbug-talk] Re: confusion with NetBSD's PKG_OPTIONS In-Reply-To: <20060102202220.GB95617@mail.scottro.net> References: <20060102180834.GA94434@mail.scottro.net> <20060102183650.GD17220@netmeister.org> <20060102202220.GB95617@mail.scottro.net> Message-ID: <8DF0A42D-B506-4FEF-89C4-30360314C238@schmonz.com> On Jan 2, 2006, at 3:22 PM, Scott Robbins wrote: > According to that page on pkgsrc, using mk.conf for this is > deprecated. > On the other hand, many knowledgeable NetBSD folks seem to feel that > putting these things in mk.conf is the best idea. It's definitely not deprecated! Can you point me at the page where you read that, so we can fix it? Thanks, - Amitai From scottro Mon Jan 2 16:20:51 2006 From: scottro (Scott Robbins) Date: Mon, 2 Jan 2006 16:20:51 -0500 Subject: [nycbug-talk] Re: confusion with NetBSD's PKG_OPTIONS In-Reply-To: <8DF0A42D-B506-4FEF-89C4-30360314C238@schmonz.com> References: <20060102180834.GA94434@mail.scottro.net> <20060102183650.GD17220@netmeister.org> <20060102202220.GB95617@mail.scottro.net> <8DF0A42D-B506-4FEF-89C4-30360314C238@schmonz.com> Message-ID: <20060102212051.GA96074@mail.scottro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Jan 02, 2006 at 03:25:03PM -0500, Amitai Schlair wrote: > On Jan 2, 2006, at 3:22 PM, Scott Robbins wrote: > > >According to that page on pkgsrc, using mk.conf for this is deprecated. > >On the other hand, many knowledgeable NetBSD folks seem to feel that > >putting these things in mk.conf is the best idea. > > It's definitely not deprecated! Can you point me at the page where you read > that, so we can fix it? Most definitely. http://www.netbsd.org/Documentation/pkgsrc/configuring.html#general-configuration (sorry about the wrap) If you are part of the NetBSD documentation team, then may I suggest putting in a few examples? Actually, I see that rereading it (when I read it last night it was quite late) the actual wording is. =============================================== efore the options framework was introduced, build options were selected by setting a variable in /etc/mk.conf for each option. To ease transition to the options framework for the user, these legacy variables are converted to the appropriate options setting automatically. A warning is issued to prompt the user to update /etc/mk.conf to use the options framework directly. Support for these legacy variables will be removed eventually. ============================================== I took that to mean that setting them in mk.conf was deprecated, but I'm putting that down to it being very late at night when I read it. A bit of experimentation indicates that in mk.conf, if you use " " you get an error message. For example, if I wanted to include the non-default eb and not include canna, my mk.conf entry would be PKG_OPTIONS.uim=eb -canna Again, I think examples would be extremely helpful to the reader. - -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Angelus: I wanna torture you. I used to love it, and it's been such a long time. I mean, the last time I tortured someone, they didn't even *have* chainsaws. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDuZkz+lTVdes0Z9YRAnzHAKC3u8E2h2S4vVvOzeV8MVkqtJFyHgCgpOt2 6rEwP3xbetxPvucW1qkxExs= =VRzL -----END PGP SIGNATURE----- From jschauma Mon Jan 2 17:32:40 2006 From: jschauma (Jan Schaumann) Date: Mon, 2 Jan 2006 17:32:40 -0500 Subject: [nycbug-talk] confusion with NetBSD's PKG_OPTIONS In-Reply-To: <20060102201831.GA95617@mail.scottro.net> References: <20060102180834.GA94434@mail.scottro.net> <20060102183650.GD17220@netmeister.org> <20060102200311.GB95423@mail.scottro.net> <20060102201831.GA95617@mail.scottro.net> Message-ID: <20060102223240.GA28390@netmeister.org> Scott Robbins wrote: > Interesting. Apparently not yet well-documented, the packages man page > doesn't even mention the show-options target. But it does include the following blurb of information in bold right at the top: DESCRIPTION This manual page is obsolete. Please refer the pkgsrc guide at /usr/pkgsrc/doc/pkgsrc.txt or /usr/pkgsrc/doc/pkgsrc.html. The contents of this manual page will be moved there as time permits. I agree that the documentation on the website you cited in the other mail could lead to misunderstandings like yours. I've added a clarification to the docs. -Jan -- Except most of the good bits were about frogs, I remember that. You would not believe some of the things about frogs. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.nycbug.org/pipermail/talk/attachments/20060102/8df0135e/attachment.bin From scottro Mon Jan 2 18:01:09 2006 From: scottro (Scott Robbins) Date: Mon, 2 Jan 2006 18:01:09 -0500 Subject: [nycbug-talk] confusion with NetBSD's PKG_OPTIONS In-Reply-To: <20060102223240.GA28390@netmeister.org> References: <20060102180834.GA94434@mail.scottro.net> <20060102183650.GD17220@netmeister.org> <20060102200311.GB95423@mail.scottro.net> <20060102201831.GA95617@mail.scottro.net> <20060102223240.GA28390@netmeister.org> Message-ID: <20060102230109.GA97438@mail.scottro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Jan 02, 2006 at 05:32:40PM -0500, Jan Schaumann wrote: > Scott Robbins wrote: > > > Interesting. Apparently not yet well-documented, the packages man page > > doesn't even mention the show-options target. > > But it does include the following blurb of information in bold right at > the top: > > DESCRIPTION > This manual page is obsolete. Please refer the pkgsrc guide at > /usr/pkgsrc/doc/pkgsrc.txt or /usr/pkgsrc/doc/pkgsrc.html. The > contents of this manual page will be moved there as time permits. Hrrm, my man page doesn't have that. This is a fresh install of 3.0. I was having trouble with the pkgsrc from 12.31, so the pkgsrc is from the week before or so. > > I agree that the documentation on the website you cited in the other > mail could lead to misunderstandings like yours. I've added a > clarification to the docs. > > -Jan You and Amitai quickly cleared it up, however, for which I thank both of you. I do think that a line or two of examples would quickly clarify it for the reader. As for mk.conf being deprecated, as I said, I think that was simply due to not having enough sleep and missing the point of the paragraph. So, that part of my misunderstanding is something that can probably be safely ignored. > -- > Except most of the good bits were about frogs, I remember that. > You would not believe some of the things about frogs. Heh, I didn't see any entries about frogs in the man page. :) - -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Willow: I don't care if it is an orgy of death, there's still such a thing as a napkin. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDubC1+lTVdes0Z9YRAoNAAJ96eHBUXsbfpXA733P5WHoYxbm1gQCeJz78 viYW8p5N/qhY2T+DT6IC3Tw= =RV3m -----END PGP SIGNATURE----- From nomadlogic Tue Jan 3 11:22:06 2006 From: nomadlogic (pete wright) Date: Tue, 3 Jan 2006 08:22:06 -0800 Subject: [nycbug-talk] ipmi In-Reply-To: <20060102151847.434dd49b@wit.genoverly.home> References: <20060102151847.434dd49b@wit.genoverly.home> Message-ID: <57d710000601030822o23d5a624s2ddca3d464a31396@mail.gmail.com> On 1/2/06, michael wrote: > So.. I am looking over the bitchin' new ipmi output in OpenBSD from > 'sysctl hw.sensors'. This is really fantastic stuff. > > I am thinking about what sensors to have sensorsd watch for me. But > before I do, I have to figure out what each sensor is. I've read the > man pages(man 3|8 sysctl), but still am not clear. Anyone know much > about this? > > How do I determine which sensor is which? For instance, I have eight > generic Temps.. which is the CPU? > > How do I determine what good upper/lower limits should be? Should I > reference the hardware owner's manual? yea this looks really interesting indeed. aside from checking out the code (grin) there must be something in the hardware doc's that talk about how the sensors are identified. i'd be really interested in hearing about any progress you make on this michael. -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From lists Tue Jan 3 12:16:28 2006 From: lists (Francisco Reyes) Date: Tue, 03 Jan 2006 12:16:28 -0500 Subject: [nycbug-talk] NFS in FreeBSD Message-ID: Any good links to read up on NFS in FreeBSD? Bought the Oreilly book on NFS.. it was way too much Solaris centered. :-( In particular a better explanation of nfsstat would be nice. I didn't find the explanation on that book to be very thorough. In particular I would be interested on issues unique to FreeBSD. Also, any ideas how to tell if the number of server/client daemons are too few? It seems a somewhat general rule of thumb is 2 server processes for each planned client. How about the clients? the default 4 suggested in the default/rc.conf enough? From ike Tue Jan 3 13:15:15 2006 From: ike (Isaac Levy) Date: Tue, 3 Jan 2006 13:15:15 -0500 Subject: [nycbug-talk] Unmanaged Switch, SNMP traffic data? Message-ID: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> Hey All, Do any of the Networking hardcores on this list have any good reccomendations for switches? I'm looking for the following: 24 port Gigabit Switches Unmanaged (though I want passive SNMP data so I can collect aggregate traffic usage?) Am I wishing for a product that doesn't exist? I've found many good looking unmanaged switches, but no snmp- and I'd *really* like to simply do traffic analysis on a per-ip basis (snmp and mrtg would do just fine for this application). -- I don't want to get into the layer2 and layer3 switches for a number of reasons, cost, complexity, more manageable stuff secure, and yet another device to plug a wire into... -- OR, any other ideas on how to per-ip bandwidth analysis with unmanaged switches? Thanks! .ike From spork Tue Jan 3 13:42:58 2006 From: spork (Charles Sprickman) Date: Tue, 3 Jan 2006 13:42:58 -0500 (EST) Subject: [nycbug-talk] Unmanaged Switch, SNMP traffic data? In-Reply-To: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> References: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> Message-ID: On Tue, 3 Jan 2006, Isaac Levy wrote: > OR, any other ideas on how to per-ip bandwidth analysis with unmanaged > switches? If you control either the router or a firewall in front of all this stuff, yes... If not, you'll have to either go the managed route or ask each host for traffic stats. C > Thanks! > .ike > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From mikel.king Tue Jan 3 13:50:41 2006 From: mikel.king (Mikel King) Date: Tue, 3 Jan 2006 13:50:41 -0500 Subject: [nycbug-talk] Unmanaged Switch, SNMP traffic data? In-Reply-To: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> References: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> Message-ID: On Jan 3, 2006, at 1:15 PM, Isaac Levy wrote: > Hey All, > > Do any of the Networking hardcores on this list have any good > reccomendations for switches? > > I'm looking for the following: > 24 port Gigabit Switches > Unmanaged (though I want passive SNMP data so I can collect > aggregate traffic usage?) > > Am I wishing for a product that doesn't exist? I've found many > good looking unmanaged switches, but no snmp- and I'd *really* like > to simply do traffic analysis on a per-ip basis (snmp and mrtg > would do just fine for this application). > > -- > I don't want to get into the layer2 and layer3 switches for a > number of reasons, cost, complexity, more manageable stuff secure, > and yet another device to plug a wire into... > > -- > OR, any other ideas on how to per-ip bandwidth analysis with > unmanaged switches? > > Thanks! > .ike Dude, I honestly don't know of any unmanaged switches that'll do all that for you. General rule is no management::no snmp especially in the 24 port giga versions . On the other hand Adtran 1524 ST lists for like $1300ish, and I've been buying them for a couple bills less through channel. It's a great giga switch with all the bells and a few whistles too. Cheers, Mikel King CIO, Director of Network Operations Optimized Computer Solutions, INC Tech Alliance, INC 39 West Fourteenth Street Second Floor New York, NY 10011 http://www.ocsny.com http://www.techally.com t: 212.727.2100x132 +------------------------------------------+ How do you spell cooperation? Pessimists use each other, but optimists help each other. Collaboration feeds your spirit, while competition only stokes your ego. You'll find the best way to get along. +------------------------------------------+ From mspitzer Tue Jan 3 13:53:23 2006 From: mspitzer (Marc Spitzer) Date: Tue, 3 Jan 2006 13:53:23 -0500 Subject: [nycbug-talk] Unmanaged Switch, SNMP traffic data? In-Reply-To: References: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> Message-ID: <8c50a3c30601031053s4f2cde41nb2400ed0245df5fb@mail.gmail.com> On 1/3/06, Charles Sprickman wrote: > On Tue, 3 Jan 2006, Isaac Levy wrote: > > > OR, any other ideas on how to per-ip bandwidth analysis with unmanaged > > switches? > > If you control either the router or a firewall in front of all this stuff, > yes... If not, you'll have to either go the managed route or ask each > host for traffic stats. > Also do not forget about netflow, if you go the managed switch route. Then just do the reporting on the netflow records. marc > C > > > Thanks! > > .ike > > > > > > _______________________________________________ > > % NYC*BUG talk mailing list > > http://lists.nycbug.org/mailman/listinfo/talk > > %Be sure to check out our Jobs and NYCBUG-announce lists > > %We meet the first Wednesday of the month > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From nomadlogic Tue Jan 3 14:25:53 2006 From: nomadlogic (pete wright) Date: Tue, 3 Jan 2006 11:25:53 -0800 Subject: [nycbug-talk] NFS in FreeBSD In-Reply-To: References: Message-ID: <57d710000601031125n583f1c12k68b10c3ab44d14b6@mail.gmail.com> On 1/3/06, Francisco Reyes wrote: > Any good links to read up on NFS in FreeBSD? > Bought the Oreilly book on NFS.. it was way too much Solaris centered. :-( > > In particular a better explanation of nfsstat would be nice. I didn't find > the explanation on that book to be very thorough. > > In particular I would be interested on issues unique to FreeBSD. I hate to say it but the man pages are probably your best bet with specific utilities like nfsstat. As far as books, I am not familiar with any specific books that have helped me greatly...although the Purple book is pretty great when it comes to quick reviews of options on Free/RedHat/Solaris and HPuX. > > Also, any ideas how to tell if the number of server/client daemons are too > few? It seems a somewhat general rule of thumb is 2 server processes for > each planned client. How about the clients? the default 4 suggested in the > default/rc.conf enough? In the past I spent a fair amount of time tuning my NFS servers using ttcp/dd and other basic utilites. I think it really depends on your specific environment. I had relativly few clients, but they where writting large files over gig-e. So it was not the amount of daemons I had running, but the block sizes transmitted and the mbuf's that led to performance gains. I also had to pay attention to the storage on the nfs server, when dealing with large files you want to have as many spindles as possible doing I/O. If you have hundreds of clients writting relativly small files, I would assume having many daemon's running would be helpfull. -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From nomadlogic Tue Jan 3 14:29:23 2006 From: nomadlogic (pete wright) Date: Tue, 3 Jan 2006 11:29:23 -0800 Subject: [nycbug-talk] Unmanaged Switch, SNMP traffic data? In-Reply-To: References: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> Message-ID: <57d710000601031129s7235f561l52efa3b7b3dd441d@mail.gmail.com> On 1/3/06, Mikel King wrote: > > On Jan 3, 2006, at 1:15 PM, Isaac Levy wrote: > > > Hey All, > > > > Do any of the Networking hardcores on this list have any good > > reccomendations for switches? > > > > I'm looking for the following: > > 24 port Gigabit Switches > > Unmanaged (though I want passive SNMP data so I can collect > > aggregate traffic usage?) > > > > Am I wishing for a product that doesn't exist? I've found many > > good looking unmanaged switches, but no snmp- and I'd *really* like > > to simply do traffic analysis on a per-ip basis (snmp and mrtg > > would do just fine for this application). > > > > -- > > I don't want to get into the layer2 and layer3 switches for a > > number of reasons, cost, complexity, more manageable stuff secure, > > and yet another device to plug a wire into... > > > > -- > > OR, any other ideas on how to per-ip bandwidth analysis with > > unmanaged switches? > > > > Thanks! > > .ike > > Dude, > > I honestly don't know of any unmanaged switches that'll do all that > for you. General rule is no management::no snmp especially in the 24 > port giga versions . On the other hand Adtran 1524 ST lists for like > $1300ish, and I've been buying them for a couple bills less through > channel. It's a great giga switch with all the bells and a few > whistles too. > do those guy's do large frames (9600 MTU)? regarding the traffic analysis Ike, I'm agreeing with charles... -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From elric Tue Jan 3 14:47:44 2006 From: elric (Roland Dowdeswell) Date: Tue, 03 Jan 2006 14:47:44 -0500 Subject: [nycbug-talk] Roland Dowdeswell interview on CGD In-Reply-To: Your message of "Fri, 23 Dec 2005 23:31:06 EST." <20051224043106.GG74359@yinaska.pair.com> Message-ID: <20060103194744.DC21B37014@arioch.imrryr.org> On 1135398666 seconds since the Beginning of the UNIX epoch Okan Demirmen wrote: > >On Fri 2005.12.23 at 11:18 -0500, Ray Lai wrote: >> On Fri, Dec 23, 2005 at 09:05:54AM -0500, michael wrote: >> > If you haven't seen it: >> > http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html >> > >> > He has been a repeat speaker at NYCBUG meetings. >> >> I've always wondered how gracefully encrypted disks handled crashes. >> Does anyone have any experience? I've used the encrypted disk image >> for qemu before, but a crash rendered the whole image useless. > >doh, that sucks. i haven't had many issues with svnd(4) before. i have >all my home data that i care about in a svnd(4). before i got my new >laptop, i had this old laptop which had zero battery life. i can't count >the number of times i accidentally pulled the power cord, but the device >came up successfully each time. now that i've got a working battery, i >can't recall the last time this thing actually crashed completely, but >what i can say is that i've yet to lose the data in that svnd(4). > >now, my use of the device is for files, created/modified by me, a >human. milage varies.... > >now, i do backups all the time though ;) which i'm sure you do as well. All of CGD, svnd, GBDE and GELI are block level encryption schemes. Of them, only GBDE has atomicity issues which can result in corruption upon a crash, so if you are using svnd then you should be safe. If you are using FreeBSD, I would suggest that you evaluate GELI as it does not appear to have these atomicity issues---and it does use PKCS#5 PBKDF2 to counter dictionary attacks, etc. Of course, with svnd you need to be extremely careful when selecting a passphrase as it is vulnerable to offline dictionary attacks. I would suggest generating passphrases via something like: $ openssl rand -base64 12 to counter this issue. -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/ From mikel.king Tue Jan 3 14:48:53 2006 From: mikel.king (Mikel King) Date: Tue, 3 Jan 2006 14:48:53 -0500 Subject: [nycbug-talk] Unmanaged Switch, SNMP traffic data? In-Reply-To: <57d710000601031129s7235f561l52efa3b7b3dd441d@mail.gmail.com> References: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> <57d710000601031129s7235f561l52efa3b7b3dd441d@mail.gmail.com> Message-ID: On Jan 3, 2006, at 2:29 PM, pete wright wrote: > On 1/3/06, Mikel King wrote: >> >> On Jan 3, 2006, at 1:15 PM, Isaac Levy wrote: >> >>> Hey All, >>> >>> Do any of the Networking hardcores on this list have any good >>> reccomendations for switches? >>> >>> I'm looking for the following: >>> 24 port Gigabit Switches >>> Unmanaged (though I want passive SNMP data so I can collect >>> aggregate traffic usage?) >>> >>> Am I wishing for a product that doesn't exist? I've found many >>> good looking unmanaged switches, but no snmp- and I'd *really* like >>> to simply do traffic analysis on a per-ip basis (snmp and mrtg >>> would do just fine for this application). >>> >>> -- >>> I don't want to get into the layer2 and layer3 switches for a >>> number of reasons, cost, complexity, more manageable stuff secure, >>> and yet another device to plug a wire into... >>> >>> -- >>> OR, any other ideas on how to per-ip bandwidth analysis with >>> unmanaged switches? >>> >>> Thanks! >>> .ike >> >> Dude, >> >> I honestly don't know of any unmanaged switches that'll do >> all that >> for you. General rule is no management::no snmp especially in the 24 >> port giga versions . On the other hand Adtran 1524 ST lists for like >> $1300ish, and I've been buying them for a couple bills less through >> channel. It's a great giga switch with all the bells and a few >> whistles too. >> > > do those guy's do large frames (9600 MTU)? regarding the traffic > analysis Ike, I'm agreeing with charles... You mean jumbo frame buffers? They are supposed to be adding jbf support in the March release of the OS for the switch. I've been awaiting this feature since Sept 05, because we are doing iSCSI SAN systems and will need that come April. Cheers, Mikel King CIO, Director of Network Operations Optimized Computer Solutions, INC Tech Alliance, INC 39 West Fourteenth Street Second Floor New York, NY 10011 http://www.ocsny.com http://www.techally.com t: 212.727.2100x132 +------------------------------------------+ How do you spell cooperation? Pessimists use each other, but optimists help each other. Collaboration feeds your spirit, while competition only stokes your ego. You'll find the best way to get along. +------------------------------------------+ From ike Tue Jan 3 14:48:59 2006 From: ike (Isaac Levy) Date: Tue, 3 Jan 2006 14:48:59 -0500 Subject: [nycbug-talk] Unmanaged Switch, SNMP traffic data? In-Reply-To: <8c50a3c30601031053s4f2cde41nb2400ed0245df5fb@mail.gmail.com> References: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> <8c50a3c30601031053s4f2cde41nb2400ed0245df5fb@mail.gmail.com> Message-ID: <93D52BEB-0DCD-40ED-AC66-46E5A0080CBB@lesmuug.org> Thx. Mark, All, On Jan 3, 2006, at 1:53 PM, Marc Spitzer wrote: > Also do not forget about netflow, Michael Lucas wrote 3 related articles concerning Netflow setup: Monitoring Network Traffic with NetFlow http://www.onlamp.com/pub/a/bsd/2005/08/18/Big_Scary_Daemons.html Visualizing Network Traffic with Netflow and FlowScan http://www.onlamp.com/pub/a/bsd/2005/09/15/Big_Scary_Daemons.html Building Detailed Network Reports with Netflow http://www.onlamp.com/pub/a/bsd/2005/10/27/Big_Scary_Daemons.html -- I'm going to dive into this and give it a shot, with the intention of running netflow on each machine, (and distributing my logged data)... Rocket- .ike From nomadlogic Tue Jan 3 15:00:03 2006 From: nomadlogic (pete wright) Date: Tue, 3 Jan 2006 12:00:03 -0800 Subject: [nycbug-talk] Unmanaged Switch, SNMP traffic data? In-Reply-To: References: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> <57d710000601031129s7235f561l52efa3b7b3dd441d@mail.gmail.com> Message-ID: <57d710000601031200p2e7ff01dk1e089fb3241b226a@mail.gmail.com> On 1/3/06, Mikel King wrote: > > On Jan 3, 2006, at 2:29 PM, pete wright wrote: > > > On 1/3/06, Mikel King wrote: > >> > >> On Jan 3, 2006, at 1:15 PM, Isaac Levy wrote: > >> > >>> Hey All, > >>> > >>> Do any of the Networking hardcores on this list have any good > >>> reccomendations for switches? > >>> > >>> I'm looking for the following: > >>> 24 port Gigabit Switches > >>> Unmanaged (though I want passive SNMP data so I can collect > >>> aggregate traffic usage?) > >>> > >>> Am I wishing for a product that doesn't exist? I've found many > >>> good looking unmanaged switches, but no snmp- and I'd *really* like > >>> to simply do traffic analysis on a per-ip basis (snmp and mrtg > >>> would do just fine for this application). > >>> > >>> -- > >>> I don't want to get into the layer2 and layer3 switches for a > >>> number of reasons, cost, complexity, more manageable stuff secure, > >>> and yet another device to plug a wire into... > >>> > >>> -- > >>> OR, any other ideas on how to per-ip bandwidth analysis with > >>> unmanaged switches? > >>> > >>> Thanks! > >>> .ike > >> > >> Dude, > >> > >> I honestly don't know of any unmanaged switches that'll do > >> all that > >> for you. General rule is no management::no snmp especially in the 24 > >> port giga versions . On the other hand Adtran 1524 ST lists for like > >> $1300ish, and I've been buying them for a couple bills less through > >> channel. It's a great giga switch with all the bells and a few > >> whistles too. > >> > > > > do those guy's do large frames (9600 MTU)? regarding the traffic > > analysis Ike, I'm agreeing with charles... > > You mean jumbo frame buffers? They are supposed to be adding jbf > support in the March release of the OS for the switch. I've been > awaiting this feature since Sept 05, because we are doing iSCSI SAN > systems and will need that come April. > yea jumbo packets or what ever term people are using now ;) IMO that is a neccessary feature for any Gig-E switch.... -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From ike Tue Jan 3 16:02:16 2006 From: ike (Isaac Levy) Date: Tue, 3 Jan 2006 16:02:16 -0500 Subject: [nycbug-talk] 2x 3Ware Escalade 9500S-4LP SATA In-Reply-To: References: <0IRV00MIQ348JCXG@mta7.srv.hcvlny.cv.net> <5E8A00E1-6618-466E-B733-0ABAFE275B62@lesmuug.org> <2F3DAEE6-4005-402E-9F4F-4760B98B4986@lesmuug.org> <931E78FC-4883-4C5C-9D19-9FB26F7F5BB6@lesmuug.org> Message-ID: <757A002E-A295-47C4-846D-6616D8C69362@lesmuug.org> Hey All, I emailed Vinod today, the original author of the twa(4) driver. Below is my status with the cards as well: Rocket- .ike Begin forwarded message: >> -----Original Message----- >> From: Isaac Levy [mailto:ike at lesmuug.org] >> Sent: Tuesday, January 03, 2006 12:17 PM >> To: vkashyap at FreeBSD.org >> Subject: Status of twa(4) for AMCC's 3ware 9500S-4LP >> >> Hello Vinod, >> >> There has been a recent flurry of discussion about the twa(4) >> driver on FreeBSD 6.0, using the AMCC/3ware 9500S-4LP. >> >> http://lists.nycbug.org/pipermail/talk/2005-December/007424.html >> >> -- >> In a nutshell, the cards won't boot using a RAID volume >> install, outside of booting from Safe Mode. >> >> The Error symptom is that during boot, the card keeps >> resetting itself infinitely. >> >> -- >> I have today compiled CURRENT to test, it didn't work. >> I have also compiled/installed the drivers downloaded from >> the 3Ware site, that didn't work either. >> >> Q: Is the driver broken in the FreeBSD Source? >> > > Not that I know of. > >> Q: Is anyone actively maintaining the driver, now that the >> 9550SX cards have come out? >> > > AMCC does actively maintain the driver. I have moved out of being > responsible for the driver though. Please contact 3ware Support and > they should help you. > >> Thank you for your time. >> >> Best, >> .ike >> >> From lists Tue Jan 3 16:42:34 2006 From: lists (Francisco Reyes) Date: Tue, 03 Jan 2006 16:42:34 -0500 Subject: [nycbug-talk] NFS in FreeBSD References: <57d710000601031125n583f1c12k68b10c3ab44d14b6@mail.gmail.com> Message-ID: pete wright writes: > I hate to say it but the man pages are probably your best bet with > specific utilities like nfsstat. thanks for the feedback.. one example of when that is not the case (for me) was vmstat. Could not make sense of the man page, but once I read Absolute BSD.. and the section covering performance. It made much more sense to me. > In the past I spent a fair amount of time tuning my NFS servers using > ttcp/dd and other basic utilites. Will take a look at those. > I think it really depends on your > specific environment. Mail. IMAP and POP3. > I had relativly few clients, but they where > writting large files over gig-e. We have the opposite. Lots of connections... to small files. > the nfs server, when dealing with large files you want to have as many > spindles as possible doing I/O. The current server predates me and it was done with RAID 5... which is a poor choice for lots of small writes. the new server due in productino soon will be RAID 10. From nomadlogic Tue Jan 3 17:02:55 2006 From: nomadlogic (pete wright) Date: Tue, 3 Jan 2006 14:02:55 -0800 Subject: [nycbug-talk] NFS in FreeBSD In-Reply-To: References: <57d710000601031125n583f1c12k68b10c3ab44d14b6@mail.gmail.com> Message-ID: <57d710000601031402u6a454253j87311198131c07f7@mail.gmail.com> On 1/3/06, Francisco Reyes wrote: > pete wright writes: > > > I hate to say it but the man pages are probably your best bet with > > specific utilities like nfsstat. > > thanks for the feedback.. one example of when that is not the case (for me) > was vmstat. Could not make sense of the man page, but once I read Absolute > BSD.. and the section covering performance. It made much more sense to me. > execellent, i'll have to get my hands on that guy... > > In the past I spent a fair amount of time tuning my NFS servers using > > ttcp/dd and other basic utilites. > > Will take a look at those. > > > I think it really depends on your > > specific environment. > > Mail. IMAP and POP3. > > > I had relativly few clients, but they where > > writting large files over gig-e. > > We have the opposite. Lots of connections... to small files. > > > the nfs server, when dealing with large files you want to have as many > > spindles as possible doing I/O. > > The current server predates me and it was done with RAID 5... which is a > poor choice for lots of small writes. the new server due in productino soon > will be RAID 10. > > yea that should help, although I imagine with POP/IMAP connections disk I/O will not begin to be a bottleneck until you get many connections. But heck, why not plan for scalability when you can ;) -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From ike Tue Jan 3 18:35:50 2006 From: ike (Isaac Levy) Date: Tue, 3 Jan 2006 18:35:50 -0500 Subject: [nycbug-talk] 2x 3Ware Escalade 9500S-4LP SATA In-Reply-To: References: <0IRV00MIQ348JCXG@mta7.srv.hcvlny.cv.net> <5E8A00E1-6618-466E-B733-0ABAFE275B62@lesmuug.org> <2F3DAEE6-4005-402E-9F4F-4760B98B4986@lesmuug.org> <931E78FC-4883-4C5C-9D19-9FB26F7F5BB6@lesmuug.org> <757A002E-A295-47C4-846D-6616D8C69362@lesmuug.org> Message-ID: <85ECDAF6-8401-4F3B-86E8-1F8C17B39855@lesmuug.org> Hey All, Upbeat Update: So it looks like it's n APIC issue, (GIANT_LOCKED). I just recompiled the kernel without APIC support, and viola, it works- albiet without SMP. Sad thing is, the machines I'm putting these cards in are dual Xeon rigs. -- Ok, on Vinod's suggestion, I called 3Ware/AMCC support, and a *very* helpful person there took me through figuring out what firmware I had, and told me the new firmware fixes this problem. With that, I need to update firmware and try installing/booting fresh again, but the 3Ware/AMCC KnowledgeLibrary site is downed with some DB error... (doh!) So, with that, I'm done for the day- but looks like I almost have this issue solved, for now, with these cards. Will keep everyone posted. Rocket- .ike On Jan 3, 2006, at 6:15 PM, Charles Sprickman wrote: > That doesn't look promising... > > I'm going to dig up Scott's email on the Adaptec stuff too so you > can get an idea of what some of the adaptec issues are (and so I > can find it myself and refresh my memory)... > > C > > On Tue, 3 Jan 2006, Isaac Levy wrote: > >> Hey All, >> >> I emailed Vinod today, the original author of the twa(4) driver. >> >> Below is my status with the cards as well: >> >> Rocket- >> .ike >> >> >> >> Begin forwarded message: >>>> -----Original Message----- >>>> From: Isaac Levy [mailto:ike at lesmuug.org] >>>> Sent: Tuesday, January 03, 2006 12:17 PM >>>> To: vkashyap at FreeBSD.org >>>> Subject: Status of twa(4) for AMCC's 3ware 9500S-4LP >>>> Hello Vinod, >>>> There has been a recent flurry of discussion about the twa(4) >>>> driver on FreeBSD 6.0, using the AMCC/3ware 9500S-4LP. >>>> http://lists.nycbug.org/pipermail/talk/2005-December/007424.html >>>> -- >>>> In a nutshell, the cards won't boot using a RAID volume >>>> install, outside of booting from Safe Mode. >>>> The Error symptom is that during boot, the card keeps >>>> resetting itself infinitely. >>>> -- >>>> I have today compiled CURRENT to test, it didn't work. >>>> I have also compiled/installed the drivers downloaded from >>>> the 3Ware site, that didn't work either. >>>> Q: Is the driver broken in the FreeBSD Source? >>> Not that I know of. >>>> Q: Is anyone actively maintaining the driver, now that the >>>> 9550SX cards have come out? >>> AMCC does actively maintain the driver. I have moved out of being >>> responsible for the driver though. Please contact 3ware Support and >>> they should help you. >>>> Thank you for your time. >>>> Best, >>>> .ike >> >> >> >> > From lists Tue Jan 3 19:08:09 2006 From: lists (Francisco Reyes) Date: Tue, 03 Jan 2006 19:08:09 -0500 Subject: [nycbug-talk] NFS in FreeBSD References: <57d710000601031125n583f1c12k68b10c3ab44d14b6@mail.gmail.com> <57d710000601031402u6a454253j87311198131c07f7@mail.gmail.com> Message-ID: pete wright writes: >> will be RAID 10. > yea that should help, although I imagine with POP/IMAP connections > disk I/O will not begin to be a bottleneck until you get many > connections. But heck, why not plan for scalability when you can ;) On average our mail servers have 100+ Imap/POp3 (combined) connections.. on a day like today where everyone came back to work we had 200+.. with some scary peaks at 300+ All of that connecting to an NFS box (..total about 600 to 1000 users) does create significant traffic. :-) From nomadlogic Tue Jan 3 19:13:08 2006 From: nomadlogic (pete wright) Date: Tue, 3 Jan 2006 16:13:08 -0800 Subject: [nycbug-talk] NFS in FreeBSD In-Reply-To: References: <57d710000601031125n583f1c12k68b10c3ab44d14b6@mail.gmail.com> <57d710000601031402u6a454253j87311198131c07f7@mail.gmail.com> Message-ID: <57d710000601031613p15ce9474oe9a688a5372e3891@mail.gmail.com> On 1/3/06, Francisco Reyes wrote: > pete wright writes: > > >> will be RAID 10. > > > > yea that should help, although I imagine with POP/IMAP connections > > disk I/O will not begin to be a bottleneck until you get many > > connections. But heck, why not plan for scalability when you can ;) > > On average our mail servers have 100+ Imap/POp3 (combined) connections.. on > a day like today where everyone came back to work we had 200+.. with some > scary peaks at 300+ > > All of that connecting to an NFS box (..total about 600 to 1000 users) does > create significant traffic. :-) > yea I can imagine :^) we run our mail cluster off a san type architecture...two shelves of fiber chan. storage hung off the mail cluster. it removes the NFS bottleneck...granted it is kinda pricy though. -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From lists Tue Jan 3 19:28:50 2006 From: lists (Francisco Reyes) Date: Tue, 03 Jan 2006 19:28:50 -0500 Subject: [nycbug-talk] NFS in FreeBSD References: <57d710000601031125n583f1c12k68b10c3ab44d14b6@mail.gmail.com> <57d710000601031402u6a454253j87311198131c07f7@mail.gmail.com> <57d710000601031613p15ce9474oe9a688a5372e3891@mail.gmail.com> Message-ID: pete wright writes: > we run our mail cluster off a san type architecture...two shelves of > fiber chan. storage hung off the mail cluster. it removes the NFS > bottleneck...granted it is kinda pricy though. So the machines see the device as if it was a disk? How is concurrency handled? From nomadlogic Tue Jan 3 19:36:38 2006 From: nomadlogic (pete wright) Date: Tue, 3 Jan 2006 16:36:38 -0800 Subject: [nycbug-talk] NFS in FreeBSD In-Reply-To: References: <57d710000601031125n583f1c12k68b10c3ab44d14b6@mail.gmail.com> <57d710000601031402u6a454253j87311198131c07f7@mail.gmail.com> <57d710000601031613p15ce9474oe9a688a5372e3891@mail.gmail.com> Message-ID: <57d710000601031636w4c988dddg3c4893c470924cb8@mail.gmail.com> On 1/3/06, Francisco Reyes wrote: > pete wright writes: > > > we run our mail cluster off a san type architecture...two shelves of > > fiber chan. storage hung off the mail cluster. it removes the NFS > > bottleneck...granted it is kinda pricy though. > > So the machines see the device as if it was a disk? exactly > How is concurrency handled? > not sure, i'll have to ask the guy's to see what they say :) i assume the clustering is simple failover redundancy.... -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From jhlists Wed Jan 4 01:02:32 2006 From: jhlists (jh) Date: Wed, 04 Jan 2006 01:02:32 -0500 Subject: [nycbug-talk] Unmanaged Switch, SNMP traffic data? In-Reply-To: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> References: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> Message-ID: <43BB64F8.4000606@hirschman.net> Isaac Levy wrote: > Hey All, > > I'm looking for the following: > 24 port Gigabit Switches > Unmanaged (though I want passive SNMP data so I can collect aggregate > traffic usage?) > > Am I wishing for a product that doesn't exist? You might want to look at the Netgear GS724T. > -- > I don't want to get into the layer2 and layer3 switches for a number of > reasons, cost, complexity, more manageable stuff secure, and yet > another device to plug a wire into... > It isn't a true smart switch, but it does have SNMP and some other smart-switch-alike features - it supports jumbo frames, bonding, Qos, VLANs, etc. It has a very easy web interface. Mine cost something like ~$350, and very well worth it IMO. I can attest to the jumbo frames and bonding support - we're using both to very good effect for some ghetto, relatively high-throughput NFS stuff - but haven't tried the SNMP myself. jh From lists Wed Jan 4 14:50:17 2006 From: lists (Francisco Reyes) Date: Wed, 04 Jan 2006 14:50:17 -0500 Subject: [nycbug-talk] 2x 3Ware Escalade 9500S-4LP SATA References: <0IRV00MIQ348JCXG@mta7.srv.hcvlny.cv.net> <5E8A00E1-6618-466E-B733-0ABAFE275B62@lesmuug.org> <2F3DAEE6-4005-402E-9F4F-4760B98B4986@lesmuug.org> <931E78FC-4883-4C5C-9D19-9FB26F7F5BB6@lesmuug.org> <757A002E-A295-47C4-846D-6616D8C69362@lesmuug.org> <85ECDAF6-8401-4F3B-86E8-1F8C17B39855@lesmuug.org> Message-ID: Isaac Levy writes: > So it looks like it's n APIC issue, (GIANT_LOCKED). I just > recompiled the kernel without APIC support, and viola, it works- > albiet without SMP. Why not try SMP enabled and APIC disabled. From ike Wed Jan 4 18:50:36 2006 From: ike (Isaac Levy) Date: Wed, 4 Jan 2006 18:50:36 -0500 Subject: [nycbug-talk] Notes from Trish's Talk: Message-ID: <882E1805-9B1C-44A9-B6A8-80FC7A60AD4A@lesmuug.org> Hi All, Trish gave a great lecture with lots of great tuning information, especially regarding Java on FreeBSD. With that, there were *tons* of configuration options posted on- screen, so many, that nobody could remember what they do. With that, I looked up some answers while the iron was hot: There were some tuning/sysctl questions, I think this answers a lot of them: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ configtuning-kernel-limits.html """ 11.13.2.2 TCP Bandwidth Delay Product The TCP Bandwidth Delay Product Limiting is similar to TCP/Vegas in NetBSD. It can be enabled by setting net.inet.tcp.inflight.enable sysctl variable to 1. The system will attempt to calculate the bandwidth delay product for each connection and limit the amount of data queued to the network to just the amount required to maintain optimum throughput. This feature is useful if you are serving data over modems, Gigabit Ethernet, or even high speed WAN links (or any other link with a high bandwidth delay product), especially if you are also using window scaling or have configured a large send window. If you enable this option, you should also be sure to set net.inet.tcp.inflight.debug to 0 (disable debugging), and for production use setting net.inet.tcp.inflight.min to at least 6144 may be beneficial. However, note that setting high minimums may effectively disable bandwidth limiting depending on the link. The limiting feature reduces the amount of data built up in intermediate route and switch packet queues as well as reduces the amount of data built up in the local host's interface queue. With fewer packets queued up, interactive connections, especially over slow modems, will also be able to operate with lower Round Trip Times. However, note that this feature only effects data transmission (uploading / server side). It has no effect on data reception (downloading). """ All of that makes sense, since PalTalk and Trish are sitting on multiple Gigabit pipes to the net... -- Other stuff would be related to building a custom, tuned kernel: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ kernelconfig-config.html Most, if not all, of the kernel makefile options Trish showed are explained on this page. -- Rocket- .ike From nikolai.fetissov Wed Jan 4 22:59:30 2006 From: nikolai.fetissov (Nikolai N. Fetissov) Date: Wed, 4 Jan 2006 22:59:30 -0500 (EST) Subject: [nycbug-talk] January meeting audio (Trish Lynch: Java on FreeBSD) Message-ID: <3358.69.119.149.0.1136433570.squirrel@www.geekisp.com> Hi folks, Just uploaded the mp3 to http://www.peachisland.com/nycbug/ -- nikolai From trish Thu Jan 5 08:51:57 2006 From: trish (Trish Lynch) Date: Thu, 5 Jan 2006 08:51:57 -0500 (EST) Subject: [nycbug-talk] January meeting audio (Trish Lynch: Java on FreeBSD) In-Reply-To: <3358.69.119.149.0.1136433570.squirrel@www.geekisp.com> References: <3358.69.119.149.0.1136433570.squirrel@www.geekisp.com> Message-ID: <20060105085143.V887@daemon.bsdunix.net> On Wed, 4 Jan 2006, Nikolai N. Fetissov wrote: > Hi folks, > Just uploaded the mp3 to http://www.peachisland.com/nycbug/ > -- > nikolai This scares me *laugh* -Trish -- Trish Lynch trish at bsdunix.net Ecartis Core Team trish at listmistress.org Key fingerprint = 781D 2B47 AA4B FC88 B919 0CD6 26B2 1D62 6FC1 FF16 From trish Thu Jan 5 09:08:07 2006 From: trish (Trish Lynch) Date: Thu, 5 Jan 2006 09:08:07 -0500 (EST) Subject: [nycbug-talk] Notes from Trish's Talk: In-Reply-To: <882E1805-9B1C-44A9-B6A8-80FC7A60AD4A@lesmuug.org> References: <882E1805-9B1C-44A9-B6A8-80FC7A60AD4A@lesmuug.org> Message-ID: <20060105090039.F887@daemon.bsdunix.net> On Wed, 4 Jan 2006, Isaac Levy wrote: > Hi All, > > Trish gave a great lecture with lots of great tuning information, especially > regarding Java on FreeBSD. > > With that, there were *tons* of configuration options posted on-screen, so > many, that nobody could remember what they do. With that, I looked up some > answers while the iron was hot: > > There were some tuning/sysctl questions, I think this answers a lot of them: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ > configtuning-kernel-limits.html > > > Most, if not all, of the kernel makefile options Trish showed are explained > on this page. > > -- > Rocket- > .ike > > The Powerpoint doc converted to HTML is at http://lynch-family.org/Java_on_FreeBSD.zip This comtains all the info that was in the presentation last night. (plus a little bit about the situation we use it in, specific to Paltalk) Remember, all of this was tuned to maximum tcp throughput in the sitations we were using FreeBSD in, not specific to Java, but its an example of the "tuning to the application, before blaming java for issues" mentaility I outlined. -Trish -- Trish Lynch trish at bsdunix.net Ecartis Core Team trish at listmistress.org Key fingerprint = 781D 2B47 AA4B FC88 B919 0CD6 26B2 1D62 6FC1 FF16 From ike Thu Jan 5 09:28:18 2006 From: ike (Isaac Levy) Date: Thu, 5 Jan 2006 09:28:18 -0500 Subject: [nycbug-talk] Notes from Trish's Talk: In-Reply-To: <882E1805-9B1C-44A9-B6A8-80FC7A60AD4A@lesmuug.org> References: <882E1805-9B1C-44A9-B6A8-80FC7A60AD4A@lesmuug.org> Message-ID: <951021D5-D2AE-475E-8694-6B364123282F@lesmuug.org> Hey Trish, On Jan 4, 2006, at 6:50 PM, Isaac Levy wrote: > Trish gave a great lecture with lots of great tuning information, > especially regarding Java on FreeBSD. Thanks again for speaking! With all the work you put into tuning, you made it all look easy ;) Below, for the searchable record on-list, I've extracted the sysctl variables and Kernel Config settings from your lecture notes: -- sysctl.conf http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ configtuning-kernel-limits.html kern.ipc.shm_use_phys=1 net.inet.tcp.sendspace=65536 net.inet.tcp.recvspace=65536 net.inet.tcp.always_keepalive=1 net.inet.tcp.delayed_ack=1 net.inet.tcp.inflight.enable=1 net.inet.tcp.inflight.debug=0 net.inet.tcp.inflight.min=6144 net.inet.tcp.drop_synfin=1 kern.ipc.somaxconn=2048 kern.maxfiles=49312 kern.maxfilesperproc=44380 kern.polling.enable=1 -- Kernel Config http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ kernelconfig-config.html options SCHED_ULE # ULE scheduler #options SCHED_4BSD # 4BSD scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories options MD_ROOT # MD is a potential root device options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server options NFS_ROOT # NFS usable as /, requires NFSCLIENT options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS # Pseudo-filesystem framework options GEOM_GPT # GUID Partition Tables. options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] options COMPAT_FREEBSD4 # Compatible with FreeBSD4 options COMPAT_FREEBSD5 # Compatible with FreeBSD5 options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real- time extensions options KBD_INSTALL_CDEV # install a CDEV entry in /dev options AHC_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~128k to driver. options AHD_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~215k to driver. options ADAPTIVE_GIANT # Giant mutex is adaptive. #device options options DEVICE_POLLING options HZ=1000 -- Rocket- .ike From george Thu Jan 5 11:23:31 2006 From: george (George R.) Date: Thu, 05 Jan 2006 11:23:31 -0500 Subject: [nycbug-talk] admin issue: cross-posting announce & talk Message-ID: <43BD4803.6080805@sddi.net> As an FYI, we do NOT cross-post announce and talk messages. In other words, if you are just on the talk list, you do not get meeting reminders, etc. So, if you need to . . . lists.nycbug.org George From nomadlogic Thu Jan 5 11:39:25 2006 From: nomadlogic (pete wright) Date: Thu, 5 Jan 2006 08:39:25 -0800 Subject: [nycbug-talk] Notes from Trish's Talk: In-Reply-To: <20060105090039.F887@daemon.bsdunix.net> References: <882E1805-9B1C-44A9-B6A8-80FC7A60AD4A@lesmuug.org> <20060105090039.F887@daemon.bsdunix.net> Message-ID: <57d710000601050839rf07ffeaxad253dcf319b87c@mail.gmail.com> On 1/5/06, Trish Lynch wrote: > On Wed, 4 Jan 2006, Isaac Levy wrote: > > > Hi All, > > > > Trish gave a great lecture with lots of great tuning information, especially > > regarding Java on FreeBSD. > > > > With that, there were *tons* of configuration options posted on-screen, so > > many, that nobody could remember what they do. With that, I looked up some > > answers while the iron was hot: > > > > There were some tuning/sysctl questions, I think this answers a lot of them: > > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ > > configtuning-kernel-limits.html > > > > > > Most, if not all, of the kernel makefile options Trish showed are explained > > on this page. > > > > -- > > Rocket- > > .ike > > > > > > The Powerpoint doc converted to HTML is at > http://lynch-family.org/Java_on_FreeBSD.zip > > > This comtains all the info that was in the presentation last night. > > (plus a little bit about the situation we use it in, specific to Paltalk) > > Remember, all of this was tuned to maximum tcp throughput in the sitations > we were using FreeBSD in, not specific to Java, but its an example of the > "tuning to the application, before blaming java for issues" mentaility I > outlined. > > -Trish > Yet another lecture I am very sad to have missed :( I will have to listen to the audio later today when I have a sec. Just curious (as I am admining alot of tomcat servers ATM sadly on Linux though) was this lecture heavily FreeBSD specific or did you cover concepts that I can apply here my penguin environment. I obviously know the kernel tunables etc. will not port easily.... -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From ike Thu Jan 5 11:51:11 2006 From: ike (Isaac Levy) Date: Thu, 5 Jan 2006 11:51:11 -0500 Subject: [nycbug-talk] Notes from Trish's Talk: In-Reply-To: <57d710000601050839rf07ffeaxad253dcf319b87c@mail.gmail.com> References: <882E1805-9B1C-44A9-B6A8-80FC7A60AD4A@lesmuug.org> <20060105090039.F887@daemon.bsdunix.net> <57d710000601050839rf07ffeaxad253dcf319b87c@mail.gmail.com> Message-ID: <50AE53AE-3999-423A-85A5-09C4F63036DC@lesmuug.org> Hi Pete, On Jan 5, 2006, at 11:39 AM, pete wright wrote: > Yet another lecture I am very sad to have missed :( I will have to > listen to the audio later today when I have a sec. Just curious (as I > am admining alot of tomcat servers ATM sadly on Linux though) was this > lecture heavily FreeBSD specific or did you cover concepts that I can > apply here my penguin environment. I obviously know the kernel > tunables etc. will not port easily... Basically, I don't think much of the lecture would Apply, unless you are thinking of replacing the Penguin boxes with FreeBSD, and Trish gave a few reasons for doing so: - FreeBSD showed notably better performance for Java applications over Windows and Linux platofrms, (over 40% performance increase for some specific network apps) - More configurable system to adapt to the Java applications, (i.e., tuning to disable system-level threading, to increase performance for older apps using Java 'green' threads) - Heavy-hitting network security made simple - Less system maintenance over time (ports, ports, ports) That's what I got, there's bound to be much more gleaned from listening to the audio. Rocket- .ike From ike Thu Jan 5 11:52:00 2006 From: ike (Isaac Levy) Date: Thu, 5 Jan 2006 11:52:00 -0500 Subject: [nycbug-talk] January meeting audio (Trish Lynch: Java on FreeBSD) In-Reply-To: <3358.69.119.149.0.1136433570.squirrel@www.geekisp.com> References: <3358.69.119.149.0.1136433570.squirrel@www.geekisp.com> Message-ID: <0121FAB0-728A-4770-BEE3-97DDA3B5B87A@lesmuug.org> Hi Nikolai, On Jan 4, 2006, at 10:59 PM, Nikolai N. Fetissov wrote: > Hi folks, > Just uploaded the mp3 to http://www.peachisland.com/nycbug/ > -- > nikolai > ___________________ As usual, thanks for recording the meeting! NYC*BUG should knight you or something. Rocket- .ike From trish Thu Jan 5 11:56:04 2006 From: trish (Trish Lynch) Date: Thu, 5 Jan 2006 11:56:04 -0500 (EST) Subject: [nycbug-talk] Notes from Trish's Talk: In-Reply-To: <57d710000601050839rf07ffeaxad253dcf319b87c@mail.gmail.com> References: <882E1805-9B1C-44A9-B6A8-80FC7A60AD4A@lesmuug.org> <20060105090039.F887@daemon.bsdunix.net> <57d710000601050839rf07ffeaxad253dcf319b87c@mail.gmail.com> Message-ID: <20060105115535.J887@daemon.bsdunix.net> On Thu, 5 Jan 2006, pete wright wrote: > > Yet another lecture I am very sad to have missed :( I will have to > listen to the audio later today when I have a sec. Just curious (as I > am admining alot of tomcat servers ATM sadly on Linux though) was this > lecture heavily FreeBSD specific or did you cover concepts that I can > apply here my penguin environment. I obviously know the kernel > tunables etc. will not port easily.... > > > -p > Very BSD specific.... though some of the tenets can be applied anywhere.... (troubleshooting) -Trish -- Trish Lynch trish at bsdunix.net Ecartis Core Team trish at listmistress.org Key fingerprint = 781D 2B47 AA4B FC88 B919 0CD6 26B2 1D62 6FC1 FF16 From nomadlogic Thu Jan 5 12:06:31 2006 From: nomadlogic (pete wright) Date: Thu, 5 Jan 2006 09:06:31 -0800 Subject: [nycbug-talk] Notes from Trish's Talk: In-Reply-To: <20060105115535.J887@daemon.bsdunix.net> References: <882E1805-9B1C-44A9-B6A8-80FC7A60AD4A@lesmuug.org> <20060105090039.F887@daemon.bsdunix.net> <57d710000601050839rf07ffeaxad253dcf319b87c@mail.gmail.com> <20060105115535.J887@daemon.bsdunix.net> Message-ID: <57d710000601050906v4a0e0225hcbbeec0aa34e2f62@mail.gmail.com> On 1/5/06, Trish Lynch wrote: > On Thu, 5 Jan 2006, pete wright wrote: > > > > > Yet another lecture I am very sad to have missed :( I will have to > > listen to the audio later today when I have a sec. Just curious (as I > > am admining alot of tomcat servers ATM sadly on Linux though) was this > > lecture heavily FreeBSD specific or did you cover concepts that I can > > apply here my penguin environment. I obviously know the kernel > > tunables etc. will not port easily.... > > > > > > -p > > > > > Very BSD specific.... though some of the tenets can be applied > anywhere.... > > (troubleshooting) ahh...well