From edlinuxguru at gmail.com  Mon Aug  1 16:41:21 2011
From: edlinuxguru at gmail.com (Edward Capriolo)
Date: Mon, 1 Aug 2011 16:41:21 -0400
Subject: [nycbug-talk] Any web stat program that collects data on time to
	serve
Message-ID: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>

I have been tasked with collecting the time-to-serve (milliseconds) from
apache logs. I know this is a really fun and interesting tasks. I setup
awstats which I thought had this out of the box. I was wrong. