From isaac at diversaform.com Thu Apr 1 08:39:38 2010 From: isaac at diversaform.com (Isaac Levy) Date: Thu, 1 Apr 2010 08:39:38 -0400 Subject: [nycbug-talk] Hypothetical: the end of the sysadmin/systems engineer/DBA? In-Reply-To: References: <965DC999-0BF7-4847-8B48-B8A87FAD08F0@diversaform.com> <382002e1003250739p38db7c16re6319413737e51c@mail.gmail.com> <99EC8682-44AB-4E48-B422-A0FCB6C6F7B2@diversaform.com> Message-ID: <021969AC-8A93-4B12-AB03-662EDD871FA6@diversaform.com> Wow, this turned into quite a compelling thread, On Mar 25, 2010, at 11:47 PM, Matt Juszczak wrote: > > Can you elaborate? Sorry to drop out of this one- I think I'll plan to pick it up with a drink in hand at next week's meeting :) Best, .ike From isaac at diversaform.com Thu Apr 1 08:51:11 2010 From: isaac at diversaform.com (Isaac Levy) Date: Thu, 1 Apr 2010 08:51:11 -0400 Subject: [nycbug-talk] meeting idea In-Reply-To: <4BB37AA9.8040601@ceetonetechnology.com> References: <4BB37AA9.8040601@ceetonetechnology.com> Message-ID: <5268287E-ECD2-4637-B901-F4223B4DA5CE@diversaform.com> On Mar 31, 2010, at 12:39 PM, George Rosamond wrote: > We have the next three or so meetings (pretty much) set right now. . . > > But for another "open" type meeting, like the December meeting on "Your Tips as Presents" (http://www.nycbug.org/index.php?NAV=Home;SUBM=10239), how about a similar format with a bunch of people illustrating a port/package that: > > * they use > > * that is solves a common problem > > * that others probably don't know about or aren't using for a particular problem > > I've noticed that after a default install of *any* BSD box, many people have a few ports that they always install immediately. . . often regardless of the role of the box. > > No, not perl, sudo (on non-OpenBSD boxes), or some standard shell. > > More like xtail, mtr, whatever. > > Thoughts on this? > > g I like this meeting idea- these simple and fun meetings often turn out to be the best. -- Heck, I don't want to steal your thunder with a full meeting, but muscle memory almost involuntarily makes me pump out (FreeBSD): pkg_add -r bash && pkg_add -r sudo dtach xtail lsof rsync curl wget Rocket- .ike From isaac at diversaform.com Thu Apr 1 08:57:07 2010 From: isaac at diversaform.com (Isaac Levy) Date: Thu, 1 Apr 2010 08:57:07 -0400 Subject: [nycbug-talk] symon wow Message-ID: Hi All, Has anyone around used symon? http://www.xs4all.nl/~wpd/symon/documentation.html I just discovered it as I was setting up shell-script based rrd data collectors... I'm not so excited about the collector/sensor model, (I'd typically rather continue ssh rpc via underprivileged users, over adding another network daemon to babysit), but the rest of the app looks extremely compelling... And nice tools to get stats from PF, (better than I was scripting out). It also still looks like a simple UNIX utility, not like other stats/monitoring/notification mega-tools, (which I prefer to stay far away from). Anyone used this? Hearsay of others using it? Rocket- .ike From isaac at diversaform.com Thu Apr 1 09:05:56 2010 From: isaac at diversaform.com (Isaac Levy) Date: Thu, 1 Apr 2010 09:05:56 -0400 Subject: [nycbug-talk] symon wow In-Reply-To: References: Message-ID: <95151F79-0566-42E7-AAC4-512D870AA361@diversaform.com> Wow, I searched the talk list archives, On Apr 1, 2010, at 8:57 AM, Isaac Levy wrote: > Hi All, > > Has anyone around used symon? > http://www.xs4all.nl/~wpd/symon/documentation.html > > I just discovered it as I was setting up shell-script based rrd data collectors... > > I'm not so excited about the collector/sensor model, (I'd typically rather continue ssh rpc via underprivileged users, over adding another network daemon to babysit), but the rest of the app looks extremely compelling... And nice tools to get stats from PF, (better than I was scripting out). > It also still looks like a simple UNIX utility, not like other stats/monitoring/notification mega-tools, (which I prefer to stay far away from). > > Anyone used this? Hearsay of others using it? > > Rocket- > .ike Max liked it 2 yrs ago on list, http://lists.nycbug.org/pipermail/talk/2008-November/011636.html Okan talks about ssh key use and symon 5 yrs ago on list, http://lists.nycbug.org/pipermail/talk/2005-November/007254.html Dave Steinberg liked it 6 yrs ago on list, http://lists.nycbug.org/pipermail/talk/2004-November/003477.html -- So I guess it's been around, but still does anyone have any thoughts on living with it? Best, .ike From matt at atopia.net Thu Apr 1 08:43:02 2010 From: matt at atopia.net (Matt Juszczak) Date: Thu, 1 Apr 2010 12:43:02 +0000 Subject: [nycbug-talk] Hypothetical: the end of the sysadmin/systems engineer/DBA? Message-ID: <1814172247-1270125793-cardhu_decombobulator_blackberry.rim.net-886355833-@bda188.bisx.prod.on.blackberry> Respected =) means I actually have to make it to a meeting. ------Original Message------ From: Isaac Levy To: Matt Juszczak Cc: John Villa Cc: NYCBUG List Subject: Re: [nycbug-talk] Hypothetical: the end of the sysadmin/systems engineer/DBA? Sent: Apr 1, 2010 08:39 Wow, this turned into quite a compelling thread, On Mar 25, 2010, at 11:47 PM, Matt Juszczak wrote: > > Can you elaborate? Sorry to drop out of this one- I think I'll plan to pick it up with a drink in hand at next week's meeting :) Best, .ike From okan at demirmen.com Thu Apr 1 10:23:01 2010 From: okan at demirmen.com (Okan Demirmen) Date: Thu, 1 Apr 2010 10:23:01 -0400 Subject: [nycbug-talk] symon wow In-Reply-To: <95151F79-0566-42E7-AAC4-512D870AA361@diversaform.com> References: <95151F79-0566-42E7-AAC4-512D870AA361@diversaform.com> Message-ID: <20100401142301.GD16456@clam.khaoz.org> On Thu 2010.04.01 at 09:05 -0400, Isaac Levy wrote: > Wow, I searched the talk list archives, > > On Apr 1, 2010, at 8:57 AM, Isaac Levy wrote: > > > Hi All, > > > > Has anyone around used symon? > > http://www.xs4all.nl/~wpd/symon/documentation.html > > > > I just discovered it as I was setting up shell-script based rrd data collectors... > > > > I'm not so excited about the collector/sensor model, (I'd typically rather continue ssh rpc via underprivileged users, over adding another network daemon to babysit), but the rest of the app looks extremely compelling... And nice tools to get stats from PF, (better than I was scripting out). > > It also still looks like a simple UNIX utility, not like other stats/monitoring/notification mega-tools, (which I prefer to stay far away from). > > > > Anyone used this? Hearsay of others using it? > > > > Rocket- > > .ike > > Max liked it 2 yrs ago on list, > http://lists.nycbug.org/pipermail/talk/2008-November/011636.html > > Okan talks about ssh key use and symon 5 yrs ago on list, > http://lists.nycbug.org/pipermail/talk/2005-November/007254.html > > Dave Steinberg liked it 6 yrs ago on list, > http://lists.nycbug.org/pipermail/talk/2004-November/003477.html > > -- > So I guess it's been around, but still does anyone have any thoughts on living with it? i find it extremely useful and am still using it everywhere i can. hard to compare to the typical polling (via shell scripts or snmp) that most things do at 3-5 min intervals...symon streams stuff to me at 2 second intervals...my systems catch all the spikes that most "typical" monitoring setups miss or can even handle. cheers, okan From mark.saad at ymail.com Thu Apr 1 10:31:51 2010 From: mark.saad at ymail.com (Mark Saad) Date: Thu, 1 Apr 2010 14:31:51 +0000 Subject: [nycbug-talk] HP DL165G5 Issues Message-ID: <2078513474-1270132305-cardhu_decombobulator_blackberry.rim.net-593096862-@bda244.bisx.prod.on.blackberry> Hello Talk Any one out there using Hp DL165G5 servers. I have a about 10 now and a number of the exhibit an odd issue. With freebsd , under i/o load the system hangs for 6 to 10 seconds every 30 seconds or so , and processes are stuck in state getblk or biord . I was thinking it could be a disk or sata controller issue so I swapped them both out sata for a p400 sas card and swapped drives a few times sas,sata mdl dual port single port and no change . So. Installed 8.0 7.2 7.3 all have the same issue. I then tried CentOS 5.1 and 5.4 and similar issues popped up. Formatting a 1T drive took over 45min . Any one have any ideas on what's toast ? What would a process stuck in getblk or biord refer to ? Mark Saad | mark.saad at ymail.com From zippy1981 at gmail.com Thu Apr 1 10:42:44 2010 From: zippy1981 at gmail.com (Justin Dearing) Date: Thu, 1 Apr 2010 10:42:44 -0400 Subject: [nycbug-talk] HP DL165G5 Issues In-Reply-To: <2078513474-1270132305-cardhu_decombobulator_blackberry.rim.net-593096862-@bda244.bisx.prod.on.blackberry> References: <2078513474-1270132305-cardhu_decombobulator_blackberry.rim.net-593096862-@bda244.bisx.prod.on.blackberry> Message-ID: Do you have a support contract with HP? I'd call them. Also, maybe try installing windows (any version) on the machine. You might get an error in eventviewer that google knows about. On Thu, Apr 1, 2010 at 10:31 AM, Mark Saad wrote: > Hello Talk > Any one out there using Hp DL165G5 servers. I have a about 10 now and a > number of the exhibit an odd issue. With freebsd , under i/o load the system > hangs for 6 to 10 seconds every 30 seconds or so , and processes are stuck > in state getblk or biord . I was thinking it could be a disk or sata > controller issue so I swapped them both out sata for a p400 sas card and > swapped drives a few times sas,sata mdl dual port single port and no change > . So. Installed 8.0 7.2 7.3 all have the same issue. I then tried CentOS > 5.1 and 5.4 and similar issues popped up. Formatting a 1T drive took over > 45min . Any one have any ideas on what's toast ? What would a process > stuck in getblk or biord refer to ? > Mark Saad | mark.saad at ymail.com > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -------------- next part -------------- An HTML attachment was scrubbed... URL: From billtotman at billtotman.com Thu Apr 1 11:03:23 2010 From: billtotman at billtotman.com (billtotman at billtotman.com) Date: Thu, 1 Apr 2010 15:03:23 +0000 Subject: [nycbug-talk] HP DL165G5 Issues Message-ID: <1654065454-1270134251-cardhu_decombobulator_blackberry.rim.net-902484300-@bda421.bisx.prod.on.blackberry> If you do have support, the 1st thing they'll ask is whether your firmware is up to date. So, check that out. -bt ------Original Message------ From: Mark Saad Sender: talk-bounces at lists.nycbug.org To: nycbug talk ReplyTo: mark.saad at ymail.com Subject: [nycbug-talk] HP DL165G5 Issues Sent: Apr 1, 2010 10:31 Hello Talk Any one out there using Hp DL165G5 servers. I have a about 10 now and a number of the exhibit an odd issue. With freebsd , under i/o load the system hangs for 6 to 10 seconds every 30 seconds or so , and processes are stuck in state getblk or biord . I was thinking it could be a disk or sata controller issue so I swapped them both out sata for a p400 sas card and swapped drives a few times sas,sata mdl dual port single port and no change . So. Installed 8.0 7.2 7.3 all have the same issue. I then tried CentOS 5.1 and 5.4 and similar issues popped up. Formatting a 1T drive took over 45min . Any one have any ideas on what's toast ? What would a process stuck in getblk or biord refer to ? Mark Saad | mark.saad at ymail.com _______________________________________________ talk mailing list talk at lists.nycbug.org http://lists.nycbug.org/mailman/listinfo/talk Sent via BlackBerry From mark.saad at ymail.com Thu Apr 1 11:24:52 2010 From: mark.saad at ymail.com (Mark Saad) Date: Thu, 1 Apr 2010 08:24:52 -0700 (PDT) Subject: [nycbug-talk] HP DL165G5 Issues In-Reply-To: <1654065454-1270134251-cardhu_decombobulator_blackberry.rim.net-902484300-@bda421.bisx.prod.on.blackberry> References: <1654065454-1270134251-cardhu_decombobulator_blackberry.rim.net-902484300-@bda421.bisx.prod.on.blackberry> Message-ID: <748380.6361.qm@web113502.mail.gq1.yahoo.com> Bill The latest firmware did not help, I tried that last week. Maybe they have newer firmware out there. -- Mark Saad mark.saad at ymail.com ----- Original Message ---- > From: "billtotman at billtotman.com" > To: mark.saad at ymail.com; nycbug talk > Sent: Thu, April 1, 2010 11:03:23 AM > Subject: Re: [nycbug-talk] HP DL165G5 Issues > > If you do have support, the 1st thing they'll ask is whether your firmware is up > to date. So, check that out. -bt ------Original > Message------ From: Mark Saad Sender: > ymailto="mailto:talk-bounces at lists.nycbug.org" > href="mailto:talk-bounces at lists.nycbug.org">talk-bounces at lists.nycbug.org To: > nycbug talk ReplyTo: > href="mailto:mark.saad at ymail.com">mark.saad at ymail.com Subject: > [nycbug-talk] HP DL165G5 Issues Sent: Apr 1, 2010 10:31 Hello > Talk Any one out there using Hp DL165G5 servers. I have a about 10 now > and a number of the exhibit an odd issue. With freebsd , under i/o load the > system hangs for 6 to 10 seconds every 30 seconds or so , and processes > are stuck in state getblk or biord . I was thinking it could be a disk or sata > controller issue so I swapped them both out sata for a p400 sas card and swapped > drives a few times sas,sata mdl dual port single port and no change > . So. Installed 8.0 7.2 7.3 all have the same issue. I then tried CentOS > 5.1 and 5.4 and similar issues popped up. Formatting a 1T drive took over > 45min . Any one have any ideas on what's toast ? What would a > process stuck in getblk or biord refer to ? Mark Saad | > ymailto="mailto:mark.saad at ymail.com" > href="mailto:mark.saad at ymail.com">mark.saad at ymail.com > _______________________________________________ talk mailing > list > href="mailto:talk at lists.nycbug.org">talk at lists.nycbug.org > href="http://lists.nycbug.org/mailman/listinfo/talk > " target=_blank >http://lists.nycbug.org/mailman/listinfo/talk > Sent via BlackBerry From jhb at freebsd.org Thu Apr 1 13:18:54 2010 From: jhb at freebsd.org (John Baldwin) Date: Thu, 1 Apr 2010 13:18:54 -0400 Subject: [nycbug-talk] HP DL165G5 Issues In-Reply-To: <2078513474-1270132305-cardhu_decombobulator_blackberry.rim.net-593096862-@bda244.bisx.prod.on.blackberry> References: <2078513474-1270132305-cardhu_decombobulator_blackberry.rim.net-593096862-@bda244.bisx.prod.on.blackberry> Message-ID: <201004011318.54444.jhb@freebsd.org> On Thursday 01 April 2010 10:31:51 am Mark Saad wrote: > Hello Talk > Any one out there using Hp DL165G5 servers. I have a about 10 now and a number of the exhibit an odd issue. With freebsd , under i/o load the system hangs for 6 to 10 seconds every 30 seconds or so , and processes are stuck in state getblk or biord . I was thinking it could be a disk or sata controller issue so I swapped them both out sata for a p400 sas card and swapped drives a few times sas,sata mdl dual port single port and no change . So. Installed 8.0 7.2 7.3 all have the same issue. I then tried CentOS 5.1 and 5.4 and similar issues popped up. Formatting a 1T drive took over 45min . Any one have any ideas on what's toast ? What would a process stuck in getblk or biord refer to ? "biord" is a thread waiting for an I/O read request to be completed (the requesting thread sleeps in "biord" while GEOM passes the request down via g_down and g_up). "getblk" is probably also blocked on disk I/O, but indirectly. For example it may need to claim a buffer that is currently in use for an in-process transaction for some other thread waiting in "biord" or "biowr". -- John Baldwin From mark.saad at ymail.com Fri Apr 2 11:57:55 2010 From: mark.saad at ymail.com (Mark Saad) Date: Fri, 2 Apr 2010 08:57:55 -0700 (PDT) Subject: [nycbug-talk] HP DL165G5 Issues In-Reply-To: <201004011318.54444.jhb@freebsd.org> References: <2078513474-1270132305-cardhu_decombobulator_blackberry.rim.net-593096862-@bda244.bisx.prod.on.blackberry> <201004011318.54444.jhb@freebsd.org> Message-ID: <388337.23584.qm@web113510.mail.gq1.yahoo.com> John thanks for the info, I figured out what the issue was. Each time we tried to fix the issue I was using the same type of 1T drives from hp. Turns out they are the issue. Something on their disk firmware is causing them to flush their buffer every couple of seconds. I have no idea why and it makes the server useless when they are installed, regardless of what os you are running. For now I have swapped back to a OEM drive from seagate and its working fine. ----- Original Message ---- > From: John Baldwin > To: talk at lists.nycbug.org; mark.saad at ymail.com > Sent: Thu, April 1, 2010 1:18:54 PM > Subject: Re: [nycbug-talk] HP DL165G5 Issues > > On Thursday 01 April 2010 10:31:51 am Mark Saad wrote: > Hello > Talk > Any one out there using Hp DL165G5 servers. I have a about > 10 now and a number of the exhibit an odd issue. With freebsd , under i/o > load the system hangs for 6 to 10 seconds every 30 seconds or so , and > processes are stuck in state getblk or biord . I was thinking it could be a > disk or sata controller issue so I swapped them both out sata for a p400 sas > card and swapped drives a few times sas,sata mdl dual port single port > and no change . So. Installed 8.0 7.2 7.3 all have the same issue. I > then tried CentOS 5.1 and 5.4 and similar issues popped up. Formatting > a 1T drive took over 45min . Any one have any ideas on what's toast > ? What would a process stuck in getblk or biord refer to ? > "biord" is a thread waiting for an I/O read request to be completed (the > requesting thread sleeps in "biord" while GEOM passes the request down via > g_down and g_up). "getblk" is probably also blocked on disk I/O, but > indirectly. For example it may need to claim a buffer that is > currently in use for an in-process transaction for some other thread waiting > in "biord" or "biowr". -- John Baldwin -- Mark Saad mark.saad at ymail.com From josh at rivels.org Sat Apr 3 21:04:02 2010 From: josh at rivels.org (Josh Rivel) Date: Sat, 3 Apr 2010 21:04:02 -0400 Subject: [nycbug-talk] symon wow In-Reply-To: <95151F79-0566-42E7-AAC4-512D870AA361@diversaform.com> References: <95151F79-0566-42E7-AAC4-512D870AA361@diversaform.com> Message-ID: <132113AB-5742-4C33-9D19-3CAA7D5864B5@rivels.org> Ike- On Apr 1, 2010, at 9:05 AM, Isaac Levy wrote: > Wow, I searched the talk list archives, > > On Apr 1, 2010, at 8:57 AM, Isaac Levy wrote: > >> Hi All, >> >> Has anyone around used symon? >> http://www.xs4all.nl/~wpd/symon/documentation.html >> >> I just discovered it as I was setting up shell-script based rrd data collectors... >> >> I'm not so excited about the collector/sensor model, (I'd typically rather continue ssh rpc via underprivileged users, over adding another network daemon to babysit), but the rest of the app looks extremely compelling... And nice tools to get stats from PF, (better than I was scripting out). >> It also still looks like a simple UNIX utility, not like other stats/monitoring/notification mega-tools, (which I prefer to stay far away from). >> >> Anyone used this? Hearsay of others using it? >> >> Rocket- >> .ike > > Max liked it 2 yrs ago on list, > http://lists.nycbug.org/pipermail/talk/2008-November/011636.html > > Okan talks about ssh key use and symon 5 yrs ago on list, > http://lists.nycbug.org/pipermail/talk/2005-November/007254.html > > Dave Steinberg liked it 6 yrs ago on list, > http://lists.nycbug.org/pipermail/talk/2004-November/003477.html > > -- > So I guess it's been around, but still does anyone have any thoughts on living with it? > > Best, > .ike > I'm using it on a Sun something-or-other running OpenBSD as a firewall with packet shaping and it's awesome. I'm also running mrtg on it locally for basic interface stats, but using symon for getting the pf goodness graphed. Josh From spork at bway.net Sun Apr 4 14:44:04 2010 From: spork at bway.net (Charles Sprickman) Date: Sun, 4 Apr 2010 14:44:04 -0400 (EDT) Subject: [nycbug-talk] odd vi question Message-ID: Hi all, Using the stock FreeBSD vi (which is nvi), I'm finding some odd behavior that I've not seen before when editing some html files with spaces in their names. I open the file, either by cutting and pasting the filename or using tab-completion, and it opens with no errors. I make a few changes and then write-quit (:wq). When doing that on this set of html files, I always get this prompt: 42/1255022332 Distribution Center_Converted.html: 46312 lines, 2854816 characters. Press any key to continue: It's the filename, a summary of lines/characters in the file and then a propmpt to continue. Pressing any key continues closing the file with no errors. I've never seen this before and can't reproduce it with other files with spaces in their names. What am I not seeing that's unique about these files? What is the purpose of this prompt? Thanks, Charles From aidan at panix.com Mon Apr 5 07:29:56 2010 From: aidan at panix.com (Aidan Cully) Date: Mon, 5 Apr 2010 07:29:56 -0400 Subject: [nycbug-talk] odd vi question In-Reply-To: References: Message-ID: <20100405112956.GA25514@panix.com> On Sun, Apr 04, 2010 at 02:44:04PM, Charles Sprickman said: > Hi all, > > Using the stock FreeBSD vi (which is nvi), I'm finding some odd behavior > that I've not seen before when editing some html files with spaces in > their names. > > I open the file, either by cutting and pasting the filename or using > tab-completion, and it opens with no errors. I make a few changes and > then write-quit (:wq). When doing that on this set of html files, I > always get this prompt: > > 42/1255022332 Distribution Center_Converted.html: 46312 lines, > 2854816 characters. > Press any key to continue: > > It's the filename, a summary of lines/characters in the file and then a > propmpt to continue. Pressing any key continues closing the file with no > errors. > > I've never seen this before and can't reproduce it with other files with > spaces in their names. What am I not seeing that's unique about these > files? What is the purpose of this prompt? I don't think this has to do with spaces, but with the length of the status line when the file is written. I've only noticed the "press any key" prompt when the write status line (in your case, the text 42/1255022332 Distribution Center_Converted.html: 46312 lines, 2854816 characters. ) has to be broken up across more than one line. I just experimented with a filename that was the same width as my console window, and got the same behavior you just described. HTH Aidan From george at ceetonetechnology.com Tue Apr 6 21:59:29 2010 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 06 Apr 2010 21:59:29 -0400 Subject: [nycbug-talk] tomorrow's meeting Message-ID: <4BBBE701.4050500@ceetonetechnology.com> Does anyone have a 'clicker' (via USB) to bring to the meeting tomorrow night? Hit me off list if so. g From matt at atopia.net Wed Apr 7 11:36:48 2010 From: matt at atopia.net (Matt Juszczak) Date: Wed, 7 Apr 2010 11:36:48 -0400 (EDT) Subject: [nycbug-talk] Sanity check on new naming scheme Message-ID: Hi folks, I'm currently in the middle of a systems and network overhaul that's pretty large and spans multiple data centers. I'm working on developing standards, which include all servers being maintained by local puppet servers (one at each data center with one fail over), centralized authentication/sudo/authorization with LDAP (a few slaves at each data center with one primary LDAP server in one data center that all writes go to), centralized syslog (one server at each DC), and standard DNS (external .net and internal .internal). I just wanted to sanity check my thoughts on a DNS naming scheme. It seems like putting the description of the box (such as db-blah-01) in the name isn't what we're looking to do, and we're also trying to avoid generic names (server14, server15, etc.). What I think we've decided on is something like this: ..domain.net -> public IP ..domain.internal -> Local IP For example: bob.nyc01.domain.net bob.nyc01.domain.internal Since we probably wouldn't choose to re-use server names, we would do: bob.domain.net as a CNAME to the hostname of the box, bob.nyc01.domain.net. domain.net would only be used for network infrastructure and for nothing else, so there won't be collisions. As for actual functionality of boxes, we were thinking of doing CNAMEs: blah.db.domain.net -> bob.nyc01.domain.net In the past, I've had different interfaces on boxes, and have added a subdomain to say whether the DNS entry points to the primary IP of the box (m for machine), or a service on the box (s for service). Not sure if this is something we should do. Any opinions? Can anyone else let me know what kind of flexible scheme they use? Thanks, Matt From lists at stringsutils.com Wed Apr 7 12:15:49 2010 From: lists at stringsutils.com (Francisco Reyes) Date: Wed, 07 Apr 2010 12:15:49 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme References: Message-ID: Matt Juszczak writes: > As for actual functionality of boxes, we were thinking of doing CNAMEs: > blah.db.domain.net -> bob.nyc01.domain.net Any reason you don't use functionality as part of the name? Your naming schemse seems sane/sound. Where I work one thing that was done, before I started, which I like is to use block of addresses for functionality. So we would have something like smtp servers .31 to .39 dbs 101 to 109 web 71 to 79 That way regardless of name you know by the IP the type of machine. We use functionality so we would have web1, web2, db1, db2, etc.. > In the past, I've had different interfaces on boxes, and have added a > subdomain to say whether the DNS entry points to the primary IP of the box > (m for machine), or a service on the box (s for service). Not sure if What do you mean by "a service on a box"? VLANs? If VLANs are integral part of your network that may be something else to consider either when assigning internal IPs or on the name. VMs or Jails? Where I work we are going to do a VMware deployment soon and I am going to try and have all the VMs on their own subnet or on their own blocks. Also on our diagrams we color VMs a different color from physical machines. From okan at demirmen.com Wed Apr 7 12:53:33 2010 From: okan at demirmen.com (Okan Demirmen) Date: Wed, 7 Apr 2010 12:53:33 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: References: Message-ID: <20100407165333.GA7880@clam.khaoz.org> On Wed 2010.04.07 at 12:15 -0400, Francisco Reyes wrote: > Where I work we are going to do a VMware deployment soon and I am > going to try and have all the VMs on their own subnet or on their > own blocks. Also on our diagrams we color VMs a different color from > physical machines. coloring and vmware deserve to be in the same sentence only when talking about activities for children and immaturity. From mikel.king at olivent.com Wed Apr 7 13:30:20 2010 From: mikel.king at olivent.com (mikel king) Date: Wed, 7 Apr 2010 13:30:20 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: References: Message-ID: On Apr 7, 2010, at 11:36 AM, Matt Juszczak wrote: > Hi folks, > > I'm currently in the middle of a systems and network overhaul that's > pretty large and spans multiple data centers. > > I'm working on developing standards, which include all servers being > maintained by local puppet servers (one at each data center with one > fail over), centralized authentication/sudo/authorization with LDAP > (a few slaves at each data center with one primary LDAP server in > one data center that all writes go to), centralized syslog (one > server at each DC), and standard DNS (external .net and > internal .internal). > > I just wanted to sanity check my thoughts on a DNS naming scheme. > It seems like putting the description of the box (such as db- > blah-01) in the name isn't what we're looking to do, and we're also > trying to avoid generic names (server14, server15, etc.). > > What I think we've decided on is something like this: > > ..domain.net -> public IP > ..domain.internal -> Local IP > > For example: > > bob.nyc01.domain.net > bob.nyc01.domain.internal > > > Since we probably wouldn't choose to re-use server names, we would do: > > bob.domain.net > > as a CNAME to the hostname of the box, bob.nyc01.domain.net. > > domain.net would only be used for network infrastructure and for > nothing else, so there won't be collisions. > > > As for actual functionality of boxes, we were thinking of doing > CNAMEs: > > blah.db.domain.net -> bob.nyc01.domain.net > > > In the past, I've had different interfaces on boxes, and have added > a subdomain to say whether the DNS entry points to the primary IP of > the box (m for machine), or a service on the box (s for service). > Not sure if this is something we should do. > > > Any opinions? Can anyone else let me know what kind of flexible > scheme they use? > > Thanks, > > Matt I've used many different naming schemes over the years, but this all sounds good to me. By any chance have you ever read http://www.faqs.org/rfcs/rfc1178.html ? Cheers, Mikel King From matt at atopia.net Wed Apr 7 13:51:07 2010 From: matt at atopia.net (Matt Juszczak) Date: Wed, 7 Apr 2010 13:51:07 -0400 (EDT) Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: References: Message-ID: > Any reason you don't use functionality as part of the name? Security by obscurity :) > Your naming schemse seems sane/sound. Awesome, thanks! From george at ceetonetechnology.com Wed Apr 7 13:55:03 2010 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 07 Apr 2010 13:55:03 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: References: Message-ID: <4BBCC6F7.3030902@ceetonetechnology.com> Matt Juszczak wrote: >> Any reason you don't use functionality as part of the name? > > Security by obscurity :) Do a traceroute and look at how ISPs view that approach. > >> Your naming schemse seems sane/sound. > > Awesome, thanks! > It sooo much depends on context. 4 boxes, who cares 50 boxes, er, "location-role-" Normalize the data, then determine the names, IMHO g From riegersteve at gmail.com Wed Apr 7 14:04:25 2010 From: riegersteve at gmail.com (riegersteve at gmail.com) Date: Wed, 7 Apr 2010 18:04:25 +0000 Subject: [nycbug-talk] Sanity check on new naming scheme Message-ID: <349576799-1270663472-cardhu_decombobulator_blackberry.rim.net-1028669544-@bda2124.bisx.prod.on.blackberry> Nanog just had a lengthy discussion on this topic. Check out the archives Sent via BlackBerry from T-Mobile From lists at stringsutils.com Wed Apr 7 15:26:47 2010 From: lists at stringsutils.com (Francisco Reyes) Date: Wed, 07 Apr 2010 15:26:47 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme References: <20100407165333.GA7880@clam.khaoz.org> Message-ID: Okan Demirmen writes: > coloring and vmware deserve to be in the same sentence only when talking > about activities for children and immaturity. So how would you suggest to track physical machines vs VMs in a diagram? From okan at demirmen.com Wed Apr 7 15:37:17 2010 From: okan at demirmen.com (Okan Demirmen) Date: Wed, 7 Apr 2010 15:37:17 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: References: <20100407165333.GA7880@clam.khaoz.org> Message-ID: <20100407193717.GB7880@clam.khaoz.org> On Wed 2010.04.07 at 15:26 -0400, Francisco Reyes wrote: > Okan Demirmen writes: > > >coloring and vmware deserve to be in the same sentence only when talking > >about activities for children and immaturity. > > So how would you suggest to track physical machines vs VMs in a diagram? comment was not directed towards your documentation methodology, but rather at the feeble nature of vmware in general. From zippy1981 at gmail.com Wed Apr 7 15:47:52 2010 From: zippy1981 at gmail.com (Justin Dearing) Date: Wed, 7 Apr 2010 15:47:52 -0400 Subject: [nycbug-talk] Will trade 1 beer tonight for an IPv6 related code review tonight Message-ID: Folks, I'm sure many of you actually run IPv6 on your networks. The code in question is the patch I just added to this ticket in the php bug database http://bugs.php.net/bug.php?id=47435 Basically there is code that picks IPv6 addresses out of an array, and a sub filter that removes all the "special" ones like loopback, 6bone etc. I implemented the subfilter. The problem is I've never actually used IPv6. I've read the wikipedia article, read the ticket comments, played with an IPv6 calculator, but there might be some edge cases. So the first person who has actually administered an IPv6 network that finds the guy with a crew cut with a powerbook G4 (I have a gravatar), is entitled to one beer from me in exchange for making sure I don't have any edge cases in my code. The code is in C, and the testfixture is in PHP, but you don't need to be able to program in either one to be able to help me. As long as you can think of edge cases I can add them to the test fixture, and fix them. Justin -------------- next part -------------- An HTML attachment was scrubbed... URL: From mspitzer at gmail.com Wed Apr 7 22:03:17 2010 From: mspitzer at gmail.com (Marc Spitzer) Date: Wed, 7 Apr 2010 22:03:17 -0400 Subject: [nycbug-talk] RFC 1 Happy Birthday Message-ID: http://tools.ietf.org/html/rfc1 later, marc -- Freedom is nothing but a chance to be better. --Albert Camus The problem with socialism is that eventually you run out of other people's money. --Margaret Thatcher From mark.saad at ymail.com Wed Apr 7 23:26:23 2010 From: mark.saad at ymail.com (Mark Saad) Date: Wed, 7 Apr 2010 20:26:23 -0700 (PDT) Subject: [nycbug-talk] Links to what I was babbling about Message-ID: <747795.57307.qm@web113501.mail.gq1.yahoo.com> Two things . 1. Someone needs to look at honeypot for automation protocols . Black hats could have a field day playing with things like modbus and DH+ http://en.wikipedia.org/wiki/List_of_automation_protocols 2. NetBSD negative symbol cache http://blog.netbsd.org/tnf/entry/netbsd_runtime_linker_gains_negative -- Mark Saad mark.saad at ymail.com From chsnyder at gmail.com Thu Apr 8 08:17:03 2010 From: chsnyder at gmail.com (Chris Snyder) Date: Thu, 8 Apr 2010 08:17:03 -0400 Subject: [nycbug-talk] RFC 1 Happy Birthday In-Reply-To: References: Message-ID: On Wed, Apr 7, 2010 at 10:03 PM, Marc Spitzer wrote: > http://tools.ietf.org/html/rfc1 > Interesting that it postdates rfc 4. I guess it's about the order they landed in Postel's inbox? From isaac at diversaform.com Thu Apr 8 09:57:53 2010 From: isaac at diversaform.com (Isaac Levy) Date: Thu, 8 Apr 2010 09:57:53 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: References: Message-ID: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> Word, My .02?, On Apr 7, 2010, at 1:51 PM, Matt Juszczak wrote: >> Any reason you don't use functionality as part of the name? > > Security by obscurity :) Well, yikes- not sure I like that reason, but I can give a different/functional one: I'd typically rather name the machines uniquely, (sparrow.hostname.com, crow.hostname.com) instead of functionally, (e.g. www2.hostname.com, www3.hostname.com). That way, when the box which was www2.foo.com gets re-purposed for use as svnbackup.foo.com, the machine name doesn't have to be completely changed- and documentation and other materials related to that server don't have to be changed- IMHO it's a crazy task to always be updating documentation across an organization just to change names around... !!! Then, for specific services, domain names can be mapped as CNAME aliases (or A records, depending on context/use), to any of the boxes- without much fuss. Examples, www.publicdomainname.com, svn.domain.internal, wiki.domain.internal, etc... The stuff people actually use. When failing-over to a backup for a given service, or whatever, it's less disruptive for (n) number of users- (nothing less disruptive than telling a team of devs they all have to change their source code repo in their IDE's and such). I'm a big fan of keeping boxen and services separate identities, as far as dns goes. Last important thing for me: for those names, it's really good to have pre-generated lists of the names to use, because it's often the last thing I want to figure out while unboxing/deploying a server. Things I've used/inherited in the past: elements from the periodic table, names of birds (from a little book I had in my desk), names of fish, food, island names from around the world, bodies of water, rivers, (stay away from cities and physical locations because eventually every org ends up with some idea of where the boxes physically are). > >> Your naming schemse seems sane/sound. > > Awesome, thanks! I agree- your scheme is simple and clean, and I've had great results with the sort of naming scheme listed. I have a few personal things to add, (as I have done similar setups), however it increases the management/overhead of naming so I can't say they're hard-rules I follow: -- Regarding unique name for the machine, not it's function/service Regarding I tend to use the name of the physical network zone instead, for example: ..internalname e.g.: servername.computegrid.internalname servername.utilitynet.internalname servername.corenetwork.internalname servername.officetrusted.internalname servername.officeuntrusted.internalname servername.dmz.internalname With this method, I prefer to keep the documentation about the network out of the machine host name. Regarding .internal Something SHORT and unique-ish to your org, but not conflicting with TLD's! (make it easy to type, everyone will be typing it a lot!) -- ..domain.net -> public IP For public use, I really only find value in this naming if it's matched with PTR records, (if we're managing PTR internally) Otherwise, I don't bother with it at all and focus on the pub. fqdn mappings... -- ..domain.internal -> Local IP I love this as hostname settings for machines, as well as keeping it resolvable on the internal networks. However, for the sake of scriptability/manageability, I tend to also make sure the following convenience is in place: .internal This way, users/developers don't need to constantly be aware of which network zone is which, and if a box/service/idea is moved to another network zone, scripts/programs set to reach it still just work. If the machine is moved to a different network zone, scripts still work and users still can get to it. It's also far less typing, important to me as things grow. I tend to set this kind of thing up with internal DNS using Bind Include statements in my zone files, keeping the host mappings in single files- I'd bet this is easy with djbdns too. This strategy allows for many DNS names to be given for a single host, yet keeping management simple and consolidated to individual zone files. -- A long .02?, Best, .ike From matt at atopia.net Thu Apr 8 10:06:44 2010 From: matt at atopia.net (Matt Juszczak) Date: Thu, 8 Apr 2010 14:06:44 +0000 Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> References: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> Message-ID: <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> Hi ike, Thanks! Two comments. First, the security by obscurity sort of was a joke =) but yes, we don't want to put the description in in case the box gets repuropsed, but more so in case the box gets multi-purposed. Can't tell you how many times someone insists that the primary ldap server is now the primary dns server too. Then what? ldap01 is no longer valid. Second, ill do the local hosts, but ill do: boxname.domain.internal And make the search path domain.internal. Any objections to that? This would be instead of boxname.internal. Matt -----Original Message----- From: Isaac Levy Date: Thu, 8 Apr 2010 09:57:53 To: Matt Juszczak Cc: Francisco Reyes; Subject: Re: [nycbug-talk] Sanity check on new naming scheme Word, My .02?, On Apr 7, 2010, at 1:51 PM, Matt Juszczak wrote: >> Any reason you don't use functionality as part of the name? > > Security by obscurity :) Well, yikes- not sure I like that reason, but I can give a different/functional one: I'd typically rather name the machines uniquely, (sparrow.hostname.com, crow.hostname.com) instead of functionally, (e.g. www2.hostname.com, www3.hostname.com). That way, when the box which was www2.foo.com gets re-purposed for use as svnbackup.foo.com, the machine name doesn't have to be completely changed- and documentation and other materials related to that server don't have to be changed- IMHO it's a crazy task to always be updating documentation across an organization just to change names around... !!! Then, for specific services, domain names can be mapped as CNAME aliases (or A records, depending on context/use), to any of the boxes- without much fuss. Examples, www.publicdomainname.com, svn.domain.internal, wiki.domain.internal, etc... The stuff people actually use. When failing-over to a backup for a given service, or whatever, it's less disruptive for (n) number of users- (nothing less disruptive than telling a team of devs they all have to change their source code repo in their IDE's and such). I'm a big fan of keeping boxen and services separate identities, as far as dns goes. Last important thing for me: for those names, it's really good to have pre-generated lists of the names to use, because it's often the last thing I want to figure out while unboxing/deploying a server. Things I've used/inherited in the past: elements from the periodic table, names of birds (from a little book I had in my desk), names of fish, food, island names from around the world, bodies of water, rivers, (stay away from cities and physical locations because eventually every org ends up with some idea of where the boxes physically are). > >> Your naming schemse seems sane/sound. > > Awesome, thanks! I agree- your scheme is simple and clean, and I've had great results with the sort of naming scheme listed. I have a few personal things to add, (as I have done similar setups), however it increases the management/overhead of naming so I can't say they're hard-rules I follow: -- Regarding unique name for the machine, not it's function/service Regarding I tend to use the name of the physical network zone instead, for example: ..internalname e.g.: servername.computegrid.internalname servername.utilitynet.internalname servername.corenetwork.internalname servername.officetrusted.internalname servername.officeuntrusted.internalname servername.dmz.internalname With this method, I prefer to keep the documentation about the network out of the machine host name. Regarding .internal Something SHORT and unique-ish to your org, but not conflicting with TLD's! (make it easy to type, everyone will be typing it a lot!) -- ..domain.net -> public IP For public use, I really only find value in this naming if it's matched with PTR records, (if we're managing PTR internally) Otherwise, I don't bother with it at all and focus on the pub. fqdn mappings... -- ..domain.internal -> Local IP I love this as hostname settings for machines, as well as keeping it resolvable on the internal networks. However, for the sake of scriptability/manageability, I tend to also make sure the following convenience is in place: .internal This way, users/developers don't need to constantly be aware of which network zone is which, and if a box/service/idea is moved to another network zone, scripts/programs set to reach it still just work. If the machine is moved to a different network zone, scripts still work and users still can get to it. It's also far less typing, important to me as things grow. I tend to set this kind of thing up with internal DNS using Bind Include statements in my zone files, keeping the host mappings in single files- I'd bet this is easy with djbdns too. This strategy allows for many DNS names to be given for a single host, yet keeping management simple and consolidated to individual zone files. -- A long .02?, Best, .ike From isaac at diversaform.com Thu Apr 8 10:19:38 2010 From: isaac at diversaform.com (Isaac Levy) Date: Thu, 8 Apr 2010 10:19:38 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> References: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> Message-ID: Hi Matt, On Apr 8, 2010, at 10:06 AM, Matt Juszczak wrote: > Hi ike, > > Thanks! Two comments. First, the security by obscurity sort of was a joke =) ;P > but yes, we don't want to put the description in in case the box gets repuropsed, but more so in case the box gets multi-purposed. Can't tell you how many times someone insists that the primary ldap server is now the primary dns server too. Then what? ldap01 is no longer valid. Yep. I guess exceptions perhaps would be special-purpose hw in big clusters, www1, ww2, - or computenode1, computenode2, etc... where this naming is a part of a social strategy to keep the boxes purpose clear. However, I've gone through arguements where some notion of 'scripting is easier if it's www1, www2, etc..', and that falls apart completely in practice- scripted/group management is no more challenging if the machines have unique names or not- I think scripting for www1 www2 www3 etc... is just lazy, and the edge cases you never coded for in the first place are really annoying wastes of time, but that's personal opinion... > > Second, ill do the local hosts, but ill do: > > boxname.domain.internal > > And make the search path domain.internal. Any objections to that? This would be instead of boxname.internal. No objections at all- it's your network :) However, I have typically dispensed with the search path of domain.internal (or network.internal), in favor of simply .internal - it becomes just one more file to manage/update in /etc/hosts to me... But, that's just my personal opinion and I haven't experienced any need which sways me. Have fun! I really love it when new/clean naming schemes finally slide into place- daily life gets so much saner. It's the little things... Rocket- .ike > > Matt > > -----Original Message----- > From: Isaac Levy > Date: Thu, 8 Apr 2010 09:57:53 > To: Matt Juszczak > Cc: Francisco Reyes; > Subject: Re: [nycbug-talk] Sanity check on new naming scheme > > Word, > > My .02?, > > On Apr 7, 2010, at 1:51 PM, Matt Juszczak wrote: > >>> Any reason you don't use functionality as part of the name? >> >> Security by obscurity :) > > Well, yikes- not sure I like that reason, but I can give a different/functional one: > > I'd typically rather name the machines uniquely, (sparrow.hostname.com, crow.hostname.com) instead of functionally, (e.g. www2.hostname.com, www3.hostname.com). > > That way, when the box which was www2.foo.com gets re-purposed for use as svnbackup.foo.com, the machine name doesn't have to be completely changed- and documentation and other materials related to that server don't have to be changed- IMHO it's a crazy task to always be updating documentation across an organization just to change names around... > > !!! Then, for specific services, domain names can be mapped as CNAME aliases (or A records, depending on context/use), to any of the boxes- without much fuss. Examples, www.publicdomainname.com, svn.domain.internal, wiki.domain.internal, etc... The stuff people actually use. When failing-over to a backup for a given service, or whatever, it's less disruptive for (n) number of users- (nothing less disruptive than telling a team of devs they all have to change their source code repo in their IDE's and such). > > I'm a big fan of keeping boxen and services separate identities, as far as dns goes. > > Last important thing for me: for those names, it's really good to have pre-generated lists of the names to use, because it's often the last thing I want to figure out while unboxing/deploying a server. > Things I've used/inherited in the past: elements from the periodic table, names of birds (from a little book I had in my desk), names of fish, food, island names from around the world, bodies of water, rivers, (stay away from cities and physical locations because eventually every org ends up with some idea of where the boxes physically are). > >> >>> Your naming schemse seems sane/sound. >> >> Awesome, thanks! > > > I agree- your scheme is simple and clean, and I've had great results with the sort of naming scheme listed. I have a few personal things to add, (as I have done similar setups), however it increases the management/overhead of naming so I can't say they're hard-rules I follow: > > -- > Regarding > unique name for the machine, not it's function/service > > Regarding > I tend to use the name of the physical network zone instead, for example: > ..internalname > e.g.: > servername.computegrid.internalname > servername.utilitynet.internalname > servername.corenetwork.internalname > servername.officetrusted.internalname > servername.officeuntrusted.internalname > servername.dmz.internalname > With this method, I prefer to keep the documentation about the network out of the machine host name. > > Regarding .internal > Something SHORT and unique-ish to your org, but not conflicting with TLD's! (make it easy to type, everyone will be typing it a lot!) > -- > ..domain.net -> public IP > > For public use, I really only find value in this naming if it's matched with PTR records, (if we're managing PTR internally) Otherwise, I don't bother with it at all and focus on the pub. fqdn mappings... > > -- > ..domain.internal -> Local IP > I love this as hostname settings for machines, as well as keeping it resolvable on the internal networks. > > However, for the sake of scriptability/manageability, I tend to also make sure the following convenience is in place: > .internal > > This way, users/developers don't need to constantly be aware of which network zone is which, and if a box/service/idea is moved to another network zone, scripts/programs set to reach it still just work. If the machine is moved to a different network zone, scripts still work and users still can get to it. > It's also far less typing, important to me as things grow. > > I tend to set this kind of thing up with internal DNS using Bind Include statements in my zone files, keeping the host mappings in single files- I'd bet this is easy with djbdns too. > This strategy allows for many DNS names to be given for a single host, yet keeping management simple and consolidated to individual zone files. > -- > > A long .02?, > > Best, > .ike > From skreuzer at exit2shell.com Thu Apr 8 10:20:47 2010 From: skreuzer at exit2shell.com (Steven Kreuzer) Date: Thu, 8 Apr 2010 10:20:47 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> References: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> Message-ID: <00FCA2B9-04F5-4D5D-8718-5D79D8CE0193@exit2shell.com> On Apr 8, 2010, at 10:06 AM, Matt Juszczak wrote: > Hi ike, > > Thanks! Two comments. First, the security by obscurity sort of was a joke =) but yes, we don't want to put the description in in case the box gets repuropsed, but more so in case the box gets multi-purposed. Can't tell you how many times someone insists that the primary ldap server is now the primary dns server too. Then what? ldap01 is no longer valid. I worked for a company that had thousands of servers in locations all over the world and early on they made the dumb decision of making the hostname a combination of the location, and either an "s" for server or "n" for network and then an incrementing number. The reasoning for this was that we could simply take a box and change its purpose and you wouldn't have to rename it. I am sure at first it worked out quite well, but when you start to get into the hundreds of boxes it became a real pain because someone would go "application x in location y doesn't seem to be working" and then I would have to spend 5 minutes figuring out where application x in location y lives. I am sure you are going to counter this argument by saying you are going to keep very good documentation as to what is running where, but I can promise you error and outdated information are going to end up in your documentation and you are only going to discover them when something is already wrong and its going to make things much much worse. Why not take all your backend services such as dns and ldap and place them on boxes called "admin" or something like that and then use cnames to make ldap01.site point to admin1.site and ldap02.site point to admin2.site and ns1.site point to admin2.site and ns2.site point to admin1.site > > Second, ill do the local hosts, but ill do: > > boxname.domain.internal > > And make the search path domain.internal. Any objections to that? This would be instead of boxname.internal. > > Matt > > -----Original Message----- > From: Isaac Levy > Date: Thu, 8 Apr 2010 09:57:53 > To: Matt Juszczak > Cc: Francisco Reyes; > Subject: Re: [nycbug-talk] Sanity check on new naming scheme > > Word, > > My .02?, > > On Apr 7, 2010, at 1:51 PM, Matt Juszczak wrote: > >>> Any reason you don't use functionality as part of the name? >> >> Security by obscurity :) > > Well, yikes- not sure I like that reason, but I can give a different/functional one: > > I'd typically rather name the machines uniquely, (sparrow.hostname.com, crow.hostname.com) instead of functionally, (e.g. www2.hostname.com, www3.hostname.com). > > That way, when the box which was www2.foo.com gets re-purposed for use as svnbackup.foo.com, the machine name doesn't have to be completely changed- and documentation and other materials related to that server don't have to be changed- IMHO it's a crazy task to always be updating documentation across an organization just to change names around... > > !!! Then, for specific services, domain names can be mapped as CNAME aliases (or A records, depending on context/use), to any of the boxes- without much fuss. Examples, www.publicdomainname.com, svn.domain.internal, wiki.domain.internal, etc... The stuff people actually use. When failing-over to a backup for a given service, or whatever, it's less disruptive for (n) number of users- (nothing less disruptive than telling a team of devs they all have to change their source code repo in their IDE's and such). > > I'm a big fan of keeping boxen and services separate identities, as far as dns goes. > > Last important thing for me: for those names, it's really good to have pre-generated lists of the names to use, because it's often the last thing I want to figure out while unboxing/deploying a server. > Things I've used/inherited in the past: elements from the periodic table, names of birds (from a little book I had in my desk), names of fish, food, island names from around the world, bodies of water, rivers, (stay away from cities and physical locations because eventually every org ends up with some idea of where the boxes physically are). > >> >>> Your naming schemse seems sane/sound. >> >> Awesome, thanks! > > > I agree- your scheme is simple and clean, and I've had great results with the sort of naming scheme listed. I have a few personal things to add, (as I have done similar setups), however it increases the management/overhead of naming so I can't say they're hard-rules I follow: > > -- > Regarding > unique name for the machine, not it's function/service > > Regarding > I tend to use the name of the physical network zone instead, for example: > ..internalname > e.g.: > servername.computegrid.internalname > servername.utilitynet.internalname > servername.corenetwork.internalname > servername.officetrusted.internalname > servername.officeuntrusted.internalname > servername.dmz.internalname > With this method, I prefer to keep the documentation about the network out of the machine host name. > > Regarding .internal > Something SHORT and unique-ish to your org, but not conflicting with TLD's! (make it easy to type, everyone will be typing it a lot!) > -- > ..domain.net -> public IP > > For public use, I really only find value in this naming if it's matched with PTR records, (if we're managing PTR internally) Otherwise, I don't bother with it at all and focus on the pub. fqdn mappings... > > -- > ..domain.internal -> Local IP > I love this as hostname settings for machines, as well as keeping it resolvable on the internal networks. > > However, for the sake of scriptability/manageability, I tend to also make sure the following convenience is in place: > .internal > > This way, users/developers don't need to constantly be aware of which network zone is which, and if a box/service/idea is moved to another network zone, scripts/programs set to reach it still just work. If the machine is moved to a different network zone, scripts still work and users still can get to it. > It's also far less typing, important to me as things grow. > > I tend to set this kind of thing up with internal DNS using Bind Include statements in my zone files, keeping the host mappings in single files- I'd bet this is easy with djbdns too. > This strategy allows for many DNS names to be given for a single host, yet keeping management simple and consolidated to individual zone files. > -- > > A long .02?, > > Best, > .ike > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -- Steven Kreuzer http://www.exit2shell.com/~skreuzer From mikel.king at olivent.com Thu Apr 8 10:37:29 2010 From: mikel.king at olivent.com (mikel king) Date: Thu, 8 Apr 2010 10:37:29 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> References: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> Message-ID: <3194E6D8-FDF5-41AD-BD67-183867932649@olivent.com> On Apr 8, 2010, at 10:06 AM, Matt Juszczak wrote: > Hi ike, > > Thanks! Two comments. First, the security by obscurity sort of was > a joke =) but yes, we don't want to put the description in in case > the box gets repuropsed, but more so in case the box gets multi- > purposed. Can't tell you how many times someone insists that the > primary ldap server is now the primary dns server too. Then what? > ldap01 is no longer valid. > > Second, ill do the local hosts, but ill do: > > boxname.domain.internal > > And make the search path domain.internal. Any objections to that? > This would be instead of boxname.internal. > > Matt You can forgo the whole .internal or .local or .lcl naming scheme altogether. I my opinion it adds a layer of complexity that really isn't necessary. Of course you must careful with your IP addressing, and that you do not publish the internal DNS services out to the public. In any case it makes things cleaner for your user base especially if your organization has any road warriors or a lot of mobile devices that do WIFI. It's just easier if mail.mydomain.com always points to the right IP address regardless of where I connect my laptop, be it in the office or at Bryant Park. Regards, Mikel King CEO, Olivent Technologies Senior Editor, BSD News Network Columnist, BSD Magazine 6 Alpine Court, Medford, NY 11763 o: 631.627.3055 c: 631.796.1499 skype:mikel.king http://olivent.com http://www.linkedin.com/in/mikelking http://twitter.com/mikelking -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at atopia.net Thu Apr 8 10:39:06 2010 From: matt at atopia.net (Matt Juszczak) Date: Thu, 8 Apr 2010 10:39:06 -0400 (EDT) Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: <3194E6D8-FDF5-41AD-BD67-183867932649@olivent.com> References: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> <3194E6D8-FDF5-41AD-BD67-183867932649@olivent.com> Message-ID: > You can forgo the whole .internal or .local or .lcl naming scheme altogether. I my opinion it adds a layer of complexity > that really isn't necessary. Of course you must careful with your IP addressing, and that you do not publish the internal > DNS services out to the public. In any case it makes things cleaner for your user base especially if your organization > has any road warriors or a lot of mobile devices that do WIFI. It's just easier if mail.mydomain.com always points to the > right IP address regardless of where I connect my laptop, be it in the office or at Bryant Park. Thanks for the suggestion, but I'm actually bitterly against split-horizon DNS for multiple reasons :) -Matt From o_sleep at belovedarctos.com Thu Apr 8 11:57:54 2010 From: o_sleep at belovedarctos.com (Bjorn Nelson) Date: Thu, 08 Apr 2010 11:57:54 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: <00FCA2B9-04F5-4D5D-8718-5D79D8CE0193@exit2shell.com> References: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> <00FCA2B9-04F5-4D5D-8718-5D79D8CE0193@exit2shell.com> Message-ID: <4BBDFD02.4030504@belovedarctos.com> Steven Kreuzer wrote: > I worked for a company that had thousands of servers in locations all over the world and early on they made the dumb decision of making the hostname a combination of the location, and either an "s" for server or "n" for network and then an incrementing number. The reasoning for this was that we could simply take a box and change its purpose and you wouldn't have to rename it. I am sure at first it worked out quite well, but when you start to get into the hundreds of boxes it became a real pain because someone would go "application x in location y doesn't seem to be working" and then I would have to spend 5 minutes figuring out where application x in location y lives. When it gets to this level, it makes real sense to have a configuration management database. Basically, something that allows you to say "what is hostname(s) for application x?" We built this in font of our application management system. I am kind of curious if anyone has tried to hook something like this up to dns directly. Imagine after templating your applications (which you usually do when setting them up for things like nagios), you then dump all the template names with hostname mappings as cnames in a dns backend db (or just to straight dns maps and hup it). Of course you would have to enforce dns friendly names for your templates but this could make the functional naming part of dns management an automated process. -Bjorn From matt at atopia.net Thu Apr 8 13:01:17 2010 From: matt at atopia.net (Matt Juszczak) Date: Thu, 8 Apr 2010 13:01:17 -0400 (EDT) Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: <4BBDFD02.4030504@belovedarctos.com> References: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> <00FCA2B9-04F5-4D5D-8718-5D79D8CE0193@exit2shell.com> <4BBDFD02.4030504@belovedarctos.com> Message-ID: Thanks for everyone's replies! From lists at stringsutils.com Thu Apr 8 13:57:19 2010 From: lists at stringsutils.com (Francisco Reyes) Date: Thu, 08 Apr 2010 13:57:19 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme References: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> Message-ID: Isaac Levy writes: > I'd typically rather name the machines uniquely, >(sparrow.hostname.com, crow.hostname.com) instead of functionally, (e.g. >www2.hostname.com, www3.hostname.com). One possible problem with that approach would be applications that try to reach machines by name. If a machine is repurposed and you did not use CNAMES or forgot to repoint a CNAME you could have programs reach a machine that is no longer doing what the program expects. Example: You have some type of "inbox" machine that gets data through FTP from process X. Target machine for process X is re-purposed, but it also accepts FTP with the same user/password. Now process X is silently broken because the sender is succeding on FTPing, but whatever was supposed to process the incoming files is looking somewhere else. I guess that with the proper change management any method will work. I think on a company with weak change management it may be easier to have something fail when a machine is repurposed and renamed. From matt at atopia.net Thu Apr 8 13:59:24 2010 From: matt at atopia.net (Matt Juszczak) Date: Thu, 8 Apr 2010 13:59:24 -0400 (EDT) Subject: [nycbug-talk] Sanity check on new naming scheme In-Reply-To: References: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> Message-ID: > One possible problem with that approach would be applications that try to > reach machines by name. If a machine is repurposed and you did not use CNAMES > or forgot to repoint a CNAME you could have programs reach a machine that is > no longer doing what the program expects. Example: You have some type of > "inbox" machine that gets data through FTP from process X. Target machine for > process X is re-purposed, but it also accepts FTP with the same > user/password. Now process X is silently broken because the sender is > succeding on FTPing, but whatever was supposed to process the incoming files > is looking somewhere else. > > I guess that with the proper change management any method will work. > I think on a company with weak change management it may be easier to have > something fail when a machine is repurposed and renamed. That's why you make the boxes generic - so people never really use the hostnames for functionality. If I have a box called "bob.bos01.domain.net", that should only ever be used as a maintenance hostname, never as a service hostname. From lists at stringsutils.com Thu Apr 8 14:05:42 2010 From: lists at stringsutils.com (Francisco Reyes) Date: Thu, 08 Apr 2010 14:05:42 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme References: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> <3194E6D8-FDF5-41AD-BD67-183867932649@olivent.com> Message-ID: mikel king writes: > You can forgo the whole .internal or .local or .lcl naming scheme > altogether. I my opinion it adds a layer of complexity that really isn't Unless the names represent NICs on different VLANs and programs need to use one or the other to reach a machine. Perfect example a machine that somehow acts as a data mover may only have access to the internal VLAN. Such machine would need to use only the internal names. Another example could be performance. Perhaps there are different switches/routers/routes.. on the internal side and it is more efficient to use the internal network for certain functions. From lists at stringsutils.com Thu Apr 8 14:15:56 2010 From: lists at stringsutils.com (Francisco Reyes) Date: Thu, 08 Apr 2010 14:15:56 -0400 Subject: [nycbug-talk] Sanity check on new naming scheme References: <6144A63D-2FBA-4CA6-B130-FD632AD67E81@diversaform.com> <749470082-1270735606-cardhu_decombobulator_blackberry.rim.net-1760085329-@bda188.bisx.prod.on.blackberry> Message-ID: Isaac Levy writes: >> but yes, we don't want to put the description in in case the box gets >> repuropsed, but more so in case the box gets multi-purposed. Can't tell > > Yep. I guess exceptions perhaps would be special-purpose hw in big clusters, www1, ww2, - or computenode1, computenode2, etc... where this naming is a part of a social strategy to keep the boxes purpose clear. I think that in the case of machines with multiple purpose what Ike mentioned, separating DNS from naming, is the best option. Also as Ike mentioned the naming of www1, www2,etc... is when there are clear purposes. For the mixed enviroment a non functional name with functional CNAMES may work well. Regardless to the approach, as others have mentioned you are going to need documentation somewhere of what is what. In my case because machines, for the most part, are single function it is simple to track and functional naming makes administration actually easier. At work some applications use an include file where targets are defined with an array. When there are changes the include file is updated and then distributed to all machines. Another possible way may be to have a table in a database and your apps connect to get the name/ip of where they have to connect for a certain task. From nikolai at fetissov.org Thu Apr 8 21:21:08 2010 From: nikolai at fetissov.org (Nikolai Fetissov) Date: Thu, 8 Apr 2010 21:21:08 -0400 Subject: [nycbug-talk] April 2010 meeting audio Message-ID: Folks, Audio recording of yesterday Nepenthes talk is online at http://www.fetissov.org/public/nycbug/nycbug-04-07-10.mp3 Cheers, -- Nikolai From nikolai at fetissov.org Thu Apr 8 21:56:49 2010 From: nikolai at fetissov.org (Nikolai Fetissov) Date: Thu, 8 Apr 2010 21:56:49 -0400 Subject: [nycbug-talk] April 2010 meeting audio In-Reply-To: <9E58CC0F-23FB-401A-8E2C-7905B7470E8C@mafcorp.net> References: <9E58CC0F-23FB-401A-8E2C-7905B7470E8C@mafcorp.net> Message-ID: <250a677bd4eb2e4f9e42248fd09723a7.squirrel@www.geekisp.com> Marco, I'm guessing you were aiming at the talk list. Cheers, -- Nikolai > The people that were at the Nepenthes talk yesterday please email me feed > back so I can tune the presentation. I'm submitting the talk to defcon in > august and I know it needs some tuning. > > Again thanks to George for having me talk at nycbug! > > Marco > As a student Einstein was no Einstein > Sent from my iPad > > On Apr 8, 2010, at 9:21 PM, "Nikolai Fetissov" > wrote: > >> Folks, >> >> Audio recording of yesterday Nepenthes talk is online at >> http://www.fetissov.org/public/nycbug/nycbug-04-07-10.mp3 >> >> Cheers, >> -- >> Nikolai >> >> _______________________________________________ >> talk mailing list >> talk at lists.nycbug.org >> http://lists.nycbug.org/mailman/listinfo/talk > From george at ceetonetechnology.com Fri Apr 9 12:38:36 2010 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 09 Apr 2010 12:38:36 -0400 Subject: [nycbug-talk] BarCamp in NYC Message-ID: <4BBF580C.9070103@ceetonetechnology.com> We have had regular discussions over the past year or so about organizing a BSD BarCamp-type event. . . If you weren't aware, a BarCamp is coming up in NYC next weekend, April 17-18. http://barcamp.org/BarCampNYC5 We strongly encourage people to get involved, with a particular eye to how we'd structure for a BSD-oriented event. I'd argue that since our "universe" of the BSD community isn't as large, we'd have to provide a bit more structure and direction, but that's an ongoing debate on the peripheries of talk@ :) g From tal at lopsanj.org Sun Apr 11 08:30:11 2010 From: tal at lopsanj.org (Tom Limoncelli) Date: Sun, 11 Apr 2010 08:30:11 -0400 Subject: [nycbug-talk] Special note to NYC-area folks about PICC http://picconf.org (May 7-8, 2010) Message-ID: Special note to NYC-area folks about PICC http://picconf.org (May 7-8, 2010 at the Hyatt Regency, New Brunswick, NJ). Don?t be afraid. It?s just New Jersey! The economy sucks. Training budgets are non-existent. That national conference you usually attend? Not going to happen. But your boss will probably let you attend a 2-day conference if it is inexpensive, has many of the nationally recognized speakers you would normally attend, and since it is a Friday/Saturday conference you?ll only miss one day of work. Heck, point out that staying nearby is more "green" than flying to a distant conference. We know you don?t love New Jersey. But we promise that except for a 3-block walk from the train station to the hotel, you can stay indoors the entire time and pretend you are still in the city. We promise! (There are some amazing restaurants within 1 block of the hotel. It?s a shame that the registration fee includes all meals.) Special NYC travel directions here: http://lopsanj.org/events/picc10/a-special-note-for-people-from-new-york-city-and-philly.html Speaker schedule and more at: http://picconf.org See you there! Tom ---------- Forwarded message ---------- From: Tom Limoncelli Date: Sat, Mar 20, 2010 at 3:48 PM Subject: LOPSA PICC: Speakers and topics announced (sysadmin conference, May 7-8, 2010, Hyatt Regency New Brunswick, New Jersey) What is LOPSA PICC? http://picconf.org Presentations, education, and fun. IT and syadmin (Linux/Unix, Windows, Networking & storage). 2 days, 1 night, conference. Low price/high value. Community-based, non-profit. May 7-8, 2010 @ Hyatt Regency New Brunswick, New Jersey. KEYNOTES: * David Blank-Edelman, "How SysAdmins Are Portrayed in Pop Culture" * Thomas A. Limoncelli, "Smooth Operations: Stopping the spiral of Emergency System Administration" * Eben Haber, IBM, "System Administrators in the Wild: What we've learned from watching you!" HALF-DAY TRAINING SESSIONS: * "Automating System Administration with Perl", David N. Blank-Edelman * "Essential IPv6 for Linux Administrators", Owen DeLong * "Help! Everyone hates our IT department", Thomas A. Limoncelli * "IT Policies: Why IT Policies are needed and how to develop them", David Parter * "In Search of "Senior"", Brian Jones * "Intro to Powershell: Automate like a Wizard", Joseph Kern * "Introduction to Virtualized Storage Management", Jesse Trucks * "Next Generation Storage Networking: Beyond Conventional SAN and NAS", Jacob Farmer * "Time Management for System Administrators: A New Approach", Thomas A. Limoncelli * "What's New in IIS 7.0/7.5?", Steve Heckler 45-MINUTE TALKS AND PRESENTATIONS: * An overview of Google's technologies: GFS, MapReduce, etc. * Budgeting for System Administrators * Drupal On-Demand * High Performance Computing across the WAN at NOAA * How to stop hating MySQL: Fixing common MySQL myths and mistakes * Job-Hunting Skills for System Administrators * Keeping Nagios Sane * Mentoring: It's for everyone! * Panel: Tech Women Rule! Creative Solutions for being a (or working with a) female technologist * Technical Community Response for the Haitian Earthquake * Using Hierarchical Protection Domains for Network Security THE "UNCONFERENCE": * 12 timeslots where YOU pick the topic! ("unconference") PLUS all attendees receive: * a 12-month LOPSA membership/renewal * a licence for Admin Arsenal (a $1000 value) * the awesome conference bag FUN STUFF TOO: * Friday night banquet and movie festival! * All meals! (Friday lunch only for people attending training classes) $249 without half-day tutorials (all meals except Friday lunch) $475 with half-day tutorials and all meals ($399 until March 22! Register now!) Where else can you find a regional conference with national speakers, hot topics that will help you advance your career, all meals included, and not have to travel 3,000 miles to get there? Find out more and register: http://picconf.org Twitter: @picconf Facebook: http://picconf.org/facebook Email: http://lopsanj.org/mailman/listinfo/picc2010-announce RSS: http://lopsanj.org/events/picc10/feed -- http://EverythingSysadmin.com -- http://www.TomOnTime.com Computer and network administrators... Spread the word! LOPSA New Jersey Professional IT Community Conference New Brunswick, NJ, May 7-8, 2010 -- http://picconf.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From tal at lopsanj.org Mon Apr 12 12:10:33 2010 From: tal at lopsanj.org (Tom Limoncelli) Date: Mon, 12 Apr 2010 12:10:33 -0400 Subject: [nycbug-talk] Video welcome messages from speakers (LOPSA PICC: May 7-8, 2010, New Brunswick, NJ) Message-ID: http://picconf.org now has some videos made by our keynote speakers. They're 3-5 minutes each. Check 'em out! Also, the homepage has a special note for people from NYC. Register today! Tom -- http://EverythingSysadmin.com -- http://www.TomOnTime.com Computer and network administrators... Spread the word! LOPSA New Jersey Professional IT Community Conference New Brunswick, NJ, May 7-8, 2010 -- http://picconf.org From mikel.king at olivent.com Tue Apr 13 17:24:55 2010 From: mikel.king at olivent.com (mikel king) Date: Tue, 13 Apr 2010 17:24:55 -0400 Subject: [nycbug-talk] USA Today hashtag contest Message-ID: Ok this is certainly not technical but If you haven't heard USA Today is running a contest for 501(c)(3) charities via Twitter. The contest winner will receive a full page color ad in USA Today which has an estimate value of $180,400. It does not say if the ad is a one time deal or a complete campaign but in either case a full page can do a lot to raise awareness about the winning charity and it's cause. While I am already involved helping the Boy Scouts of America, who is celebrating their 100th year, with the contest; I thought it might be worth mentioning since we do have several BSD related 501(c)(3) organizations throughout the community. If you are interested you can read more here http://bit.ly/aq6LQn about what the BSA is doing with the contest. Please forward this on to every one you know that has a twitter account... You can read the USA Today announcement here: http://bit.ly/bl5Poa Regards, Mikel King -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Fri Apr 16 10:43:59 2010 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 16 Apr 2010 10:43:59 -0400 Subject: [nycbug-talk] BarCamp Message-ID: <4BC877AF.1000706@ceetonetechnology.com> Tomorrow is BarCamp. . . http://barcamp.org/BarCampNYC5 I will be attending for at least part of the time, so hit me offlist if you are also attending. Again, I strongly recommend that others attend, especially for the point of understanding how it's structured and how it operates, for the purposes of NYCBUG potentially doing its own. g From max at laiers.net Sun Apr 18 16:23:48 2010 From: max at laiers.net (Max Laier) Date: Sun, 18 Apr 2010 22:23:48 +0200 Subject: [nycbug-talk] Stranded in NYC ... Message-ID: Hi Guys, my name is Max - the FreeBSD pf guy - and I'm currently stranded in NYC due to the volcano. I'm staying at the HINY at Amsterdam and 103rd. If anyone is up for a beer or something - let me know. Somewhere close would be nice, but I have already figured out how to ride the subway, too ;) I meant to send this out this morning, but forgot to subscribe first and was bounced. Tonight might be somewhat short notice, I suppose :-\ But since it doesn't look like there will be a flight out tomorrow either, I will be available. Just let me know when & where. I'll be around the email till at least 8pm tonight - so if you are in the area and want to have a beer, let me know. I'm sick of hotels, airports, and airline recordings over the telephone and would love nothing(*) more than a beer with BSD folk. (*) other than getting home by clicking my heels ... -- /"\ Best regards, | mlaier at freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier at EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From max at laiers.net Sun Apr 18 18:39:13 2010 From: max at laiers.net (Max Laier) Date: Mon, 19 Apr 2010 00:39:13 +0200 Subject: [nycbug-talk] Stranded in NYC ... In-Reply-To: References: Message-ID: <70585c126479bb53bbbb94d2658f0514.squirrel@mlaier.homeunix.org> Meeting up with Ivan at 7th and 53rd at 8:30pm. http://max.laiers.net/ <- this is me (just add 4 days of hostel life, rinkles and stubble ;)). My mobile is +49 175 2067165. If you want to tag along ... see you in a bit. Am So, 18.04.2010, 22:23 schrieb Max Laier: > Hi Guys, > > my name is Max - the FreeBSD pf guy - and I'm currently stranded in NYC > due to the volcano. I'm staying at the HINY at Amsterdam and 103rd. If > anyone is up for a beer or something - let me know. Somewhere close would > be nice, but I have already figured out how to ride the subway, too ;) > > I meant to send this out this morning, but forgot to subscribe first and > was bounced. Tonight might be somewhat short notice, I suppose :-\ But > since it doesn't look like there will be a flight out tomorrow either, I > will be available. Just let me know when & where. > > I'll be around the email till at least 8pm tonight - so if you are in the > area and want to have a beer, let me know. I'm sick of hotels, airports, > and airline recordings over the telephone and would love nothing(*) more > than a beer with BSD folk. > > (*) other than getting home by clicking my heels ... > > -- > /"\ Best regards, | mlaier at freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier at EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > > > !DSPAM:4bcb6b48550937491321374! > > -- /"\ Best regards, | mlaier at freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier at EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From matt at atopia.net Sun Apr 18 19:13:18 2010 From: matt at atopia.net (Matt Juszczak) Date: Sun, 18 Apr 2010 19:13:18 -0400 (EDT) Subject: [nycbug-talk] Stranded in NYC ... In-Reply-To: <70585c126479bb53bbbb94d2658f0514.squirrel@mlaier.homeunix.org> References: <70585c126479bb53bbbb94d2658f0514.squirrel@mlaier.homeunix.org> Message-ID: > Meeting up with Ivan at 7th and 53rd at 8:30pm. http://max.laiers.net/ <- > this is me (just add 4 days of hostel life, rinkles and stubble ;)). My > mobile is +49 175 2067165. If you want to tag along ... see you in a bit. Would have loved to - I was in New York until this morning :( Next time. If you get stranded in Boston, let me know! (that goes to anyone on this list) -M From mikel.king at olivent.com Sun Apr 18 20:19:15 2010 From: mikel.king at olivent.com (mikel king) Date: Sun, 18 Apr 2010 20:19:15 -0400 Subject: [nycbug-talk] Stranded in NYC ... In-Reply-To: References: Message-ID: On Apr 18, 2010, at 4:23 PM, Max Laier wrote: > Hi Guys, > > my name is Max - the FreeBSD pf guy - and I'm currently stranded in > NYC > due to the volcano. I'm staying at the HINY at Amsterdam and > 103rd. If > anyone is up for a beer or something - let me know. Somewhere close > would > be nice, but I have already figured out how to ride the subway, too ;) > > I meant to send this out this morning, but forgot to subscribe first > and > was bounced. Tonight might be somewhat short notice, I suppose :-\ > But > since it doesn't look like there will be a flight out tomorrow > either, I > will be available. Just let me know when & where. > > I'll be around the email till at least 8pm tonight - so if you are > in the > area and want to have a beer, let me know. I'm sick of hotels, > airports, > and airline recordings over the telephone and would love nothing(*) > more > than a beer with BSD folk. > > (*) other than getting home by clicking my heels ... > > -- > /"\ Best regards, | mlaier at freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier at EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News Max, If you are still here on Tuesday, I'll be at 92nd for the #140conf, so there may be a chance for a beer...;-D Cheers, Mikel King CEO, Olivent Technologies Senior Editor, BSD News Network Columnist, BSD Magazine 6 Alpine Court, Medford, NY 11763 o: 631.627.3055 c: 631.796.1499 skype:mikel.king http://olivent.com http://www.linkedin.com/in/mikelking http://twitter.com/mikelking -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at atopia.net Tue Apr 20 17:48:50 2010 From: matt at atopia.net (Matt Juszczak) Date: Tue, 20 Apr 2010 17:48:50 -0400 (EDT) Subject: [nycbug-talk] OT: Puppet/LDAP on EC2 Message-ID: Hello fellow sysfolk, I'm wondering if any of you have experience with EC2. I'm looking to setup a standard environment where basically puppet manages all, even on EC2. The hard part is being able to dynamically launch instances and "tell" them to point to puppet, as the boxes need to have their non-EC2 hostname set first before the initial puppet connection (so I can validate the appropriate SSL cert with puppet-ca). The hard part at this point is figuring out how exactly to get the hostname set and puppet launched initially. I can either: * set user-data that will install puppet, somehow "fetch" the hostname of the box externally, set the hostname, set /etc/resolv.conf to point to the appropriate DNS servers, and then launch puppet (and then let puppet put the real /etc/resolv.conf in place, as well as other packages). or * create an AMI that has all of this base stuff in it, but I'd still have to find a way for the image to get what hostname it should be, as that needs to be set prior to the box launching puppet (otherwise, if the box connects to puppet as amazon-ec2-hostname-12.14-121.amazonws.com, puppet won't know what the box is and/or what its role is) Any suggestions? Anyone have experience with this? Is there a way in Amazon's API to tell it what to set the actual hostname on the box to, other than user-data? Thanks, -Matt From lists at stringsutils.com Wed Apr 21 11:41:11 2010 From: lists at stringsutils.com (Francisco Reyes) Date: Wed, 21 Apr 2010 11:41:11 -0400 Subject: [nycbug-talk] OT: Puppet/LDAP on EC2 References: Message-ID: Matt Juszczak writes: > * set user-data that will install puppet, somehow "fetch" the hostname of > the box externally, set the hostname, set /etc/resolv.conf to point to the > appropriate DNS servers, and then launch puppet (and then let puppet put > the real /etc/resolv.conf in place, as well as other packages). That approach sounds best. Are all the machines going to be the same type? You could have a table, when the machines comes up you connect to a DB and see what name is available and assign the machine the name. Track on the table what name has an EC2 instance linked to it. From matt at atopia.net Wed Apr 21 15:29:43 2010 From: matt at atopia.net (Matt Juszczak) Date: Wed, 21 Apr 2010 15:29:43 -0400 (EDT) Subject: [nycbug-talk] OT: Puppet/LDAP on EC2 In-Reply-To: References: Message-ID: >> * set user-data that will install puppet, somehow "fetch" the hostname of >> the box externally, set the hostname, set /etc/resolv.conf to point to the >> appropriate DNS servers, and then launch puppet (and then let puppet put >> the real /etc/resolv.conf in place, as well as other packages). > > That approach sounds best. > Are all the machines going to be the same type? No, but the naming scheme will be. > You could have a table, when the machines comes up you connect to a DB and > see what name is available and assign the machine the name. Right. I was just going to have it fetch its name from a script, based on the EC2 meta data. > Track on the table what name has an EC2 instance linked to it. Right. I would most likely use LDAP, since that's what we're doing anyway. Thanks, Matt From matt at atopia.net Wed Apr 21 16:30:28 2010 From: matt at atopia.net (Matt Juszczak) Date: Wed, 21 Apr 2010 16:30:28 -0400 (EDT) Subject: [nycbug-talk] OT: blogging software Message-ID: Hi folks, Can anyone recommend a good blogging software package (like wordpress) that has good access controls? I'd like to setup a blog where articles default to private, but I can "publicize" any article at anytime, and it'll be listed on the home page. However, private articles are still listed on the home page, but only to certain logged in users. It seems wordpress has one *OR* the other, but not both. You can either make the blog accessible to certain users ONLY, or to the public, but not a mix and match. Thanks, Matt From matt at atopia.net Wed Apr 21 16:36:15 2010 From: matt at atopia.net (Matt Juszczak) Date: Wed, 21 Apr 2010 16:36:15 -0400 (EDT) Subject: [nycbug-talk] OT: blogging software In-Reply-To: References: Message-ID: (Sorry, I meant to post this to lists.nyphp.org, but mis-typed. This is very off topic for a BSD users group list, but I will await replies anyway before re-posting) -Matt On Wed, 21 Apr 2010, Matt Juszczak wrote: > Hi folks, > > Can anyone recommend a good blogging software package (like wordpress) that > has good access controls? I'd like to setup a blog where articles default to > private, but I can "publicize" any article at anytime, and it'll be listed on > the home page. However, private articles are still listed on the home page, > but only to certain logged in users. > > It seems wordpress has one *OR* the other, but not both. You can either make > the blog accessible to certain users ONLY, or to the public, but not a mix > and match. > > Thanks, > > Matt > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > From lists at stringsutils.com Wed Apr 21 22:27:43 2010 From: lists at stringsutils.com (Francisco Reyes) Date: Wed, 21 Apr 2010 22:27:43 -0400 Subject: [nycbug-talk] OT: blogging software References: Message-ID: Matt Juszczak writes: > (Sorry, I meant to post this to lists.nyphp.org, but mis-typed. This is > very off topic for a BSD users group list, but I will await replies anyway > before re-posting) We have had even more off-topic discussions.. Hey.. as long as you hosted on a BSD machine we are happy. :-) Check Serendipity. I tried it in the past and it had some access controls (don't recall how good thy were though). http://www.s9y.org Easy to use and manage from what I recall. This review, http://needforcontent.com/serendipity-112-review, claims there is a decent control system in Serendipity. That site also seems to have reviews of other packages. From spork at bway.net Thu Apr 22 00:07:55 2010 From: spork at bway.net (Charles Sprickman) Date: Thu, 22 Apr 2010 00:07:55 -0400 (EDT) Subject: [nycbug-talk] OT: blogging software In-Reply-To: References: Message-ID: On Wed, 21 Apr 2010, Francisco Reyes wrote: > Matt Juszczak writes: > >> (Sorry, I meant to post this to lists.nyphp.org, but mis-typed. This is >> very off topic for a BSD users group list, but I will await replies anyway >> before re-posting) > > We have had even more off-topic discussions.. Hey.. as long as you hosted on > a BSD machine we are happy. :-) > > Check Serendipity. I tried it in the past and it had some access controls > (don't recall how good thy were though). > http://www.s9y.org > > Easy to use and manage from what I recall. > This review, http://needforcontent.com/serendipity-112-review, claims there > is a decent control system in Serendipity. That site also seems to have > reviews of other packages. Speaking of WordPress, I am using it, but I'm a bit paranoid. When I was looking at the hundreds of blog packages available, I started digging around to see what was behind the lovely gloss and sheen of the WP interface. I stumbled on this lovely rant by one of the WP developers: http://ma.tt/2007/06/on-wp-security/ And I followed the link to the posting critical of WP security: http://www.wincent.com/a/about/wincent/weblog/archives/2007/06/wordpress_flaw.php That first link has lots of religious battles in the comments, but what really concerned me was not either "side's" position, but the politics. My sense is that the WP team is mostly designers who took up php. From my own experience, that usually means bad news as far as security goes. Not that I'm any better, but I'm also not a programmer by trade, so I'll throw some stones... Something about the tone of the WP post really rubbed me the wrong way. Of course, I'm still running it... but I feel a little dirty. :) Charles > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > From nick at hackermonkey.com Wed Apr 28 12:10:43 2010 From: nick at hackermonkey.com (Nick Danger) Date: Wed, 28 Apr 2010 12:10:43 -0400 Subject: [nycbug-talk] PFSense / Ike? Message-ID: <4BD85E03.7030700@hackermonkey.com> Looking for Ike who gave the PFSense talk in March. I can't seem to find where I put his email address. IF you could either share, or let him know to drop me a line? Thank you :-) Nick From matt at atopia.net Wed Apr 28 12:17:09 2010 From: matt at atopia.net (Matt Juszczak) Date: Wed, 28 Apr 2010 12:17:09 -0400 (EDT) Subject: [nycbug-talk] PFSense / Ike? In-Reply-To: <4BD85E03.7030700@hackermonkey.com> References: <4BD85E03.7030700@hackermonkey.com> Message-ID: I've been looking for him too :) On Wed, 28 Apr 2010, Nick Danger wrote: > > Looking for Ike who gave the PFSense talk in March. I can't seem to find > where I put his email address. IF you could either share, or let him > know to drop me a line? > > Thank you :-) > Nick > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > From george at ceetonetechnology.com Wed Apr 28 12:18:08 2010 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 28 Apr 2010 12:18:08 -0400 Subject: [nycbug-talk] PFSense / Ike? In-Reply-To: References: <4BD85E03.7030700@hackermonkey.com> Message-ID: <4BD85FC0.1080808@ceetonetechnology.com> On 04/28/10 12:17, Matt Juszczak wrote: > I've been looking for him too :) > He's alive! I just pinged him offlist. . . g From matt at atopia.net Fri Apr 30 09:44:59 2010 From: matt at atopia.net (Matt Juszczak) Date: Fri, 30 Apr 2010 13:44:59 +0000 Subject: [nycbug-talk] Temporary bandwidth? Message-ID: <339625714-1272635100-cardhu_decombobulator_blackberry.rim.net-1100858215-@bda209.bisx.prod.on.blackberry> Folks, I have a bunch of bandwidth free for at least a month or two but perhaps longer. If anyone has any use for it, let me know. I am willing to rent it out cheaply. This would have to be setup where you would have a dedicated box and the bandwidth available to the box would be like 30TB/mo if that could even be reached... Also, if anyone has any ideas on how I could use it, let me know. A mirror maybe? The negative is that I don't know how long it will last. Matt From george at ceetonetechnology.com Fri Apr 30 10:31:07 2010 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 30 Apr 2010 10:31:07 -0400 Subject: [nycbug-talk] Temporary bandwidth? In-Reply-To: <339625714-1272635100-cardhu_decombobulator_blackberry.rim.net-1100858215-@bda209.bisx.prod.on.blackberry> References: <339625714-1272635100-cardhu_decombobulator_blackberry.rim.net-1100858215-@bda209.bisx.prod.on.blackberry> Message-ID: <4BDAE9AB.8090509@ceetonetechnology.com> On 04/30/10 09:44, Matt Juszczak wrote: > Folks, > > I have a bunch of bandwidth free for at least a month or two but > perhaps longer. If anyone has any use for it, let me know. I am > willing to rent it out cheaply. > > This would have to be setup where you would have a dedicated box and > the bandwidth available to the box would be like 30TB/mo if that > could even be reached... > > Also, if anyone has any ideas on how I could use it, let me know. A > mirror maybe? The negative is that I don't know how long it will > last. > Without knowing details. . . I'd second the mirrors for the projects, if you have the space. And a nice fat Tor node. . . . even as a bridge. torproject.org/bridges g From skreuzer at exit2shell.com Fri Apr 30 12:12:42 2010 From: skreuzer at exit2shell.com (Steven Kreuzer) Date: Fri, 30 Apr 2010 12:12:42 -0400 Subject: [nycbug-talk] Temporary bandwidth? In-Reply-To: <339625714-1272635100-cardhu_decombobulator_blackberry.rim.net-1100858215-@bda209.bisx.prod.on.blackberry> References: <339625714-1272635100-cardhu_decombobulator_blackberry.rim.net-1100858215-@bda209.bisx.prod.on.blackberry> Message-ID: On Apr 30, 2010, at 9:44 AM, Matt Juszczak wrote: > Folks, > > I have a bunch of bandwidth free for at least a month or two but perhaps longer. If anyone has any use for it, let me know. I am willing to rent it out cheaply. > > This would have to be setup where you would have a dedicated box and the bandwidth available to the box would be like 30TB/mo if that could even be reached... > > Also, if anyone has any ideas on how I could use it, let me know. A mirror maybe? The negative is that I don't know how long it will last. Seed some of the FreeBSD ISOs via bittorrent http://torrents.freebsd.org:8080/ -- Steven Kreuzer http://www.exit2shell.com/~skreuzer