it sounds like a must read...er listen to topic :) regarding Ike's comments, moving site away from linux is in the plans...slowly but surely ;) -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From george Thu Jan 5 18:25:45 2006 From: george (George Georgalis) Date: Thu, 5 Jan 2006 18:25:45 -0500 Subject: [nycbug-talk] temp sensors Message-ID: <20060105232545.GA8406@sta.duo> This has come up before, but of the many many devices available. I only have one recommendation. Are you monitoring temperature in your datacenter? What hardware are you using? I want to get something in place, to see what the trends are, then configure a system to shutdown the computers if temp gets too high. // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From alex Thu Jan 5 19:35:27 2006 From: alex (alex at pilosoft.com) Date: Thu, 5 Jan 2006 19:35:27 -0500 (EST) Subject: [nycbug-talk] temp sensors In-Reply-To: <20060105232545.GA8406@sta.duo> Message-ID: On Thu, 5 Jan 2006, George Georgalis wrote: > This has come up before, but of the many many devices available. I only > have one recommendation. > > Are you monitoring temperature in your datacenter? What hardware are you > using? > > I want to get something in place, to see what the trends are, then > configure a system to shutdown the computers if temp gets too high. http://www.ibuttonlink.com/Sensors.htm Snaku thingy the way to roll -alex From george Thu Jan 5 19:09:00 2006 From: george (George Georgalis) Date: Thu, 5 Jan 2006 19:09:00 -0500 Subject: [nycbug-talk] temp sensors In-Reply-To: References: <20060105232545.GA8406@sta.duo> Message-ID: <20060106000900.GA31790@sta.duo> On Thu, Jan 05, 2006 at 07:35:27PM -0500, alex at pilosoft.com wrote: >On Thu, 5 Jan 2006, George Georgalis wrote: > >> This has come up before, but of the many many devices available. I only >> have one recommendation. >> >> Are you monitoring temperature in your datacenter? What hardware are you >> using? >> >> I want to get something in place, to see what the trends are, then >> configure a system to shutdown the computers if temp gets too high. >http://www.ibuttonlink.com/Sensors.htm > >Snaku thingy Thanks. but my datacenter is not as big as yours... since we don't eactly know what we need I think we will go with a MS-T Multisensor Temperature Sensor $ 19.00 (10% cost of a 100ft 24 sensor Snaku) and see how that goes, then spec out a more perminant system. another vendor... http://www.thermodata.com.au/OneWire.htm // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From fungus Thu Jan 5 19:29:01 2006 From: fungus (Lonnie Olson) Date: Thu, 05 Jan 2006 17:29:01 -0700 Subject: [nycbug-talk] temp sensors In-Reply-To: <20060105232545.GA8406@sta.duo> References: <20060105232545.GA8406@sta.duo> Message-ID: <43BDB9CD.9070404@aros.net> George Georgalis wrote: > This has come up before, but of the many many devices available. I > only have one recommendation. > > Are you monitoring temperature in your datacenter? What hardware > are you using? > > I want to get something in place, to see what the trends are, then > configure a system to shutdown the computers if temp gets too > high. Our TempTrax Model E has done very well for us. http://www.weathershop.com/temptrax-E.htm --lonnie -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3408 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.nycbug.org/pipermail/talk/attachments/20060105/0935176f/attachment.bin From nikolai.fetissov Thu Jan 5 23:21:05 2006 From: nikolai.fetissov (Nikolai N. Fetissov) Date: Thu, 05 Jan 2006 23:21:05 -0500 Subject: [nycbug-talk] January meeting audio (Trish Lynch: Java on FreeBSD) In-Reply-To: <3358.69.119.149.0.1136433570.squirrel@www.geekisp.com> References: <3358.69.119.149.0.1136433570.squirrel@www.geekisp.com> Message-ID: <43BDF031.2000108@peachisland.com> And now we have an early beta of a podcast thanks to J. Katagawa: http://www.peachisland.com/nycbug/audio.atom Let me know if you hit any issues with this since it hasn't been really tested (iTunes only so far) and I'm just starting to learn all the podcasting stuff. On a related note a question about ShmooCon. Since I'll be there :) I might as well tape the presentations. Anybody has an idea if that's ok with organizers/speakers? Anybody knows who to ask? cheers -- nickf From ike Fri Jan 6 00:12:08 2006 From: ike (Isaac Levy) Date: Fri, 6 Jan 2006 00:12:08 -0500 Subject: [nycbug-talk] temp sensors In-Reply-To: <20060106000900.GA31790@sta.duo> References: <20060105232545.GA8406@sta.duo> <20060106000900.GA31790@sta.duo> Message-ID: Yo George, On Jan 5, 2006, at 7:09 PM, George Georgalis wrote: > I think we will go with a MS-T > Multisensor Temperature Sensor $ 19.00 Ohhh- tell me how it goes if you get these little cheapies- that's *exactly* what I've been looking for, I need to monitor a bunch of little spots for temp. only... Rocket- .ike From nycbug Fri Jan 6 09:42:06 2006 From: nycbug (Ray Lai) Date: Fri, 6 Jan 2006 09:42:06 -0500 Subject: [nycbug-talk] January meeting audio (Trish Lynch: Java on FreeBSD) In-Reply-To: <43BDF031.2000108@peachisland.com> References: <3358.69.119.149.0.1136433570.squirrel@www.geekisp.com> <43BDF031.2000108@peachisland.com> Message-ID: <20060106144206.GB13863@syntax.cyth.net> On Thu, Jan 05, 2006 at 11:21:05PM -0500, Nikolai N. Fetissov wrote: > On a related note a question about ShmooCon. > Since I'll be there :) I might as well tape the presentations. > Anybody has an idea if that's ok with organizers/speakers? > Anybody knows who to ask? I remember cameras being banned last year. -Ray- From tux Fri Jan 6 13:51:31 2006 From: tux (Kevin Reiter) Date: Fri, 06 Jan 2006 13:51:31 -0500 Subject: [nycbug-talk] January meeting audio (Trish Lynch: Java on FreeBSD) In-Reply-To: <20060106144206.GB13863@syntax.cyth.net> References: <3358.69.119.149.0.1136433570.squirrel@www.geekisp.com> <43BDF031.2000108@peachisland.com> <20060106144206.GB13863@syntax.cyth.net> Message-ID: <43BEBC33.1030109@penguinnetwerx.net> Ray Lai wrote: > On Thu, Jan 05, 2006 at 11:21:05PM -0500, Nikolai N. Fetissov wrote: > >>On a related note a question about ShmooCon. >>Since I'll be there :) I might as well tape the presentations. >>Anybody has an idea if that's ok with organizers/speakers? >>Anybody knows who to ask? > > > I remember cameras being banned last year. They were? I never got the memo, and I remember pics being taken in more than a few of the sessions.. From ike Mon Jan 9 15:03:45 2006 From: ike (Isaac Levy) Date: Mon, 9 Jan 2006 15:03:45 -0500 Subject: [nycbug-talk] mdconfig file backed disks Message-ID: Hey Mike, All, I just wanted to give a shout out to list, to see if anyone else had seen noticable slowdowns using file backed disks on FreeBSD (Disk Images). A primer on File and Memory backed disks can be found here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks- virtual.html (it's more or less what I'm going from for my disks). Writes seem about twice as slow as they are from straight disk (yuck). -- As an aside, when speaking to Mike about this long ago, he noted that non SMP machines didn't have the same level of performance hit, but I'm wondering by how much? (I'm also wondering if this wasn't improved greatly with the last CURRENT, in mid-December). Just wondering if anyone else had experiences tuning File-Backed disks here. Rocket- .ike Using the utility Bonnie, I got the following output: http://www.textuality.com/bonnie/advice.html An SATA RAID5 volume: -------Sequential Output-------- ---Sequential Input-- --Random-- -Per Char- --Block--- -Rewrite-- -Per Char- --Block--- --Seeks--- Machine MB K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU K/sec % CPU /sec %CPU adaptecR 100 13971 11.4 10194 2.0 17029 2.1 116317 99.8 2509557 99.9 91114.1 98.9 A file-backed disk which resides on the above SATA volume: -------Sequential Output-------- ---Sequential Input-- --Random-- -Per Char- --Block--- -Rewrite-- -Per Char- --Block--- --Seeks--- Machine MB K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU K/sec % CPU /sec %CPU fileDisk 100 4888 3.9 4864 0.8 5807 1.1 109823 99.6 2497500 99.7 90007.0 98.8 Note: Output seems 2-3 times slower with the file backed virtual disks... From ike Mon Jan 9 15:34:16 2006 From: ike (Isaac Levy) Date: Mon, 9 Jan 2006 15:34:16 -0500 Subject: offlist: [nycbug-talk] Unmanaged Switch, SNMP traffic data? In-Reply-To: <43BB64F8.4000606@hirschman.net> References: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> <43BB64F8.4000606@hirschman.net> Message-ID: <1B1CAAB0-86B9-4C14-87FF-645ABB0EEDDD@lesmuug.org> offlist- (I figure less noise for a boring topic) On Jan 4, 2006, at 1:02 AM, jh wrote: > Isaac Levy wrote: >> Hey All, >> I'm looking for the following: >> 24 port Gigabit Switches >> Unmanaged (though I want passive SNMP data so I can collect >> aggregate traffic usage?) >> Am I wishing for a product that doesn't exist? > > You might want to look at the Netgear GS724T. > >> -- >> I don't want to get into the layer2 and layer3 switches for a >> number of reasons, cost, complexity, more manageable stuff >> secure, and yet another device to plug a wire into... >> > It isn't a true smart switch, but it does have SNMP and some other > smart-switch-alike features - it supports jumbo frames, bonding, > Qos, VLANs, etc. It has a very easy web interface. Mine cost > something like ~$350, and very well worth it IMO. I can attest to > the jumbo frames and bonding support - we're using both to very > good effect for some ghetto, relatively high-throughput NFS stuff - > but haven't tried the SNMP myself. > > jh Do you know off anywhere I can see a demo of the web interface? I'm serioulsly considering 3 of these switches, but can't waste any time with something I may have to return for some reason or another... I looked all over the Netgear site, but no-go there... Rocket- .ike From ike Mon Jan 9 15:35:44 2006 From: ike (Isaac Levy) Date: Mon, 9 Jan 2006 15:35:44 -0500 Subject: offlist: [nycbug-talk] Unmanaged Switch, SNMP traffic data? In-Reply-To: <1B1CAAB0-86B9-4C14-87FF-645ABB0EEDDD@lesmuug.org> References: <179CFCFC-F28A-48F2-9584-E89196869BA0@lesmuug.org> <43BB64F8.4000606@hirschman.net> <1B1CAAB0-86B9-4C14-87FF-645ABB0EEDDD@lesmuug.org> Message-ID: On Jan 9, 2006, at 3:34 PM, Isaac Levy wrote: > offlist- (I figure less noise for a boring topic) Reply-All is muscle memory- sorry :) Rocket- .ike From spork Mon Jan 9 19:17:36 2006 From: spork (Charles Sprickman) Date: Mon, 9 Jan 2006 19:17:36 -0500 (EST) Subject: [nycbug-talk] nullfs, jails and quotas Message-ID: Here's a quick tip: Don't try using nullfs to mount /usr/ports (or anything else) into a jail and then enable quotas on the jail's partition. Really bad juju there. This is on 6-stable. On running quotacheck after killing off all jails, that process was hung, and anything else that touched that partition went into a "disk wait" state that was unkillable. Running a shutdown just left the machine hanging in a not-quite-dead state. It seems like the kernel will block forever on any processes waiting for that partition. A reboot alone did not clear it, the background fsck also hung. Just a friendly warning for anyone doing that kind of tinkering remotely - always unmount your nullfs mounts before screwing with quotas... Charles From nycbug Mon Jan 9 20:01:56 2006 From: nycbug (Ray Lai) Date: Mon, 9 Jan 2006 20:01:56 -0500 Subject: [nycbug-talk] nullfs, jails and quotas In-Reply-To: References: Message-ID: <20060110010156.GG31580@syntax.cyth.net> On Mon, Jan 09, 2006 at 07:17:36PM -0500, Charles Sprickman wrote: > Here's a quick tip: > > Don't try using nullfs to mount /usr/ports (or anything else) into a jail > and then enable quotas on the jail's partition. Really bad juju there. > > This is on 6-stable. On running quotacheck after killing off all jails, > that process was hung, and anything else that touched that partition went > into a "disk wait" state that was unkillable. Running a shutdown just > left the machine hanging in a not-quite-dead state. It seems like the > kernel will block forever on any processes waiting for that partition. A > reboot alone did not clear it, the background fsck also hung. > > Just a friendly warning for anyone doing that kind of tinkering remotely - > always unmount your nullfs mounts before screwing with quotas... I hear very bad things about nullfs in general. -Ray- From spork Mon Jan 9 22:18:55 2006 From: spork (Charles Sprickman) Date: Mon, 9 Jan 2006 22:18:55 -0500 (EST) Subject: [nycbug-talk] 6.0 jails and quotas Message-ID: Hi all, I'm trying to wrap my head around getting functioning quotas in a jail and I've got most of it figured out. There's very little information on this out there (that I could find) and nothing in the Handbook or in the associated manpages. My current plan is this: -jails all live on one partition since it's not practical for me to have a partition for each jail. I don't have an inkling as to how much each of these will grow over time. -I will allocate unique uids for each jail. ie: host uses 1000-2000 for any user accounts, jail1 uses 2001-20000, jail2 20001-30000, etc. This allows the host to manipulate quotas with edquota and for each user systemwide to have a totally unique id. The above works - I can do "edquota -u 2001" on the host and that user is not able to go over the alloted quota. From the host, I am able to do "quota -u 2001" and see current usage. However, once I enter the jail environment, the quota utility always reports no quota in effect and no usage. Reading up a bit I found that a few things have to happen for the quota command to work: -there must be an entry in fstab *in the jail* with the userquota and or groupquota mount options set. Without this, the tools seem to be unaware that quotas are enabled. -additionally, a quota.user and quota.group file must exist in the root of the jail. That's where things get messy. The jail is not chrooted down to the root of the /jails partition, so no such file exists. This is where I'm stuck. I have hard-linked the file into the jails, and that kind of works: jail1# quota -u atestguy Disk quotas for user atestguy (uid 20000): Filesystem usage quota limit grace files quota limit grace / 20 1000 2000 10 0 0 Note that I'm root there... Now exit out of the root shell and try as an ordinary user: > quota quota: //quota.user: Permission denied Disk quotas for user atestguy (uid 20000): none Do something bad, like making the /jails/quota.user world-readable: > quota Disk quotas for user atestguy (uid 20000): Filesystem usage quota limit grace files quota limit grace / 20 1000 2000 10 0 0 What's really puzzling here is that both in the jail and on the host, the quota program is NOT setuid/setgid: root at newida[/jails/jail1]# ls -l `which quota` -r-xr-xr-x 1 root wheel 11092 Jan 4 22:40 /usr/bin/quota AND the quota file is NOT world-read, but the command does work for an ordinary user on the host: spork at ida[~]$ quota Disk quotas for user spork (uid 1001): none The only ugly and hackish thing I can come up with is to periodically rsync the /jails/quota.user file to /jails/jail1/ and then chmod it world-read. I'm not sure what info I'm really exposing there (users can read each other's quotas? Not a big concern). I'm also not handing over root in any of these jails, just trying to put a few services in seperate containers for a bit more safety and organization. Any ideas? jailing.net seems to have gone away, but I did look for it first. :) Thanks, Charles From spork Tue Jan 10 02:07:05 2006 From: spork (Charles Sprickman) Date: Tue, 10 Jan 2006 02:07:05 -0500 (EST) Subject: [nycbug-talk] Building FreeBSD packages without installing Message-ID: Hi all, I'm building a few hundred ports that will get shoved to another machine when done. I have no desire to actually have these ports installed on the build machine... Looking at the ports manpage and the handbook, this is not possible ("make package" and "make package-recursive" install then build the pkg from the installed files). I know OpenBSD handles this well, in fact they seem to default to building a package and THEN install that. Very nifty. Are there any tricks to emulate this behaviour in FreeBSD, like somehow installing into a dummy hierarchy? Thanks, Charles From mspitzer Tue Jan 10 10:18:15 2006 From: mspitzer (Marc Spitzer) Date: Tue, 10 Jan 2006 10:18:15 -0500 Subject: [nycbug-talk] Building FreeBSD packages without installing In-Reply-To: References: Message-ID: <8c50a3c30601100718j55d7478et3cec25cc0f30c488@mail.gmail.com> On 1/10/06, Charles Sprickman wrote: > Hi all, > > I'm building a few hundred ports that will get shoved to another machine > when done. I have no desire to actually have these ports installed on the > build machine... Looking at the ports manpage and the handbook, this is > not possible ("make package" and "make package-recursive" install then > build the pkg from the installed files). > > I know OpenBSD handles this well, in fact they seem to default to building > a package and THEN install that. Very nifty. > > Are there any tricks to emulate this behaviour in FreeBSD, like somehow > installing into a dummy hierarchy? > > Thanks, > > Charles you could do it in a jail. marc > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From riegersteve Tue Jan 10 15:23:11 2006 From: riegersteve (Steve Rieger) Date: Tue, 10 Jan 2006 12:23:11 -0800 Subject: [nycbug-talk] source install, management and help Message-ID: <75551974-0F0E-4FCF-90FB-A3648DBF05C9@gmail.com> hi all. i am in the need to install the same source packages, (i dont like prebuilt binaries, and there are way to many differences than the standard port system) on about 14 servers, is there any tool that you know of that will allow me to save my configure, make and other options, either as a wrapper or as a plain script. looking to pointers here. thanx -- Steve Rieger riegersteve at gmail.com 310-339-4355 Ride Free, Ride On, Ride Safe I had the blues because I had no shoes until upon the street, I met a man who had no feet. Biker Blue From lists Wed Jan 11 00:16:23 2006 From: lists (Francisco Reyes) Date: Wed, 11 Jan 2006 00:16:23 -0500 Subject: [nycbug-talk] source install, management and help References: <75551974-0F0E-4FCF-90FB-A3648DBF05C9@gmail.com> Message-ID: Steve Rieger writes: > i am in the need to install the same source packages, (i dont like > prebuilt binaries, and there are way to many differences than the > standard port system) on about 14 servers, is there any tool that you > know of that will allow me to save my configure, make and other > options, either as a wrapper or as a plain script. I try to stay away from source install, but I had to do the task.. I would do the following. Pick a "build system"... preferably a machine not in production.. and with nothing going on ... or a Jail. Do an mtree of the entire disk. Install. Do another metree and see where all the files went... That list can be used as part of your "uninstall". If all the machines are up to the same level.. or all have compatibility mode I you could possibly build the package on the lowest denominator (ie build on a 4.X machine... if using FreeBSD). Using the same list from the mtree exercise you could make a tar file to copy to the other machines.. including configuration files. Scripts will be primarily to configure files/components which change according to the machine. If you need to compile on each machine, the mtree file would still be usefull for when you need to delete an old compile. From jonathan Wed Jan 11 07:29:20 2006 From: jonathan (Jonathan) Date: Wed, 11 Jan 2006 15:29:20 +0300 Subject: [nycbug-talk] source install, management and help In-Reply-To: <75551974-0F0E-4FCF-90FB-A3648DBF05C9@gmail.com> References: <75551974-0F0E-4FCF-90FB-A3648DBF05C9@gmail.com> Message-ID: <43C4FA20.9060100@kc8onw.net> Steve Rieger wrote: > hi all. > > i am in the need to install the same source packages, (i dont like > prebuilt binaries, and there are way to many differences than the > standard port system) on about 14 servers, is there any tool that you > know of that will allow me to save my configure, make and other options, > either as a wrapper or as a plain script. > > looking to pointers here. If your running FreeBSD and are willing to do a little work you could create you own local ports. http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/ Jonathan From lists Wed Jan 11 08:52:21 2006 From: lists (michael) Date: Wed, 11 Jan 2006 08:52:21 -0500 Subject: [nycbug-talk] Microsoft wins FAT patent case Message-ID: <20060111085221.4ebd9100@wit.genoverly.home> Looks like we may loose FAT or pay a license. "The FAT file system, a common means of storing files, was originally developed for the DOS operating system, but has also been employed in Microsoft's Windows and on removable flash memory cards used in digital cameras and other devices. Some Linux- and Unix-related products also use the system to exchange data with Windows." http://news.com.com/Microsofts+file+system+patent+upheld/2100-1012_3-6025447.html?part=rss&tag=6025447&subj=news -- Michael From okan Wed Jan 11 09:23:51 2006 From: okan (Okan Demirmen) Date: Wed, 11 Jan 2006 09:23:51 -0500 Subject: [nycbug-talk] Microsoft wins FAT patent case In-Reply-To: <20060111085221.4ebd9100@wit.genoverly.home> References: <20060111085221.4ebd9100@wit.genoverly.home> Message-ID: <20060111142351.GC90517@yinaska.pair.com> On Wed 2006.01.11 at 08:52 -0500, michael wrote: > Looks like we may loose FAT or pay a license. > > "The FAT file system, a common means of storing files, was originally > developed for the DOS operating system, but has also been employed in > Microsoft's Windows and on removable flash memory cards used in digital > cameras and other devices. Some Linux- and Unix-related products also > use the system to exchange data with Windows." > > http://news.com.com/Microsofts+file+system+patent+upheld/2100-1012_3-6025447.html?part=rss&tag=6025447&subj=news You don't know the history of file systems. Tom Cruise does. From nycbug Wed Jan 11 09:49:18 2006 From: nycbug (Ray Lai) Date: Wed, 11 Jan 2006 09:49:18 -0500 Subject: [nycbug-talk] Microsoft wins FAT patent case In-Reply-To: <20060111142351.GC90517@yinaska.pair.com> References: <20060111085221.4ebd9100@wit.genoverly.home> <20060111142351.GC90517@yinaska.pair.com> Message-ID: <20060111144918.GA17134@syntax.cyth.net> On Wed, Jan 11, 2006 at 09:23:51AM -0500, Okan Demirmen wrote: > On Wed 2006.01.11 at 08:52 -0500, michael wrote: > > Looks like we may loose FAT or pay a license. > > > > "The FAT file system, a common means of storing files, was originally > > developed for the DOS operating system, but has also been employed in > > Microsoft's Windows and on removable flash memory cards used in digital > > cameras and other devices. Some Linux- and Unix-related products also > > use the system to exchange data with Windows." > > > > http://news.com.com/Microsofts+file+system+patent+upheld/2100-1012_3-6025447.html?part=rss&tag=6025447&subj=news > > You don't know the history of file systems. Tom Cruise does. I love nycbug. =) -Ray- From daggerquill Wed Jan 11 12:56:07 2006 From: daggerquill (Jay Savage) Date: Wed, 11 Jan 2006 12:56:07 -0500 Subject: [nycbug-talk] FreeBSD completely headless install? Message-ID: <4ce365ec0601110956p4e289b6ja5001e15d17e715a@mail.gmail.com> This may have been discussed before, but I couldn't find anything. I need to install FreeBSD 6. The computer I have available is currently running as a headless server (OBSD 3.6) and the monitor, keyboard, and anything else useful are instorage due to a recent move. I don't even have a null modem cable at the moment, which might simplify matters. My ideal here would be a live cd, or even floppy that booted with some generic drivers, grabbed an ip from dhcp, and started sshd from a known port with a known password so that I could start sysinstall from the command line. It's seems intuitive enough, but I haven't been able to find anything like it. Does anyone have a suggestion? Thanks, -- jay -------------------------------------------------- This email and attachment(s): [ ] blogable; [ x ] ask first; [ ] private and confidential daggerquill [at] gmail [dot] com http://www.tuaw.com http://www.dpguru.com http://www.engatiki.org values of ? will give rise to dom! From george Wed Jan 11 12:58:45 2006 From: george (George R.) Date: Wed, 11 Jan 2006 12:58:45 -0500 Subject: [nycbug-talk] FreeBSD completely headless install? In-Reply-To: <4ce365ec0601110956p4e289b6ja5001e15d17e715a@mail.gmail.com> References: <4ce365ec0601110956p4e289b6ja5001e15d17e715a@mail.gmail.com> Message-ID: <2C9D9FBE-9259-439E-91B8-7C915BA04F02@sddi.net> On Jan 11, 2006, at 12:56 PM, Jay Savage wrote: > This may have been discussed before, but I couldn't find anything. > > I need to install FreeBSD 6. The computer I have available is > currently running as a headless server (OBSD 3.6) and the monitor, > keyboard, and anything else useful are instorage due to a recent move. > I don't even have a null modem cable at the moment, which might > simplify matters. > > My ideal here would be a live cd, or even floppy that booted with some > generic drivers, grabbed an ip from dhcp, and started sshd from a > known port with a known password so that I could start sysinstall from > the command line. It's seems intuitive enough, but I haven't been able > to find anything like it. > > Does anyone have a suggestion? I may be wrong, but I believe that FreeSBIE would do this. . . maybe depending on your nic. g From daggerquill Wed Jan 11 13:17:55 2006 From: daggerquill (Jay Savage) Date: Wed, 11 Jan 2006 13:17:55 -0500 Subject: [nycbug-talk] FreeBSD completely headless install? In-Reply-To: <2C9D9FBE-9259-439E-91B8-7C915BA04F02@sddi.net> References: <4ce365ec0601110956p4e289b6ja5001e15d17e715a@mail.gmail.com> <2C9D9FBE-9259-439E-91B8-7C915BA04F02@sddi.net> Message-ID: <4ce365ec0601111017p4877efeg23d695108f4ba619@mail.gmail.com> I sort of suspected that, but I can't find any info on the freesbie site about what the default root password might be to ssh in with. I can see how to make it work from a custom image (I think) but if I had a waorking FreeBSD system to build FreeSBIE with, none of this would be an issue. Note to self: never pack the peripherals, even if it's only for a couple of months. Thanks, --jay On 1/11/06, George R. wrote: > > On Jan 11, 2006, at 12:56 PM, Jay Savage wrote: > > > This may have been discussed before, but I couldn't find anything. > > > > I need to install FreeBSD 6. The computer I have available is > > currently running as a headless server (OBSD 3.6) and the monitor, > > keyboard, and anything else useful are instorage due to a recent move. > > I don't even have a null modem cable at the moment, which might > > simplify matters. > > > > My ideal here would be a live cd, or even floppy that booted with some > > generic drivers, grabbed an ip from dhcp, and started sshd from a > > known port with a known password so that I could start sysinstall from > > the command line. It's seems intuitive enough, but I haven't been able > > to find anything like it. > > > > Does anyone have a suggestion? > > > I may be wrong, but I believe that FreeSBIE would do this. . . maybe > depending on your nic. > > g > -- -------------------------------------------------- This email and attachment(s): [ ] blogable; [ x ] ask first; [ ] private and confidential daggerquill [at] gmail [dot] com http://www.tuaw.com http://www.dpguru.com http://www.engatiki.org values of ? will give rise to dom! From dlavigne6 Wed Jan 11 13:37:25 2006 From: dlavigne6 (Dru) Date: Wed, 11 Jan 2006 13:37:25 -0500 (EST) Subject: [nycbug-talk] FreeBSD completely headless install? In-Reply-To: <4ce365ec0601110956p4e289b6ja5001e15d17e715a@mail.gmail.com> References: <4ce365ec0601110956p4e289b6ja5001e15d17e715a@mail.gmail.com> Message-ID: <20060111132622.C548@dru.domain.org> On Wed, 11 Jan 2006, Jay Savage wrote: > This may have been discussed before, but I couldn't find anything. >I need to install FreeBSD 6. The computer I have available is >currently running as a headless server (OBSD 3.6) and the monitor, >keyboard, and anything else useful are instorage due to a recent move. >I don't even have a null modem cable at the moment, which might >simplify matters. >My ideal here would be a live cd, or even floppy that booted with some >generic drivers, grabbed an ip from dhcp, and started sshd from a >known port with a known password so that I could start sysinstall from >the command line. It's seems intuitive enough, but I haven't been able >to find anything like it. >Does anyone have a suggestion? If you have a copy of BSD Hacks, #77 is a starter point on scripting sysinstall. If you don't: man sysinstall more /usr/src/usr/sbin/sysinstall/install.cfg You'll see that you can pretty well put in whatever is scriptable... If I had another system available, I would modify the script to my needs and test it on a system I could see. Once happy with the results, I would then use the script on the headless system. Have fun, Dru From driodeiros Wed Jan 11 14:00:38 2006 From: driodeiros (David Rio Deiros) Date: Wed, 11 Jan 2006 11:00:38 -0800 Subject: [nycbug-talk] porting a script from linux to freebsd Message-ID: <20060111190038.GB12652@milhouse.digitaria.com> Hi there, I am porting a linux script to freebsd. The script gathers kernel information (cpu, memory, I/O , etc...) using linux commands like sar and free. I have been able to find most of the "equivalents" commands in freebsd but I am sucked with some of them: 1. linux command (sar -u) - [ iowait ] The man pages tells me this about iowait: were idle during which the system had an outstanding disk I/O request. 2. linux command (sar -u) - [ cnice ] The man page says: Percentage of CPU utilization that occurred while executing at the user level with nice priority. 3. linux command (free) - [ buffers/cache ] -/+ buffers/cache: 300600 213052 The linux man isn't very precise on the explanation: free displays the total amount of free and used physical and swap mem- ory in the system, as well as the buffers used by the kernel It is my understanding that free is showing the amount of memory that the kernel has allocated for internal (kernel) use. 4. linux command (sar -P ALL) - [ %idle of all the CPUs ] I couldn't find a program in freebsd that shows me that. Thanks for your help in advance, David From dlavigne6 Wed Jan 11 14:15:48 2006 From: dlavigne6 (Dru) Date: Wed, 11 Jan 2006 14:15:48 -0500 (EST) Subject: [nycbug-talk] porting a script from linux to freebsd In-Reply-To: <20060111190038.GB12652@milhouse.digitaria.com> References: <20060111190038.GB12652@milhouse.digitaria.com> Message-ID: <20060111141357.D548@dru.domain.org> On Wed, 11 Jan 2006, David Rio Deiros wrote: > Hi there, > > I am porting a linux script to freebsd. The script gathers kernel > information (cpu, memory, I/O , etc...) using linux > commands like sar and free. > > I have been able to find most of the "equivalents" commands in freebsd > but I am sucked with some of them: > > 1. linux command (sar -u) - [ iowait ] > > The man pages tells me this about iowait: were idle during > which the system had an outstanding disk I/O request. > > 2. linux command (sar -u) - [ cnice ] > > The man page says: Percentage of CPU utilization that > occurred while executing at the user level with nice priority. > > 3. linux command (free) - [ buffers/cache ] > > -/+ buffers/cache: 300600 213052 > > The linux man isn't very precise on the explanation: > > free displays the total amount of free and used physical and swap mem- > ory in the system, as well as the buffers used by the kernel > > It is my understanding that free is showing the amount of memory > that the kernel has allocated for internal (kernel) use. > > 4. linux command (sar -P ALL) - [ %idle of all the CPUs ] > > I couldn't find a program in freebsd that shows me that. > > Thanks for your help in advance, I've never seen sar output but I think you should be able to get most of what you're looking for in iostat, systat, and vmstat. Read the 3 associated manpages as each command's output is very configurable, depending upon what you want to look at. Dru From driodeiros Wed Jan 11 14:25:56 2006 From: driodeiros (David Rio Deiros) Date: Wed, 11 Jan 2006 11:25:56 -0800 Subject: [nycbug-talk] porting a script from linux to freebsd In-Reply-To: <20060111141357.D548@dru.domain.org> References: <20060111190038.GB12652@milhouse.digitaria.com> <20060111141357.D548@dru.domain.org> Message-ID: <20060111192556.GA13202@milhouse.digitaria.com> On Wed, Jan 11, 2006 at 02:15:48PM -0500, Dru wrote: > On Wed, 11 Jan 2006, David Rio Deiros wrote: > > >Hi there, > > > >I am porting a linux script to freebsd. The script gathers kernel > >information (cpu, memory, I/O , etc...) using linux > >commands like sar and free. > I've never seen sar output but I think you should be able to get most > of what you're looking for in iostat, systat, and vmstat. Read the 3 > associated manpages as each command's output is very configurable, > depending upon what you want to look at. Thanks for you answer Dru. I am already using those commands to get *most* of the information I am looking for but I am still stucked with the ones I sent on my first email. Thanks, David From nomadlogic Wed Jan 11 14:57:03 2006 From: nomadlogic (pete wright) Date: Wed, 11 Jan 2006 11:57:03 -0800 Subject: [nycbug-talk] porting a script from linux to freebsd In-Reply-To: <20060111192556.GA13202@milhouse.digitaria.com> References: <20060111190038.GB12652@milhouse.digitaria.com> <20060111141357.D548@dru.domain.org> <20060111192556.GA13202@milhouse.digitaria.com> Message-ID: <57d710000601111157mf3900bep683858c8bbd4eee6@mail.gmail.com> On 1/11/06, David Rio Deiros wrote: > On Wed, Jan 11, 2006 at 02:15:48PM -0500, Dru wrote: > > On Wed, 11 Jan 2006, David Rio Deiros wrote: > > > > >Hi there, > > > > > >I am porting a linux script to freebsd. The script gathers kernel > > >information (cpu, memory, I/O , etc...) using linux > > >commands like sar and free. > > > I've never seen sar output but I think you should be able to get most > > of what you're looking for in iostat, systat, and vmstat. Read the 3 > > associated manpages as each command's output is very configurable, > > depending upon what you want to look at. > > Thanks for you answer Dru. > > I am already using those commands to get *most* of > the information I am looking for but I am still stucked with the ones > I sent on my first email. > there is a port of sar (which is not linux specific BTW I know it works on SCO for instance, so you may be able to compile the gnu sar utility): /net/sysutils/bsdsar although, I believe there are more elegant way's to collect this info than via sar on BSD (using iostat systat for example). The documentation is very good as well for these utilities. Regarding the "free" command, you can get this info via vmstat. Running it with no switches will show your the avail memory and free memory. Again, the doc for vmstat is very helpful. HTH -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From stucchi Thu Jan 12 04:43:49 2006 From: stucchi (Massimiliano Stucchi) Date: Thu, 12 Jan 2006 10:43:49 +0100 Subject: [nycbug-talk] FreeBSD completely headless install? In-Reply-To: <2C9D9FBE-9259-439E-91B8-7C915BA04F02@sddi.net> References: <4ce365ec0601110956p4e289b6ja5001e15d17e715a@mail.gmail.com> <2C9D9FBE-9259-439E-91B8-7C915BA04F02@sddi.net> Message-ID: <20060112094349.GY38528@willystudios.com> On 110106, 12:58, George R. wrote: > > On Jan 11, 2006, at 12:56 PM, Jay Savage wrote: > > >This may have been discussed before, but I couldn't find anything. > > > >I need to install FreeBSD 6. The computer I have available is > >currently running as a headless server (OBSD 3.6) and the monitor, > >keyboard, and anything else useful are instorage due to a recent move. > >I don't even have a null modem cable at the moment, which might > >simplify matters. > > > >My ideal here would be a live cd, or even floppy that booted with some > >generic drivers, grabbed an ip from dhcp, and started sshd from a > >known port with a known password so that I could start sysinstall from > >the command line. It's seems intuitive enough, but I haven't been able > >to find anything like it. > > > >Does anyone have a suggestion? > > > I may be wrong, but I believe that FreeSBIE would do this. . . maybe > depending on your nic. FreeSBIE autoconfigures every NIC it finds, and starts dhclient on that. SSHd starts at boot time, but we made a silly mistake in that there's only the freesbie user, which is passwordless... so login via ssh won't work. Another showstopper is the fact that you'll have to press enter a couple times to get to the prompt, due to the choice of the keyboard layout and of the type of system you want to get to (shell only, XFCE, Fluxbox), so FreeSBIE 1.1 is a no-no at this point. I really recommend giving a look at the FreeSBIE 2.0 toolkit, which we're working on at the moment. It lets you create a new ISO in 10 minutes, and it's really easy to work with. You can find it in our CVS repository. I'm sorry, but the FreeSBIE ISO was designed to be more user-friendly than being admin-friendly, as we thought admins could easily grab the toolkit and create their own. :) Ciao ! PS: I'm going to subscrbie to this list -- Massimiliano Stucchi WillyStudios.com stucchi at willystudios.com Http://www.willystudios.com/max/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.nycbug.org/pipermail/talk/attachments/20060112/ec5e9fef/attachment.bin From dan Thu Jan 12 09:21:53 2006 From: dan (Dan Langille) Date: Thu, 12 Jan 2006 09:21:53 -0500 Subject: [nycbug-talk] BSDCan 2006: Call For Papers - reminder Message-ID: <43C61FB1.5730.221737B9@dan.langille.org> Hello folks, I'm writing to remind you that the deadline for the Call For Papers is one week away. Please get your submissions in before that date. You don't want to miss out presenting at the biggest BSD event of the year. BSDCan 2006 will be held May 12-13, 2006, in Ottawa at University of Ottawa. We are now requesting proposals for papers. The papers should be written with a very strong technical content bias. Papers and proposals of a business development or marketing nature are not appropriate for this venue. The schedule is: 19 Dec 2005 Proposal acceptance begins 19 Jan 2006 Proposal acceptance ends 19 Feb 2006 Confirmation of accepted proposals 19 Mar 2006 Abstracts due 19 Apr 2006 Formatted final papers must arrive no later than this date Please submit all proposals to papers at bsdcan.org NOTE: This is the schedule for formal papers. We are also accepting submissions for for talks and presentations. If you have a proposal, please contact us on papers at bsdcan.org. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From daggerquill Thu Jan 12 11:17:19 2006 From: daggerquill (Jay Savage) Date: Thu, 12 Jan 2006 11:17:19 -0500 Subject: [nycbug-talk] FreeBSD completely headless install? In-Reply-To: <20060111132622.C548@dru.domain.org> References: <4ce365ec0601110956p4e289b6ja5001e15d17e715a@mail.gmail.com> <20060111132622.C548@dru.domain.org> Message-ID: <4ce365ec0601120817j6ff4e402v113b397a7d7ff871@mail.gmail.com> On 1/11/06, Dru wrote: > > > On Wed, 11 Jan 2006, Jay Savage wrote: > > > This may have been discussed before, but I couldn't find anything. > > >I need to install FreeBSD 6. The computer I have available is > >currently running as a headless server (OBSD 3.6) and the monitor, > >keyboard, and anything else useful are instorage due to a recent move. > >I don't even have a null modem cable at the moment, which might > >simplify matters. > > >My ideal here would be a live cd, or even floppy that booted with some > >generic drivers, grabbed an ip from dhcp, and started sshd from a > >known port with a known password so that I could start sysinstall from > >the command line. It's seems intuitive enough, but I haven't been able > >to find anything like it. > > >Does anyone have a suggestion? > > > If you have a copy of BSD Hacks, #77 is a starter point on scripting > sysinstall. If you don't: > > man sysinstall > more /usr/src/usr/sbin/sysinstall/install.cfg > > You'll see that you can pretty well put in whatever is scriptable... > > If I had another system available, I would modify the script to my needs > and test it on a system I could see. Once happy with the results, I would > then use the script on the headless system. > > Have fun, > > Dru > Dru, Thanks. I have a copy kicking around at home, I'll take a look. My problem, though is that I don't have access to a freebsd machine at the moment, or a viable test system. I have an Apple iBook running 10.4, a really beat up PIII Thinkpad running SuSE 9.1, and this headless machine I want to install on, currently running OpenBSD 3.6. Not an ideal setup, but I'm living in a very cramped apartment for a couple of months, and I put everything I didn't think I'd need (turns out I was wrong about the peripherals) into storage. I may end up loading fbsd on the Thinkpad and going from there with the sysinstall hacks and/or the freesbie toolkit. Thanks, -- jay -------------------------------------------------- This email and attachment(s): [ ] blogable; [ x ] ask first; [ ] private and confidential daggerquill [at] gmail [dot] com http://www.tuaw.com http://www.dpguru.com http://www.engatiki.org values of ? will give rise to dom! From mspitzer Thu Jan 12 14:01:04 2006 From: mspitzer (Marc Spitzer) Date: Thu, 12 Jan 2006 14:01:04 -0500 Subject: [nycbug-talk] Curious, where are you people? Message-ID: <8c50a3c30601121101g16a72190h96ba77bf16973b92@mail.gmail.com> hello all, Where are you people? I am curious. I know we have Canada, Califorina, New Jersy in addition to New York. I was just wondering where else this list went? marc -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From okan Thu Jan 12 14:03:23 2006 From: okan (Okan Demirmen) Date: Thu, 12 Jan 2006 14:03:23 -0500 Subject: [nycbug-talk] Curious, where are you people? In-Reply-To: <8c50a3c30601121101g16a72190h96ba77bf16973b92@mail.gmail.com> References: <8c50a3c30601121101g16a72190h96ba77bf16973b92@mail.gmail.com> Message-ID: <20060112190322.GC16357@yinaska.pair.com> On Thu 2006.01.12 at 14:01 -0500, Marc Spitzer wrote: > hello all, > > Where are you people? I am curious. I know we have Canada, > Califorina, New Jersy in addition to New York. I was just wondering > where else this list went? the border of "the south" - washington, dc From ike Thu Jan 12 14:09:58 2006 From: ike (Isaac Levy) Date: Thu, 12 Jan 2006 14:09:58 -0500 Subject: [nycbug-talk] nullfs, jails and quotas In-Reply-To: References: Message-ID: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> Hey Charles, All, Not a very timely response, but I feel I should weigh in on this issue. On Jan 9, 2006, at 7:17 PM, Charles Sprickman wrote: > Here's a quick tip: > > Don't try using nullfs to mount /usr/ports (or anything else) into > a jail and then enable quotas on the jail's partition. Really bad > juju there. > > This is on 6-stable. On running quotacheck after killing off all > jails, that process was hung, and anything else that touched that > partition went into a "disk wait" state that was unkillable. > Running a shutdown just left the machine hanging in a not-quite- > dead state. It seems like the kernel will block forever on any > processes waiting for that partition. A reboot alone did not clear > it, the background fsck also hung. > > Just a friendly warning for anyone doing that kind of tinkering > remotely - always unmount your nullfs mounts before screwing with > quotas... Nullfs is outright unsuported, as I've said during the course of several lectures on jail(8). The man page for mount_nullfs(8) states: BUGS THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T WORK) AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT YOUR OWN RISK. BEWARE OF DOG. SLIPPERY WHEN WET. This code also needs an owner in order to be less dangerous - serious hackers can apply by sending mail to and announcing their intent to take it over. Charles: I'm dreadfully empathetic if this cost you time and energy. Rocket- .ike From okan Thu Jan 12 14:14:22 2006 From: okan (Okan Demirmen) Date: Thu, 12 Jan 2006 14:14:22 -0500 Subject: [nycbug-talk] nullfs, jails and quotas In-Reply-To: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> References: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> Message-ID: <20060112191422.GD16357@yinaska.pair.com> On Thu 2006.01.12 at 14:09 -0500, Isaac Levy wrote: > Hey Charles, All, > > Not a very timely response, but I feel I should weigh in on this issue. > > On Jan 9, 2006, at 7:17 PM, Charles Sprickman wrote: > > >Here's a quick tip: > > > >Don't try using nullfs to mount /usr/ports (or anything else) into > >a jail and then enable quotas on the jail's partition. Really bad > >juju there. > > > >This is on 6-stable. On running quotacheck after killing off all > >jails, that process was hung, and anything else that touched that > >partition went into a "disk wait" state that was unkillable. > >Running a shutdown just left the machine hanging in a not-quite- > >dead state. It seems like the kernel will block forever on any > >processes waiting for that partition. A reboot alone did not clear > >it, the background fsck also hung. > > > >Just a friendly warning for anyone doing that kind of tinkering > >remotely - always unmount your nullfs mounts before screwing with > >quotas... > > Nullfs is outright unsuported, as I've said during the course of > several lectures on jail(8). The man page for mount_nullfs(8) states: > > > BUGS > THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT > DOESN'T WORK) > AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT > YOUR OWN > RISK. BEWARE OF DOG. SLIPPERY WHEN WET. > > This code also needs an owner in order to be less dangerous - > serious > hackers can apply by sending mail to and > announcing > their intent to take it over. > > > Charles: I'm dreadfully empathetic if this cost you time and energy. and as ray _almost_ eluded to a bit earlier, there's a reason why the layered filesystems were pulled from at least openbsd. From nycbug Thu Jan 12 14:19:28 2006 From: nycbug (Ray Lai) Date: Thu, 12 Jan 2006 14:19:28 -0500 Subject: [nycbug-talk] nullfs, jails and quotas In-Reply-To: <20060112191422.GD16357@yinaska.pair.com> References: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> <20060112191422.GD16357@yinaska.pair.com> Message-ID: <20060112191928.GA20407@syntax.cyth.net> On Thu, Jan 12, 2006 at 02:14:22PM -0500, Okan Demirmen wrote: > On Thu 2006.01.12 at 14:09 -0500, Isaac Levy wrote: > > Hey Charles, All, > > > > Not a very timely response, but I feel I should weigh in on this issue. > > > > On Jan 9, 2006, at 7:17 PM, Charles Sprickman wrote: > > > > >Here's a quick tip: > > > > > >Don't try using nullfs to mount /usr/ports (or anything else) into > > >a jail and then enable quotas on the jail's partition. Really bad > > >juju there. > > > > > >This is on 6-stable. On running quotacheck after killing off all > > >jails, that process was hung, and anything else that touched that > > >partition went into a "disk wait" state that was unkillable. > > >Running a shutdown just left the machine hanging in a not-quite- > > >dead state. It seems like the kernel will block forever on any > > >processes waiting for that partition. A reboot alone did not clear > > >it, the background fsck also hung. > > > > > >Just a friendly warning for anyone doing that kind of tinkering > > >remotely - always unmount your nullfs mounts before screwing with > > >quotas... > > > > Nullfs is outright unsuported, as I've said during the course of > > several lectures on jail(8). The man page for mount_nullfs(8) states: > > > > > > BUGS > > THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT > > DOESN'T WORK) > > AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT > > YOUR OWN > > RISK. BEWARE OF DOG. SLIPPERY WHEN WET. > > > > This code also needs an owner in order to be less dangerous - > > serious > > hackers can apply by sending mail to and > > announcing > > their intent to take it over. > > > > > > Charles: I'm dreadfully empathetic if this cost you time and energy. > > and as ray _almost_ eluded to a bit earlier, there's a reason why the > layered filesystems were pulled from at least openbsd. I should have been more explicit instead of assuming everyone was in the know. =) -Ray- From jonathan Thu Jan 12 14:30:38 2006 From: jonathan (Jonathan) Date: Thu, 12 Jan 2006 22:30:38 +0300 Subject: [nycbug-talk] Curious, where are you people? In-Reply-To: <8c50a3c30601121101g16a72190h96ba77bf16973b92@mail.gmail.com> References: <8c50a3c30601121101g16a72190h96ba77bf16973b92@mail.gmail.com> Message-ID: <43C6AE5E.4080602@kc8onw.net> Marc Spitzer wrote: > hello all, > > Where are you people? I am curious. I know we have Canada, > Califorina, New Jersy in addition to New York. I was just wondering > where else this list went? Iraq (for now) Jonathan From spork Thu Jan 12 17:23:52 2006 From: spork (Charles Sprickman) Date: Thu, 12 Jan 2006 17:23:52 -0500 (EST) Subject: [nycbug-talk] Curious, where are you people? In-Reply-To: <8c50a3c30601121101g16a72190h96ba77bf16973b92@mail.gmail.com> References: <8c50a3c30601121101g16a72190h96ba77bf16973b92@mail.gmail.com> Message-ID: On Thu, 12 Jan 2006, Marc Spitzer wrote: > hello all, > > Where are you people? I am curious. I know we have Canada, > Califorina, New Jersy in addition to New York. I was just wondering > where else this list went? OK, so who here knows the Google Maps API? :) C > marc > > -- > "We trained very hard, but it seemed that every time we were beginning to > form into teams we would be reorganized. I was to learn later in life that > we tend to meet any new situation by reorganizing, and a wonderful method it > can be for creating the illusion of progress, while producing confusion, > inefficiency and demoralization." > -Gaius Petronius, 1st Century AD > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From bob Thu Jan 12 18:22:03 2006 From: bob (Bob Ippolito) Date: Thu, 12 Jan 2006 15:22:03 -0800 Subject: [nycbug-talk] Curious, where are you people? In-Reply-To: References: <8c50a3c30601121101g16a72190h96ba77bf16973b92@mail.gmail.com> Message-ID: <88828747-7175-46F0-A31A-34D5E03A3EFF@redivi.com> On Jan 12, 2006, at 2:23 PM, Charles Sprickman wrote: > On Thu, 12 Jan 2006, Marc Spitzer wrote: > >> hello all, >> >> Where are you people? I am curious. I know we have Canada, >> Califorina, New Jersy in addition to New York. I was just wondering >> where else this list went? > > OK, so who here knows the Google Maps API? :) Who needs to? Just create a NYCBUG group on http://www.frappr.com/ -- that'll take care of it. -bob From nomadlogic Thu Jan 12 19:47:32 2006 From: nomadlogic (pete wright) Date: Thu, 12 Jan 2006 16:47:32 -0800 Subject: [nycbug-talk] iptables/pf benchmark Message-ID: <57d710000601121647k2104b1cew80bddddcc6136bd7@mail.gmail.com> has anyone seen Decembers Usenix ;login? there is an interesting article with a comparison between iptables (linux kernel 2.4/redhat 7.3) and pf (open 3.3). I have not had a chance to really go through this thing carefully; but they find that iptables is, in general, quicker when acting as both a router and bridge. to quote the conclusion: "Linux is, in general, more efficient than OpenBSD. In both router and bridge configurations, it spends less time forwarding packets. Furthermore, iptables filters packets more quickly than PF, with only one exception (in our testing): if the transport-layer protocol of the transit packet, say, UDP, differs from the spec- ified transport-protocol type of a sequence of rules?"protocol type" set to "TCP"in this example?PF ignores those rules and confronts the packet only with the rest of the set, acting more efficiently than Linux, which confronts the packet with all the rules in the set." i could go into details, but then I would be taking subscriptions away from Usenix ;) Anyway, has anyone spent some time reading through this article? -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From george Thu Jan 12 20:36:51 2006 From: george (George R.) Date: Thu, 12 Jan 2006 20:36:51 -0500 Subject: [nycbug-talk] iptables/pf benchmark In-Reply-To: <57d710000601121647k2104b1cew80bddddcc6136bd7@mail.gmail.com> References: <57d710000601121647k2104b1cew80bddddcc6136bd7@mail.gmail.com> Message-ID: <43C70433.1030904@sddi.net> pete wright wrote: > has anyone seen Decembers Usenix ;login? > > there is an interesting article with a comparison between iptables > (linux kernel 2.4/redhat 7.3) and pf (open 3.3). I have not had a > chance to really go through this thing carefully; but they find that > iptables is, in general, quicker when acting as both a router and > bridge. to quote the conclusion: > > "Linux is, in general, more efficient than OpenBSD. In both router and bridge > configurations, it spends less time forwarding packets. Furthermore, iptables > filters packets more quickly than PF, with only one exception (in our > testing): if > the transport-layer protocol of the transit packet, say, UDP, differs > from the spec- > ified transport-protocol type of a sequence of rules?"protocol type" set to > "TCP"in this example?PF ignores those rules and confronts the packet only > with the rest of the set, acting more efficiently than Linux, which > confronts the > packet with all the rules in the set." > > > i could go into details, but then I would be taking subscriptions away > from Usenix ;) Anyway, has anyone spent some time reading through > this article? I read the article when login came out. . . I'm going to refresh my memory on this. . . If I remember correctly, they were reviewing PF from an early stage of development. . . so I'd take the conclusions with a grain of salt. PF was only released in OBSD 3.0, and I think they were using OBSD 3.3 in the comparison. . . And I gotta say, I look forward to every issue of login. . . it's a brilliant technical magazine that is full of useful articles. . . (so go join usenix if you aren't a member ) George From nomadlogic Thu Jan 12 20:42:50 2006 From: nomadlogic (pete wright) Date: Thu, 12 Jan 2006 17:42:50 -0800 Subject: [nycbug-talk] iptables/pf benchmark In-Reply-To: <43C70433.1030904@sddi.net> References: <57d710000601121647k2104b1cew80bddddcc6136bd7@mail.gmail.com> <43C70433.1030904@sddi.net> Message-ID: <57d710000601121742p7fcb19deqcd53641fc03c54a1@mail.gmail.com> On 1/12/06, George R. wrote: > pete wright wrote: > > has anyone seen Decembers Usenix ;login? > > > > there is an interesting article with a comparison between iptables > > (linux kernel 2.4/redhat 7.3) and pf (open 3.3). I have not had a > > chance to really go through this thing carefully; but they find that > > iptables is, in general, quicker when acting as both a router and > > bridge. to quote the conclusion: > > > > "Linux is, in general, more efficient than OpenBSD. In both router and bridge > > configurations, it spends less time forwarding packets. Furthermore, iptables > > filters packets more quickly than PF, with only one exception (in our > > testing): if > > the transport-layer protocol of the transit packet, say, UDP, differs > > from the spec- > > ified transport-protocol type of a sequence of rules?"protocol type" set to > > "TCP"in this example?PF ignores those rules and confronts the packet only > > with the rest of the set, acting more efficiently than Linux, which > > confronts the > > packet with all the rules in the set." > > > > > > i could go into details, but then I would be taking subscriptions away > > from Usenix ;) Anyway, has anyone spent some time reading through > > this article? > > I read the article when login came out. . . I'm going to refresh my > memory on this. . . > > If I remember correctly, they were reviewing PF from an early stage of > development. . . so I'd take the conclusions with a grain of salt. PF > was only released in OBSD 3.0, and I think they were using OBSD 3.3 in > the comparison. . . > yea the systems where Open 3.3 v. RedHat 7.3. So, I recon at that point pf may have been a bit fresh, and frankly the 2.4 kernels where pretty good (compared to the state of things now in linux land IMO). Maybe it's time to see if we can run an updated version of this test....i'll do it when i have "free" time, sure ;p -p > And I gotta say, I look forward to every issue of login. . . it's a > brilliant technical magazine that is full of useful articles. . . (so go > join usenix if you aren't a member ) > > George > -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From nycbug Thu Jan 12 21:07:44 2006 From: nycbug (Chris Buechler) Date: Thu, 12 Jan 2006 21:07:44 -0500 Subject: [nycbug-talk] Curious, where are you people? In-Reply-To: <8c50a3c30601121101g16a72190h96ba77bf16973b92@mail.gmail.com> References: <8c50a3c30601121101g16a72190h96ba77bf16973b92@mail.gmail.com> Message-ID: <43C70B70.7090400@chrisbuechler.com> Marc Spitzer wrote: >Where are you people? I am curious. I know we have Canada, >Califorina, New Jersy in addition to New York. I was just wondering >where else this list went? > > > Louisville, KY. Met several great NYCBUG folks at BSDCan last May, which is how I ended up here. btw, the meetings make their way to Louisville too. I've heard most of the ones available in mp3. :) Glad you make them available. cheers, -Chris From spork Thu Jan 12 22:40:35 2006 From: spork (Charles Sprickman) Date: Thu, 12 Jan 2006 22:40:35 -0500 (EST) Subject: [nycbug-talk] nullfs, jails and quotas In-Reply-To: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> References: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> Message-ID: On Thu, 12 Jan 2006, Isaac Levy wrote: > Hey Charles, All, > > Not a very timely response, but I feel I should weigh in on this issue. > > On Jan 9, 2006, at 7:17 PM, Charles Sprickman wrote: > >> Here's a quick tip: >> >> Don't try using nullfs to mount /usr/ports (or anything else) into a jail >> and then enable quotas on the jail's partition. Really bad juju there. >> >> This is on 6-stable. On running quotacheck after killing off all jails, >> that process was hung, and anything else that touched that partition went >> into a "disk wait" state that was unkillable. Running a shutdown just left >> the machine hanging in a not-quite-dead state. It seems like the kernel >> will block forever on any processes waiting for that partition. A reboot >> alone did not clear it, the background fsck also hung. >> >> Just a friendly warning for anyone doing that kind of tinkering remotely - >> always unmount your nullfs mounts before screwing with quotas... > > Nullfs is outright unsuported, as I've said during the course of several > lectures on jail(8). The man page for mount_nullfs(8) states: > > > BUGS > THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T WORK) > AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT YOUR OWN > RISK. BEWARE OF DOG. SLIPPERY WHEN WET. > > This code also needs an owner in order to be less dangerous - serious > hackers can apply by sending mail to and > announcing > their intent to take it over. > > > Charles: I'm dreadfully empathetic if this cost you time and energy. Ike, I've seen that warning, and I think we've discussed it here before as well. My problem is that I did not really think about this when I turned on quotas. I was simply using nullfs to get the host's ports tree into the jail, and normally I unmount it when I'm done mucking about. The bright side is that there was no data loss, and the time lost translated into a lesson learned, so it's all good. Another question on this topic that was not answered on -hackers... I assume that one day, some brave soul will pick up maintainership of nullfs (someone is working on fixing up unionfs right now, btw). I'm inclined to file a PR on this issue as I think it is full of clues for someone that has the brains to hack such things. What says everyone? Would it be looked at as an annoyance or a help? Charles > Rocket- > .ike > > > From spork Thu Jan 12 22:43:05 2006 From: spork (Charles Sprickman) Date: Thu, 12 Jan 2006 22:43:05 -0500 (EST) Subject: [nycbug-talk] nullfs, jails and quotas In-Reply-To: <20060112191928.GA20407@syntax.cyth.net> References: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> <20060112191422.GD16357@yinaska.pair.com> <20060112191928.GA20407@syntax.cyth.net> Message-ID: On Thu, 12 Jan 2006, Ray Lai wrote: > On Thu, Jan 12, 2006 at 02:14:22PM -0500, Okan Demirmen wrote: >> On Thu 2006.01.12 at 14:09 -0500, Isaac Levy wrote: >>> On Jan 9, 2006, at 7:17 PM, Charles Sprickman wrote: >>> >> and as ray _almost_ eluded to a bit earlier, there's a reason why the >> layered filesystems were pulled from at least openbsd. > > I should have been more explicit instead of assuming everyone was > in the know. =) Go ahead and explain. I'm certainly not in the know... I thought that in FreeBSD many of the changes Matt Dillon made way back when were to make things like nfs, loopback mounts, and weird stackable filesystems easier to create. Is there a suggestion here that they are inherently evil due to some fundamental design flaw? Charles > -Ray- > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From spork Fri Jan 13 00:26:05 2006 From: spork (Charles Sprickman) Date: Fri, 13 Jan 2006 00:26:05 -0500 (EST) Subject: [nycbug-talk] Building FreeBSD packages without installing In-Reply-To: <8c50a3c30601100718j55d7478et3cec25cc0f30c488@mail.gmail.com> References: <8c50a3c30601100718j55d7478et3cec25cc0f30c488@mail.gmail.com> Message-ID: On Tue, 10 Jan 2006, Marc Spitzer wrote: > On 1/10/06, Charles Sprickman wrote: >> Hi all, >> >> I'm building a few hundred ports that will get shoved to another machine >> when done. I have no desire to actually have these ports installed on the >> build machine... Looking at the ports manpage and the handbook, this is >> not possible ("make package" and "make package-recursive" install then >> build the pkg from the installed files). >> >> I know OpenBSD handles this well, in fact they seem to default to building >> a package and THEN install that. Very nifty. >> >> Are there any tricks to emulate this behaviour in FreeBSD, like somehow >> installing into a dummy hierarchy? >> >> Thanks, >> >> Charles > > you could do it in a jail. I found a few other things that kind of work... But there are issues. First off, you can set LOCAL_BASE to something like /usr/local/pkgbuild and set PKG_DBDIR to something like /var/db/pkgbuild and the port will install and register into these dummy directories. A few gotchas there... things like perl that like to hit /etc/make.conf and /etc/manpath.conf will still spam those files. I'm sure there are plenty of other odd gotchas where the port fiddles with things outside of LOCAL_BASE. Also, if you just pkg_add the pkg in the jail, it will dutifully install into your dummy LOCAL_BASE in the jail. Using the "-P" flag seems to fix this, but again, I bet there's some cases where that does not quite work. Doing more googling seems to indicate that while lots of people request the "build package without installing it" option, FreeBSD won't be seeing this anytime soon since attempting a change like that is likely to break things left and right. So I'm somewhat sold on the jail idea... I don't want a full-fledged jail, anyone have pointers to how to build the most minimal of jails? I don't even want to ssh to it, I'd just like to start it with a shell and not call /etc/rc, do my work, then exit the shell. Maybe I shouldn't even be worrying about trimming it, I do have the disk space... Thoughts? Thanks, Charles > marc > > >> >> _______________________________________________ >> % NYC*BUG talk mailing list >> http://lists.nycbug.org/mailman/listinfo/talk >> %Be sure to check out our Jobs and NYCBUG-announce lists >> %We meet the first Wednesday of the month >> > > > -- > "We trained very hard, but it seemed that every time we were beginning to > form into teams we would be reorganized. I was to learn later in life that > we tend to meet any new situation by reorganizing, and a wonderful method it > can be for creating the illusion of progress, while producing confusion, > inefficiency and demoralization." > -Gaius Petronius, 1st Century AD > From lists Fri Jan 13 17:30:57 2006 From: lists (Francisco Reyes) Date: Fri, 13 Jan 2006 17:30:57 -0500 Subject: [nycbug-talk] FreeBSD completely headless install? References: <4ce365ec0601110956p4e289b6ja5001e15d17e715a@mail.gmail.com> <2C9D9FBE-9259-439E-91B8-7C915BA04F02@sddi.net> <20060112094349.GY38528@willystudios.com> Message-ID: Massimiliano Stucchi writes: > I'm sorry, but the FreeSBIE ISO was designed to be more user-friendly > than being admin-friendly, as we thought admins could easily grab the > toolkit and create their own. :) Links to where one can create a custom version of FreesBIE... or even a plain vanilla CD from stable. We have a server that we had to install 5.4 using modules in a FLOPPY.. then upgrade to 6... The controller (3ware 9550SX) is now supported in stable so we would like to burn a CD.. in case we need a boot disk that can see the drives for maintenance purpose. From ike Fri Jan 13 20:05:58 2006 From: ike (Isaac Levy) Date: Fri, 13 Jan 2006 20:05:58 -0500 Subject: [nycbug-talk] Xovi Message-ID: <7CB27AEA-EDA3-4767-804D-9A34DCB33400@lesmuug.org> Yo All, Sitting with Spitzer next to me right now @ ShmooCon, (yeah, I was f'n late today...). http://www.shmoocon.org/speakers.html#kaminsky Anyhow, everyone go download and use a new viewing tool called Xovi. Now. Will explain later- you'll have fun. http://www.doxpara.com/?q=node/1133 Rocket- .ike From lists Fri Jan 13 20:18:01 2006 From: lists (michael) Date: Fri, 13 Jan 2006 20:18:01 -0500 Subject: [nycbug-talk] SchmooCon Message-ID: <20060113201801.3a24990c@wit.genoverly.home> More updates, please! -- Michael From mspitzer Sat Jan 14 00:08:48 2006 From: mspitzer (Marc Spitzer) Date: Sat, 14 Jan 2006 00:08:48 -0500 Subject: [nycbug-talk] SchmooCon In-Reply-To: <20060113201801.3a24990c@wit.genoverly.home> References: <20060113201801.3a24990c@wit.genoverly.home> Message-ID: <8c50a3c30601132108se02840bqd4814a88260a91a8@mail.gmail.com> we are drinking now. marc On 1/13/06, michael wrote: > More updates, please! > > -- > > Michael > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From lists Sat Jan 14 00:36:49 2006 From: lists (Francisco Reyes) Date: Sat, 14 Jan 2006 00:36:49 -0500 Subject: [nycbug-talk] List archive? Message-ID: Is there a list archive? Could not find one at the site.. maybe I was looking at the wrong place.... From zperkov Sat Jan 14 00:57:27 2006 From: zperkov (zp) Date: Sat, 14 Jan 2006 00:57:27 -0500 Subject: [nycbug-talk] List archive? In-Reply-To: References: Message-ID: <8a8511800601132157t1ab223dasbe6fc9c2879e4889@mail.gmail.com> On 1/14/06, Francisco Reyes wrote: > Is there a list archive? > Could not find one at the site.. maybe I was looking at the wrong place.... > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > http://lists.nycbug.org/pipermail/talk/ -z From nomadlogic Sat Jan 14 12:50:32 2006 From: nomadlogic (pete wright) Date: Sat, 14 Jan 2006 09:50:32 -0800 Subject: [nycbug-talk] List archive? In-Reply-To: <8a8511800601132157t1ab223dasbe6fc9c2879e4889@mail.gmail.com> References: <8a8511800601132157t1ab223dasbe6fc9c2879e4889@mail.gmail.com> Message-ID: <57d710000601140950h4fc8fba3jb74f2243b770330b@mail.gmail.com> On 1/13/06, zp wrote: > On 1/14/06, Francisco Reyes wrote: > > Is there a list archive? > > Could not find one at the site.. maybe I was looking at the wrong place.... > > _______________________________________________ > > % NYC*BUG talk mailing list > > http://lists.nycbug.org/mailman/listinfo/talk > > %Be sure to check out our Jobs and NYCBUG-announce lists > > %We meet the first Wednesday of the month > > > > http://lists.nycbug.org/pipermail/talk/ we are also in gmane http://dir.gmane.org/gmane.org.user-groups.bsd.nycbug -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From ike Sat Jan 14 16:33:49 2006 From: ike (Isaac Levy) Date: Sat, 14 Jan 2006 16:33:49 -0500 Subject: [nycbug-talk] nullfs, jails and quotas In-Reply-To: References: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> Message-ID: Hi Charles, All, On Jan 12, 2006, at 10:40 PM, Charles Sprickman wrote: > Ike, > > I've seen that warning, and I think we've discussed it here before > as well. My problem is that I did not really think about this when > I turned on quotas. I was simply using nullfs to get the host's > ports tree into the jail, and normally I unmount it when I'm done > mucking about. Ok- I have a solid solution for you- File-backed memory filesystems (disk images, if you grok apple livin'). I put a recipe in my lecture at Shmoo here, I'll post it to this list if anyone requests it. But better, it's a simple direct application of the following howto: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks- virtual.html My thought is you could have 1 disk image with the ports tree on it, and mount it readonly in the jails, over and over... You could even mount it read/write on one jail, and update it from that one jail... Why do I reccommend this? mdconfig(8) is VERY heavily supported, and it's base is used in the 'new' mechanisms to mount things like devfs and procfs (new as of 5.x branch...). Hope that helps you solve that problem? Rocket- .ike From ike Sat Jan 14 17:02:45 2006 From: ike (Isaac Levy) Date: Sat, 14 Jan 2006 17:02:45 -0500 Subject: [nycbug-talk] openpacket.org Message-ID: Hey all, More mini-notes from Shmoo, from Richard Bejtlich's talk, at the end he mentioned: http://openpacket.org/ Coming soon? Sounds cool... Rocket- .ike From ike Sat Jan 14 17:52:32 2006 From: ike (Isaac Levy) Date: Sat, 14 Jan 2006 17:52:32 -0500 Subject: [nycbug-talk] More Shmoo fun, layer2 Message-ID: <4F103786-96E4-4A1A-9202-3D81DB7D4147@lesmuug.org> http://www.presetkilllimit.us/ rocket- .ike From lists Sun Jan 15 01:28:10 2006 From: lists (Francisco Reyes) Date: Sun, 15 Jan 2006 01:28:10 -0500 Subject: [nycbug-talk] List archive? References: <8a8511800601132157t1ab223dasbe6fc9c2879e4889@mail.gmail.com> Message-ID: zp writes: > http://lists.nycbug.org/pipermail/talk/ I guess I should have said.. a searchable archive. :-) as far as I can tell those are not searchable.. at least in an easy way. :-) From dan Sun Jan 15 08:13:54 2006 From: dan (Dan Langille) Date: Sun, 15 Jan 2006 08:13:54 -0500 Subject: [nycbug-talk] List archive? In-Reply-To: Message-ID: <43CA0442.29062.314C00C3@dan.langille.org> On 15 Jan 2006 at 1:28, Francisco Reyes wrote: > zp writes: > > > http://lists.nycbug.org/pipermail/talk/ > > I guess I should have said.. a searchable archive. :-) > as far as I can tell those are not searchable.. at least in an easy way. :-) Use Google to search it Here's a URL that looks for langille.org in the archives: http://tinyurl.com/9xama -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From nomadlogic Sun Jan 15 12:31:42 2006 From: nomadlogic (pete wright) Date: Sun, 15 Jan 2006 09:31:42 -0800 Subject: [nycbug-talk] openssh 4.3 Message-ID: <57d710000601150931t48afd34aw5707c7f25e2c5bdf@mail.gmail.com> just read this article: http://www.securityfocus.com/columnists/375 guess i've been asleep at the wheel and didn't realize what the open folks where doing regarding VPN'ing via openssh (having openssh create tun(4) device). sounds pretty awesome. any reports on how it works...or is it like most things they do and it "just works" ;) -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From yusuke Sun Jan 15 15:25:12 2006 From: yusuke (Yusuke Shinyama) Date: Sun, 15 Jan 2006 15:25:12 -0500 Subject: [nycbug-talk] openssh 4.3 In-Reply-To: <57d710000601150931t48afd34aw5707c7f25e2c5bdf@mail.gmail.com> References: <57d710000601150931t48afd34aw5707c7f25e2c5bdf@mail.gmail.com> Message-ID: <20060115202512.27774.36467.yusuke@grape.cs.nyu.edu> I've just grabbed the latest snapshot (openssh-SNAP-20060112.tar.gz) and tested it. Although the documentation (README.tun) only mentioned about OpenBSD cases, I saw it's working between FreeBSD <-> Linux boxes too. Haven't measured the performance, but there's a bit longer delay when you open a tcp connection between these machines. I will try NFS mounting between home <-> office later on... Yusuke pete wright wrote: > just read this article: > > http://www.securityfocus.com/columnists/375 > > guess i've been asleep at the wheel and didn't realize what the open > folks where doing regarding VPN'ing via openssh (having openssh create > tun(4) device). sounds pretty awesome. any reports on how it > works...or is it like most things they do and it "just works" ;) > > > -pete From lists Sun Jan 15 15:30:02 2006 From: lists (Francisco Reyes) Date: Sun, 15 Jan 2006 15:30:02 -0500 Subject: [nycbug-talk] openssh 4.3 References: <57d710000601150931t48afd34aw5707c7f25e2c5bdf@mail.gmail.com> <20060115202512.27774.36467.yusuke@grape.cs.nyu.edu> Message-ID: Yusuke Shinyama writes: > I will try NFS mounting between home <-> office later on... Please do report in.. NFS through a tunnel should would be nice. :-) From nomadlogic Sun Jan 15 15:32:46 2006 From: nomadlogic (pete wright) Date: Sun, 15 Jan 2006 12:32:46 -0800 Subject: [nycbug-talk] openssh 4.3 In-Reply-To: References: <57d710000601150931t48afd34aw5707c7f25e2c5bdf@mail.gmail.com> <20060115202512.27774.36467.yusuke@grape.cs.nyu.edu> Message-ID: <57d710000601151232v65355b09wec372b476c767c77@mail.gmail.com> On 1/15/06, Francisco Reyes wrote: > Yusuke Shinyama writes: > > > I will try NFS mounting between home <-> office later on... > > > Please do report in.. NFS through a tunnel should would be nice. :-) > > > or a huge headache if you are the security admin ;) the article mentioned how this would solve the problem of being able to easily secure a wifi connection to a wired lan. seems like this would be a pretty idea application... -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From nomadlogic Sun Jan 15 15:35:19 2006 From: nomadlogic (pete wright) Date: Sun, 15 Jan 2006 12:35:19 -0800 Subject: [nycbug-talk] nullfs, jails and quotas In-Reply-To: References: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> Message-ID: <57d710000601151235j1465205fq7a8cffed7972571c@mail.gmail.com> On 1/14/06, Isaac Levy wrote: > Hi Charles, All, > > On Jan 12, 2006, at 10:40 PM, Charles Sprickman wrote: > > > Ike, > > > > I've seen that warning, and I think we've discussed it here before > > as well. My problem is that I did not really think about this when > > I turned on quotas. I was simply using nullfs to get the host's > > ports tree into the jail, and normally I unmount it when I'm done > > mucking about. > > Ok- I have a solid solution for you- File-backed memory filesystems > (disk images, if you grok apple livin'). > > I put a recipe in my lecture at Shmoo here, I'll post it to this list > if anyone requests it. But better, it's a simple direct application > of the following howto: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks- > virtual.html > > My thought is you could have 1 disk image with the ports tree on it, > and mount it readonly in the jails, over and over... You could even > mount it read/write on one jail, and update it from that one jail... > > Why do I reccommend this? mdconfig(8) is VERY heavily supported, and > it's base is used in the 'new' mechanisms to mount things like devfs > and procfs (new as of 5.x branch...). > > Hope that helps you solve that problem? > I'd love to see the notes man. i've been playing with memory file systems lately (mounting /tmp as a memfs partition for nagios to use as scratch space for example) and would to test this out on some jailing stuff. thanks! -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From lists Sun Jan 15 23:30:20 2006 From: lists (Francisco Reyes) Date: Sun, 15 Jan 2006 23:30:20 -0500 Subject: [nycbug-talk] openssh 4.3 References: <57d710000601150931t48afd34aw5707c7f25e2c5bdf@mail.gmail.com> <20060115202512.27774.36467.yusuke@grape.cs.nyu.edu> <57d710000601151232v65355b09wec372b476c767c77@mail.gmail.com> Message-ID: pete wright writes: >> Please do report in.. NFS through a tunnel should would be nice. :-) > or a huge headache if you are the security admin ;) Well.. I was thinking along the lines of mounting.. copying what I need, unmounting... So it may not be so bad.. > the article mentioned how this would solve the problem of being able > to easily secure a wifi connection to a wired lan. seems like this > would be a pretty idea application... That sounds very simmilar to Dan's article.. in functionality.. except his article used ipsec.. if memory serves me well. From george Mon Jan 16 10:24:40 2006 From: george (George R.) Date: Mon, 16 Jan 2006 10:24:40 -0500 Subject: [nycbug-talk] some comments on Shmoo. . . Message-ID: <43CBBAB8.90108@sddi.net> Once again, ShmooCon in DC was an excellent conference. I didn't attend enough meetings, but the quality of people you meet there is remarkable. Richard Beijtlich's Tao of Security blog at http://taosecurity.blogspot.com/ provides some comments about the conference, but there were also a significant bunch of NYCBUG people there. Dan Geer provided the opening, and Richard's brief comments on it are insightful. Dan is a USENIX heavy-hitter who is also a biologist. He had the recent USENIX article in login about Monoculture, and debated someone from Microsoft a few years back at ATC about monoculture. It seems dangerous to work out parallels between the natural science and technical world, since few people are authorities in both areas. Dan, however, is a strong exception, IMHO. He spent a lot of time explaining the problems with determining the quantity of security vulnerabilities reported, but once that was established, he used the general trends of vulnerabilities to illustrate various points. Richard provides more comments on Dan's talk, particularly in the context of pandemics. Once the Shmoo videos are online, I'd highly recommend people viewing his keynote. It's way too easy for technical people to have tunnel-vision when making generalizations about technology, but I think Dan does a huge service to everyone by opening up the mountain. g From spork Mon Jan 16 19:22:39 2006 From: spork (Charles Sprickman) Date: Mon, 16 Jan 2006 19:22:39 -0500 (EST) Subject: [nycbug-talk] some comments on Shmoo. . . In-Reply-To: <43CBBAB8.90108@sddi.net> References: <43CBBAB8.90108@sddi.net> Message-ID: On Mon, 16 Jan 2006, George R. wrote: > Once again, ShmooCon in DC was an excellent conference. This little project (Anonym.OS) is pretty nifty, apparently it's an OpenBSD "Live CD" setup to use TOR to anonymize your internet activity: http://theory.kaos.to/projects.html C ps - that site bears a striking resemblence to my friend's site (http://jhonthumb.com) - popular template! :) > g > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From george Mon Jan 16 19:32:46 2006 From: george (George R.) Date: Mon, 16 Jan 2006 19:32:46 -0500 Subject: [nycbug-talk] some comments on Shmoo. . . In-Reply-To: References: <43CBBAB8.90108@sddi.net> Message-ID: <43CC3B2E.4020107@sddi.net> Charles Sprickman wrote: > On Mon, 16 Jan 2006, George R. wrote: > >> Once again, ShmooCon in DC was an excellent conference. > > This little project (Anonym.OS) is pretty nifty, apparently it's an > OpenBSD "Live CD" setup to use TOR to anonymize your internet activity: > > http://theory.kaos.to/projects.html > > C > > ps - that site bears a striking resemblence to my friend's site > (http://jhonthumb.com) - popular template! :) It actually hasn't yet fully propagated to the various Sourceforge mirrors. I'm actually d/l'g this moment from .au. I spoke to the creators of Anony.OS a bit, even though i missed their meeting. The one thing they noted was that they had many problems creating an OBSD live cd. They said that all the online documentation they found on the topic was inaccurate. They are going to be in NYC for HOPE (2600 conference) this summer so they are planning to do something for us then. We may also get a Tor speaker (Roger) this summer. g From ike Mon Jan 16 19:48:58 2006 From: ike (Isaac Levy) Date: Mon, 16 Jan 2006 19:48:58 -0500 Subject: [nycbug-talk] nullfs, jails and quotas In-Reply-To: <57d710000601151235j1465205fq7a8cffed7972571c@mail.gmail.com> References: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> <57d710000601151235j1465205fq7a8cffed7972571c@mail.gmail.com> Message-ID: Hi All, On Jan 15, 2006, at 3:35 PM, pete wright wrote: >> Ok- I have a solid solution for you- File-backed memory filesystems >> (disk images, if you grok apple livin'). >> >> I put a recipe in my lecture at Shmoo here, I'll post it to this list >> if anyone requests it. But better, it's a simple direct application >> of the following howto: >> >> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks- >> virtual.html >> >> My thought is you could have 1 disk image with the ports tree on it, >> and mount it readonly in the jails, over and over... You could even >> mount it read/write on one jail, and update it from that one jail... >> >> Why do I reccommend this? mdconfig(8) is VERY heavily supported, and >> it's base is used in the 'new' mechanisms to mount things like devfs >> and procfs (new as of 5.x branch...). >> >> Hope that helps you solve that problem? >> > > I'd love to see the notes man. i've been playing with memory file > systems lately (mounting /tmp as a memfs partition for nagios to use > as scratch space for example) and would to test this out on some > jailing stuff. > > thanks! > -pete Dru grabbed me at ShmooCon to ask me to post the script to list here, so here's some stuff. First is an anatomoical breakdown of how to make a blank disk image, (the handbook page is much better than what I write below, IMO), but at the end of this email I put a script you can use to simply make disk images. Rocket- .ike ################################################ # Dissection of how-to make the disks in 4 lines: ################################################ # writing 1gb blank file, (analagous to creating an unformatted harddrive) dd if=/dev/zero of=1gb.img bs=1k count=1024k # dd | man dd(1) if you don't know what that is, # if | use /dev/zero to get null bytes to make a 'blank' disk # of | this is the name of the disk image, make it what you want # bs | block size of the disk blocks # count | 1024k (this would make a 1gb disk, 2048 would be 2gb, etc...) # attaching the file (analagous to attaching a harddrive)... mdconfig -a -t vnode -f 1gb.img -u 1101 # mdconfig | utility to configure and enable memory disks # -a | attach # -t vnode | type of memory disk, vnode is file-backed # -f 1gb.img | the file to attach as a disk # -u 1101 | the device node number (what will show up in /dev) # formating the disk... disklabel -r -w md1101 auto # disklabel | man disklabel for more info # -r | This option allows a label to be installed on a # disk without kernel support for a label, such as when # labels are first installed on a system... # -w md1101 | write to disk device named foo # auto | extra flag to automatically format the disk # detaching the disk (analagous to ejecting a harddrive)... mdconfig -d -u 1101 # -d | detach # -u 1101 | label number again # ################################################ #!/bin/sh # ike copy-paste script for making file-backed 'disk images' # # This script makes a handfull of blank 'disk images', in sizes # useful for jail(8)-ing services. Making the disks can take a very # long time depending on disk speed, so it's handy to have these around # pending free space availability. # # NOTICE: Depending on your disk space, you may need to comment out some # of the larger disk sizes at the end of this file. Be rational, please. # # One of these file-backed disk images can be mounted using the following: # mdconfig -a -t vnode -f diskimage.img -u 0 # mount /dev/md0 /mnt # # for more information, use the man page for mdconfig(8) # # anatomy of what this disk does: ################################################################ # 1 Gigabyte (tiny system) #echo 'writing 1gb blank file, (analagous to creating an unformatted harddrive)...' #dd if=/dev/zero of=1gb.img bs=1k count=1024k #echo 'attaching the file (analagous to attaching a harddrive)...' #mdconfig -a -t vnode -f 1gb.img -u 1101 #echo 'formating the disk...' #disklabel -r -w md1101 auto #echo 'detaching the disk (analagous to ejecting a harddrive)...' #mdconfig -d -u 1101 ################################################################ if [ "$1" ]; then if [ "$2" ]; then filename=$2 else filename=$1'gb.dmg' fi #echo $filename B=1024 let fullsize=1024*$1 fullcount=$fullsize'k' echo 'Writing blank '$1' gb file, (analagous to an unformatted harddrive)...' #echo '- skipping, debug ikenote' dd if=/dev/zero of=$filename bs=1k count=$fullcount echo '' echo 'Attaching the file (analagous to attaching a harddrive)...' mdconfig -a -t vnode -f $filename -u 110$1 ls /dev | grep md110 echo '' echo 'formating the disk using disklabel...' disklabel -r -w md110$1 auto ls /dev | grep md110 echo '' echo 'detaching the disk (analagous to ejecting a harddrive)...' mdconfig -d -u 110$1 echo '' echo 'Blank '$1' Gigabyte Disk Image ready for use,' ls -lah | grep $filename echo '' else echo "You must specify an appropriate integer, to represent the size of the disk in Gigabytes." echo "usage: make_blank_disks.sh [int] [filename_optional]" fi From ike Mon Jan 16 19:52:31 2006 From: ike (Isaac Levy) Date: Mon, 16 Jan 2006 19:52:31 -0500 Subject: [nycbug-talk] nullfs, jails and quotas In-Reply-To: References: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> <57d710000601151235j1465205fq7a8cffed7972571c@mail.gmail.com> Message-ID: <24C6EB14-ED2C-430C-8033-1062EF351B96@lesmuug.org> Hey Pete, All, On Jan 16, 2006, at 7:48 PM, Isaac Levy wrote: >> I'd love to see the notes man. i've been playing with memory file >> systems lately (mounting /tmp as a memfs partition for nagios to use >> as scratch space for example) and would to test this out on some >> jailing stuff. Also, here's a jail start script like what I've shown before in lecture slides, except mounting disk images at boot. Not rocket science, but I thought it may be nice to see all the steps required. #!/bin/sh mdconfig -a -t vnode -f somedomain.com.img -u 11168 mount /dev/md11204c /usr/local/jails/mnt/somedomain.com J=/usr/local/jails/mnt/somedomain.com # path to jail directory tree ifconfig bge0 inet alias 192.168.1.168/32 mount_devfs devfs $J/dev mount -t procfs proc $J/proc jail $J somedomain.com 192.168.1.168 /bin/sh /etc/rc Rocket- .ike From nomadlogic Mon Jan 16 22:01:04 2006 From: nomadlogic (pete wright) Date: Mon, 16 Jan 2006 19:01:04 -0800 Subject: [nycbug-talk] nullfs, jails and quotas In-Reply-To: <24C6EB14-ED2C-430C-8033-1062EF351B96@lesmuug.org> References: <86606257-E720-4F5E-AC69-F6F9828AFEAD@lesmuug.org> <57d710000601151235j1465205fq7a8cffed7972571c@mail.gmail.com> <24C6EB14-ED2C-430C-8033-1062EF351B96@lesmuug.org> Message-ID: <57d710000601161901kcd74037yfbe54d8adf8b6ed7@mail.gmail.com> On 1/16/06, Isaac Levy wrote: > Hey Pete, All, > > On Jan 16, 2006, at 7:48 PM, Isaac Levy wrote: > > >> I'd love to see the notes man. i've been playing with memory file > >> systems lately (mounting /tmp as a memfs partition for nagios to use > >> as scratch space for example) and would to test this out on some > >> jailing stuff. > > Also, here's a jail start script like what I've shown before in > lecture slides, except mounting disk images at boot. Not rocket > science, but I thought it may be nice to see all the steps required. execellent, thanks ike! shame there isn't a way to do this via an fstab, at least there isn't a way i know to do this yet... -p > > > > #!/bin/sh > > mdconfig -a -t vnode -f somedomain.com.img -u 11168 > mount /dev/md11204c /usr/local/jails/mnt/somedomain.com > > J=/usr/local/jails/mnt/somedomain.com # path to jail directory tree > > ifconfig bge0 inet alias 192.168.1.168/32 > > mount_devfs devfs $J/dev > mount -t procfs proc $J/proc > > jail $J somedomain.com 192.168.1.168 /bin/sh /etc/rc > > > > Rocket- > .ike > > > -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From jra5zm302 Tue Jan 17 01:16:53 2006 From: jra5zm302 (David Fox) Date: Tue, 17 Jan 2006 01:16:53 -0500 Subject: [nycbug-talk] 2x 3Ware Escalade 9500S-4LP SATA Message-ID: <17529-05903@sneakemail.com> Ike wrote: > Hey All, > > Upbeat Update: > > So it looks like it's n APIC issue, (GIANT_LOCKED). I just > recompiled the kernel without APIC support, and viola, it works- > albiet without SMP. > > Sad thing is, the machines I'm putting these cards in are dual Xeon > rigs. > > -- > Ok, on Vinod's suggestion, I called 3Ware/AMCC support, and a *very* > helpful person there took me through figuring out what firmware I > had, and told me the new firmware fixes this problem. > > With that, I need to update firmware and try installing/booting fresh > again, but the 3Ware/AMCC KnowledgeLibrary site is downed with some > DB error... (doh!) > > So, with that, I'm done for the day- but looks like I almost have > this issue solved, for now, with these cards. Will keep everyone > posted. > > Rocket- > .ike Sorry that this probably isn't threaded properly, I just joined the list. :) What ended up happening with that, Ike? I've got the exact same issue. :) Dave From zperkov Tue Jan 17 01:43:10 2006 From: zperkov (zp) Date: Tue, 17 Jan 2006 01:43:10 -0500 Subject: [nycbug-talk] some comments on Shmoo. . . In-Reply-To: <43CBBAB8.90108@sddi.net> References: <43CBBAB8.90108@sddi.net> Message-ID: <8a8511800601162243t1bc13415la1ffa135b6d93c9c@mail.gmail.com> On 1/16/06, George R. wrote: > Once again, ShmooCon in DC was an excellent conference. > I already can't wait till next year. Dan Geer - (I need to watch it again). Correct me if i am wrong..but the whole premise of his talk was "Don't re-invent the wheel, Steal from other places..use them to your advantage" hence all the parallels to banks and insurance companies in regards to analyzing risk. He also praised Edward Tufte and his book "The Visual Display of Quantitative Information". Real good stuff. The whole conference as a whole was an inspiring experience. It got my brain churning all sorts of ideas. Well worth the $$$, time, and brain cells that were lost at the bar. -z From quigon Tue Jan 17 02:42:12 2006 From: quigon (QuiGon) Date: Tue, 17 Jan 2006 02:42:12 -0500 Subject: [nycbug-talk] Re: some comments on Shmoo. . . In-Reply-To: <2006011707373801500dc900e@A@000000000000@comcast.net> References: <2006011707373801500dc900e@A@000000000000@comcast.net> Message-ID: <43CC9FD4.4040402@hacktek.com> >On Mon, 16 Jan 2006, George R. wrote: > >Once again, ShmooCon in DC was an excellent conference. I agree whole heartedly. I appreciate the time George, Ike and Mark took to chat with myself and some friends who came up from Jacksonville, FL for the conference. I will say I've used archives of your list quite a bit in troubleshooting issues I've had with *BSD. I look forward to attending (or speaking, as George has insisted, on IPv6) one of the NYC BUG meetings in the near future. It's communities like this and conferences like ShmooCon that keep my faith in humanity alive. Thanks for your help, and keep up the good work. --QuiGon (new member/poster) From nycbug Tue Jan 17 08:38:58 2006 From: nycbug (Ray Lai) Date: Tue, 17 Jan 2006 08:38:58 -0500 Subject: [nycbug-talk] Dynamic DNS MX Records Message-ID: <20060117133858.GA22170@syntax.cyth.net> Hi Nycbuggers, I'm currently paying $60/month for Speakeasy for two static IPs. (Really, one is enough.) This is because I have my own web server and, more importantly, my own mail server. I am looking to use Verizon's $14.95/month DSL, but I'm pretty sure they use dynamic IPs and I will need to set up dynamic DNS entries. What are people's thoughts and experiences on this? Has anyone lost mail due to this setup? Are there alternatives? -Ray- From g Tue Jan 17 09:43:24 2006 From: g (Gordon Smith) Date: Tue, 17 Jan 2006 09:43:24 -0500 Subject: [nycbug-talk] Dynamic DNS MX Records In-Reply-To: <20060117133858.GA22170@syntax.cyth.net> Message-ID: <0IT8004KSRKDUPQ0@mta10.srv.hcvlny.cv.net> Disclaimer: "I've not done this sort of thing for email servers, but I have used dynamic DNS for web servers" (I'm sure lots of BUGgers have). Assuming that your machine is already set up with a utility that updates DNS when the ip address changes, one important factor to consider is the DNS TTL setting. The most conservative approach would be to dial down the TTL as low as you can stand it, so that when your machine's ip address changes, remote machines will be forced to make the chain of requests back to the authoritative server. As mentioned in the linked page below, "RFC 1912 cautions that 0 = no caching is not widely implemented so make no assumptions." Lower TTLs equals more authoritative requests, which equals higher DNS serving costs - that's the balance that needs to be struck. In the case of OptOnline, their dynamic ip addresses generally don't change so long as your cable modem is always online. I thought I heard that Verizon may routinely change addresses every N days, but please check this out - anyone with Verizon DSL, please comment. Less ip address changes may equate to a higher permissible TTL setting. So long as the TTL is less than most folks' SMTP servers' retransmission expiration, you'll be ok. You may receive email late upon an ip address change, but the messages will still get to you. I've seen a two day retransmission expiration as common, but YMMV. Some interesting background on TTL for MX records here: http://www.zytrax.com/books/dns/apa/ttl.html Let us know how it goes. Cheers, Gordon -----Original Message----- I am looking to use Verizon's $14.95/month DSL, but I'm pretty sure they use dynamic IPs and I will need to set up dynamic DNS entries. What are people's thoughts and experiences on this? Has anyone lost mail due to this setup? Are there alternatives? -Ray- From dlavigne6 Tue Jan 17 10:37:29 2006 From: dlavigne6 (Dru) Date: Tue, 17 Jan 2006 10:37:29 -0500 (EST) Subject: [nycbug-talk] SchmooCon In-Reply-To: <20060113201801.3a24990c@wit.genoverly.home> References: <20060113201801.3a24990c@wit.genoverly.home> Message-ID: <20060117103555.O562@dru.domain.org> On Fri, 13 Jan 2006, michael wrote: > More updates, please! http://blogs.ittoolbox.com/unix/bsd/archives/007311.asp There will be 4 of these before the day is done. Note to self: don't leave for a conference and forget to bookmark the URL to your blog login on your laptop... Dru From lists Tue Jan 17 10:48:17 2006 From: lists (michael) Date: Tue, 17 Jan 2006 10:48:17 -0500 Subject: [nycbug-talk] SchmooCon In-Reply-To: <20060117103555.O562@dru.domain.org> References: <20060113201801.3a24990c@wit.genoverly.home> <20060117103555.O562@dru.domain.org> Message-ID: <20060117104817.6f24c4d1@wit.genoverly.home> On Tue, 17 Jan 2006 10:37:29 -0500 (EST) Dru wrote: > http://blogs.ittoolbox.com/unix/bsd/archives/007311.asp ah, good stuff, thanks dru. -- Michael From nomadlogic Tue Jan 17 11:05:49 2006 From: nomadlogic (pete wright) Date: Tue, 17 Jan 2006 08:05:49 -0800 Subject: [nycbug-talk] Dynamic DNS MX Records In-Reply-To: <20060117133858.GA22170@syntax.cyth.net> References: <20060117133858.GA22170@syntax.cyth.net> Message-ID: <57d710000601170805x765abf21q3e537ba6ad3eddce@mail.gmail.com> On 1/17/06, Ray Lai wrote: > Hi Nycbuggers, > > I'm currently paying $60/month for Speakeasy for two static IPs. > (Really, one is enough.) This is because I have my own web server > and, more importantly, my own mail server. I am looking to use > Verizon's $14.95/month DSL, but I'm pretty sure they use dynamic > IPs and I will need to set up dynamic DNS entries. > > What are people's thoughts and experiences on this? Has anyone > lost mail due to this setup? Are there alternatives? > I've used DynDNS for a while (.http://www.dyndns.com/) It's pretty OK. Not sure i would trust important Mail on a DynDNS managed domain, but for what you pay (nothing) and what you save on the DSL link it may be worth it. I know there are FreeBSD ports for DynDNS updaters, and belive that there are Open one's as well. But, frankly updating a record is doable in a couple lines of sh. -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From nycbug-list Tue Jan 17 12:22:24 2006 From: nycbug-list (Jonathan Vanasco) Date: Tue, 17 Jan 2006 12:22:24 -0500 Subject: [nycbug-talk] Dynamic DNS MX Records In-Reply-To: <20060117133858.GA22170@syntax.cyth.net> References: <20060117133858.GA22170@syntax.cyth.net> Message-ID: I wouldn't trust any mail on a dynamic dns - you're apt to have something come in during that window that you've just switched to a new ip and the old ip is still out there. all the other MTA would have to do is accept the message to delay (if they later bounce) or keep you from ever getting it (if they devnull). either way, that's a big security issue. you could set the mx as a string name to a dyndns server, but most mtas do caching now of a few hours -- and then whatever local resolver you have on that machine is apt to cache for a while. also remember - chances are your MTA is the best set up one you'll interface with. there are a lot of POORLY operating ones out there - either because they were designed regardless of RFC, or they were configured by an idiot. I would either: a_ just use a constant dependable ip box for mail b_ find someone with the box above, or a service as above, and then use that as a 'world facing' MX that only knows the valid addresses -- no need to process mail. have your local box connect to that to retreive all the mail for processing on your lan. there are a lot of recipes for stuff like that in the exim documentation. i'm sure postfix or qmail would handle that well too. On Jan 17, 2006, at 8:38 AM, Ray Lai wrote: > Hi Nycbuggers, > > I'm currently paying $60/month for Speakeasy for two static IPs. > (Really, one is enough.) This is because I have my own web server > and, more importantly, my own mail server. I am looking to use > Verizon's $14.95/month DSL, but I'm pretty sure they use dynamic > IPs and I will need to set up dynamic DNS entries. > > What are people's thoughts and experiences on this? Has anyone > lost mail due to this setup? Are there alternatives? > > -Ray- > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From jonathan Tue Jan 17 12:32:28 2006 From: jonathan (Jonathan) Date: Tue, 17 Jan 2006 20:32:28 +0300 Subject: [nycbug-talk] Dynamic DNS MX Records In-Reply-To: <20060117133858.GA22170@syntax.cyth.net> References: <20060117133858.GA22170@syntax.cyth.net> Message-ID: <43CD2A2C.6090100@kc8onw.net> Ray Lai wrote: > Hi Nycbuggers, > > I'm currently paying $60/month for Speakeasy for two static IPs. > (Really, one is enough.) This is because I have my own web server > and, more importantly, my own mail server. I am looking to use > Verizon's $14.95/month DSL, but I'm pretty sure they use dynamic > IPs and I will need to set up dynamic DNS entries. > > What are people's thoughts and experiences on this? Has anyone > lost mail due to this setup? Are there alternatives? I've been running my mail server on a dynamic IP for over a year now without problems. I have my domain, DNS service and backup MX through no-ip.com for a pretty reasonable price. It's cheap enough that I don't even remember how much it is, I just renew each year when it expires. I would guess about $75 a year or so. Jonathan From lists Tue Jan 17 17:11:36 2006 From: lists (Francisco Reyes) Date: Tue, 17 Jan 2006 17:11:36 -0500 Subject: [nycbug-talk] Dynamic DNS MX Records References: <20060117133858.GA22170@syntax.cyth.net> Message-ID: Ray Lai writes: > What are people's thoughts and experiences on this? Has anyone > lost mail due to this setup? Are there alternatives? FYI, Manry RBLs block dynamic IPs alltogether so that may be a problem. To make things worse some, and I don't recall which, even prevent mail going TO RBLed IPs.. In short... yes it could be a problem. Don't really know how big of a problem though... If it's only one domain you could probably quite affordably host the domain at web service company. From spork Tue Jan 17 17:22:14 2006 From: spork (Charles Sprickman) Date: Tue, 17 Jan 2006 17:22:14 -0500 (EST) Subject: [nycbug-talk] Dynamic DNS MX Records In-Reply-To: <20060117133858.GA22170@syntax.cyth.net> References: <20060117133858.GA22170@syntax.cyth.net> Message-ID: On Tue, 17 Jan 2006, Ray Lai wrote: > Hi Nycbuggers, > > I'm currently paying $60/month for Speakeasy for two static IPs. > (Really, one is enough.) This is because I have my own web server > and, more importantly, my own mail server. I am looking to use > Verizon's $14.95/month DSL, but I'm pretty sure they use dynamic > IPs and I will need to set up dynamic DNS entries. I am clearly biased, but I would not even wish Verizon on my worst enemies. But even without that bias, I'd say that if you want to run servers at home, and they are at all important, look to the old adage of "you get what you pay for". I'm really holding my tongue here about the recent moves by the baby bells to "prioritize" traffic and do a little double-dipping since I have to imagine that's how they plan to offer the $15/month limited-time promotions... Charles > > -Ray- > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From george Tue Jan 17 18:09:19 2006 From: george (George R.) Date: Tue, 17 Jan 2006 18:09:19 -0500 Subject: [nycbug-talk] more on Anonym.OS Message-ID: <43CD791F.8080105@sddi.net> from Wired http://www.wired.com/news/technology/0,70017-0.html?tw=wn_tophead_1 From nycbug-list Tue Jan 17 19:32:50 2006 From: nycbug-list (Jonathan) Date: Tue, 17 Jan 2006 19:32:50 -0500 Subject: [nycbug-talk] Dynamic DNS MX Records In-Reply-To: References: <20060117133858.GA22170@syntax.cyth.net> Message-ID: <347F117C-AC05-4505-A7BD-3F969CB3935D@2xlp.com> On Jan 17, 2006, at 5:22 PM, Charles Sprickman wrote: > I am clearly biased, but I would not even wish Verizon on my worst > enemies. But even without that bias, I'd say that if you want to > run servers at home, and they are at all important, look to the old > adage of "you get what you pay for". > > I'm really holding my tongue here about the recent moves by the > baby bells to "prioritize" traffic and do a little double-dipping > since I have to imagine that's how they plan to offer the $15/month > limited-time promotions... That just reminded me- Many DSL/Cable providers block all traffic on port 25, unless it's being routed to their SMTP servers . They tend to consider any machine sending mail on port25 to be compromised and sending virus/spam , as they far more often than not are. I'd check to make sure they have port 25 open. From spork Tue Jan 17 19:40:32 2006 From: spork (Charles Sprickman) Date: Tue, 17 Jan 2006 19:40:32 -0500 (EST) Subject: [nycbug-talk] Dynamic DNS MX Records In-Reply-To: <347F117C-AC05-4505-A7BD-3F969CB3935D@2xlp.com> References: <20060117133858.GA22170@syntax.cyth.net> <347F117C-AC05-4505-A7BD-3F969CB3935D@2xlp.com> Message-ID: On Tue, 17 Jan 2006, Jonathan wrote: > That just reminded me- > > Many DSL/Cable providers block all traffic on port 25, unless it's being > routed to their SMTP servers . > They tend to consider any machine sending mail on port25 to be compromised > and sending virus/spam , as they far more often than not are. > > I'd check to make sure they have port 25 open. And check that it's open in BOTH directions if you're running a mail server. I know at one point not only did VZ block outbound 25 to anything but their own server, but they also only allowed @verizon.net From: addresses... Brilliant. I think that went away, but you have to wonder who dreams things like that up and who approves them for the final rollout to all their subs. C From mspitzer Tue Jan 17 22:43:19 2006 From: mspitzer (Marc Spitzer) Date: Tue, 17 Jan 2006 22:43:19 -0500 Subject: [nycbug-talk] waay off topic Message-ID: <8c50a3c30601171943m26248c37s3db22aff26ad8b61@mail.gmail.com> http://news.yahoo.com/s/ap/20060118/ap_on_en_mo/people_shatner -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From nycbug Tue Jan 17 23:18:29 2006 From: nycbug (Ray Lai) Date: Tue, 17 Jan 2006 23:18:29 -0500 Subject: [nycbug-talk] waay off topic In-Reply-To: <8c50a3c30601171943m26248c37s3db22aff26ad8b61@mail.gmail.com> References: <8c50a3c30601171943m26248c37s3db22aff26ad8b61@mail.gmail.com> Message-ID: <20060118041829.GA22069@syntax.cyth.net> On Tue, Jan 17, 2006 at 10:43:19PM -0500, Marc Spitzer wrote: > http://news.yahoo.com/s/ap/20060118/ap_on_en_mo/people_shatner My girlfriend says, "Well, he IS Captain Kirk." -Ray- From george Tue Jan 17 23:35:48 2006 From: george (George R.) Date: Tue, 17 Jan 2006 23:35:48 -0500 Subject: [nycbug-talk] waay off topic In-Reply-To: <20060118041829.GA22069@syntax.cyth.net> References: <8c50a3c30601171943m26248c37s3db22aff26ad8b61@mail.gmail.com> <20060118041829.GA22069@syntax.cyth.net> Message-ID: <43CDC5A4.40009@sddi.net> Ray Lai wrote: > On Tue, Jan 17, 2006 at 10:43:19PM -0500, Marc Spitzer wrote: >> http://news.yahoo.com/s/ap/20060118/ap_on_en_mo/people_shatner > > My girlfriend says, "Well, he IS Captain Kirk." and the definition of virtual and surreal are so similar. . . good to see you're keeping up with entertainment news, Marc. g From jonathan Wed Jan 18 04:13:26 2006 From: jonathan (Jonathan) Date: Wed, 18 Jan 2006 12:13:26 +0300 Subject: [nycbug-talk] Dynamic DNS MX Records In-Reply-To: <20060117192012.GD23693@syntax.cyth.net> References: <20060117133858.GA22170@syntax.cyth.net> <43CD2A2C.6090100@kc8onw.net> <20060117192012.GD23693@syntax.cyth.net> Message-ID: <43CE06B6.3050007@kc8onw.net> Ray Lai wrote: > On Tue, Jan 17, 2006 at 08:32:28PM +0300, Jonathan wrote: >> I've been running my mail server on a dynamic IP for over a year now >> without problems. I have my domain, DNS service and backup MX through >> no-ip.com for a pretty reasonable price. It's cheap enough that I don't >> even remember how much it is, I just renew each year when it expires. I >> would guess about $75 a year or so. > > Hi Jonathan, > > How often does your IP change and how much mail do you get? Thanks. Not all that often, I've been on a couple of different networks and it's changes anywhere from weekly to every 3 months. The main thing that makes it work for me is the backup MX service because then if my IP changes or I have to take the server offline no-ip will hold all my mail for (I think) 5 days by default. I moved my server 1/3 of the way across the country and didn't lose any email at all. With all the mailing lists I'm on I would guess 100-150+ emails a day, most of it legit. I don't get much spam (yet) thankfully. Jonathan From jonathan Wed Jan 18 04:17:19 2006 From: jonathan (Jonathan) Date: Wed, 18 Jan 2006 12:17:19 +0300 Subject: [nycbug-talk] Dynamic DNS MX Records In-Reply-To: <347F117C-AC05-4505-A7BD-3F969CB3935D@2xlp.com> References: <20060117133858.GA22170@syntax.cyth.net> <347F117C-AC05-4505-A7BD-3F969CB3935D@2xlp.com> Message-ID: <43CE079F.2000704@kc8onw.net> Jonathan wrote: Looks like I may have to start using my last name on this list, things my get confusing otherwise. The other Jonathan :) > That just reminded me- > > Many DSL/Cable providers block all traffic on port 25, unless it's being > routed to their SMTP servers . > They tend to consider any machine sending mail on port25 to be > compromised and sending virus/spam , as they far more often than not are. > > I'd check to make sure they have port 25 open. I actually just relay through the ISP's servers right now for outbound. They have not rejected a message yet. Inbound is still open thankfully. Jonathan S. From ike Wed Jan 18 13:30:29 2006 From: ike (Isaac Levy) Date: Wed, 18 Jan 2006 13:30:29 -0500 Subject: [nycbug-talk] 2x 3Ware Escalade 9500S-4LP SATA In-Reply-To: <17529-05903@sneakemail.com> References: <17529-05903@sneakemail.com> Message-ID: <7512A85C-8A51-48BF-88A2-F2C0085AFB19@lesmuug.org> Hi David, On Jan 17, 2006, at 1:16 AM, David Fox wrote: > Sorry that this probably isn't threaded properly, I just joined the > list. > :) Welcome :) > > What ended up happening with that, Ike? I've got the exact same > issue. :) > > Dave Here's where I'm at: From the FreeBSD side of the problem: FreeBSD CURRENT works properly, the driver had some bugs fixed in December. This means that hopefully by late Feburary, we'll see the driver hit STABLE. From the 3Ware side of the problem: The 3Ware phone support ended up being really great, their techs really tried to help, and were very knowledgeable with regard to BSD UNIX. - From their side, they state my firmware was old, and needed to be updated. - I was told updating the card would make it function with FreeBSD 4.10+, 5.3+, and 6.x all ok. - The update involves a windows/dos exe, not my cup of tea, so I've not done it yet. - There *should* be this little upload hack in the driver source, which updates the firmware by uncommenting some line in the driver makefile- I tried this, it didn't work at all for me. I'll definately post to list once I get around to updating the card firmware, but for now, I've got other fish to fry... Rocket- .ike From lists Wed Jan 18 13:43:40 2006 From: lists (michael) Date: Wed, 18 Jan 2006 13:43:40 -0500 Subject: [nycbug-talk] 2x 3Ware Escalade 9500S-4LP SATA In-Reply-To: <7512A85C-8A51-48BF-88A2-F2C0085AFB19@lesmuug.org> References: <17529-05903@sneakemail.com> <7512A85C-8A51-48BF-88A2-F2C0085AFB19@lesmuug.org> Message-ID: <20060118134340.3694ce93@wit.genoverly.home> On Wed, 18 Jan 2006 13:30:29 -0500 Isaac Levy wrote: > - The update involves a windows/dos exe, not my cup of tea, so I've > not done it yet. Firm/flash/bios updates frequently require using exe. Which is a bummer. They REALLY SHOULD provide a bootable CD for that purpose. I have found that booting the machine to DOS using a bootable CD (see http://www.freedos.org/ for iso's) allows one to insert a diskette -or- hookup an external usb drive; and run windows executables. That is how I flash all my dell desktops and servers. -- Michael From dlavigne6 Wed Jan 18 17:29:43 2006 From: dlavigne6 (Dru) Date: Wed, 18 Jan 2006 17:29:43 -0500 (EST) Subject: [nycbug-talk] kernel developer, location not important Message-ID: <20060118172904.M544@dru.domain.org> I have a client which is looking for a kernel developer, details follow. If you're interested, please send your resume directly to me by Sunday, January 22. I'll forward it to the client and send you the contact details for followup. Dru --- - MUST have experience in BSD kernel programming - preferred experience in the part of the filesystem dealing with accessing device drivers, memory management and process management - the project is currently on ARM on NetBSD but any architecture experience on any BSD is fine - the project will be a custom OS for a cellular device - location is not important From george Wed Jan 18 23:12:00 2006 From: george (George R.) Date: Wed, 18 Jan 2006 23:12:00 -0500 Subject: IPv6 Migrations (was) Re: [nycbug-talk] Re: some comments on Shmoo. . . In-Reply-To: <43CC9FD4.4040402@hacktek.com> References: <2006011707373801500dc900e@A@000000000000@comcast.net> <43CC9FD4.4040402@hacktek.com> Message-ID: <43CF1190.3020001@sddi.net> QuiGon wrote: >> On Mon, 16 Jan 2006, George R. wrote: >> >> Once again, ShmooCon in DC was an excellent conference. > > > > I agree whole heartedly. I appreciate the time George, Ike and Mark > took to chat with myself and some friends who came up from Jacksonville, I think you and your buddy Mark were wildly more interesting than me, Ike and (our) Marc. Maybe just to us since we see each other all the time. > FL for the conference. I will say I've used archives of your list quite > a bit in troubleshooting issues I've had with *BSD. I look forward to That's the highest form of flattery this list could have. This isn't the west coast, japan or europe where the BSDs have a higher profile... We're in a boring stuffy city of finance firms. ;-) > attending (or speaking, as George has insisted, on IPv6) one of the NYC well, why don't you tell them why. I don't just invite people since they're from Florida or something ;-' > BUG meetings in the near future. It's communities like this and > conferences like ShmooCon that keep my faith in humanity alive. Thanks > for your help, and keep up the good work. > > --QuiGon (new member/poster) > Welcome aboard. . . looking forward to you raising a discussion on IPv6 migration in the US. .. I know there are many others to chime in on this, including Alex at Pilosoft, the NYI guys, Spork from BWay, and that's just some those with ISPs/hosting firms. . . You raised interesting stuff on IPv6 migration. We all know that the US drags its feet on it since the US has control of most of the public network addresses. And Japan is full steam ahead with implementation by 2008 (?) and so is China. What are the concrete steps others are taking in this direction. NAT and dominance of IPv4 only takes US isv's so far. . . g From lists Thu Jan 19 08:40:33 2006 From: lists (michael) Date: Thu, 19 Jan 2006 08:40:33 -0500 Subject: [nycbug-talk] security advisory Message-ID: <20060119084033.6de04acb@wit.genoverly.home> Does anyone here take exception to what Jason Miller has written? -- Michael ------------------------------------------------ How not to respond to a security advisory Jason Miller, 2006-01-18 A recently announced weakness in the BSD securelevel system isn't going to be fixed in OpenBSD. While securelevel may have problems, the vendor's security response is unacceptable and doesn't fit with their stated goals. Recently, I stumbled across an interesting security advisory by RedTeam Pentesting, that discussed a vulnerability in a few implementations of the BSD securelevel system. There were two different issues, each affecting different implementations. As usual, I carefully read through the advisories trying to understand what sort of impact the vulnerabilities had, how disclosure had been done, and that sort of thing. Once I got to the Fix section of the advisory, something caught my eye immediately. No fix will be released for OpenBSD. To quote Theo de Raadt: "Sorry, we are going to change nothing. Securelevels are useless." http://www.securityfocus.com/columnists/380 From njt Thu Jan 19 09:43:34 2006 From: njt (N.J. Thomas) Date: Thu, 19 Jan 2006 09:43:34 -0500 Subject: [nycbug-talk] security advisory In-Reply-To: <20060119084033.6de04acb@wit.genoverly.home> References: <20060119084033.6de04acb@wit.genoverly.home> Message-ID: <20060119144334.GL2757@ayvali.org> * michael [2006-01-19 08:40:33 -0500]: > > A recently announced weakness in the BSD securelevel system isn't > > going to be fixed in OpenBSD. > > > No fix will be released for OpenBSD. To quote Theo de Raadt: "Sorry, > > we are going to change nothing. Securelevels are useless." > > Does anyone here take exception to what Jason Miller has written? I evaluated using securelevels for FreeBSD 5 about a year ago and decided not to use it because there were too many potential ways to circumvent it, so I am somewhat inclined to agree with de Raadt in saying that securelevels are useless. Why they don't remove it altogether is a good question. My guess is that it is easier to leave those chunks of code in the OS rather than tear them out? I wish I had the list with me that I found back then --it was just a bunch of different ways to get around chflag'd files. I googled for it right now but couldn't find it. Thomas -- N.J. Thomas njt at ayvali.org Etiamsi occiderit me, in ipso sperabo From nycbug Thu Jan 19 10:19:30 2006 From: nycbug (Ray Lai) Date: Thu, 19 Jan 2006 10:19:30 -0500 Subject: [nycbug-talk] security advisory In-Reply-To: <20060119084033.6de04acb@wit.genoverly.home> References: <20060119084033.6de04acb@wit.genoverly.home> Message-ID: <20060119151930.GA11779@syntax.cyth.net> This is also being discussed on undeadly: http://undeadly.org/cgi?action=article&sid=20060119131526&mode=expanded -Ray- From ike Thu Jan 19 10:21:34 2006 From: ike (Isaac Levy) Date: Thu, 19 Jan 2006 10:21:34 -0500 Subject: [nycbug-talk] security advisory In-Reply-To: <20060119084033.6de04acb@wit.genoverly.home> References: <20060119084033.6de04acb@wit.genoverly.home> Message-ID: <9A1AD45D-1BD4-4201-A3B5-0CF80A491429@lesmuug.org> Thanks for posting this MW, First thought towards author: Lighten up Francis. On Jan 19, 2006, at 8:40 AM, michael wrote: > Does anyone here take exception to what Jason Miller has written? > -- > > Michael > > ------------------------------------------------ > How not to respond to a security advisory > Jason Miller, 2006-01-18 > > A recently announced weakness in the BSD securelevel system isn't > going > to be fixed in OpenBSD. While securelevel may have problems, the > vendor's security response is unacceptable and doesn't fit with their > stated goals. > > No fix will be released for OpenBSD. To quote Theo de Raadt: > > "Sorry, we are going to change nothing. Securelevels are useless." > > http://www.securityfocus.com/columnists/380 Second thought, to the list: What kind of expectations do OpenBSD consumers really have with regard to this kind of thing, (outside of the tech for this particular case)? Third thought, worth approx. 02?: If the bona-fide security and business world doesn't like the UNIX- rocker attitudes backing OpenBSD, why do they use it so darned much? Perhaps the SecurityFocus author should stick to RedHat, their PR people keep these words behind closed doors... I mean, really, at least the world knows where Theo and OpenBSD Openly stand- and aren't going to wait around hemming-and-hawing, while the 'vendor' never gets around to releasing a patch... VERBOSE OUTPUT (I beg yall' to skip reading my blabbing here): -- historical tech context: Theo was involved with this exact class of problem before, 4.4BSD mmap () Vulnerability, circa 1998. http://www.insecure.org/sploits/bsd.mmap.chardevice.html ike-commentary: After reading the article, which is quite critical of Theo's statement, I technically back Theo from a design and implimentation perspective, although I feel that in his position, his style of issuing hammer-blunt categorical imperatives can easily be taken poorly by the press; and this is a repeated problem (perhaps). I think many us us agree Theo should perhaps discuss a bit more about *why* he thinks this way, but lets look at the reality of the situation, since we're all maybe closer to this than the Security Focus author: - Theo has a lot of stuff to get done in a day - Theo doesn't have time to debate details ad-nausieum, and seems he'd rather just issue blank statements that turn people off (and get them out of his hair, and the community) - Theo isn't such a bad guy, he's just intolerant with people being unrealistic over security and tech For the record, as much as I've used and enjoyed many BSD UNIX systems, I heavily use FreeBSD in production- and use a *wee* bit of OpenBSD for specific tasks. (i.e. I don't really have any ties to OpenBSD, yet I'll back Theo on this- technically, I like the spirit of his tone.) -- Also, this statement is indicative of something I haven't heard anyone clearly state about OpenBSD: they seem to be working on securing systems by reducing their edge-case awareness of end applications. Problem is, this is bad from a marketing perspective. (i.e. it's a few freaks like me who get exited about systems that are feature-light). (Some folks were with me in Canada last year while I debated the merit of jail(8) with Henning Brauer and MSF, and I can quote Henning as saying "What's the use of jail, if you run crap software, it doesn't matter if it's in a jail or not, it's still crap (insecure) software." While I agree with him whole-heartedly, (and with a snort, disregarding the interpretation that FreeBSD has crap userland software), it tells me that nobody actively developing for OpenBSD considers jailing mutually untrusted users as anything but an edge- case, which I can't argue with at all.) ike-summary: Technologically, I'll back Theo here, securelevels are a band-aid, always have been- but I'll state that there are edge-cases (and perhaps ancient software) which rely on them in many contexts. Regardless, I believe the author of the SecurityFocus article simply missed the reasons behind Theo's tone. -- As a related tangent, has anyone compared pictures of Joe Strummer and Theo DeRaadt? See where I see? http://www.double-whammy.com/photos/Joe_Strummer.jpg http://www.theepochtimes.com/news_images/2005-7-6-deraadt2.jpg Rocket- .ike From ike Thu Jan 19 10:28:41 2006 From: ike (Isaac Levy) Date: Thu, 19 Jan 2006 10:28:41 -0500 Subject: IPv6 Migrations (was) Re: [nycbug-talk] Re: some comments on Shmoo. . . In-Reply-To: <43CF1190.3020001@sddi.net> References: <2006011707373801500dc900e@A@000000000000@comcast.net> <43CC9FD4.4040402@hacktek.com> <43CF1190.3020001@sddi.net> Message-ID: <705F0D21-23BC-4D80-B304-16BA5513E37C@lesmuug.org> Correction Gman, On Jan 18, 2006, at 11:12 PM, George R. wrote: > This isn't the west coast, japan or europe where the BSDs have a > higher profile... We're in a boring stuffy city of finance firms. ;-) < .02? Don't forget the folks like me who work primarily with creative, media, and design-engineering firms- I see BSD UNIX all over town... (sure, it's MacOSX, but...) :P Rocket- .ike From george Thu Jan 19 10:30:17 2006 From: george (George R.) Date: Thu, 19 Jan 2006 10:30:17 -0500 Subject: IPv6 Migrations (was) Re: [nycbug-talk] Re: some comments on Shmoo. . . In-Reply-To: <705F0D21-23BC-4D80-B304-16BA5513E37C@lesmuug.org> References: <2006011707373801500dc900e@A@000000000000@comcast.net> <43CC9FD4.4040402@hacktek.com> <43CF1190.3020001@sddi.net> <705F0D21-23BC-4D80-B304-16BA5513E37C@lesmuug.org> Message-ID: <43CFB089.6090406@sddi.net> Isaac Levy wrote: > Correction Gman, > > On Jan 18, 2006, at 11:12 PM, George R. wrote: > >> This isn't the west coast, japan or europe where the BSDs have a >> higher profile... We're in a boring stuffy city of finance firms. ;-) > > < .02? > Don't forget the folks like me who work primarily with creative, media, > and design-engineering firms- I see BSD UNIX all over town... (sure, > it's MacOSX, but...) > > :P Oh, now I'm sure *they're* all set for IPv6 ;-' g From ike Thu Jan 19 10:49:50 2006 From: ike (Isaac Levy) Date: Thu, 19 Jan 2006 10:49:50 -0500 Subject: IPv6 Migrations (was) Re: [nycbug-talk] Re: some comments on Shmoo. . . In-Reply-To: <43CFB089.6090406@sddi.net> References: <2006011707373801500dc900e@A@000000000000@comcast.net> <43CC9FD4.4040402@hacktek.com> <43CF1190.3020001@sddi.net> <705F0D21-23BC-4D80-B304-16BA5513E37C@lesmuug.org> <43CFB089.6090406@sddi.net> Message-ID: Word, On Jan 19, 2006, at 10:30 AM, George R. wrote: > Isaac Levy wrote: >> Correction Gman, >> On Jan 18, 2006, at 11:12 PM, George R. wrote: >>> This isn't the west coast, japan or europe where the BSDs have a >>> higher profile... We're in a boring stuffy city of finance >>> firms. ;-) >> < .02? >> Don't forget the folks like me who work primarily with creative, >> media, and design-engineering firms- I see BSD UNIX all over >> town... (sure, it's MacOSX, but...) >> :P > > Oh, now I'm sure *they're* all set for IPv6 ;-' > > g Well, actually, yes- much better than the business community. The Layer1 network infrastructure is generally much 'dumber' in media circles, (relatively little Layer2/3 switching, cheaper routers, etc...) This is mostly because IT hasn't really been a core profit center for media businesses, so they don't spend as much on it. With that, their routers are really the only things which need replacing for IPV6- so they have it cheap there. Also, they'll be simpler to deploy, as the networks are generally more modular and broken up into little self-maintaining chunks (at least more modular than I've seen at many finance firms, large and small). At the IP layer, they simply need the proliferation of more mature routers, at varying scales- (easier to use and deploy en' masse). Think Linksys, Netgear, this is your queue- get on the ball... At the workstation end of the IP layer, it's a lot of Macs, so not a big deal there- they have Gui's to set IPV6 network settings. There's not many other legacy OS's to deal with, and the Windows machines that can't do IPV6 are few and far between. At the application layer end of things, realistically, people will need: file servers, (Samba does IPV6), and Web Servers (Apache does IPV6- as does every other relevant web/application server with any user base these days). Common languages like Python, PHP, Perl; all in active use in 'media' businesses, are all ready for IPV6. -- So reporting tersely from this side, 'my world' is fairly ready for IPV6, seems to me the network hardware vendors, and in-particular the overall internet, are not... (Where's Al Gore when we need him to invent Internet2 for the public?) Rocket- .ike From george Thu Jan 19 12:23:31 2006 From: george (George R.) Date: Thu, 19 Jan 2006 12:23:31 -0500 Subject: [nycbug-talk] Sourceforge review of FBSD 6.0 Message-ID: <43CFCB13.8010406@sddi.net> http://os.newsforge.com/os/06/01/03/1957255.shtml?tid=8 The most useful point is in the comments, where a couple of people raise the issue that this and other OS reviews are 'how does it feel' as opposed to looking at the changelog. I think there's more to FBSD wireless support than wi. . . I had that back on 4.x a good number of years ago. Yet it's referenced as a point. But now we're enjoying WPA (in so far as it can be enjoyed), and it's not even mentioned. But that's typical of software reviews on OSNews, Sourceforge, etc. It would really be more interesting if people talked about the technology, rather than projecting their last therapy session. However, at least the article was sympathetic. . . g From george Thu Jan 19 13:33:59 2006 From: george (George R.) Date: Thu, 19 Jan 2006 13:33:59 -0500 Subject: [nycbug-talk] announce and talk lists Message-ID: <43CFDB97.7010409@sddi.net> As stated before, if you're on our talk list, but not announce, you won't get announces. We do not cross post. So subscribe at lists.nycbug.org An announce was just sent about our Tor server in the colo which is up and operational. g From jschauma Thu Jan 19 13:59:35 2006 From: jschauma (Jan Schaumann) Date: Thu, 19 Jan 2006 13:59:35 -0500 Subject: [nycbug-talk] announce and talk lists In-Reply-To: <43CFDB97.7010409@sddi.net> References: <43CFDB97.7010409@sddi.net> Message-ID: <20060119185935.GC17194@netmeister.org> "George R." wrote: > An announce was just sent about our Tor server in the colo which is up > and operational. Hey now! That's a neat service. What kind of exit policy does this tor server have? Is this a hidden service? What EntryNodes do you guys have configured? Idle curiosity... -Jan -- "Drink up. The world's about to end." "This must be Thursday. I never could get the hang of Thursdays." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.nycbug.org/pipermail/talk/attachments/20060119/c8a1ff5c/attachment.bin From nycbug Thu Jan 19 14:26:39 2006 From: nycbug (Ray Lai) Date: Thu, 19 Jan 2006 14:26:39 -0500 Subject: [nycbug-talk] announce and talk lists In-Reply-To: <20060119185935.GC17194@netmeister.org> References: <43CFDB97.7010409@sddi.net> <20060119185935.GC17194@netmeister.org> Message-ID: <20060119192639.GB26801@syntax.cyth.net> On Thu, Jan 19, 2006 at 01:59:35PM -0500, Jan Schaumann wrote: > "George R." wrote: > > An announce was just sent about our Tor server in the colo which is up > > and operational. > > Hey now! That's a neat service. What kind of exit policy does this tor > server have? Is this a hidden service? What EntryNodes do you guys > have configured? Everything is default except we have a 2 megabit cap and the ORPort and DirPort are set to https and www. -Ray- From spork Thu Jan 19 15:10:52 2006 From: spork (Charles Sprickman) Date: Thu, 19 Jan 2006 15:10:52 -0500 (EST) Subject: [nycbug-talk] security advisory In-Reply-To: <20060119084033.6de04acb@wit.genoverly.home> References: <20060119084033.6de04acb@wit.genoverly.home> Message-ID: I'm logging into all my jail boxes and running "chflags -R noschg /", since securelevels are now officially useless. Onion, shmonion! C On Thu, 19 Jan 2006, michael wrote: > Does anyone here take exception to what Jason Miller has written? > -- > > Michael > > ------------------------------------------------ > How not to respond to a security advisory > Jason Miller, 2006-01-18 > > A recently announced weakness in the BSD securelevel system isn't going > to be fixed in OpenBSD. While securelevel may have problems, the > vendor's security response is unacceptable and doesn't fit with their > stated goals. Recently, I stumbled across an interesting security > advisory by RedTeam Pentesting, that discussed a vulnerability in a few > implementations of the BSD securelevel system. There were two different > issues, each affecting different implementations. As usual, I carefully > read through the advisories trying to understand what sort of impact > the vulnerabilities had, how disclosure had been done, and that sort of > thing. Once I got to the Fix section of the advisory, something caught > my eye immediately. > > No fix will be released for OpenBSD. To quote Theo de Raadt: > > "Sorry, we are going to change nothing. Securelevels are useless." > > http://www.securityfocus.com/columnists/380 > > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From ike Thu Jan 19 15:32:36 2006 From: ike (Isaac Levy) Date: Thu, 19 Jan 2006 15:32:36 -0500 Subject: [nycbug-talk] security advisory In-Reply-To: References: <20060119084033.6de04acb@wit.genoverly.home> Message-ID: <7866ECF2-0305-4B8B-954D-8FF718135081@lesmuug.org> Hi Charles, On Jan 19, 2006, at 3:10 PM, Charles Sprickman wrote: > I'm logging into all my jail boxes and running "chflags -R > noschg /", since securelevels are now officially useless. > > Onion, shmonion! > > C ? Well, you'd have to mount some other filesystem on top of the files you wish to circumvent first? Unless I'm missing something truly awful here... http://packetstormsecurity.org/0601-exploits/rt-sa-2005-15.txt Rocket- .ike From spork Thu Jan 19 15:46:44 2006 From: spork (Charles Sprickman) Date: Thu, 19 Jan 2006 15:46:44 -0500 (EST) Subject: [nycbug-talk] security advisory In-Reply-To: <7866ECF2-0305-4B8B-954D-8FF718135081@lesmuug.org> References: <20060119084033.6de04acb@wit.genoverly.home> <7866ECF2-0305-4B8B-954D-8FF718135081@lesmuug.org> Message-ID: On Thu, 19 Jan 2006, Isaac Levy wrote: > Hi Charles, > > On Jan 19, 2006, at 3:10 PM, Charles Sprickman wrote: > >> I'm logging into all my jail boxes and running "chflags -R noschg /", since >> securelevels are now officially useless. >> >> Onion, shmonion! >> >> C I'm just having fun with Theo's "securelevels are useless" response. They may not be a perfect solution, but to just discard the whole idea (flaws and all), you lose a layer of security. Layers are good. > ? Well, you'd have to mount some other filesystem on top of the files you > wish to circumvent first? > Unless I'm missing something truly awful here... > > http://packetstormsecurity.org/0601-exploits/rt-sa-2005-15.txt I think I'm missing something too... The example shows someone nfs mounting a directory over an existing, populated directory. The guy is then shocked that the flags from the files under that filesystem do not show up??? I don't think I'd expect that. Is he suggesting that changes made to the nfs mounted directory will somehow remain after the nfs dir is unmounted??? If this is all the fuss, then I guess I understand why Theo is going into "shut up and go away" mode. C > Rocket- > .ike > > > From ike Thu Jan 19 15:56:54 2006 From: ike (Isaac Levy) Date: Thu, 19 Jan 2006 15:56:54 -0500 Subject: [nycbug-talk] security advisory In-Reply-To: References: <20060119084033.6de04acb@wit.genoverly.home> <7866ECF2-0305-4B8B-954D-8FF718135081@lesmuug.org> Message-ID: <963E1145-EE6D-45A7-A205-13F6EF98C7A5@lesmuug.org> Hi Charles, On Jan 19, 2006, at 3:46 PM, Charles Sprickman wrote: >> ? Well, you'd have to mount some other filesystem on top of the >> files you wish to circumvent first? >> Unless I'm missing something truly awful here... >> >> http://packetstormsecurity.org/0601-exploits/rt-sa-2005-15.txt > > I think I'm missing something too... The example shows someone nfs > mounting a directory over an existing, populated directory. Yes. > The guy is then shocked that the flags from the files under that > filesystem do not show up??? I don't think I'd expect that. Well, me neither- it just seems nobody has thought of or tried this scenario yet. > Is he suggesting that changes made to the nfs mounted directory > will somehow remain after the nfs dir is unmounted??? No- simply suggesting that particular files could be overwritten which could allow a user to do malicious things while the volume is mounted. Dirty things can happen, but it's a long shot, really. In the case of jails, I have a hard time seeing how the jailed servers would be able to escape the securelevels, unless the nfs volume was somehow mounted before the rc/jail mechanism starts the jail... So with that, you could 'chflags -R -noschg /' in your jail while exploiting this, but you'd simply chflags the files you've overwritten (and that is only if the jail was started in a low/normal securelevel, where jailed root can do this anyhow). I'm trying really hard to think up a case where this could be used to compromise the host, (even based on resource attacks, etc...), but I can't think of any? > > If this is all the fuss, then I guess I understand why Theo is > going into "shut up and go away" mode. Well, yeah. Rocket- .ike From nycbug Thu Jan 19 15:58:35 2006 From: nycbug (Ray Lai) Date: Thu, 19 Jan 2006 15:58:35 -0500 Subject: [nycbug-talk] security advisory In-Reply-To: References: <20060119084033.6de04acb@wit.genoverly.home> <7866ECF2-0305-4B8B-954D-8FF718135081@lesmuug.org> Message-ID: <20060119205835.GA8408@syntax.cyth.net> On Thu, Jan 19, 2006 at 03:46:44PM -0500, Charles Sprickman wrote: > On Thu, 19 Jan 2006, Isaac Levy wrote: > >On Jan 19, 2006, at 3:10 PM, Charles Sprickman wrote: > >>I'm logging into all my jail boxes and running "chflags -R noschg /", > >>since securelevels are now officially useless. > >> > >>Onion, shmonion! > > I'm just having fun with Theo's "securelevels are useless" response. They > may not be a perfect solution, but to just discard the whole idea (flaws > and all), you lose a layer of security. Layers are good. Securelevels are not file flags. -Ray- From lists Thu Jan 19 16:12:51 2006 From: lists (michael) Date: Thu, 19 Jan 2006 16:12:51 -0500 Subject: [nycbug-talk] NetBSD Live CD Message-ID: <20060119161251.01aaba06@wit.genoverly.home> This was brought to my attention. This looks like an interesting project http://arudius.sourceforge.net/ >From their website: NeWBIE This acronym is pronounced just like the word "newbie" and stands for (Ne)tBSD (W)are (B)urned (I)n (E)conomy. Newbie is a NetBSD live CD similar in spirit to the well-known FreeSBIE live CD. Newbie currently caters to the desktop-user (i.e. with applications for web browsing, chat, multimedia, document editing, etc) but will also serve as a core for creating a NetBSD version of Arudius (see below) - a network security auditing tool. Why based on NetBSD? Because contrary to the popular opinion, NetBSD is not some obscure *BSD flavor that is only good for powering your toaster, but is a powerful, flexible and highly portable operating system. In many aspects it is better than its more famous cousins. Did you know that NetBSD recently broke and still holds the record for network data transfer speed? Read about the achievement. And what about speed and scalability? Note the first item of the "News" section:-) -- Michael From spork Thu Jan 19 16:40:44 2006 From: spork (Charles Sprickman) Date: Thu, 19 Jan 2006 16:40:44 -0500 (EST) Subject: [nycbug-talk] security advisory In-Reply-To: <20060119205835.GA8408@syntax.cyth.net> References: <20060119084033.6de04acb@wit.genoverly.home> <7866ECF2-0305-4B8B-954D-8FF718135081@lesmuug.org> <20060119205835.GA8408@syntax.cyth.net> Message-ID: On Thu, 19 Jan 2006, Ray Lai wrote: > On Thu, Jan 19, 2006 at 03:46:44PM -0500, Charles Sprickman wrote: >> On Thu, 19 Jan 2006, Isaac Levy wrote: >>> On Jan 19, 2006, at 3:10 PM, Charles Sprickman wrote: >>>> I'm logging into all my jail boxes and running "chflags -R noschg /", >>>> since securelevels are now officially useless. >>>> >>>> Onion, shmonion! >> >> I'm just having fun with Theo's "securelevels are useless" response. They >> may not be a perfect solution, but to just discard the whole idea (flaws >> and all), you lose a layer of security. Layers are good. > > Securelevels are not file flags. But file flags aren't much fun if you can change a file from "schg" to "noschg", and without securelevels, you can do that. An example: root at jailhost[/jails/jail1/etc]# chflags schg login.conf.db root at jail1[/etc]# id uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator) root at jail1[/etc]# cp /tmp/login.conf.db login.conf.db cp: login.conf.db: Operation not permitted root at jail1[/etc]# chflags noschg login.conf.db chflags: login.conf.db: Operation not permitted While this is some jail trickery that's emulating securelevel file flag behaviour in the jail, it illustrates a use that I feel at least helps make the barrier to entry for an attacker a little higher. Additionally, setting the schg on a directory seems to stop someone from layering something on top of it: root at jailhost[/jails/jail1/etc/pam.d]# chflags schg . root at jail1[/etc]# mkdir /tmp/pam.d root at jail1[/etc]# touch /tmp/pam.d/sshd root at jail1[/etc]# mount_nullfs /tmp/pam.d pam.d mount_nullfs: Operation not permitted Charles > -Ray- > From ike Thu Jan 19 17:29:22 2006 From: ike (Isaac Levy) Date: Thu, 19 Jan 2006 17:29:22 -0500 Subject: [nycbug-talk] security advisory In-Reply-To: References: <20060119084033.6de04acb@wit.genoverly.home> <7866ECF2-0305-4B8B-954D-8FF718135081@lesmuug.org> <20060119205835.GA8408@syntax.cyth.net> Message-ID: On Jan 19, 2006, at 4:40 PM, Charles Sprickman wrote: > On Thu, 19 Jan 2006, Ray Lai wrote: > >> On Thu, Jan 19, 2006 at 03:46:44PM -0500, Charles Sprickman wrote: >>> On Thu, 19 Jan 2006, Isaac Levy wrote: >>>> On Jan 19, 2006, at 3:10 PM, Charles Sprickman wrote: >>>>> I'm logging into all my jail boxes and running "chflags -R >>>>> noschg /", >>>>> since securelevels are now officially useless. >>>>> >>>>> Onion, shmonion! >>> >>> I'm just having fun with Theo's "securelevels are useless" >>> response. They >>> may not be a perfect solution, but to just discard the whole idea >>> (flaws >>> and all), you lose a layer of security. Layers are good. >> >> Securelevels are not file flags. > > But file flags aren't much fun if you can change a file from "schg" > to "noschg", and without securelevels, you can do that. > > An example: > > root at jailhost[/jails/jail1/etc]# chflags schg login.conf.db > > root at jail1[/etc]# id > uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator) > > root at jail1[/etc]# cp /tmp/login.conf.db login.conf.db > cp: login.conf.db: Operation not permitted > > root at jail1[/etc]# chflags noschg login.conf.db > chflags: login.conf.db: Operation not permitted > > While this is some jail trickery that's emulating securelevel file > flag behaviour in the jail, it illustrates a use that I feel at > least helps make the barrier to entry for an attacker a little higher. > > Additionally, setting the schg on a directory seems to stop someone > from layering something on top of it: > > root at jailhost[/jails/jail1/etc/pam.d]# chflags schg . > > root at jail1[/etc]# mkdir /tmp/pam.d > root at jail1[/etc]# touch /tmp/pam.d/sshd root at jail1[/etc]# > mount_nullfs /tmp/pam.d pam.d > mount_nullfs: Operation not permitted > > Charles Well 3 cheers to Charles for actually taking time to test and provide some examples! Rocket- .ike From nycbug Thu Jan 19 17:33:07 2006 From: nycbug (Aditya Chadha) Date: Thu, 19 Jan 2006 17:33:07 -0500 Subject: [nycbug-talk] FreeBSD on an Abit AN8 SLI Message-ID: <9450a34a0601191433y6fc48e99qe74c671913f82363@mail.gmail.com> Hello, I'm new to FreeBSD and just got 6.0-STABLE set up on a new box with an Abit AN8 SLI motherboard with on-board wired ethernet. Unfortunately it doesn't look like 6.0-STABLE has stable support for the nve0 ethernet device since I can't even get it to get an IP using dhclient (keep getting device timeout errors). Googling for nve0 leads me to believe that a fix may have been committed to src/sys/dev/if_nve.c very recently but I'm not sure if there is a way to burn an ISO of -current that I can then use to recognize my on-board ethernet? I also have a trendnet 802.11g pci card that doesn't even show up on pciconf for some weird reason (it is unsupported but this makes me wonder if the motherboard is even recognizing the card at all?). I suppose my question really is this: is there a way to get to -current without network connectivity of any sort? or, would it just be much simpler to buy a supported NIC (~$20) and use that to go -current? -A From kacanski_s Fri Jan 20 17:39:37 2006 From: kacanski_s (Aleksandar Kacanski) Date: Fri, 20 Jan 2006 14:39:37 -0800 (PST) Subject: [nycbug-talk] Laptop recommendations Message-ID: <20060120223937.13441.qmail@web53607.mail.yahoo.com> If anyone has suggestion on the laptop model that will play nice w FreeBSD and be under $1300. please pass a comment. So far I wound R52 IBM thinkpad and SONY VAIO VGN-FS79OB01 that offer lots for price under 1300. Regards, Sasha Aleksandar (Sasha) Kacanski __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From nomadlogic Fri Jan 20 18:05:27 2006 From: nomadlogic (pete wright) Date: Fri, 20 Jan 2006 15:05:27 -0800 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: <20060120223937.13441.qmail@web53607.mail.yahoo.com> References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> Message-ID: <57d710000601201505y5e3625d0y44b648b2d0c31759@mail.gmail.com> On 1/20/06, Aleksandar Kacanski wrote: > If anyone has suggestion on the laptop model that will > play nice w FreeBSD and be under $1300. please pass a > comment. > So far I wound R52 IBM thinkpad and SONY VAIO > VGN-FS79OB01 that offer lots for price under 1300. > I would not suggest the sony. Lenovo/IBM/what ever they are called are pretty good. Also check the dmesgd page at nycbug.org...that may help: http://nycbug.org/index.php?NAV=dmesgd -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From mspitzer Fri Jan 20 19:03:27 2006 From: mspitzer (Marc Spitzer) Date: Fri, 20 Jan 2006 19:03:27 -0500 Subject: [nycbug-talk] web testing framework/tool, runs in browser(s) Message-ID: <8c50a3c30601201603n143dcfdei892136367447785@mail.gmail.com> You might find this usefull: http://www.openqa.org/selenium/ marc -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From riegersteve Fri Jan 20 19:36:08 2006 From: riegersteve (Steve Rieger) Date: Fri, 20 Jan 2006 16:36:08 -0800 Subject: [nycbug-talk] SVN question Message-ID: hi all, my mind is asleep and i cant figure this one out. am wanting the following setup on server test1 /etc import /etc into svn (repository) (which runs locally) modify files using svn locally (working copies) (on my laptop) when done modifying, will commit to repository, so far so good. now how can i tell repository to copy the files that i modified from the repo back into /etc say i want to edit /etc/hosts i modify it on my laptop, commit the change up to the repository, and then how would i get the modified file in place in /etc this is a pretty stupid question but i could use the help now, its been a long week thanx all -- Steve Rieger riegersteve at gmail.com 310-339-4355 Ride Free, Ride On, Ride Safe I had the blues because I had no shoes until upon the street, I met a man who had no feet. Biker Blue From nomadlogic Fri Jan 20 19:46:35 2006 From: nomadlogic (pete wright) Date: Fri, 20 Jan 2006 16:46:35 -0800 Subject: [nycbug-talk] SVN question In-Reply-To: References: Message-ID: <57d710000601201646v5b36687fx115f92b162804783@mail.gmail.com> On 1/20/06, Steve Rieger wrote: > hi all, my mind is asleep and i cant figure this one out. > > > am wanting the following setup > > on server test1 /etc > import /etc into svn (repository) (which runs locally) > modify files using svn locally (working copies) (on my laptop) > when done modifying, will commit to repository, > > so far so good. > > now how can i tell repository to copy the files that i modified from > the repo back into /etc > > say i want to edit /etc/hosts i modify it on my laptop, commit the > change up to the repository, and then how would i get the modified > file in place in /etc > > > make...er with a Makefile like so maybe? CATEGORY=sysadm_general FILES=update.conf cfservd.conf cfagent.conf SHELL=/bin/ksh MODE=444 default: clean: @-rm *~ permission: @if [ `whoami` != 'root' ]; then \ echo "must be root to run 'make install'" ; \ exit 1; \ fi install: permission @if check; then \ chmod 444 ${FILES}; \ chown root.wheel ${FILES}; \ echo "Copying CFengine configs to production area.";\ /bin/cp /var/cfengine/inputs/${FILES} /var/bu/cfengine/;\ /bin/cp ${FILES} /var/cfengine/inputs/; \ fi I guess you would want to change the install section, and the "FILES" section to reflect what lives in your svn repo... HTH -pete > > this is a pretty stupid question but i could use the help now, its > been a long week > > right there with you ;) -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From nycbug-list Fri Jan 20 19:57:14 2006 From: nycbug-list (Jonathan Vanasco) Date: Fri, 20 Jan 2006 19:57:14 -0500 Subject: [nycbug-talk] SVN question In-Reply-To: <57d710000601201646v5b36687fx115f92b162804783@mail.gmail.com> References: <57d710000601201646v5b36687fx115f92b162804783@mail.gmail.com> Message-ID: <886F8A78-6CFD-44AC-8F26-D8616DA50B99@2xlp.com> easiest way is to make /etc a svn copy $ su # cd / # svn co http://secure.svn.repo/configs/machine_id/etc etc_svn # rm -rf etc && mv etc_svn etc # exit then you just $ su # svn up /etc and all your files are updated > On 1/20/06, Steve Rieger wrote: >> hi all, my mind is asleep and i cant figure this one out. >> >> >> am wanting the following setup >> >> on server test1 /etc >> import /etc into svn >> (repository) (which >> runs locally) >> modify files using svn locally (working copies) >> (on my laptop) >> when done modifying, will commit to repository, >> >> so far so good. >> >> now how can i tell repository to copy the files that i modified from >> the repo back into /etc >> >> say i want to edit /etc/hosts i modify it on my laptop, commit the >> change up to the repository, and then how would i get the modified >> file in place in /etc From bob Fri Jan 20 23:41:10 2006 From: bob (Bob Ippolito) Date: Fri, 20 Jan 2006 20:41:10 -0800 Subject: [nycbug-talk] SVN question In-Reply-To: <886F8A78-6CFD-44AC-8F26-D8616DA50B99@2xlp.com> References: <57d710000601201646v5b36687fx115f92b162804783@mail.gmail.com> <886F8A78-6CFD-44AC-8F26-D8616DA50B99@2xlp.com> Message-ID: And if for whatever reason the ".svn" dirs get in the way, you could use svk to check out the repository instead. I've played around with it a bit for mirroring svn repositories and for doing version controlled development with a repository that I couldn't commit to -- worked out fine, no problems so far. http://svk.elixus.org/ -bob On Jan 20, 2006, at 4:57 PM, Jonathan Vanasco wrote: > easiest way is to make /etc a svn copy > > $ su > # cd / > # svn co http://secure.svn.repo/configs/machine_id/etc etc_svn > # rm -rf etc && mv etc_svn etc > # exit > > then you just > > $ su > # svn up /etc > > and all your files are updated > > >> On 1/20/06, Steve Rieger wrote: >>> hi all, my mind is asleep and i cant figure this one out. >>> >>> >>> am wanting the following setup >>> >>> on server test1 /etc >>> import /etc into svn >>> (repository) (which >>> runs locally) >>> modify files using svn locally (working copies) >>> (on my laptop) >>> when done modifying, will commit to repository, >>> >>> so far so good. >>> >>> now how can i tell repository to copy the files that i modified from >>> the repo back into /etc >>> >>> say i want to edit /etc/hosts i modify it on my laptop, commit the >>> change up to the repository, and then how would i get the modified >>> file in place in /etc > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month From nycbug-list Fri Jan 20 23:58:52 2006 From: nycbug-list (Jonathan Vanasco) Date: Fri, 20 Jan 2006 23:58:52 -0500 Subject: [nycbug-talk] SVN question In-Reply-To: References: <57d710000601201646v5b36687fx115f92b162804783@mail.gmail.com> <886F8A78-6CFD-44AC-8F26-D8616DA50B99@2xlp.com> Message-ID: <93721037-9496-4F32-9724-3A4AA24F3652@2xlp.com> in addition to that.. i think you could probably also generate a unified diff from svn between any 2 versions and then apply it to /etc as a patch file the issue would be that you'd need to know what version your /etc is at in order to get the diff from there to the head On Jan 20, 2006, at 11:41 PM, Bob Ippolito wrote: > And if for whatever reason the ".svn" dirs get in the way, you > could use svk to check out the repository instead. I've played > around with it a bit for mirroring svn repositories and for doing > version controlled development with a repository that I couldn't > commit to -- worked out fine, no problems so far. > > http://svk.elixus.org/ From lists Sat Jan 21 01:29:37 2006 From: lists (Francisco Reyes) Date: Sat, 21 Jan 2006 01:29:37 -0500 Subject: [nycbug-talk] Laptop recommendations References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> Message-ID: Aleksandar Kacanski writes: > If anyone has suggestion on the laptop model that will > play nice w FreeBSD and be under $1300. please pass a > comment. I have some issues with X, but for the most part FreeBSD works on a Compaq Presario V2000.. Will end up costing 800 after rebate. Only 3 complaints: -Only got it working under 800x600 so far.. but I believe drivers for the card are upcoming. -The machine gets pretty warm. -Resting writs on the area around the mouse pad area causes cursor to move around.. which I think it's pretty annoying at times. specially in the train. Performance wise the machine seems very adequate. I installed the AMD64 version of FreeBSD.. although it's power conversation features are not as mature as the i386 version. Overall for the price I think it is a pretty decent machine. From bschonhorst Sat Jan 21 10:24:49 2006 From: bschonhorst (Brad Schonhorst) Date: Sat, 21 Jan 2006 10:24:49 -0500 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> Message-ID: <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> On 1/21/06, Francisco Reyes wrote: > > Aleksandar Kacanski writes: > > > If anyone has suggestion on the laptop model that will > > play nice w FreeBSD and be under $1300. please pass a > > comment. I have really enjoyed my Fujitsu. I went with the P7010 which is TINY. Running FreeBSD 6 works well, even got the display to run at 1280x768. Only issue so far- I haven't gotten the cd burner to write a cd properly. I can play DVD's though. my notes: http://plumblossom.org/p7010d.htm my dmesg: http://nycbug.org/?NAV=dmesgd&dmesgd_criteria=&dmesgid=687#687 -Brad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nycbug.org/pipermail/talk/attachments/20060121/506caaec/attachment.html From lists Sat Jan 21 10:39:16 2006 From: lists (michael) Date: Sat, 21 Jan 2006 10:39:16 -0500 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> Message-ID: <20060121103916.51f9c93a@wit.genoverly.home> On Sat, 21 Jan 2006 10:24:49 -0500 Brad Schonhorst wrote: > I have really enjoyed my Fujitsu. I went with the P7010 which is > TINY. Running FreeBSD 6 works well, even got the display to run at > 1280x768. Only issue so far- I haven't gotten the cd burner to write > a cd properly. I can play DVD's though. > > my notes: > http://plumblossom.org/p7010d.htm > > my dmesg: > http://nycbug.org/?NAV=dmesgd&dmesgd_criteria=&dmesgid=687#687 > > -Brad Not in the price range specified in OP, but *very* cool little portable! updated link to product: http://store.shopfujitsu.com/fpc/Ecommerce/buildseriesbean.do?series=P7120 Froogle shows them around $1,700 at Newegg http://froogle.google.com/froogle?q=FPCM20751&hl=en&btnG=Search+Froogle&lmode=unknown -- Michael From danfay Sat Jan 21 11:04:06 2006 From: danfay (Daniel Fay) Date: Sat, 21 Jan 2006 11:04:06 -0500 Subject: [nycbug-talk] digests and Trish Lynch's talk Message-ID: <423dfb9e0601210804j21774908teadc86bfdf0b1e41@mail.gmail.com> There seems to be an issue with announce-nycbug digests - I just got a digest yesterday dating back to December 27th, and the list-owner address bounces :( Final-Recipient: rfc822; announce-nycbug-owner at lists.nycbug.org Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; mail for lists.nycbug.org loops back to myself I was also wondering if any slides are available for Trish Lynch's talk on Jan 4th - if so, I'd really appreciate it. Thanks, Dan From lists Sat Jan 21 12:03:20 2006 From: lists (Francisco Reyes) Date: Sat, 21 Jan 2006 12:03:20 -0500 Subject: [nycbug-talk] Laptop recommendations References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> Message-ID: Brad Schonhorst writes: > I have really enjoyed my Fujitsu.? I went with the P7010 which is TINY. A quick search.. and the prices for that one seem closer to 2,000 than to the 1,300 the poster was looking to spend. :-) From spork Sat Jan 21 15:10:52 2006 From: spork (Charles Sprickman) Date: Sat, 21 Jan 2006 15:10:52 -0500 (EST) Subject: [nycbug-talk] Laptop recommendations In-Reply-To: References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> Message-ID: On Sat, 21 Jan 2006, Francisco Reyes wrote: > Brad Schonhorst writes: > >> I have really enjoyed my Fujitsu.? I went with the P7010 which is TINY. > > A quick search.. and the prices for that one seem closer to 2,000 than to the > 1,300 the poster was looking to spend. :-) And that's getting into MacBook territory, two procs for the price of one! C > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From george Sat Jan 21 16:54:08 2006 From: george (George R.) Date: Sat, 21 Jan 2006 16:54:08 -0500 Subject: [nycbug-talk] digests and Trish Lynch's talk In-Reply-To: <423dfb9e0601210804j21774908teadc86bfdf0b1e41@mail.gmail.com> References: <423dfb9e0601210804j21774908teadc86bfdf0b1e41@mail.gmail.com> Message-ID: <43D2AD80.6000100@sddi.net> Daniel Fay wrote: > There seems to be an issue with announce-nycbug digests - I just got a > digest yesterday dating back to December 27th, and the list-owner > address bounces :( > > Final-Recipient: rfc822; announce-nycbug-owner at lists.nycbug.org > Action: failed > Status: 5.0.0 > Diagnostic-Code: X-Postfix; mail for lists.nycbug.org loops back to myself > > I was also wondering if any slides are available for Trish Lynch's > talk on Jan 4th - if so, I'd really appreciate it. > I don't know about that.. . we'll have to check that out.. .thanks for the heads-up. the url for Trish's slides are in the archives. . . Jan 5, I believe. g From mspitzer Sat Jan 21 19:40:17 2006 From: mspitzer (Marc Spitzer) Date: Sat, 21 Jan 2006 19:40:17 -0500 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> Message-ID: <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> you can get a low end t42 for 1299 at lenovo, probably cheaper iff you shop around. marc On 1/21/06, Charles Sprickman wrote: > On Sat, 21 Jan 2006, Francisco Reyes wrote: > > > Brad Schonhorst writes: > > > >> I have really enjoyed my Fujitsu. I went with the P7010 which is TINY. > > > > A quick search.. and the prices for that one seem closer to 2,000 than to the > > 1,300 the poster was looking to spend. :-) > > And that's getting into MacBook territory, two procs for the price of one! > > C > > > _______________________________________________ > > % NYC*BUG talk mailing list > > http://lists.nycbug.org/mailman/listinfo/talk > > %Be sure to check out our Jobs and NYCBUG-announce lists > > %We meet the first Wednesday of the month > > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > > > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From nomadlogic Sat Jan 21 19:52:45 2006 From: nomadlogic (pete wright) Date: Sat, 21 Jan 2006 16:52:45 -0800 Subject: [nycbug-talk] conf management tools Message-ID: <57d710000601211652y345266a6l1f26966f8dc7e4aa@mail.gmail.com> hey all, does anyone have any experience running Puppet? http://reductivelabs.com/projects/puppet It looks very similar to cfengine, any good/bad experiences using this tool? thanks, pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From anthony.elizondo Sat Jan 21 20:11:57 2006 From: anthony.elizondo (Anthony Elizondo) Date: Sat, 21 Jan 2006 20:11:57 -0500 Subject: [nycbug-talk] conf management tools In-Reply-To: <57d710000601211652y345266a6l1f26966f8dc7e4aa@mail.gmail.com> References: <57d710000601211652y345266a6l1f26966f8dc7e4aa@mail.gmail.com> Message-ID: On 1/21/06, pete wright wrote: > hey all, > does anyone have any experience running Puppet? > http://reductivelabs.com/projects/puppet No, but it looks totally awesome. Written in Ruby, and it appears development is moving super quickly: http://reductivelabs.com/downloads/puppet/ (Wish the gem would get updates: http://rubyforge.org/frs/?group_id=1126&release_id=3590) > It looks very similar to cfengine, any good/bad experiences using this tool? I'm going to try to get it setup this week. > thanks, > pete > > -- > ~~o0OO0o~~ > Pete Wright > www.nycbug.org > NYC's *BSD User Group Anthony From quigon Sun Jan 22 01:57:43 2006 From: quigon (QuiGon) Date: Sun, 22 Jan 2006 01:57:43 -0500 Subject: IPv6 Migrations (was) Re: [nycbug-talk] Re: some comments on Shmoo. . . In-Reply-To: <43CF1190.3020001@sddi.net> References: <2006011707373801500dc900e@A@000000000000@comcast.net> <43CC9FD4.4040402@hacktek.com> <43CF1190.3020001@sddi.net> Message-ID: <43D32CE7.4050208@hacktek.com> George R. wrote: > I think you and your buddy Mark were wildly more interesting than me, > Ike and (our) Marc. Maybe just to us since we see each other all the > time. We all do what we can for the community, which is why I consider groups like this "home". :-) Not much ego going on, just good info sharing. >> FL for the conference. I will say I've used archives of your list quite >> a bit in troubleshooting issues I've had with *BSD. I look forward to > > > That's the highest form of flattery this list could have. This isn't > the west coast, japan or europe where the BSDs have a higher profile... > We're in a boring stuffy city of finance firms. ;-) The BSDs have the best IPv6 stack, period. Novell doesn't even deny where they got their IPv6 stack. Just load "bsdsock.nlm", and you'll have IPv6 on Novell 6.*. Go figure.... >> attending (or speaking, as George has insisted, on IPv6) one of the NYC > > > well, why don't you tell them why. I don't just invite people since > they're from Florida or something ;-' Awww....thought you'd want us to bring some of our weather with us...:-P. I'm a security subject matter expert for the North American IPv6 Task Force ( www.nav6tf.org ). I've been speaking on IPv6 for about 2 years now, with venues including Defcon 12 and other hacker cons. I shared with George certain projects our group is working on, but I'd rather not share them on a public mailing list (feel free to email me with a GPG key if you really wanna know....but don't be surprised if MIBs show up at your house the next day....;-)). Beyond that, I'm just your average joe in the south that likes computers and breaking them (granted, that might not be too average for the south). > >> BUG meetings in the near future. It's communities like this and >> conferences like ShmooCon that keep my faith in humanity alive. Thanks >> for your help, and keep up the good work. >> >> > > Welcome aboard. . . looking forward to you raising a discussion on IPv6 > migration in the US. .. I know there are many others to chime in on > this, including Alex at Pilosoft, the NYI guys, Spork from BWay, and > that's just some those with ISPs/hosting firms. . . > > You raised interesting stuff on IPv6 migration. We all know that the US > drags its feet on it since the US has control of most of the public > network addresses. And Japan is full steam ahead with implementation by > 2008 (?) and so is China. Thank you. I hope I can give as much help as y'all have given me (damned southern accent). China's pissed (understandably) that Stanford University has more IPv4 addresses than they do. The US has 70% of the IPv4 publically routable IP addresses, which is why most US companies could care less about v6. I liken this to the cell phone industry. Most other countries are spanking us in this area because we have become complacent with what we have. Asia and Europe came into the game later, so they have less invested in the old technology, allowing them to upgrade to newer tech faster. As far as migration....we have a chicken and egg problem. Nobody wants to adopt the protocol, so (mostly) nobody wants to write applications for it. There aren't many applications for it, so nobody wants to adopt it. Once "the killer app (say....ehh...IPv6 only pr0n) is released, adoption will increase. > What are the concrete steps others are taking in this direction. NAT > and dominance of IPv4 only takes US isv's so far. . . NAT sucks...:-P Too many admins consider it a security mechanism, when all it is is a bandaid to keep IPv4 around another 20 years.... --QuiGon From nomadlogic Sun Jan 22 12:59:24 2006 From: nomadlogic (pete wright) Date: Sun, 22 Jan 2006 09:59:24 -0800 Subject: [nycbug-talk] conf management tools In-Reply-To: References: <57d710000601211652y345266a6l1f26966f8dc7e4aa@mail.gmail.com> Message-ID: <57d710000601220959v49626e5cy105b0076848f3f3f@mail.gmail.com> On 1/21/06, Anthony Elizondo wrote: > On 1/21/06, pete wright wrote: > > hey all, > > does anyone have any experience running Puppet? > > http://reductivelabs.com/projects/puppet > > No, but it looks totally awesome. Written in Ruby, and it appears > development is moving super quickly: > http://reductivelabs.com/downloads/puppet/ (Wish the gem would get > updates: http://rubyforge.org/frs/?group_id=1126&release_id=3590) yea, that may be a good thing...or it may mean that it's not ready for widespread production use yet ;) > > > It looks very similar to cfengine, any good/bad experiences using this tool? > > I'm going to try to get it setup this week. > great, i'd love to hear how it goes. i'm in the middle of a cfengine deployment...but have not gone past the point of no return yet... i found a refernece to this in decembers ;login btw which has a decent article on using cvs and svn for configuration file management...i know there was a thread regarding that a little while ago.. -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From kacanski_s Sun Jan 22 17:43:18 2006 From: kacanski_s (Aleksandar Kacanski) Date: Sun, 22 Jan 2006 14:43:18 -0800 (PST) Subject: [nycbug-talk] Laptop recommendations In-Reply-To: <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> Message-ID: <20060122224318.10430.qmail@web53601.mail.yahoo.com> Thank you all for your comments and recommendations. I will stick with thinkpad R52 (like the specs) and it is under $1300... Fujitsu P7010 is really something, but I need a bigger screen ... not mobile that much. I have ultra II E 2x 450 MHZ, two 9Gb HD, 1GB RAM and Creator Graphics SBUS + keyboard (missing two keys) and mice.I need $100 to cover shipping from TX. Anyone interested? /s --- Marc Spitzer wrote: > you can get a low end t42 for 1299 at lenovo, > probably cheaper iff you > shop around. > > marc > > On 1/21/06, Charles Sprickman > wrote: > > On Sat, 21 Jan 2006, Francisco Reyes wrote: > > > > > Brad Schonhorst writes: > > > > > >> I have really enjoyed my Fujitsu. I went with > the P7010 which is TINY. > > > > > > A quick search.. and the prices for that one > seem closer to 2,000 than to the > > > 1,300 the poster was looking to spend. :-) > > > > And that's getting into MacBook territory, two > procs for the price of one! > > > > C > > > > > _______________________________________________ > > > % NYC*BUG talk mailing list > > > http://lists.nycbug.org/mailman/listinfo/talk > > > %Be sure to check out our Jobs and > NYCBUG-announce lists > > > %We meet the first Wednesday of the month > > > > > > > _______________________________________________ > > % NYC*BUG talk mailing list > > http://lists.nycbug.org/mailman/listinfo/talk > > %Be sure to check out our Jobs and NYCBUG-announce > lists > > %We meet the first Wednesday of the month > > > > > > > > > -- > "We trained very hard, but it seemed that every time > we were beginning to > form into teams we would be reorganized. I was to > learn later in life that > we tend to meet any new situation by reorganizing, > and a wonderful method it > can be for creating the illusion of progress, while > producing confusion, > inefficiency and demoralization." > -Gaius Petronius, 1st Century AD > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce > lists > %We meet the first Wednesday of the month > Aleksandar (Sasha) Kacanski __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From lists Mon Jan 23 09:49:26 2006 From: lists (michael) Date: Mon, 23 Jan 2006 09:49:26 -0500 Subject: [nycbug-talk] David Chisnall explains Message-ID: <20060123094926.3b7efd78@wit.genoverly.home> BSD: The Other Free UNIX Family * By David Chisnall. * Date: Jan 20, 2006. There are a lot of options in the Free UNIX market at the moment. Everyone's favorite buzzword is Linux, and Sun is in the process of releasing Solaris under a Free Software license. One family, however, receives less attention than it is due. Berkley Software Distribution (BSD) has grown into almost a complete replacement for UNIX, with numerous enhancements. David Chisnall explains why the BSD family has found its way into a large number of systems and what these systems can do for you. http://www.informit.com/articles/article.asp?p=439601&rl=1 -- Michael From lists Mon Jan 23 10:03:35 2006 From: lists (michael) Date: Mon, 23 Jan 2006 10:03:35 -0500 Subject: [nycbug-talk] slashdot Message-ID: <20060123100335.3b9ec433@wit.genoverly.home> Is it just me or has slashdot removed "BSD" from the Sections listing? I could still find it (http://slashdot.org/bsd), but I had to type in the url. Really, c'mon.. Apple and Linux are listed. -- Michael From nomadlogic Mon Jan 23 11:03:43 2006 From: nomadlogic (pete wright) Date: Mon, 23 Jan 2006 08:03:43 -0800 Subject: [nycbug-talk] slashdot In-Reply-To: <20060123100335.3b9ec433@wit.genoverly.home> References: <20060123100335.3b9ec433@wit.genoverly.home> Message-ID: <57d710000601230803p5954dd1bo8a6d5ed2194b79de@mail.gmail.com> On 1/23/06, michael wrote: > Is it just me or has slashdot removed "BSD" from the Sections listing? > I could still find it (http://slashdot.org/bsd), but I had to type in > the url. Really, c'mon.. Apple and Linux are listed. > yep, fully jacked from front page. i think they are using a new layout engine as well...not that i read /. or any thing though ;) -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From nomadlogic Mon Jan 23 12:07:00 2006 From: nomadlogic (pete wright) Date: Mon, 23 Jan 2006 09:07:00 -0800 Subject: [nycbug-talk] wasabi Message-ID: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> since we are throwing links around today: http://www.wasabisystems.com/gpl/index.html probably one of the best written explanations regarding GPL's impact from a business perspective IMO. -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From yusuke Mon Jan 23 12:21:00 2006 From: yusuke (Yusuke Shinyama) Date: Mon, 23 Jan 2006 12:21:00 -0500 Subject: [nycbug-talk] wasabi In-Reply-To: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> Message-ID: <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> Sadly they're called "a new FUD angle" in LWN... http://lwn.net/Articles/168497/ (I think the LWN guys are too hostile. It seems the site becomes increasingly more slashdottish recently.) Yusuke pete wright wrote: > since we are throwing links around today: > > http://www.wasabisystems.com/gpl/index.html > > probably one of the best written explanations regarding GPL's impact > from a business perspective IMO. > > -pete From alex Mon Jan 23 14:23:07 2006 From: alex (alex at pilosoft.com) Date: Mon, 23 Jan 2006 14:23:07 -0500 (EST) Subject: [nycbug-talk] wasabi In-Reply-To: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> Message-ID: On Mon, 23 Jan 2006, pete wright wrote: > since we are throwing links around today: > > http://www.wasabisystems.com/gpl/index.html > > probably one of the best written explanations regarding GPL's impact > from a business perspective IMO. and since this is written by perry metzger (one of more famous anti-gpl crusaders, only surpassed by brett glass), this should be taken with a pitcher of salt, particularly the pronouncements about LKMs. -alex From okan Mon Jan 23 13:19:41 2006 From: okan (Okan Demirmen) Date: Mon, 23 Jan 2006 13:19:41 -0500 Subject: [nycbug-talk] David Chisnall explains In-Reply-To: <20060123094926.3b7efd78@wit.genoverly.home> References: <20060123094926.3b7efd78@wit.genoverly.home> Message-ID: <20060123181941.GD32064@yinaska.pair.com> On Mon 2006.01.23 at 09:49 -0500, michael wrote: > BSD: The Other Free UNIX Family > > * By David Chisnall. > * Date: Jan 20, 2006. > > There are a lot of options in the Free UNIX market at the moment. > Everyone's favorite buzzword is Linux, and Sun is in the process of > releasing Solaris under a Free Software license. One family, however, > receives less attention than it is due. Berkley Software Distribution > (BSD) has grown into almost a complete replacement for UNIX, with > numerous enhancements. David Chisnall explains why the BSD family has > found its way into a large number of systems and what these systems can > do for you. > > http://www.informit.com/articles/article.asp?p=439601&rl=1 interesting read. another snippet on the history of the BSD's. (add to links) From nomadlogic Mon Jan 23 13:22:25 2006 From: nomadlogic (pete wright) Date: Mon, 23 Jan 2006 10:22:25 -0800 Subject: [nycbug-talk] wasabi In-Reply-To: <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> Message-ID: <57d710000601231022i12bf06d5i34715ecfec07f399@mail.gmail.com> On 1/23/06, Yusuke Shinyama wrote: > Sadly they're called "a new FUD angle" in LWN... > http://lwn.net/Articles/168497/ > > (I think the LWN guys are too hostile. > It seems the site becomes increasingly more slashdottish recently.) > yea which is pretty bad, because i think the article dispels alot of the FUD that goes around regarding the GPL. It's not like wasabi doesn't GPL'd products. anyway...shocking that some people don't agree with this article...can't wait to see the finished gpl v3 ;) -p > Yusuke > > pete wright wrote: > > since we are throwing links around today: > > > > http://www.wasabisystems.com/gpl/index.html > > > > probably one of the best written explanations regarding GPL's impact > > from a business perspective IMO. > > > > -pete > -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From okan Mon Jan 23 13:24:47 2006 From: okan (Okan Demirmen) Date: Mon, 23 Jan 2006 13:24:47 -0500 Subject: [nycbug-talk] slashdot In-Reply-To: <57d710000601230803p5954dd1bo8a6d5ed2194b79de@mail.gmail.com> References: <20060123100335.3b9ec433@wit.genoverly.home> <57d710000601230803p5954dd1bo8a6d5ed2194b79de@mail.gmail.com> Message-ID: <20060123182447.GE32064@yinaska.pair.com> On Mon 2006.01.23 at 08:03 -0800, pete wright wrote: > On 1/23/06, michael wrote: > > Is it just me or has slashdot removed "BSD" from the Sections listing? > > I could still find it (http://slashdot.org/bsd), but I had to type in > > the url. Really, c'mon.. Apple and Linux are listed. > > > > yep, fully jacked from front page. i think they are using a new > layout engine as well...not that i read /. or any thing though ;) someone with a login submit a bug report please. From marco Mon Jan 23 13:29:47 2006 From: marco (Marco Scoffier) Date: Mon, 23 Jan 2006 13:29:47 -0500 Subject: [nycbug-talk] wasabi In-Reply-To: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> Message-ID: <20060123182947.GB6429@ns.metm.org> On Mon, Jan 23, 2006 at 09:07:00AM -0800, pete wright wrote: >since we are throwing links around today: > >http://www.wasabisystems.com/gpl/index.html > >probably one of the best written explanations regarding GPL's impact >from a business perspective IMO. > "[GPL] requires that any source code that is changed also be released free of charge" I believe that the "free of charge" is completely misleading. You can charge as much as you want, for the software and its source code together. You are just required to give your customers the source, so that they are not stuck with an unmaintainable product when your company dies. That is the deal, you are not required to give your code to everyone in the universe free of charge. from the second page: "donate the code you paid to create to anyone who wants it" This is also wrong. You just need to make the source code available to those who recieve the product. If you give your product to everyone you give the code to everyone. If you sell for $1Million to a single client you are required to give that one client the source. I get a little impatient with the way people demonize the GPL by twisting words around. Quite frankly I don't give a damn if someone uses some BSD-licensed code only to sell me a proprietary product, for all I know they have broken it, and I'll be stuck with a lemon I can't fix. If you think I am mistaken please correct without flaming thank you. -- Marco From okan Mon Jan 23 13:33:28 2006 From: okan (Okan Demirmen) Date: Mon, 23 Jan 2006 13:33:28 -0500 Subject: [nycbug-talk] wasabi In-Reply-To: <57d710000601231022i12bf06d5i34715ecfec07f399@mail.gmail.com> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> <57d710000601231022i12bf06d5i34715ecfec07f399@mail.gmail.com> Message-ID: <20060123183328.GG32064@yinaska.pair.com> On Mon 2006.01.23 at 10:22 -0800, pete wright wrote: > ...can't wait to see the finished gpl v3 ;) and v3 closes "holes" which will hopefully show once and again that the gpl is crap. yes, this is coming from one who knows first hand that GPL code is being ripped from major financial infrastructures for a reason. From nomadlogic Mon Jan 23 13:53:39 2006 From: nomadlogic (pete wright) Date: Mon, 23 Jan 2006 10:53:39 -0800 Subject: [nycbug-talk] wasabi In-Reply-To: <20060123182947.GB6429@ns.metm.org> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123182947.GB6429@ns.metm.org> Message-ID: <57d710000601231053n3b0d0ccexa46cfcb2f645ed8a@mail.gmail.com> On 1/23/06, Marco Scoffier wrote: > On Mon, Jan 23, 2006 at 09:07:00AM -0800, pete wright wrote: > >since we are throwing links around today: > > > >http://www.wasabisystems.com/gpl/index.html > > > >probably one of the best written explanations regarding GPL's impact > >from a business perspective IMO. > > > > "[GPL] requires that any source code that is changed also be released > free of charge" > > I believe that the "free of charge" is completely misleading. You can > charge as much as you want, for the software and its source code > together. You are just required to give your customers the source, so > that they are not stuck with an unmaintainable product when your company > dies. That is the deal, you are not required to give your code to > everyone in the universe free of charge. sure, that may be misleading, but it states in the GLPv2: (cap's not mine, sorry not trying to yell ;) 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. i guess one might infer from this that it code has to re-distributed free of charge from this statement... It also states: (section 2, clause b) b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. in any event...i never really understood the legalize of the GPL so i am definatly not trying to make definitive statements...more interpratations of how I understand it is being used and enforced....i'll let the courts figure that bit out and hope for the best ;) > > from the second page: > "donate the code you paid to create to anyone who wants it" > > This is also wrong. You just need to make the source code available to > those who recieve the product. If you give your product to everyone you > give the code to everyone. If you sell for $1Million to a single client > you are required to give that one client the source. > > I get a little impatient with the way people demonize the GPL by > twisting words around. Quite frankly I don't give a damn if someone > uses some BSD-licensed code only to sell me a proprietary product, for > all I know they have broken it, and I'll be stuck with a lemon I can't > fix. > > If you think I am mistaken please correct without flaming thank you. > > -- > Marco > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From mspitzer Mon Jan 23 14:06:28 2006 From: mspitzer (Marc Spitzer) Date: Mon, 23 Jan 2006 14:06:28 -0500 Subject: [nycbug-talk] wasabi In-Reply-To: <20060123182947.GB6429@ns.metm.org> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123182947.GB6429@ns.metm.org> Message-ID: <8c50a3c30601231106t6952d338kc62264eb3834513e@mail.gmail.com> On 1/23/06, Marco Scoffier wrote: > On Mon, Jan 23, 2006 at 09:07:00AM -0800, pete wright wrote: > >since we are throwing links around today: > > > >http://www.wasabisystems.com/gpl/index.html > > > >probably one of the best written explanations regarding GPL's impact > >from a business perspective IMO. > > > > "[GPL] requires that any source code that is changed also be released > free of charge" > > I believe that the "free of charge" is completely misleading. You can > charge as much as you want, for the software and its source code > together. You are just required to give your customers the source, so > that they are not stuck with an unmaintainable product when your company > dies. That is the deal, you are not required to give your code to > everyone in the universe free of charge. You can not charge for the source, you can charge a reasonable fee for burning a tape though(call it $50 + media). Now what you can charge for is the binaries that you generated using GPLed code, they are yours and you can charge what you will for them. But once you have shipped one copy your customer can demand a copy of the source, which you must provide, and put it up on source forge for all the world to download. > > from the second page: > "donate the code you paid to create to anyone who wants it" > > This is also wrong. You just need to make the source code available to > those who recieve the product. If you give your product to everyone you > give the code to everyone. If you sell for $1Million to a single client > you are required to give that one client the source. and anyone down stream of that client who also gets the binary. > > I get a little impatient with the way people demonize the GPL by > twisting words around. Quite frankly I don't give a damn if someone > uses some BSD-licensed code only to sell me a proprietary product, for > all I know they have broken it, and I'll be stuck with a lemon I can't > fix. Well I do not demonize the GPL, what I rant about is how the FSF fucking lies through their collective teeth about the word "FREE". They have this special definition of the word free that: 1: does not exist in any dictionary I have looked at 2: contradicts the definition that applies from said dictionaries 3: that definition is "with out cost or encumbrance" marc > > If you think I am mistaken please correct without flaming thank you. > > -- > Marco > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From driodeiros Mon Jan 23 14:08:50 2006 From: driodeiros (David Rio Deiros) Date: Mon, 23 Jan 2006 11:08:50 -0800 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> Message-ID: <20060123190850.GA20718@milhouse.digitaria.com> On Sat, Jan 21, 2006 at 07:40:17PM -0500, Marc Spitzer wrote: > you can get a low end t42 for 1299 at lenovo, probably cheaper iff you > shop around. I have been using a t42 for more than a year and I love it: It runs cool, it is very quiet and I haven't have any problem yet. Also, regarding the powerbooks, yeah.. they have nice hardware, but the keyboard is totally useless. At least, compared to the thinkpad ones (lenovo). I liked the fujitsu a lot. The keyboard seems pretty useful despite it is a 10.5' laptop. David From marco Mon Jan 23 14:23:08 2006 From: marco (Marco Scoffier) Date: Mon, 23 Jan 2006 14:23:08 -0500 Subject: [nycbug-talk] wasabi In-Reply-To: <8c50a3c30601231106t6952d338kc62264eb3834513e@mail.gmail.com> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123182947.GB6429@ns.metm.org> <8c50a3c30601231106t6952d338kc62264eb3834513e@mail.gmail.com> Message-ID: <20060123192308.GF6429@ns.metm.org> On Mon, Jan 23, 2006 at 02:06:28PM -0500, Marc Spitzer wrote: > >But once you have shipped one copy your customer can demand a copy of >the source, which you must provide, and put it up on source forge for >all the world to download. > Is this one of the loopholes which is being fixed ? Sounds like FUD, but I don't know for sure. I agree that "free" is a loaded word. I know that all I really care in all of this is my rights as a customer,user,client. -- Marco From nycbug Mon Jan 23 14:44:35 2006 From: nycbug (Ray Lai) Date: Mon, 23 Jan 2006 14:44:35 -0500 Subject: [nycbug-talk] slashdot In-Reply-To: <20060123182447.GE32064@yinaska.pair.com> References: <20060123100335.3b9ec433@wit.genoverly.home> <57d710000601230803p5954dd1bo8a6d5ed2194b79de@mail.gmail.com> <20060123182447.GE32064@yinaska.pair.com> Message-ID: <20060123194458.GA22783@syntax.cyth.net> On Mon, Jan 23, 2006 at 01:24:47PM -0500, Okan Demirmen wrote: > On Mon 2006.01.23 at 08:03 -0800, pete wright wrote: > > On 1/23/06, michael wrote: > > > Is it just me or has slashdot removed "BSD" from the Sections listing? > > > I could still find it (http://slashdot.org/bsd), but I had to type in > > > the url. Really, c'mon.. Apple and Linux are listed. > > > > > > > yep, fully jacked from front page. i think they are using a new > > layout engine as well...not that i read /. or any thing though ;) > > someone with a login submit a bug report please. http://www.bugmenot.com/ -Ray- From jlam Mon Jan 23 14:54:36 2006 From: jlam (Johnny Lam) Date: Mon, 23 Jan 2006 14:54:36 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: <20060123192308.GF6429@ns.metm.org> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123182947.GB6429@ns.metm.org> <8c50a3c30601231106t6952d338kc62264eb3834513e@mail.gmail.com> <20060123192308.GF6429@ns.metm.org> Message-ID: <43D5347C.6090600@pkgsrc.org> Marco Scoffier wrote: > On Mon, Jan 23, 2006 at 02:06:28PM -0500, Marc Spitzer wrote: > > >>But once you have shipped one copy your customer can demand a copy of >>the source, which you must provide, and put it up on source forge for >>all the world to download. >> > > Is this one of the loopholes which is being fixed ? Sounds like FUD, > but I don't know for sure. I don't know what you mean by "loophole". The basic principles behind the GPL is that anyone who gets the binary distribution of a piece of software must be able to get the sources, and that anyone can redistribute that software. The GPL takes a while to explain precisely this, but that's the general aim. This applies to your example in that your customer, to whom you've sold your GPLed software (binary + sources), can now freely distribute the exact same binary and sources according to the GPL. Which means, as Marc pointed out, they can upload it to SourceForge and let anyone download it. Cheers, -- Johnny Lam From ike Mon Jan 23 14:54:58 2006 From: ike (Isaac Levy) Date: Mon, 23 Jan 2006 14:54:58 -0500 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: <20060123190850.GA20718@milhouse.digitaria.com> References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> <20060123190850.GA20718@milhouse.digitaria.com> Message-ID: <89DE9275-80A6-4643-BC1A-51892B642EDC@lesmuug.org> Hi David, On Jan 23, 2006, at 2:08 PM, David Rio Deiros wrote: > On Sat, Jan 21, 2006 at 07:40:17PM -0500, Marc Spitzer wrote: >> you can get a low end t42 for 1299 at lenovo, probably cheaper iff >> you >> shop around. > > I have been using a t42 for more than a year and I love it: It runs > cool, it is very quiet and I haven't have any problem yet. > > Also, regarding the powerbooks, yeah.. they have nice hardware, but > the keyboard is totally useless. At least, compared to the thinkpad > ones (lenovo). Just wondering, as I haven't touched a thinkpad for more than a few minutes, why are the powerbook keyboards totally useless? > > I liked the fujitsu a lot. The keyboard seems pretty useful despite > it is a 10.5' laptop. > > David Rocket- .ike From marco Mon Jan 23 14:57:40 2006 From: marco (Marco Scoffier) Date: Mon, 23 Jan 2006 14:57:40 -0500 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: <89DE9275-80A6-4643-BC1A-51892B642EDC@lesmuug.org> References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> <20060123190850.GA20718@milhouse.digitaria.com> <89DE9275-80A6-4643-BC1A-51892B642EDC@lesmuug.org> Message-ID: <20060123195740.GH6429@ns.metm.org> On Mon, Jan 23, 2006 at 02:54:58PM -0500, Isaac Levy wrote: >Just wondering, as I haven't touched a thinkpad for more than a few >minutes, why are the powerbook keyboards totally useless? > You can't make the caps lock function as a ctrl key. This is in the hardware. -- Marco From ike Mon Jan 23 14:57:38 2006 From: ike (Isaac Levy) Date: Mon, 23 Jan 2006 14:57:38 -0500 Subject: [nycbug-talk] slashdot In-Reply-To: <20060123194458.GA22783@syntax.cyth.net> References: <20060123100335.3b9ec433@wit.genoverly.home> <57d710000601230803p5954dd1bo8a6d5ed2194b79de@mail.gmail.com> <20060123182447.GE32064@yinaska.pair.com> <20060123194458.GA22783@syntax.cyth.net> Message-ID: On Jan 23, 2006, at 2:44 PM, Ray Lai wrote: > On Mon, Jan 23, 2006 at 01:24:47PM -0500, Okan Demirmen wrote: >> On Mon 2006.01.23 at 08:03 -0800, pete wright wrote: >>> On 1/23/06, michael wrote: >>>> Is it just me or has slashdot removed "BSD" from the Sections >>>> listing? >>>> I could still find it (http://slashdot.org/bsd), but I had to >>>> type in >>>> the url. Really, c'mon.. Apple and Linux are listed. >>>> >>> >>> yep, fully jacked from front page. i think they are using a new >>> layout engine as well...not that i read /. or any thing though ;) >> >> someone with a login submit a bug report please. > > http://www.bugmenot.com/ > > -Ray- "SITE BLOCKED This site has been barred from the bugmenot system." /me shrugs Rocket- .ike From ike Mon Jan 23 15:00:17 2006 From: ike (Isaac Levy) Date: Mon, 23 Jan 2006 15:00:17 -0500 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: <20060123195740.GH6429@ns.metm.org> References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> <20060123190850.GA20718@milhouse.digitaria.com> <89DE9275-80A6-4643-BC1A-51892B642EDC@lesmuug.org> <20060123195740.GH6429@ns.metm.org> Message-ID: Thanks Marco, On Jan 23, 2006, at 2:57 PM, Marco Scoffier wrote: >> Just wondering, as I haven't touched a thinkpad for more than a few >> minutes, why are the powerbook keyboards totally useless? >> > You can't make the caps lock function as a ctrl key. This is in the > hardware. Interesting. Is this common practice for folks? (I simply got an ergo-keyboard long ago for my desk, pinkie-cramps from control-key crunches...) Rocket- .ike From marco Mon Jan 23 15:09:17 2006 From: marco (Marco Scoffier) Date: Mon, 23 Jan 2006 15:09:17 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: <43D5347C.6090600@pkgsrc.org> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123182947.GB6429@ns.metm.org> <8c50a3c30601231106t6952d338kc62264eb3834513e@mail.gmail.com> <20060123192308.GF6429@ns.metm.org> <43D5347C.6090600@pkgsrc.org> Message-ID: <20060123200917.GI6429@ns.metm.org> On Mon, Jan 23, 2006 at 02:54:36PM -0500, Johnny Lam wrote: >and that anyone can redistribute that software. > >This applies to your example in that your customer, to whom you've sold >your GPLed software (binary + sources), can now freely distribute the >exact same binary and sources according to the GPL. Which means, as >Marc pointed out, they can upload it to SourceForge and let anyone >download it. > Got it. If you think software is a service, you have no problem with the GPL. If you insist that software should be a product you have a problem. -- Marco From nycbug Mon Jan 23 15:15:13 2006 From: nycbug (Ray Lai) Date: Mon, 23 Jan 2006 15:15:13 -0500 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> <20060123190850.GA20718@milhouse.digitaria.com> <89DE9275-80A6-4643-BC1A-51892B642EDC@lesmuug.org> <20060123195740.GH6429@ns.metm.org> Message-ID: <20060123201536.GB22783@syntax.cyth.net> On Mon, Jan 23, 2006 at 03:00:17PM -0500, Isaac Levy wrote: > Thanks Marco, > > On Jan 23, 2006, at 2:57 PM, Marco Scoffier wrote: > > >>Just wondering, as I haven't touched a thinkpad for more than a few > >>minutes, why are the powerbook keyboards totally useless? > >> > >You can't make the caps lock function as a ctrl key. This is in the > >hardware. > > Interesting. Is this common practice for folks? (I simply got an > ergo-keyboard long ago for my desk, pinkie-cramps from control-key > crunches...) I remap the caps lock to a control key. It makes controlling easier, but doing too much ctrl-anything is tiring. I wouldn't say that not having a caps lock as control makes a keyboard totally useless, though. -Ray- From bob Mon Jan 23 15:25:40 2006 From: bob (Bob Ippolito) Date: Mon, 23 Jan 2006 12:25:40 -0800 Subject: [nycbug-talk] Re: wasabi In-Reply-To: <20060123200917.GI6429@ns.metm.org> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123182947.GB6429@ns.metm.org> <8c50a3c30601231106t6952d338kc62264eb3834513e@mail.gmail.com> <20060123192308.GF6429@ns.metm.org> <43D5347C.6090600@pkgsrc.org> <20060123200917.GI6429@ns.metm.org> Message-ID: On Jan 23, 2006, at 12:09 PM, Marco Scoffier wrote: > On Mon, Jan 23, 2006 at 02:54:36PM -0500, Johnny Lam wrote: >> and that anyone can redistribute that software. >> >> This applies to your example in that your customer, to whom you've >> sold >> your GPLed software (binary + sources), can now freely distribute the >> exact same binary and sources according to the GPL. Which means, as >> Marc pointed out, they can upload it to SourceForge and let anyone >> download it. >> > > Got it. > > If you think software is a service, you have no problem with the GPL. > If you insist that software should be a product you have a problem. I haven't read through GPLv3 yet, but IIRC one of their goals was to make it such that services based on GPLv3 software must also make the source available to users of that service -- whether or not the end user has a copy of the object code. I'm not sure whether that's reflected in the draft or not. -bob From okan Mon Jan 23 15:25:56 2006 From: okan (Okan Demirmen) Date: Mon, 23 Jan 2006 15:25:56 -0500 Subject: [nycbug-talk] slashdot In-Reply-To: <20060123194458.GA22783@syntax.cyth.net> References: <20060123100335.3b9ec433@wit.genoverly.home> <57d710000601230803p5954dd1bo8a6d5ed2194b79de@mail.gmail.com> <20060123182447.GE32064@yinaska.pair.com> <20060123194458.GA22783@syntax.cyth.net> Message-ID: <20060123202556.GA65099@yinaska.pair.com> On Mon 2006.01.23 at 14:44 -0500, Ray Lai wrote: > On Mon, Jan 23, 2006 at 01:24:47PM -0500, Okan Demirmen wrote: > > On Mon 2006.01.23 at 08:03 -0800, pete wright wrote: > > > On 1/23/06, michael wrote: > > > > Is it just me or has slashdot removed "BSD" from the Sections listing? > > > > I could still find it (http://slashdot.org/bsd), but I had to type in > > > > the url. Really, c'mon.. Apple and Linux are listed. > > > > > > > > > > yep, fully jacked from front page. i think they are using a new > > > layout engine as well...not that i read /. or any thing though ;) > > > > someone with a login submit a bug report please. > > http://www.bugmenot.com/ that would require me to care about /. ...hence the "someone [else]" part... ;) but yea, i guess slashdot is "blocked" as ike noted... oh well.. From okan Mon Jan 23 15:28:01 2006 From: okan (Okan Demirmen) Date: Mon, 23 Jan 2006 15:28:01 -0500 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: <20060123195740.GH6429@ns.metm.org> References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> <20060123190850.GA20718@milhouse.digitaria.com> <89DE9275-80A6-4643-BC1A-51892B642EDC@lesmuug.org> <20060123195740.GH6429@ns.metm.org> Message-ID: <20060123202801.GB65099@yinaska.pair.com> On Mon 2006.01.23 at 14:57 -0500, Marco Scoffier wrote: > On Mon, Jan 23, 2006 at 02:54:58PM -0500, Isaac Levy wrote: > >Just wondering, as I haven't touched a thinkpad for more than a few > >minutes, why are the powerbook keyboards totally useless? > > > You can't make the caps lock function as a ctrl key. This is in the > hardware. i did so in os/x and openbsd when i _had_ a powerbook, so it is possible. From ike Mon Jan 23 15:31:07 2006 From: ike (Isaac Levy) Date: Mon, 23 Jan 2006 15:31:07 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: <20060123200917.GI6429@ns.metm.org> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123182947.GB6429@ns.metm.org> <8c50a3c30601231106t6952d338kc62264eb3834513e@mail.gmail.com> <20060123192308.GF6429@ns.metm.org> <43D5347C.6090600@pkgsrc.org> <20060123200917.GI6429@ns.metm.org> Message-ID: On Jan 23, 2006, at 3:09 PM, Marco Scoffier wrote: > Got it. > > If you think software is a service, you have no problem with the GPL. > If you insist that software should be a product you have a problem. Conversely, keeping things flexible If you think software is a service, using BSD license works just fine. If you insist software should be a product, BSD license works just fine. If you want to do business with people who carry both of these ideas respectively, the GPL gets in the way. -- Not trying to flame, just adding to the discourse. Though to really put my mouth where my heart is, I'm a pretty firm believer that the GPL is a sort of fascist, absolutist freedom for software. I believe the authors, and the spirit of the GPL, values source code and machine cycles, far more than human life and liberties. With that, I tend to simply see machines and code as extensions of human beings, and disagree with the GPL. (Some folks say that view is a stretch, but kick back with a printout of the GPL on your next subway ride and then tell me why I'm wrong.) Best, .ike From spork Mon Jan 23 15:33:30 2006 From: spork (Charles Sprickman) Date: Mon, 23 Jan 2006 15:33:30 -0500 (EST) Subject: [nycbug-talk] Laptop recommendations In-Reply-To: References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> <20060123190850.GA20718@milhouse.digitaria.com> <89DE9275-80A6-4643-BC1A-51892B642EDC@lesmuug.org> <20060123195740.GH6429@ns.metm.org> Message-ID: On Mon, 23 Jan 2006, Isaac Levy wrote: > Thanks Marco, > > On Jan 23, 2006, at 2:57 PM, Marco Scoffier wrote: > >>> Just wondering, as I haven't touched a thinkpad for more than a few >>> minutes, why are the powerbook keyboards totally useless? >>> >> You can't make the caps lock function as a ctrl key. This is in the >> hardware. > > Interesting. But incorrect. :) In Tiger you have this option in the kbd & mouse pref pane - you can remap the splat, command, ctrl and caps-lock keys. Before Tiger, there was a freeware pref pane to do the same called double-command. C > Is this common practice for folks? (I simply got an > ergo-keyboard long ago for my desk, pinkie-cramps from control-key > crunches...) > > Rocket- > .ike > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From ike Mon Jan 23 15:34:42 2006 From: ike (Isaac Levy) Date: Mon, 23 Jan 2006 15:34:42 -0500 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> <20060123190850.GA20718@milhouse.digitaria.com> <89DE9275-80A6-4643-BC1A-51892B642EDC@lesmuug.org> <20060123195740.GH6429@ns.metm.org> Message-ID: <31AC9CF7-6089-43C1-A4CD-C9DF6B7760CE@lesmuug.org> On Jan 23, 2006, at 3:33 PM, Charles Sprickman wrote: > On Mon, 23 Jan 2006, Isaac Levy wrote: > >> Thanks Marco, >> >> On Jan 23, 2006, at 2:57 PM, Marco Scoffier wrote: >> >>>> Just wondering, as I haven't touched a thinkpad for more than a few >>>> minutes, why are the powerbook keyboards totally useless? >>> You can't make the caps lock function as a ctrl key. This is in the >>> hardware. >> >> Interesting. > > But incorrect. :) > > In Tiger you have this option in the kbd & mouse pref pane - you > can remap the splat, command, ctrl and caps-lock keys. > > Before Tiger, there was a freeware pref pane to do the same called > double-command. > > C Well, this 20+ year mac user just learned a new trick- how about that. Thanks Charles! Best, .ike From marco Mon Jan 23 15:35:16 2006 From: marco (Marco Scoffier) Date: Mon, 23 Jan 2006 15:35:16 -0500 Subject: [nycbug-talk] Laptop recommendations In-Reply-To: <20060123202801.GB65099@yinaska.pair.com> References: <20060120223937.13441.qmail@web53607.mail.yahoo.com> <7708fd680601210724n603a12b8o48fbffad1034ce3f@mail.gmail.com> <8c50a3c30601211640t7f402c9cn44e225101ce2f186@mail.gmail.com> <20060123190850.GA20718@milhouse.digitaria.com> <89DE9275-80A6-4643-BC1A-51892B642EDC@lesmuug.org> <20060123195740.GH6429@ns.metm.org> <20060123202801.GB65099@yinaska.pair.com> Message-ID: <20060123203516.GJ6429@ns.metm.org> On Mon, Jan 23, 2006 at 03:28:01PM -0500, Okan Demirmen wrote: >> You can't make the caps lock function as a ctrl key. This is in the >> hardware. > >i did so in os/x and openbsd when i _had_ a powerbook, so it is >possible. Not with most models, and definitely not with mine :( Caps-lock only sends keydown never keyup, this was part of the Apple ADB protocol. Sure you can remap it but it don't do what you need. I don't remember all the details, but I looked pretty hard at one point when I had a bad case of emacs pinkie... -- Marco From alex Mon Jan 23 16:41:50 2006 From: alex (alex at pilosoft.com) Date: Mon, 23 Jan 2006 16:41:50 -0500 (EST) Subject: [nycbug-talk] Re: wasabi In-Reply-To: Message-ID: On Mon, 23 Jan 2006, Isaac Levy wrote: > Conversely, keeping things flexible > > If you think software is a service, using BSD license works just fine. > If you insist software should be a product, BSD license works just fine. > > If you want to do business with people who carry both of these ideas > respectively, the GPL gets in the way. If I think that releasing free software is a good thing, and more free software is a good thing, and that people who use my software should be forced to release their changes, I use GPL. If I want to make money off my software, I release under commercial restrictive license. > Though to really put my mouth where my heart is, I'm a pretty firm > believer that the GPL is a sort of fascist, absolutist freedom for > software. I believe the authors, and the spirit of the GPL, values > source code and machine cycles, far more than human life and liberties. > With that, I tend to simply see machines and code as extensions of human > beings, and disagree with the GPL. I value time I spent writing code. I want to be compensated for it. Either by being paid by licensee (commercial license), or by forcing other people to release their improvements to my software (which hopefully will be somewhat useful to me). I don't see place for a BSD license. I'm not *that* altruistic, I guess. > (Some folks say that view is a stretch, but kick back with a printout of > the GPL on your next subway ride and then tell me why I'm wrong.) This is becoming a flamewar. -alex From ike Mon Jan 23 15:53:23 2006 From: ike (Isaac Levy) Date: Mon, 23 Jan 2006 15:53:23 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: References: Message-ID: <9F228A19-F8EC-4C56-9FE3-954A7AD753CF@lesmuug.org> Alex has some good points here, insomuch as he recognizes that some code thrives in closed enviornments, and some thrives in open enviornments. On Jan 23, 2006, at 4:41 PM, alex at pilosoft.com wrote: > On Mon, 23 Jan 2006, Isaac Levy wrote: > >> Conversely, keeping things flexible >> >> If you think software is a service, using BSD license works just >> fine. >> If you insist software should be a product, BSD license works just >> fine. >> >> If you want to do business with people who carry both of these ideas >> respectively, the GPL gets in the way. > If I think that releasing free software is a good thing, and more free > software is a good thing, and that people who use my software > should be > forced to release their changes, I use GPL. Cool- but how free is free in that case? You really want to force users of your free software to give it back to you? > > If I want to make money off my software, I release under commercial > restrictive license. Sure, a restrictive commercial license is fine- but if you want to make money off your software, yet be able to keep it for the long- haul? (i.e. ever had someone force you to buy your own software back?) Couldn't a BSD license let you freely do both? And perhaps even, wouldn't it be nice if a commercial vendor could freely release software that has lost it's market value (knowing of course, that it's not violating any license agreements for any code it acquired as a closed product)? (e.g. I'd sure love to have the source for a number of legacy commercial apps [namely- PaintWorksPlus for MacIIgs], but who knows what kind of copyright trail the source could have which forces it to be mothballed... >> Though to really put my mouth where my heart is, I'm a pretty firm >> believer that the GPL is a sort of fascist, absolutist freedom for >> software. I believe the authors, and the spirit of the GPL, values >> source code and machine cycles, far more than human life and >> liberties. >> With that, I tend to simply see machines and code as extensions of >> human >> beings, and disagree with the GPL. > I value time I spent writing code. I want to be compensated for it. But Alex, don't you primarily run a service business? > Either > by being paid by licensee (commercial license), or by forcing other > people > to release their improvements to my software (which hopefully will be > somewhat useful to me). > > I don't see place for a BSD license. I'm not *that* altruistic, I > guess. I don't see the alltruism in BSD licensing, I see respect for differences between cultures of creating. >> (Some folks say that view is a stretch, but kick back with a >> printout of >> the GPL on your next subway ride and then tell me why I'm wrong.) > This is becoming a flamewar. Nah, it's all good conversaton to me! Tell me why I'm wrong? Or am I? Alex- as you are here backing the GPL, with your comments, are you agreeing with me that the GPL is fascist in how it forces absolute freedom? Rocket- .ike From george Mon Jan 23 16:03:17 2006 From: george (George Bourozikas) Date: Mon, 23 Jan 2006 16:03:17 -0500 Subject: [nycbug-talk] wasabi In-Reply-To: <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> Message-ID: <200601231603.17610.george@bourozikas.net> On Monday 23 January 2006 12:21 pm, Yusuke Shinyama wrote: > Sadly they're called "a new FUD angle" in LWN... > http://lwn.net/Articles/168497/ > > (I think the LWN guys are too hostile. > It seems the site becomes increasingly more slashdottish recently.) > > Yusuke > > pete wright wrote: > > since we are throwing links around today: > > > > http://www.wasabisystems.com/gpl/index.html > > > > probably one of the best written explanations regarding GPL's impact > > from a business perspective IMO. > > > > -pete Quoting from the Wasabi website: The GPL has achieved what it set out to achieve: it is virtually impossible to make money selling Linux, since any Linux distribution that is sold must also be made open source, enabling users and competitors to obtain it for free. This flies in the face of empirical observation: RedHat and IBM come to mind and there are others. Furthermore it does not explore the philosophical reasons behind teh GPL - some people may just object to mega-corporations using their software for profit and without attribution. Don't get me wrong: there are valid philosophical and business reasons to choose the GPL, BSD or any of a number of licenses just as there are good reasons to use BSD over Linux and vice versa, but this presentation is kind of FUD'ish. -- George Bourozikas From alex Mon Jan 23 17:11:45 2006 From: alex (alex at pilosoft.com) Date: Mon, 23 Jan 2006 17:11:45 -0500 (EST) Subject: [nycbug-talk] Re: wasabi In-Reply-To: <9F228A19-F8EC-4C56-9FE3-954A7AD753CF@lesmuug.org> Message-ID: On Mon, 23 Jan 2006, Isaac Levy wrote: > > software is a good thing, and that people who use my software should > > be forced to release their changes, I use GPL. > > Cool- but how free is free in that case? You really want to force users > of your free software to give it back to you? Yes, very much so. They enjoy fruit of my labor, they have to give something back to me. In other words, I force software freedom onto my users, whether they like it or not. > > If I want to make money off my software, I release under commercial > > restrictive license. > > Sure, a restrictive commercial license is fine- but if you want to make > money off your software, yet be able to keep it for the long- haul? > (i.e. ever had someone force you to buy your own software back?) I don't understand what are you asking here. License is not the same as selling the software outright. If I want to sell a license, I still own it and can sell it again. > Couldn't a BSD license let you freely do both? And perhaps even, > wouldn't it be nice if a commercial vendor could freely release software > that has lost it's market value (knowing of course, that it's not > violating any license agreements for any code it acquired as a closed > product)? > > (e.g. I'd sure love to have the source for a number of legacy commercial > apps [namely- PaintWorksPlus for MacIIgs], but who knows what kind of > copyright trail the source could have which forces it to be > mothballed... If this is the case (it is based on some commercial software which can't be released), it cannot be released under BSD license either. Again, to put a license on anything, you need to have clear copyright. If you don't have copyright, you can't release it. > >> Though to really put my mouth where my heart is, I'm a pretty firm > >> believer that the GPL is a sort of fascist, absolutist freedom for > >> software. I believe the authors, and the spirit of the GPL, values > >> source code and machine cycles, far more than human life and > >> liberties. With that, I tend to simply see machines and code as > >> extensions of human beings, and disagree with the GPL. > > I value time I spent writing code. I want to be compensated for it. > > But Alex, don't you primarily run a service business? I do lots of things. If I release software that that is helpful to run my business - I frankly want someone to contribute back to me if they have made improvements, so it can help me run my business better. > > Either by being paid by licensee (commercial license), or by forcing > > other people to release their improvements to my software (which > > hopefully will be somewhat useful to me). > > > > I don't see place for a BSD license. I'm not *that* altruistic, I > > guess. > > I don't see the alltruism in BSD licensing, I see respect for > differences between cultures of creating. BSD license is all about altruism. "Here it is, the fruit of my hard work. enjoy it, make money from it, rape it with a nightstick, I don't care". > Tell me why I'm wrong? Or am I? Alex- as you are here backing the GPL, > with your comments, are you agreeing with me that the GPL is fascist in > how it forces absolute freedom? I think fascism is a strong word. GPL forces freedom. Without GPL, we wouldn't have so much free software. (read up on cases where Apple was forced to share improvements to gcc, which otherwise would remain closed). It is a good thing. From marco Mon Jan 23 16:26:44 2006 From: marco (Marco Scoffier) Date: Mon, 23 Jan 2006 16:26:44 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: References: <9F228A19-F8EC-4C56-9FE3-954A7AD753CF@lesmuug.org> Message-ID: <20060123212644.GK6429@ns.metm.org> On Mon, Jan 23, 2006 at 05:11:45PM -0500, alex at pilosoft.com wrote: >I think fascism is a strong word. GPL forces freedom. Without GPL, we >wouldn't have so much free software. (read up on cases where Apple was >forced to share improvements to gcc, which otherwise would remain >closed). It is a good thing. > Very well said Alex. I'm sorry but this is where my heart is. If its not free, I just don't care. I will do everything I can so that the closed product is not important to me. Why give someone the not free alternative when I just don't care about the product and whatever reasons the company has for wanting it to remain closed ? I want the product open or I don't want it at all. -- Marco From nomadlogic Mon Jan 23 16:44:24 2006 From: nomadlogic (pete wright) Date: Mon, 23 Jan 2006 13:44:24 -0800 Subject: [nycbug-talk] wasabi In-Reply-To: <200601231603.17610.george@bourozikas.net> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> <200601231603.17610.george@bourozikas.net> Message-ID: <57d710000601231344p99ba81hf2344b19fd4de225@mail.gmail.com> On 1/23/06, George Bourozikas wrote: > On Monday 23 January 2006 12:21 pm, Yusuke Shinyama wrote: > > Sadly they're called "a new FUD angle" in LWN... > > http://lwn.net/Articles/168497/ > > > > (I think the LWN guys are too hostile. > > It seems the site becomes increasingly more slashdottish recently.) > > > > Yusuke > > > > pete wright wrote: > > > since we are throwing links around today: > > > > > > http://www.wasabisystems.com/gpl/index.html > > > > > > probably one of the best written explanations regarding GPL's impact > > > from a business perspective IMO. > > > > > > -pete > > Quoting from the Wasabi website: > > The GPL has achieved what it set out to achieve: it is virtually > impossible to make money selling Linux, since any Linux distribution > that is sold must also be made open source, enabling users and > competitors to obtain it for free. > > This flies in the face of empirical observation: RedHat and IBM come to > mind and there are others. Furthermore it does not explore the > philosophical reasons behind teh GPL - some people may just object to > mega-corporations using their software for profit and without > attribution. making money selling support services is much different than selling a packaged GNU/Linux product. RedHat makes thier money from consulting, as does IBM. I think that is one of the great point's of OSS: sell a service, or add value to an existing idea. we run centos, it's a free version of RHEL. we get all the changes and patches that redhat put into there. it's perfectly kosher under the GPL. As an aside, RedHat does not get a dime from us for each of our seats or from any support contracts. > > Don't get me wrong: there are valid philosophical and business reasons > to choose the GPL, BSD or any of a number of licenses just as there are > good reasons to use BSD over Linux and vice versa, but this > presentation is kind of FUD'ish. > I'm still missing the FUD. Ok, that's not %100 true ;) Although I would not put this on the same level as the SCO law suit, and I do think it makes some pretty good points that people often over look when they start basing products/decisions and what ever great "Linux wiz bang buzz word" they find on google.... -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From mspitzer Mon Jan 23 17:07:43 2006 From: mspitzer (Marc Spitzer) Date: Mon, 23 Jan 2006 17:07:43 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: <43D5347C.6090600@pkgsrc.org> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123182947.GB6429@ns.metm.org> <8c50a3c30601231106t6952d338kc62264eb3834513e@mail.gmail.com> <20060123192308.GF6429@ns.metm.org> <43D5347C.6090600@pkgsrc.org> Message-ID: <8c50a3c30601231407t666aeb1ao973c710ba907bdc7@mail.gmail.com> On 1/23/06, Johnny Lam wrote: > Marco Scoffier wrote: > > On Mon, Jan 23, 2006 at 02:06:28PM -0500, Marc Spitzer wrote: > > > > > >>But once you have shipped one copy your customer can demand a copy of > >>the source, which you must provide, and put it up on source forge for > >>all the world to download. > >> > > > > Is this one of the loopholes which is being fixed ? Sounds like FUD, > > but I don't know for sure. > > I don't know what you mean by "loophole". The basic principles behind > the GPL is that anyone who gets the binary distribution of a piece of > software must be able to get the sources, and that anyone can > redistribute that software. The GPL takes a while to explain precisely > this, but that's the general aim. > > This applies to your example in that your customer, to whom you've sold > your GPLed software (binary + sources), can now freely distribute the > exact same binary and sources according to the GPL. Which means, as > Marc pointed out, they can upload it to SourceForge and let anyone > download it. One small point, they can not redistribute *your* binaries, unless your licence with them says its ok. But they can roll there own binaries from source and distribute them. marc > > Cheers, > > -- Johnny Lam > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From spork Mon Jan 23 17:09:09 2006 From: spork (Charles Sprickman) Date: Mon, 23 Jan 2006 17:09:09 -0500 (EST) Subject: [nycbug-talk] wasabi In-Reply-To: <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> Message-ID: On Mon, 23 Jan 2006, Yusuke Shinyama wrote: > Sadly they're called "a new FUD angle" in LWN... > http://lwn.net/Articles/168497/ > > (I think the LWN guys are too hostile. > It seems the site becomes increasingly more slashdottish recently.) One of the more entertaining comments: "Besides, if people making a $10 mouse can throw in a mini-CD full of documentation, it can't be hard to include a source code CD with your television, lawnmower or other Linux embedded device." I think some of these "Linux/GPL everywhere" nutjobs really do think that more than 10 people would be interested in getting source code for their televisions. I would imagine it would cost the television manufacturers more to answer all the support calls from people trying to "install the software that came with their tv" than it would to FedEx the few folks that want the code a copy on cd... C > Yusuke > > pete wright wrote: >> since we are throwing links around today: >> >> http://www.wasabisystems.com/gpl/index.html >> >> probably one of the best written explanations regarding GPL's impact >> from a business perspective IMO. >> >> -pete > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From mspitzer Mon Jan 23 17:17:32 2006 From: mspitzer (Marc Spitzer) Date: Mon, 23 Jan 2006 17:17:32 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123182947.GB6429@ns.metm.org> <8c50a3c30601231106t6952d338kc62264eb3834513e@mail.gmail.com> <20060123192308.GF6429@ns.metm.org> <43D5347C.6090600@pkgsrc.org> <20060123200917.GI6429@ns.metm.org> Message-ID: <8c50a3c30601231417v33fb3a85mcebec4514491c6eb@mail.gmail.com> On 1/23/06, Bob Ippolito wrote: > > On Jan 23, 2006, at 12:09 PM, Marco Scoffier wrote: > > > On Mon, Jan 23, 2006 at 02:54:36PM -0500, Johnny Lam wrote: > >> and that anyone can redistribute that software. > >> > >> This applies to your example in that your customer, to whom you've > >> sold > >> your GPLed software (binary + sources), can now freely distribute the > >> exact same binary and sources according to the GPL. Which means, as > >> Marc pointed out, they can upload it to SourceForge and let anyone > >> download it. > >> > > > > Got it. > > > > If you think software is a service, you have no problem with the GPL. > > If you insist that software should be a product you have a problem. > > I haven't read through GPLv3 yet, but IIRC one of their goals was to > make it such that services based on GPLv3 software must also make the > source available to users of that service -- whether or not the end > user has a copy of the object code. I'm not sure whether that's > reflected in the draft or not. I soo hope they will do that, all the big players will have to fork on gpl v2 code and this will kill the fsf. Oh happy day .... marc > > -bob > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From ike Mon Jan 23 17:20:27 2006 From: ike (Isaac Levy) Date: Mon, 23 Jan 2006 17:20:27 -0500 Subject: [nycbug-talk] wasabi In-Reply-To: References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> Message-ID: <71B8C05E-13DC-42CA-BD29-71942DAD3B85@lesmuug.org> Hey All, On Jan 23, 2006, at 5:09 PM, Charles Sprickman wrote: > I think some of these "Linux/GPL everywhere" nutjobs really do > think that more than 10 people would be interested in getting > source code for their televisions. I would imagine it would cost > the television manufacturers more to answer all the support calls > from people trying to "install the software that came with their > tv" than it would to FedEx the few folks that want the code a copy > on cd... LOL Look, my point exactly. Not everything lives in a context where open source will make or break the end use, (though time can change these contexts). Back to a twist on the ol' "source code for my pacemaker" thread, do I *really* want that source code to my grandfather's pacemaker? -- While my heart is with Marco and Alex with regard to FOSS, I just can't bring myself to force free software, any more than I can bring myself to endorse forcing American freedom abroad. /me drops that can of worms and runs out of the office, screaming Rocket- .ike From mspitzer Mon Jan 23 17:30:22 2006 From: mspitzer (Marc Spitzer) Date: Mon, 23 Jan 2006 17:30:22 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: References: Message-ID: <8c50a3c30601231430h4fb7b58er827155e97a54c883@mail.gmail.com> On 1/23/06, alex at pilosoft.com wrote: > On Mon, 23 Jan 2006, Isaac Levy wrote: > > Though to really put my mouth where my heart is, I'm a pretty firm > > believer that the GPL is a sort of fascist, absolutist freedom for > > software. I believe the authors, and the spirit of the GPL, values > > source code and machine cycles, far more than human life and liberties. > > With that, I tend to simply see machines and code as extensions of human > > beings, and disagree with the GPL. > I value time I spent writing code. I want to be compensated for it. Either > by being paid by licensee (commercial license), or by forcing other people > to release their improvements to my software (which hopefully will be > somewhat useful to me). So no matter what happens you want to get paid in some way and there is nothing wrong with that. > > I don't see place for a BSD license. I'm not *that* altruistic, I guess. fine > > > (Some folks say that view is a stretch, but kick back with a printout of > > the GPL on your next subway ride and then tell me why I'm wrong.) > This is becoming a flamewar. Reading the licence we are discussing is grounds for this atempt at taking this whole thead off topic by accusing Ike of starting a flame war? I think you *have* read the gpl but just dont want other people to do so. Why is that? Personally I think it is more of a comunist license, ie touch it and you loose most/all of your property rights on what you wrote that touched it. Face it the license has cooties. marc > > -alex > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From mspitzer Mon Jan 23 17:32:01 2006 From: mspitzer (Marc Spitzer) Date: Mon, 23 Jan 2006 17:32:01 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: <20060123212644.GK6429@ns.metm.org> References: <9F228A19-F8EC-4C56-9FE3-954A7AD753CF@lesmuug.org> <20060123212644.GK6429@ns.metm.org> Message-ID: <8c50a3c30601231432s2cbdfa0cw86873b58b2aa6c2b@mail.gmail.com> On 1/23/06, Marco Scoffier wrote: > On Mon, Jan 23, 2006 at 05:11:45PM -0500, alex at pilosoft.com wrote: > >I think fascism is a strong word. GPL forces freedom. Without GPL, we > >wouldn't have so much free software. (read up on cases where Apple was > >forced to share improvements to gcc, which otherwise would remain > >closed). It is a good thing. > > > > Very well said Alex. I'm sorry but this is where my heart is. If its > not free, I just don't care. I will do everything I can so that the > closed product is not important to me. Why give someone the not free > alternative when I just don't care about the product and whatever > reasons the company has for wanting it to remain closed ? I want the > product open or I don't want it at all. So we can all agree that anything under the gpl is not free. Glad that is settled, marc > > -- > Marco > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From alex Mon Jan 23 18:46:12 2006 From: alex (alex at pilosoft.com) Date: Mon, 23 Jan 2006 18:46:12 -0500 (EST) Subject: [nycbug-talk] Re: wasabi In-Reply-To: <8c50a3c30601231430h4fb7b58er827155e97a54c883@mail.gmail.com> Message-ID: On Mon, 23 Jan 2006, Marc Spitzer wrote: > > > the GPL on your next subway ride and then tell me why I'm wrong.) > > This is becoming a flamewar. > > Reading the licence we are discussing is grounds for this atempt at > taking this whole thead off topic by accusing Ike of starting a flame > war? I think you *have* read the gpl but just dont want other people to > do so. Why is that? Personally I think it is more of a comunist > license, ie touch it and you loose most/all of your property rights on > what you wrote that touched it. Face it the license has cooties. Yes, GPL is infectious. You want to build your software on my free software? your software will have to be free too. You don't like it? well, then bugger off and don't touch my software. Note the touches = "build on" not merely "use". Note that this is not that much different from a proprietary license that doesn't give you royalty-free redistribution rights. You license a library (say, report writing). Now, for each 'derived product' (as in, complete package with the report writer compiled in) you are obligated to pay royalty. And even if you have royalty-free distribution rights, they usually come with strings attached. So, all restrictive licenses are infectuous by design. GPL restricts you (as user of my software) from restricting freedom of *others* to enjoy fruit of our combined labor (mine as original developer and your as contributor). Again, in my eyes (as a person who writes software), its a good thing. For someone who is a user of my software, who wants to profit from my work, its not a good thing. BSD is not infectious - because it is really limitation of liability plus release into public domain, not really a license. From mspitzer Mon Jan 23 17:43:51 2006 From: mspitzer (Marc Spitzer) Date: Mon, 23 Jan 2006 17:43:51 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: <20060123200917.GI6429@ns.metm.org> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123182947.GB6429@ns.metm.org> <8c50a3c30601231106t6952d338kc62264eb3834513e@mail.gmail.com> <20060123192308.GF6429@ns.metm.org> <43D5347C.6090600@pkgsrc.org> <20060123200917.GI6429@ns.metm.org> Message-ID: <8c50a3c30601231443o74fce034kf7372d5ad0dca0e@mail.gmail.com> On 1/23/06, Marco Scoffier wrote: > On Mon, Jan 23, 2006 at 02:54:36PM -0500, Johnny Lam wrote: > >and that anyone can redistribute that software. > > > >This applies to your example in that your customer, to whom you've sold > >your GPLed software (binary + sources), can now freely distribute the > >exact same binary and sources according to the GPL. Which means, as > >Marc pointed out, they can upload it to SourceForge and let anyone > >download it. > > > > Got it. > > If you think software is a service, you have no problem with the GPL. > If you insist that software should be a product you have a problem. > ok you are having issues with economics. For example lets say a project costs $10 million dollars to build. You go to a vc firm and ask for money. They see that your product is bases on gpled code and is targeted to sell for $100/unit. If they know their business they will walk away from the deal because your company does not own its product. That $10 million is actually worth $100 because If I give you $100 I get all of your code. Many times the only way to make software afforable is to make it a product so the cost can be shared among a pool of users who find value in the product. the GPL makes that entirly too risky to make it make sence from a bussiness perspective. marc > -- > Marco > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From marco Mon Jan 23 17:49:30 2006 From: marco (Marco Scoffier) Date: Mon, 23 Jan 2006 17:49:30 -0500 Subject: [nycbug-talk] wasabi In-Reply-To: <71B8C05E-13DC-42CA-BD29-71942DAD3B85@lesmuug.org> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> <71B8C05E-13DC-42CA-BD29-71942DAD3B85@lesmuug.org> Message-ID: <20060123224930.GL6429@ns.metm.org> On Mon, Jan 23, 2006 at 05:20:27PM -0500, Isaac Levy wrote: >While my heart is with Marco and Alex with regard to FOSS, I just >can't bring myself to force free software, any more than I can bring >myself to endorse forcing American freedom abroad. > Very different. You are hung up on this "facist" idea, and I think you are misguided. No one is forcing anyone to use GPLed software. If you want to use GPLed code you have to play the game. If you want to live in Amurica you can't run around naked. Just rules to make a community. Calling a community building mechanism "facist" is a stretch. -- Marco From marco Mon Jan 23 17:51:11 2006 From: marco (Marco Scoffier) Date: Mon, 23 Jan 2006 17:51:11 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: <8c50a3c30601231432s2cbdfa0cw86873b58b2aa6c2b@mail.gmail.com> References: <9F228A19-F8EC-4C56-9FE3-954A7AD753CF@lesmuug.org> <20060123212644.GK6429@ns.metm.org> <8c50a3c30601231432s2cbdfa0cw86873b58b2aa6c2b@mail.gmail.com> Message-ID: <20060123225111.GM6429@ns.metm.org> On Mon, Jan 23, 2006 at 05:32:01PM -0500, Marc Spitzer wrote: >> >> Very well said Alex. I'm sorry but this is where my heart is. If its >> not free, I just don't care. I will do everything I can so that the >> closed product is not important to me. Why give someone the not free >> alternative when I just don't care about the product and whatever >> reasons the company has for wanting it to remain closed ? I want the >> product open or I don't want it at all. > >So we can all agree that anything under the gpl is not free. > You are a wily one aren't you :) -- Marco From alex Mon Jan 23 18:57:09 2006 From: alex (alex at pilosoft.com) Date: Mon, 23 Jan 2006 18:57:09 -0500 (EST) Subject: [nycbug-talk] Re: wasabi In-Reply-To: <8c50a3c30601231443o74fce034kf7372d5ad0dca0e@mail.gmail.com> Message-ID: On Mon, 23 Jan 2006, Marc Spitzer wrote: > ok you are having issues with economics. For example lets say a project > costs $10 million dollars to build. You go to a vc firm and ask for > money. They see that your product is bases on gpled code and is > targeted to sell for $100/unit. If they know their business they will > walk away from the deal because your company does not own its product. > That $10 million is actually worth $100 because If I give you $100 I get > all of your code. You are now trying to make things ambigous. "Based on GPL'd code" is not a clear thing. Say, you are making a toaster that runs linux. There's no issue with the fact that the code is GPL'd - your product is not a derived work. Now, say, your name is Abode Software and due to customers being pissed with your existing software, you are coming out with a much improved graphics design product Gimposhop, which is based on GIMP and your existing Shopophot product. Yes, indeed, you will be screwed, because you "don't own the product". And, yes, you *should* be screwed, because you are using the labor of thousands of people to make money, without paying the original developers off. Your 10M$ that you spend on Gimposhop may look like a lot to you - but it pales with thousands of man-hours spent on the product you started with. > Many times the only way to make software afforable is to make it a > product so the cost can be shared among a pool of users who find value > in the product. the GPL makes that entirly too risky to make it make > sence from a bussiness perspective. GPL is not designed for that. That's called commercial license. -alex From mspitzer Mon Jan 23 17:55:41 2006 From: mspitzer (Marc Spitzer) Date: Mon, 23 Jan 2006 17:55:41 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: References: <8c50a3c30601231430h4fb7b58er827155e97a54c883@mail.gmail.com> Message-ID: <8c50a3c30601231455l91405a7n8d80c9e4bf604461@mail.gmail.com> On 1/23/06, alex at pilosoft.com wrote: > On Mon, 23 Jan 2006, Marc Spitzer wrote: > > > > > the GPL on your next subway ride and then tell me why I'm wrong.) > > > This is becoming a flamewar. > > > > Reading the licence we are discussing is grounds for this atempt at > > taking this whole thead off topic by accusing Ike of starting a flame > > war? I think you *have* read the gpl but just dont want other people to > > do so. Why is that? Personally I think it is more of a comunist > > license, ie touch it and you loose most/all of your property rights on > > what you wrote that touched it. Face it the license has cooties. > Yes, GPL is infectious. You want to build your software on my free > software? your software will have to be free too. You don't like it? well, > then bugger off and don't touch my software. Your GPLed software is not free for any applicable definition I have come across in a dictionary. The FSF and now you are claiming something that is contradicted by trying to compair the word "free", as used in standard english, to the draconian encumberances inforced by the GPL. > > Note the touches = "build on" not merely "use". > > Note that this is not that much different from a proprietary license that > doesn't give you royalty-free redistribution rights. You license a library > (say, report writing). Now, for each 'derived product' (as in, complete > package with the report writer compiled in) you are obligated to pay > royalty. And even if you have royalty-free distribution rights, they > usually come with strings attached. So, all restrictive licenses are > infectuous by design. that is not so at all. the gpl makes you loose rights over your code. commercial licencing allows me to keep rights over mine. And if you want more rights give me more money. > > GPL restricts you (as user of my software) from restricting freedom of > *others* to enjoy fruit of our combined labor (mine as original developer the above sounds like it came from 1984. > and your as contributor). Again, in my eyes (as a person who writes > software), its a good thing. For someone who is a user of my software, who > wants to profit from my work, its not a good thing. You really need to look up the word free and freedom, in a non fsf dictionary. > > BSD is not infectious - because it is really limitation of liability plus > release into public domain, not really a license. No it is a licence, just a free one. marc -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From mspitzer Mon Jan 23 17:58:27 2006 From: mspitzer (Marc Spitzer) Date: Mon, 23 Jan 2006 17:58:27 -0500 Subject: [nycbug-talk] wasabi In-Reply-To: <20060123224930.GL6429@ns.metm.org> References: <57d710000601230907r210b7bd3g66e0f8d05f92ef6@mail.gmail.com> <20060123172100.9640.78043.yusuke@grape.cs.nyu.edu> <71B8C05E-13DC-42CA-BD29-71942DAD3B85@lesmuug.org> <20060123224930.GL6429@ns.metm.org> Message-ID: <8c50a3c30601231458l4f9162dh873ef9913338e800@mail.gmail.com> On 1/23/06, Marco Scoffier wrote: > On Mon, Jan 23, 2006 at 05:20:27PM -0500, Isaac Levy wrote: > >While my heart is with Marco and Alex with regard to FOSS, I just > >can't bring myself to force free software, any more than I can bring > >myself to endorse forcing American freedom abroad. > > > Very different. You are hung up on this "facist" idea, and I think you > are misguided. that right its communist not fascist, get with the program Ike. > > No one is forcing anyone to use GPLed software. If you want to use GPLed > code you have to play the game. If you want to live in Amurica you > can't run around naked. Just rules to make a community. > Calling a community building mechanism "facist" is a stretch. Damm straight, workers paradise all the way marc > > -- > Marco > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From alex Mon Jan 23 19:05:50 2006 From: alex (alex at pilosoft.com) Date: Mon, 23 Jan 2006 19:05:50 -0500 (EST) Subject: [nycbug-talk] Re: wasabi In-Reply-To: <8c50a3c30601231455l91405a7n8d80c9e4bf604461@mail.gmail.com> Message-ID: On Mon, 23 Jan 2006, Marc Spitzer wrote: > > Yes, GPL is infectious. You want to build your software on my free > > software? your software will have to be free too. You don't like it? > > well, then bugger off and don't touch my software. > > Your GPLed software is not free for any applicable definition I have > come across in a dictionary. The FSF and now you are claiming something > that is contradicted by trying to compair the word "free", as used in > standard english, to the draconian encumberances inforced by the GPL. You are splitting hairs. As you should surely know, in GPL, free stands for freedom. Freedom of end user to modify and redistribute software. Yes, in fact, to achieve this freedom it is necessary to forbid *you* from denying this said freedom to them. Are we clear now? > > Note the touches = "build on" not merely "use". > > > > Note that this is not that much different from a proprietary license that > > doesn't give you royalty-free redistribution rights. You license a library > > (say, report writing). Now, for each 'derived product' (as in, complete > > package with the report writer compiled in) you are obligated to pay > > royalty. And even if you have royalty-free distribution rights, they > > usually come with strings attached. So, all restrictive licenses are > > infectuous by design. > > that is not so at all. the gpl makes you loose rights over your code. > commercial licencing allows me to keep rights over mine. And if you > want more rights give me more money. But it *IS NOT YOUR CODE*. Capiche? You base your product on my code, you have to distribute your code. And that's the way I like it. Because frankly, without *my code* there wouldn't be *your code*. So, IT IS NOT YOUR CODE. > > GPL restricts you (as user of my software) from restricting freedom of > > *others* to enjoy fruit of our combined labor (mine as original developer > > the above sounds like it came from 1984. > > > and your as contributor). Again, in my eyes (as a person who writes > > software), its a good thing. For someone who is a user of my software, > > who wants to profit from my work, its not a good thing. > > You really need to look up the word free and freedom, in a non fsf > dictionary. Please, be my guest. > > BSD is not infectious - because it is really limitation of liability > > plus release into public domain, not really a license. > > No it is a licence, just a free one. Talking to you reminds me of trying to discuss things with Perry. -alex From mspitzer Mon Jan 23 18:11:43 2006 From: mspitzer (Marc Spitzer) Date: Mon, 23 Jan 2006 18:11:43 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: References: <8c50a3c30601231455l91405a7n8d80c9e4bf604461@mail.gmail.com> Message-ID: <8c50a3c30601231511k2bf00b79y1db1ea4413caba2a@mail.gmail.com> On 1/23/06, alex at pilosoft.com wrote: > On Mon, 23 Jan 2006, Marc Spitzer wrote: > > > > Yes, GPL is infectious. You want to build your software on my free > > > software? your software will have to be free too. You don't like it? > > > well, then bugger off and don't touch my software. > > > > Your GPLed software is not free for any applicable definition I have > > come across in a dictionary. The FSF and now you are claiming something > > that is contradicted by trying to compair the word "free", as used in > > standard english, to the draconian encumberances inforced by the GPL. > You are splitting hairs. > > As you should surely know, in GPL, free stands for freedom. Freedom of end > user to modify and redistribute software. Yes, in fact, to achieve this > freedom it is necessary to forbid *you* from denying this said freedom to > them. > > Are we clear now? yes they are dishonest people, that is how they nailed apple. > > > > Note the touches = "build on" not merely "use". > > > > > > Note that this is not that much different from a proprietary license that > > > doesn't give you royalty-free redistribution rights. You license a library > > > (say, report writing). Now, for each 'derived product' (as in, complete > > > package with the report writer compiled in) you are obligated to pay > > > royalty. And even if you have royalty-free distribution rights, they > > > usually come with strings attached. So, all restrictive licenses are > > > infectuous by design. > > > > that is not so at all. the gpl makes you loose rights over your code. > > commercial licencing allows me to keep rights over mine. And if you > > want more rights give me more money. > But it *IS NOT YOUR CODE*. Capiche? Never said it was all I said was I get to keep *my* code and that does not happen under code infected with gpled code. Is that clear enough? > > You base your product on my code, you have to distribute your code. And > that's the way I like it. Because frankly, without *my code* there > wouldn't be *your code*. So, IT IS NOT YOUR CODE. Alex you are smart, but you are not that smart. You see all I need to do is reimplament your ideas in a clean room and I have bypassed all of you controls. It gets even better then that if you are disaplined in your source control, I can build against your libs while I have a seperate team reimplamenting them from scratch, to your api, and just never leagally distribute the binary out side the company. The when my version of your ground breaking library is done I just rip out your code and put in mine and ship all the closed source binaries I want BWHAHAHHAA. Yes folks a dogbert moment. > > > > GPL restricts you (as user of my software) from restricting freedom of > > > *others* to enjoy fruit of our combined labor (mine as original developer > > > > the above sounds like it came from 1984. > > > > > and your as contributor). Again, in my eyes (as a person who writes > > > software), its a good thing. For someone who is a user of my software, > > > who wants to profit from my work, its not a good thing. > > > > You really need to look up the word free and freedom, in a non fsf > > dictionary. > Please, be my guest. I have and I use those definitions when I use the words, you apparently do not when it suits your purpose not to. > > > > BSD is not infectious - because it is really limitation of liability > > > plus release into public domain, not really a license. > > > > No it is a licence, just a free one. > Talking to you reminds me of trying to discuss things with Perry. > > -alex > > marc -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From george Mon Jan 23 18:37:24 2006 From: george (George R.) Date: Mon, 23 Jan 2006 18:37:24 -0500 Subject: [nycbug-talk] Re: wasabi In-Reply-To: <8c50a3c30601231511k2bf00b79y1db1ea4413caba2a@mail.gmail.com> References: <8c50a3c30601231455l91405a7n8d80c9e4bf604461@mail.gmail.com> <8c50a3c30601231511k2bf00b79y1db1ea4413caba2a@mail.gmail.com> Message-ID: <6699572C-43D3-4DC5-BBD9-C4E54BFE0B4B@sddi.net> On Jan 23, 2006, at 6:11 PM, Marc Spitzer wrote: > On 1/23/06, alex at pilosoft.com wrote: >> On Mon, 23 Jan 2006, Marc Spitzer wrote: >> >>>> Yes, GPL is infectious. You want to build your software on my free >>>> software? your software will have to be free too. You don't like >>>> it? >>>> well, then bugger off and don't touch my software. >>> >>> Your GPLed software is not free for any applicable definition I have >>> come across in a dictionary. The FSF and now you are claiming >>> something >>> that is contradicted by trying to compair the word "free", as >>> used in >>> standard english, to the draconian encumberances inforced by the >>> GPL. >> You are splitting hairs. >> >> As you should surely know, in GPL, free stands for freedom. >> Freedom of end >> user to modify and redistribute software. Yes, in fact, to achieve >> this >> freedom it is necessary to forbid *you* from denying this said >> freedom to >> them. >> >> Are we clear now? > > yes they are dishonest people, that is how they nailed apple. What a great way to end this borderline-useless argument. The topic was the Wasabi piece, which is certainly worth discussion, but has now moved into the realm of flame wars. The vast majority of people on this list are not here for that. . . and we really haven't had any heavy flaming since this list started over two years ago. Therefore, discussion on this thread & topic is officially CLOSED. g 'list master' From george Tue Jan 24 09:44:30 2006 From: george (George R.) Date: Tue, 24 Jan 2006 09:44:30 -0500 Subject: [nycbug-talk] Test Message Message-ID: <43D63D4E.3010006@sddi.net> Welcome to the list. . . g From okan Tue Jan 24 10:00:08 2006 From: okan (Okan Demirmen) Date: Tue, 24 Jan 2006 10:00:08 -0500 Subject: [nycbug-talk] Test Message In-Reply-To: <43D63D4E.3010006@sddi.net> References: <43D63D4E.3010006@sddi.net> Message-ID: <20060124150008.GB39987@yinaska.pair.com> On Tue 2006.01.24 at 09:44 -0500, George Rosamond wrote: > Welcome to the list. . . thanks. and welcome yourself. From yusuke Tue Jan 24 12:13:54 2006 From: yusuke (Yusuke Shinyama) Date: Tue, 24 Jan 2006 12:13:54 -0500 Subject: [nycbug-talk] how to make ypbind up to date? Message-ID: <20060124171354.17524.87178.yusuke@grape.cs.nyu.edu> Hi, I'm using ypserv/ypbind on our network. When I changed the info on the yp server, usually I expect the changes are reflected in (at most) a few minutes in a client. But for some reason, with a ypbind daemon running on my FreeBSD machine I had to /etc/rc.d/ypbind restart to see the changes every time, whereas Linux boxes see the changes immediately. Am I missing something? Here is my rc.conf settings: nis_client_enable="YES" nis_client_flags="-ypsetme -S nyucsproteusnet,mango,pear" nis_server_enable="NO" nisdomainname="nyucsproteusnet" Thank you, Yusuke From ike Tue Jan 24 12:55:04 2006 From: ike (Isaac Levy) Date: Tue, 24 Jan 2006 12:55:04 -0500 Subject: [nycbug-talk] windows anti-virus suggestions Message-ID: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> Hey All, With some recent fun in an office I'm working at, I'm shopping around for a good anti-virus software to use on a fistfull of windows machines. Does anyone on this list have any good recommendations for products/ services? Thanks! .ike From ike Tue Jan 24 13:01:38 2006 From: ike (Isaac Levy) Date: Tue, 24 Jan 2006 13:01:38 -0500 Subject: [nycbug-talk] wasabi In-Reply-To: <6699572C-43D3-4DC5-BBD9-C4E54BFE0B4B@sddi.net> References: <8c50a3c30601231455l91405a7n8d80c9e4bf604461@mail.gmail.com> <8c50a3c30601231511k2bf00b79y1db1ea4413caba2a@mail.gmail.com> <6699572C-43D3-4DC5-BBD9-C4E54BFE0B4B@sddi.net> Message-ID: <5D89BFAF-50B0-4BAC-B4B7-9CEBEF1894DD@lesmuug.org> Hey All, On Jan 23, 2006, at 6:37 PM, George R. wrote: > Therefore, discussion on this thread & topic is officially CLOSED. I'm not trying to prolong this thread, but I did want to say that some interesting points were made on all sides of these issues- and I really want to thank everyone for participating in this. It's bad to have empty angry flame wars, but I really am happy to know there's people who really give a *&%$ about these issues- from all sides this is important stuff to all of us continuing to do what we love. /me snaps a respectful salute to everyone who contributed to this thread (/me snaps an extra salute to George for closing it off) Rocket- .ike From dan Tue Jan 24 13:05:35 2006 From: dan (Dan Langille) Date: Tue, 24 Jan 2006 13:05:35 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> Message-ID: <43D6261F.1167.22851E2F@dan.langille.org> On 24 Jan 2006 at 12:55, Isaac Levy wrote: > With some recent fun in an office I'm working at, I'm shopping around > for a good anti-virus software to use on a fistfull of windows machines. > > Does anyone on this list have any good recommendations for products/ > services? AVG - http://www.grisoft.com/ I use http://www.grisoft.com/doc/289/lng/us/tpl/tpl01 cheers -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From nomadlogic Tue Jan 24 13:16:03 2006 From: nomadlogic (pete wright) Date: Tue, 24 Jan 2006 10:16:03 -0800 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> Message-ID: <57d710000601241016w5f795e83s861b6374fdb83ea3@mail.gmail.com> On 1/24/06, Isaac Levy wrote: > Hey All, > > With some recent fun in an office I'm working at, I'm shopping around > for a good anti-virus software to use on a fistfull of windows machines. > > Does anyone on this list have any good recommendations for products/ > services? not sure how what you are up against, but would something like clamav be a possible solution? -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From george Tue Jan 24 13:18:20 2006 From: george (George Georgalis) Date: Tue, 24 Jan 2006 13:18:20 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <43D6261F.1167.22851E2F@dan.langille.org> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> Message-ID: <20060124181820.GA21064@sta.duo> On Tue, Jan 24, 2006 at 01:05:35PM -0500, Dan Langille wrote: >On 24 Jan 2006 at 12:55, Isaac Levy wrote: > >> With some recent fun in an office I'm working at, I'm shopping around >> for a good anti-virus software to use on a fistfull of windows machines. >> >> Does anyone on this list have any good recommendations for products/ >> services? > >AVG - http://www.grisoft.com/ > >I use http://www.grisoft.com/doc/289/lng/us/tpl/tpl01 I thought everyone used clamav.net I think it's perl but I'm not sure if it runs _on_ windows machines. // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From nomadlogic Tue Jan 24 13:27:09 2006 From: nomadlogic (pete wright) Date: Tue, 24 Jan 2006 10:27:09 -0800 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <20060124181820.GA21064@sta.duo> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> Message-ID: <57d710000601241027h22941faeu62e26f0d3348169f@mail.gmail.com> On 1/24/06, George Georgalis wrote: > On Tue, Jan 24, 2006 at 01:05:35PM -0500, Dan Langille wrote: > >On 24 Jan 2006 at 12:55, Isaac Levy wrote: > > > >> With some recent fun in an office I'm working at, I'm shopping around > >> for a good anti-virus software to use on a fistfull of windows machines. > >> > >> Does anyone on this list have any good recommendations for products/ > >> services? > > > >AVG - http://www.grisoft.com/ > > > >I use http://www.grisoft.com/doc/289/lng/us/tpl/tpl01 > > I thought everyone used clamav.net I think it's perl > but I'm not sure if it runs _on_ windows machines. > i don't think it run's under windows (which may be a good thing) but you can always export your volumes that users are allowed to write to and have a dedicated *BSD box scan that. again, this may or may not be a good solution for mobile people etc... -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From mikel.king Tue Jan 24 13:28:09 2006 From: mikel.king (Mikel King) Date: Tue, 24 Jan 2006 13:28:09 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> Message-ID: <24568FC3-3F44-4E9B-AE83-913598829B17@ocsny.com> On Jan 24, 2006, at 12:55 PM, Isaac Levy wrote: > Hey All, > > With some recent fun in an office I'm working at, I'm shopping around > for a good anti-virus software to use on a fistfull of windows > machines. > > Does anyone on this list have any good recommendations for products/ > services? > > Thanks! > .ike > Ike, Symantec has a 10 licsense package that is fairly inexpensive. It lists for around $250, and I believe that a 5 pack is also available. http://symantec.com/small_business/products/internet_security/nav2006/ features.html Cheers, Mikel King CIO, Director of Network Operations Optimized Computer Solutions, INC Tech Alliance, INC 39 West Fourteenth Street Second Floor New York, NY 10011 http://www.ocsny.com http://www.techally.com t: 212.727.2100x132 +------------------------------------------+ How do you spell cooperation? Pessimists use each other, but optimists help each other. Collaboration feeds your spirit, while competition only stokes your ego. You'll find the best way to get along. +------------------------------------------+ From nycbug-list Tue Jan 24 13:35:54 2006 From: nycbug-list (Jonathan) Date: Tue, 24 Jan 2006 13:35:54 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <20060124181820.GA21064@sta.duo> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> Message-ID: On windows machines I've really liked using Sophos - they're proactive, up-to the minute, and catch things the bulk of other virus scanners miss (ie symantec). They make you pay for it though -- from what I remember, its not cheap. But if you get the small business license you can run their linux/bsd daemon on your server for email etc. From ike Tue Jan 24 13:38:10 2006 From: ike (Isaac Levy) Date: Tue, 24 Jan 2006 13:38:10 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <57d710000601241027h22941faeu62e26f0d3348169f@mail.gmail.com> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> <57d710000601241027h22941faeu62e26f0d3348169f@mail.gmail.com> Message-ID: Hey All, On Jan 24, 2006, at 1:27 PM, pete wright wrote: > again, this may or may not be a good solution for mobile people etc... Yeah- based on the responses I've received here, I should have been more detailed about the environment. Super mixed office, nearly all *BSD for servers, routers, etc... Some legacy Linux from old dev. projects (machines that are currently powered down). Email is with an offsite provider, so that's not an issue. Workstations are mostly Apples, with enough versions of Windows to cause grief. I simply wish to get something which provides client/workstation anti- virus, oldschool. Thanks for all the suggestions everyone! Best, .ike From george Tue Jan 24 13:46:35 2006 From: george (George Georgalis) Date: Tue, 24 Jan 2006 13:46:35 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <57d710000601241027h22941faeu62e26f0d3348169f@mail.gmail.com> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> <57d710000601241027h22941faeu62e26f0d3348169f@mail.gmail.com> Message-ID: <20060124184635.GC21064@sta.duo> On Tue, Jan 24, 2006 at 10:27:09AM -0800, pete wright wrote: >On 1/24/06, George Georgalis wrote: >> On Tue, Jan 24, 2006 at 01:05:35PM -0500, Dan Langille wrote: >> >On 24 Jan 2006 at 12:55, Isaac Levy wrote: >> > >> >> With some recent fun in an office I'm working at, I'm shopping around >> >> for a good anti-virus software to use on a fistfull of windows machines. >> >> >> >> Does anyone on this list have any good recommendations for products/ >> >> services? >> > >> >AVG - http://www.grisoft.com/ >> > >> >I use http://www.grisoft.com/doc/289/lng/us/tpl/tpl01 >> >> I thought everyone used clamav.net I think it's perl >> but I'm not sure if it runs _on_ windows machines. >> > >i don't think it run's under windows (which may be a good thing) but >you can always export your volumes that users are allowed to write to >and have a dedicated *BSD box scan that. I never really understood the scan volumes feature, I'd say scan before exchange... but maybe people download viruses other ways, I cannot imagine them not getting opened before a scan if they where downloaded by IE // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From lists Tue Jan 24 13:48:40 2006 From: lists (michael) Date: Tue, 24 Jan 2006 13:48:40 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> <57d710000601241027h22941faeu62e26f0d3348169f@mail.gmail.com> Message-ID: <20060124134840.2f27e224@wit.genoverly.home> On Tue, 24 Jan 2006 13:38:10 -0500 Isaac Levy wrote: > Super mixed office, nearly all *BSD for servers, routers, etc... > Some legacy Linux from old dev. projects (machines that are > currently powered down). Email is with an offsite provider, so > that's not an issue. Powered down, eh.. [sniff] I smell a hardware donation to NYCBUG.. -- Michael From ike Tue Jan 24 14:01:11 2006 From: ike (Isaac Levy) Date: Tue, 24 Jan 2006 14:01:11 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> Message-ID: <1FB690BC-C189-43A3-8C67-96E25DD21913@lesmuug.org> Hey All, On Jan 24, 2006, at 1:35 PM, Jonathan wrote: > > On windows machines I've really liked using Sophos - they're > proactive, up-to the minute, and catch things the bulk of other virus > scanners miss (ie symantec). > > They make you pay for it though -- from what I remember, its not > cheap. But if you get the small business license you can run their > linux/bsd daemon on your server for email etc. As an aside, Sophos seems to own ActiveState, who I know to be huge financial supporters in the Python community... Brownie points, for sure :) Rocket- .ike From riegersteve Tue Jan 24 14:09:01 2006 From: riegersteve (Steve Rieger) Date: Tue, 24 Jan 2006 11:09:01 -0800 Subject: [nycbug-talk] ldap ssh and sudo Message-ID: <94F403A8-9FAF-4AE7-95D0-3F0FC36D05C0@gmail.com> hi all, am in the process of putting together an initial ldif file that will allow a new instance of ldap to be used for sudo and ssh authentication, i could use some hep on this, if you have a ldap and use it for ssh and/or sudo and are willing to send me non private ldif info i would appreciate it. i need something to compare my ldif file to. thanx -- Steve Rieger riegersteve at gmail.com 310-339-4355 Ride Free, Ride On, Ride Safe I had the blues because I had no shoes until upon the street, I met a man who had no feet. Biker Blue From bschonhorst Tue Jan 24 14:14:01 2006 From: bschonhorst (Brad Schonhorst) Date: Tue, 24 Jan 2006 14:14:01 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <1FB690BC-C189-43A3-8C67-96E25DD21913@lesmuug.org> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> <1FB690BC-C189-43A3-8C67-96E25DD21913@lesmuug.org> Message-ID: <7708fd680601241114k7be73de8g4735d9a75c3a6ae6@mail.gmail.com> On 1/24/06, Isaac Levy wrote: > > Hey All, > > On Jan 24, 2006, at 1:35 PM, Jonathan wrote: > > > > > On windows machines I've really liked using Sophos - they're > > proactive, up-to the minute, and catch things the bulk of other virus > > scanners miss (ie symantec). > > > > They make you pay for it though -- from what I remember, its not > > cheap. But if you get the small business license you can run their > > linux/bsd daemon on your server for email etc. > > As an aside, Sophos seems to own ActiveState, who I know to be huge > financial supporters in the Python community... Brownie points, for > sure :) If you go with Sophos and are planning to do any type of enterprise management, plan on running it from a windows server. They can support mac clients but we ran into issues trying to host the CID on a os x server. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nycbug.org/pipermail/talk/attachments/20060124/6b3fb707/attachment.html From mikel.king Tue Jan 24 14:16:15 2006 From: mikel.king (Mikel King) Date: Tue, 24 Jan 2006 14:16:15 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <20060124184635.GC21064@sta.duo> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> <57d710000601241027h22941faeu62e26f0d3348169f@mail.gmail.com> <20060124184635.GC21064@sta.duo> Message-ID: <9E7FEF0F-E7EE-4ABB-A9E3-922450F2510E@ocsny.com> On Jan 24, 2006, at 1:46 PM, George Georgalis wrote: > On Tue, Jan 24, 2006 at 10:27:09AM -0800, pete wright wrote: >> On 1/24/06, George Georgalis wrote: >>> On Tue, Jan 24, 2006 at 01:05:35PM -0500, Dan Langille wrote: >>>> On 24 Jan 2006 at 12:55, Isaac Levy wrote: >>>> >>>>> With some recent fun in an office I'm working at, I'm shopping >>>>> around >>>>> for a good anti-virus software to use on a fistfull of windows >>>>> machines. >>>>> >>>>> Does anyone on this list have any good recommendations for >>>>> products/ >>>>> services? >>>> >>>> AVG - http://www.grisoft.com/ >>>> >>>> I use http://www.grisoft.com/doc/289/lng/us/tpl/tpl01 >>> >>> I thought everyone used clamav.net I think it's perl >>> but I'm not sure if it runs _on_ windows machines. >>> >> http://www.clamwin.com/ Please note that ClamWin Free Antivirus does not include an on-access real-time scanner, that is, you need to manually scan a file in order to detect a virus or spyware. Microsoft Outlook Addin, however will delete a virus-infected attachment automatically. >> i don't think it run's under windows (which may be a good thing) but >> you can always export your volumes that users are allowed to write to >> and have a dedicated *BSD box scan that. > > I never really understood the scan volumes feature, I'd say scan > before exchange... but maybe people download viruses other ways, I > cannot imagine them not getting opened before a scan if they where > downloaded by IE > > // George There are those lovely viruses that propagate through user writable volumes. The are rare now a days, because most people do not leave their systems that open anymore. From ike Tue Jan 24 14:24:02 2006 From: ike (Isaac Levy) Date: Tue, 24 Jan 2006 14:24:02 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <7708fd680601241114k7be73de8g4735d9a75c3a6ae6@mail.gmail.com> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> <1FB690BC-C189-43A3-8C67-96E25DD21913@lesmuug.org> <7708fd680601241114k7be73de8g4735d9a75c3a6ae6@mail.gmail.com> Message-ID: Word, On Jan 24, 2006, at 2:14 PM, Brad Schonhorst wrote: > If you go with Sophos and are planning to do any type of enterprise > management, plan on running it from a windows server. They can > support mac clients but we ran into issues trying to host the CID > on a os x server. Thanks all, I'm not planning on any enterprise management- just planning to deploy it on a per-machine basis to 5-7 windows clients/ laptops. One thing about Sophos though- how the heck does one buy it in the US? Found it for 170euro all over great brittan... Rocket- .ike From mikel.king Tue Jan 24 14:24:52 2006 From: mikel.king (Mikel King) Date: Tue, 24 Jan 2006 14:24:52 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <7708fd680601241114k7be73de8g4735d9a75c3a6ae6@mail.gmail.com> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> <1FB690BC-C189-43A3-8C67-96E25DD21913@lesmuug.org> <7708fd680601241114k7be73de8g4735d9a75c3a6ae6@mail.gmail.com> Message-ID: <23216DC8-74EB-4B2B-B722-F080B5F644D9@ocsny.com> On Jan 24, 2006, at 2:14 PM, Brad Schonhorst wrote: > > > On 1/24/06, Isaac Levy wrote: > Hey All, > > On Jan 24, 2006, at 1:35 PM, Jonathan wrote: > > > > > On windows machines I've really liked using Sophos - they're > > proactive, up-to the minute, and catch things the bulk of other > virus > > scanners miss (ie symantec). > > > > They make you pay for it though -- from what I remember, its not > > cheap. But if you get the small business license you can run their > > linux/bsd daemon on your server for email etc. > > As an aside, Sophos seems to own ActiveState, who I know to be huge > financial supporters in the Python community... Brownie points, for > sure :) > > > If you go with Sophos and are planning to do any type of enterprise > management, plan on running it from a windows server. They can > support mac clients but we ran into issues trying to host the CID > on a os x server. > > Besides clamavd comes preinstalled under Tiger Server. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nycbug.org/pipermail/talk/attachments/20060124/c046b161/attachment.html From netmantej Tue Jan 24 14:24:48 2006 From: netmantej (Tim Jacques) Date: Tue, 24 Jan 2006 14:24:48 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> Message-ID: <43D67F00.9070405@gmail.com> Isaac Levy wrote: > Hey All, > > With some recent fun in an office I'm working at, I'm shopping around > for a good anti-virus software to use on a fistfull of windows machines. > > Does anyone on this list have any good recommendations for products/ > services? > > Thanks! > .ike > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > Good afternoon everybody .. I was told years ago that the best anti virus software is the one with the most current dat files. I have used Mcafee for years, and they have updated dat files daily. Here is my formula for a Windows XP workstations. 1. Mcafee Viruscan Enterprise edition. It can be updated manually and does not interfere with the other products on this list. 2. Ad-Aware SE Pro.. It has a memory resident portion called Ad-Watch that blocks on the fly. The dat file is updated weekly. 3. Limited user accounts only. This is the only defense against Rootkits. The only drawback is you will need to login as an administrator to update your dat files. 4. Make sure there is a password on the Administrator account. Very important ... 5. Windows firewall. Nothing allowed. No exceptions. 6. Firefox and Thunderbird only. Securely configured. 