From lists at stringsutils.com  Mon Dec  1 13:32:05 2008
From: lists at stringsutils.com (Francisco Reyes)
Date: Mon, 01 Dec 2008 13:32:05 -0500
Subject: [nycbug-talk] Desktop
References: <alpine.BSF.2.00.0811211242010.11381@pluto.atopia.net>
	<3cc535c80811211250p1e89e8e9w84bd0890f47f6719@mail.gmail.com>
	<alpine.BSF.2.00.0811211737240.31007@pluto.atopia.net>
Message-ID: <cone.1228156325.330272.95855.1000@zoraida.natserv.net>

Matt Juszczak writes:

> But I do like how with Ubuntu, you can just plug in a flash drive, etc., 
> and it just works.

I use OpenSuse as desktop, primarily because VMware does not work with 
FreeBSD. I have not tried qemu though, which is supposed to work in FreeBSD.

Virtualization is likely one reason why some people may end up using 
something other than FreeBSD for desktop.

Even though virtualization  seems like a very requested feature in FreeBSD, 
doesn't seem like there are resources to work on it. Someone from virtualbox 
was even looking for someone to do paid work to get virtualbox to work in 
FreeBSD and he was no able to find someone.


From scottro at nyc.rr.com  Mon Dec  1 13:46:59 2008
From: scottro at nyc.rr.com (Scott Robbins)
Date: Mon, 1 Dec 2008 13:46:59 -0500
Subject: [nycbug-talk] Desktop
In-Reply-To: <cone.1228156325.330272.95855.1000@zoraida.natserv.net>
References: <alpine.BSF.2.00.0811211242010.11381@pluto.atopia.net>
	<3cc535c80811211250p1e89e8e9w84bd0890f47f6719@mail.gmail.com>
	<alpine.BSF.2.00.0811211737240.31007@pluto.atopia.net>
	<cone.1228156325.330272.95855.1000@zoraida.natserv.net>
Message-ID: <20081201184659.GA47626@mail.scottro.net>

On Mon, Dec 01, 2008 at 01:32:05PM -0500, Francisco Reyes wrote:
> 
> 
> Virtualization is likely one reason why some people may end up using 
> something other than FreeBSD for desktop.
> 
> Even though virtualization  seems like a very requested feature in FreeBSD, 
> doesn't seem like there are resources to work on it. Someone from virtualbox 
> was even looking for someone to do paid work to get virtualbox to work in 
> FreeBSD and he was no able to find someone.

Orlando, the fellow who did the port for VMware-workstation 3 has taken
the bounty offered by rsync for VMWare-workstation.  I haven't heard
further.  


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Xander: I don't get your crazy system! 
Giles: It's called the alphabet. 
Xander: Would ya look at that. 



From akosela at andykosela.com  Tue Dec  2 03:38:45 2008
From: akosela at andykosela.com (Andy Kosela)
Date: Tue, 2 Dec 2008 09:38:45 +0100
Subject: [nycbug-talk] Desktop
In-Reply-To: <cone.1228156325.330272.95855.1000@zoraida.natserv.net>
References: <alpine.BSF.2.00.0811211242010.11381@pluto.atopia.net>
	<3cc535c80811211250p1e89e8e9w84bd0890f47f6719@mail.gmail.com>
	<alpine.BSF.2.00.0811211737240.31007@pluto.atopia.net>
	<cone.1228156325.330272.95855.1000@zoraida.natserv.net>
Message-ID: <3cc535c80812020038qf769f55v73c867da73451c4f@mail.gmail.com>

On Mon, Dec 1, 2008 at 7:32 PM, Francisco Reyes <lists at stringsutils.com> wrote:
>  I have not tried qemu though, which is supposed to work in FreeBSD.

qemu works with no problems, but for some reason I prefer virtualbox.
I wonder when this gonna be available for FreeBSD.

-- 
Andy Kosela
ora et labora


From trish at bsdunix.net  Tue Dec  2 12:08:11 2008
From: trish at bsdunix.net (Siobhan P. Lynch)
Date: Tue, 2 Dec 2008 12:08:11 -0500
Subject: [nycbug-talk] Desktop
In-Reply-To: <cone.1228156325.330272.95855.1000@zoraida.natserv.net>
References: <alpine.BSF.2.00.0811211242010.11381@pluto.atopia.net>
	<3cc535c80811211250p1e89e8e9w84bd0890f47f6719@mail.gmail.com>
	<alpine.BSF.2.00.0811211737240.31007@pluto.atopia.net>
	<cone.1228156325.330272.95855.1000@zoraida.natserv.net>
Message-ID: <B1BD8D7F-DF4C-443D-BE4C-7244D2097493@bsdunix.net>


I use Mac OS X, primarily, of course i use FreeBSD primarily for  
server work, but OS X gives me the best of 3 different worlds:

1) a user friendly, crisp, and intuitive graphical environment
2) a wide range of useful software - including virtualization - to run  
my BootCamp partition off VMWare Fusion or Parallels Desktop when I  
need to (Parallels is better for windows  gaming, VMWare Fusion seems  
to be faster in general though)
3) a whole UNIX-like (mostly FreeBSD userland) system underneath, so  
that I can do all the stuff I would do on a UNIX-like  desktop machine.

I understand not everyone can afford a Mac, but there is also OSX86 (http://wiki.osx86project.org/wiki/index.php/Main_Page 
), which I have running on several PeeCees built specifically for it.  
I built the PeeCees for under 500 each, and if you run a machine that  
has a processor with VT extentions, then you really have no  
difference, given the BIOS translation mechanism :)

ciao.

-Trish



On Dec 1, 2008, at 1:32 PM, Francisco Reyes wrote:

> Matt Juszczak writes:
>
>> But I do like how with Ubuntu, you can just plug in a flash drive,  
>> etc.,
>> and it just works.
>
> I use OpenSuse as desktop, primarily because VMware does not work with
> FreeBSD. I have not tried qemu though, which is supposed to work in  
> FreeBSD.
>
> Virtualization is likely one reason why some people may end up using
> something other than FreeBSD for desktop.
>
> Even though virtualization  seems like a very requested feature in  
> FreeBSD,
> doesn't seem like there are resources to work on it. Someone from  
> virtualbox
> was even looking for someone to do paid work to get virtualbox to  
> work in
> FreeBSD and he was no able to find someone.
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From spork at bway.net  Tue Dec  2 15:32:00 2008
From: spork at bway.net (Charles Sprickman)
Date: Tue, 2 Dec 2008 15:32:00 -0500 (EST)
Subject: [nycbug-talk] Desktop
In-Reply-To: <B1BD8D7F-DF4C-443D-BE4C-7244D2097493@bsdunix.net>
References: <alpine.BSF.2.00.0811211242010.11381@pluto.atopia.net>
	<3cc535c80811211250p1e89e8e9w84bd0890f47f6719@mail.gmail.com>
	<alpine.BSF.2.00.0811211737240.31007@pluto.atopia.net>
	<cone.1228156325.330272.95855.1000@zoraida.natserv.net>
	<B1BD8D7F-DF4C-443D-BE4C-7244D2097493@bsdunix.net>
Message-ID: <Pine.OSX.4.64.0812021530270.12605@charles-sprickmans-imac.local>

On Tue, 2 Dec 2008, Siobhan P. Lynch wrote:

> I understand not everyone can afford a Mac, but there is also OSX86 (http://wiki.osx86project.org/wiki/index.php/Main_Page
> ), which I have running on several PeeCees built specifically for it.
> I built the PeeCees for under 500 each, and if you run a machine that
> has a processor with VT extentions, then you really have no
> difference, given the BIOS translation mechanism :)

I've been meaning to try this - I've got a few "real" Macs.  What I'd 
really like to see is a list of small/cheap notebooks that are very 
compatible with osx86...  Something like the old 12" PB.

Charles

> ciao.
>
> -Trish
>
>
>
> On Dec 1, 2008, at 1:32 PM, Francisco Reyes wrote:
>
>> Matt Juszczak writes:
>>
>>> But I do like how with Ubuntu, you can just plug in a flash drive,
>>> etc.,
>>> and it just works.
>>
>> I use OpenSuse as desktop, primarily because VMware does not work with
>> FreeBSD. I have not tried qemu though, which is supposed to work in
>> FreeBSD.
>>
>> Virtualization is likely one reason why some people may end up using
>> something other than FreeBSD for desktop.
>>
>> Even though virtualization  seems like a very requested feature in
>> FreeBSD,
>> doesn't seem like there are resources to work on it. Someone from
>> virtualbox
>> was even looking for someone to do paid work to get virtualbox to
>> work in
>> FreeBSD and he was no able to find someone.
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>


From bcully at gmail.com  Tue Dec  2 15:38:28 2008
From: bcully at gmail.com (Brian Cully)
Date: Tue, 2 Dec 2008 15:38:28 -0500
Subject: [nycbug-talk] Desktop
In-Reply-To: <Pine.OSX.4.64.0812021530270.12605@charles-sprickmans-imac.local>
References: <alpine.BSF.2.00.0811211242010.11381@pluto.atopia.net>
	<3cc535c80811211250p1e89e8e9w84bd0890f47f6719@mail.gmail.com>
	<alpine.BSF.2.00.0811211737240.31007@pluto.atopia.net>
	<cone.1228156325.330272.95855.1000@zoraida.natserv.net>
	<B1BD8D7F-DF4C-443D-BE4C-7244D2097493@bsdunix.net>
	<Pine.OSX.4.64.0812021530270.12605@charles-sprickmans-imac.local>
Message-ID: <014A3EEE-CD3F-4496-AF50-02CD42F498A4@gmail.com>

On 2-Dec-2008, at 15:32, Charles Sprickman wrote:
> I've been meaning to try this - I've got a few "real" Macs.  What I'd
> really like to see is a list of small/cheap notebooks that are very
> compatible with osx86...  Something like the old 12" PB.

	A friend of mine just set it up on an MSI Wind Notebook:

		http://nerdifer.blogspot.com/2008/12/how-i-setup-dual-boot-hackintosh-osx86.html

-bjc


From carton at Ivy.NET  Wed Dec  3 00:04:36 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Wed, 03 Dec 2008 00:04:36 -0500
Subject: [nycbug-talk] [Miles Nordin] IPv6 problems with your DNS servers
Message-ID: <oqr64p3l3v.fsf@castrovalva.Ivy.NET>

:(

-------------- next part --------------
An embedded message was scrubbed...
From: Miles Nordin <carton at castrovalva.Ivy.NET>
Subject: IPv6 problems with your DNS servers
Date: Wed, 03 Dec 2008 00:03:32 -0500
Size: 4900
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081203/5953a887/attachment.eml>

From sjt.kar at gmail.com  Wed Dec  3 00:32:07 2008
From: sjt.kar at gmail.com (Sujit Karataparambil)
Date: Wed, 3 Dec 2008 11:02:07 +0530
Subject: [nycbug-talk] [Miles Nordin] IPv6 problems with your DNS servers
In-Reply-To: <oqr64p3l3v.fsf@castrovalva.Ivy.NET>
References: <oqr64p3l3v.fsf@castrovalva.Ivy.NET>
Message-ID: <921ca19c0812022132j32c8c7f2h13f022711b047628@mail.gmail.com>

Looks like you will have to dig into bind manual.

This is an extract of how the IPV6 Routing is being Carried Out.
http://www.isi.edu/~bmanning/v6DNS.html

Looks like it is an problem with the IPV6 and IPV4 being simulatneously
Being used.

This will require an quad-A DNS Lookup.Supported only on few softwares.

Thanks,
Sujit


On 12/3/08, Miles Nordin <carton at ivy.net> wrote:
> :(
>
>
>
> ---------- Forwarded message ----------
> From: Miles Nordin <carton at castrovalva.Ivy.NET>
> To: domain at facebook.com
> Date: Wed, 03 Dec 2008 00:03:32 -0500
> Subject: IPv6 problems with your DNS servers
> Your nameservers are broken w.r.t. IPv6 queries, which are sent by
> default on modern operating systems like Mac OS X, if you have an
> IPv6-speaking nameserver, which I do.  Have a look at the typescript
> below.  Your server is timing out on the initial AAAA query.  Since
> you haven't implemented IPv6, you should answer the AAAA query
> immediately with 0 answers so that my resolver can immediately retry
> an A query---see the normal example for laconi.ca, or just open a Mac
> OS X terminal and try 'dig <site.org> aaaa' for any domain except your
> own.
>
> The consequence: sites that have turned up IPv6 find that Facebook
> works extremely slowly.  It's available, at best, 30 seconds out of
> every 45.  In general it's much worse because after you've been idle
> for more than 30 seconds, the site freezes for 15 seconds.
>
> This is not merely an issue of improving things for the small fraction
> of your users that have IPv6.  It's about being a good neighbor on the
> Internet, because v6-broken sites are a significant impediment to IPv6
> adoption.  They make IPv6 harder to roll out because of the painful
> brokenness and slowness, and also encourage a lot of broken
> workarounds inside operating systems and browsers that fix your broken
> site while breaking other sites that have implemented IPv6 properly.
> We've already had problems with one such workaround being slipped into
> Firefox, but AFAICT it was backed out.
>
> TIA for your attention, and best wishes.
>
> -----8<-----
> castrovalva:~$ time dig www.facebook.com aaaa @69.63.176.101
>
> ; <<>> DiG 9.3.1 <<>> www.facebook.com aaaa @69.63.176.101
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
>
> real    0m15.053s
> user    0m0.028s
> sys     0m0.016s
> castrovalva:~$ time dig www.facebook.com a @69.63.176.101
>
> ; <<>> DiG 9.3.1 <<>> www.facebook.com a @69.63.176.101
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36146
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.facebook.com.              IN      A
>
> ;; ANSWER SECTION:
> www.facebook.com.       30      IN      A       69.63.176.143
>
> ;; Query time: 140 msec
> ;; SERVER: 69.63.176.101#53(69.63.176.101)
> ;; WHEN: Tue Dec  2 23:44:28 2008
> ;; MSG SIZE  rcvd: 50
>
>
> real    0m0.184s
> user    0m0.031s
> sys     0m0.014s
> castrovalva:~$
> -----8<-----
>
> -----8<-----
> castrovalva:~$ dig laconi.ca AAAA @209.172.55.139
>
> ; <<>> DiG 9.3.1 <<>> laconi.ca AAAA @209.172.55.139
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18146
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;laconi.ca.                     IN      AAAA
>
> ;; AUTHORITY SECTION:
> laconi.ca.              1800    IN      SOA     ns1.laconi.ca. hostmaster.laconi.ca. 2008100601 28800 7200 2419200 1800
>
> ;; Query time: 53 msec
> ;; SERVER: 209.172.55.139#53(209.172.55.139)
> ;; WHEN: Tue Dec  2 23:57:51 2008
> ;; MSG SIZE  rcvd: 78
>
> castrovalva:~$ dig laconi.ca A @209.172.55.139
>
> ; <<>> DiG 9.3.1 <<>> laconi.ca A @209.172.55.139
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23607
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;laconi.ca.                     IN      A
>
> ;; ANSWER SECTION:
> laconi.ca.              1800    IN      A       75.101.228.101
>
> ;; AUTHORITY SECTION:
> laconi.ca.              1800    IN      NS      ns1.twisted4life.com.
> laconi.ca.              1800    IN      NS      ns1.laconi.ca.
>
> ;; ADDITIONAL SECTION:
> ns1.laconi.ca.          1800    IN      A       209.172.55.139
>
> ;; Query time: 68 msec
> ;; SERVER: 209.172.55.139#53(209.172.55.139)
> ;; WHEN: Tue Dec  2 23:58:03 2008
> ;; MSG SIZE  rcvd: 111
>
> -----8<-----
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
>
>


From carton at Ivy.NET  Wed Dec  3 10:09:45 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Wed, 03 Dec 2008 10:09:45 -0500
Subject: [nycbug-talk] [Miles Nordin] IPv6 problems with your DNS servers
In-Reply-To: <921ca19c0812022132j32c8c7f2h13f022711b047628@mail.gmail.com>
	(Sujit Karataparambil's message of "Wed,
	3 Dec 2008 11:02:07 +0530")
References: <oqr64p3l3v.fsf@castrovalva.Ivy.NET>
	<921ca19c0812022132j32c8c7f2h13f022711b047628@mail.gmail.com>
Message-ID: <oq3ah52t3a.fsf@castrovalva.Ivy.NET>

>>>>> "sk" == Sujit Karataparambil <sjt.kar at gmail.com> writes:

    sk> This is an extract of how the IPV6 Routing is being Carried
    sk> Out.  http://www.isi.edu/~bmanning/v6DNS.html

1. DNS != routing

2. Those instructions are out-of-date and wrong.  For one thing,
   ip6.int is not used any more.  It's ip6.arpa.  There may be other
   problems.

   Instead, use the regular BIND documentation, which is the BIND
   Administrator's Reference Manual which is a bunch of .html files
   installed along with BIND.  On my system it's in
   /usr/share/doc/html/bind/Bv9ARM.html.

3. try 'dig web.ivy.net aaaa'.  I have IPv6 DNS working just fine to
   serve my zones, including asking and answering queries over v6.  

08:37:03.450455 IP6 2610:1f8:dc:c0::1.65139 > 2001:4200:1010::1.53:  60817 [1au] A? ru.ac.za. (37)
08:37:03.567448 IP6 2610:1f8:dc:c0::1.65139 > 2001:7b8:3:1f:0:2:53:2.53:  48637 [1au][|domain]
08:37:03.678671 IP6 2001:7b8:3:1f:0:2:53:2.53 > 2610:1f8:dc:c0::1.65139:  48637 NXDomain*-[|domain]
08:37:03.778992 IP6 2001:4200:1010::1.53 > 2610:1f8:dc:c0::1.65139:  60817*- 1/5/11 (389)

   This is done already, works, and is not the problem.

    sk> Looks like it is an problem with the IPV6 and IPV4 being
    sk> simulatneously Being used.

Why is this a problem?  How else would IPv6 be used?

    sk> This will require an quad-A DNS Lookup.Supported only on few
    sk> softwares.

yeah, a few softwares like BIND, BSD, Linux, Mac OS X, and Windows,
all for ~1 decade, and except Windows all by default.

Anyway the problem is described in my email:

$ dig www.facebook.com aaaa          <-- hangs for 15 seconds

$ dig anythingelse.com aaaa          <-- returns quickly, even for sites 
                                         running crappy djbware without 
                                         IPv6 support

If I use tcpdump I can see that facebook's crappy load balancers are
simply dropping the AAAA queries with no response, which is why lookup
hangs.  And the idiots have set a 30sec ttl, so it hangs every 30
seconds.

08:14:05.109594 IP 10.100.100.129.65140 > 69.63.176.101.53:  60836 AAAA? www.facebook.com. (34)
08:14:07.111153 IP 10.100.100.129.65140 > 69.63.191.219.53:  15140 AAAA? www.facebook.com. (34)
08:14:11.118032 IP 10.100.100.129.65140 > 69.63.176.101.53:  40338 [1au] AAAA? www.facebook.com. (45)
08:14:13.119844 IP 10.100.100.129.65140 > 69.63.191.219.53:  20169 [1au] AAAA? www.facebook.com. (45)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081203/4f9325a2/attachment.bin>

From trish at bsdunix.net  Wed Dec  3 10:30:20 2008
From: trish at bsdunix.net (Siobhan P. Lynch)
Date: Wed, 3 Dec 2008 10:30:20 -0500
Subject: [nycbug-talk] Desktop
In-Reply-To: <Pine.OSX.4.64.0812021530270.12605@charles-sprickmans-imac.local>
References: <alpine.BSF.2.00.0811211242010.11381@pluto.atopia.net>
	<3cc535c80811211250p1e89e8e9w84bd0890f47f6719@mail.gmail.com>
	<alpine.BSF.2.00.0811211737240.31007@pluto.atopia.net>
	<cone.1228156325.330272.95855.1000@zoraida.natserv.net>
	<B1BD8D7F-DF4C-443D-BE4C-7244D2097493@bsdunix.net>
	<Pine.OSX.4.64.0812021530270.12605@charles-sprickmans-imac.local>
Message-ID: <9091328C-4716-4EAF-839C-F739AA34B057@bsdunix.net>


On Dec 2, 2008, at 3:32 PM, Charles Sprickman wrote:
>>
>
> I've been meaning to try this - I've got a few "real" Macs.  What  
> I'd really like to see is a list of small/cheap notebooks that are  
> very compatible with osx86...  Something like the old 12" PB.
>
> Charles


I have it running on an old Hpaq nx7000 type notebook, and everything  
works for the most part, except it doesn't run any of the  
virtualization software other than qemu out there, because the Proc  
does not support VT.

Other than that, its what I used as a main laptop until I got my  
MacBook Pro at work.

-Trish


From lists at stringsutils.com  Wed Dec  3 11:05:30 2008
From: lists at stringsutils.com (Francisco Reyes)
Date: Wed, 03 Dec 2008 11:05:30 -0500
Subject: [nycbug-talk] Desktop
References: <alpine.BSF.2.00.0811211242010.11381@pluto.atopia.net>
	<3cc535c80811211250p1e89e8e9w84bd0890f47f6719@mail.gmail.com>
	<alpine.BSF.2.00.0811211737240.31007@pluto.atopia.net>
	<cone.1228156325.330272.95855.1000@zoraida.natserv.net>
	<3cc535c80812020038qf769f55v73c867da73451c4f@mail.gmail.com>
Message-ID: <cone.1228320330.597882.41453.1000@zoraida.natserv.net>

Andy Kosela writes:

> ... I prefer virtualbox.
> I wonder when this gonna be available for FreeBSD.

Probably not any time soon.
The Virtualbox team were looking for developers to pay them to get 
virtualbox to work under FreeBSD and they were unable to find anyone.


From robin.polak at gmail.com  Wed Dec  3 11:22:03 2008
From: robin.polak at gmail.com (Robin Polak)
Date: Wed, 3 Dec 2008 11:22:03 -0500
Subject: [nycbug-talk] Desktop
In-Reply-To: <cone.1228320330.597882.41453.1000@zoraida.natserv.net>
References: <alpine.BSF.2.00.0811211242010.11381@pluto.atopia.net>
	<3cc535c80811211250p1e89e8e9w84bd0890f47f6719@mail.gmail.com>
	<alpine.BSF.2.00.0811211737240.31007@pluto.atopia.net>
	<cone.1228156325.330272.95855.1000@zoraida.natserv.net>
	<3cc535c80812020038qf769f55v73c867da73451c4f@mail.gmail.com>
	<cone.1228320330.597882.41453.1000@zoraida.natserv.net>
Message-ID: <551868240812030822y46083e33ibb4fc5cb128abf6a@mail.gmail.com>

On Wed, Dec 3, 2008 at 11:05, Francisco Reyes <lists at stringsutils.com>wrote:

> Andy Kosela writes:
>
> > ... I prefer virtualbox.
> > I wonder when this gonna be available for FreeBSD.
>
> Probably not any time soon.
> The Virtualbox team were looking for developers to pay them to get
> virtualbox to work under FreeBSD and they were unable to find anyone.
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

That's really too bad.  I really like the flexibility and performance I get
out of VirtualBox.

-- 
Robin Polak
E-Mail: robin.polak at gmail.com
V. 917-494-2080
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081203/6982a0a3/attachment.htm>

From carton at Ivy.NET  Wed Dec  3 13:04:46 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Wed, 03 Dec 2008 13:04:46 -0500
Subject: [nycbug-talk] Desktop
In-Reply-To: <9091328C-4716-4EAF-839C-F739AA34B057@bsdunix.net> (Siobhan P.
	Lynch's message of "Wed, 3 Dec 2008 10:30:20 -0500")
References: <alpine.BSF.2.00.0811211242010.11381@pluto.atopia.net>
	<3cc535c80811211250p1e89e8e9w84bd0890f47f6719@mail.gmail.com>
	<alpine.BSF.2.00.0811211737240.31007@pluto.atopia.net>
	<cone.1228156325.330272.95855.1000@zoraida.natserv.net>
	<B1BD8D7F-DF4C-443D-BE4C-7244D2097493@bsdunix.net>
	<Pine.OSX.4.64.0812021530270.12605@charles-sprickmans-imac.local>
	<9091328C-4716-4EAF-839C-F739AA34B057@bsdunix.net>
	<3cc535c80812020038qf769f55v73c867da73451c4f@mail.gmail.com>
	<cone.1228320330.597882.41453.1000@zoraida.natserv.net>
Message-ID: <oqy6yx16f5.fsf@castrovalva.Ivy.NET>

>>>>> "spl" == Siobhan P Lynch <trish at bsdunix.net> writes:
>>>>> "fr" == Francisco Reyes <lists at stringsutils.com> writes:

    fr> looking for developers to pay them to get virtualbox to work
    fr> under FreeBSD and they were unable to find anyone.

   spl> doesn't run any of the virtualization software other than qemu
   spl> out there, because the Proc does not support VT.

VirtualBox works without VT and runs on Mac OS X.

also, ``BSD is dying.''  :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081203/06d2dd35/attachment.bin>

From matt at atopia.net  Wed Dec  3 13:23:42 2008
From: matt at atopia.net (matt at atopia.net)
Date: Wed, 3 Dec 2008 18:23:42 +0000
Subject: [nycbug-talk] Desktop
In-Reply-To: <oqy6yx16f5.fsf@castrovalva.Ivy.NET>
References: <alpine.BSF.2.00.0811211242010.11381@pluto.atopia.net><3cc535c80811211250p1e89e8e9w84bd0890f47f6719@mail.gmail.com><alpine.BSF.2.00.0811211737240.31007@pluto.atopia.net><cone.1228156325.330272.95855.1000@zoraida.natserv.net><B1BD8D7F-DF4C-443D-BE4C-7244D2097493@bsdunix.net><Pine.OSX.4.64.0812021530270.12605@charles-sprickmans-imac.local><9091328C-4716-4EAF-839C-F739AA34B057@bsdunix.net><3cc535c80812020038qf769f55v73c867da73451c4f@mail.gmail.com><cone.1228320330.597882.41453.1000@zoraida.natserv.net><oqy6yx16f5.fsf@castrovalva.Ivy.NET>
Message-ID: <1676861250-1228328620-cardhu_decombobulator_blackberry.rim.net-176227263-@bxe342.bisx.prod.on.blackberry>

BSD is dying?
-----Original Message-----
From: Miles Nordin <carton at ivy.net>

Date: Wed, 03 Dec 2008 13:04:46 
To: <talk at lists.nycbug.org>
Subject: Re: [nycbug-talk] Desktop


_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk




From ike at lesmuug.org  Thu Dec  4 08:11:33 2008
From: ike at lesmuug.org (Isaac Levy)
Date: Thu, 4 Dec 2008 08:11:33 -0500
Subject: [nycbug-talk] BSD license compatable, Python 3.0 Released
Message-ID: <0E75DEC1-7A9D-49B8-89DC-6EFCC57A84FF@lesmuug.org>

Hi All,

For those who dig Python (and any high-level languages), the long- 
awaited 'Python 3000' release is out- the first totally clean break in  
the language in years, totally backwards-incompatible with earlier  
Python- (a lot has been cleaned up).

A notable license based cleanup:

"This Python distribution contains *no* GNU General Public License
(GPL) code, so it may be used in proprietary projects.  There are
interfaces to some GNU code but these are entirely optional."

--
Additionally, the bulk of the changes seriously simplify using the  
high-level language for day-to-day tasks; for example with integers,  
int and long are now just one thing- int.  Also, the core libraries  
have been cleaned up and boiled down!  This is exciting both from a  
simpler-to-use perspective, as well as reducing the securable surface  
area of the language as a whole.

http://www.python.org/download/releases/3.0/
http://docs.python.org/dev/3.0/whatsnew/3.0.html

Happy hacking!

Rocket-
.ike




From skreuzer at exit2shell.com  Thu Dec  4 09:36:02 2008
From: skreuzer at exit2shell.com (Steven Kreuzer)
Date: Thu, 4 Dec 2008 09:36:02 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
Message-ID: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>

It looks like Murray Stokely is putting together a channel on YouTube  
with videos of BSD technical talks.

Right now it only has 4 videos from MeetBSD, but this might be  
something to keep an eye.

http://www.youtube.com/bsdconferences

Enjoy

Steven Kreuzer
http://www.exit2shell.com/~skreuzer



From akosela at andykosela.com  Thu Dec  4 09:53:03 2008
From: akosela at andykosela.com (Andy Kosela)
Date: Thu, 4 Dec 2008 15:53:03 +0100
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
Message-ID: <3cc535c80812040653s1c94d140g96cb3b4244b52692@mail.gmail.com>

On Thu, Dec 4, 2008 at 3:36 PM, Steven Kreuzer <skreuzer at exit2shell.com> wrote:
> It looks like Murray Stokely is putting together a channel on YouTube
> with videos of BSD technical talks.
>
> Right now it only has 4 videos from MeetBSD, but this might be
> something to keep an eye.
>
> http://www.youtube.com/bsdconferences

Yeah, all those who track Planet FreeBSD should also notice it. There
are some really nice videos on YouTube for Unix enthusiasts. I can
also recommend http://youtube.com/watch?v=7FjX7r5icV8 and
http://youtube.com/watch?v=nNkqKdLm1rU

-- 
Andy Kosela
ora et labora


From carton at Ivy.NET  Thu Dec  4 10:45:53 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Thu, 04 Dec 2008 10:45:53 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com> (Steven
	Kreuzer's message of "Thu, 4 Dec 2008 09:36:02 -0500")
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
Message-ID: <oq4p1k0wr2.fsf@castrovalva.Ivy.NET>

>>>>> "sk" == Steven Kreuzer <skreuzer at exit2shell.com> writes:

    sk> It looks like Murray Stokely is putting together a channel on
    sk> YouTube with videos of BSD technical talks.

Wouldn't it make sense to post the videos in a format BSD users can
watch without using COMPAT_LINUX?


From skreuzer at exit2shell.com  Thu Dec  4 11:09:40 2008
From: skreuzer at exit2shell.com (Steven Kreuzer)
Date: Thu, 4 Dec 2008 11:09:40 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
Message-ID: <57735E9E-34DC-494E-9EFF-B4152655F009@exit2shell.com>


On Dec 4, 2008, at 10:45 AM, Miles Nordin wrote:

>>>>>> "sk" == Steven Kreuzer <skreuzer at exit2shell.com> writes:
>
>    sk> It looks like Murray Stokely is putting together a channel on
>    sk> YouTube with videos of BSD technical talks.
>
> Wouldn't it make sense to post the videos in a format BSD users can
> watch without using COMPAT_LINUX

Then run Firefox under wine.

If it makes you feel any better, 2009 is the year of BSD on the desktop,
so you only have to deal with COMPAT_LINUX for another 4 weeks.

Steven Kreuzer
http://www.exit2shell.com/~skreuzer



From nycbug at cyth.net  Thu Dec  4 11:32:32 2008
From: nycbug at cyth.net (Ray Lai)
Date: Thu, 4 Dec 2008 11:32:32 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <57735E9E-34DC-494E-9EFF-B4152655F009@exit2shell.com>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<57735E9E-34DC-494E-9EFF-B4152655F009@exit2shell.com>
Message-ID: <7765c0380812040832x7034c59gb35760b0c9384be2@mail.gmail.com>

On Thu, Dec 4, 2008 at 11:09 AM, Steven Kreuzer <skreuzer at exit2shell.com> wrote:
>
> On Dec 4, 2008, at 10:45 AM, Miles Nordin wrote:
>
>>>>>>> "sk" == Steven Kreuzer <skreuzer at exit2shell.com> writes:
>>
>>    sk> It looks like Murray Stokely is putting together a channel on
>>    sk> YouTube with videos of BSD technical talks.
>>
>> Wouldn't it make sense to post the videos in a format BSD users can
>> watch without using COMPAT_LINUX
>
> Then run Firefox under wine.
>
> If it makes you feel any better, 2009 is the year of BSD on the desktop,
> so you only have to deal with COMPAT_LINUX for another 4 weeks.

My Chinese conglomerates confirm that BSD on the desktop has indeed
replaced the Ox for 2009.

-Ray-


>
> Steven Kreuzer
> http://www.exit2shell.com/~skreuzer
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>


From ike at lesmuug.org  Thu Dec  4 13:09:44 2008
From: ike at lesmuug.org (Isaac Levy)
Date: Thu, 4 Dec 2008 13:09:44 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <57735E9E-34DC-494E-9EFF-B4152655F009@exit2shell.com>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<57735E9E-34DC-494E-9EFF-B4152655F009@exit2shell.com>
Message-ID: <3FAA07AC-008C-4ABD-BEC4-0A2A5BF37E6F@lesmuug.org>

Hey All,

On Dec 4, 2008, at 11:09 AM, Steven Kreuzer wrote:

> On Dec 4, 2008, at 10:45 AM, Miles Nordin wrote:
>
>>>>>>> "sk" == Steven Kreuzer <skreuzer at exit2shell.com> writes:
>>
>>   sk> It looks like Murray Stokely is putting together a channel on
>>   sk> YouTube with videos of BSD technical talks.
>>
>> Wouldn't it make sense to post the videos in a format BSD users can
>> watch without using COMPAT_LINUX
>
> Then run Firefox under wine.

Wow you both have excellent points.

While I agree that the video content should be open and free from any  
particular 3rd party copyright or access control, YouTube is currently  
the cheapest and easiest video distribution system to date...  And  
grandma can use it...

However, in lieu of what we as BSD Advocates should do when posting  
videos, Lawrence Lessig recently posted some guidelines aimed at the  
Obama administration, which I feel could be applied more generally to  
us:
http://open-government.us/
If things like Video posting gets too legalistic, the BSD License will  
get as long and contentious as the GPL- but at the very least, this is  
very good food for thought...

--
And BTW- If anyone wants to download an mp4 format of YouTube stuff,  
give http://keepvid.com/ a whirl...

Rocket-
.ike




From okan at demirmen.com  Thu Dec  4 14:23:50 2008
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 4 Dec 2008 14:23:50 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <3FAA07AC-008C-4ABD-BEC4-0A2A5BF37E6F@lesmuug.org>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<57735E9E-34DC-494E-9EFF-B4152655F009@exit2shell.com>
	<3FAA07AC-008C-4ABD-BEC4-0A2A5BF37E6F@lesmuug.org>
Message-ID: <20081204192350.GA6896@clam.khaoz.org>

On Thu 2008.12.04 at 13:09 -0500, Isaac Levy wrote:
> Hey All,
> 
> On Dec 4, 2008, at 11:09 AM, Steven Kreuzer wrote:
> 
> > On Dec 4, 2008, at 10:45 AM, Miles Nordin wrote:
> >
> >>>>>>> "sk" == Steven Kreuzer <skreuzer at exit2shell.com> writes:
> >>
> >>   sk> It looks like Murray Stokely is putting together a channel on
> >>   sk> YouTube with videos of BSD technical talks.
> >>
> >> Wouldn't it make sense to post the videos in a format BSD users can
> >> watch without using COMPAT_LINUX
> >
> > Then run Firefox under wine.
> 
> Wow you both have excellent points.
> 
> While I agree that the video content should be open and free from any  
> particular 3rd party copyright or access control, YouTube is currently  
> the cheapest and easiest video distribution system to date...  And  
> grandma can use it...
> 
> However, in lieu of what we as BSD Advocates should do when posting  
> videos, Lawrence Lessig recently posted some guidelines aimed at the  
> Obama administration, which I feel could be applied more generally to  
> us:
> http://open-government.us/
> If things like Video posting gets too legalistic, the BSD License will  
> get as long and contentious as the GPL- but at the very least, this is  
> very good food for thought...
> 
> --
> And BTW- If anyone wants to download an mp4 format of YouTube stuff,  
> give http://keepvid.com/ a whirl...

you of all people should know youtube-dl


From akosela at andykosela.com  Thu Dec  4 15:19:31 2008
From: akosela at andykosela.com (Andy Kosela)
Date: Thu, 4 Dec 2008 21:19:31 +0100
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
Message-ID: <3cc535c80812041219t53da30e8m1ad94bbfbb5c6543@mail.gmail.com>

On Thu, Dec 4, 2008 at 4:45 PM, Miles Nordin <carton at ivy.net> wrote:
>>>>>> "sk" == Steven Kreuzer <skreuzer at exit2shell.com> writes:
>
>    sk> It looks like Murray Stokely is putting together a channel on
>    sk> YouTube with videos of BSD technical talks.
>
> Wouldn't it make sense to post the videos in a format BSD users can
> watch without using COMPAT_LINUX?

It would definetly make more sense to have a *NATIVE* Flash plugin,
but it seems it ain't happening anytime soon. At least YouTube is
still compatible with Flash 7.x so I can watch it without wine by
using nspluginwrapper.

-- 
Andy Kosela
ora et labora


From skreuzer at exit2shell.com  Thu Dec  4 15:49:13 2008
From: skreuzer at exit2shell.com (Steven Kreuzer)
Date: Thu, 4 Dec 2008 15:49:13 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <3cc535c80812041219t53da30e8m1ad94bbfbb5c6543@mail.gmail.com>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<3cc535c80812041219t53da30e8m1ad94bbfbb5c6543@mail.gmail.com>
Message-ID: <5D52A995-7CE7-4B92-A6BB-EDA19192B61C@exit2shell.com>


On Dec 4, 2008, at 3:19 PM, Andy Kosela wrote:

> On Thu, Dec 4, 2008 at 4:45 PM, Miles Nordin <carton at ivy.net> wrote:
>>>>>>> "sk" == Steven Kreuzer <skreuzer at exit2shell.com> writes:
>>
>>   sk> It looks like Murray Stokely is putting together a channel on
>>   sk> YouTube with videos of BSD technical talks.
>>
>> Wouldn't it make sense to post the videos in a format BSD users can
>> watch without using COMPAT_LINUX?
>
> It would definetly make more sense to have a *NATIVE* Flash plugin,
> but it seems it ain't happening anytime soon. At least YouTube is
> still compatible with Flash 7.x so I can watch it without wine by
> using nspluginwrapper.

At NYCBSDCon I was speaking with the CEO of iX Systems and he
mentioned that they have been working with Adobe and have a team
dedicated to developing a native port of Flash 9 for FreeBSD and PC BSD

Steven Kreuzer
http://www.exit2shell.com/~skreuzer



From carton at Ivy.NET  Thu Dec  4 16:16:58 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Thu, 04 Dec 2008 16:16:58 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com> (Ray
	Lai's message of "Thu, 4 Dec 2008 10:58:37 -0500")
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>
Message-ID: <oqy6yvzlmd.fsf@castrovalva.Ivy.NET>

>>>>> "rl" == Ray Lai <nycbug at cyth.net> writes:

    rl> Are you providing the bandwidth?

were you not following the discussion?  I'm not providing the videos,
the bandwidth, nor the content.  I thought that was pretty obvious,
but in case you missed it, I'm not.  I'm complaining that I have to
hear about it when I can't easily watch it.

Obviously there are plenty of reasons to use Youtube which makes it
popular.  Aside from ad-supported bandwidth, a lot of people use it
because they already know how and are too lazy to learn more free but
different and possibly more awkward tools, or they have some
proprietary gizmo with a built-in Youtube! uploader so stupid-simple
their kid sister can use it, and they don't want to deal with any of
this techno mumbo jumbo, they want to go shopping for chocolate and
shoes instead.  good reasons.  I never meant to say Youtube! is dumb
and anyone who uses it is dumb.  I said, wouldn't it make sense to
find another way to distribute videos if your intent is to advocate
BSD?

I think a software community is one level of dead when they don't have
enough working tools to support themselves and have to borrow from
some other ``enemy'' camp to survive, like downloading the source for
cl-httpd from an Apache-run site, or developing FreeBSD inside
VirtualBox on Mac OS X because FreeBSD can't host any reasonable
virtualization (not even Xen, though NetBSD can do Xen dom0/domU).
It's a whole 'nother level of dead when they HAVE tools available to
support themselves, but choose not to use them.

    rl> Anyway there are YouTube rippers out there, gnash, and
    rl> probably other stuff I don't know about.

right, Ray.  That's what you do, is it?  use gnash?  which one do you
use, the one in pkgsrc or freebsd ports or openbsd ports, eh?  I'm
surprised the evil GNU license doesn't scare you away by trying to
deprive programmers of a living or some such bullshit.

get real.  You open it on a Mac, or probably on Windows.  and it's
native Mac/Windows, not running inside a VM on a BSD host, isn't it?
That's what almost all of you sorry lot of motherfucking apologists
do.  You tell me what my kind of marginal whiner ought to do if he
cares so damn much, and brush under the rug what you do yourselves.
I'm among the biggest BSD advocates here just because I watch Youtube
under Opera with COMPAT_LINUX, and that's PATHETIC.

Ubuntu people are really good about distributing their videos in open
formats that play with the native software included in their
distribution.  And I guarantee you anyone who asks for a more free
format will get a shamed apology, not a bunch of rants about how
practical and profitable and successful the proprietary system is.

CCC always gives me videos of the congress and the camp in a format I
can play natively on BSD, even though the Krauts use almost
exclusively Linux, rarely BSD.

It's only from other supposed BSD people I'm getting the crappy
proprietary formats.  How can I complain to Linux-centric developers
that they keep breaking the ffmpeg builds on BSD with their Linuxisms,
when there's such shitty advocacy from within the BSD camp?  On BSD
where getting FLASH to work is much harder than Ubuntu, _I'm_ the
troll for asking for an open format, and I'm supposed to accomodate
the platform-insensitive choices of these supposed advocates?  

Yes, I am.  That is, as you've all just collectively defined it, the
BSD culture.

And that's why your OS is so fucking dead!  It's your own damn fault.
What a disappointment.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081204/dcc93ede/attachment.bin>

From nycbug at cyth.net  Thu Dec  4 17:18:15 2008
From: nycbug at cyth.net (Ray Lai)
Date: Thu, 4 Dec 2008 17:18:15 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>
	<oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
Message-ID: <7765c0380812041418v447235d8id0f87f483df6528@mail.gmail.com>

On Thu, Dec 4, 2008 at 4:16 PM, Miles Nordin <carton at ivy.net> wrote:
>>>>>> "rl" == Ray Lai <nycbug at cyth.net> writes:
>
>    rl> Are you providing the bandwidth?
>
> were you not following the discussion?  I'm not providing the videos,
> the bandwidth, nor the content.  I thought that was pretty obvious,
> but in case you missed it, I'm not.  I'm complaining that I have to
> hear about it when I can't easily watch it.

My point was that it is the easiest way to publish videos online. I
personally do not have my own bandwidth to share videos with, so
YouTube would be the best way for me to upload videos.

> Obviously there are plenty of reasons to use Youtube which makes it
> popular.  Aside from ad-supported bandwidth, a lot of people use it
> because they already know how and are too lazy to learn more free but
> different and possibly more awkward tools, or they have some
> proprietary gizmo with a built-in Youtube! uploader so stupid-simple
> their kid sister can use it, and they don't want to deal with any of
> this techno mumbo jumbo, they want to go shopping for chocolate and
> shoes instead.  good reasons.  I never meant to say Youtube! is dumb
> and anyone who uses it is dumb.  I said, wouldn't it make sense to
> find another way to distribute videos if your intent is to advocate
> BSD?

Well, that's the problem. Who would provide the infrastructure?
Youtube is here, available, and free. If I wanted to share a video, I
can't be expected to develop a BSD plugin for Firefox first. And
anyway, I already mentioned such tools that are available.

> I think a software community is one level of dead when they don't have
> enough working tools to support themselves and have to borrow from
> some other ``enemy'' camp to survive, like downloading the source for
> cl-httpd from an Apache-run site, or developing FreeBSD inside
> VirtualBox on Mac OS X because FreeBSD can't host any reasonable
> virtualization (not even Xen, though NetBSD can do Xen dom0/domU).
> It's a whole 'nother level of dead when they HAVE tools available to
> support themselves, but choose not to use them.

Well, I'm not sure which level of dead I'm at... but for the record I
develop OpenBSD on an OpenBSD box. And about the only tools I use are
included in OpenBSD, except for the web browser. Sorry, it's a little
painful to use Lynx.

>    rl> Anyway there are YouTube rippers out there, gnash, and
>    rl> probably other stuff I don't know about.
>
> right, Ray.  That's what you do, is it?  use gnash?  which one do you
> use, the one in pkgsrc or freebsd ports or openbsd ports, eh?  I'm
> surprised the evil GNU license doesn't scare you away by trying to
> deprive programmers of a living or some such bullshit.

I've used gnash in the past, I didn't have much luck with it, from the
OpenBSD ports. I don't consider it evil, but I did use pedro@'s yt
program to extract Youtube videos and watch them on mplayer.

> get real.  You open it on a Mac, or probably on Windows.  and it's
> native Mac/Windows, not running inside a VM on a BSD host, isn't it?

When I am at a friend's Mac or Windows machine, yes, I would naturally
click on the link that opens Youtube, rather than running quickly to
my own laptop.

> That's what almost all of you sorry lot of motherfucking apologists
> do.  You tell me what my kind of marginal whiner ought to do if he
> cares so damn much, and brush under the rug what you do yourselves.
> I'm among the biggest BSD advocates here just because I watch Youtube
> under Opera with COMPAT_LINUX, and that's PATHETIC.

What I can suggest you do if you care so much, is work on a convenient
Flash player that works well in BSD. Right now I care about OpenCVS
and pcc, so I'm taking the code and playing with it, getting stuff in.
In the meantime I'm using GNU cvs and gcc where they fall short.

> Ubuntu people are really good about distributing their videos in open
> formats that play with the native software included in their
> distribution.

What formats do they distribute in? Though it's not video, Will
Backman provides his podcasts in mp3 and ogg format for BSDTalk.
OpenBSD does the same with each release song. They're a lot easier to
distribute due to their size, of course, and a lot better software
support for mp3s any video codecs out.

> And I guarantee you anyone who asks for a more free
> format will get a shamed apology, not a bunch of rants about how
> practical and profitable and successful the proprietary system is.

?

> CCC always gives me videos of the congress and the camp in a format I
> can play natively on BSD, even though the Krauts use almost
> exclusively Linux, rarely BSD.

What format is that in?

> It's only from other supposed BSD people I'm getting the crappy
> proprietary formats.  How can I complain to Linux-centric developers
> that they keep breaking the ffmpeg builds on BSD with their Linuxisms,
> when there's such shitty advocacy from within the BSD camp?  On BSD
> where getting FLASH to work is much harder than Ubuntu, _I'm_ the
> troll for asking for an open format, and I'm supposed to accomodate
> the platform-insensitive choices of these supposed advocates?

I wasn't advocating anything, I was trying to explain the video
author's position and offer solutions I've used in the past. I never
called you a troll.

> Yes, I am.  That is, as you've all just collectively defined it, the
> BSD culture.
>
> And that's why your OS is so fucking dead!  It's your own damn fault.
> What a disappointment.

Don't worry, 2009 is almost here.

-Ray-


From akosela at andykosela.com  Thu Dec  4 17:19:41 2008
From: akosela at andykosela.com (Andy Kosela)
Date: Thu, 4 Dec 2008 23:19:41 +0100
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <5D52A995-7CE7-4B92-A6BB-EDA19192B61C@exit2shell.com>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<3cc535c80812041219t53da30e8m1ad94bbfbb5c6543@mail.gmail.com>
	<5D52A995-7CE7-4B92-A6BB-EDA19192B61C@exit2shell.com>
Message-ID: <3cc535c80812041419x1b10bd7l5066e8eb7b6fda86@mail.gmail.com>

On Thu, Dec 4, 2008 at 9:49 PM, Steven Kreuzer <skreuzer at exit2shell.com> wrote:
> At NYCBSDCon I was speaking with the CEO of iX Systems and he
> mentioned that they have been working with Adobe and have a team
> dedicated to developing a native port of Flash 9 for FreeBSD and PC BSD
>

Excellent news! That should be a priority nowadays for projects like
PC-BSD which target a desktop user. I am definetly not the only one
who would like to see it on FreeBSD. Like it or not flash is really
the technology you need on your desktop, and I really hate to use
COMPAT_LINUX or wine to use it.

-- 
Andy Kosela
ora et labora


From carton at Ivy.NET  Thu Dec  4 19:50:15 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Thu, 04 Dec 2008 19:50:15 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <7765c0380812041418v447235d8id0f87f483df6528@mail.gmail.com> (Ray
	Lai's message of "Thu, 4 Dec 2008 17:18:15 -0500")
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>
	<oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
	<7765c0380812041418v447235d8id0f87f483df6528@mail.gmail.com>
Message-ID: <oqljuvzbqw.fsf@castrovalva.Ivy.NET>

>>>>> "rl" == Ray Lai <nycbug at cyth.net> writes:

    rl> Who would provide the infrastructure?

I just host things on my DSL, which ought to work fine for videos only
announced on this list.  If more than one or two people want to
download at a time, you can buy cheapass shared hosting, ask one of
the BSD projects to host it, ask NYC*BUG to host it.  If it gets even
busier you can use bittorrent.  in short, everything we did before
Youtube appeared.

Isaac's Obama link under ``no technical barrier to sharing'' suggests
blip.tv over Youtube, but this is the first I've heard of it.

Hosting should be cheap enough, and easy enough for someone who says
he's interested in BSD.  I feel like, for someone advocating BSD, not
being able to post a big file on the web is sort of like an adult
eskimo not knowing how to make a fishing hook.

``We need to communicate in files that aren't easily playable on BSD
because our knowledge of BSD hasn't helped us learn how to publish our
own shit on the Internet?''  either way it's thoroughly pathetic.

    rl> I did use pedro@'s yt program to extract Youtube videos and
    rl> watch them on mplayer.

On OpenBSD mplayer or Linux mplayer? What does mplayer use to play
yt's fetched content?  AIUI on Linux this uses shared libs from
realplayer, so I don't know how it would work on OpenBSD.  Is it some
COMPAT_LINUX mplayer-linux port or something?

    rl> What I can suggest you do if you care so much, is work on a
    rl> convenient Flash player that works well in BSD.

no thanks, I'm not going to play catch-up with proprietary formats.

And remember, on this particular occasion I'm not complaining about
Youtube videos posted by Windows users.  I'm saying, ``why is a
supposed BSD advocate posting videos in a format that's hard to view
under BSD?  when better formats have been available for longer?  It's
like he assumes no one actually uses the thing he's advocating, and I
think he's probably about right.''

Finally, even if it weren't a depressing waste of time, I lack the
skill and the drive to write a Flash replacement, while having more
than enough skill and drive to encode videos in a reasonable format.
Is that so surprising?  Is no one else in the same situation?

``Just write a Herculean amount of code if you care so damn much''
shouldn't be a way of shutting people up.

    rl> What formats do Ubuntu distribute in?

Theora container.  not sure what's inside but Ubuntu doesn't
distribute proprietary things like FLASH with their base system, so
it's almost certainly BSD-friendly.

    rl> What format is [CCC videos] in?

H.264 inside .mp4 container that was made with one of the free Linux
tools and plays well under mplayer.

For the few things I've encoded, I use mpeg4 made by lavc or ffmpeg,
with ogg audio, inside .mkv container.  This plays on OpenBSD and
supports non-square pixels and mux'd text subtitles.

All three play without binary blobs so they work well under BSD, and
in Linux-land we've been encoding all three since before Youtube
existed, except maybe the H.264 but I think even that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081204/68b55ca1/attachment.bin>

From trish at bsdunix.net  Thu Dec  4 20:31:20 2008
From: trish at bsdunix.net (Siobhan P. Lynch)
Date: Thu, 4 Dec 2008 20:31:20 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>
	<oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
Message-ID: <BFBECBE8-239B-428D-B0F9-ED9F52A7DA72@bsdunix.net>




On Dec 4, 2008, at 4:16 PM, Miles Nordin wrote:
>>>>>> "rl" == Ray Lai <nycbug at cyth.net> writes:
>
>    rl> Are you providing the bandwidth?
>
>
> I'm among the biggest BSD advocates here just because I watch Youtube
> under Opera with COMPAT_LINUX, and that's PATHETIC.
>
> Ubuntu people are really good about distributing their videos in open
> formats that play with the native software included in their
> distribution.  And I guarantee you anyone who asks for a more free
> format will get a shamed apology, not a bunch of rants about how
> practical and profitable and successful the proprietary system is.
>
> CCC always gives me videos of the congress and the camp in a format I
> can play natively on BSD, even though the Krauts use almost
> exclusively Linux, rarely BSD.
>
> It's only from other supposed BSD people I'm getting the crappy
> proprietary formats.  How can I complain to Linux-centric developers
> that they keep breaking the ffmpeg builds on BSD with their Linuxisms,
> when there's such shitty advocacy from within the BSD camp?  On BSD
> where getting FLASH to work is much harder than Ubuntu, _I'm_ the
> troll for asking for an open format, and I'm supposed to accomodate
> the platform-insensitive choices of these supposed advocates?
>
> Yes, I am.  That is, as you've all just collectively defined it, the
> BSD culture.
>
> And that's why your OS is so fucking dead!  It's your own damn fault.
> What a disappointment


Then go somewhere else...

You know, I'm usually pretty quiet, but this vitriol really seems  
uncalled for... the only way it can have more venom is for you to use  
uncouth swear ("four letter") words.

Seriously, if you really have that many complaints, then please, by  
all means, find a different solution. It seems like every time I turn  
around you have some other complaint and you're vehemently expressing  
it... and trust me I don;t mind the expression of opinions, but you  
are directing your opinion in such a way as top stir up people's  
feelings so they *feel* insulted, no matter what their point of view  
regarding the issue is.

I think, unfortunately, mailing lists lend themselves to this kind of  
rudeness. I doubt you would be so vehemently insulting in tone if you  
were in a group of people in-person. But then again, I'm sorta glad I  
don't know you in person. I don't have a lot of time for this kind of  
thing.

I personally could care less what format Murray posts in. I really  
don;t care of Murray posts in some format that can only be viewed on a  
BeOS box  - its smimply not worth the type of rise in blood pressure  
that you exhibit in your posting.

To the rest of the list: I'm sorry for this "off-topic" post.... I  
just could not let this go, after reading venom and vitriol for months  
from him.

-Trish


From nycbug at cyth.net  Thu Dec  4 10:58:37 2008
From: nycbug at cyth.net (Ray Lai)
Date: Thu, 4 Dec 2008 10:58:37 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
Message-ID: <7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>

On Thu, Dec 4, 2008 at 10:45 AM, Miles Nordin <carton at ivy.net> wrote:
>>>>>> "sk" == Steven Kreuzer <skreuzer at exit2shell.com> writes:
>
>    sk> It looks like Murray Stokely is putting together a channel on
>    sk> YouTube with videos of BSD technical talks.
>
> Wouldn't it make sense to post the videos in a format BSD users can
> watch without using COMPAT_LINUX?

Are you providing the bandwidth?

Anyway there are YouTube rippers out there, gnash, and probably other
stuff I don't know about.

-Ray-


From carton at Ivy.NET  Fri Dec  5 13:41:44 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Fri, 05 Dec 2008 13:41:44 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <BFBECBE8-239B-428D-B0F9-ED9F52A7DA72@bsdunix.net> (Siobhan P.
	Lynch's message of "Thu, 4 Dec 2008 20:31:20 -0500")
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>
	<oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
	<BFBECBE8-239B-428D-B0F9-ED9F52A7DA72@bsdunix.net>
Message-ID: <oqbpvqzcpj.fsf@castrovalva.Ivy.NET>

>>>>> "spl" == Siobhan P Lynch <trish at bsdunix.net> writes:

   spl> stir up people's feelings so they *feel*
   spl> insulted, no matter what their point of view regarding the
   spl> issue is.

Do you actually have a point of view, other than ``you're making me
feel bad, and I don't like it when you say fuck and shit, so I wish
you would leave''?

I certainly never asked anyone to leave because of his opinions, but
you have.

I think BSD is in a worse spot than five years ago, and the problem is
largely cultural, and the discussion's therefore relevant.  If we
don't even have a safe place to talk honestly, then this really is a
disaster.

   spl> I doubt you would be so vehemently insulting in tone if you
   spl> were in a group of people in-person.

in general you sound right about ML style, but in this case, ask
around.  you're wrong.

However I am mistaken less often in person, I think.

   spl> I'm sorry for this "off-topic" post.... I just could not let
   spl> this go, after reading venom and vitriol for months from him.

You don't sound sorry.  You sound self-congradulatory and relieved.

I can live with a bit of ad-hominem garbage, and I think a measured
dose can help keep people interested and shake up
yet-another-cool-link-oftheday list that's beginning to sound like a
bunch of saccarine inspirational posters colorful birds and remote
jungle waterfalls.  However I think we had an argument of this sort
before: if you want to attack me, I would consider your post more fair
and appropriate if you put SOME on-topic substance in your mail, so
that whatever ``vitriol'' there is on either side at least advances
the discussion about BSD a bit.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081205/be1b69cf/attachment.bin>

From trish at bsdunix.net  Fri Dec  5 13:56:21 2008
From: trish at bsdunix.net (Siobhan P. Lynch)
Date: Fri, 5 Dec 2008 13:56:21 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <oqbpvqzcpj.fsf@castrovalva.Ivy.NET>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>
	<oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
	<BFBECBE8-239B-428D-B0F9-ED9F52A7DA72@bsdunix.net>
	<oqbpvqzcpj.fsf@castrovalva.Ivy.NET>
Message-ID: <89F8DD14-3383-4F83-9DB5-F81B088607F5@bsdunix.net>

What's your opinion? Your opinion is that everyone is wrong because  
they don;t agree with you, and that everyone is a piece of sh**  
because they won;t be as "Open" as you, and you're better because  
you're more extremist, and honestly, all I see is an unhappy person  
who needs a reason to make everyone else around him unhappy.

You would be much happier if you worried about yourself and what *you*  
posted, than what Murray posts, or whether BSD's have this solution or  
that solution, and whether you need to use linux compatibiity (when  
you spout the virtues of Ubuntu *linux* every chance you get, and I  
love ubuntu's way of doing things, but it seems like you need to  
complain and spit venom. Even this email proves it.

I am a happy human being. I have a family, and I'm a Mom, and I make a  
good living. I'm on the PTA, and I left the world of "this OS is  
better, and this OS is dying" a long time ago, I like to read good  
technical discussions, not ones where you discuss how sad someone is  
when they don't do things the "Miles Nordin" way. And maybe you're  
right, you are as much of a d*** in person. Its nice to know. I'm glad  
we don;t see each other often.

And if "if you're not happy with the situation and not willing to help  
change it, then walk away" is "asking someone to leave, then yes, I  
will ask people to leave.

-Trish



On Dec 5, 2008, at 1:41 PM, Miles Nordin wrote:

>>>>>> "spl" == Siobhan P Lynch <trish at bsdunix.net> writes:
>
>   spl> stir up people's feelings so they *feel*
>   spl> insulted, no matter what their point of view regarding the
>   spl> issue is.
>
> Do you actually have a point of view, other than ``you're making me
> feel bad, and I don't like it when you say fuck and shit, so I wish
> you would leave''?
>
> I certainly never asked anyone to leave because of his opinions, but
> you have.
>
> I think BSD is in a worse spot than five years ago, and the problem is
> largely cultural, and the discussion's therefore relevant.  If we
> don't even have a safe place to talk honestly, then this really is a
> disaster.
>
>   spl> I doubt you would be so vehemently insulting in tone if you
>   spl> were in a group of people in-person.
>
> in general you sound right about ML style, but in this case, ask
> around.  you're wrong.
>
> However I am mistaken less often in person, I think.
>
>   spl> I'm sorry for this "off-topic" post.... I just could not let
>   spl> this go, after reading venom and vitriol for months from him.
>
> You don't sound sorry.  You sound self-congradulatory and relieved.
>
> I can live with a bit of ad-hominem garbage, and I think a measured
> dose can help keep people interested and shake up
> yet-another-cool-link-oftheday list that's beginning to sound like a
> bunch of saccarine inspirational posters colorful birds and remote
> jungle waterfalls.  However I think we had an argument of this sort
> before: if you want to attack me, I would consider your post more fair
> and appropriate if you put SOME on-topic substance in your mail, so
> that whatever ``vitriol'' there is on either side at least advances
> the discussion about BSD a bit.
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From carton at Ivy.NET  Sat Dec  6 15:36:00 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Sat, 06 Dec 2008 15:36:00 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <89F8DD14-3383-4F83-9DB5-F81B088607F5@bsdunix.net> (Siobhan P.
	Lynch's message of "Fri, 5 Dec 2008 13:56:21 -0500")
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>
	<oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
	<BFBECBE8-239B-428D-B0F9-ED9F52A7DA72@bsdunix.net>
	<oqbpvqzcpj.fsf@castrovalva.Ivy.NET>
	<89F8DD14-3383-4F83-9DB5-F81B088607F5@bsdunix.net>
Message-ID: <oqk5adxcr3.fsf@castrovalva.Ivy.NET>

>>>>> "spl" == Siobhan P Lynch <trish at bsdunix.net> writes:

   spl> spout the virtues of Ubuntu *linux* every chance you get,

the virtues are the parts we can learn from, not the failures.

I think the *'s above may explain why my tone is troubling you.  It
seems like I've shocked you by complimenting Linux on a BSD list, when
usually all we do is slam Linux to make ourselves feel better.  If
we've gotten to the point where any Linux compliment is shocking, then
we're a bunch of blinking yes-men like those fools around Bush, and we
need to be shocked out of it.

I've done plenty of Linux-slamming, too, believe me!  The intent is
usually:

 * If you want Linux, you know where to get it.  We're an alternative
   we think _some_ people will find superior.  We won't pander to
   everyone, nor to play catch-up like Linux does to Windows.

 * Let's not copy XXX from Linux just because they're bigger.  Our way
   has worked well for us.

I lost both.  I lost the first when I heard myself saying ``I want (a)
stable system with (b) support for lots of notC programming languages
like Haskell, Erlang, and Java and (c) good networking stack with
stuff like policy routing, wireless, and firewalls that don't panic
the kernel, ability to forward a jumbo frame without dumping core.''

The on second point BSD eventually buckled on almost everything the
Linux refugees wanted to copy, one *BSD at a time.  like PAM, an
impatient binary-linking culture including an excessively-modularized
kernel instead of embedded-friendly streamlined build tools and big
static-linked images, userspace filesystems, X in the package
collection so it can't be cross-built, parts of the core system
depending on Perl, 'ps' and 'netstat' tools using abstract high-level
ABI's rather than groveling kmem so they're no longer provably
non-invasive and using the same codepath on coredumps as running
systems, u.s.w.

If you'll look through NetBSD lists ~eight years ago, my Linux
criticism was mostly restatements of: ``Linux has no culture and no
tradition except being anti-Windows.  They write things in the
quickest, sloppiest way possible, and their only standard of code
quality is, works==good.  Because of this, they're not building an
enduring, teachable culture through their code base.  BSD was a clean
teaching system from the beginning and still is now, while Linux is
just shoveling shit into a cauldron and bubbling off the water, never
caring about the smell or the process so long as they can build
something like a brick from it.''

so, now when I find BSD people being what I view as grossly negligent
compared to the minimum standard of culture-conscious behavior in the
Linux world, who-cares-works-for-me, the situation's reversed, and I'm
like, ``wtf, guys?''

I don't see truth in my 1999 cheerleading any more, _particularly_
among the BSD users like us---we use BSD like Windows admins use
Windows or like Mac zealots claim that Apple is perfect, because we
know it and we're too old or lazy to learn other things.  In 1999 the
other BSD users I remember came to find a Way, but when I bring up
something like a Way here, I get flamed ``I have a good job and am a
mom.  I just want to talk about technical things only.''  Culture has
been the most important part of BSD since its beginnings:

 http://slashdot.org/comments.pl?sid=3729&cid=1319245
 http://mail-index.netbsd.org/netbsd-users/2006/08/30/0016.html

rivalry with Linux has been at the center of BSD culture, since Linux
was worth running, which was VERY early---Linux 0.99.14 in ~1993
worked almost as well as 386BSD and had heaps more drivers and
prebuilt packages.  also this cool serifed VGA font with a bubble in
the > and < glyphs that sealed the deal for me.

BSD developers maybe do still have culture inside their heads, but I
think it's been eviscerated now that there are no new supplicants
begging to commit things to whom they can say ``this is an egregious
hack.  go rewrite it and make it better in ____ way.''  They still
have some amazing developers and some brilliant SoC students, but what
they don't have is enough interest to sustain their original
culture---they have to accept ~everything as Linux did willingly from
the start.  The culture I originally admired has been, in the
retrospect you see in mycroft's post, a failure.

Also, as discussed the last time you blew up at me, I think their
favoring the BSD license (1) is NIH-ism, (2) is defended by sound
bites and platitudes more than good arguments, (3) has been
devastating to BSD over the last two decades.  The staggering amount
of money the GPL mobilized and funneled into Linux _has_ to be the
reason the work of that mongol hoarde puts BSD stability to shame, yet
prominent BSD developers like Theo in the Reyk-HAL bickering (which
was finally untangled by lawyers funded by FSF donations <slap>), take
absurd nonsensically-vindictive positions like ``we only have a
license for liability protection.  we want our code to be used as
widely as possible by anyone no matter how little they give back,
except not in Linux, they can't use it.''  And Ray was saying a bunch
of developers are throwing heaps of time into rewriting things we
already have just to strip the GPL off!  When there aren't enough
developers to fix staggeringly fundamental problems, I think this is
crazy!

but yah, 2009!  NetBSD 5.0 is supposed to fix two of mycroft's 2006
crises: threads work, and there's a journaling filesystem.  still no
flash-friendly filesystem AFAIK, but by now they've probably resigned
themselves to letting openwrt take over the embedded space.

   spl> I am a happy human being. I have a family, and I'm a Mom, and
   spl> I make a good living. I'm on the PTA,

I don't want to talk about that kind of stuff here any more.  I mean,
if you want to unload, whatever, but don't get started again with this
ad-hominem shit like you did last time, ``did you fail at something?
Fail really bad?...  the world owes you something...  because youu've
been beaten by it every time?...  Grow up Miles,...  Either way, you
come off as a child throwing a temper tantrum,...  you need
counseling.''

Why are you dumping personal stuff about your family and job in
response to a post I've made about software development models?  Most
of us have families and jobs.  If my post about software culture made
you want to pull pictures of your daughter out of your wallet like a
prisoner about to be executed to point and say, ``see? I, too, can
love!  even though I am a mouth-breathing Mac OS user who pisses on
the freedom others have fought to give me, and claims to represent a
movement while collaborating in the pissing-away of a quarter century
of tradition'' then, maybe it was a really good post.

If now you're suddenly indignant because you feel like your, omg,
family has been insulted somehow, then spare us: DON'T BRING THEM UP!
Nor mine.  And don't say ``sorry, I'm usually quiet, but [insulting
bating attacking things about my private life],'' either.  This is SO
basic, and we've had this discussion before.

Honestly I've not seen it happen before, ever, on the main BSD project
lists.  I don't think it even happens on lkml.

   spl> venom. Even this email proves it.

*I'm* spouting venom?  hmmm....  well,

   spl> You would be much happier if you worried about yourself and
   spl> what *you* posted

same to you!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081206/6b22157d/attachment.bin>

From dan at langille.org  Sat Dec  6 19:23:25 2008
From: dan at langille.org (Dan Langille)
Date: Sat, 6 Dec 2008 19:23:25 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <89F8DD14-3383-4F83-9DB5-F81B088607F5@bsdunix.net>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>
	<oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
	<BFBECBE8-239B-428D-B0F9-ED9F52A7DA72@bsdunix.net>
	<oqbpvqzcpj.fsf@castrovalva.Ivy.NET>
	<89F8DD14-3383-4F83-9DB5-F81B088607F5@bsdunix.net>
Message-ID: <C26426F3-1C87-4CF0-843B-7FE863A0637C@langille.org>


On Dec 5, 2008, at 1:56 PM, Siobhan P. Lynch wrote:
>
> And if "if you're not happy with the situation and not willing to help
> change it, then walk away" is "asking someone to leave, then yes, I
> will ask people to leave.


Generally, do not feed the trolls.

-- 
Dan Langille
http://langille.org/





From carton at Ivy.NET  Sun Dec  7 11:58:32 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Sun, 07 Dec 2008 11:58:32 -0500
Subject: [nycbug-talk] [Miles Nordin] IPv6 problems with your DNS servers
In-Reply-To: <oqr64p3l3v.fsf@castrovalva.Ivy.NET> (Miles Nordin's message of
	"Wed, 03 Dec 2008 00:04:36 -0500")
References: <oqr64p3l3v.fsf@castrovalva.Ivy.NET>
Message-ID: <oq4p1fylaf.fsf@castrovalva.Ivy.NET>

>>>>> "c" == Miles Nordin <carton at ivy.net> writes:


     c> castrovalva:~$ time dig www.facebook.com aaaa @69.63.176.101

they never wrote back to me, but some time between last night and this
morning this actually seems fixed!  Maybe I'm temporarily getting the
one load balancer with good software on it, but, yeah, awesome.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081207/ef2ad089/attachment.bin>

From trish at bsdunix.net  Mon Dec  8 06:50:41 2008
From: trish at bsdunix.net (Siobhan P. Lynch)
Date: Mon, 8 Dec 2008 06:50:41 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <C26426F3-1C87-4CF0-843B-7FE863A0637C@langille.org>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>
	<oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
	<BFBECBE8-239B-428D-B0F9-ED9F52A7DA72@bsdunix.net>
	<oqbpvqzcpj.fsf@castrovalva.Ivy.NET>
	<89F8DD14-3383-4F83-9DB5-F81B088607F5@bsdunix.net>
	<C26426F3-1C87-4CF0-843B-7FE863A0637C@langille.org>
Message-ID: <AAAB8609-3F6F-4B73-A004-738B69816190@bsdunix.net>

Yeah, he just irks me.... he likes pissing in people's Cheerios... and  
in a way where even people who would agree with him otherwise are  
insulted by his tone.

-Trish
On Dec 6, 2008, at 7:23 PM, Dan Langille wrote:

>
> On Dec 5, 2008, at 1:56 PM, Siobhan P. Lynch wrote:
>>
>> And if "if you're not happy with the situation and not willing to  
>> help
>> change it, then walk away" is "asking someone to leave, then yes, I
>> will ask people to leave.
>
>
> Generally, do not feed the trolls.
>
> -- 
> Dan Langille
> http://langille.org/
>
>
>



From carton at Ivy.NET  Mon Dec  8 13:38:27 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Mon, 08 Dec 2008 13:38:27 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <AAAB8609-3F6F-4B73-A004-738B69816190@bsdunix.net> (Siobhan P.
	Lynch's message of "Mon, 8 Dec 2008 06:50:41 -0500")
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>
	<oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
	<BFBECBE8-239B-428D-B0F9-ED9F52A7DA72@bsdunix.net>
	<oqbpvqzcpj.fsf@castrovalva.Ivy.NET>
	<89F8DD14-3383-4F83-9DB5-F81B088607F5@bsdunix.net>
	<C26426F3-1C87-4CF0-843B-7FE863A0637C@langille.org>
	<AAAB8609-3F6F-4B73-A004-738B69816190@bsdunix.net>
Message-ID: <oqoczmwlzw.fsf@castrovalva.Ivy.NET>

>>>>> "spl" == Siobhan P Lynch <trish at bsdunix.net> writes:

   spl> he just irks me.... he likes [...]

yup, I seem to.  

Talking about me in the third person + other persistent and immoderate
disrespect == welcome to my killfile, Trish.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081208/b49b2661/attachment.bin>

From dan at radiusim.com  Mon Dec  8 14:12:42 2008
From: dan at radiusim.com (Dan Colish)
Date: Mon, 8 Dec 2008 14:12:42 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <oqoczmwlzw.fsf@castrovalva.Ivy.NET>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>
	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>
	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>
	<oqy6yvzlmd.fsf@castrovalva.Ivy.NET>
	<BFBECBE8-239B-428D-B0F9-ED9F52A7DA72@bsdunix.net>
	<oqbpvqzcpj.fsf@castrovalva.Ivy.NET>
	<89F8DD14-3383-4F83-9DB5-F81B088607F5@bsdunix.net>
	<C26426F3-1C87-4CF0-843B-7FE863A0637C@langille.org>
	<AAAB8609-3F6F-4B73-A004-738B69816190@bsdunix.net>
	<oqoczmwlzw.fsf@castrovalva.Ivy.NET>
Message-ID: <e24aad180812081112m3aa9ac56ub772475a8152504c@mail.gmail.com>

On Mon, Dec 8, 2008 at 1:38 PM, Miles Nordin <carton at ivy.net> wrote:

> >>>>> "spl" == Siobhan P Lynch <trish at bsdunix.net> writes:
>
>    spl> he just irks me.... he likes [...]
>
> yup, I seem to.
>
> Talking about me in the third person + other persistent and immoderate
> disrespect == welcome to my killfile, Trish.
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
>

what does this have to do with tech talks?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081208/5d3240c5/attachment.htm>

From george at ceetonetechnology.com  Mon Dec  8 15:29:29 2008
From: george at ceetonetechnology.com (George Rosamond)
Date: Mon, 08 Dec 2008 15:29:29 -0500
Subject: [nycbug-talk] YouTube Channel for BSD Technical Talks
In-Reply-To: <e24aad180812081112m3aa9ac56ub772475a8152504c@mail.gmail.com>
References: <41FD0884-6E0A-495E-8BC0-E3F4B5DD470A@exit2shell.com>	<oq4p1k0wr2.fsf@castrovalva.Ivy.NET>	<7765c0380812040758h66df422y9c3acadb4d042a62@mail.gmail.com>	<oqy6yvzlmd.fsf@castrovalva.Ivy.NET>	<BFBECBE8-239B-428D-B0F9-ED9F52A7DA72@bsdunix.net>	<oqbpvqzcpj.fsf@castrovalva.Ivy.NET>	<89F8DD14-3383-4F83-9DB5-F81B088607F5@bsdunix.net>	<C26426F3-1C87-4CF0-843B-7FE863A0637C@langille.org>	<AAAB8609-3F6F-4B73-A004-738B69816190@bsdunix.net>	<oqoczmwlzw.fsf@castrovalva.Ivy.NET>
	<e24aad180812081112m3aa9ac56ub772475a8152504c@mail.gmail.com>
Message-ID: <493D83A9.7020602@ceetonetechnology.com>

Dan Colish wrote:
> 
> 
> On Mon, Dec 8, 2008 at 1:38 PM, Miles Nordin <carton at ivy.net 
> <mailto:carton at ivy.net>> wrote:
> 
>      >>>>> "spl" == Siobhan P Lynch <trish at bsdunix.net
>     <mailto:trish at bsdunix.net>> writes:
> 
>       spl> he just irks me.... he likes [...]
> 
>     yup, I seem to.
> 
>     Talking about me in the third person + other persistent and immoderate
>     disrespect == welcome to my killfile, Trish.
> 
>     _______________________________________________
>     talk mailing list
>     talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>     http://lists.nycbug.org/mailman/listinfo/talk
> 
> 
> 
> what does this have to do with tech talks?

Ditto.

Enough.

Move on please.

g


From matt at atopia.net  Mon Dec  8 19:34:39 2008
From: matt at atopia.net (Matt Juszczak)
Date: Mon, 8 Dec 2008 19:34:39 -0500 (EST)
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
Message-ID: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>

Hiya,

If you were given the task of setting up a FreeBSD box with 1 TB disk 
space (mirrored RAID 1) for use by multiple clients for backing up their 
data (mostly via rsync and sftp), how would you set it up?  Yes, its a 
given that one would use a minimalist install, create home dirs for each 
client, enable quotas to keep file storage under control, but what else? 
Is there a shell out there that ONLY allows the use of rsync and perhaps 
sftp?  I've seen rbash and people also set the shell to sftp-server.

Just wondering how others would set this up.  Thanks!

-Matt


From matt at atopia.net  Mon Dec  8 19:43:14 2008
From: matt at atopia.net (Matt Juszczak)
Date: Mon, 8 Dec 2008 19:43:14 -0500 (EST)
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <45032026-1228783030-cardhu_decombobulator_blackberry.rim.net-1658867993-@bxe339.bisx.prod.on.blackberry>
References: <45032026-1228783030-cardhu_decombobulator_blackberry.rim.net-1658867993-@bxe339.bisx.prod.on.blackberry>
Message-ID: <alpine.BSF.2.00.0812081942520.23180@pluto.atopia.net>

Right, but that only allows rsync.  The same effect would be used if 
sftp-server was set as the shell for sftp.

On Tue, 9 Dec 2008, riegersteve at gmail.com wrote:

> In etc passwd use rsync as the shell
>
> ------Original Message------
> From: Matt Juszczak
> Sender: talk-bounces at lists.nycbug.org
> To: talk at lists.nycbug.org
> Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
> Sent: Dec 8, 2008 16:34
>
> Hiya,
>
> If you were given the task of setting up a FreeBSD box with 1 TB disk
> space (mirrored RAID 1) for use by multiple clients for backing up their
> data (mostly via rsync and sftp), how would you set it up?  Yes, its a
> given that one would use a minimalist install, create home dirs for each
> client, enable quotas to keep file storage under control, but what else?
> Is there a shell out there that ONLY allows the use of rsync and perhaps
> sftp?  I've seen rbash and people also set the shell to sftp-server.
>
> Just wondering how others would set this up.  Thanks!
>
> -Matt
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
>
>
> --
> Sent via Blackberry
> I can be reached at 310-947-8565


From george at ceetonetechnology.com  Mon Dec  8 19:42:53 2008
From: george at ceetonetechnology.com (George Rosamond)
Date: Mon, 08 Dec 2008 19:42:53 -0500
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
Message-ID: <493DBF0D.60400@ceetonetechnology.com>

Matt Juszczak wrote:
> Hiya,
> 
> If you were given the task of setting up a FreeBSD box with 1 TB disk 
> space (mirrored RAID 1) for use by multiple clients for backing up their 
> data (mostly via rsync and sftp), how would you set it up?  Yes, its a 
> given that one would use a minimalist install, create home dirs for each 
> client, enable quotas to keep file storage under control, but what else? 
> Is there a shell out there that ONLY allows the use of rsync and perhaps 
> sftp?  I've seen rbash and people also set the shell to sftp-server.
> 
> Just wondering how others would set this up.  Thanks!

There's an rsync-only shell out there that you can config and compile 
that's perfect, IMHO.

It will also do chroot.

And it's funny. . . was looking for the code, and found a posting by me 
on it

http://osdir.com/ml/user-groups.bsd.nycbug/2005-11/msg00094.html

g


From dan at langille.org  Mon Dec  8 19:57:08 2008
From: dan at langille.org (Dan Langille)
Date: Mon, 08 Dec 2008 19:57:08 -0500
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
Message-ID: <493DC264.1050503@langille.org>

Matt Juszczak wrote:
> Hiya,
> 
> If you were given the task of setting up a FreeBSD box with 1 TB disk 
> space (mirrored RAID 1) for use by multiple clients for backing up their 
> data (mostly via rsync and sftp), how would you set it up?  Yes, its a 
> given that one would use a minimalist install, create home dirs for each 
> client, enable quotas to keep file storage under control, but what else? 
> Is there a shell out there that ONLY allows the use of rsync and perhaps 
> sftp?  I've seen rbash and people also set the shell to sftp-server.
> 
> Just wondering how others would set this up.  Thanks!

As a contributor to the Bacula project, I'd install Bacula.

http://www.bacula.org/


From matt at atopia.net  Mon Dec  8 22:21:29 2008
From: matt at atopia.net (Matt Juszczak)
Date: Mon, 8 Dec 2008 22:21:29 -0500 (EST)
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <493DBF0D.60400@ceetonetechnology.com>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
	<493DBF0D.60400@ceetonetechnology.com>
Message-ID: <alpine.BSF.2.00.0812082221190.32715@pluto.atopia.net>


> And it's funny. . . was looking for the code, and found a posting by me on it
>
> http://osdir.com/ml/user-groups.bsd.nycbug/2005-11/msg00094.html
>
> g
>

I'm gonna use this, thanks!



From spork at bway.net  Tue Dec  9 00:00:56 2008
From: spork at bway.net (Charles Sprickman)
Date: Tue, 9 Dec 2008 00:00:56 -0500 (EST)
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <alpine.BSF.2.00.0812082221190.32715@pluto.atopia.net>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
	<493DBF0D.60400@ceetonetechnology.com>
	<alpine.BSF.2.00.0812082221190.32715@pluto.atopia.net>
Message-ID: <Pine.OSX.4.64.0812090000180.69841@toasty.nat.fasttrackmonkey.com>

On Mon, 8 Dec 2008, Matt Juszczak wrote:

>
>> And it's funny. . . was looking for the code, and found a posting by me on it
>>
>> http://osdir.com/ml/user-groups.bsd.nycbug/2005-11/msg00094.html
>>
>> g
>>
>
> I'm gonna use this, thanks!

The linked article mentions it, but scponly is nice for this sort of 
thing, and it's also in the ports tree.

http://www.sublimation.org/scponly/wiki/index.php

Charles

> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>


From matt at atopia.net  Tue Dec  9 00:16:41 2008
From: matt at atopia.net (Matt Juszczak)
Date: Tue, 9 Dec 2008 00:16:41 -0500 (EST)
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <Pine.OSX.4.64.0812090000180.69841@toasty.nat.fasttrackmonkey.com>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
	<493DBF0D.60400@ceetonetechnology.com>
	<alpine.BSF.2.00.0812082221190.32715@pluto.atopia.net>
	<Pine.OSX.4.64.0812090000180.69841@toasty.nat.fasttrackmonkey.com>
Message-ID: <alpine.BSF.2.00.0812090016300.40164@pluto.atopia.net>

> http://www.sublimation.org/scponly/wiki/index.php
>
> Charles

Doesn't support rsync :( (a requirement of ours)


From riegersteve at gmail.com  Mon Dec  8 19:37:01 2008
From: riegersteve at gmail.com (riegersteve at gmail.com)
Date: Tue, 9 Dec 2008 00:37:01 +0000
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
Message-ID: <45032026-1228783030-cardhu_decombobulator_blackberry.rim.net-1658867993-@bxe339.bisx.prod.on.blackberry>

In etc passwd use rsync as the shell

------Original Message------
From: Matt Juszczak
Sender: talk-bounces at lists.nycbug.org
To: talk at lists.nycbug.org
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
Sent: Dec 8, 2008 16:34

Hiya,

If you were given the task of setting up a FreeBSD box with 1 TB disk 
space (mirrored RAID 1) for use by multiple clients for backing up their 
data (mostly via rsync and sftp), how would you set it up?  Yes, its a 
given that one would use a minimalist install, create home dirs for each 
client, enable quotas to keep file storage under control, but what else? 
Is there a shell out there that ONLY allows the use of rsync and perhaps 
sftp?  I've seen rbash and people also set the shell to sftp-server.

Just wondering how others would set this up.  Thanks!

-Matt
_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk



--
Sent via Blackberry
I can be reached at 310-947-8565

From dcolish at gmail.com  Mon Dec  8 19:51:04 2008
From: dcolish at gmail.com (Dan Colish)
Date: Mon, 8 Dec 2008 19:51:04 -0500
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <493DBF0D.60400@ceetonetechnology.com>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
	<493DBF0D.60400@ceetonetechnology.com>
Message-ID: <7c21e7d30812081651w3a3c28b5j9ec2d72c80c1762e@mail.gmail.com>

On Mon, Dec 8, 2008 at 7:42 PM, George Rosamond <
george at ceetonetechnology.com> wrote:

> Matt Juszczak wrote:
> > Hiya,
> >
> > If you were given the task of setting up a FreeBSD box with 1 TB disk
> > space (mirrored RAID 1) for use by multiple clients for backing up their
> > data (mostly via rsync and sftp), how would you set it up?  Yes, its a
> > given that one would use a minimalist install, create home dirs for each
> > client, enable quotas to keep file storage under control, but what else?
> > Is there a shell out there that ONLY allows the use of rsync and perhaps
> > sftp?  I've seen rbash and people also set the shell to sftp-server.
> >
> > Just wondering how others would set this up.  Thanks!
>
> There's an rsync-only shell out there that you can config and compile
> that's perfect, IMHO.
>
> It will also do chroot.
>
> And it's funny. . . was looking for the code, and found a posting by me
> on it
>
> http://osdir.com/ml/user-groups.bsd.nycbug/2005-11/msg00094.html
>
> g
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>


I don't know about you guys, but I love s3 for backups. Its super easy to
sync with is you use the s3sync ruby project.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081208/9dfcbd18/attachment.htm>

From skreuzer at exit2shell.com  Tue Dec  9 09:18:05 2008
From: skreuzer at exit2shell.com (Steven Kreuzer)
Date: Tue, 9 Dec 2008 09:18:05 -0500
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
Message-ID: <D4D8A5BF-16EB-415A-A963-1182E65DAE4B@exit2shell.com>


On Dec 8, 2008, at 7:34 PM, Matt Juszczak wrote:

> Hiya,
>
> If you were given the task of setting up a FreeBSD box with 1 TB disk
> space (mirrored RAID 1) for use by multiple clients for backing up  
> their
> data (mostly via rsync and sftp), how would you set it up?  Yes, its a
> given that one would use a minimalist install, create home dirs for  
> each
> client, enable quotas to keep file storage under control, but what  
> else?
> Is there a shell out there that ONLY allows the use of rsync and  
> perhaps
> sftp?  I've seen rbash and people also set the shell to sftp-server.
>
> Just wondering how others would set this up.  Thanks!
>
> -Matt

Have you considered installing rsyncd on each of the clients machines
and then having your backup server pull from the clients?

This eliminates all the issues with having to setup logins for everyone.

On top of that, if the number of clients grow to the point where a  
single
server can't keep up, it becomes easier to spread the job among multiple
servers.

--
Steven Kreuzer
http://www.exit2shell.com/~skreuzer



From george at ceetonetechnology.com  Tue Dec  9 09:37:16 2008
From: george at ceetonetechnology.com (George Rosamond)
Date: Tue, 09 Dec 2008 09:37:16 -0500
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <alpine.BSF.2.00.0812082221190.32715@pluto.atopia.net>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
	<493DBF0D.60400@ceetonetechnology.com>
	<alpine.BSF.2.00.0812082221190.32715@pluto.atopia.net>
Message-ID: <493E829C.8080203@ceetonetechnology.com>

Matt Juszczak wrote:
> 
>> And it's funny. . . was looking for the code, and found a posting by 
>> me on it
>>
>> http://osdir.com/ml/user-groups.bsd.nycbug/2005-11/msg00094.html
>>
>> g
>>
> 
> I'm gonna use this, thanks!
> 
> 

If you do something interesting with this, let us know.

It's pretty straight-forward, but it's nice that you get the source and 
can compile exactly what you need.

It may *not* chroot in the config as I may be thinking of another remote 
shell in the fbsd ports.

Since it hasn't been mentioned, you should probably go with ssh key 
authentication. . . with or without passwds depending on the context.

George


From mspitzer at gmail.com  Mon Dec  8 23:48:58 2008
From: mspitzer at gmail.com (Marc Spitzer)
Date: Mon, 8 Dec 2008 23:48:58 -0500
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
Message-ID: <8c50a3c30812082048u1b077f7fv449910b8cb834075@mail.gmail.com>

On Mon, Dec 8, 2008 at 7:34 PM, Matt Juszczak <matt at atopia.net> wrote:
> Hiya,
>
> If you were given the task of setting up a FreeBSD box with 1 TB disk
> space (mirrored RAID 1) for use by multiple clients for backing up their
> data (mostly via rsync and sftp), how would you set it up?  Yes, its a
> given that one would use a minimalist install, create home dirs for each
> client, enable quotas to keep file storage under control, but what else?
> Is there a shell out there that ONLY allows the use of rsync and perhaps
> sftp?  I've seen rbash and people also set the shell to sftp-server.
>
> Just wondering how others would set this up.  Thanks!
>

how parinoid do you need to be?  you could put each customer in their
own jail on one end of the spectrim or unix file permissions on the
other.  after that we can talk about how to do what you want.
depending on the scale, number of clients, ZFS might be worth looking
at.  By default I would lean toward each having his own jail and
possibly ip and if ip space is a problem then a bidirectional nat with
everybody getting off ports for their access.

marc

-- 
Freedom is nothing but a chance to be better.
Albert Camus


From matt at atopia.net  Tue Dec  9 11:19:39 2008
From: matt at atopia.net (Matt Juszczak)
Date: Tue, 9 Dec 2008 11:19:39 -0500 (EST)
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <D4D8A5BF-16EB-415A-A963-1182E65DAE4B@exit2shell.com>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
	<D4D8A5BF-16EB-415A-A963-1182E65DAE4B@exit2shell.com>
Message-ID: <alpine.BSF.2.00.0812091119220.89932@pluto.atopia.net>

> Have you considered installing rsyncd on each of the clients machines
> and then having your backup server pull from the clients?
>
> This eliminates all the issues with having to setup logins for everyone.
>
> On top of that, if the number of clients grow to the point where a
> single
> server can't keep up, it becomes easier to spread the job among multiple
> servers.

Yep, we considered the pull method, but many of these servers are self 
managed.


From matt at atopia.net  Tue Dec  9 11:20:31 2008
From: matt at atopia.net (Matt Juszczak)
Date: Tue, 9 Dec 2008 11:20:31 -0500 (EST)
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <493E829C.8080203@ceetonetechnology.com>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
	<493DBF0D.60400@ceetonetechnology.com>
	<alpine.BSF.2.00.0812082221190.32715@pluto.atopia.net>
	<493E829C.8080203@ceetonetechnology.com>
Message-ID: <alpine.BSF.2.00.0812091119460.89932@pluto.atopia.net>

> If you do something interesting with this, let us know.

I will!

> It's pretty straight-forward, but it's nice that you get the source and can 
> compile exactly what you need.

Exactly.  I like that.

> It may *not* chroot in the config as I may be thinking of another remote 
> shell in the fbsd ports.

OK.

> Since it hasn't been mentioned, you should probably go with ssh key 
> authentication. . . with or without passwds depending on the context.

Yup, a great idea.  We're also only allowing authentication from the IP 
internal LAN anyway.


From spork at bway.net  Tue Dec  9 13:14:21 2008
From: spork at bway.net (Charles Sprickman)
Date: Tue, 9 Dec 2008 13:14:21 -0500 (EST)
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <7c21e7d30812081651w3a3c28b5j9ec2d72c80c1762e@mail.gmail.com>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
	<493DBF0D.60400@ceetonetechnology.com>
	<7c21e7d30812081651w3a3c28b5j9ec2d72c80c1762e@mail.gmail.com>
Message-ID: <Pine.OSX.4.64.0812091312420.537@toasty.nat.fasttrackmonkey.com>

> On Mon, Dec 8, 2008 at 7:42 PM, George Rosamond <
> george at ceetonetechnology.com> wrote:
>
>> Matt Juszczak wrote:
>>> Hiya,
>>>
>>> If you were given the task of setting up a FreeBSD box with 1 TB disk
>>> space (mirrored RAID 1) for use by multiple clients for backing up their
>>> data (mostly via rsync and sftp), how would you set it up?  Yes, its a
>>> given that one would use a minimalist install, create home dirs for each
>>> client, enable quotas to keep file storage under control, but what else?
>>> Is there a shell out there that ONLY allows the use of rsync and perhaps
>>> sftp?  I've seen rbash and people also set the shell to sftp-server.
>>>
>>> Just wondering how others would set this up.  Thanks!
>>
>> There's an rsync-only shell out there that you can config and compile
>> that's perfect, IMHO.
>>
>> It will also do chroot.
>>
>> And it's funny. . . was looking for the code, and found a posting by me
>> on it
>>
>> http://osdir.com/ml/user-groups.bsd.nycbug/2005-11/msg00094.html

I lost the reply to my post about the scponly restricted shell, but 
someone stated that it does not handle rsync.  That's not the case.  Do a 
"make config" in /usr/ports/shells/scponly - there is an option to add 
rsync compatibility and many other things like chroot and svn compat.

Just an FYI...

Charles


From matt at atopia.net  Tue Dec  9 13:55:29 2008
From: matt at atopia.net (Matt Juszczak)
Date: Tue, 9 Dec 2008 13:55:29 -0500 (EST)
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <Pine.OSX.4.64.0812091312420.537@toasty.nat.fasttrackmonkey.com>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
	<493DBF0D.60400@ceetonetechnology.com>
	<7c21e7d30812081651w3a3c28b5j9ec2d72c80c1762e@mail.gmail.com>
	<Pine.OSX.4.64.0812091312420.537@toasty.nat.fasttrackmonkey.com>
Message-ID: <alpine.BSF.2.00.0812091355210.1108@pluto.atopia.net>

> I lost the reply to my post about the scponly restricted shell, but
> someone stated that it does not handle rsync.  That's not the case.  Do a
> "make config" in /usr/ports/shells/scponly - there is an option to add
> rsync compatibility and many other things like chroot and svn compat.
>
> Just an FYI...
>
> Charles

Oh wow, great!  Thanks!


From raj at brainlink.com  Tue Dec  9 17:29:57 2008
From: raj at brainlink.com (Raj Goel)
Date: Tue, 9 Dec 2008 22:29:57 +0000
Subject: [nycbug-talk] Looking for a firewall guru
Message-ID: <394889945-1228861751-cardhu_decombobulator_blackberry.rim.net-255177169-@bxe257.bisx.prod.on.blackberry>

BUGers,

   Am in need of someone who can setup a firewall that supports 802.1Q VLAN tagging.

   Call me at 917-685-7731.

Rajesh Goel, CISSP
cell (917) 685-7731
CTO: Brainlink International, Inc.
"IT Crisis Management and Solutions"


From akosela at andykosela.com  Wed Dec 10 02:23:52 2008
From: akosela at andykosela.com (Andy Kosela)
Date: Wed, 10 Dec 2008 08:23:52 +0100
Subject: [nycbug-talk] NY/NJ companies using FreeBSD
Message-ID: <3cc535c80812092323u24a44f78o1bc682c5499b5b3a@mail.gmail.com>

Who is using FreeBSD on production servers in the New York/New Jersey
area? FreeBSD has historically been strong in the hosting services
segment. New York Internet, DataPipe and DynDNS particularly come to
my mind. But who else? I am perfectly aware that the trends nowadays
are leaning towards Linux deployment, so who is still a heavy
supporter of FreeBSD in New York?

-- 
Andy Kosela
ora et labora


From lists at stringsutils.com  Wed Dec 10 11:58:40 2008
From: lists at stringsutils.com (Francisco Reyes)
Date: Wed, 10 Dec 2008 11:58:40 -0500
Subject: [nycbug-talk]
 =?iso-8859-1?q?Setting_up_a_FreeBSD_=22backup=22_bo?=
 =?iso-8859-1?q?x?=
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
Message-ID: <cone.1228928320.34198.1296.1000@zoraida.natserv.net>

Matt Juszczak writes:

> ....rsync... hell to sftp-server.

In addition to rsync consider rdiff.


Also check tarsnap
http://tarsnap.com

With compression AND deduplication of data tarsnap is extremely efficient if 
data doesn't change often/much.


From george at ceetonetechnology.com  Wed Dec 10 12:10:23 2008
From: george at ceetonetechnology.com (George Rosamond)
Date: Wed, 10 Dec 2008 12:10:23 -0500
Subject: [nycbug-talk] Setting up a FreeBSD "backup" box
In-Reply-To: <cone.1228928320.34198.1296.1000@zoraida.natserv.net>
References: <alpine.BSF.2.00.0812081931560.22171@pluto.atopia.net>
	<cone.1228928320.34198.1296.1000@zoraida.natserv.net>
Message-ID: <493FF7FF.5060000@ceetonetechnology.com>

Francisco Reyes wrote:
> Matt Juszczak writes:
> 
>> ....rsync... hell to sftp-server.
> 
> In addition to rsync consider rdiff.
> 
> 
> Also check tarsnap
> http://tarsnap.com
> 
> With compression AND deduplication of data tarsnap is extremely efficient if 
> data doesn't change often/much.

Actually. . . I think the shell I was initially referring to was rssh, 
which is in the FBSD ports.  It *does* allow chroot.

http://www.pizzashack.org/rssh/index.shtml

George


From thomas at zaph.org  Wed Dec 10 13:22:39 2008
From: thomas at zaph.org (N. J. Thomas)
Date: Wed, 10 Dec 2008 13:22:39 -0500
Subject: [nycbug-talk] NY/NJ companies using FreeBSD
In-Reply-To: <3cc535c80812092323u24a44f78o1bc682c5499b5b3a@mail.gmail.com>
References: <3cc535c80812092323u24a44f78o1bc682c5499b5b3a@mail.gmail.com>
Message-ID: <20081210182239.GT45883@zaph.org>

* Andy Kosela <akosela at andykosela.com> [2008-12-10 08:23:52+0000]:
> Who is using FreeBSD on production servers in the New York/New Jersey
> area?

I worked as sysadmin for a marketing firm (banner ads and such) near
Wall St that was 100% FreeBSD on their production servers (about 40-50
boxes).

I keep in touch with their current sysadmin and they have not changed
their infrastructure and have no plans to do so.

Thomas


From lists at stringsutils.com  Wed Dec 10 13:55:18 2008
From: lists at stringsutils.com (Francisco Reyes)
Date: Wed, 10 Dec 2008 13:55:18 -0500
Subject: [nycbug-talk] NY/NJ companies using FreeBSD
References: <3cc535c80812092323u24a44f78o1bc682c5499b5b3a@mail.gmail.com>
Message-ID: <cone.1228935318.134240.1391.1000@zoraida.natserv.net>

Andy Kosela writes:

> are leaning towards Linux deployment, so who is still a heavy
> supporter of FreeBSD in New York?

There are  probably many small companies that we would never find about.
I guess your question is more along the lines of what large/recognized 
company is a big supporter of FreeBSD in NY.


From akosela at andykosela.com  Wed Dec 10 18:04:55 2008
From: akosela at andykosela.com (Andy Kosela)
Date: Thu, 11 Dec 2008 00:04:55 +0100
Subject: [nycbug-talk] NY/NJ companies using FreeBSD
In-Reply-To: <cone.1228935318.134240.1391.1000@zoraida.natserv.net>
References: <3cc535c80812092323u24a44f78o1bc682c5499b5b3a@mail.gmail.com>
	<cone.1228935318.134240.1391.1000@zoraida.natserv.net>
Message-ID: <3cc535c80812101504w66d9f32fu6f26da9d27a8825@mail.gmail.com>

On Wed, Dec 10, 2008 at 7:55 PM, Francisco Reyes <lists at stringsutils.com> wrote:
> Andy Kosela writes:
>
>> are leaning towards Linux deployment, so who is still a heavy
>> supporter of FreeBSD in New York?
>
> There are  probably many small companies that we would never find about.
> I guess your question is more along the lines of what large/recognized
> company is a big supporter of FreeBSD in NY.

That's exactly what I had in my mind. From my experience, in larger
corporations the adoption of FreeBSD is somewhat harder due to the
business models these corporations are based upon. When they buy
hardware from vendors like HP, EMC, IBM they also buy a whole fully
supported software package that comes with it, and that means usually
RHEL or even HP-UX/AIX. DataPipe and NYI are a nice exception to the
general rule. Any Yahoo! sysadmins on this list? Has Yahoo got data
centers located in NY/NJ areas running FreeBSD?

-- 
Andy Kosela
ora et labora


From riegersteve at gmail.com  Wed Dec 10 18:49:23 2008
From: riegersteve at gmail.com (Steve Rieger)
Date: Wed, 10 Dec 2008 15:49:23 -0800
Subject: [nycbug-talk] NY/NJ companies using FreeBSD
In-Reply-To: <20081210182239.GT45883@zaph.org>
References: <3cc535c80812092323u24a44f78o1bc682c5499b5b3a@mail.gmail.com>
	<20081210182239.GT45883@zaph.org>
Message-ID: <49405583.3030200@gmail.com>

N. J. Thomas wrote:
> * Andy Kosela <akosela at andykosela.com> [2008-12-10 08:23:52+0000]:
>> Who is using FreeBSD on production servers in the New York/New Jersey
>> area?
> 
> I worked as sysadmin for a marketing firm (banner ads and such) near
> Wall St that was 100% FreeBSD on their production servers (about 40-50
> boxes).
> 
> I keep in touch with their current sysadmin and they have not changed
> their infrastructure and have no plans to do so.
> 
> Thomas
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
TBWA, Chiat, Chiat Day, all use freebsd




From jschauma at netmeister.org  Wed Dec 10 21:44:00 2008
From: jschauma at netmeister.org (Jan Schaumann)
Date: Wed, 10 Dec 2008 21:44:00 -0500
Subject: [nycbug-talk] NY/NJ companies using FreeBSD
In-Reply-To: <3cc535c80812101504w66d9f32fu6f26da9d27a8825@mail.gmail.com>
References: <3cc535c80812092323u24a44f78o1bc682c5499b5b3a@mail.gmail.com>
	<cone.1228935318.134240.1391.1000@zoraida.natserv.net>
	<3cc535c80812101504w66d9f32fu6f26da9d27a8825@mail.gmail.com>
Message-ID: <20081211024359.GA22860@netmeister.org>

Andy Kosela <akosela at andykosela.com> wrote:

> Any Yahoo! sysadmins on this list? Has Yahoo got data centers located
> in NY/NJ areas running FreeBSD?

Not all companies are necessarily at liberty to discuss (on a public
mailing list, anyway) either the location of their datacenters nor the
exact numbers of hosts running a given operating system (or version
thereof).

But it's no secret that Yahoo! does have a large number of hosts running
FreeBSD.

-Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081210/f8c3ce84/attachment.bin>

From george at ceetonetechnology.com  Thu Dec 11 10:20:36 2008
From: george at ceetonetechnology.com (George Rosamond)
Date: Thu, 11 Dec 2008 10:20:36 -0500
Subject: [nycbug-talk] NY/NJ companies using FreeBSD
In-Reply-To: <20081211024359.GA22860@netmeister.org>
References: <3cc535c80812092323u24a44f78o1bc682c5499b5b3a@mail.gmail.com>	<cone.1228935318.134240.1391.1000@zoraida.natserv.net>	<3cc535c80812101504w66d9f32fu6f26da9d27a8825@mail.gmail.com>
	<20081211024359.GA22860@netmeister.org>
Message-ID: <49412FC4.7030904@ceetonetechnology.com>

Jan Schaumann wrote:
> Andy Kosela <akosela at andykosela.com> wrote:
> 
>> Any Yahoo! sysadmins on this list? Has Yahoo got data centers located
>> in NY/NJ areas running FreeBSD?
> 
> Not all companies are necessarily at liberty to discuss (on a public
> mailing list, anyway) either the location of their datacenters nor the
> exact numbers of hosts running a given operating system (or version
> thereof).
> 
> But it's no secret that Yahoo! does have a large number of hosts running
> FreeBSD.

Andy:

A long while back, maybe five years ago, we attempted to do this with 
NYCBUG. . . . create a central database of NYC-area BSD using companies.

With such a vague goal, ie, determining BSD-using firms for the sake of 
it, it's difficult.

If you actually explain what your goal is, it might be a bit easier to 
provide some direction. . .

eg.,

are you looking to apply for dev/sa jobs?

are you cataloging BSD-based hardware solutions?

do you have a service to provide to those firms?

g


From akosela at andykosela.com  Thu Dec 11 14:10:07 2008
From: akosela at andykosela.com (Andy Kosela)
Date: Thu, 11 Dec 2008 20:10:07 +0100
Subject: [nycbug-talk] NY/NJ companies using FreeBSD
In-Reply-To: <49412FC4.7030904@ceetonetechnology.com>
References: <3cc535c80812092323u24a44f78o1bc682c5499b5b3a@mail.gmail.com>
	<cone.1228935318.134240.1391.1000@zoraida.natserv.net>
	<3cc535c80812101504w66d9f32fu6f26da9d27a8825@mail.gmail.com>
	<20081211024359.GA22860@netmeister.org>
	<49412FC4.7030904@ceetonetechnology.com>
Message-ID: <3cc535c80812111110s45832073qd6b04a2b447967d0@mail.gmail.com>

On Thu, Dec 11, 2008 at 4:20 PM, George Rosamond
<george at ceetonetechnology.com> wrote:
> A long while back, maybe five years ago, we attempted to do this with
> NYCBUG. . . . create a central database of NYC-area BSD using companies.
>
> With such a vague goal, ie, determining BSD-using firms for the sake of
> it, it's difficult.

I don't see any official list on nycbug.org so I guess you didn't
succeed or the decision was made not to disclose it. Netcraft.com can
be a good source of information; at least for the www servers running
FreeBSD, but I'm sure you already used it.

>
> If you actually explain what your goal is, it might be a bit easier to
> provide some direction. . .
>
> eg.,
>
> are you looking to apply for dev/sa jobs?
>
> are you cataloging BSD-based hardware solutions?
>
> do you have a service to provide to those firms?

Yes, I would like to catalog FreeBSD shops in NYC area, (1) for
general information as to the scale of FreeBSD adoption and deployment
of FreeBSD servers in the NYC, and (2) as a New Yorker but not
currently living in NY, I'm definetly interested in any opportunities
for FreeBSD sysadmin work in the NYC.

George, I think that such a list on nycbug.org would be beneficial to
many. Not only it would point possible customers interested in BSD
solutions to the right places, but also it would showcase that BSD
presence in the NYC is strong and widespread.

-- 
Andy Kosela
ora et labora


From akosela at andykosela.com  Thu Dec 11 14:27:41 2008
From: akosela at andykosela.com (Andy Kosela)
Date: Thu, 11 Dec 2008 20:27:41 +0100
Subject: [nycbug-talk] NY/NJ companies using FreeBSD
In-Reply-To: <49405583.3030200@gmail.com>
References: <3cc535c80812092323u24a44f78o1bc682c5499b5b3a@mail.gmail.com>
	<20081210182239.GT45883@zaph.org> <49405583.3030200@gmail.com>
Message-ID: <3cc535c80812111127l3fdd5a0wcba1454e77bf6f09@mail.gmail.com>

On Thu, Dec 11, 2008 at 12:49 AM, Steve Rieger <riegersteve at gmail.com> wrote:
> TBWA, Chiat, Chiat Day, all use freebsd

http://uptime.netcraft.com/up/graph?site=www.tbwachiat.com

It seems they are using Linux nowadays, at least for www.

-- 
Andy Kosela
ora et labora


From george at ceetonetechnology.com  Thu Dec 11 14:52:09 2008
From: george at ceetonetechnology.com (George Rosamond)
Date: Thu, 11 Dec 2008 14:52:09 -0500
Subject: [nycbug-talk] NY/NJ companies using FreeBSD
In-Reply-To: <3cc535c80812111110s45832073qd6b04a2b447967d0@mail.gmail.com>
References: <3cc535c80812092323u24a44f78o1bc682c5499b5b3a@mail.gmail.com>	
	<cone.1228935318.134240.1391.1000@zoraida.natserv.net>	
	<3cc535c80812101504w66d9f32fu6f26da9d27a8825@mail.gmail.com>	
	<20081211024359.GA22860@netmeister.org>	
	<49412FC4.7030904@ceetonetechnology.com>
	<3cc535c80812111110s45832073qd6b04a2b447967d0@mail.gmail.com>
Message-ID: <49416F69.4030701@ceetonetechnology.com>

Andy Kosela wrote:
> On Thu, Dec 11, 2008 at 4:20 PM, George Rosamond
> <george at ceetonetechnology.com> wrote:
>> A long while back, maybe five years ago, we attempted to do this with
>> NYCBUG. . . . create a central database of NYC-area BSD using companies.
>>
>> With such a vague goal, ie, determining BSD-using firms for the sake of
>> it, it's difficult.
> 
> I don't see any official list on nycbug.org so I guess you didn't
> succeed or the decision was made not to disclose it. Netcraft.com can
> be a good source of information; at least for the www servers running
> FreeBSD, but I'm sure you already used it.
> 
>> If you actually explain what your goal is, it might be a bit easier to
>> provide some direction. . .
>>
>> eg.,
>>
>> are you looking to apply for dev/sa jobs?
>>
>> are you cataloging BSD-based hardware solutions?
>>
>> do you have a service to provide to those firms?
> 
> Yes, I would like to catalog FreeBSD shops in NYC area, (1) for
> general information as to the scale of FreeBSD adoption and deployment
> of FreeBSD servers in the NYC, and (2) as a New Yorker but not
> currently living in NY, I'm definetly interested in any opportunities
> for FreeBSD sysadmin work in the NYC.

For the second, post yourself to the jobs@ list, I'd recommend.

> 
> George, I think that such a list on nycbug.org would be beneficial to
> many. Not only it would point possible customers interested in BSD
> solutions to the right places, but also it would showcase that BSD
> presence in the NYC is strong and widespread.
> 

We'd have to dig up the old list. . . but it wasn't exactly deep on any 
level.

It was basically a handful of small shops out of a layer of NYCBUG 
members.  Plus "oh, I think such-and-such company uses a BSD."  Not 
really worth it.

The best starting point, if you do intend to embark on such a list 
yourself, is to look at donations to the projects and various related 
projects (like OpenSSH).  And add on sponsors to list of BSD cons.  Of 
course you'd have to sift through those lists to find out.

NetCraft is fine for looking at public facing servers that are on the 
relevant companies well known FQDNs.  I think, for instance, some of 
Microsoft's Hotmail periphery servers are still FBSD boxes.  (what a 
long horrible migration process).

It might be less time consuming and more accurate to just do an nmap 
script with -O on all IP blocks.  . good luck :)

But remember, even with enormous nmap sweeps with -O, you're only 
hitting public facing IPs.  You'll probably hit some netscalers, eg, 
that use bsd kernels on their hardware.

As you probably know, there's also the BSDStats project (on fbsd 
sysutils/bsdstats) which has a corresponding www site.

Maybe just take a step back and look at the methodology others use for 
OS stats. . . but remember the weaknesses mentioned above.

Let us know.

g


From thomas at zaph.org  Mon Dec 15 13:26:56 2008
From: thomas at zaph.org (N. J. Thomas)
Date: Mon, 15 Dec 2008 13:26:56 -0500
Subject: [nycbug-talk] zen.spamhaus.org (OT)
Message-ID: <20081215182656.GC80477@zaph.org>

The last few weeks I've seen an increase in spam getting through my
personal SpamAssassin filters. Up until recently, SA was working quite
well and I only had 1 or 2 get through every week -- a number I could
live with.

But this morning I had about a dozen come through, so I just configured
my mail servers to use the zen.spamhaus.org DNSBL.

So far it's done a pretty good job, my two FreeBSD servers running
Postfix has rejected 44 pieces of spam in the last 45 minutes since I
started it, which is fantastic.

But it's been a while since I followed the DNSBL news, so I wanted to
know what is the current thinking on Spamhaus? Are they too strict? Are
they not strict enough?

Are there other blacklists I should be using?

thanks,
Thomas


From andy.kosela at gmail.com  Mon Dec 15 14:54:43 2008
From: andy.kosela at gmail.com (Andy Kosela)
Date: Mon, 15 Dec 2008 20:54:43 +0100
Subject: [nycbug-talk] zen.spamhaus.org (OT)
In-Reply-To: <20081215182656.GC80477@zaph.org>
References: <20081215182656.GC80477@zaph.org>
Message-ID: <3cc535c80812151154h7237abd9n3a8f974ed81ed09e@mail.gmail.com>

On Mon, Dec 15, 2008 at 7:26 PM, N. J. Thomas <thomas at zaph.org> wrote:
>
> Are there other blacklists I should be using?
>

This is what I'm using at the moment. Works good so far:

reject_rbl_client       bl.spamcop.net
reject_rbl_client       zen.spamhaus.org


-- 
Andy Kosela
ora et labora


From marco at metm.org  Mon Dec 15 15:47:55 2008
From: marco at metm.org (marco scoffier)
Date: Mon, 15 Dec 2008 15:47:55 -0500
Subject: [nycbug-talk] zen.spamhaus.org (OT)
In-Reply-To: <3cc535c80812151154h7237abd9n3a8f974ed81ed09e@mail.gmail.com>
References: <20081215182656.GC80477@zaph.org>
	<3cc535c80812151154h7237abd9n3a8f974ed81ed09e@mail.gmail.com>
Message-ID: <4946C27B.2090509@metm.org>

Andy Kosela wrote:
> On Mon, Dec 15, 2008 at 7:26 PM, N. J. Thomas <thomas at zaph.org> wrote:
>   
>> Are there other blacklists I should be using?
>>
>>     
>
> This is what I'm using at the moment. Works good so far:
>
> reject_rbl_client       bl.spamcop.net
> reject_rbl_client       zen.spamhaus.org
>
>   
For my use, I find all blacklists too restrictive
Many of my users have to get mail from people who use free.fr a hugely 
popular, free and very crappy French provider which always gets its 
servers on blacklists.  Same for Korean, Japanese and Chinese friends 
using sketchy Asian providers (mobile phone weirdness etc.)  If your 
communications are the slightest bit international I find using 
blacklists is impossible.

the best solution I have found is still greylisting and only greylisting.

Marco


From maddaemon at gmail.com  Mon Dec 15 18:49:40 2008
From: maddaemon at gmail.com (maddaemon at gmail.com)
Date: Mon, 15 Dec 2008 18:49:40 -0500
Subject: [nycbug-talk] Text parsing question
Message-ID: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>

List,

I'm hoping someone can help me with this...

I'm trying to search for a pattern in a text file that contains login
info from a syslog and weed out entries that are duplicated with
differnt IP addresses.

For example, here are 2 lines:

Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13

where 192.168.8.17 is the Windows DC, and the other is the IIP of the
webmail server.

I need to remove the line that contains the DC _ONLY_WHEN_ there is a
duplicate entry (same timestamp) with another IP.  The text file
contains hundreds of other entries, and there are single entries where
the DC IP is the only entry.  Using the above examples, I need to
remove the first line and only retrieve the second line:

Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13

Does anyone know how to go about doing this?  I was going to try using
sed and compare the lines looking for the same timestamp + username +
IP1/IP2, but it gave me a headache when I tried to wrap my head around
the logic.

TIA


From jschauma at netmeister.org  Mon Dec 15 20:46:02 2008
From: jschauma at netmeister.org (Jan Schaumann)
Date: Mon, 15 Dec 2008 20:46:02 -0500
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
References: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
Message-ID: <20081216014602.GA5565@netmeister.org>

"maddaemon at gmail.com" <maddaemon at gmail.com> wrote:
 
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13

Split into timestamp, line and IP.  Use a hash:

if $line matched "abc1234 tried logging in from"
	if ! $line_by_ts{$timestamp}
		$line_by_ts{$timestamp} = $ip
	else
		if $ip != $line_by_ts{$timestamp}
			# dupe with different ip
		else
			# dupe with same ip
		endif
	endif
endif

awk or perl should do.

-Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081215/ce5c394b/attachment.bin>

From nycbug at cyth.net  Tue Dec 16 00:53:28 2008
From: nycbug at cyth.net (Ray Lai)
Date: Wed, 17 Dec 2008 00:52:28 +1859
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
References: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
Message-ID: <7765c0380812152153v12bd2476q5cdc2c61b6829cff@mail.gmail.com>

On Tue, Dec 16, 2008 at 6:48 PM, maddaemon at gmail.com
<maddaemon at gmail.com> wrote:
> List,
>
> I'm hoping someone can help me with this...
>
> I'm trying to search for a pattern in a text file that contains login
> info from a syslog and weed out entries that are duplicated with
> differnt IP addresses.
>
> For example, here are 2 lines:
>
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>
> where 192.168.8.17 is the Windows DC, and the other is the IIP of the
> webmail server.
>
> I need to remove the line that contains the DC _ONLY_WHEN_ there is a
> duplicate entry (same timestamp) with another IP.  The text file
> contains hundreds of other entries, and there are single entries where
> the DC IP is the only entry.  Using the above examples, I need to
> remove the first line and only retrieve the second line:
>
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>
> Does anyone know how to go about doing this?  I was going to try using
> sed and compare the lines looking for the same timestamp + username +
> IP1/IP2, but it gave me a headache when I tried to wrap my head around
> the logic.

Does "sort -unsk1,9" work? You'd have to split the files according to
month, though.

-Ray-


From maddaemon at gmail.com  Tue Dec 16 10:37:34 2008
From: maddaemon at gmail.com (maddaemon at gmail.com)
Date: Tue, 16 Dec 2008 10:37:34 -0500
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <20081216014602.GA5565@netmeister.org>
References: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
	<20081216014602.GA5565@netmeister.org>
Message-ID: <6c1774c50812160737y64dd43efs21696299a59acd99@mail.gmail.com>

On Mon, Dec 15, 2008 at 8:46 PM, Jan Schaumann <jschauma at netmeister.org> wrote:
> "maddaemon at gmail.com" <maddaemon at gmail.com> wrote:
>
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>
> Split into timestamp, line and IP.  Use a hash:
>
> if $line matched "abc1234 tried logging in from"
>        if ! $line_by_ts{$timestamp}
>                $line_by_ts{$timestamp} = $ip
>        else
>                if $ip != $line_by_ts{$timestamp}
>                        # dupe with different ip
>                else
>                        # dupe with same ip
>                endif
>        endif
> endif
>
> awk or perl should do.
>
> -Jan

That looks like it might work, except for the fact that there are a
possible 300+ user IDs that might be in the list.  Is there a way in
this line:

if $line matched "abc1234 tried logging in from"

to use a variable instead of "abc1234"?


From bonsaime at gmail.com  Tue Dec 16 12:37:53 2008
From: bonsaime at gmail.com (Jesse Callaway)
Date: Tue, 16 Dec 2008 12:37:53 -0500
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <6c1774c50812160737y64dd43efs21696299a59acd99@mail.gmail.com>
References: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
	<20081216014602.GA5565@netmeister.org>
	<6c1774c50812160737y64dd43efs21696299a59acd99@mail.gmail.com>
Message-ID: <aa9991030812160937n296230dag8aa17db1b96d0293@mail.gmail.com>

On Tue, Dec 16, 2008 at 10:37 AM, maddaemon at gmail.com
<maddaemon at gmail.com>wrote:

> On Mon, Dec 15, 2008 at 8:46 PM, Jan Schaumann <jschauma at netmeister.org>
> wrote:
> > "maddaemon at gmail.com" <maddaemon at gmail.com> wrote:
> >
> >> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
> >> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
> >
> > Split into timestamp, line and IP.  Use a hash:
> >
> > if $line matched "abc1234 tried logging in from"
> >        if ! $line_by_ts{$timestamp}
> >                $line_by_ts{$timestamp} = $ip
> >        else
> >                if $ip != $line_by_ts{$timestamp}
> >                        # dupe with different ip
> >                else
> >                        # dupe with same ip
> >                endif
> >        endif
> > endif
> >
> > awk or perl should do.
> >
> > -Jan
>
> That looks like it might work, except for the fact that there are a
> possible 300+ user IDs that might be in the list.  Is there a way in
> this line:
>
> if $line matched "abc1234 tried logging in from"
>
> to use a variable instead of "abc1234"?
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>


No, perl and awk only have limited text processing functions, it has to be
an official timestamp.

-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081216/187896d9/attachment.htm>

From maddaemon at gmail.com  Tue Dec 16 10:56:01 2008
From: maddaemon at gmail.com (maddaemon at gmail.com)
Date: Tue, 16 Dec 2008 10:56:01 -0500
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <7765c0380812152153v12bd2476q5cdc2c61b6829cff@mail.gmail.com>
References: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
	<7765c0380812152153v12bd2476q5cdc2c61b6829cff@mail.gmail.com>
Message-ID: <6c1774c50812160756y475ef831oeab5807494f125c4@mail.gmail.com>

On Tue, Dec 16, 2008 at 12:53 AM, Ray Lai <nycbug at cyth.net> wrote:
> On Tue, Dec 16, 2008 at 6:48 PM, maddaemon at gmail.com
> <maddaemon at gmail.com> wrote:
>> List,
>>
>> I'm hoping someone can help me with this...
>>
>> I'm trying to search for a pattern in a text file that contains login
>> info from a syslog and weed out entries that are duplicated with
>> differnt IP addresses.
>>
>> For example, here are 2 lines:
>>
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>
>> where 192.168.8.17 is the Windows DC, and the other is the IIP of the
>> webmail server.
>>
>> I need to remove the line that contains the DC _ONLY_WHEN_ there is a
>> duplicate entry (same timestamp) with another IP.  The text file
>> contains hundreds of other entries, and there are single entries where
>> the DC IP is the only entry.  Using the above examples, I need to
>> remove the first line and only retrieve the second line:
>>
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>
>> Does anyone know how to go about doing this?  I was going to try using
>> sed and compare the lines looking for the same timestamp + username +
>> IP1/IP2, but it gave me a headache when I tried to wrap my head around
>> the logic.
>
> Does "sort -unsk1,9" work? You'd have to split the files according to
> month, though.
>
> -Ray-
>

That cuts everything out and leaves 1 line (with the DC IP, which is
what I'm trying to get rid of):

md at madmartigan [~/scripts/report_temp]$ cat badpass.log | wc -l
      24
md at madmartigan [~/scripts/report_temp]$ cat badpass.log | sort -unsk1,9
Dec 16 01:00:57 - def3456 tried logging in from 192.168.8.3
md at madmartigan [~/scripts/report_temp]$

I'm doing this every day, so the day/month/year will always be a
constant for that particular day.

I guess what I'm trying to do could be described as finding "almost"
or "partial" duplicates..


From mspitzer at gmail.com  Tue Dec 16 13:40:47 2008
From: mspitzer at gmail.com (Marc Spitzer)
Date: Tue, 16 Dec 2008 13:40:47 -0500
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <6c1774c50812160756y475ef831oeab5807494f125c4@mail.gmail.com>
References: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
	<7765c0380812152153v12bd2476q5cdc2c61b6829cff@mail.gmail.com>
	<6c1774c50812160756y475ef831oeab5807494f125c4@mail.gmail.com>
Message-ID: <8c50a3c30812161040o5f51bf6drc50d5ef91f1f0546@mail.gmail.com>

On Tue, Dec 16, 2008 at 10:56 AM, maddaemon at gmail.com
<maddaemon at gmail.com> wrote:
> On Tue, Dec 16, 2008 at 12:53 AM, Ray Lai <nycbug at cyth.net> wrote:
>> On Tue, Dec 16, 2008 at 6:48 PM, maddaemon at gmail.com
>> <maddaemon at gmail.com> wrote:
>>> List,
>>>
>>> I'm hoping someone can help me with this...
>>>
>>> I'm trying to search for a pattern in a text file that contains login
>>> info from a syslog and weed out entries that are duplicated with
>>> differnt IP addresses.
>>>
>>> For example, here are 2 lines:
>>>
>>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
>>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>>
>>> where 192.168.8.17 is the Windows DC, and the other is the IIP of the
>>> webmail server.
>>>
>>> I need to remove the line that contains the DC _ONLY_WHEN_ there is a
>>> duplicate entry (same timestamp) with another IP.  The text file
>>> contains hundreds of other entries, and there are single entries where
>>> the DC IP is the only entry.  Using the above examples, I need to
>>> remove the first line and only retrieve the second line:
>>>
>>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>>
>>> Does anyone know how to go about doing this?  I was going to try using
>>> sed and compare the lines looking for the same timestamp + username +
>>> IP1/IP2, but it gave me a headache when I tried to wrap my head around
>>> the logic.
>>
>> Does "sort -unsk1,9" work? You'd have to split the files according to
>> month, though.
>>
>> -Ray-
>>
>
> That cuts everything out and leaves 1 line (with the DC IP, which is
> what I'm trying to get rid of):
>
> md at madmartigan [~/scripts/report_temp]$ cat badpass.log | wc -l
>      24
> md at madmartigan [~/scripts/report_temp]$ cat badpass.log | sort -unsk1,9
> Dec 16 01:00:57 - def3456 tried logging in from 192.168.8.3
> md at madmartigan [~/scripts/report_temp]$
>
> I'm doing this every day, so the day/month/year will always be a
> constant for that particular day.
>
> I guess what I'm trying to do could be described as finding "almost"
> or "partial" duplicates..

No code but some advice:

1: figure out how to specify you lines of interest in terms of a
regular expression, if possible.
2: from said RE pull out the pieces that you need to verify as uniq
and pass to a test function, concat interesting bits and use as a key
into a hash, ie if not seen as key in hash return true and set hash
else return false
3: in your main loop if you match your RE then check and print or skip
otherwise print

3->1->2 done.

The hardest part of this is specifying the RE, "exactly" what do I care about.

probably best to not do in shell.  perl, ruby or tcl etc. would be better.

back to work,

marc

-- 
Freedom is nothing but a chance to be better.
Albert Camus


From maddaemon at gmail.com  Tue Dec 16 16:31:54 2008
From: maddaemon at gmail.com (maddaemon at gmail.com)
Date: Tue, 16 Dec 2008 16:31:54 -0500
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <8c50a3c30812161040o5f51bf6drc50d5ef91f1f0546@mail.gmail.com>
References: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
	<7765c0380812152153v12bd2476q5cdc2c61b6829cff@mail.gmail.com>
	<6c1774c50812160756y475ef831oeab5807494f125c4@mail.gmail.com>
	<8c50a3c30812161040o5f51bf6drc50d5ef91f1f0546@mail.gmail.com>
Message-ID: <6c1774c50812161331g3eb4b91es5f76c953aec0be80@mail.gmail.com>

On Tue, Dec 16, 2008 at 1:40 PM, Marc Spitzer <mspitzer at gmail.com> wrote:
> On Tue, Dec 16, 2008 at 10:56 AM, maddaemon at gmail.com
> <maddaemon at gmail.com> wrote:
>> On Tue, Dec 16, 2008 at 12:53 AM, Ray Lai <nycbug at cyth.net> wrote:
>>> On Tue, Dec 16, 2008 at 6:48 PM, maddaemon at gmail.com
>>> <maddaemon at gmail.com> wrote:
>>>> List,
>>>>
>>>> I'm hoping someone can help me with this...
>>>>
>>>> I'm trying to search for a pattern in a text file that contains login
>>>> info from a syslog and weed out entries that are duplicated with
>>>> differnt IP addresses.
>>>>
>>>> For example, here are 2 lines:
>>>>
>>>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
>>>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>>>
>>>> where 192.168.8.17 is the Windows DC, and the other is the IIP of the
>>>> webmail server.
>>>>
>>>> I need to remove the line that contains the DC _ONLY_WHEN_ there is a
>>>> duplicate entry (same timestamp) with another IP.  The text file
>>>> contains hundreds of other entries, and there are single entries where
>>>> the DC IP is the only entry.  Using the above examples, I need to
>>>> remove the first line and only retrieve the second line:
>>>>
>>>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>>>
>>>> Does anyone know how to go about doing this?  I was going to try using
>>>> sed and compare the lines looking for the same timestamp + username +
>>>> IP1/IP2, but it gave me a headache when I tried to wrap my head around
>>>> the logic.
>>>
>>> Does "sort -unsk1,9" work? You'd have to split the files according to
>>> month, though.
>>>
>>> -Ray-
>>>
>>
>> That cuts everything out and leaves 1 line (with the DC IP, which is
>> what I'm trying to get rid of):
>>
>> md at madmartigan [~/scripts/report_temp]$ cat badpass.log | wc -l
>>      24
>> md at madmartigan [~/scripts/report_temp]$ cat badpass.log | sort -unsk1,9
>> Dec 16 01:00:57 - def3456 tried logging in from 192.168.8.3
>> md at madmartigan [~/scripts/report_temp]$
>>
>> I'm doing this every day, so the day/month/year will always be a
>> constant for that particular day.
>>
>> I guess what I'm trying to do could be described as finding "almost"
>> or "partial" duplicates..
>
> No code but some advice:
>
> 1: figure out how to specify you lines of interest in terms of a
> regular expression, if possible.

What's making this a challenge is the fact that I'm comparing 2 lines,
with no reference (i.e. line 2 and 3, or 4 and 5) because they're
dynamic.  If it was 1 line, or 2 static lines, it wouldn't be an issue
for me.

> 2: from said RE pull out the pieces that you need to verify as uniq
> and pass to a test function, concat interesting bits and use as a key
> into a hash, ie if not seen as key in hash return true and set hash
> else return false

You lost me after uniq ...

> 3: in your main loop if you match your RE then check and print or skip
> otherwise print
>
> 3->1->2 done.
>
> The hardest part of this is specifying the RE, "exactly" what do I care about.

The timestamp, UID, and IP

> probably best to not do in shell.  perl, ruby or tcl etc. would be better.

If I knew those, I'd be set :)

> back to work,
>
> marc


From okan at demirmen.com  Tue Dec 16 16:45:16 2008
From: okan at demirmen.com (Okan Demirmen)
Date: Tue, 16 Dec 2008 16:45:16 -0500
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
References: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
Message-ID: <20081216214516.GB18129@clam.khaoz.org>

On Mon 2008.12.15 at 18:49 -0500, maddaemon at gmail.com wrote:
> List,
> 
> I'm hoping someone can help me with this...
> 
> I'm trying to search for a pattern in a text file that contains login
> info from a syslog and weed out entries that are duplicated with
> differnt IP addresses.
> 
> For example, here are 2 lines:
> 
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
> 
> where 192.168.8.17 is the Windows DC, and the other is the IIP of the
> webmail server.
> 
> I need to remove the line that contains the DC _ONLY_WHEN_ there is a
> duplicate entry (same timestamp) with another IP.  The text file
> contains hundreds of other entries, and there are single entries where
> the DC IP is the only entry.  Using the above examples, I need to
> remove the first line and only retrieve the second line:
> 
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
> 
> Does anyone know how to go about doing this?  I was going to try using
> sed and compare the lines looking for the same timestamp + username +
> IP1/IP2, but it gave me a headache when I tried to wrap my head around
> the logic.

you need context - see http://www.estpak.ee/~risto/sec/


From ike at lesmuug.org  Tue Dec 16 19:10:47 2008
From: ike at lesmuug.org (Isaac Levy)
Date: Tue, 16 Dec 2008 19:10:47 -0500
Subject: [nycbug-talk] OpenBSD 4.4 bad checksum?
Message-ID: <4997889F-8C62-4E8D-A681-D0C68CB6021A@lesmuug.org>

Hey All,

For the OpenBSD folks here- whom do I report a bad checksum to?

My download of this ISO from a mirror, I believe, is giving me the  
wrong md5 checksum:
http://mirrors.24-7-solutions.net/pub/OpenBSD/4.4/i386/install44.iso

$ cat MD5 | grep install44
MD5 (install44.iso) = 6bff6dd0f2a703e5f99a82ed3e120b6c
$ openssl md5 install44.iso
MD5(install44.iso)= f3ad84cdde68754d6ac03ccce862165b

I downloaded from another mirror and the checksum looks great.

I looked around at the mirror's site, (24-7-solutions.net) and I'm not  
sure who to contact...

Thanks in advance folks!

Rocket-
.ike




From ike at lesmuug.org  Tue Dec 16 20:05:14 2008
From: ike at lesmuug.org (Isaac Levy)
Date: Tue, 16 Dec 2008 20:05:14 -0500
Subject: [nycbug-talk] OpenBSD 4.4 bad checksum?
In-Reply-To: <4997889F-8C62-4E8D-A681-D0C68CB6021A@lesmuug.org>
References: <4997889F-8C62-4E8D-A681-D0C68CB6021A@lesmuug.org>
Message-ID: <C3FDDCEC-E00C-46CC-BDEA-698FFD00876B@lesmuug.org>

Hi All,

Again, a *different* incorrect checksum for the same file, same mirror:

On Dec 16, 2008, at 7:10 PM, Isaac Levy wrote:

> Hey All,
>
> For the OpenBSD folks here- whom do I report a bad checksum to?
>
> My download of this ISO from a mirror, I believe, is giving me the
> wrong md5 checksum:


The ISO:
> http://mirrors.24-7-solutions.net/pub/OpenBSD/4.4/i386/install44.iso

MD5 list (from mirror servers):
> $ cat MD5 | grep install44
> MD5 (install44.iso) = 6bff6dd0f2a703e5f99a82ed3e120b6c


INCORRECT first download:
> $ openssl md5 install44.iso
> MD5(install44.iso)= f3ad84cdde68754d6ac03ccce862165b

INCORRECT DIFFERENT second download (same server):
$ openssl md5 install44.iso
MD5(install44.iso)= 48410b38aaac72727fb950bae37a94e8

--
 From another mirror, CORRECT checksum:
$ openssl md5 install44.iso
MD5(install44.iso)= 6bff6dd0f2a703e5f99a82ed3e120b6c

>
>
> I downloaded from another mirror and the checksum looks great.
>
> I looked around at the mirror's site, (24-7-solutions.net) and I'm not
> sure who to contact...
>
> Thanks in advance folks!
>
> Rocket-
> .ike

Rocket-
.ike




From mspitzer at gmail.com  Tue Dec 16 23:50:17 2008
From: mspitzer at gmail.com (Marc Spitzer)
Date: Tue, 16 Dec 2008 23:50:17 -0500
Subject: [nycbug-talk] off topic, its not what you think
Message-ID: <8c50a3c30812162050h2c0516b0ged230bdd2f88f34@mail.gmail.com>

http://fuckyoupenguin.blogspot.com/


-- 
Freedom is nothing but a chance to be better.
Albert Camus


From nycbug at cyth.net  Wed Dec 17 01:33:29 2008
From: nycbug at cyth.net (Ray Lai)
Date: Wed, 17 Dec 2008 01:33:29 -0500
Subject: [nycbug-talk] OpenBSD 4.4 bad checksum?
In-Reply-To: <4997889F-8C62-4E8D-A681-D0C68CB6021A@lesmuug.org>
References: <4997889F-8C62-4E8D-A681-D0C68CB6021A@lesmuug.org>
Message-ID: <7765c0380812162233t6994ccbdtd33403e0687c4617@mail.gmail.com>

On Tue, Dec 16, 2008 at 7:10 PM, Isaac Levy <ike at lesmuug.org> wrote:
> Hey All,
>
> For the OpenBSD folks here- whom do I report a bad checksum to?
>
> My download of this ISO from a mirror, I believe, is giving me the
> wrong md5 checksum:
> http://mirrors.24-7-solutions.net/pub/OpenBSD/4.4/i386/install44.iso
>
> $ cat MD5 | grep install44
> MD5 (install44.iso) = 6bff6dd0f2a703e5f99a82ed3e120b6c
> $ openssl md5 install44.iso
> MD5(install44.iso)= f3ad84cdde68754d6ac03ccce862165b
>
> I downloaded from another mirror and the checksum looks great.
>
> I looked around at the mirror's site, (24-7-solutions.net) and I'm not
> sure who to contact...
>
> Thanks in advance folks!
>
> Rocket-
> .ike
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

mirror at 24-7-solutions.net according to cvsweb:

http://www.openbsd.org/cgi-bin/cvsweb/www/build/mirrors.dat.diff?r1=1.134;r2=1.135;f=h


From ike at lesmuug.org  Wed Dec 17 01:45:29 2008
From: ike at lesmuug.org (Isaac Levy)
Date: Wed, 17 Dec 2008 01:45:29 -0500
Subject: [nycbug-talk] OpenBSD 4.4 bad checksum?
In-Reply-To: <7765c0380812162233t6994ccbdtd33403e0687c4617@mail.gmail.com>
References: <4997889F-8C62-4E8D-A681-D0C68CB6021A@lesmuug.org>
	<7765c0380812162233t6994ccbdtd33403e0687c4617@mail.gmail.com>
Message-ID: <46BEFD76-EAC0-404C-9A10-116E3D1B4556@lesmuug.org>

On Dec 17, 2008, at 1:33 AM, Ray Lai wrote:

> On Tue, Dec 16, 2008 at 7:10 PM, Isaac Levy <ike at lesmuug.org> wrote:
>> Hey All,
>>
>> For the OpenBSD folks here- whom do I report a bad checksum to?
>>
>> My download of this ISO from a mirror, I believe, is giving me the
>> wrong md5 checksum:
>> http://mirrors.24-7-solutions.net/pub/OpenBSD/4.4/i386/install44.iso
>>
>> $ cat MD5 | grep install44
>> MD5 (install44.iso) = 6bff6dd0f2a703e5f99a82ed3e120b6c
>> $ openssl md5 install44.iso
>> MD5(install44.iso)= f3ad84cdde68754d6ac03ccce862165b
>>
>> I downloaded from another mirror and the checksum looks great.
>>
>> I looked around at the mirror's site, (24-7-solutions.net) and I'm  
>> not
>> sure who to contact...
>>
>> Thanks in advance folks!
>>
>> Rocket-
>> .ike
>>
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>>
>
> mirror at 24-7-solutions.net according to cvsweb:

Cool, thanks, but before I shoot them an email,

>
>
> http://www.openbsd.org/cgi-bin/cvsweb/www/build/mirrors.dat.diff?r1=1.134;r2=1.135;f=h

can you explain this quick to me?

Rocket-
.ike




From nycbug at cyth.net  Wed Dec 17 01:53:20 2008
From: nycbug at cyth.net (Ray Lai)
Date: Wed, 17 Dec 2008 01:53:20 -0500
Subject: [nycbug-talk] OpenBSD 4.4 bad checksum?
In-Reply-To: <46BEFD76-EAC0-404C-9A10-116E3D1B4556@lesmuug.org>
References: <4997889F-8C62-4E8D-A681-D0C68CB6021A@lesmuug.org>
	<7765c0380812162233t6994ccbdtd33403e0687c4617@mail.gmail.com>
	<46BEFD76-EAC0-404C-9A10-116E3D1B4556@lesmuug.org>
Message-ID: <7765c0380812162253qd62d3a4r4957515013b775be@mail.gmail.com>

On Wed, Dec 17, 2008 at 1:45 AM, Isaac Levy <ike at lesmuug.org> wrote:
> On Dec 17, 2008, at 1:33 AM, Ray Lai wrote:
>
>> On Tue, Dec 16, 2008 at 7:10 PM, Isaac Levy <ike at lesmuug.org> wrote:
>>>
>>> Hey All,
>>>
>>> For the OpenBSD folks here- whom do I report a bad checksum to?
>>>
>>> My download of this ISO from a mirror, I believe, is giving me the
>>> wrong md5 checksum:
>>> http://mirrors.24-7-solutions.net/pub/OpenBSD/4.4/i386/install44.iso
>>>
>>> $ cat MD5 | grep install44
>>> MD5 (install44.iso) = 6bff6dd0f2a703e5f99a82ed3e120b6c
>>> $ openssl md5 install44.iso
>>> MD5(install44.iso)= f3ad84cdde68754d6ac03ccce862165b
>>>
>>> I downloaded from another mirror and the checksum looks great.
>>>
>>> I looked around at the mirror's site, (24-7-solutions.net) and I'm not
>>> sure who to contact...
>>>
>>> Thanks in advance folks!
>>>
>>> Rocket-
>>> .ike
>>>
>>>
>>> _______________________________________________
>>> talk mailing list
>>> talk at lists.nycbug.org
>>> http://lists.nycbug.org/mailman/listinfo/talk
>>>
>>
>> mirror at 24-7-solutions.net according to cvsweb:
>
> Cool, thanks, but before I shoot them an email,
>
>>
>>
>>
>> http://www.openbsd.org/cgi-bin/cvsweb/www/build/mirrors.dat.diff?r1=1.134;r2=1.135;f=h
>
> can you explain this quick to me?

I tracked down the change to ftp.html using cvs annotate that last
touched ftp.html, to see if maybe the commit log included some contact
info. I discovered it was generated by build/mirrors.dat, so I looked
at the commit that was made at the same time ftp.html was regenerated
(May 30, 2008), which pointed me to the diff I saw. At that time I
realized that mirrors.dat actually contains the mirror maintainer's
e-mail.

Long story short, you can find the mirror maintainer's e-mail at
build/mirrors.dat.

-Ray-


From ike at lesmuug.org  Wed Dec 17 01:57:47 2008
From: ike at lesmuug.org (Isaac Levy)
Date: Wed, 17 Dec 2008 01:57:47 -0500
Subject: [nycbug-talk] OpenBSD 4.4 bad checksum?
In-Reply-To: <7765c0380812162253qd62d3a4r4957515013b775be@mail.gmail.com>
References: <4997889F-8C62-4E8D-A681-D0C68CB6021A@lesmuug.org>
	<7765c0380812162233t6994ccbdtd33403e0687c4617@mail.gmail.com>
	<46BEFD76-EAC0-404C-9A10-116E3D1B4556@lesmuug.org>
	<7765c0380812162253qd62d3a4r4957515013b775be@mail.gmail.com>
Message-ID: <875EB1CE-5E50-4BB2-A4F5-BC769E205BA0@lesmuug.org>

On Dec 17, 2008, at 1:53 AM, Ray Lai wrote:

> On Wed, Dec 17, 2008 at 1:45 AM, Isaac Levy <ike at lesmuug.org> wrote:
>> On Dec 17, 2008, at 1:33 AM, Ray Lai wrote:
>>
>>> On Tue, Dec 16, 2008 at 7:10 PM, Isaac Levy <ike at lesmuug.org> wrote:
>>>>
>>>> Hey All,
>>>>
>>>> For the OpenBSD folks here- whom do I report a bad checksum to?
>>>>
>>>> My download of this ISO from a mirror, I believe, is giving me the
>>>> wrong md5 checksum:
>>>> http://mirrors.24-7-solutions.net/pub/OpenBSD/4.4/i386/ 
>>>> install44.iso
>>>>
>>>> $ cat MD5 | grep install44
>>>> MD5 (install44.iso) = 6bff6dd0f2a703e5f99a82ed3e120b6c
>>>> $ openssl md5 install44.iso
>>>> MD5(install44.iso)= f3ad84cdde68754d6ac03ccce862165b
>>>>
>>>> I downloaded from another mirror and the checksum looks great.
>>>>
>>>> I looked around at the mirror's site, (24-7-solutions.net) and  
>>>> I'm not
>>>> sure who to contact...
>>>>
>>>> Thanks in advance folks!
>>>>
>>>> Rocket-
>>>> .ike
>>>>
>>>>
>>>> _______________________________________________
>>>> talk mailing list
>>>> talk at lists.nycbug.org
>>>> http://lists.nycbug.org/mailman/listinfo/talk
>>>>
>>>
>>> mirror at 24-7-solutions.net according to cvsweb:
>>
>> Cool, thanks, but before I shoot them an email,
>>
>>>
>>>
>>>
>>> http://www.openbsd.org/cgi-bin/cvsweb/www/build/mirrors.dat.diff?r1=1.134;r2=1.135;f=h
>>
>> can you explain this quick to me?
>
> I tracked down the change to ftp.html using cvs annotate that last
> touched ftp.html, to see if maybe the commit log included some contact
> info. I discovered it was generated by build/mirrors.dat, so I looked
> at the commit that was made at the same time ftp.html was regenerated
> (May 30, 2008), which pointed me to the diff I saw. At that time I
> realized that mirrors.dat actually contains the mirror maintainer's
> e-mail.
>
> Long story short, you can find the mirror maintainer's e-mail at
> build/mirrors.dat.
>
> -Ray-

Excellent- thanks Ray!

Rocket-
.ike




From robin.polak at gmail.com  Wed Dec 17 10:52:04 2008
From: robin.polak at gmail.com (Robin Polak)
Date: Wed, 17 Dec 2008 10:52:04 -0500
Subject: [nycbug-talk] off topic, its not what you think
In-Reply-To: <8c50a3c30812162050h2c0516b0ged230bdd2f88f34@mail.gmail.com>
References: <8c50a3c30812162050h2c0516b0ged230bdd2f88f34@mail.gmail.com>
Message-ID: <551868240812170752h6c479229m94013b1f9ce51059@mail.gmail.com>

OMG, This blog is is seriously the most entering material I have read in a
long time.

On Tue, Dec 16, 2008 at 23:50, Marc Spitzer <mspitzer at gmail.com> wrote:

> http://fuckyoupenguin.blogspot.com/
>
>
> --
> Freedom is nothing but a chance to be better.
> Albert Camus
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>



-- 
Robin Polak
E-Mail: robin.polak at gmail.com
V. 917-494-2080
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081217/14b7f411/attachment.htm>

From george at ceetonetechnology.com  Wed Dec 17 11:11:44 2008
From: george at ceetonetechnology.com (George Rosamond)
Date: Wed, 17 Dec 2008 11:11:44 -0500
Subject: [nycbug-talk] Sahana software
Message-ID: <494924C0.10703@ceetonetechnology.com>

Anyone on this list heard of Sahana (.lk)?

It's a Sri Lankan-originated disaster recovery coordination software 
prompted by the 2005 tsunami.  PHP/MySQL. . . LGPL-licensed.

Met some of the developers last week. . .

Was removed a while back from FBSD ports. . .

g


From chsnyder at gmail.com  Wed Dec 17 13:01:42 2008
From: chsnyder at gmail.com (csnyder)
Date: Wed, 17 Dec 2008 13:01:42 -0500
Subject: [nycbug-talk] off topic, its not what you think
In-Reply-To: <8c50a3c30812162050h2c0516b0ged230bdd2f88f34@mail.gmail.com>
References: <8c50a3c30812162050h2c0516b0ged230bdd2f88f34@mail.gmail.com>
Message-ID: <b76252690812171001y21022496m123ef5be7dab5edb@mail.gmail.com>

On Tue, Dec 16, 2008 at 11:50 PM, Marc Spitzer <mspitzer at gmail.com> wrote:
> http://fuckyoupenguin.blogspot.com/
>

Hey, thanks. I'm going to start using those as cms test posts, instead
of lorem ipsum or random Wikipedia articles.


From skreuzer at exit2shell.com  Wed Dec 17 11:43:58 2008
From: skreuzer at exit2shell.com (Steven Kreuzer)
Date: Wed, 17 Dec 2008 11:43:58 -0500
Subject: [nycbug-talk] Sahana software
In-Reply-To: <494924C0.10703@ceetonetechnology.com>
References: <494924C0.10703@ceetonetechnology.com>
Message-ID: <612292B8-3F7D-468A-BCF2-A922549C8F26@exit2shell.com>


On Dec 17, 2008, at 11:11 AM, George Rosamond wrote:

> Anyone on this list heard of Sahana (.lk)?
>
> It's a Sri Lankan-originated disaster recovery coordination software
> prompted by the 2005 tsunami.  PHP/MySQL. . . LGPL-licensed.
>
> Met some of the developers last week. . .
>
> Was removed a while back from FBSD ports. . .
>

Looks like it was removed from the ports because it has conflicting  
dependancies,
requiring modules that either used php4 and php5.

Since the maintainer never bothered to correct the port it was marked  
for deletion.

If someone was interested in fixing the issues, it can be added back  
into the ports
tree.

--
Steven Kreuzer
http://www.exit2shell.com/~skreuzer



From jkeen at verizon.net  Wed Dec 17 22:16:06 2008
From: jkeen at verizon.net (James E Keenan)
Date: Wed, 17 Dec 2008 22:16:06 -0500
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <mailman.3.1229446806.17719.talk@lists.nycbug.org>
References: <mailman.3.1229446806.17719.talk@lists.nycbug.org>
Message-ID: <48AC10A3-60AA-4184-A6EF-1C38B0551668@verizon.net>

>
>
> For example, here are 2 lines:
>
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>
> where 192.168.8.17 is the Windows DC, and the other is the IIP of the
> webmail server.
>
> I need to remove the line that contains the DC _ONLY_WHEN_ there is a
> duplicate entry (same timestamp) with another IP.  The text file
> contains hundreds of other entries, and there are single entries where
> the DC IP is the only entry.  Using the above examples, I need to
> remove the first line and only retrieve the second line:
>
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>
>

Perhaps this:

#!/usr/bin/perl
use strict;
use warnings;

my @last = ( '', '', '' );
my @this;
my $pattern = qr/^
     ([a-zA-Z]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) # date string
     \s-\s
     (\w+)                                   # username
     .*?
     (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})    # IP address
     $/x;

while (my $firstline = <DATA>) {
     if ($firstline =~ /$pattern/) {
         @last = ( $1, $2, $3 );
         last;
     }
}

while (my $l = <DATA>) {
     if ($l =~ /$pattern/) {
         @this = ( $1, $2, $3 );
         if ( $this[0] eq $last[0] and $this[1] eq $last[1] ) {
             $last[2] = $this[2];
         } else {
             print ( ( join '|' => @last ), "\n" );
             @last = @this;
         }
     }
}
print ( ( join '|' => @last ), "\n" );

__DATA__
Dec 15 05:15:33 - abc1234 tried logging in from 192.168.8.17
Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
Dec 15 05:16:03 - xyz1ahj tried logging in from 192.168.18.43
Dec 15 05:16:03 - xyz1ahj tried logging in from 192.168.15.220
Dec 15 05:16:05 - xyz1ahj tried logging in from 192.168.15.220
Dec 15 05:16:05 - xyz1ahj tried logging in from 192.168.15.221
Dec 15 05:16:05 - xyz1ahj tried logging in from 192.168.15.79
Dec 15 05:16:07 - vig1234 tried logging in from 192.168.15.79



From lists at stringsutils.com  Thu Dec 18 10:10:35 2008
From: lists at stringsutils.com (Francisco Reyes)
Date: Thu, 18 Dec 2008 10:10:35 -0500
Subject: [nycbug-talk] Text parsing question
References: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
Message-ID: <cone.1229613035.874185.4925.1000@shelca>

maddaemon at gmail.com writes:

> I need to remove the line that contains the DC _ONLY_WHEN_ there is a
> duplicate entry (same timestamp) with another IP.  The text file
> contains hundreds of other entries, and there are single entries where

If python is acceptable....
Test data
Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
Dec 15 06:15:56 - abc1234 tried logging in from 192.168.18.14
Dec 15 06:15:56 - abc1234 tried logging in from 192.168.8.17
Dec 15 07:15:56 - abc1234 tried logging in from 192.168.18.15
Dec 15 08:15:56 - abc1234 tried logging in from 192.168.8.17

Program
#!/usr/bin/python
import sys

line=sys.stdin.readline()
while True:
	if not line:
		break
	items = line.split()

	CurrentTimeStamp=items[0]+" "+items[1]+" "+items[2]
	TimeStamp=CurrentTimeStamp
	PrintIP=""
	while CurrentTimeStamp==TimeStamp:
		IP=items[9]
		if PrintIP=="" or PrintIP=="192.168.8.17":
			PrintIP=IP
		line=sys.stdin.readline()
		if not line:
			break
		items = line.split()
		TimeStamp=items[0]+" "+items[1]+" "+items[2]
	
	print CurrentTimeStamp+" "+PrintIP

Output
Dec 15 05:15:56 192.168.18.13
Dec 15 06:15:56 192.168.18.14
Dec 15 07:15:56 192.168.18.15
Dec 15 08:15:56 192.168.8.17


Should not be difficult to convert to another language.
In case the email trashes the spacing..
http://public.natserv.net/test.py
http://public.natserv.net/test.txt

Hope this is what you were looking for.


From maddaemon at gmail.com  Thu Dec 18 11:19:09 2008
From: maddaemon at gmail.com (maddaemon at gmail.com)
Date: Thu, 18 Dec 2008 11:19:09 -0500
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <20081216214516.GB18129@clam.khaoz.org>
References: <6c1774c50812151549q61d69efer804b47acd06246e0@mail.gmail.com>
	<20081216214516.GB18129@clam.khaoz.org>
Message-ID: <6c1774c50812180819se5be2bck771062fc7722553a@mail.gmail.com>

On Tue, Dec 16, 2008 at 4:45 PM, Okan Demirmen <okan at demirmen.com> wrote:
> On Mon 2008.12.15 at 18:49 -0500, maddaemon at gmail.com wrote:
>> List,
>>
>> I'm hoping someone can help me with this...
>>
>> I'm trying to search for a pattern in a text file that contains login
>> info from a syslog and weed out entries that are duplicated with
>> differnt IP addresses.
>>
>> For example, here are 2 lines:
>>
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>
>> where 192.168.8.17 is the Windows DC, and the other is the IIP of the
>> webmail server.
>>
>> I need to remove the line that contains the DC _ONLY_WHEN_ there is a
>> duplicate entry (same timestamp) with another IP.  The text file
>> contains hundreds of other entries, and there are single entries where
>> the DC IP is the only entry.  Using the above examples, I need to
>> remove the first line and only retrieve the second line:
>>
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>
>> Does anyone know how to go about doing this?  I was going to try using
>> sed and compare the lines looking for the same timestamp + username +
>> IP1/IP2, but it gave me a headache when I tried to wrap my head around
>> the logic.
>
> you need context - see http://www.estpak.ee/~risto/sec/

I've checked out SEC for other things, but I'm actually using
OSSEC-HIDS for the real-time alerting, and it's awesome for that.
This is for the daily report that gets generated every morning on the
previous days' syslog data, containing such things as new user
accounts created, accounts deleted, locked out accounts, and so on.
The problem started when we added 2 servers running a new Windows O/S
that use different Windows EventIDs for a failed login attempt.  Since
adding that part, I'm getting numerous duplicates because logging into
webmail produces 2 entries - the webmail server IP (or another service
such as that) and the DC IP.  I'm only interested in the originating
IP for the report.


From slynch2112 at me.com  Thu Dec 18 10:20:49 2008
From: slynch2112 at me.com (Siobhan Lynch)
Date: Thu, 18 Dec 2008 10:20:49 -0500
Subject: [nycbug-talk] PostgreSQL help?
Message-ID: <07220F84-F35D-4B2A-89B5-A2738CD5AAED@me.com>

Does anyone here know anyone good with postgresql that I can ask a few  
questions, or possibly even hire to help us with some maintenance. I  
need the person to be fairly advanced with pgsql. -Trish


From alex at pilosoft.com  Thu Dec 18 18:46:53 2008
From: alex at pilosoft.com (Alex Pilosov)
Date: Thu, 18 Dec 2008 18:46:53 -0500 (EST)
Subject: [nycbug-talk] freebsd and gpt
In-Reply-To: <oqabbm9udd.fsf@castrovalva.Ivy.NET>
Message-ID: <Pine.LNX.4.44.0812181844080.7972-100000@bawx.pilosoft.com>

*stab* *stab* 

Freebsd sysinstall doesn't support GPT? Freebsd loader in 7.0 doesn't 
support booting off GPT partition?

How the *(@#(*@(*#&*#$ are you supposed to use disks that are >2TB in 
size?!

I know the answer: try to install it as MBR partitioning, hotwire it into 
GPT partitioning scheme, hopefully not breaking MBR-based loader, and 
cross your fingers. 


die freebsd die already.

-alex



From ike at lesmuug.org  Thu Dec 18 20:09:46 2008
From: ike at lesmuug.org (Isaac Levy)
Date: Thu, 18 Dec 2008 20:09:46 -0500
Subject: [nycbug-talk] freebsd and gpt
In-Reply-To: <Pine.LNX.4.44.0812181844080.7972-100000@bawx.pilosoft.com>
References: <Pine.LNX.4.44.0812181844080.7972-100000@bawx.pilosoft.com>
Message-ID: <1C81A77E-3D62-46BF-815A-E819EA960DE1@lesmuug.org>

On Dec 18, 2008, at 6:46 PM, Alex Pilosov wrote:

> *stab* *stab*

*Watch it- you stabbed me in the shins Alex.*

>
>
> Freebsd sysinstall doesn't support GPT? Freebsd loader in 7.0 doesn't
> support booting off GPT partition?
>
> How the *(@#(*@(*#&*#$ are you supposed to use disks that are >2TB in
> size?!
>
> I know the answer: try to install it as MBR partitioning, hotwire it  
> into
> GPT partitioning scheme, hopefully not breaking MBR-based loader, and
> cross your fingers.

EFI uses GPT, BIOS uses a MBR.  GPT is somewhat new man... introduced  
with ia64, (I could be wrong here, but it's still relatively new)?

> die freebsd die already.
>
> -alex

And happy holidays to you too Alex!

Rocket-
.ike




From carton at Ivy.NET  Thu Dec 18 20:32:55 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Thu, 18 Dec 2008 20:32:55 -0500
Subject: [nycbug-talk] freebsd and gpt
In-Reply-To: <1C81A77E-3D62-46BF-815A-E819EA960DE1@lesmuug.org> (Isaac Levy's
	message of "Thu, 18 Dec 2008 20:09:46 -0500")
References: <Pine.LNX.4.44.0812181844080.7972-100000@bawx.pilosoft.com>
	<1C81A77E-3D62-46BF-815A-E819EA960DE1@lesmuug.org>
Message-ID: <oqiqphj6ew.fsf@castrovalva.Ivy.NET>

>>>>> "il" == Isaac Levy <ike at lesmuug.org> writes:

    il> EFI uses GPT, BIOS uses a MBR.

yeah solaris has the same problem and cannot boot off GPT-labeled
disks (on i386 or sparc).

though I wouldn't be surprised if Linux found some way to make it
work.

There was one report of nVidia RAID BIOS that would hang at startup if
exposed to a GPT label (solaris people tend to call them ``EFI
labels'' because some of their format tools use that stupid name):

 http://www.opensolaris.org/jive/thread.jspa?messageID=18211
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081218/6e806c27/attachment.bin>

From alex at pilosoft.com  Thu Dec 18 20:38:59 2008
From: alex at pilosoft.com (Alex Pilosov)
Date: Thu, 18 Dec 2008 20:38:59 -0500 (EST)
Subject: [nycbug-talk] freebsd and gpt
In-Reply-To: <oqiqphj6ew.fsf@castrovalva.Ivy.NET>
Message-ID: <Pine.LNX.4.44.0812182037100.7972-100000@bawx.pilosoft.com>

On Thu, 18 Dec 2008, Miles Nordin wrote:

> >>>>> "il" == Isaac Levy <ike at lesmuug.org> writes:
> 
>     il> EFI uses GPT, BIOS uses a MBR.
> 
> yeah solaris has the same problem and cannot boot off GPT-labeled
> disks (on i386 or sparc).
> 
> though I wouldn't be surprised if Linux found some way to make it work.
it just works, actually, on centos. on debian, you kinda need to do a
dance to get it to work. but it does work.


-alex



From george at ceetonetechnology.com  Thu Dec 18 20:40:21 2008
From: george at ceetonetechnology.com (George Rosamond)
Date: Thu, 18 Dec 2008 20:40:21 -0500
Subject: [nycbug-talk] Sahana software
In-Reply-To: <612292B8-3F7D-468A-BCF2-A922549C8F26@exit2shell.com>
References: <494924C0.10703@ceetonetechnology.com>
	<612292B8-3F7D-468A-BCF2-A922549C8F26@exit2shell.com>
Message-ID: <494AFB85.7030909@ceetonetechnology.com>

Steven Kreuzer wrote:
> On Dec 17, 2008, at 11:11 AM, George Rosamond wrote:
> 
>> Anyone on this list heard of Sahana (.lk)?
>>
>> It's a Sri Lankan-originated disaster recovery coordination software
>> prompted by the 2005 tsunami.  PHP/MySQL. . . LGPL-licensed.
>>
>> Met some of the developers last week. . .
>>
>> Was removed a while back from FBSD ports. . .
>>
> 
> Looks like it was removed from the ports because it has conflicting  
> dependancies,
> requiring modules that either used php4 and php5.

Yeah. . . caught that.

> 
> Since the maintainer never bothered to correct the port it was marked  
> for deletion.
> 
> If someone was interested in fixing the issues, it can be added back  
> into the ports
> tree.
>

Hans and I attempted to install. . . a bit of a mess right now.

Maybe we'll see how it installs on a Linux.

We launched a mailing list about the app. . . since it's larger role is 
important, and it's certainly worth resurrecting a BSD port.

http://lists.nyphp.org/mailman/listinfo/sahana

George


From ike at lesmuug.org  Thu Dec 18 20:43:35 2008
From: ike at lesmuug.org (Isaac Levy)
Date: Thu, 18 Dec 2008 20:43:35 -0500
Subject: [nycbug-talk] freebsd and gpt
In-Reply-To: <Pine.LNX.4.44.0812182037100.7972-100000@bawx.pilosoft.com>
References: <Pine.LNX.4.44.0812182037100.7972-100000@bawx.pilosoft.com>
Message-ID: <AA04F6F0-F9F6-462B-8D0D-7799829EDB3D@lesmuug.org>

On Dec 18, 2008, at 8:38 PM, Alex Pilosov wrote:

> on debian, you kinda need to do a dance to get it to work.


Oy- I'm downloading the ISO now- I truly miss good-ol' MKLinux!

Rocket-
.ike




From andy.kosela at gmail.com  Fri Dec 19 02:06:30 2008
From: andy.kosela at gmail.com (Andy Kosela)
Date: Fri, 19 Dec 2008 08:06:30 +0100
Subject: [nycbug-talk] freebsd and gpt
In-Reply-To: <Pine.LNX.4.44.0812181844080.7972-100000@bawx.pilosoft.com>
References: <oqabbm9udd.fsf@castrovalva.Ivy.NET>
	<Pine.LNX.4.44.0812181844080.7972-100000@bawx.pilosoft.com>
Message-ID: <3cc535c80812182306v751eb956secba7794a43d9e1c@mail.gmail.com>

On Fri, Dec 19, 2008 at 12:46 AM, Alex Pilosov <alex at pilosoft.com> wrote:
> Freebsd sysinstall doesn't support GPT? Freebsd loader in 7.0 doesn't
> support booting off GPT partition?

>From 6.4-RELEASE announcement:
- boot loader changes allow, among other things, booting from USB
devices and booting from GPT-labeled devices with GPT-enabled BIOSes.

So it seems FreeBSD *has* the ability to boot off GPT, although
personally I did not test it.

-- 
Andy Kosela
ora et labora


From ike at lesmuug.org  Fri Dec 19 10:14:24 2008
From: ike at lesmuug.org (Isaac Levy)
Date: Fri, 19 Dec 2008 10:14:24 -0500
Subject: [nycbug-talk] freebsd and gpt
In-Reply-To: <3cc535c80812182306v751eb956secba7794a43d9e1c@mail.gmail.com>
References: <oqabbm9udd.fsf@castrovalva.Ivy.NET>
	<Pine.LNX.4.44.0812181844080.7972-100000@bawx.pilosoft.com>
	<3cc535c80812182306v751eb956secba7794a43d9e1c@mail.gmail.com>
Message-ID: <D0DA3D0D-8A6A-4390-876A-27979501DC1A@lesmuug.org>

On Dec 19, 2008, at 2:06 AM, Andy Kosela wrote:

> On Fri, Dec 19, 2008 at 12:46 AM, Alex Pilosov <alex at pilosoft.com>  
> wrote:
>> Freebsd sysinstall doesn't support GPT? Freebsd loader in 7.0 doesn't
>> support booting off GPT partition?
>
>> From 6.4-RELEASE announcement:
> - boot loader changes allow, among other things, booting from USB
> devices and booting from GPT-labeled devices with GPT-enabled BIOSes.
>
> So it seems FreeBSD *has* the ability to boot off GPT, although
> personally I did not test it.

Yes- FreeBSD absolutely has the ability to boot off GPT.  However, the  
FreeBSD installer software, indeed does not yet recognize GPT.

I submitted a PR about it just now- it'll be up in the system soon if  
not yet,
http://www.freebsd.org/cgi/query-pr.cgi?pr=129762

This way someone will get around to fixing sysinstall, so newbies can  
install on harddrives larger than 2TB.  It'll hopefully (likely) get  
dealt with before > 2TB SATA drives hit the street...

--
Alex- while I know you like to stab, and I like to brawl with you ;)   
Wining about the problem however is a bit inane, (a UNIX veteran like  
yourself can deal with gpt(8) man page etc... and get it installed).   
Or even, you can use the MBR hack, (necessary for BIOS based machines!)

However, your problem is extremely valid- in 2 cases:
- if you are trying to install on a volume greater than 2TB
(currently not a task for newbies, or even most users)
- if you have a machine with GPT already installed via Linux or other OS

--
(Dreamy mumble- BTW what the heck am I doing here?  Rewarding the  
*stabs* with a PR?  Should I run a box of holiday cookies by Pilosoft  
this AM to boot?  /me slaps self)  Alex: no need to stab so rude when  
posting, please.

Rocket-
.ike




From carton at Ivy.NET  Fri Dec 19 11:38:43 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Fri, 19 Dec 2008 11:38:43 -0500
Subject: [nycbug-talk] freebsd and gpt
In-Reply-To: <D0DA3D0D-8A6A-4390-876A-27979501DC1A@lesmuug.org> (Isaac Levy's
	message of "Fri, 19 Dec 2008 10:14:24 -0500")
References: <oqabbm9udd.fsf@castrovalva.Ivy.NET>
	<Pine.LNX.4.44.0812181844080.7972-100000@bawx.pilosoft.com>
	<3cc535c80812182306v751eb956secba7794a43d9e1c@mail.gmail.com>
	<D0DA3D0D-8A6A-4390-876A-27979501DC1A@lesmuug.org>
Message-ID: <oq63lgjf1o.fsf@castrovalva.Ivy.NET>

>>>>> "il" == Isaac Levy <ike at lesmuug.org> writes:

    il> - if you are trying to install on a volume greater than 2TB
    il> (currently not a task for newbies, or even most users)

maybe CentOS is more worried about this than freebsd because they also
support LVM2 in their installer (<pssssss>, oh that's gotta _hurt_!),
so it's quite reasonable to have a volume bigger than 2TB, while on
FreeBSD geom must be used from the command line.

Also CentOS have many stable filesystems for volumes that big, while
in FreeBSD the stable filesystem is FFS2+softdep which still has to
fsck (albeit in the background) after unclean shutdown, and fsck is
O(n^2) so it might work but it's certainly not ideal on such a large
volume.  Anyone run a 2TB FFS+softdep volume?  ZFS scrub is O(n) but
ZFS is not stable.  :p

    il> - if you have a machine with GPT already installed via Linux
    il> or other OS

-or-

        - if, before committing to your platform, you want to know if
          the stable branch keeps up-to-date with market conditions,
          because you want to use it for actual work other than
          recompiling itself without wasting huge amounts of time on
          it.

The huge waste of time tracking down the right versions of tiny
packages and reading HOWTO's for working around unfixed problems is
what drove me from Linux to BSD in the first place.  It's not a newbie
issue.  

I do agree with Ike that Linux people have always come to BSD and
complain about the installer, because Linux is overfocused on
installers.  Isn't the CentOS installer is an X11 app?!  More than
half the time I don't even use the BSD installer---I boot an
NFS-rooted system and use pax to install, Gentoo-style.  I'd much
rather have BSD's whole-system build script that delivers .tar.gz's
and .iso's than Linux's X11 installer.

but yeah I'm not sure gpt support in sysinst makes sense without some
geom wizard like CentOS's in there as well.  so long as booting is
supported in the _stable_ loader, not some prerelease HEAD garbage,
that doesn't increase my marginal worry for my last '-' point, but, is
it really?  or is the PR you filed to fix the broken loader?  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081219/5d787f50/attachment.bin>

From zippy1981 at gmail.com  Sun Dec 21 17:12:08 2008
From: zippy1981 at gmail.com (Justin Dearing)
Date: Sun, 21 Dec 2008 17:12:08 -0500
Subject: [nycbug-talk] Opinions on the Thinkpad W700 and soon to be released
	W700ds
Message-ID: <5458db3c0812211412t4a13db4bt4e1deacde0902c46@mail.gmail.com>

Hey,
I really like the idea of a dual screen laptop, and lenovo's soon upcoming
W700ds might be worth shelling out for. I'd like some opinions first though.
I've been a Dell man for a long time and the last Thinkpad I owned was a
monochrome 386. I'm probably going to run multiple OSes on it. I'm thinking
vmware server running WindowsXP, maybe vista, ubuntu and FreeBSD or PCBSD as
the main three OSes. I wanted to ask some questions since I assume a few
people on this list run FreeBSD on the W700

1) Hows the wacom tablet? Has anyone used it on FreeBSD? Both as FreeBSD on
baremetal or FreeBSD on vmware server?

2) Hows hibernation/dock undock support (I guess this is a general Free BSD
question I've have not run freebsd on a laptop in years.)

3) Anything I should know in general about the W700 in terms of FreeBSD
support?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081221/da554474/attachment.htm>

From nycbug-list at 2xlp.com  Tue Dec 23 12:42:35 2008
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Tue, 23 Dec 2008 12:42:35 -0500
Subject: [nycbug-talk] router/firewall recommendation ?
Message-ID: <8BCAE704-B2E1-4CBB-B20E-0B8B815306FF@2xlp.com>

One of my firms is about to sublease some space in Manhattan from a  
friend's company.

We need to get our own bandwidth, which is fine.

However I'd like to set up something better than just a storebought  
router.

Right now there will just be 3-5 people running laptops via  
wireless.  We'll likely add an NFS device.

I haven't touched any of this stuff in a long time - hoping someone  
can offer advice/suggestions.

So my options right now are:
	- dd-wrt or similar
	- soekris / alix

But I haven't checked on those projects in forever.  Are they still  
viable ?  Are the setup times still 1day+ ?

Thanks!


From pete at nomadlogic.org  Tue Dec 23 13:52:09 2008
From: pete at nomadlogic.org (pete)
Date: Tue, 23 Dec 2008 13:52:09 -0500
Subject: [nycbug-talk] =?utf-8?q?router/firewall_recommendation_=3F?=
In-Reply-To: <8BCAE704-B2E1-4CBB-B20E-0B8B815306FF@2xlp.com>
References: <8BCAE704-B2E1-4CBB-B20E-0B8B815306FF@2xlp.com>
Message-ID: <ea03e137673291fd82483066cdaa3969@nomadlogic.org>

On Tue, 23 Dec 2008 12:42:35 -0500, Jonathan Vanasco <nycbug-list at 2xlp.com>
wrote:
> One of my firms is about to sublease some space in Manhattan from a  
> friend's company.
> 
> We need to get our own bandwidth, which is fine.
> 
> However I'd like to set up something better than just a storebought  
> router.
> 
> Right now there will just be 3-5 people running laptops via  
> wireless.  We'll likely add an NFS device.
> 
> I haven't touched any of this stuff in a long time - hoping someone  
> can offer advice/suggestions.
> 
> So my options right now are:
> 	- dd-wrt or similar
> 	- soekris / alix
> 

big fan of soekris + pfsense.  pfsense is quite easy to install on a
compact flash device (gunzip the package and output it to /dev/$cf_device).
 performance is acceptable for our office of ~10 people and ~30 computers. 
the only slowness i've seen is in accessing the webUI to monitor stuff,
throughput has been excellent.  it's been much better than the crappy
Linksys "router" we had when i started here.

-pete

-- 
Pete Wright
pete at nomadlogic.org
604.802.5059


From max at neuropunks.org  Tue Dec 23 13:54:40 2008
From: max at neuropunks.org (Max Gribov)
Date: Tue, 23 Dec 2008 13:54:40 -0500
Subject: [nycbug-talk] router/firewall recommendation ?
In-Reply-To: <8BCAE704-B2E1-4CBB-B20E-0B8B815306FF@2xlp.com>
References: <8BCAE704-B2E1-4CBB-B20E-0B8B815306FF@2xlp.com>
Message-ID: <495133F0.9030101@neuropunks.org>

Jonathan Vanasco wrote:
> I haven't touched any of this stuff in a long time - hoping someone  
>   
pfsense is very cool, takes about 30 mins to setup, has ability to 
ha-cluster, and will go on pretty much any hardware
you can get some pci wireless card for the wireless part, although 
personally i never tried to make a wifi router out of freebsd..

cisco 800's are cool too.
one cool thing about 800's is that you can use older ram (non-ddr) in them
http://www.newegg.com/Product/Product.aspx?Item=N82E16833120314


> can offer advice/suggestions.
>
> So my options right now are:
> 	- dd-wrt or similar
> 	- soekris / alix
>
> But I haven't checked on those projects in forever.  Are they still  
> viable ?  Are the setup times still 1day+ ?
>
> Thanks!
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>   



From dcolish at gmail.com  Tue Dec 23 14:13:15 2008
From: dcolish at gmail.com (Dan Colish)
Date: Tue, 23 Dec 2008 14:13:15 -0500
Subject: [nycbug-talk] router/firewall recommendation ?
In-Reply-To: <495133F0.9030101@neuropunks.org>
References: <8BCAE704-B2E1-4CBB-B20E-0B8B815306FF@2xlp.com>
	<495133F0.9030101@neuropunks.org>
Message-ID: <7c21e7d30812231113k12e85d5al95e1f6f1c2863156@mail.gmail.com>

Rather than run pfsense i'd recommend just straight openbsd. It will do all
the same stuff, since pf is from the openbsd project, but without a web gui.
I find it easier to configure and control.

On Tue, Dec 23, 2008 at 1:54 PM, Max Gribov <max at neuropunks.org> wrote:

> Jonathan Vanasco wrote:
> > I haven't touched any of this stuff in a long time - hoping someone
> >
> pfsense is very cool, takes about 30 mins to setup, has ability to
> ha-cluster, and will go on pretty much any hardware
> you can get some pci wireless card for the wireless part, although
> personally i never tried to make a wifi router out of freebsd..
>
> cisco 800's are cool too.
> one cool thing about 800's is that you can use older ram (non-ddr) in them
> http://www.newegg.com/Product/Product.aspx?Item=N82E16833120314
>
>
> > can offer advice/suggestions.
> >
> > So my options right now are:
> >       - dd-wrt or similar
> >       - soekris / alix
> >
> > But I haven't checked on those projects in forever.  Are they still
> > viable ?  Are the setup times still 1day+ ?
> >
> > Thanks!
> > _______________________________________________
> > talk mailing list
> > talk at lists.nycbug.org
> > http://lists.nycbug.org/mailman/listinfo/talk
> >
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081223/792e1c21/attachment.htm>

From trish at bsdunix.net  Tue Dec 23 14:39:37 2008
From: trish at bsdunix.net (Siobhan P. Lynch)
Date: Tue, 23 Dec 2008 14:39:37 -0500
Subject: [nycbug-talk] router/firewall recommendation ?
In-Reply-To: <7c21e7d30812231113k12e85d5al95e1f6f1c2863156@mail.gmail.com>
References: <8BCAE704-B2E1-4CBB-B20E-0B8B815306FF@2xlp.com>
	<495133F0.9030101@neuropunks.org>
	<7c21e7d30812231113k12e85d5al95e1f6f1c2863156@mail.gmail.com>
Message-ID: <8C356924-0B73-4FFE-873E-4CCA8DCE5A31@bsdunix.net>

If you go that direction, theres any one of the BSD's - Open and Free  
coming to mind, but Free, because you can use a combination of pf,  
ipfw, and ipf if need be to implement all kinds of wacky stuff *laugh*

-Trish


On Dec 23, 2008, at 2:13 PM, Dan Colish wrote:

> Rather than run pfsense i'd recommend just straight openbsd. It will  
> do all the same stuff, since pf is from the openbsd project, but  
> without a web gui. I find it easier to configure and control.
>
> On Tue, Dec 23, 2008 at 1:54 PM, Max Gribov <max at neuropunks.org>  
> wrote:
> Jonathan Vanasco wrote:
> > I haven't touched any of this stuff in a long time - hoping someone
> >
> pfsense is very cool, takes about 30 mins to setup, has ability to
> ha-cluster, and will go on pretty much any hardware
> you can get some pci wireless card for the wireless part, although
> personally i never tried to make a wifi router out of freebsd..
>
> cisco 800's are cool too.
> one cool thing about 800's is that you can use older ram (non-ddr)  
> in them
> http://www.newegg.com/Product/Product.aspx?Item=N82E16833120314
>
>
> > can offer advice/suggestions.
> >
> > So my options right now are:
> >       - dd-wrt or similar
> >       - soekris / alix
> >
> > But I haven't checked on those projects in forever.  Are they still
> > viable ?  Are the setup times still 1day+ ?
> >
> > Thanks!
> > _______________________________________________
> > talk mailing list
> > talk at lists.nycbug.org
> > http://lists.nycbug.org/mailman/listinfo/talk
> >
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081223/37f52535/attachment.htm>

From george at ceetonetechnology.com  Tue Dec 23 15:21:02 2008
From: george at ceetonetechnology.com (George Rosamond)
Date: Tue, 23 Dec 2008 15:21:02 -0500
Subject: [nycbug-talk] some Upcoming NYCBUG Events and BSDCons
Message-ID: <4951482E.5070101@ceetonetechnology.com>

It's five years ago this month that the New York City *BSD User Group
was initially organized.

The list of accomplishments is great, from fund-raising to NYCBSDCon,
and everyone involved has much to be proud of.

We have a number of meetings lined up for 2009, but are always looking
for more speakers and topics relevant to the *BSD projects.

On January 7th, Larry Ludwig will be speaking on Puppet, as a follow-up
to this past July's Cfengine meeting.

February 4th's meeting will be Victor Duchovni on Postfix performance
tuning.

And on March 4th we'll have Tom Limoncelli back for a discussion on Time
Management for sysadmins and developers.

*    *    *

The number of BSD-specific conferences has proliferated over the past
few years, and we welcome the addition of DCBSDCon, held merely a few
hours away by Chinatown bus in Washington, DC.

DCBSDCon (.org) will be held February 5th and 6th at the Ward Marriott,
bumping right into ShmooCon.

While the CFP closed December 1, registration is now open at
http://dcbsdcon.org/register.html.

AsiaBSDCon (.org) will be held March 12-19 in Tokyo, Japan.

Finally, BSDCan (.org), which immediately picked up the flag from the
previous BSDCons back in 2004, will be held May 8th and 9th in Ottawa,
Canada.  Two days of technical tutorials precede the conference.

Dozens of people from around New York have attended this conference over
the years.  Registration opens in March.

Most BSD conferences will be holding BSDA exams conducted by the BSD
Certification (.org) Group.

For anyone looking to travel to any of these conferences, we encourage
you to query the talk list for other travel companions.  Carpooling or
shared bus travel to DCBSDCon and BSDCan is encouraged.

*    *    *

On the last note, a big thanks to each and every participant in NYC*BUG
activities.  To another successful year!


From riegersteve at gmail.com  Tue Dec 23 15:27:26 2008
From: riegersteve at gmail.com (Steve Rieger)
Date: Tue, 23 Dec 2008 12:27:26 -0800
Subject: [nycbug-talk] some Upcoming NYCBUG Events and BSDCons
In-Reply-To: <4951482E.5070101@ceetonetechnology.com>
References: <4951482E.5070101@ceetonetechnology.com>
Message-ID: <495149AE.5090807@gmail.com>

George Rosamond wrote:
> It's five years ago this month that the New York City *BSD User Group
> was initially organized.
> 
> The list of accomplishments is great, from fund-raising to NYCBSDCon,
> and everyone involved has much to be proud of.
> 
> We have a number of meetings lined up for 2009, but are always looking
> for more speakers and topics relevant to the *BSD projects.
> 
> On January 7th, Larry Ludwig will be speaking on Puppet, as a follow-up
> to this past July's Cfengine meeting.
> 
> February 4th's meeting will be Victor Duchovni on Postfix performance
> tuning.
> 
> And on March 4th we'll have Tom Limoncelli back for a discussion on Time
> Management for sysadmins and developers.
> 
> *    *    *
> 
since i am now 3500 miles away, is there any place that i can listen to 
a recording of the presentations ?


From skreuzer at exit2shell.com  Tue Dec 23 15:36:51 2008
From: skreuzer at exit2shell.com (Steven Kreuzer)
Date: Tue, 23 Dec 2008 15:36:51 -0500
Subject: [nycbug-talk] some Upcoming NYCBUG Events and BSDCons
In-Reply-To: <495149AE.5090807@gmail.com>
References: <4951482E.5070101@ceetonetechnology.com>
	<495149AE.5090807@gmail.com>
Message-ID: <00589681-4753-4BB9-825C-34A9E6A06898@exit2shell.com>


On Dec 23, 2008, at 3:27 PM, Steve Rieger wrote:

> George Rosamond wrote:
>> It's five years ago this month that the New York City *BSD User Group
>> was initially organized.
>>
>> The list of accomplishments is great, from fund-raising to NYCBSDCon,
>> and everyone involved has much to be proud of.
>>
>> We have a number of meetings lined up for 2009, but are always  
>> looking
>> for more speakers and topics relevant to the *BSD projects.
>>
>> On January 7th, Larry Ludwig will be speaking on Puppet, as a  
>> follow-up
>> to this past July's Cfengine meeting.
>>
>> February 4th's meeting will be Victor Duchovni on Postfix performance
>> tuning.
>>
>> And on March 4th we'll have Tom Limoncelli back for a discussion on  
>> Time
>> Management for sysadmins and developers.
>>
>> *    *    *
>>
> since i am now 3500 miles away, is there any place that i can listen  
> to
> a recording of the presentations ?
>

Yes.

Nikolai Fetissov is nice enough to come out to every meeting and  
record them for us.

http://www.fetissov.org/public/nycbug/

--
Steven Kreuzer
http://www.exit2shell.com/~skreuzer



From george at ceetonetechnology.com  Tue Dec 23 16:32:09 2008
From: george at ceetonetechnology.com (George Rosamond)
Date: Tue, 23 Dec 2008 16:32:09 -0500
Subject: [nycbug-talk] router/firewall recommendation ?
In-Reply-To: <8C356924-0B73-4FFE-873E-4CCA8DCE5A31@bsdunix.net>
References: <8BCAE704-B2E1-4CBB-B20E-0B8B815306FF@2xlp.com>	<495133F0.9030101@neuropunks.org>	<7c21e7d30812231113k12e85d5al95e1f6f1c2863156@mail.gmail.com>
	<8C356924-0B73-4FFE-873E-4CCA8DCE5A31@bsdunix.net>
Message-ID: <495158D9.10504@ceetonetechnology.com>

Siobhan P. Lynch wrote:
> If you go that direction, theres any one of the BSD's - Open and Free 
> coming to mind, but Free, because you can use a combination of pf, ipfw, 
> and ipf if need be to implement all kinds of wacky stuff *laugh*
> 
> -Trish

(gman halting the top-posting)

+1 on pfsense on a soekris or pcengines alix board.

Simple, easy to manage, hard to break.

Scalable if you need it. . .

Sure, using pf (or ipf, ipfw) on a regular box on a regular full bsd 
makes sense in a many contexts, the reality is that for the vast 
majority of installs, pfsense more than sufficient.

There's times we've gone each of the two different routes, and it always 
depends on numerous questions.

But for 3-5 users, as JV stated initially, pfsense is gold.

g


From matt at atopia.net  Tue Dec 23 16:36:31 2008
From: matt at atopia.net (matt at atopia.net)
Date: Tue, 23 Dec 2008 21:36:31 +0000
Subject: [nycbug-talk] router/firewall recommendation ?
Message-ID: <309003012-1230068171-cardhu_decombobulator_blackberry.rim.net-175290729-@bxe342.bisx.prod.on.blackberry>

I second pfSense on a soekris. Worked nicely for us when we used m0n0wall to implement a university housing network. 

mj

------Original Message------
From: George Rosamond
Sender: talk-bounces at lists.nycbug.org
To: Siobhan P. Lynch
Cc: NYCBUG-Talk
ReplyTo: george at ceetonetechnology.com
Subject: Re: [nycbug-talk] router/firewall recommendation ?
Sent: Dec 23, 2008 16:32

Siobhan P. Lynch wrote:
> If you go that direction, theres any one of the BSD's - Open and Free 
> coming to mind, but Free, because you can use a combination of pf, ipfw, 
> and ipf if need be to implement all kinds of wacky stuff *laugh*
> 
> -Trish

(gman halting the top-posting)

+1 on pfsense on a soekris or pcengines alix board.

Simple, easy to manage, hard to break.

Scalable if you need it. . .

Sure, using pf (or ipf, ipfw) on a regular box on a regular full bsd 
makes sense in a many contexts, the reality is that for the vast 
majority of installs, pfsense more than sufficient.

There's times we've gone each of the two different routes, and it always 
depends on numerous questions.

But for 3-5 users, as JV stated initially, pfsense is gold.

g
_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk


From spork at bway.net  Tue Dec 23 17:22:47 2008
From: spork at bway.net (Charles Sprickman)
Date: Tue, 23 Dec 2008 17:22:47 -0500 (EST)
Subject: [nycbug-talk] router/firewall recommendation ?
In-Reply-To: <309003012-1230068171-cardhu_decombobulator_blackberry.rim.net-175290729-@bxe342.bisx.prod.on.blackberry>
References: <309003012-1230068171-cardhu_decombobulator_blackberry.rim.net-175290729-@bxe342.bisx.prod.on.blackberry>
Message-ID: <Pine.OSX.4.64.0812231721020.5313@toasty.nat.fasttrackmonkey.com>

On Tue, 23 Dec 2008, matt at atopia.net wrote:

> I second pfSense on a soekris. Worked nicely for us when we used 
> m0n0wall to implement a university housing network.

I'll third it, but on old Dell GX-110s.  $99 on EBay plus a new hard drive 
(or flash drive or SSD drive).  Quiet, low-power and a bit more oomph than 
the Alix stuff, plus a full install so you can fiddle around with all the 
packages.

While it's based on pf, the learning curve here compared to even a simple 
pf.conf is much, much lower.

C

> mj
>
> ------Original Message------
> From: George Rosamond
> Sender: talk-bounces at lists.nycbug.org
> To: Siobhan P. Lynch
> Cc: NYCBUG-Talk
> ReplyTo: george at ceetonetechnology.com
> Subject: Re: [nycbug-talk] router/firewall recommendation ?
> Sent: Dec 23, 2008 16:32
>
> Siobhan P. Lynch wrote:
>> If you go that direction, theres any one of the BSD's - Open and Free
>> coming to mind, but Free, because you can use a combination of pf, ipfw,
>> and ipf if need be to implement all kinds of wacky stuff *laugh*
>>
>> -Trish
>
> (gman halting the top-posting)
>
> +1 on pfsense on a soekris or pcengines alix board.
>
> Simple, easy to manage, hard to break.
>
> Scalable if you need it. . .
>
> Sure, using pf (or ipf, ipfw) on a regular box on a regular full bsd
> makes sense in a many contexts, the reality is that for the vast
> majority of installs, pfsense more than sufficient.
>
> There's times we've gone each of the two different routes, and it always
> depends on numerous questions.
>
> But for 3-5 users, as JV stated initially, pfsense is gold.
>
> g
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>


From pete at nomadlogic.org  Tue Dec 23 18:43:46 2008
From: pete at nomadlogic.org (pete)
Date: Tue, 23 Dec 2008 18:43:46 -0500
Subject: [nycbug-talk] =?utf-8?q?router/firewall_recommendation_=3F?=
In-Reply-To: <Pine.OSX.4.64.0812231721020.5313@toasty.nat.fasttrackmonkey.com>
References: <309003012-1230068171-cardhu_decombobulator_blackberry.rim.net-175290729-@bxe342.bisx.prod.on.blackberry>
	<Pine.OSX.4.64.0812231721020.5313@toasty.nat.fasttrackmonkey.com>
Message-ID: <678e19d76521dc78983614d9db27fd5d@nomadlogic.org>

On Tue, 23 Dec 2008 17:22:47 -0500 (EST), Charles Sprickman
<spork at bway.net> wrote:
> On Tue, 23 Dec 2008, matt at atopia.net wrote:
> 
>> I second pfSense on a soekris. Worked nicely for us when we used 
>> m0n0wall to implement a university housing network.
> 
> I'll third it, but on old Dell GX-110s.  $99 on EBay plus a new hard
drive 
> (or flash drive or SSD drive).  Quiet, low-power and a bit more oomph
than 
> the Alix stuff, plus a full install so you can fiddle around with all the

> packages.
> 
> While it's based on pf, the learning curve here compared to even a simple

> pf.conf is much, much lower.
> 


sheesh, try to get some work done and you miss a whole thread ;^)

one thing that i was pleasantly surprised with pfsense was the built-in rrd
graphing.  you can turn off the webUI too if you want, but i found it quite
nice to not have to setup snmp and a rrd graphing server in our small
office.

having said that - heck yea, {open,free,net}BSD might be the way to go if
you have the time and/or interest to get everything up and running by hand.

-pete


-- 
Pete Wright
pete at nomadlogic.org
604.802.5059


From nycbug at chrisbuechler.com  Wed Dec 24 12:28:48 2008
From: nycbug at chrisbuechler.com (Chris Buechler)
Date: Wed, 24 Dec 2008 12:28:48 -0500
Subject: [nycbug-talk] router/firewall recommendation ?
In-Reply-To: <678e19d76521dc78983614d9db27fd5d@nomadlogic.org>
References: <309003012-1230068171-cardhu_decombobulator_blackberry.rim.net-175290729-@bxe342.bisx.prod.on.blackberry>	<Pine.OSX.4.64.0812231721020.5313@toasty.nat.fasttrackmonkey.com>
	<678e19d76521dc78983614d9db27fd5d@nomadlogic.org>
Message-ID: <49527150.2010104@chrisbuechler.com>

pete wrote:
> sheesh, try to get some work done and you miss a whole thread ;^)
>
> one thing that i was pleasantly surprised with pfsense was the built-in rrd
> graphing.  you can turn off the webUI too if you want, but i found it quite
> nice to not have to setup snmp and a rrd graphing server in our small
> office.
>
> having said that - heck yea, {open,free,net}BSD might be the way to go if
> you have the time and/or interest to get everything up and running by hand.
>   

That's the key part - time and interest. It's not just about setting up 
a pf.conf. Got a PPPoE connection?  You'll need to learn MPD. Want a 
VPN?  You'll need to learn <insert preferred VPN method here>. Need 
server or multi-WAN load balancing?  You'll need to learn relayd or slbd 
too. Caching DNS server?  Learn your pick of software there. Want HA?  
Have to learn CARP, pfsync, and determine how you will sync your config 
between hosts. Multi-WAN? Don't forget little caveats like adding 
reply-to on WAN rules (and negate them as needed with rules for the 
WAN's subnet sans reply-to). There are a lot of little things like this, 
especially when you get into more complex setups like HA, multi-WAN, 
etc. There are numerous things that we do automatically that you don't 
even have to think about, much less spend significant time trying to 
figure out.

The amount of logic in the pfsense code base that ties all these various 
components together to make them work seamlessly is incredible. That's 
the point of the project, and why even many of you here, even those who 
are perfectly capable of configuring all the underlying components by 
hand, use it.

If you're starting with little knowledge of all these underlying 
components, and you want anything more than a simple two interface LAN 
and WAN NAT box with filtering, you could easily be looking at 100+ 
hours of effort for something you could have running with pfSense in 2 
hours even starting with little to no knowledge. If you're curious and 
have time to burn, setting it all up yourself would be a great learning 
experience. But it's something most people would rather not mess with.

On the contrary, if you're a guru with all these aforementioned 
underlying components and everyone who ever has to touch your firewall 
also is, then there likely isn't any reason to consider a customized 
GUI-fied distro like pfsense.

best,
Chris



From bonsaime at gmail.com  Wed Dec 24 23:37:02 2008
From: bonsaime at gmail.com (Jesse Callaway)
Date: Wed, 24 Dec 2008 23:37:02 -0500
Subject: [nycbug-talk] some Upcoming NYCBUG Events and BSDCons
In-Reply-To: <4951482E.5070101@ceetonetechnology.com>
References: <4951482E.5070101@ceetonetechnology.com>
Message-ID: <aa9991030812242037w356ef9b0nf9903822059e8559@mail.gmail.com>

On Tue, Dec 23, 2008 at 3:21 PM, George Rosamond <
george at ceetonetechnology.com> wrote:

> It's five years ago this month that the New York City *BSD User Group
> was initially organized.
>
> The list of accomplishments is great, from fund-raising to NYCBSDCon,
> and everyone involved has much to be proud of.
>
> We have a number of meetings lined up for 2009, but are always looking
> for more speakers and topics relevant to the *BSD projects.
>
> On January 7th, Larry Ludwig will be speaking on Puppet, as a follow-up
> to this past July's Cfengine meeting.
>
> February 4th's meeting will be Victor Duchovni on Postfix performance
> tuning.
>
> And on March 4th we'll have Tom Limoncelli back for a discussion on Time
> Management for sysadmins and developers.
>
> *    *    *
>
> The number of BSD-specific conferences has proliferated over the past
> few years, and we welcome the addition of DCBSDCon, held merely a few
> hours away by Chinatown bus in Washington, DC.
>
> DCBSDCon (.org) will be held February 5th and 6th at the Ward Marriott,
> bumping right into ShmooCon.
>
> While the CFP closed December 1, registration is now open at
> http://dcbsdcon.org/register.html.
>
> AsiaBSDCon (.org) will be held March 12-19 in Tokyo, Japan.
>
> Finally, BSDCan (.org), which immediately picked up the flag from the
> previous BSDCons back in 2004, will be held May 8th and 9th in Ottawa,
> Canada.  Two days of technical tutorials precede the conference.
>
> Dozens of people from around New York have attended this conference over
> the years.  Registration opens in March.
>
> Most BSD conferences will be holding BSDA exams conducted by the BSD
> Certification (.org) Group.
>
> For anyone looking to travel to any of these conferences, we encourage
> you to query the talk list for other travel companions.  Carpooling or
> shared bus travel to DCBSDCon and BSDCan is encouraged.
>
> *    *    *
>
> On the last note, a big thanks to each and every participant in NYC*BUG
> activities.  To another successful year!
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

Wow, what a great lineup. I have to make some of these.. hopefully all of
them. (jesus, i gve my parents such a shitty keyboard...)

-esse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081224/e8b55000/attachment.htm>

From techneck at goldenpath.org  Thu Dec 25 11:31:17 2008
From: techneck at goldenpath.org (Tim A.)
Date: Thu, 25 Dec 2008 11:31:17 -0500
Subject: [nycbug-talk] router/firewall recommendation ?
In-Reply-To: <8BCAE704-B2E1-4CBB-B20E-0B8B815306FF@2xlp.com>
References: <8BCAE704-B2E1-4CBB-B20E-0B8B815306FF@2xlp.com>
Message-ID: <4953B555.4060206@goldenpath.org>

Jonathan Vanasco wrote:
> But I haven't checked on those projects in forever.  Are they still  
> viable ?  Are the setup times still 1day+ ?
>   

pfSense, all the way.
One thing no one's mentioned yet, though, it runs great virtualized as 
well. OT?
Assuming you'll have some other internal services to provide, these can 
consolidate well on cheap or old/free hardware.
A simple example, for the last year, I've run (at home, experimental) 
pfSense, a DC (W2k3) and Tor transparent DNS proxy (FreeBSD) all in a 
single VMware server (debian) on a 1GHz Pentium M with 1 GB ram.
I'm using a Neo Lex Twister (Hacom) but any old machine will do.
No problems at all. I'm very happy with it.


From nycbug-list at 2xlp.com  Fri Dec 26 11:41:17 2008
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Fri, 26 Dec 2008 11:41:17 -0500
Subject: [nycbug-talk] router/firewall recommendation ?
In-Reply-To: <495158D9.10504@ceetonetechnology.com>
References: <8BCAE704-B2E1-4CBB-B20E-0B8B815306FF@2xlp.com>	<495133F0.9030101@neuropunks.org>	<7c21e7d30812231113k12e85d5al95e1f6f1c2863156@mail.gmail.com>
	<8C356924-0B73-4FFE-873E-4CCA8DCE5A31@bsdunix.net>
	<495158D9.10504@ceetonetechnology.com>
Message-ID: <29CAAC0A-0368-4F93-842B-B87862C750EA@2xlp.com>

On Dec 23, 2008, at 4:32 PM, George Rosamond wrote:
> But for 3-5 users, as JV stated initially, pfsense is gold.

Awesome.  Thank you to all.

I think we'll probably go for one of the pre-configured Alix boxes @  
netgate ( $200, perfect! ) , slap a store bought wireless in front ,  
and do some mac-address filtering to keep out unwantedss.  I *really*  
don't want to be doing network admin on this, but I want to put some  
security in there - as we're in a shared environment.    I like how i  
can pay them to ship me a tested/installed unit.  sadly my old diy  
ways have started to become 'do it for me!'




From greg at ltcc.com  Sun Dec 28 10:31:14 2008
From: greg at ltcc.com (Greg Robinson)
Date: Sun, 28 Dec 2008 10:31:14 -0500
Subject: [nycbug-talk] Jails | FreeBSD | fxp0 | alias | Apache 2.2
Message-ID: <000701c96901$52d4eea0$f87ecbe0$@com>

All:
Re: FreeBSD 7, PCBSD, jail, internal network i.e. 192.168.1.149, rc.conf,
alias fxp0 with said IP, Apache 2.2 in jail
Issue: apache serves 192.168.1.149 to browser on computer but not to outside
browsers, ping to 149 works
Question: Anyone know of well documented how-to on Jails?

My first thought on solving this problem is the pf.conf, which I want to
approach cautiously.

Warmest Regards,
Greg
- - - -  - - - - - - -
Greg Robinson
Lucrosol

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081228/ad094d1d/attachment.htm>

From george at ceetonetechnology.com  Sun Dec 28 10:38:10 2008
From: george at ceetonetechnology.com (George Rosamond)
Date: Sun, 28 Dec 2008 10:38:10 -0500
Subject: [nycbug-talk] Jails | FreeBSD | fxp0 | alias | Apache 2.2
In-Reply-To: <000701c96901$52d4eea0$f87ecbe0$@com>
References: <000701c96901$52d4eea0$f87ecbe0$@com>
Message-ID: <49579D62.9080901@ceetonetechnology.com>

Greg Robinson wrote:
> All:
> 
> Re: FreeBSD 7, PCBSD, jail, internal network i.e. 192.168.1.149, 
> rc.conf, alias fxp0 with said IP, Apache 2.2 in jail
> 
> Issue: apache serves 192.168.1.149 to browser on computer but not to 
> outside browsers, ping to 149 works
> 
> Question: Anyone know of well documented how-to on Jails?
> 
> My first thought on solving this problem is the pf.conf, which I want to 
> approach cautiously.

Not enough info to really take a stab at it. . .

There's a decent amount out there on jails.

Anything in httpd logs?

Search for accf_http.ko jails apache and that might be it. . . it's 
loaded from the host.

http://www.mydigitallife.info/2006/04/23/freebsd-apache-http-accept-filter-error/

But just a complete stab. . . give us some more info.

Does it work without pf?  Turn it off to isolate issue . . is it apache, 
the jail setup or pf?

George


From tekronis at gmail.com  Sun Dec 28 12:06:36 2008
From: tekronis at gmail.com (H. G.)
Date: Sun, 28 Dec 2008 12:06:36 -0500
Subject: [nycbug-talk] Jails | FreeBSD | fxp0 | alias | Apache 2.2
In-Reply-To: <000701c96901$52d4eea0$f87ecbe0$@com>
References: <000701c96901$52d4eea0$f87ecbe0$@com>
Message-ID: <60131f920812280906q4f13df0el2885feaf8e5fb0ed@mail.gmail.com>

On Sun, Dec 28, 2008 at 10:31 AM, Greg Robinson <greg at ltcc.com> wrote:

>  All:
>
> Re: FreeBSD 7, PCBSD, jail, internal network i.e. 192.168.1.149, rc.conf,
> alias fxp0 with said IP, Apache 2.2 in jail
>
> Issue: apache serves 192.168.1.149 to browser on computer but not to
> outside browsers, ping to 149 works
>
> Question: Anyone know of well documented how-to on Jails?
>
> My first thought on solving this problem is the pf.conf, which I want to
> approach cautiously.
>
> Warmest Regards,
>
> Greg
>
> - - - -  - - - - - - -
>
> Greg Robinson
>
> Lucrosol
>
>
What I remember doing was creating a vlan interface, and a assigning a block
of addresses to it as a pool for use by all the jails.
Snippet from rc.conf:

cloned_interfaces="vlan1"
ifconfig_vlan1="vlan 1 vlandev rl0"
ipv4_addrs_vlan1="10.0.1.10-15/27"  # (Assign IPs 10.0.1.10/27 to
10.0.1.15/27)

Then I created a vlan interface on the main gateway machine on the network
and simply gave it an address on that network:

ifconfig_vlan1="vlan 1 vlandev dc0"
ipv4_addrs_vlan1="10.0.1.1/27"

So now any packets destined for the jails are routed over VLAN 1.

Again, thats just how I approached the problem.  For what you're dealing
with, you might perhaps only need to enable packet forwarding in the jail
host by:

Either:

In rc.conf:
gateway_enable="YES"

or

sysctl.conf:
net.inet.ip.forwarding=1

Hope this helps.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081228/e5c096c0/attachment.htm>

From mspitzer at gmail.com  Sun Dec 28 15:11:16 2008
From: mspitzer at gmail.com (Marc Spitzer)
Date: Sun, 28 Dec 2008 15:11:16 -0500
Subject: [nycbug-talk] Jails | FreeBSD | fxp0 | alias | Apache 2.2
In-Reply-To: <000701c96901$52d4eea0$f87ecbe0$@com>
References: <000701c96901$52d4eea0$f87ecbe0$@com>
Message-ID: <8c50a3c30812281211m7c294680ped7eafd1e8851894@mail.gmail.com>

well here are some thoughts:

1: check your routing, 2 or 3 times.  for example your 192.168.1.149
jail has its default route pointing where?  If the 192... ips are a
pool that resides only on the jail box then the broadcast domain,
where arp works, is local to your box.   Also if the previous is
working then do you have routes on your router(s) to push the traffic
to the right place, traceroute is your friend here.  also there may be
a nat issue involved, 192.168 space is nonroutable space(rfc1918 if I
rember correctly).

2: do step one again, I mostly screw up the routing my self.  Use
paper and pencle to draw out the network you have in your head and
check against the network you have in your site.

it sounds like a network issue, good luck

marc

On Sun, Dec 28, 2008 at 10:31 AM, Greg Robinson <greg at ltcc.com> wrote:
> All:
>
> Re: FreeBSD 7, PCBSD, jail, internal network i.e. 192.168.1.149, rc.conf,
> alias fxp0 with said IP, Apache 2.2 in jail
>
> Issue: apache serves 192.168.1.149 to browser on computer but not to outside
> browsers, ping to 149 works
>
> Question: Anyone know of well documented how-to on Jails?
>
> My first thought on solving this problem is the pf.conf, which I want to
> approach cautiously.
>
> Warmest Regards,
>
> Greg
>
> - - - -  - - - - - - -
>
> Greg Robinson
>
> Lucrosol
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
>



-- 
Freedom is nothing but a chance to be better.
Albert Camus


From nycbug-list at 2xlp.com  Tue Dec 30 12:34:49 2008
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Tue, 30 Dec 2008 12:34:49 -0500
Subject: [nycbug-talk] Happy New Year and Thank You!
Message-ID: <B4CC415C-054F-47DD-A543-E8D8DAA4D305@2xlp.com>

NYC-BUG:

Happy new year, and a heartfelt THANK YOU for helping me out of some  
tough jams over the past few years!


// Jonathan Vanasco

w. http://findmeon.com/user/jvanasco
e. jonathan at findmeon.com

|   Founder/CEO - FindMeOn, Inc.
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - - - - -
|      FindMeOn.com - The cure for Multiple Web Personality Disorder
|      Privacy Minded Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - - - - -



From alex at pilosoft.com  Tue Dec 30 19:37:05 2008
From: alex at pilosoft.com (alex at pilosoft.com)
Date: Wed, 31 Dec 2008 00:37:05 +0000
Subject: [nycbug-talk] Ccc anyone?
Message-ID: <787222174-1230683829-cardhu_decombobulator_blackberry.rim.net-1237545621-@bxe253.bisx.prod.on.blackberry>

on the off chance that anyone on-list is at ccc and wants to hang out - shoot off an email back.

-alex
Sent on the Now Network? from my Sprint?? BlackBerry
From spork at bway.net  Tue Dec 30 20:07:04 2008
From: spork at bway.net (Charles Sprickman)
Date: Tue, 30 Dec 2008 20:07:04 -0500 (EST)
Subject: [nycbug-talk] [ccc related] MD5 considered harmful today
Message-ID: <Pine.OSX.4.64.0812302004460.44365@freemac.nat.fasttrackmonkey.com>

Alex has some good timing.

I was reading this:

https://www.win.tue.nl/hashclash/rogue-ca/

It's long and complicated, and I got lost after the basic "how to make 
a hash" section, but this bit should pique anyone's interest:

------
The potential of this attack scenario is even greater than just obtaining 
a rogue certificate for a single secure website. This is because our rogue 
certificate doesn't have to be a website certificate, but it could be an 
intermediary CA certificate. Although the certificate originally signed by 
the real CA has in the "basic constraints" field the flag "CA = FALSE", 
indicating that this certificate cannot be used to validate other 
certificates in a certificate chain, our rogue certificate has the same 
flag set to "CA = TRUE". We are in possession of the private key 
corresponding to the public key in this rogue CA certificate. As a result 
we are able to issue any number of certificates to anybody we choose, and 
they will be recognized as valid certificates by anybody trusting the real 
CA, which is all Internet users using one of the common web browsers.
------

Charles


From carton at Ivy.NET  Tue Dec 30 21:19:27 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Tue, 30 Dec 2008 21:19:27 -0500
Subject: [nycbug-talk] [ccc related] MD5 considered harmful today
In-Reply-To: <Pine.OSX.4.64.0812302004460.44365@freemac.nat.fasttrackmonkey.com>
	(Charles Sprickman's message of "Tue,
	30 Dec 2008 20:07:04 -0500 (EST)")
References: <Pine.OSX.4.64.0812302004460.44365@freemac.nat.fasttrackmonkey.com>
Message-ID: <oq8wpxf5n4.fsf@castrovalva.Ivy.NET>

>>>>> "cs" == Charles Sprickman <spork at bway.net> writes:

    cs> https://www.win.tue.nl/hashclash/rogue-ca/

``Until Firefox 3 and IE 7, certificate revocation was disabled by
  default. Even in the latest versions, the browsers rely on the
  certificate to include a URL pointing to a revocation server.''

pwaaaahahaha!  rapidssl ist gePWNen!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081230/f3815a32/attachment.bin>

From bonsaime at gmail.com  Wed Dec 31 01:01:38 2008
From: bonsaime at gmail.com (Jesse Callaway)
Date: Wed, 31 Dec 2008 01:01:38 -0500
Subject: [nycbug-talk] [ccc related] MD5 considered harmful today
In-Reply-To: <oq8wpxf5n4.fsf@castrovalva.Ivy.NET>
References: <Pine.OSX.4.64.0812302004460.44365@freemac.nat.fasttrackmonkey.com>
	<oq8wpxf5n4.fsf@castrovalva.Ivy.NET>
Message-ID: <aa9991030812302201v11a7d514ke6e995b7a5894cdf@mail.gmail.com>

On Tue, Dec 30, 2008 at 9:19 PM, Miles Nordin <carton at ivy.net> wrote:

> >>>>> "cs" == Charles Sprickman <spork at bway.net> writes:
>
>    cs> https://www.win.tue.nl/hashclash/rogue-ca/
>
> ``Until Firefox 3 and IE 7, certificate revocation was disabled by
>  default. Even in the latest versions, the browsers rely on the
>  certificate to include a URL pointing to a revocation server.''


man that sucks... so even if this issue in the paper is addressed, it won't
matter until the browsers fix the revocation mechanism.


>
>
> pwaaaahahaha!  rapidssl ist gePWNen!
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

I'll have to throw in the part that really wowed me... frankly I can barely
wrap my head around the POTS creation of signed certs, but maybe I'm dumb.
Too many damn tiers... should rather be based on many peers, but I'll write
the paper up later on this though : )

http://www.win.tue.nl/hashclash/rogue-ca/<https://www.win.tue.nl/hashclash/rogue-ca/>:
"It turned out to be possible to hide [MD5] collision blocks inside
RSA
moduli while even assuring the security of the pairs of moduli as being both
products of sufficiently large primes. "

-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081231/0ef2234e/attachment.htm>

From dingo at 1984.ws  Wed Dec 31 02:16:27 2008
From: dingo at 1984.ws (dingo)
Date: Wed, 31 Dec 2008 02:16:27 -0500
Subject: [nycbug-talk] [ccc related] MD5 considered harmful today
In-Reply-To: <aa9991030812302201v11a7d514ke6e995b7a5894cdf@mail.gmail.com>
References: <Pine.OSX.4.64.0812302004460.44365@freemac.nat.fasttrackmonkey.com>
	<oq8wpxf5n4.fsf@castrovalva.Ivy.NET>
	<aa9991030812302201v11a7d514ke6e995b7a5894cdf@mail.gmail.com>
Message-ID: <aedb88803c64f2d8bd170302b2650c96@1984.ws>




On Wed, 31 Dec 2008 01:01:38 -0500, "Jesse Callaway" <bonsaime at gmail.com>
wrote:
> On Tue, Dec 30, 2008 at 9:19 PM, Miles Nordin <carton at ivy.net> wrote:
> 
>> >>>>> "cs" == Charles Sprickman <spork at bway.net> writes:
>>
>>    cs> https://www.win.tue.nl/hashclash/rogue-ca/
>>
>> ``Until Firefox 3 and IE 7, certificate revocation was disabled by
>>  default. Even in the latest versions, the browsers rely on the
>>  certificate to include a URL pointing to a revocation server.''
> 
> 
> man that sucks... so even if this issue in the paper is addressed, it
> won't
> matter until the browsers fix the revocation mechanism.
> 

No. It wont matter until everyone stops pretending x509 isn't a
total piece of ass created by monopolies and teclos to profit
off the internet. its all horse shit. certs don't matter.

Give this a read:
http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt

and the next time you see the heading "MD5 considered harmful" in relation
to x509 certs and ssl, you'll say "Duh."

> 
>>
>>
>> pwaaaahahaha!  rapidssl ist gePWNen!
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>>
> 
> I'll have to throw in the part that really wowed me... frankly I can
> barely
> wrap my head around the POTS creation of signed certs, but maybe I'm
dumb.
> Too many damn tiers... should rather be based on many peers, but I'll
> write
> the paper up later on this though : )
> 
>
http://www.win.tue.nl/hashclash/rogue-ca/<https://www.win.tue.nl/hashclash/rogue-ca/>:
> "It turned out to be possible to hide [MD5] collision blocks inside
> RSA
> moduli while even assuring the security of the pairs of moduli as being
> both
> products of sufficiently large primes. "
> 
> -jesse


From carton at Ivy.NET  Wed Dec 31 02:45:46 2008
From: carton at Ivy.NET (Miles Nordin)
Date: Wed, 31 Dec 2008 02:45:46 -0500
Subject: [nycbug-talk] [ccc related] MD5 considered harmful today
In-Reply-To: <aa9991030812302201v11a7d514ke6e995b7a5894cdf@mail.gmail.com>
	(Jesse Callaway's message of "Wed, 31 Dec 2008 01:01:38 -0500")
References: <Pine.OSX.4.64.0812302004460.44365@freemac.nat.fasttrackmonkey.com>
	<oq8wpxf5n4.fsf@castrovalva.Ivy.NET>
	<aa9991030812302201v11a7d514ke6e995b7a5894cdf@mail.gmail.com>
Message-ID: <oqzliceqj9.fsf@castrovalva.Ivy.NET>

>>>>> "jc" == Jesse Callaway <bonsaime at gmail.com> writes:

    jc> man that sucks... so even if this issue in the paper is
    jc> addressed, it won't matter until the browsers fix the
    jc> revocation mechanism.

i don't think revocation is part of the fix.  The revocation problem
is just funny because it adds to the feeling of powerlessness the
incompetently-run CA, and makes me happy because they've been milking
us all for cash all along.  Their first thoughut must have been
``Rogue cert?!  oh no.  quick, revoke it!''  nope.  PWNTx2!

This attack would be foiled if the CA's would simply stop using MD5
tomorrow.  They can't invalidate any fake signing certificates out
there already, but there probably aren't any unless this same group
made a working cert secretly.  Because the collision blocks are in the
keys, AIUI an attacker needs to get a new key signed to pull it off.
If the CA switches to SHA from now on, someone holding an honest MD5
cert from before the switch can't use the same trick because there are
no collision blocks hidden in his honest RSA key.

The revocation mechanism isn't broken or underimplemented in FF3/IE7
according to the authors---rather it's badly designed in X.509, so
there is no improvement to that hilarious revocpwnage planned, not
even an unimplemented one.

The GnuPG revocation mechanism has neither problem they mention.  All
revocations are signatures, but GnuPG revocations are signatures on
whole keys, not on serial numbers like X.509, so you cannot manipulate
me into revoking a key I don't want to by setting your serial number
the same as the target.  And the revokee doesn't have to consent to
the mechanism by publishing a URL in their key---it is possible in
GnuPG to revoke your signature on someone else's key without their
consent by simply uploading it:

pub   1024D/6E9400D6 2004-07-11
uid                  amber fechko (xi) <xi at telekinetic.net>
rev          DA5BFE1D 2004-12-20  Miles Nordin <carton at ivy.net>

It's not very nice, but I think she deserved it.

Amber disappeared and set her MX record for telekinetic.net to
127.0.0.1 (that is, to the domain name 127.0.0.1, in text.  not the IP
address 127.0.0.1.  foolio.).  In GnuPG signatures and revocations
represent the binding or lack thereof, of key material to a uid, so
when she shut down her email address clearly on purpose I decided she
might like me to warn people that the binding wasn't valid any more.
I guess no one else agreed with me, but I stand by my revocation.  not
that I have a choice---i can't unrevoke.


I think it would be funny if these guys made a real CA cert with their
exploit and started selling certs signed by their fake key for $2 each
or something.  not illegitimate certs, like, email-contact-verified
certs, the regular legitimate kind, just cheaper.  Why not?  It's
probably even legal in some jurisdiction if not in most.  and most
webmasters just want to turn the browser bar green.  It works now, so
for $2 why not?  I'd buy one.  If it starts turning browser bars red
some day, buy a more expensive cert _some day_, not now. The whole
cert thing was such a racket to begin with, i wish they'd start
selling fake ones.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081231/b2a2a120/attachment.bin>

From dcolish at gmail.com  Wed Dec 31 09:40:47 2008
From: dcolish at gmail.com (Dan Colish)
Date: Wed, 31 Dec 2008 09:40:47 -0500
Subject: [nycbug-talk] [ccc related] MD5 considered harmful today
In-Reply-To: <oqzliceqj9.fsf@castrovalva.Ivy.NET>
References: <Pine.OSX.4.64.0812302004460.44365@freemac.nat.fasttrackmonkey.com>
	<oq8wpxf5n4.fsf@castrovalva.Ivy.NET>
	<aa9991030812302201v11a7d514ke6e995b7a5894cdf@mail.gmail.com>
	<oqzliceqj9.fsf@castrovalva.Ivy.NET>
Message-ID: <7c21e7d30812310640y76a14e1ahb0dec363efb8f70b@mail.gmail.com>

On Wed, Dec 31, 2008 at 2:45 AM, Miles Nordin <carton at ivy.net> wrote:

> >>>>> "jc" == Jesse Callaway <bonsaime at gmail.com> writes:
>
>    jc> man that sucks... so even if this issue in the paper is
>    jc> addressed, it won't matter until the browsers fix the
>    jc> revocation mechanism.
>
> i don't think revocation is part of the fix.  The revocation problem
> is just funny because it adds to the feeling of powerlessness the
> incompetently-run CA, and makes me happy because they've been milking
> us all for cash all along.  Their first thoughut must have been
> ``Rogue cert?!  oh no.  quick, revoke it!''  nope.  PWNTx2!
>
> This attack would be foiled if the CA's would simply stop using MD5
> tomorrow.  They can't invalidate any fake signing certificates out
> there already, but there probably aren't any unless this same group
> made a working cert secretly.  Because the collision blocks are in the
> keys, AIUI an attacker needs to get a new key signed to pull it off.
> If the CA switches to SHA from now on, someone holding an honest MD5
> cert from before the switch can't use the same trick because there are
> no collision blocks hidden in his honest RSA key.
>
> The revocation mechanism isn't broken or underimplemented in FF3/IE7
> according to the authors---rather it's badly designed in X.509, so
> there is no improvement to that hilarious revocpwnage planned, not
> even an unimplemented one.
>
> The GnuPG revocation mechanism has neither problem they mention.  All
> revocations are signatures, but GnuPG revocations are signatures on
> whole keys, not on serial numbers like X.509, so you cannot manipulate
> me into revoking a key I don't want to by setting your serial number
> the same as the target.  And the revokee doesn't have to consent to
> the mechanism by publishing a URL in their key---it is possible in
> GnuPG to revoke your signature on someone else's key without their
> consent by simply uploading it:
>
> pub   1024D/6E9400D6 2004-07-11
> uid                  amber fechko (xi) <xi at telekinetic.net>
> rev          DA5BFE1D 2004-12-20  Miles Nordin <carton at ivy.net>
>
> It's not very nice, but I think she deserved it.
>
> Amber disappeared and set her MX record for telekinetic.net to
> 127.0.0.1 (that is, to the domain name 127.0.0.1, in text.  not the IP
> address 127.0.0.1.  foolio.).  In GnuPG signatures and revocations
> represent the binding or lack thereof, of key material to a uid, so
> when she shut down her email address clearly on purpose I decided she
> might like me to warn people that the binding wasn't valid any more.
> I guess no one else agreed with me, but I stand by my revocation.  not
> that I have a choice---i can't unrevoke.
>
>
> I think it would be funny if these guys made a real CA cert with their
> exploit and started selling certs signed by their fake key for $2 each
> or something.  not illegitimate certs, like, email-contact-verified
> certs, the regular legitimate kind, just cheaper.  Why not?  It's
> probably even legal in some jurisdiction if not in most.  and most
> webmasters just want to turn the browser bar green.  It works now, so
> for $2 why not?  I'd buy one.  If it starts turning browser bars red
> some day, buy a more expensive cert _some day_, not now. The whole
> cert thing was such a racket to begin with, i wish they'd start
> selling fake ones.
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
>

This whole issue made me curious about what root CA's I had in Firefox,
remember these are hard coded in. Well it turns out that you absolutely
cannot remove them from your system. Also, as it has been pointed out, a CRL
for a CA that is cracked would be pointless. The only approach I see is to
modify the trust given to the CA's that are know to be broken. If you check,
you'll see the Firefox has not accepted certs signed by a number of MD5 CAs.
So I'm not sure this is really an issue if you are careful about CA
management. Also, if you read the paper, actually creating the fake Root CA
can take months due to timing issues and a fairly decent computing cluster
(200 ps3's). This is hardly the same level of oops as the Kandinsky DNS bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081231/c3f9420d/attachment.htm>

From maddaemon at gmail.com  Wed Dec 31 12:10:37 2008
From: maddaemon at gmail.com (maddaemon at gmail.com)
Date: Wed, 31 Dec 2008 12:10:37 -0500
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <48AC10A3-60AA-4184-A6EF-1C38B0551668@verizon.net>
References: <mailman.3.1229446806.17719.talk@lists.nycbug.org>
	<48AC10A3-60AA-4184-A6EF-1C38B0551668@verizon.net>
Message-ID: <6c1774c50812310910n6db7886bt8e9beb3c9b3921ec@mail.gmail.com>

On Wed, Dec 17, 2008 at 10:16 PM, James E Keenan <jkeen at verizon.net> wrote:
>>
>>
>> For example, here are 2 lines:
>>
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>
>> where 192.168.8.17 is the Windows DC, and the other is the IIP of the
>> webmail server.
>>
>> I need to remove the line that contains the DC _ONLY_WHEN_ there is a
>> duplicate entry (same timestamp) with another IP.  The text file
>> contains hundreds of other entries, and there are single entries where
>> the DC IP is the only entry.  Using the above examples, I need to
>> remove the first line and only retrieve the second line:
>>
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>
>>
>
> Perhaps this:
>
> #!/usr/bin/perl
> use strict;
> use warnings;
>
> my @last = ( '', '', '' );
> my @this;
> my $pattern = qr/^
>     ([a-zA-Z]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) # date string
>     \s-\s
>     (\w+)                                   # username
>     .*?
>     (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})    # IP address
>     $/x;
>
> while (my $firstline = <DATA>) {
>     if ($firstline =~ /$pattern/) {
>         @last = ( $1, $2, $3 );
>         last;
>     }
> }
>
> while (my $l = <DATA>) {
>     if ($l =~ /$pattern/) {
>         @this = ( $1, $2, $3 );
>         if ( $this[0] eq $last[0] and $this[1] eq $last[1] ) {
>             $last[2] = $this[2];
>         } else {
>             print ( ( join '|' => @last ), "\n" );
>             @last = @this;
>         }
>     }
> }
> print ( ( join '|' => @last ), "\n" );
>
> __DATA__
> Dec 15 05:15:33 - abc1234 tried logging in from 192.168.8.17
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
> Dec 15 05:16:03 - xyz1ahj tried logging in from 192.168.18.43
> Dec 15 05:16:03 - xyz1ahj tried logging in from 192.168.15.220
> Dec 15 05:16:05 - xyz1ahj tried logging in from 192.168.15.220
> Dec 15 05:16:05 - xyz1ahj tried logging in from 192.168.15.221
> Dec 15 05:16:05 - xyz1ahj tried logging in from 192.168.15.79
> Dec 15 05:16:07 - vig1234 tried logging in from 192.168.15.79

Since I don't know Perl (yet), I showed that to my boss, who then
modified it, but his Perl has some rust on it, and it winds up puking
a lot.  Can anyone show me what should be fixed so I can get this
working and off my plate?  Much thanks..

Oh, and what would need to change so I could pull the data from a file
rather than appending the data to the bottom of the script?  I realize
that this isn't the proper forum for this question, so thanks to
everyone for putting up with me!

#!/usr/bin/perl
use strict;
use warnings;

my @last = ( '', '', '' );
my @this;
my @addys;
my @dcs = ('192.168.8.3', '192.168.8.17', '192.168.32.100');
my $pattern = qr/^
    ([a-zA-Z]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) # date string
    \s-\s
    (\w+)                                   # username
    .*?
    (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})    # IP address
    $/x;

while ($line = <DATA>) {
    if ($firstline =~ /$pattern/) {
        @last = ( $1, $2);
        push @addys, $3;
        last;
    }
}

while ($line = <DATA>) {
    if ($line =~ /$pattern/) {
        @this = ( $1, $2);
        if ( $this[0] eq $last[0] and $this[1] eq $last[1] ) {
            push @addys, $3;
        }
        else {
            if ($addys == 1) {
                print "$this[0] - $this[1] tried logging in from $addys[0]\n";
            }
            else {
                foreach $addy in @addys {
                   my $flag = false;
                   foreach $dc in @dcs {
                       if $addy eq $dc {$flag = true;}
                   }
                if !$flag {
                   print "$this[0] - $this[1] tried logging in from $addy\n";
                }
            }
        @last = @this;
        @addys = ();

        }
    }
}

foreach $addy in @addys {
    my $flag = false;
    foreach $dc in @dcs {
       if $addy eq $dc {$flag = true;}
    }
    if !$flag {
       print "$this[0] - $this[1] tried logging in from $addy\n";
    }
}

__DATA__
Dec 30 09:34:53 user1234 (tried logging in from 192.168.32.100)
Dec 30 09:34:53 user1234 (tried logging in from 192.168.32.7)
Dec 30 14:38:37 user5678 (tried logging in from 192.168.32.100)
Dec 30 14:38:37 user5678 (tried logging in from 192.168.32.8)
Dec 30 14:38:44 user5678 (tried logging in from 192.168.32.100)
Dec 30 14:38:44 user5678 (tried logging in from 192.168.32.8)


From jkeen at verizon.net  Wed Dec 31 15:09:24 2008
From: jkeen at verizon.net (James E Keenan)
Date: Wed, 31 Dec 2008 15:09:24 -0500
Subject: [nycbug-talk] Text parsing question
In-Reply-To: <6c1774c50812310910n6db7886bt8e9beb3c9b3921ec@mail.gmail.com>
References: <mailman.3.1229446806.17719.talk@lists.nycbug.org>
	<48AC10A3-60AA-4184-A6EF-1C38B0551668@verizon.net>
	<6c1774c50812310910n6db7886bt8e9beb3c9b3921ec@mail.gmail.com>
Message-ID: <1E9CAB83-CBE4-4240-885A-7578A89A62A2@verizon.net>


On Dec 31, 2008, at 12:10 PM, maddaemon at gmail.com wrote:

>
> Since I don't know Perl (yet), I showed that to my boss, who then
> modified it,

Why?  In what way did it not solve your problem?

I ask this not out of wounded vanity, but because further diagnosis  
is difficult without knowing in what way my suggestion was inadequate.

Note:  Your original post presented very little data, so I had to  
make up sample data in order to illustrate an approach toward a  
solution.


> but his Perl has some rust on it, and it winds up puking
> a lot.  Can anyone show me what should be fixed so I can get this
> working and off my plate?

As you note farther on, you are probably better off taking this  
question to a Perl list.  I would suggest perlmonks.org.  But  
whatever list you go to, the first feedback you get will be something  
like this:

"You are using 'use strict;' and 'use warnings;' at the top of your  
program.  That's good, because they show you where your code is  
either suboptimal or simply wrong.  (perl -c yourscript)  But once  
those statements show you your errors, it's up to you to correct  
them.  Start with the first error reported and proceed from there."


> Much thanks..
>
> Oh, and what would need to change so I could pull the data from a file
> rather than appending the data to the bottom of the script?

perldoc -f open

> I realize
> that this isn't the proper forum for this question

See above.

>
> __DATA__
> Dec 30 09:34:53 user1234 (tried logging in from 192.168.32.100)
> Dec 30 09:34:53 user1234 (tried logging in from 192.168.32.7)
> Dec 30 14:38:37 user5678 (tried logging in from 192.168.32.100)
> Dec 30 14:38:37 user5678 (tried logging in from 192.168.32.8)
> Dec 30 14:38:44 user5678 (tried logging in from 192.168.32.100)
> Dec 30 14:38:44 user5678 (tried logging in from 192.168.32.8)

The data you present here differs from what you originally presented  
and from the dummy data I made up in that there is no 'wordspace- 
hyphen-wordspace' between the datestamp and the username.  So you  
would have to modify the regular expression I wrote to reflect this  
difference.

Jim Keenan


From ike at lesmuug.org  Wed Dec 31 18:44:01 2008
From: ike at lesmuug.org (Isaac Levy)
Date: Wed, 31 Dec 2008 18:44:01 -0500
Subject: [nycbug-talk] [ccc related] MD5 considered harmful today
In-Reply-To: <oqzliceqj9.fsf@castrovalva.Ivy.NET>
References: <Pine.OSX.4.64.0812302004460.44365@freemac.nat.fasttrackmonkey.com>
	<oq8wpxf5n4.fsf@castrovalva.Ivy.NET>
	<aa9991030812302201v11a7d514ke6e995b7a5894cdf@mail.gmail.com>
	<oqzliceqj9.fsf@castrovalva.Ivy.NET>
Message-ID: <3BFFB014-A7E7-41D0-A2C2-6E578C69C3B7@lesmuug.org>

On Dec 31, 2008, at 2:45 AM, Miles Nordin wrote:

> I think it would be funny if these guys made a real CA cert with their
> exploit and started selling certs signed by their fake key for $2 each
> or something.  not illegitimate certs, like, email-contact-verified
> certs, the regular legitimate kind, just cheaper.  Why not?  It's
> probably even legal in some jurisdiction if not in most.  and most
> webmasters just want to turn the browser bar green.  It works now, so
> for $2 why not?  I'd buy one.  If it starts turning browser bars red
> some day, buy a more expensive cert _some day_, not now. The whole
> cert thing was such a racket to begin with, i wish they'd start
> selling fake ones.

Insanely great idea, IMHO- I mean, why not?  It's like creating a new  
currency (backed by insecurity).

--
Sidenote- everyone here who's dismissed OpenVPN, it almost goes  
without saying that this is yet another rock in that bucket...

With that, and SSL/TLS email services, can anybody think of what other  
cert/pki applications or protocols are at risk?

Rocket-
.ike