7. No sharing. P2P music, and IM. 8. Keep an eye on the "Geek Media" for new threats .. I use Symantec Antivirus Corp. Edition also, but it is only updated weekly. Have a good day. tim .. From bschonhorst Tue Jan 24 14:26:17 2006 From: bschonhorst (Brad Schonhorst) Date: Tue, 24 Jan 2006 14:26:17 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> <1FB690BC-C189-43A3-8C67-96E25DD21913@lesmuug.org> <7708fd680601241114k7be73de8g4735d9a75c3a6ae6@mail.gmail.com> Message-ID: <7708fd680601241126j37f8bb98n779e2ee4c19c76f@mail.gmail.com> On 1/24/06, Isaac Levy wrote: > > Word, > > On Jan 24, 2006, at 2:14 PM, Brad Schonhorst wrote: > > > If you go with Sophos and are planning to do any type of enterprise > > management, plan on running it from a windows server. They can > > support mac clients but we ran into issues trying to host the CID > > on a os x server. > > Thanks all, I'm not planning on any enterprise management- just > planning to deploy it on a per-machine basis to 5-7 windows clients/ > laptops. > > One thing about Sophos though- how the heck does one buy it in the > US? Found it for 170euro all over great brittan... Here is the guy we purchased through. Very good rep. Steve Buckley Sales Manager NwTech, Inc. www.nwtechusa.com ---------------------------------------- Direct Line: Ph (760) 942-3067 x206 Support: Ph (888) 739-3454 Sales: Ph (800) 535-3353 Fax: Ph (877) 591-1958 ---------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nycbug.org/pipermail/talk/attachments/20060124/1421f78a/attachment.html From george Tue Jan 24 14:39:33 2006 From: george (George Bourozikas) Date: Tue, 24 Jan 2006 14:39:33 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> Message-ID: <200601241439.33460.george@bourozikas.net> On Tuesday 24 January 2006 12:55, Isaac Levy wrote: > Hey All, > > With some recent fun in an office I'm working at, I'm shopping around > for a good anti-virus software to use on a fistfull of windows > machines. > > Does anyone on this list have any good recommendations for products/ > services? > > Thanks! > .ike Others have mentioned AVG (www.grisoft.com) and I second that. It has several good points: - Uses a Firebird database, which can reside anywhere (i.e. no need for a dedicated Windows administrative workstation - Fairly lightweight. Updates are small and if bandwith is an issue it is trivial to set up a local update repository. - Catches most bugs, which is as good as anything these days. - Intel just invested in AVG, so it will probably be around for a while. - Scriptable - Fairly cheap And one bad point: - Tech support is by e-mail only, at least for us plebes. Having said that, they always got back to me within a minute or two of contacting them. In a way it may even be better that way, as you are left with a written record of the whole exchange. I have used AVG in a smallish environment (around 25 PC users with Linux servers) and was happy with it. Sophos was also very good. Nowdays, however, they are going the Windows/Active Directory route pretty heavily. I have a successful installation on a W2K3 server using a Samba server as a PDC and it manages its WinXP workstations just fine, but gone are the days when everything in Sophos could be scripted, including signature downloads and deployment (that product still exists, but is in maintenance mode and due to expire in Feb. 2007). Also, I am quite sure that the "Small Business" edition does not include anything but Windows products. Oh yes, and you pay through the nose (3-5 times over AVG). Having said that, their tech support for the "Enterprise" product is excellent. Clamav is not really an option for windows because it does not support on-access scanning, which is key for critters spreading through e-mail. Oh yes, keep in mind that most antivirus products have a less than stellar record with malware. --george P.S. If you need more details, feel free to ping me off-list. -- George Bourozikas From spork Tue Jan 24 14:55:45 2006 From: spork (Charles Sprickman) Date: Tue, 24 Jan 2006 14:55:45 -0500 (EST) Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> Message-ID: On Tue, 24 Jan 2006, Isaac Levy wrote: > Hey All, > > Does anyone on this list have any good recommendations for products/ > services? I'll second (or third?) AVG. I've put the free edition on all the neighbors/friends/etc. home machines and have been very happy with it. I also use it on my Mac in all my VPC installs. It seems to be a very svelte piece of software; VPC is always slow, AVG doesn't seem to add any slowness. Ditto on all the old PCs I've been "volunteered" to maintain. In the past I've used Norton/Symantec and McAfee and never really like them. Symantec junk always seems to break more than it fixes. C > Thanks! > .ike > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From george Tue Jan 24 15:01:58 2006 From: george (George R.) Date: Tue, 24 Jan 2006 15:01:58 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> Message-ID: <43D687B6.3070207@sddi.net> Charles Sprickman wrote: > On Tue, 24 Jan 2006, Isaac Levy wrote: > >> Hey All, >> >> Does anyone on this list have any good recommendations for products/ >> services? > > I'll second (or third?) AVG. I've put the free edition on all the > neighbors/friends/etc. home machines and have been very happy with it. I > also use it on my Mac in all my VPC installs. > > It seems to be a very svelte piece of software; VPC is always slow, AVG > doesn't seem to add any slowness. Ditto on all the old PCs I've been > "volunteered" to maintain. > > In the past I've used Norton/Symantec and McAfee and never really like > them. Symantec junk always seems to break more than it fixes. > > C Ditto on AVG. . . desktops, servers. . .it's the way. Can we talk about licensing now? g From ike Tue Jan 24 15:23:15 2006 From: ike (Isaac Levy) Date: Tue, 24 Jan 2006 15:23:15 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: <43D687B6.3070207@sddi.net> References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D687B6.3070207@sddi.net> Message-ID: Wow everybody, On Jan 24, 2006, at 3:01 PM, George R. wrote: > Ditto on AVG. . . desktops, servers. . .it's the way. Thanks for the overwhelming and insightful responses, I'm deploying AVG as I type here. This entire list is such a valuable resource for us all!!! > > Can we talk about licensing now? No. The list moderator closed that thread . Rocket- .ike From lists Tue Jan 24 15:22:35 2006 From: lists (lists) Date: Tue, 24 Jan 2006 15:22:35 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> <1FB690BC-C189-43A3-8C67-96E25DD21913@lesmuug.org> <7708fd680601241114k7be73de8g4735d9a75c3a6ae6@mail.gmail.com> Message-ID: <43D68C8B.1060901@kriptik.org> On 24 Jan 2006 14:24:02 -0500, Isaac Levy wrote: > Thanks all, I'm not planning on any enterprise management- just > planning to deploy it on a per-machine basis to 5-7 windows clients/ > laptops. To add more to your trial downloads... I generally like CA products for anti-virus, and they are running on this box right now. CA eTrust EZ anti-virus [1] sounds like it would be a good fit for your purposes (one trial version can be found here [2]). It is lightweight along with all the standard features and quite frequent updating. If you are looking for a bit more control and range, eTrust anti-virus [3] is a better option. Central management is among the additions. The per seat costs of either option is not bad, but there is no need to pay for more if you are not going to use it. [1] http://store.digitalriver.com/servlet/ControllerServlet?Action=DisplayPage&Locale=en_US&id=ProductDetailsPage&SiteID=caconsum&productID=35180700&Env=BASE [2] http://www.my-etrust.com/microsoft/ [3] http://store.ca.com/dr/sat1/ec_Main.Entry17c?V1=31036169&V2=31036169&PID=&PN=29&SP=10024&SID=40705&CUR=840&CID=190529 On a side note, I am not a fan of Symantec and McAfee anti-virus products. From not working properly to slowing a system down to a crawl, there never seem to be an end to the maintenance tasks involved with those products. -Andrew From nomadlogic Tue Jan 24 15:31:28 2006 From: nomadlogic (pete wright) Date: Tue, 24 Jan 2006 12:31:28 -0800 Subject: [nycbug-talk] mtree Message-ID: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> Hi All, I am trying to find a way to deploy mtree on some linux systems but am having a hard time finding any info on where i may be able to find sources and if anyone in the gnu/linux world is even working on mtree. i know this is the wrong list to ask linux questions on...but mtree is a bsd tool....so it's kinda relevant ;) thanks, pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From ike Tue Jan 24 15:45:39 2006 From: ike (Isaac Levy) Date: Tue, 24 Jan 2006 15:45:39 -0500 Subject: [nycbug-talk] mtree In-Reply-To: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> Message-ID: Hi Pete, On Jan 24, 2006, at 3:31 PM, pete wright wrote: > Hi All, > I am trying to find a way to deploy mtree on some linux systems but am > having a hard time finding any info on where i may be able to find > sources and if anyone in the gnu/linux world is even working on mtree. > i know this is the wrong list to ask linux questions on...but mtree > is a bsd tool....so it's kinda relevant ;) > > thanks, > pete Hey- not the same as mtree, but would tripwire do what your looking for? (is tripwire even still in use anywhere?) Rocket- .ike From jschauma Tue Jan 24 15:49:29 2006 From: jschauma (Jan Schaumann) Date: Tue, 24 Jan 2006 15:49:29 -0500 Subject: [nycbug-talk] mtree In-Reply-To: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> Message-ID: <20060124204929.GA18598@netmeister.org> pete wright wrote: > I am trying to find a way to deploy mtree on some linux systems but am > having a hard time finding any info on where i may be able to find > sources and if anyone in the gnu/linux world is even working on mtree. > i know this is the wrong list to ask linux questions on...but mtree > is a bsd tool....so it's kinda relevant ;) /usr/pkgsrc/pkgtools/mtree NetBSD's mtree is part of the pkgsrc tools, so bootstrapping pkgsrc builds mtree. You can, of course, rip out the files and build it by hand if you don't want to use pkgsrc, but then again, why wouldn't you? ;-) -Jan -- I seem to be having this tremendous difficulty with my lifestyle. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.nycbug.org/pipermail/talk/attachments/20060124/dd5cde07/attachment.bin From nomadlogic Tue Jan 24 17:14:13 2006 From: nomadlogic (pete wright) Date: Tue, 24 Jan 2006 14:14:13 -0800 Subject: [nycbug-talk] mtree In-Reply-To: References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> Message-ID: <57d710000601241414k333f9d1dyd673c590ae40227f@mail.gmail.com> On 1/24/06, Isaac Levy wrote: > Hi Pete, > > On Jan 24, 2006, at 3:31 PM, pete wright wrote: > > > Hi All, > > I am trying to find a way to deploy mtree on some linux systems but am > > having a hard time finding any info on where i may be able to find > > sources and if anyone in the gnu/linux world is even working on mtree. > > i know this is the wrong list to ask linux questions on...but mtree > > is a bsd tool....so it's kinda relevant ;) > > > > thanks, > > pete > > Hey- not the same as mtree, but would tripwire do what your looking for? > (is tripwire even still in use anywhere?) > I was hoping to use mtree as a replacement for mtree...so that is probably where we are going to go witht his...thx! -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From nomadlogic Tue Jan 24 17:15:41 2006 From: nomadlogic (pete wright) Date: Tue, 24 Jan 2006 14:15:41 -0800 Subject: [nycbug-talk] mtree In-Reply-To: <20060124204929.GA18598@netmeister.org> References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> <20060124204929.GA18598@netmeister.org> Message-ID: <57d710000601241415i62ed1367n3e6c7619c2f3f2d5@mail.gmail.com> On 1/24/06, Jan Schaumann wrote: > pete wright wrote: > > > I am trying to find a way to deploy mtree on some linux systems but am > > having a hard time finding any info on where i may be able to find > > sources and if anyone in the gnu/linux world is even working on mtree. > > i know this is the wrong list to ask linux questions on...but mtree > > is a bsd tool....so it's kinda relevant ;) > > /usr/pkgsrc/pkgtools/mtree > > NetBSD's mtree is part of the pkgsrc tools, so bootstrapping pkgsrc > builds mtree. You can, of course, rip out the files and build it by > hand if you don't want to use pkgsrc, but then again, why wouldn't you? > ;-) while I'd love to use pkgsrc, heck I'd love to use BSD in general, but that is unfortunately not an option. It seems we have put all our egg's in the rpm basket. Thanks Jan! -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From nomadlogic Tue Jan 24 17:16:18 2006 From: nomadlogic (pete wright) Date: Tue, 24 Jan 2006 14:16:18 -0800 Subject: [nycbug-talk] mtree In-Reply-To: <57d710000601241414k333f9d1dyd673c590ae40227f@mail.gmail.com> References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> <57d710000601241414k333f9d1dyd673c590ae40227f@mail.gmail.com> Message-ID: <57d710000601241416g3192c8e0r36a1063ec0277368@mail.gmail.com> On 1/24/06, pete wright wrote: > On 1/24/06, Isaac Levy wrote: > > Hi Pete, > > > > On Jan 24, 2006, at 3:31 PM, pete wright wrote: > > > > > Hi All, > > > I am trying to find a way to deploy mtree on some linux systems but am > > > having a hard time finding any info on where i may be able to find > > > sources and if anyone in the gnu/linux world is even working on mtree. > > > i know this is the wrong list to ask linux questions on...but mtree > > > is a bsd tool....so it's kinda relevant ;) > > > > > > thanks, > > > pete > > > > Hey- not the same as mtree, but would tripwire do what your looking for? > > (is tripwire even still in use anywhere?) > > > > I was hoping to use mtree as a replacement for mtree...so that is > probably where we are going to go witht his...thx! > > -p hmm...that came out well. I meant to say mtree as a tripwire replacement ;) -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From njt Tue Jan 24 18:01:28 2006 From: njt (N.J. Thomas) Date: Tue, 24 Jan 2006 18:01:28 -0500 Subject: [nycbug-talk] ensuring crons run Message-ID: <20060124230128.GP5503@ayvali.org> We have a bunch scripts in cron on different hosts that run hourly, nightly, etc. Occasionally for various reasons (network outage, filesystem full, bad input data), things break and the cron scripts don't run. What is a good system for ensuring these scripts are executed? Two solutions that we came up with: - log /var/log/cron to a central syslog server, write a script that parses this - force all users to put code in their crons (at the beginning and end) that pings some central db, if the cron doesn't run, neither do the pings, and some watchdog script kicks into action I would imagine that this is not the first time someone has tried to address this problem. What do you use? Cfengine? Nagios? thanks, Thomas -- N.J. Thomas njt at ayvali.org Etiamsi occiderit me, in ipso sperabo From alex Tue Jan 24 19:18:16 2006 From: alex (alex at pilosoft.com) Date: Tue, 24 Jan 2006 19:18:16 -0500 (EST) Subject: [nycbug-talk] ensuring crons run In-Reply-To: <20060124230128.GP5503@ayvali.org> Message-ID: On Tue, 24 Jan 2006, N.J. Thomas wrote: > We have a bunch scripts in cron on different hosts that run hourly, > nightly, etc. Occasionally for various reasons (network outage, > filesystem full, bad input data), things break and the cron scripts > don't run. You need proper centralized job batching/dependency system. Autosys is very commercial and very expensive. Opensource ones are all written for a specific job, and I didn't like any of them. Look at www.gnqs.org to start... > What is a good system for ensuring these scripts are executed? > > Two solutions that we came up with: > > - log /var/log/cron to a central syslog server, write a script that > parses this > > - force all users to put code in their crons (at the beginning and > end) that pings some central db, if the cron doesn't run, neither > do the pings, and some watchdog script kicks into action > > I would imagine that this is not the first time someone has tried to > address this problem. What do you use? Cfengine? Nagios? don't use cron. From lists Tue Jan 24 18:40:55 2006 From: lists (Francisco Reyes) Date: Tue, 24 Jan 2006 18:40:55 -0500 Subject: [nycbug-talk] windows anti-virus suggestions References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <24568FC3-3F44-4E9B-AE83-913598829B17@ocsny.com> Message-ID: Mikel King writes: > Symantec has a 10 licsense package that is fairly inexpensive. It > lists for around $250, and I believe that a 5 pack is also available. Symantec was recently caught having some type of backdoor in one of their prodcuts.. I have never been crazy about their antivirus offering, but after the recent discovery I am now moving to actively discourage my clients against using it. I have been using Kaspersky antivirus for the last few years. So far has been working well for me and my clients. From nomadlogic Tue Jan 24 19:01:46 2006 From: nomadlogic (pete wright) Date: Tue, 24 Jan 2006 16:01:46 -0800 Subject: [nycbug-talk] ensuring crons run In-Reply-To: <20060124230128.GP5503@ayvali.org> References: <20060124230128.GP5503@ayvali.org> Message-ID: <57d710000601241601r6333a9bck469c460c1d651815@mail.gmail.com> On 1/24/06, N.J. Thomas wrote: > We have a bunch scripts in cron on different hosts that run hourly, > nightly, etc. Occasionally for various reasons (network outage, > filesystem full, bad input data), things break and the cron scripts > don't run. > > What is a good system for ensuring these scripts are executed? > > Two solutions that we came up with: > > - log /var/log/cron to a central syslog server, write a script that > parses this > > - force all users to put code in their crons (at the beginning and > end) that pings some central db, if the cron doesn't run, neither > do the pings, and some watchdog script kicks into action > > I would imagine that this is not the first time someone has tried to > address this problem. What do you use? Cfengine? Nagios? cfengine is very different than nagios. nagios will monitor services and report failures. cfengine is able to activly monitor the state of machines and take action depending on the said state of a machine. it is very customizable, pretty robust and scales very well. i use both at my current job, and find that using cfengine as a replacement for cron, rdistd and other homegrown scripts to be working pretty well. depending on the size of your deployment though (or more realistically what is at stake if your systems go down), cfengine may be a bit overkill. -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From tux Tue Jan 24 19:33:15 2006 From: tux (Kevin Reiter) Date: Tue, 24 Jan 2006 19:33:15 -0500 Subject: [nycbug-talk] windows anti-virus suggestions In-Reply-To: References: <2156409D-F7D1-4067-98EB-66934313F5EA@lesmuug.org> <43D6261F.1167.22851E2F@dan.langille.org> <20060124181820.GA21064@sta.duo> Message-ID: <43D6C74B.5080108@penguinnetwerx.net> Jonathan wrote: > On windows machines I've really liked using Sophos - they're > proactive, up-to the minute, and catch things the bulk of other virus > scanners miss (ie symantec). > > They make you pay for it though -- from what I remember, its not > cheap. But if you get the small business license you can run their > linux/bsd daemon on your server for email etc. As a current Sophos VAR partner, I wound up looking elsewhere for a solution and found Avast! to be a good replacement, as far as the Win32 side of the house. I did some checking, and a 3-year subscription costs just less than a 1-year from Symantec. They also have a server-based deployment thingy, which I just got done installing - works pretty good. Sophos has been going through a lot of internal changes as far as Partners are concerned, but they're still one of 2 that I know of that puts out a solution for *BSD. http://www.avast.com From chsnyder Tue Jan 24 22:01:11 2006 From: chsnyder (csnyder) Date: Tue, 24 Jan 2006 22:01:11 -0500 Subject: [nycbug-talk] mtree In-Reply-To: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> Message-ID: On 1/24/06, pete wright wrote: > Hi All, > I am trying to find a way to deploy mtree on some linux systems but am > having a hard time finding any info on where i may be able to find > sources and if anyone in the gnu/linux world is even working on mtree. > i know this is the wrong list to ask linux questions on...but mtree > is a bsd tool....so it's kinda relevant ;) > Maybe filetraq? http://filetraq.xidus.net/ I got there from something called systrac which roughly emulates the FreeBSD security cronjobs. http://mdcc.cx/systraq/ Should be rpms, there's a Debian package. -- Chris Snyder http://chxo.com/ From rick Tue Jan 24 22:21:57 2006 From: rick (Rick Aliwalas) Date: Tue, 24 Jan 2006 22:21:57 -0500 (EST) Subject: [nycbug-talk] mtree In-Reply-To: References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> Message-ID: On Tue, 24 Jan 2006, Isaac Levy wrote: > Hey- not the same as mtree, but would tripwire do what your looking for? > (is tripwire even still in use anywhere?) I know some folks are using Aide now instead of tripwire. Hal Pomeranz wrote an article in SysAdmin called "File Integrity Assessment via SSH" http://www.samag.com/documents/s=9950/sam0602a/0602a.htm Doesn't really answer Pete's question but Aide is a portable alternative. -rick > > Rocket- > .ike > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From mspitzer Wed Jan 25 00:48:43 2006 From: mspitzer (Marc Spitzer) Date: Wed, 25 Jan 2006 00:48:43 -0500 Subject: [nycbug-talk] mtree In-Reply-To: <57d710000601241414k333f9d1dyd673c590ae40227f@mail.gmail.com> References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> <57d710000601241414k333f9d1dyd673c590ae40227f@mail.gmail.com> Message-ID: <8c50a3c30601242148n43807a42i20a0dc4dd39ab066@mail.gmail.com> On 1/24/06, pete wright wrote: > On 1/24/06, Isaac Levy wrote: > > Hi Pete, > > > > On Jan 24, 2006, at 3:31 PM, pete wright wrote: > > > > > Hi All, > > > I am trying to find a way to deploy mtree on some linux systems but am > > > having a hard time finding any info on where i may be able to find > > > sources and if anyone in the gnu/linux world is even working on mtree. > > > i know this is the wrong list to ask linux questions on...but mtree > > > is a bsd tool....so it's kinda relevant ;) > > > > > > thanks, > > > pete > > > > Hey- not the same as mtree, but would tripwire do what your looking for? > > (is tripwire even still in use anywhere?) > > > > I was hoping to use mtree as a replacement for mtree...so that is > probably where we are going to go witht his...thx! Take a look at this: http://pkgsrc.se/pkgtools/genrpm marc -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From ike Tue Jan 24 12:57:53 2006 From: ike (Isaac Levy) Date: Tue, 24 Jan 2006 12:57:53 -0500 Subject: [nycbug-talk] Verizon Woes got you down? In-Reply-To: <4C9C0DB5-391D-4D65-9C02-D6392D54AD8F@slam.cc> References: <4C9C0DB5-391D-4D65-9C02-D6392D54AD8F@slam.cc> Message-ID: <711F07DB-7482-415C-8659-3EEAEBB71BD9@lesmuug.org> Hi All, A TowerStream update: Well, after about a month of service, and learning some fine new tips and tricks for testing a network connection, a few people have asked me for info about the TowerStream service- so here goes: On Jan 23, 2006, at 4:18 PM, Aron Roberts wrote: > Hey there, > > I've been following your towerstream thread and I was curious how > you like it after a month of service. > > I am considering using their service and I am curious about your > impression of it. So far, the service has been OK, with a few painful hiccups. As with any new line, wireless or wired, there's bound to be problems in the beginning of use- as the packets and routes settle. With that, the TowerStream service has been just as expected- rocky for the first month. WHAT WE GOT: -- We started out with a '5 for 5' deal, (meaning 5mbit for $495), it's meant to compete with T1 price points. Now, after being sold that deal, the fine print is that the service is a guaranteed 1.5mbps synchronous, with bursts to 5mbit as the network allows. With that, it's at least supposed to be like a T1. INSTALL: -- The on-site install was extremely painless. Their installer ran wires to our roof, down the elevator shaft, and into our space- a weird ethernet/coax dual cable. It runs into a small metal box that looks like a cable-modem, but it has to stand upright- (fans/heat). OK, nothing exiting or special there. INITIAL PING: -- The reality of the situation is that right off the bat, once we had ping, we got a fairly consistent 2.6mbit, spiking to 2.8mbit. Very pleased. The bosses in the office were dissappointed not to have 5mbit proper, so be sure to set your expectations right with the 5- for-5 deal. (I don't feel like they're being scummy with how they market the service, but it creates problems....) THEN THE NEXT THING YOU KNOW: -- Wammo. One day, I show up at the office, and blam- we can't get more than 300k on the line. I check everything, firewall rulesets, the internal network, and spent the next 2 days casually power-cycling and double-checking everything on my end, while continuing my other work. I finally just hooked up my laptop directly to their router/modem/ thingie, and found the line was indeed capped on their side, called support, put in a trouble ticket. During the next 2 weeks, we had a battery of service botches- including random (and sometimes long) outages while they fixed things, with no lead-time for us to prepare. I asked them repeatedly to PLEASE call me if they were going to take the line down for more than a few seconds, and after yelling up the chain a few times, their engineers did start calling me- but this was fairly traumatic and disruptive for the office. I finally yelled, they listened, and all is good. Their support people were really trying to do the right thing, and were very cool to work with- their service seems like a very small company having growing pains as they become a big national company... So with all the pain their service practices unleashed in my world, they seemed to change how they do things on the fly- and even had their high-tier engineers call me to ask what they did wrong, and then resolve things. After their backhaul engineers have changed things around repeatedly, and having a tech out to check the positioning of our antannae, we're back up over 2mbit, peaking at that 2.8mbit mark. PING AS IT STANDS NOW: -- Ping is ok now. We're averaging about .90% packet loss over the month, but about .07% for last week- so I feel the line has improved to an acceptable level. (see attached smoke-ping graph of a close router ping, if it came through the list OK). Now, as it stands, I think the next TowerStream test is to see how well the line holds up over the next year... Especially as they scale as a business, and fill the NYC airwaves with 802.16 traffic... CONCLUSION: -- That stated, overall, I'm pleased with TowerStream- it's far better than our Verizon problems. I'd love to have internet service from one of the smaller reliable ISP's in the area, (with people on this list for goodness sake), but Verizon is in the way of that. That stated, TowerStream eliminates Verizon from our last mile, so it's a success for us. Best, .ike -------------- next part -------------- A non-text attachment was scrubbed... Name: TowerStreamROUTER3_last_2592000.png Type: image/png Size: 62241 bytes Desc: not available Url : http://lists.nycbug.org/pipermail/talk/attachments/20060124/e422620e/attachment-0001.png From george Wed Jan 25 10:48:03 2006 From: george (George Georgalis) Date: Wed, 25 Jan 2006 10:48:03 -0500 Subject: [nycbug-talk] *BSD compairson Message-ID: <20060125154802.GA19309@sta.duo> Folks, most of us have strong opinions about DragonFlyBSD, FreeBSD, NetBSD and OpenBSD (alphebetical, I think there are others). But can someone provide an unbiased compairson? I know it's a moving target, and I'm not looking for technical details, just the big points and features. Looks like I'll be migrating some Linux systems to BSD; but exactly why I choose one BSD over another is not easy to explain whthout going into technical examples. Is there a resource that describes the different cultures, philosophy, implementation, performance or some other differences? // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From nycbug Wed Jan 25 11:01:41 2006 From: nycbug (Ray Lai) Date: Wed, 25 Jan 2006 11:00:41 -0501 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125154802.GA19309@sta.duo> References: <20060125154802.GA19309@sta.duo> Message-ID: <20060125160104.GA13428@syntax.cyth.net> On Wed, Jan 25, 2006 at 10:48:03AM -0500, George Georgalis wrote: > Folks, most of us have strong opinions about DragonFlyBSD, > FreeBSD, NetBSD and OpenBSD (alphebetical, I think there are > others). But can someone provide an unbiased compairson? > > I know it's a moving target, and I'm not looking for technical > details, just the big points and features. Looks like I'll be > migrating some Linux systems to BSD; but exactly why I choose > one BSD over another is not easy to explain whthout going into > technical examples. > > Is there a resource that describes the different cultures, > philosophy, implementation, performance or some other differences? Depends on your needs. In fact, the best BSD for you might just be the one you're most familiar with. -Ray- From jschauma Wed Jan 25 11:06:11 2006 From: jschauma (Jan Schaumann) Date: Wed, 25 Jan 2006 11:06:11 -0500 Subject: [nycbug-talk] mtree In-Reply-To: <57d710000601241415i62ed1367n3e6c7619c2f3f2d5@mail.gmail.com> References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> <20060124204929.GA18598@netmeister.org> <57d710000601241415i62ed1367n3e6c7619c2f3f2d5@mail.gmail.com> Message-ID: <20060125160611.GA18440@netmeister.org> pete wright wrote: > while I'd love to use pkgsrc, heck I'd love to use BSD in general, but > that is unfortunately not an option. It seems we have put all our > egg's in the rpm basket. Thanks Jan! Ugh. rpm. Oh well. You should be able to create an rpm from the pkgsrc files, though, fairly easily. cvs -d anoncvs at anoncvs.netbsd.org:/cvsroot co pkgsrc/pkgtools/mtree cd pkgsrc/pkgtools/mtree/files Here you will find the portable sources of NetBSD's mtree. It's got a configure script and all that jazz, so you'd just have to write an rpm spec file to install in your preferred location and build an rpm. -Jan -- This is so cool I have to go to the bathroom. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.nycbug.org/pipermail/talk/attachments/20060125/015a3968/attachment.bin From jschauma Wed Jan 25 11:15:28 2006 From: jschauma (Jan Schaumann) Date: Wed, 25 Jan 2006 11:15:28 -0500 Subject: [nycbug-talk] mtree In-Reply-To: <20060125160611.GA18440@netmeister.org> References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> <20060124204929.GA18598@netmeister.org> <57d710000601241415i62ed1367n3e6c7619c2f3f2d5@mail.gmail.com> <20060125160611.GA18440@netmeister.org> Message-ID: <20060125161528.GC18440@netmeister.org> Jan Schaumann wrote: > You should be able to create an rpm from the pkgsrc files, though, > fairly easily. > > cvs -d anoncvs at anoncvs.netbsd.org:/cvsroot co pkgsrc/pkgtools/mtree > cd pkgsrc/pkgtools/mtree/files > > Here you will find the portable sources of NetBSD's mtree. It's got a > configure script and all that jazz, so you'd just have to write an rpm > spec file to install in your preferred location and build an rpm. I forgot to mention that this mtree also need libnbcompat, which is found in pkgsrc/pkgtools/libnbcompat/files. Together, this allows you to build mtree on all pkgsrc supported platforms (NetBSD, FreeBSD, OpenBSD, DragonFlyBSD, Darwin, Interix, IRIX, Linux, Solaris, BSD/OS, AIX, OSF/1). -Jan -- chown -R us:enemy your_base -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.nycbug.org/pipermail/talk/attachments/20060125/e3054222/attachment.bin From bschonhorst Wed Jan 25 11:07:13 2006 From: bschonhorst (Brad Schonhorst) Date: Wed, 25 Jan 2006 11:07:13 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125154802.GA19309@sta.duo> References: <20060125154802.GA19309@sta.duo> Message-ID: <7708fd680601250807q4819c361v494e90d9f339348a@mail.gmail.com> On 1/25/06, George Georgalis wrote: > > Folks, most of us have strong opinions about DragonFlyBSD, > FreeBSD, NetBSD and OpenBSD (alphebetical, I think there are > others). But can someone provide an unbiased compairson? > > I know it's a moving target, and I'm not looking for technical > details, just the big points and features. Looks like I'll be > migrating some Linux systems to BSD; but exactly why I choose > one BSD over another is not easy to explain whthout going into > technical examples. > > Is there a resource that describes the different cultures, > philosophy, implementation, performance or some other differences? Hey George- Here are a few places to start: Why BSD? http://www.freebsd.org/doc/en_US.ISO8859-1/articles/explaining-bsd/article.html BSD Success Stories http://nycbug.org/index.php?NAV=Library&SUBM=70 -Brad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nycbug.org/pipermail/talk/attachments/20060125/116a175b/attachment.html From nomadlogic Wed Jan 25 11:13:33 2006 From: nomadlogic (pete wright) Date: Wed, 25 Jan 2006 08:13:33 -0800 Subject: [nycbug-talk] mtree In-Reply-To: <20060125160611.GA18440@netmeister.org> References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> <20060124204929.GA18598@netmeister.org> <57d710000601241415i62ed1367n3e6c7619c2f3f2d5@mail.gmail.com> <20060125160611.GA18440@netmeister.org> Message-ID: <57d710000601250813p186ec51eo30b8281319fefa71@mail.gmail.com> On 1/25/06, Jan Schaumann wrote: > pete wright wrote: > > > while I'd love to use pkgsrc, heck I'd love to use BSD in general, but > > that is unfortunately not an option. It seems we have put all our > > egg's in the rpm basket. Thanks Jan! > > Ugh. rpm. Oh well. > > You should be able to create an rpm from the pkgsrc files, though, > fairly easily. > > cvs -d anoncvs at anoncvs.netbsd.org:/cvsroot co pkgsrc/pkgtools/mtree > cd pkgsrc/pkgtools/mtree/files > > Here you will find the portable sources of NetBSD's mtree. It's got a > configure script and all that jazz, so you'd just have to write an rpm > spec file to install in your preferred location and build an rpm. > ahh...ok, i'll have to give that a shot then. thanks! -pete > -Jan > > -- > This is so cool I have to go to the bathroom. > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > > > > -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From scottro Wed Jan 25 12:03:53 2006 From: scottro (Scott Robbins) Date: Wed, 25 Jan 2006 12:03:53 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125154802.GA19309@sta.duo> References: <20060125154802.GA19309@sta.duo> Message-ID: <20060125170353.GA86993@uws1.starlofashions.com> On Wed, Jan 25, 2006 at 10:48:03AM -0500, George Georgalis wrote: > Folks, most of us have strong opinions about DragonFlyBSD, > FreeBSD, NetBSD and OpenBSD (alphebetical, I think there are > others). But can someone provide an unbiased compairson? > > I know it's a moving target, and I'm not looking for technical > details, just the big points and features. Looks like I'll be > migrating some Linux systems to BSD; but exactly why I choose > one BSD over another is not easy to explain whthout going into > technical examples. > > Is there a resource that describes the different cultures, > philosophy, implementation, performance or some other differences? The wiki at http://www.bsdnexus.com has somewhat of a comparision. I always thought the best explanation was that of Greg Lehey (who is almost certainly biased, admittedly, towards FreeBSD) that one should (with the exception of DragonFly, at least at this date) look at their slogans to see what their emphasis is. FreeBSD, the power to serve NetBSD, of course it runs NetBSD OpenBSD, only one remote hole in the default install, in more than 8 years! -- Scott GPG KeyID EB3467D6 ( 1B848 077D 66F6 9DB0 FDC2 A409 FA54 D575 EB34 67D6) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Joyce: You belong in a good old fashioned college with keg parties and boys. Not here with Hellmouths and vampires. Buffy: Not really seeing the distinction. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.nycbug.org/pipermail/talk/attachments/20060125/0be91189/attachment.bin From okan Wed Jan 25 12:08:19 2006 From: okan (Okan Demirmen) Date: Wed, 25 Jan 2006 12:08:19 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125154802.GA19309@sta.duo> References: <20060125154802.GA19309@sta.duo> Message-ID: <20060125170819.GA49744@yinaska.pair.com> On Wed 2006.01.25 at 10:48 -0500, George Georgalis wrote: > Folks, most of us have strong opinions about DragonFlyBSD, > FreeBSD, NetBSD and OpenBSD (alphebetical, I think there are > others). But can someone provide an unbiased compairson? > > I know it's a moving target, and I'm not looking for technical > details, just the big points and features. Looks like I'll be > migrating some Linux systems to BSD; but exactly why I choose > one BSD over another is not easy to explain whthout going into > technical examples. > > Is there a resource that describes the different cultures, > philosophy, implementation, performance or some other differences? first, do not fix what is not broken. as for what BSD to use...the only thing you should worry yourself with is: is xyzBSD the right tool for the job? go on the basis of the tool and job - not "just because" this xBSD has X and this yBSD has Y. From george Wed Jan 25 13:11:52 2006 From: george (George Georgalis) Date: Wed, 25 Jan 2006 13:11:52 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125170819.GA49744@yinaska.pair.com> References: <20060125154802.GA19309@sta.duo> <20060125170819.GA49744@yinaska.pair.com> Message-ID: <20060125181152.GA20246@sta.duo> On Wed, Jan 25, 2006 at 12:08:19PM -0500, Okan Demirmen wrote: >On Wed 2006.01.25 at 10:48 -0500, George Georgalis wrote: >> Folks, most of us have strong opinions about DragonFlyBSD, >> FreeBSD, NetBSD and OpenBSD (alphebetical, I think there are >> others). But can someone provide an unbiased compairson? >> >> I know it's a moving target, and I'm not looking for technical >> details, just the big points and features. Looks like I'll be >> migrating some Linux systems to BSD; but exactly why I choose >> one BSD over another is not easy to explain whthout going into >> technical examples. >> >> Is there a resource that describes the different cultures, >> philosophy, implementation, performance or some other differences? > >first, do not fix what is not broken. yes. bsd was not chosen for fun. >as for what BSD to use...the only thing you should worry yourself with >is: is xyzBSD the right tool for the job? go on the basis of the tool >and job - not "just because" this xBSD has X and this yBSD has Y. right, breed not chosen for fun either. but my basis of choice and a laymen's explination are two different things. What I'd like to find are laymen bullet points from which I could borrow to say that was the biggest factor in my choice... I could spend a month documenting my basis into laymen terms, maybe someone else already has? more in another responce on this thread. // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From george Wed Jan 25 13:20:45 2006 From: george (George Georgalis) Date: Wed, 25 Jan 2006 13:20:45 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125170353.GA86993@uws1.starlofashions.com> References: <20060125154802.GA19309@sta.duo> <20060125170353.GA86993@uws1.starlofashions.com> Message-ID: <20060125182045.GB20246@sta.duo> On Wed, Jan 25, 2006 at 12:03:53PM -0500, Scott Robbins wrote: >On Wed, Jan 25, 2006 at 10:48:03AM -0500, George Georgalis wrote: >> Folks, most of us have strong opinions about DragonFlyBSD, >> FreeBSD, NetBSD and OpenBSD (alphebetical, I think there are >> others). But can someone provide an unbiased compairson? >> >> I know it's a moving target, and I'm not looking for technical >> details, just the big points and features. Looks like I'll be >> migrating some Linux systems to BSD; but exactly why I choose >> one BSD over another is not easy to explain whthout going into >> technical examples. >> >> Is there a resource that describes the different cultures, >> philosophy, implementation, performance or some other differences? > >The wiki at http://www.bsdnexus.com has somewhat of a comparision. I don't see anything there comparing *BSD, the wiki is unavailable. >I always thought the best explanation was that of Greg Lehey (who is >almost certainly biased, admittedly, towards FreeBSD) that one should >(with the exception of DragonFly, at least at this date) look at their >slogans to see what their emphasis is. > >FreeBSD, the power to serve >NetBSD, of course it runs NetBSD >OpenBSD, only one remote hole in the default install, in more than 8 >years! That's a bit too macro of a perspective for me.... in any event this is all no big. It's not too hard to talk about software packaging, major release upgrade process, support and flavor of base OS; which where my primary factors on *BSD selection. Or, install, software, updates and major release process for Linux vs BSD. // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From lists Wed Jan 25 13:30:29 2006 From: lists (michael) Date: Wed, 25 Jan 2006 13:30:29 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125182045.GB20246@sta.duo> References: <20060125154802.GA19309@sta.duo> <20060125170353.GA86993@uws1.starlofashions.com> <20060125182045.GB20246@sta.duo> Message-ID: <20060125133029.5363299f@wit.genoverly.home> On Wed, 25 Jan 2006 13:20:45 -0500 "George Georgalis" wrote: > in any event this is all no big. It's not too hard to talk about > software packaging, major release upgrade process, support > and flavor of base OS; which where my primary factors on *BSD > selection. Or, install, software, updates and major release > process for Linux vs BSD. > > // George Got an itch? Do it the unix way.. scratch it yourself! We look forward to your white paper in the NYCBUG Library. -- Michael From george Wed Jan 25 13:31:30 2006 From: george (George Georgalis) Date: Wed, 25 Jan 2006 13:31:30 -0500 Subject: [nycbug-talk] mtree In-Reply-To: <57d710000601250813p186ec51eo30b8281319fefa71@mail.gmail.com> References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> <20060124204929.GA18598@netmeister.org> <57d710000601241415i62ed1367n3e6c7619c2f3f2d5@mail.gmail.com> <20060125160611.GA18440@netmeister.org> <57d710000601250813p186ec51eo30b8281319fefa71@mail.gmail.com> Message-ID: <20060125183130.GC20246@sta.duo> On Wed, Jan 25, 2006 at 08:13:33AM -0800, pete wright wrote: >On 1/25/06, Jan Schaumann wrote: >> pete wright wrote: >> >> > while I'd love to use pkgsrc, heck I'd love to use BSD in general, but >> > that is unfortunately not an option. It seems we have put all our >> > egg's in the rpm basket. Thanks Jan! >> >> Ugh. rpm. Oh well. >> >> You should be able to create an rpm from the pkgsrc files, though, >> fairly easily. >> >> cvs -d anoncvs at anoncvs.netbsd.org:/cvsroot co pkgsrc/pkgtools/mtree >> cd pkgsrc/pkgtools/mtree/files >> >> Here you will find the portable sources of NetBSD's mtree. It's got a >> configure script and all that jazz, so you'd just have to write an rpm >> spec file to install in your preferred location and build an rpm. >> > >ahh...ok, i'll have to give that a shot then. thanks! I don't see anything at http://www-db.deis.unibo.it/Mtree/ about implementing in a tripwire way... though /usr/pkgsrc//pkgtools/mtree/DESCR is pretty straight forward. same thing? http://rsug.itd.umich.edu/software/radmind/ radmind - A suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. For Mac OS X, there's also a graphical interface. At its core, radmind operates as a tripwire. maybe overkill for you but I always think about radmind when people say tripwire. never tried it but I understand it production quality and useful. // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From scottro Wed Jan 25 13:38:34 2006 From: scottro (Scott Robbins) Date: Wed, 25 Jan 2006 13:38:34 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125182045.GB20246@sta.duo> References: <20060125154802.GA19309@sta.duo> <20060125170353.GA86993@uws1.starlofashions.com> <20060125182045.GB20246@sta.duo> Message-ID: <20060125183834.GA30477@uws1.starlofashions.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jan 25, 2006 at 01:20:45PM -0500, George Georgalis wrote: > On Wed, Jan 25, 2006 at 12:03:53PM -0500, Scott Robbins wrote: > > > >The wiki at http://www.bsdnexus.com has somewhat of a comparision. > > I don't see anything there comparing *BSD, the wiki is unavailable. Hrrm, so it is, sorry about that. - -- Scott GPG KeyID EB3467D6 ( 1B848 077D 66F6 9DB0 FDC2 A409 FA54 D575 EB34 67D6) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Xander: Just because you're better than us doesn't mean you can be all superior. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD18Wq+lTVdes0Z9YRAtyGAKCBaEeHkxEhS8606SgakJAQuRYB2ACfX1ex Yzj0GKe/TacM43wQYFrHXOM= =Ooyb -----END PGP SIGNATURE----- From ike Wed Jan 25 13:41:59 2006 From: ike (Isaac Levy) Date: Wed, 25 Jan 2006 13:41:59 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125182045.GB20246@sta.duo> References: <20060125154802.GA19309@sta.duo> <20060125170353.GA86993@uws1.starlofashions.com> <20060125182045.GB20246@sta.duo> Message-ID: Hi George, On Jan 25, 2006, at 1:20 PM, George Georgalis wrote: > On Wed, Jan 25, 2006 at 12:03:53PM -0500, Scott Robbins wrote: >> On Wed, Jan 25, 2006 at 10:48:03AM -0500, George Georgalis wrote: >>> Folks, most of us have strong opinions about DragonFlyBSD, >>> FreeBSD, NetBSD and OpenBSD (alphebetical, I think there are >>> others). But can someone provide an unbiased compairson? Hold on right there- Do we really have such strong opinions? I haven't really gotten that from this group (or the BSD's in general), at all. (Ok, some people/ places, but they're exceptions). The BSD's are so promiscuous, I don't know what *BSD I'll be using in 5 years- but I surely know I'll be using some BSD. >>> >>> I know it's a moving target, and I'm not looking for technical >>> details, just the big points and features. Looks like I'll be >>> migrating some Linux systems to BSD; but exactly why I choose >>> one BSD over another is not easy to explain whthout going into >>> technical examples. >>> >>> Is there a resource that describes the different cultures, >>> philosophy, implementation, performance or some other differences? >> >> The wiki at http://www.bsdnexus.com has somewhat of a comparision. > > I don't see anything there comparing *BSD, the wiki is unavailable. There's not much to explain- compared to Linux distros, *BSD is all the same- consistent, ancient, UNIX. I've never been disappointed carrying expectations for compatible userland utilities, it's only in the more esoteric/hardcore details where things start to differ. I've found those details are not something sane to explain to 'laymen' as you put it. >> I always thought the best explanation was that of Greg Lehey (who is >> almost certainly biased, admittedly, towards FreeBSD) that one should >> (with the exception of DragonFly, at least at this date) look at >> their >> slogans to see what their emphasis is. >> >> FreeBSD, the power to serve >> NetBSD, of course it runs NetBSD >> OpenBSD, only one remote hole in the default install, in more than 8 >> years! > > That's a bit too macro of a perspective for me.... ? > > in any event this is all no big. It's not too hard to talk about > software packaging, major release upgrade process, support > and flavor of base OS; which where my primary factors on *BSD > selection. Or, install, software, updates and major release > process for Linux vs BSD. Well, to be honest, I don't think there's too much Linux vs. BSD stuff out there really, insomuch as it's negative in spirit. There's plenty of docs to explain what *BSD does though :) my .02? Rocket- .ike From nomadlogic Wed Jan 25 13:53:21 2006 From: nomadlogic (pete wright) Date: Wed, 25 Jan 2006 10:53:21 -0800 Subject: [nycbug-talk] mtree In-Reply-To: <20060125183130.GC20246@sta.duo> References: <57d710000601241231p7ef32d22k85325d6a97c4ba7e@mail.gmail.com> <20060124204929.GA18598@netmeister.org> <57d710000601241415i62ed1367n3e6c7619c2f3f2d5@mail.gmail.com> <20060125160611.GA18440@netmeister.org> <57d710000601250813p186ec51eo30b8281319fefa71@mail.gmail.com> <20060125183130.GC20246@sta.duo> Message-ID: <57d710000601251053k6f00c81emb1f8ef6cb67e6a3f@mail.gmail.com> On 1/25/06, George Georgalis wrote: > On Wed, Jan 25, 2006 at 08:13:33AM -0800, pete wright wrote: > >On 1/25/06, Jan Schaumann wrote: > >> pete wright wrote: > >> > >> > while I'd love to use pkgsrc, heck I'd love to use BSD in general, but > >> > that is unfortunately not an option. It seems we have put all our > >> > egg's in the rpm basket. Thanks Jan! > >> > >> Ugh. rpm. Oh well. > >> > >> You should be able to create an rpm from the pkgsrc files, though, > >> fairly easily. > >> > >> cvs -d anoncvs at anoncvs.netbsd.org:/cvsroot co pkgsrc/pkgtools/mtree > >> cd pkgsrc/pkgtools/mtree/files > >> > >> Here you will find the portable sources of NetBSD's mtree. It's got a > >> configure script and all that jazz, so you'd just have to write an rpm > >> spec file to install in your preferred location and build an rpm. > >> > > > >ahh...ok, i'll have to give that a shot then. thanks! > > I don't see anything at http://www-db.deis.unibo.it/Mtree/ > about implementing in a tripwire way... though > /usr/pkgsrc//pkgtools/mtree/DESCR is pretty straight forward. > same thing? yea...there is this little book called BSD hacks which show's how to use mtree as a tripwire replacement ;) > > http://rsug.itd.umich.edu/software/radmind/ > radmind - A suite of Unix command-line tools and a server designed to > remotely administer the file systems of multiple Unix machines. For Mac > OS X, there's also a graphical interface. At its core, radmind > operates as a tripwire. > yea...not osx...and thankfull no GUI needed here...i still should check it out. basicly what is needed is an extensible system to keep a database of file structures for security purposes. I liked the idea of using mtree as i would be able to intergrate it into our cfengine deployment as use it as more than just a security tool. i was also hoping to minic how freebsd ports (and not sure about open or pkgsrc) uses mtree to track installed ports... -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From george Wed Jan 25 14:03:55 2006 From: george (George Georgalis) Date: Wed, 25 Jan 2006 14:03:55 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: References: <20060125154802.GA19309@sta.duo> <20060125170353.GA86993@uws1.starlofashions.com> <20060125182045.GB20246@sta.duo> Message-ID: <20060125190355.GE20246@sta.duo> Word! On Wed, Jan 25, 2006 at 01:41:59PM -0500, Isaac Levy wrote: >On Jan 25, 2006, at 1:20 PM, George Georgalis wrote: >> On Wed, Jan 25, 2006 at 12:03:53PM -0500, Scott Robbins wrote: >>> On Wed, Jan 25, 2006 at 10:48:03AM -0500, George Georgalis wrote: >>>> Folks, most of us have strong opinions about DragonFlyBSD, >>>> FreeBSD, NetBSD and OpenBSD (alphebetical, I think there are >>>> others). But can someone provide an unbiased compairson? > >Hold on right there- > >Do we really have such strong opinions? I haven't really gotten that >from this group (or the BSD's in general), at all. (Ok, some people/ >places, but they're exceptions). Nobody is really evangelizing one BSD or another to me. But typically when I've discussed with others, I get a response, myBSD works for me, which should be interpreted, I never tried it with yourBSD. Which is more what I meant than "strong opinions" and really not "most of us", just some of my conversations. >> I don't see anything there comparing *BSD, the wiki is unavailable. > >There's not much to explain- compared to Linux distros, *BSD is all >the same- consistent, ancient, UNIX. > >I've never been disappointed carrying expectations for compatible >userland utilities, it's only in the more esoteric/hardcore details >where things start to differ. I've found those details are not >something sane to explain to 'laymen' as you put it. yeah, little difference for users, even comparing *Linux to *BSD. My basis was on installer, /etc, /sbin (admin tools), upgrade and package system. >>> FreeBSD, the power to serve >>> NetBSD, of course it runs NetBSD >>> OpenBSD, only one remote hole in the default install, in more than 8 >>> years! >> >> That's a bit too macro of a perspective for me.... > >? Well they all can serve, they are all as portable as needed and differences in security are irrelevant. >> in any event this is all no big. It's not too hard to talk about >> software packaging, major release upgrade process, support >> and flavor of base OS; which where my primary factors on *BSD >> selection. Or, install, software, updates and major release >> process for Linux vs BSD. > >Well, to be honest, I don't think there's too much Linux vs. BSD >stuff out there really, insomuch as it's negative in spirit. > >There's plenty of docs to explain what *BSD does though :) Why did you choose yourBSD? // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From george Wed Jan 25 14:35:08 2006 From: george (George Georgalis) Date: Wed, 25 Jan 2006 14:35:08 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125190355.GE20246@sta.duo> References: <20060125154802.GA19309@sta.duo> <20060125170353.GA86993@uws1.starlofashions.com> <20060125182045.GB20246@sta.duo> <20060125190355.GE20246@sta.duo> Message-ID: <20060125193508.GF20246@sta.duo> >>>> FreeBSD, the power to serve that one will make the cat 5 bleed... >>>> NetBSD, of course it runs NetBSD the toaster could be your file server... >>>> OpenBSD, only one remote hole in the default install, in more than 8 >>>> years! install and forget... >>>> DragonFlyBSD they are all coherent.... // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From jlam Wed Jan 25 14:48:37 2006 From: jlam (Johnny Lam) Date: Wed, 25 Jan 2006 14:48:37 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125190355.GE20246@sta.duo> References: <20060125154802.GA19309@sta.duo> <20060125170353.GA86993@uws1.starlofashions.com> <20060125182045.GB20246@sta.duo> <20060125190355.GE20246@sta.duo> Message-ID: <43D7D615.8030805@pkgsrc.org> George Georgalis wrote: > > Why did you choose yourBSD? I chose NetBSD because at the time (back in 1992 or so, NetBSD was pretty much the only option for running a Unix on my computer -- a Macintosh LC III. I grew familiar with the way things were laid out in a NetBSD installation, and when I eventually had enough money to start buying better machines, I stayed with NetBSD because it gave me the same environment on i386 as I was used to on mac68k. When I eventually got a job as a sysadmin, I just brought what I knew into my workplace and installed NetBSD to provide typical office-oriented services. I guess what I'm saying is that NetBSD is my main tool at work because it's "just what I'm used to". I'm hard-pressed to find a "killer-edge" in any one BSD that would make me choose it over another, especially given how the various BSD projects share ideas and code. The reality of administering systems for me is that all of my BSD boxes are "pkgsrc machines". Nowadays, I administer some FreeBSD boxes in addition to NetBSD boxes, but to me they're all the same because all of the services I run are provided through software installed from pkgsrc. Because of that, I can reliably find my pkgsrc postfix config files in the same place, regardless of what is the underlying BSD. I imagine that if I ever needed to administer a Linux box, I'd do the same thing with it -- install pkgsrc. I guess this is just another expression of it's "just what I'm used to". Cheers, -- Johnny Lam From nycbug-list Wed Jan 25 14:50:21 2006 From: nycbug-list (Jonathan Vanasco) Date: Wed, 25 Jan 2006 14:50:21 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125170353.GA86993@uws1.starlofashions.com> References: <20060125154802.GA19309@sta.duo> <20060125170353.GA86993@uws1.starlofashions.com> Message-ID: <248011CE-F56A-45A2-9219-78D8DED2D45C@2xlp.com> On Jan 25, 2006, at 12:03 PM, Scott Robbins wrote: > I always thought the best explanation was that of Greg Lehey (who is > almost certainly biased, admittedly, towards FreeBSD) that one should > (with the exception of DragonFly, at least at this date) look at their > slogans to see what their emphasis is. > FreeBSD, the power to serve > NetBSD, of course it runs NetBSD > OpenBSD, only one remote hole in the default install, in more than 8 > years! I agree. I've been happy with: FreeBSD web/db/mail servers OpenBSD firewalls I have never used netbsd, at this point i doubt i'll get around to it. From lists Wed Jan 25 19:19:21 2006 From: lists (lists) Date: Wed, 25 Jan 2006 19:19:21 -0500 Subject: [nycbug-talk] *BSD compairson In-Reply-To: <20060125190355.GE20246@sta.duo> References: <20060125154802.GA19309@sta.duo> <20060125170353.GA86993@uws1.starlofashions.com> <20060125182045.GB20246@sta.duo> <20060125190355.GE20246@sta.duo> Message-ID: <43D81589.80408@kriptik.org> On 25 Jan 2006 14:03:55 -0500, George Georgalis wrote: > Why did you choose yourBSD? I started with OpenBSD because its focus was much like my own, and it is still my favorite *BSD. The first business environment I applied it in was a very small office, and they needed basic server functionality (web, mail, name, ftp). I brought in OpenBSD quite quickly to replace the existing firewall/gateway (running NT at the time), and then migrated the mail (front door, at least), web, ftp, and name servers from NT to OpenBSD as well. Needless to say, OpenBSD was rock solid and the improvements to the company's infrastructure quite noticeable (always a plus!). To this day, I use OpenBSD as much as I can and it is virtually always the front door to a network. From a VPN gateway to a firewall, it is quite beautiful, especially with the (somewhat recent) growth in its load balancing/redundancy aspects. Eventually, I stumbled into using FreeBSD, initially from a desktop perspective rather than a server perspective. OpenBSD was not an ideal desktop platform, as its hardware support was somewhat limited and its focus did not bend to what I expected from a desktop in terms of functionality. (I think knowing Debian was more useful than knowing OpenBSD when I was first getting to know FreeBSD.) As I worked with FreeBSD, I came to like it and tried it in server environments where I had more robust usage requirements, such as the latest and greatest software packages or less common/newer hardware. Not to mention, as performance requirements started to kick in, FreeBSD was often a better match than OpenBSD, at least with a bare minimum tuning. So, now, I use FreeBSD for most backend servers and virtually all (*BSD) end user machines (desktops, laptops - wireless was an important growth area in FreeBSD 6, etc.). -Andrew From spork Wed Jan 25 20:49:35 2006 From: spork (Charles Sprickman) Date: Wed, 25 Jan 2006 20:49:35 -0500 (EST) Subject: [nycbug-talk] Fibre Channel, RAID, free hardware, oh my! Message-ID: <20060125203149.V571@sporker.bway.net> Hello all, I've acquired some stuff that got me excited, and then got me depressed... -dual 2.4 Xeon box, Intel mainboard -Mylex ExtremeRAID 3000 dual-channel fibre channel RAID controller -3 NetApp filer shelves w/1.5TB My first thought was "new mail server!". I was going to grab two shelves, throw FreeBSD on here and start building something sans Adaptec SCSI RAID to replace what we've got. Things were looking good, the machine booted (into W2K) and saw all the arrays. Occasionally on a cold boot the Mylex card would complain about an invalid config in nvram, but it would boot fine after a reset. That made me nervous. After more screwing around, I noticed that I was no longer getting the "alt-r to enter raid config" bios message on boot. Long story short, looks like the card is toast and the flash is somehow corrupted. No matter how many times I flash it, no-go. So there are really no new FC RAID cards that are supported by FreeBSD, but I've still got a nice server and 1.5TB of disks. I'm considering getting a Qlogic or LSI FC card (with no RAID), but I'm really lost on what the state of software RAID in FreeBSD 6 is these days. I don't want RAID5, just 1+0 (striped + mirrored). I've used ccd in the past for a news server (just striping), and briefly toyed with Vinum (and ran screaming from it). The handbook only mentions those two options, but I've heard that RAIDFrame was being ported and that there was something in GEOM. Is there anything out there that's production quality? Would you trust a few thousand mailboxes to it? Am I being unfair to Vinum? Just looking for some input... Thanks, Charles From ike Wed Jan 25 21:55:32 2006 From: ike (Isaac Levy) Date: Wed, 25 Jan 2006 21:55:32 -0500 Subject: [nycbug-talk] Fibre Channel, RAID, free hardware, oh my! In-Reply-To: <20060125203149.V571@sporker.bway.net> References: <20060125203149.V571@sporker.bway.net> Message-ID: <671AE06A-5E6F-4731-9AAB-771EBC614139@lesmuug.org> Hi Charles, I think I can only throw in .01 of the .02? you are looking for here, On Jan 25, 2006, at 8:49 PM, Charles Sprickman wrote: > Hello all, slick hardware > I'm considering getting a Qlogic or LSI FC card (with no RAID), but > I'm > really lost on what the state of software RAID in FreeBSD 6 is > these days. GEOM, > I don't want RAID5, just 1+0 (striped + mirrored). GEOM, > I've used ccd in the > past for a news server (just striping), and briefly toyed with > Vinum (and > ran screaming from it). GEOM. Even Greg Lehey (for the record, the author of Vinum), is advocating the calm abandonment of Vinum. GEOM based utilities are simply more modern, faster, tighter, cleaner; and it's got a very bright future. On top of that, the userland tools are very elegant- (in comparison to vinum, which is um, not.) > > The handbook only mentions those two options, but I've heard that > RAIDFrame was being ported and that there was something in GEOM. > Is there > anything out there that's production quality? Would you trust a few > thousand mailboxes to it? Am I being unfair to Vinum? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/geom.html Not trying to shout out a RTFM, but it's all there... better than I can type here. I think it's perhaps exactly the direction your looking to go. > > Just looking for some input... > > Thanks, > > Charles Have fun, however you solve the problem! Rocket- .ike From anthony.elizondo Wed Jan 25 22:28:41 2006 From: anthony.elizondo (Anthony Elizondo) Date: Wed, 25 Jan 2006 22:28:41 -0500 Subject: [nycbug-talk] Fibre Channel, RAID, free hardware, oh my! In-Reply-To: <20060125203149.V571@sporker.bway.net> References: <20060125203149.V571@sporker.bway.net> Message-ID: GEOM does indeed rock. I set it up practically by accident once when I was playing with some new hardware. (The beautiful machine was eventually saddled with RHEL 4.) The instructions at http://www.onlamp.com/pub/a/bsd/2005/11/10/FreeBSD_Basics.html are a good introduction to GEOM. Did you get that hardware for free, or are you offering it for free? My ears prick up at the very mention of free hardware. :) From nomadlogic Wed Jan 25 23:04:22 2006 From: nomadlogic (pete wright) Date: Wed, 25 Jan 2006 20:04:22 -0800 Subject: [nycbug-talk] Fibre Channel, RAID, free hardware, oh my! In-Reply-To: <20060125203149.V571@sporker.bway.net> References: <20060125203149.V571@sporker.bway.net> Message-ID: <57d710000601252004v678232ffp820dc1e782af8fe6@mail.gmail.com> On 1/25/06, Charles Sprickman wrote: > Hello all, > > I've acquired some stuff that got me excited, and then got me depressed... > > -dual 2.4 Xeon box, Intel mainboard > -Mylex ExtremeRAID 3000 dual-channel fibre channel RAID controller > -3 NetApp filer shelves w/1.5TB what model shelves are these? can you console into them? > So there are really no new FC RAID cards that are supported by FreeBSD, > but I've still got a nice server and 1.5TB of disks. > > I'm considering getting a Qlogic or LSI FC card (with no RAID), but I'm > really lost on what the state of software RAID in FreeBSD 6 is these days. > I don't want RAID5, just 1+0 (striped + mirrored). I've used ccd in the > past for a news server (just striping), and briefly toyed with Vinum (and > ran screaming from it). I'd go for the LSI. if you can console into the netapp chances are that there is some sort of management interface that will allow you to configure how the disks are grouped together. > > The handbook only mentions those two options, but I've heard that > RAIDFrame was being ported and that there was something in GEOM. Is there > anything out there that's production quality? Would you trust a few > thousand mailboxes to it? Am I being unfair to Vinum? Big fan of GEOM on Free for sure. With this many disks i'd investigate graid3 (3). sounds pretty fun, I wish i was falling into some netapp shelves :^) -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From aron Thu Jan 26 14:07:59 2006 From: aron (Aron Roberts) Date: Thu, 26 Jan 2006 14:07:59 -0500 Subject: [nycbug-talk] Off Topic: any good IAX2 providers with DID ? Message-ID: This isn't really related to BSD however I have a feeling someone here might be able to give me a recommendation for an IAX2 provider that *doesn't suck*. I am looking for PSTN termination with available NYC DID numbers. International DID would be gravy. I noticed a few folks talking about voip on the list back in August and I was wondering if anyone managed to find a decent provider. thanks! From riegersteve Thu Jan 26 17:02:10 2006 From: riegersteve (Steve Rieger) Date: Thu, 26 Jan 2006 14:02:10 -0800 Subject: [nycbug-talk] Resume Quality Message-ID: <7EA9A8C2-43A7-4E8E-AD43-BFEBC183208E@gmail.com> reposted from another group. ......to turn it around and list appropriate resume formats in a world where recruiters actually understood the jobs they were recruiting for: Web programmer: Good: clean, hand-written HTML Better: clean validatable XHTML with CSS Worse: unreadable HTML written by FrontPage Worst: With frames, blinking text, animated, interactive javascript applets, and lots of shockwave. Sysadmin: Good: plain text Bad: DOS batch file Better: CSV file and a perl script to parse it Trying too hard: mysql dump Programmer: Good: plain text Bad: plain text with cr-lf line endings. Better: a nicely formatted man page Trying too hard: URL to the anonymous CVS server so the recruiter can just download the latest HEAD version of the resume. Debian Developer Good: Licence your resume under the GPL. Bad: Licence your resume under the GFDL. Better: Send a sources.list line to your personal .deb repository so the recruiter can install your resume with apt-get. Worse: Licence your resume under the GPL, but copy parts from someone else so it's undistributable. Worst: link to your personal package repository--in RPM. Kernel Hacker Good: clean C Bad: clean Pascal Better: clean C that will build in the kernel environment. Trying too hard: source for a kernel module that writes the resume to kern.log. Worse: C++ with heavy use of templates and exceptions. Worst: loadable module that writes the resume to kern.log--as a binary blob with no source. BSD Hacker: Good: clean C Bad: clean C--that uses glibc extensions. Better: architecture-independent, portable C. Worse: MSVC++ project file. Worst: MSVC++ project file -- licenced under the GPL. -- Steve Rieger riegersteve at gmail.com 310-339-4355 yahoo = riegersteve icq = 53956607 Ride Free, Ride On, Ride Safe I had the blues because I had no shoes until upon the street, I met a man who had no feet. Biker Blue From george Thu Jan 26 17:18:14 2006 From: george (George R.) Date: Thu, 26 Jan 2006 17:18:14 -0500 Subject: [nycbug-talk] BSD Blog Site. . . Message-ID: <43D94AA6.60105@sddi.net> Haven't gone through the content yet, but. . . http://bsdtalk.blogspot.com/ g From mikel.king Thu Jan 26 20:20:22 2006 From: mikel.king (Mikel King) Date: Thu, 26 Jan 2006 20:20:22 -0500 Subject: [nycbug-talk] Solicitation for articles Message-ID: Greetings all, I am working with Chris Coleman of Daemon News on bringing the site backup to date. If you have an article that you have written please email it to me (plain text preferred) so that I can submit it into the system. Once we have a several articles in the system we will canvas for proofreader editors to prepare the articles for publishing on the site. Also after a lengthy conversation between Chris and myself it was determined that there are several areas in which we could streamline things a bit. If there are any php developers out that who would like to donate some time assisting me in building an online article submission system. Then contact me off list. Likewise if there are any css webdesign gurus who would like to strut their stuff let me know. We are looking for ideas and even a new layout for the dn site. One of us will post more on the site about the elements that need to be worked into any proposal. Cheers, Mikel From dlavigne6 Fri Jan 27 12:26:57 2006 From: dlavigne6 (Dru) Date: Fri, 27 Jan 2006 12:26:57 -0500 (EST) Subject: [nycbug-talk] Older FreeBSD RAID Utility (fwd) Message-ID: <20060127122547.Y544@dru.domain.org> Someone asked me this question and I don't have any experience with these cards. Anyone on this list have any suggestions? Dru ---------- Forwarded message ---------- How do you recommend monitoring the status of and LSI Logic hardware RAID in FreeBSD 4.5? I have a legacy server with both internal and external raid arrays, and I'd like to know when the old disks decide to fail. Any insight would be much appreciated. From dan Fri Jan 27 12:31:10 2006 From: dan (Dan Langille) Date: Fri, 27 Jan 2006 12:31:10 -0500 Subject: [nycbug-talk] Older FreeBSD RAID Utility (fwd) In-Reply-To: <20060127122547.Y544@dru.domain.org> Message-ID: <43DA128E.255.31D8A4AB@dan.langille.org> On 27 Jan 2006 at 12:26, Dru wrote: > Someone asked me this question and I don't have any experience with these > cards. Anyone on this list have any suggestions? I can't imagine it's any more difficult than what I did with an Adaptec 2400A: http://www.onlamp.com/pub/a/bsd/2005/03/17/netsaint_raid.html -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From riegersteve Fri Jan 27 12:59:56 2006 From: riegersteve (Steve Rieger) Date: Fri, 27 Jan 2006 09:59:56 -0800 Subject: [nycbug-talk] carp vrrp et all. Message-ID: Hi all, been using carp on the bsd servers and am a happy camper. now i have to do the vip thingy on RedHat OS which does not have carp, is vrrp my only option here, or does somebody know of something else. thanx in advance. -- Steve Rieger riegersteve at gmail.com 310-339-4355 yahoo = riegersteve icq = 53956607 Ride Free, Ride On, Ride Safe I had the blues because I had no shoes until upon the street, I met a man who had no feet. Biker Blue From dlavigne6 Fri Jan 27 13:19:58 2006 From: dlavigne6 (Dru) Date: Fri, 27 Jan 2006 13:19:58 -0500 (EST) Subject: [nycbug-talk] carp vrrp et all. In-Reply-To: References: Message-ID: <20060127131924.N544@dru.domain.org> On Fri, 27 Jan 2006, Steve Rieger wrote: > Hi all, > > been using carp on the bsd servers and am a happy camper. now i have > to do the vip thingy on RedHat OS which does not have carp, is vrrp > my only option here, or does somebody know of something else. http://www.ucarp.org Haven't tried it so can't vouch for how good it is. Dru From riegersteve Fri Jan 27 13:18:06 2006 From: riegersteve (Steve Rieger) Date: Fri, 27 Jan 2006 10:18:06 -0800 Subject: [nycbug-talk] carp vrrp et all. In-Reply-To: <20060127131924.N544@dru.domain.org> References: <20060127131924.N544@dru.domain.org> Message-ID: <31B12B13-D0CA-48F2-98E7-2DC99B71A229@gmail.com> On Jan 27, 2006, at 10:19 AM, Dru wrote: > > > On Fri, 27 Jan 2006, Steve Rieger wrote: > >> Hi all, >> >> been using carp on the bsd servers and am a happy camper. now i have >> to do the vip thingy on RedHat OS which does not have carp, is vrrp >> my only option here, or does somebody know of something else. > > > http://www.ucarp.org > > Haven't tried it so can't vouch for how good it is. > > Dru i done tried it, not too bad but a kernel module would be oh so much sweeter. From mikel.king Fri Jan 27 13:34:42 2006 From: mikel.king (Mikel King) Date: Fri, 27 Jan 2006 13:34:42 -0500 Subject: [nycbug-talk] NEW Apple bServe Message-ID: <89731F63-646E-4B43-94DF-0A4D29617FA3@ocsny.com> http://extremus.net/asp2b/pictureup.php?id=0901093 Cheers, Mikel King CIO, Director of Network Operations Optimized Computer Solutions, INC Tech Alliance, INC 39 West Fourteenth Street Second Floor New York, NY 10011 http://www.ocsny.com http://www.techally.com t: 212.727.2100x132 +------------------------------------------+ How do you spell cooperation? Pessimists use each other, but optimists help each other. Collaboration feeds your spirit, while competition only stokes your ego. You'll find the best way to get along. +------------------------------------------+ From o_sleep Fri Jan 27 15:33:56 2006 From: o_sleep (Bjorn Nelson) Date: Fri, 27 Jan 2006 15:33:56 -0500 Subject: [nycbug-talk] Older FreeBSD RAID Utility (fwd) In-Reply-To: <20060127122547.Y544@dru.domain.org> References: <20060127122547.Y544@dru.domain.org> Message-ID: <8778F0CB-E2AE-4970-82BB-D4DA45693D4D@belovedarctos.com> Dru, On Jan 27, 2006, at 12:26 PM, Dru wrote: > > Someone asked me this question and I don't have any experience with > these > cards. Anyone on this list have any suggestions? If they are using LSI Megaraid cards, the sysutils/megarc utility might be helpful. -Bjorn From george Fri Jan 27 21:45:55 2006 From: george (George R.) Date: Fri, 27 Jan 2006 21:45:55 -0500 Subject: [nycbug-talk] Richard Beijtlich on replacing his Soekris. . . Message-ID: <43DADAE3.7070305@sddi.net> The interesting (and standard) questions are asked . . . http://taosecurity.blogspot.com/2006/01/soekris-dies-what-replacement.html MW: send us a link again on your dual CF card unit. . . g From lists Sat Jan 28 00:14:05 2006 From: lists (michael) Date: Sat, 28 Jan 2006 00:14:05 -0500 Subject: [nycbug-talk] Richard Beijtlich on replacing his Soekris. . . In-Reply-To: <43DADAE3.7070305@sddi.net> References: <43DADAE3.7070305@sddi.net> Message-ID: <20060128001405.14a8e8d5@wit.genoverly.home> On Fri, 27 Jan 2006 21:45:55 -0500 "George R." wrote: > The interesting (and standard) questions are asked . . . > > http://taosecurity.blogspot.com/2006/01/soekris-dies-what-replacement.html > > MW: send us a link again on your dual CF card unit. . . > > g I like via boards. I used 2 pd10000 boards side-by-side in a 1u case for a failover firewall. I used CF but it can take a HD. It looks like via has a new board (vt-310dp) out now with 3 nics (one is gig) that I'm sure would fit into a small, soekris style case. I actually bought the above rackmount from caseoutlet.com. It looks like they stock a lot of different cases. http://caseoutlet.com/via-mb.html I know Marc and Yarema have been talking about the new boards, too. -- Michael From joshmccormack Sat Jan 28 01:20:21 2006 From: joshmccormack (Josh McCormack) Date: Sat, 28 Jan 2006 01:20:21 -0500 Subject: [nycbug-talk] Richard Beijtlich on replacing his Soekris. . . In-Reply-To: <20060128001405.14a8e8d5@wit.genoverly.home> References: <43DADAE3.7070305@sddi.net> <20060128001405.14a8e8d5@wit.genoverly.home> Message-ID: On 1/28/06, michael wrote: > > > I like via boards. I used 2 pd10000 boards side-by-side in a 1u case > for a failover firewall. I used CF but it can take a HD. It looks like > via has a new board (vt-310dp) out now with 3 nics (one is gig) that > I'm sure would fit into a small, soekris style case. I actually bought > the above rackmount from caseoutlet.com. It looks like they stock a lot > of different cases. > > http://caseoutlet.com/via-mb.html > > I know Marc and Yarema have been talking about the new boards, too. > > -- > > Michael The vt-310dp is $455 w/out RAM, case or storage. Got to really need those capabilities. The PC Engines WRAP.1E-2 (3 LAN / 1 miniPCI / 128 MB DRAM) is $136. The Soekris net4801-50 Board and Case is $240. Josh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nycbug.org/pipermail/talk/attachments/20060128/a73400b0/attachment.html From jhlists Sat Jan 28 09:47:33 2006 From: jhlists (jh) Date: Sat, 28 Jan 2006 09:47:33 -0500 Subject: [nycbug-talk] Richard Beijtlich on replacing his Soekris. . . In-Reply-To: <20060128001405.14a8e8d5@wit.genoverly.home> References: <43DADAE3.7070305@sddi.net> <20060128001405.14a8e8d5@wit.genoverly.home> Message-ID: <43DB8404.6080007@hirschman.net> michael wrote: > > I like via boards. I like them, too. The Padlock crypto stuff and the faster CPU speeds keep VPNs humming. jh From ike Sat Jan 28 12:33:29 2006 From: ike (Isaac Levy) Date: Sat, 28 Jan 2006 12:33:29 -0500 Subject: [nycbug-talk] Richard Beijtlich on replacing his Soekris. . . In-Reply-To: <20060128001405.14a8e8d5@wit.genoverly.home> References: <43DADAE3.7070305@sddi.net> <20060128001405.14a8e8d5@wit.genoverly.home> Message-ID: <7E4E143B-F4C2-4A9E-8D17-A7518A0BA0F6@lesmuug.org> Hey All, On Jan 28, 2006, at 12:14 AM, michael wrote: > On Fri, 27 Jan 2006 21:45:55 -0500 > "George R." wrote: > >> The interesting (and standard) questions are asked . . . >> >> http://taosecurity.blogspot.com/2006/01/soekris-dies-what- >> replacement.html >> >> MW: send us a link again on your dual CF card unit. . . >> >> g As an aside, all the PFSync guys had highly praised the WRAP boards, http://www.pcengines.ch/ Cheaper than Soekris by a signifigant chunk, which adds up if your buying them in bulk... Also, the cases and misc. for them are a bit more geared for VAR/ Integrators, blank and ready to slap a logo sticker on them. For prices etc..., check the vendors section of the url above. I haven't touched them (yet), so I can't speak first hand- and I have had really solid experiences with Soekris... So... I'm torn between price, and something I *know* works well. > > I like via boards. I used 2 pd10000 boards side-by-side in a 1u case > for a failover firewall. OK- MW- big question here: What do you do when one of the boards fails? I mean, I know the other board is taking the load, but how do you go about replacing the failed board- and keep everything online? -- Here's what I'm doing, to similar effect: I got one of these, http://www.racksolutions.com/sliding-shelves-rack-mount.shtml And I've simply put the soekris machines on the shelf. This way, I can get in and remove/replace/service the soekris boards, without affecting network connectivity. -- Here's what I *really* want, in a more ideal world: Some kind of 1u backplane/drawer-like setup, something which lets me pull out boards in little drawers that are physically isolated, mounted in 1u. Basically, I'm looking for a 1u box with 2 drawers on the front, and clean ways to get wires and mount things on the front and back. (When I say mount things I mean things like serial port extensions, power supply jacks, perhaps a small 1u fan in each drawer, etc...) It'd be great if it fit a mini-itx board, so then one could put whatever size/breed of board in the thing. (If anyone knows any decent sheetmetal fabricators, please contact me!) -- Other possible solution: Does anyone know any urls to surplus telco equpment? They have tons of things like this, all modular plug-in units for telco operations, and with a quick gutting of the interior, the cases may be really useful in this kind of application... > I used CF but it can take a HD. It looks like > via has a new board (vt-310dp) out now with 3 nics (one is gig) that > I'm sure would fit into a small, soekris style case. I actually bought > the above rackmount from caseoutlet.com. It looks like they stock a > lot > of different cases. > > http://caseoutlet.com/via-mb.html > > I know Marc and Yarema have been talking about the new boards, too. Niiiice. Thanks for the links MW! Rocket- .ike From lists Sat Jan 28 13:39:13 2006 From: lists (michael) Date: Sat, 28 Jan 2006 13:39:13 -0500 Subject: [nycbug-talk] Richard Beijtlich on replacing his Soekris. . . In-Reply-To: <7E4E143B-F4C2-4A9E-8D17-A7518A0BA0F6@lesmuug.org> References: <43DADAE3.7070305@sddi.net> <20060128001405.14a8e8d5@wit.genoverly.home> <7E4E143B-F4C2-4A9E-8D17-A7518A0BA0F6@lesmuug.org> Message-ID: <20060128133913.1d8755bb@wit.genoverly.home> On Sat, 28 Jan 2006 12:33:29 -0500 Isaac Levy wrote: > OK- MW- big question here: > > What do you do when one of the boards fails? First, I guess, I would weep a little. I hate wasting money. Then I would consult the chapter on possible board failure in redundent firewalls in the genoverly contingency handbook. No wait, there isn't one. [grin] > I mean, I know the > other board is taking the load, but how do you go about replacing > the failed board- and keep everything online? Well, you spotted one of the major advantages of redundency already. I don't have to drop what I'm doing and run screaming down to the data center. I can get to it when I get to it. If I still like the idea of using them, I guess I would get a new board and swap it out. There are two complete 'computers' inside the case. They have separate power supplies, etc. The case is shallow enough to slide it out and remove the cover. I could swap the boards standing in the isle, while the other one is running. While this may seem onerous, I weighed it against other factors. Yes, odds are the board can/will fail some day. But, replacing them was only a small part of the decision of purchase. Also involved where: coolness factor of having a side-by-side 1u, clean and sleek and neat appearance, cheapness of using only 1u in expensive data center, ease of aquisition and purchase, the 'relatively' low odds that failure will happen, hardware price, hardware feature set, my needs, etc. I guess one could split hairs, but it works for me. > -- > Here's what I'm doing, to similar effect: > > I got one of these, > http://www.racksolutions.com/sliding-shelves-rack-mount.shtml > > And I've simply put the soekris machines on the shelf. > This way, I can get in and remove/replace/service the soekris > boards, without affecting network connectivity. I seriously considered this, but for many reasons (some listed) I chose another solution. > -- > Here's what I *really* want, in a more ideal world: > > Some kind of 1u backplane/drawer-like setup, something which lets me > pull out boards in little drawers that are physically isolated, > mounted in 1u. > Basically, I'm looking for a 1u box with 2 drawers on the front, and > clean ways to get wires and mount things on the front and back. > (When I say mount things I mean things like serial port extensions, > power supply jacks, perhaps a small 1u fan in each drawer, etc...) > > It'd be great if it fit a mini-itx board, so then one could put > whatever size/breed of board in the thing. yes.. dreaming up really cool hardware solutions is fun. I guess I was busy installing the OS, racking my slightly-less-than-dreamy solution, and getting my network up while you were making engineering drawings on graph paper. [grin] My point being.. I didn't think *too* long and hard. I weighed my needs against what was available and .. I just got it done. -- Michael From lists Sat Jan 28 14:55:31 2006 From: lists (michael) Date: Sat, 28 Jan 2006 14:55:31 -0500 Subject: [nycbug-talk] NYCBUG web Message-ID: <20060128145531.31b89b2e@wit.genoverly.home> NYCBUG has been brewing a new version of their website for some time. We believe the new site is much more interactive and valuable for our users. We have upgraded some old apps and included new apps. More on that in the forthcoming announcements. In the meantime, we are looking for a few volunteers to help us review and test the new site. We would give you a logon with the expectation of rigerous QA. Along with any problem reports (we hope very few), you are welcome to submit a subjective review of the site as a whole. We are really hoping for more than a cursory look and 'yea, looks fine'. So, if you have a little time.. and want a sneak preview of the new site!.. reply to me offline. -- Michael From nycbug-list Sat Jan 28 19:50:32 2006 From: nycbug-list (Jonathan Vanasco) Date: Sat, 28 Jan 2006 19:50:32 -0500 Subject: [nycbug-talk] Richard Beijtlich on replacing his Soekris. . . In-Reply-To: <20060128001405.14a8e8d5@wit.genoverly.home> References: <43DADAE3.7070305@sddi.net> <20060128001405.14a8e8d5@wit.genoverly.home> Message-ID: On Jan 28, 2006, at 12:14 AM, michael wrote: > I like via boards. I used 2 pd10000 boards side-by-side in a 1u case FWIW- The M series boards are AMAZING . i don't know about how well the BSD support is, but there is widespread linux support on them. handles video playback amazingly well. i've used them to build kiosks a few times. From dlavigne6 Mon Jan 30 12:23:49 2006 From: dlavigne6 (Dru) Date: Mon, 30 Jan 2006 12:23:49 -0500 (EST) Subject: [nycbug-talk] call for volunteers Message-ID: <20060130122306.A544@dru.domain.org> A new BSD-related website is looking to gather a volunteer team to provide input on the design and content of the site as well as suggestions for site coding, the database engine and security. If you're interested and have some volunteer time to spare, contact me off list for full details and the email contact. Dru From nycbug Tue Jan 31 00:06:09 2006 From: nycbug (Ray Lai) Date: Tue, 31 Jan 2006 00:06:09 -0500 Subject: [nycbug-talk] NEW Apple bServe In-Reply-To: <89731F63-646E-4B43-94DF-0A4D29617FA3@ocsny.com> References: <89731F63-646E-4B43-94DF-0A4D29617FA3@ocsny.com> Message-ID: <20060131050632.GB21818@syntax.cyth.net> On Fri, Jan 27, 2006 at 01:34:42PM -0500, Mikel King wrote: > WTF? -Ray- From zperkov Tue Jan 31 12:20:24 2006 From: zperkov (zp) Date: Tue, 31 Jan 2006 12:20:24 -0500 Subject: [nycbug-talk] Jabber on Bsd. Message-ID: <8a8511800601310920g6ee8e540m700e76ba239eaeeb@mail.gmail.com> Anyone have any advice/experiences with jabber on bsd? I am looking to test it out on a 300+ user network. Purely in house. -z From george Tue Jan 31 14:43:37 2006 From: george (George Georgalis) Date: Tue, 31 Jan 2006 14:43:37 -0500 Subject: [nycbug-talk] umask in Makefile Message-ID: <20060131194337.GA1523@sta.duo> Is there any way to set the umask within a makefile for all the files it creates? with a default umask of 002 in my shell, I'd like to have make use 022 without starting each line that creates a file with "umask 022 ;" I don't particulary want to write a wrapper to call make, but that seems the only way. Ideas? // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From nycbug Tue Jan 31 15:11:37 2006 From: nycbug (Ray Lai) Date: Tue, 31 Jan 2006 15:10:37 -0501 Subject: [nycbug-talk] umask in Makefile In-Reply-To: <20060131194337.GA1523@sta.duo> References: <20060131194337.GA1523@sta.duo> Message-ID: <20060131201100.GC28462@syntax.cyth.net> On Tue, Jan 31, 2006 at 02:43:37PM -0500, George Georgalis wrote: > Is there any way to set the umask within a makefile for all the > files it creates? with a default umask of 002 in my shell, I'd > like to have make use 022 without starting each line that creates > a file with "umask 022 ;" > > I don't particulary want to write a wrapper to call make, but that > seems the only way. Ideas? http://groups.google.com/group/gnu.utils.bug/browse_thread/thread/277afe41cc5c0d67/22cc0a52143931ea?lnk=st&q=makefile+umask&rnum=1&hl=en Not much better, but it's an alternative. -Ray- From jlam Tue Jan 31 15:21:06 2006 From: jlam (Johnny Lam) Date: Tue, 31 Jan 2006 15:21:06 -0500 Subject: [nycbug-talk] umask in Makefile In-Reply-To: <20060131194337.GA1523@sta.duo> References: <20060131194337.GA1523@sta.duo> Message-ID: <43DFC6B2.4050008@pkgsrc.org> George Georgalis wrote: > Is there any way to set the umask within a makefile for all the > files it creates? with a default umask of 002 in my shell, I'd > like to have make use 022 without starting each line that creates > a file with "umask 022 ;" > > I don't particulary want to write a wrapper to call make, but that > seems the only way. Ideas? I think that's the only sane way to do it with BSD make. The other ways, e.g. hacking the file named by $ENV, etc., are all too gimmicky. Alternatively, you could just fix permissions after the targets are created -- that's what I do for some simple websites that I manage using makefiles. Cheers, -- Johnny Lam From njt Tue Jan 31 15:22:54 2006 From: njt (N.J. Thomas) Date: Tue, 31 Jan 2006 15:22:54 -0500 Subject: [nycbug-talk] umask in Makefile In-Reply-To: <20060131194337.GA1523@sta.duo> References: <20060131194337.GA1523@sta.duo> Message-ID: <20060131202254.GF7063@ayvali.org> * George Georgalis [2006-01-31 14:43:37 -0500]: > Is there any way to set the umask within a makefile for all the files > it creates? What I've seen everyone do and what I've started doing myself is to just create the file in some work sandbox, and then copy it over to the final location with install(1) or ginstall(1) and use -m to set the mode. IIRC, autoconf creates an install script automatically and uses that if there is not one installed in the system. Thomas -- N.J. Thomas njt at ayvali.org Etiamsi occiderit me, in ipso sperabo From spork Tue Jan 31 17:21:53 2006 From: spork (Charles Sprickman) Date: Tue, 31 Jan 2006 17:21:53 -0500 (EST) Subject: [nycbug-talk] Fibre Channel, RAID, free hardware, oh my! In-Reply-To: <671AE06A-5E6F-4731-9AAB-771EBC614139@lesmuug.org> References: <20060125203149.V571@sporker.bway.net> <671AE06A-5E6F-4731-9AAB-771EBC614139@lesmuug.org> Message-ID: On Wed, 25 Jan 2006, Isaac Levy wrote: > Hi Charles, > > GEOM, > GEOM, > GEOM. So Ike, you're saying GEOM is pretty good? :) > GEOM based utilities are simply more modern, faster, tighter, cleaner; and > it's got a very bright future. On top of that, the userland tools are very > elegant- (in comparison to vinum, which is um, not.) Are you aware of any examples of rather large configs (either in size or sheer number of drives)? I'd like to mirror each drive in one chassis to a drive in the second chassis and then stripe all those mirrors together. Looking at the Geom pages, that was not totally clear. I think I'll just have to scrounge some drives up and see what happens. And how does one monitor for drive failures? Do you have to log-scrape, or is there a command to show the state of an array? "gmirror status"? "gmirror list"? I guess I'm most curious how that works when you stripe mirror sets together... Thanks! Charles > Have fun, however you solve the problem! > > Rocket- > .ike > > > From spork Tue Jan 31 17:23:56 2006 From: spork (Charles Sprickman) Date: Tue, 31 Jan 2006 17:23:56 -0500 (EST) Subject: [nycbug-talk] Fibre Channel, RAID, free hardware, oh my! In-Reply-To: References: <20060125203149.V571@sporker.bway.net> Message-ID: On Wed, 25 Jan 2006, Anthony Elizondo wrote: > The instructions at > http://www.onlamp.com/pub/a/bsd/2005/11/10/FreeBSD_Basics.html are a > good introduction to GEOM. Excellent, thank you. I kind of posted and ran, but I'm slowly catching up... > Did you get that hardware for free, or are you offering it for free? > My ears prick up at the very mention of free hardware. :) Got it for free, and it's a very long story that involves someone not paying bills for a very extended period of time. Sadly, it does appear the RAID controller is truly dead. So now I have to figure out which FC controller is most happy running under FreeBSD. Charles From spork Tue Jan 31 17:30:53 2006 From: spork (Charles Sprickman) Date: Tue, 31 Jan 2006 17:30:53 -0500 (EST) Subject: [nycbug-talk] Fibre Channel, RAID, free hardware, oh my! In-Reply-To: <57d710000601252004v678232ffp820dc1e782af8fe6@mail.gmail.com> References: <20060125203149.V571@sporker.bway.net> <57d710000601252004v678232ffp820dc1e782af8fe6@mail.gmail.com> Message-ID: On Wed, 25 Jan 2006, pete wright wrote: > On 1/25/06, Charles Sprickman wrote: >> -3 NetApp filer shelves w/1.5TB > > what model shelves are these? can you console into them? I'm not totally sure. It took me a little time to figure out just what I had. They all are made by "Eurologics" which was bought by Adaptec. However the RAID controller (when it still worked) identified them as NetApp boxes. My scrawlings indicate the following: RAID/FC boxes -2 big blocks on back - xlacm-ae rev.a -shelf id select - id select, port a/b expansion -xledm-ac comm1, comm2 fanfail, temp, mute/IC -XLPBC-AB input/output/terminator -main box: XL401R-FJF-02D made in ireland, rev. a eurologics systems, ltd. - bought by Adaptec 3/2003 I've been all over NetApp's site, but it seems like you can't get much info without a paid support contract. Do you know anything about getting into these things via the serial port? > > I'd go for the LSI. if you can console into the netapp chances are > that there is some sort of management interface that will allow you to > configure how the disks are grouped together. I'm fairly sure there's no RAID on the enclosures themselves... Or maybe you're talking FC stuff, and I really have no clue about it. :) > Big fan of GEOM on Free for sure. With this many disks i'd > investigate graid3 (3). Hmmmm. > sounds pretty fun, I wish i was falling into some netapp shelves :^) Maybe it happens once in everyone sysadmin's life eventually? :) Charles > -pete > > -- > ~~o0OO0o~~ > Pete Wright > www.nycbug.org > NYC's *BSD User Group > From spork Tue Jan 31 17:35:54 2006 From: spork (Charles Sprickman) Date: Tue, 31 Jan 2006 17:35:54 -0500 (EST) Subject: [nycbug-talk] OpenBSD + PF "whitepapers" Message-ID: Hi all, The guy that runs BroadbandReports.com was fishing around for something to help protect him from DDoS attacks. He's aware that once his pipe is full (100Mb/s) the game is over, but he's been having trouble getting the Linux stuff he's using to not choke up on a 50-60 Mb/s attack at 100Kp/s. He seems slightly intrigued by OpenBSD, but doubts that it would perform any better than Linux 2.6.x w/ipchains and some "fast block" module. Anyone have pointers to the following: -corporate style whitepaper touting OpenBSD/PF for DoS protection -articles about OpenBSD protecting web farms from DoS based on real-life experiences -list of folks (preferably with close ties to OBSD) that do consulting work in this vein -??? Thanks, Charles From riegersteve Tue Jan 31 17:42:47 2006 From: riegersteve (Steve Rieger) Date: Tue, 31 Jan 2006 14:42:47 -0800 Subject: [nycbug-talk] Firewall Message-ID: <38215F96-E864-4F22-B9A7-E2E485AE686A@gmail.com> Y'all (been on the west side for a bit too long) am looking for opinions and some help here, Netscreen 10 Monowall Astaro Securepoint Cisco PIX (cheapest one) appliance appliance appliance appliance Appliance (note appliance is also if the fw is running on unix as a fw only ie soekris) yes yes unknown yes Yes VPN Server yes yes Yes Unknown Yes DHCP SERVER Yes Unknown Yes Yes Yes Intrusion detection No Unknown Yes Yes No ? Spam (anti) Yes ? Unknown Yes Unkwnown No ? Content Filtering No Unknown Unknown Yes No ? Virus Protection (email) yes unknown unknown yes Unknown DHCP Cllient (WAN PORT) $100 GPL(SW) FFPU (SW) FFPU (SW) $2000 aproxamite cost. FFPU = free for private use, SW = software only. From this list i am devising that the following are mandatory firewall shouuld be an appliance that runs not much else should be a dhcp server on the trusted side. can you guys halp me out here, i would like to have a decent matrix, once it finalized i will put it up on the faq page. also if there is sonething out there that i missed let me know -- Steve Rieger riegersteve at gmail.com 310-339-4355 yahoo = riegersteve icq = 53956607 Ride Free, Ride On, Ride Safe I had the blues because I had no shoes until upon the street, I met a man who had no feet. Biker Blue From spork Tue Jan 31 18:01:05 2006 From: spork (Charles Sprickman) Date: Tue, 31 Jan 2006 18:01:05 -0500 (EST) Subject: [nycbug-talk] Firewall In-Reply-To: <38215F96-E864-4F22-B9A7-E2E485AE686A@gmail.com> References: <38215F96-E864-4F22-B9A7-E2E485AE686A@gmail.com> Message-ID: You might want to add pfSense to the list: http://www.pfsense.org/ They are a fork of m0n0wall that uses FreeBSD 6-stable and pf. They are very close to the 1.0 release and it's looking very good. OpenBSD stopped working on my hardware so I've been running this for a few weeks at home and have been very happy with it. Charles On Tue, 31 Jan 2006, Steve Rieger wrote: > Y'all > > (been on the west side for a bit too long) > > > am looking for opinions and some help here, > > Netscreen 10 Monowall Astaro Securepoint Cisco PIX (cheapest one) > appliance appliance appliance appliance Appliance (note > appliance is also if the fw is running on unix as a fw only ie soekris) > yes yes unknown yes Yes VPN Server > yes yes Yes Unknown Yes DHCP SERVER > Yes Unknown Yes Yes Yes Intrusion detection > No Unknown Yes Yes No ? Spam (anti) > Yes ? Unknown Yes Unkwnown No ? Content Filtering > No Unknown Unknown Yes No ? Virus Protection (email) > yes unknown unknown yes Unknown DHCP Cllient (WAN PORT) > $100 GPL(SW) FFPU (SW) FFPU (SW) $2000 aproxamite cost. > FFPU = free for private use, SW = software only. > > > From this list i am devising that the following are mandatory > > > firewall shouuld be an appliance that runs not much else > should be a dhcp server on the trusted side. > > > can you guys halp me out here, i would like to have a decent matrix, > once it finalized i will put it up on the faq page. also if there is > sonething out there that i missed let me know > -- > Steve Rieger > riegersteve at gmail.com > 310-339-4355 > yahoo = riegersteve > icq = 53956607 > Ride Free, Ride On, Ride Safe > > > I had the blues because I had no shoes until upon the street, I met a > man who had no feet. > > Biker Blue > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From riegersteve Tue Jan 31 19:08:36 2006 From: riegersteve (Steve Rieger) Date: Tue, 31 Jan 2006 16:08:36 -0800 Subject: [nycbug-talk] ucarp Message-ID: <9EA31C9A-F6D9-4B1D-B3DE-F58072460536@gmail.com> few days ago i asked about carp and vrrp. today i went to download ucarp but the site got hosed and all the data is lost (HD failure) so does anybody on this list have a recent version of ucarp. -- Steve Rieger riegersteve at gmail.com 310-339-4355 yahoo = riegersteve icq = 53956607 Ride Free, Ride On, Ride Safe I had the blues because I had no shoes until upon the street, I met a man who had no feet. Biker Blue From george Tue Jan 31 19:14:26 2006 From: george (George Georgalis) Date: Tue, 31 Jan 2006 19:14:26 -0500 Subject: [nycbug-talk] umask in Makefile In-Reply-To: <43DFC6B2.4050008@pkgsrc.org> References: <20060131194337.GA1523@sta.duo> <43DFC6B2.4050008@pkgsrc.org> Message-ID: <20060201001426.GA7907@sta.duo> On Tue, Jan 31, 2006 at 03:21:06PM -0500, Johnny Lam wrote: >George Georgalis wrote: >>Is there any way to set the umask within a makefile for all the >>files it creates? with a default umask of 002 in my shell, I'd >>like to have make use 022 without starting each line that creates >>a file with "umask 022 ;" >> >>I don't particulary want to write a wrapper to call make, but that >>seems the only way. Ideas? > >I think that's the only sane way to do it with BSD make. The other >ways, e.g. hacking the file named by $ENV, etc., are all too gimmicky. >Alternatively, you could just fix permissions after the targets are >created -- that's what I do for some simple websites that I manage using >makefiles. "fix permissions after" is probably the better way, eg extract to $PWD/target/ then "install" target to /$PREFIX however in this case writing to /$PREFIX is perfectly fine and the next one off in 1/2 time makes it a better option sometimes... I'm gona try defining SHELL and see what happens ;) // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From george Tue Jan 31 19:27:37 2006 From: george (George Georgalis) Date: Tue, 31 Jan 2006 19:27:37 -0500 Subject: [nycbug-talk] umask in Makefile In-Reply-To: <20060131201100.GC28462@syntax.cyth.net> References: <20060131194337.GA1523@sta.duo> <20060131201100.GC28462@syntax.cyth.net> Message-ID: <20060201002737.GB7907@sta.duo> On Tue, Jan 31, 2006 at 03:10:37PM -0501, Ray Lai wrote: >On Tue, Jan 31, 2006 at 02:43:37PM -0500, George Georgalis wrote: >> Is there any way to set the umask within a makefile for all the >> files it creates? with a default umask of 002 in my shell, I'd >> like to have make use 022 without starting each line that creates >> a file with "umask 022 ;" >> >> I don't particulary want to write a wrapper to call make, but that >> seems the only way. Ideas? > >http://groups.google.com/group/gnu.utils.bug/browse_thread/thread/277afe41cc5c0d67/22cc0a52143931ea?lnk=st&q=makefile+umask&rnum=1&hl=en > >Not much better, but it's an alternative. like the OP on that thread... if it works it's infinitely better! I was imagining using $SHELL but I only spent :15 looking for doc on it and didn't experiment ;) I really wasn't sure what to use either, didn;t think of ";" or "exec" SHELL = umask $(UMASK); exec /bin/sh I'm gona try that or maybe SHELL = umask $(UMASK) && exec /bin/sh That is a really great thread, did you just find it (how) or had you saved it? // George -- George Georgalis, systems architect, administrator < http://galis.org/ cell:646-331-2027 mailto:george at galis.org From nycbug Tue Jan 31 21:00:49 2006 From: nycbug (Ray Lai) Date: Tue, 31 Jan 2006 20:59:49 -0501 Subject: [nycbug-talk] umask in Makefile In-Reply-To: <20060201002737.GB7907@sta.duo> References: <20060131194337.GA1523@sta.duo> <20060131201100.GC28462@syntax.cyth.net> <20060201002737.GB7907@sta.duo> Message-ID: <20060201020012.GA2268@syntax.cyth.net> On Tue, Jan 31, 2006 at 07:27:37PM -0500, George Georgalis wrote: > On Tue, Jan 31, 2006 at 03:10:37PM -0501, Ray Lai wrote: > >On Tue, Jan 31, 2006 at 02:43:37PM -0500, George Georgalis wrote: > >> Is there any way to set the umask within a makefile for all the > >> files it creates? with a default umask of 002 in my shell, I'd > >> like to have make use 022 without starting each line that creates > >> a file with "umask 022 ;" > >> > >> I don't particulary want to write a wrapper to call make, but that > >> seems the only way. Ideas? > > > >http://groups.google.com/group/gnu.utils.bug/browse_thread/thread/277afe41cc5c0d67/22cc0a52143931ea?lnk=st&q=makefile+umask&rnum=1&hl=en > > > >Not much better, but it's an alternative. > > > like the OP on that thread... if it works it's infinitely better! > I was imagining using $SHELL but I only spent :15 looking for doc > on it and didn't experiment ;) > > I really wasn't sure what to use either, didn;t think of ";" or "exec" > > SHELL = umask $(UMASK); exec /bin/sh > > I'm gona try that or maybe > > SHELL = umask $(UMASK) && exec /bin/sh > > That is a really great thread, did you just find it (how) or had > you saved it? As the highlighted terms reveal, I did a Google Groups search for makefile and umask. =) -Ray- From dlavigne6 Tue Jan 31 21:14:51 2006 From: dlavigne6 (Dru) Date: Tue, 31 Jan 2006 21:14:51 -0500 (EST) Subject: [nycbug-talk] podcast interview Message-ID: <20060131211244.O544@dru.domain.org> Of yours truly at http://bsdtalk.blogspot.com. I must say that skype is a pretty cool way to do an interview... Dru From tux Tue Jan 31 21:22:32 2006 From: tux (Kevin Reiter) Date: Tue, 31 Jan 2006 21:22:32 -0500 Subject: [nycbug-talk] OpenBSD + PF "whitepapers" In-Reply-To: References: Message-ID: <43E01B68.6080406@penguinnetwerx.net> Charles Sprickman wrote: > Hi all, > > The guy that runs BroadbandReports.com was fishing around for something to > help protect him from DDoS attacks. He's aware that once his pipe is full > (100Mb/s) the game is over, but he's been having trouble getting the Linux > stuff he's using to not choke up on a 50-60 Mb/s attack at 100Kp/s. > > He seems slightly intrigued by OpenBSD, but doubts that it would perform > any better than Linux 2.6.x w/ipchains and some "fast block" module. > > Anyone have pointers to the following: > > -corporate style whitepaper touting OpenBSD/PF for DoS protection > -articles about OpenBSD protecting web farms from DoS based on real-life > experiences > -list of folks (preferably with close ties to OBSD) that do consulting > work in this vein > -??? > > Thanks, > > Charles A guy I used to know in Cali used to run theshell.com and now heads up a company that basically runs interference for DDoS attacks. If I remember correctly, I just read something on another list that spoke about that. He was (is?) heavy into OBSD and I think he's using that with his new service. If I can dig up his e-mail address, I'll ping him and see if he'd be interested in sharing any info that might help. I'd provide a URL, but I have to go back and do a lot of reading to find it. Kev From nycbug Tue Jan 31 21:45:28 2006 From: nycbug (Ray Lai) Date: Tue, 31 Jan 2006 21:45:28 -0500 Subject: [nycbug-talk] OpenBSD + PF "whitepapers" In-Reply-To: References: Message-ID: <20060201024551.GB2268@syntax.cyth.net> On Tue, Jan 31, 2006 at 05:35:54PM -0500, Charles Sprickman wrote: > Hi all, > > The guy that runs BroadbandReports.com was fishing around for something to > help protect him from DDoS attacks. He's aware that once his pipe is full > (100Mb/s) the game is over, but he's been having trouble getting the Linux > stuff he's using to not choke up on a 50-60 Mb/s attack at 100Kp/s. > > He seems slightly intrigued by OpenBSD, but doubts that it would perform > any better than Linux 2.6.x w/ipchains and some "fast block" module. > > Anyone have pointers to the following: > > -corporate style whitepaper touting OpenBSD/PF for DoS protection > -articles about OpenBSD protecting web farms from DoS based on real-life > experiences > -list of folks (preferably with close ties to OBSD) that do consulting > work in this vein > -??? henning@ does a lot of pf work, try contacting him. Here are some pf papers: http://openbsd.rt.fm/papers/ven05-henning/ http://openbsd.rt.fm/papers/bsdcan04-pf/ More papers can be found at: http://openbsd.rt.fm/papers/ Also try the pf mailing list . -Ray- From njt Tue Jan 31 23:11:34 2006 From: njt (N.J. Thomas) Date: Tue, 31 Jan 2006 23:11:34 -0500 Subject: [nycbug-talk] BSD equivalent of Windows move maker Message-ID: <20060201041134.GH7063@ayvali.org> What is BSD equivalent of Windows movie maker? I know only of Kino, which I am building at the moment, but if anyone else has any recs, I'd love to hear them. thanks, Thomas -- N.J. Thomas njt at ayvali.org Etiamsi occiderit me, in ipso sperabo From lists Tue Jan 31 23:33:53 2006 From: lists (Francisco Reyes) Date: Tue, 31 Jan 2006 23:33:53 -0500 Subject: [nycbug-talk] ucarp References: <9EA31C9A-F6D9-4B1D-B3DE-F58072460536@gmail.com> Message-ID: Steve Rieger writes: > today i went to download ucarp but the site got hosed and all the > data is lost (HD failure) so does anybody on this list have a recent > version of ucarp. If you are using FreeBSD.. there is a port for it. /usr/ports/net/ucarp From nomadlogic Tue Jan 31 23:44:04 2006 From: nomadlogic (pete wright) Date: Tue, 31 Jan 2006 20:44:04 -0800 Subject: [nycbug-talk] BSD equivalent of Windows move maker In-Reply-To: <20060201041134.GH7063@ayvali.org> References: <20060201041134.GH7063@ayvali.org> Message-ID: <57d710000601312044w4a772839h64e895ec64d9daef@mail.gmail.com> On 1/31/06, N.J. Thomas wrote: > What is BSD equivalent of Windows movie maker? > > I know only of Kino, which I am building at the moment, but if anyone > else has any recs, I'd love to hear them. > make search uncovers these candidates: Port: pitivi-0.1.10_1 Path: /usr/ports/multimedia/pitivi Info: Gstreamer based non-linear audio/video editor Port: avidemux2-2.1.0_1 Path: /usr/ports/multimedia/avidemux2 Info: Simple GUI based video editor Maint: amistry at am-productions.biz avidmux looks interesting...woundering what it's relation to avid may be... -p > thanks, > Thomas > > -- > N.J. Thomas > njt at ayvali.org > Etiamsi occiderit me, in ipso sperabo > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group From george Tue Jan 31 23:46:32 2006 From: george (George R.) Date: Tue, 31 Jan 2006 23:46:32 -0500 Subject: [nycbug-talk] site relaunch Message-ID: <43E03D28.4000107@sddi.net> As those on announce-nycbug know, we've relaunched the web site. If you didn't get the announce, then go to the archives at lists.nycbug.org. It's a huge improvement with a number of new facets, including a new app, and a big leap in interactive use. The avenue for being active in NYCBUG is wide open. Tomorrow, before Johnny speaks, we'll go over the new site and provide an overview. Huge thanks to our www master/demi-god MW, who has done a tremendous job. g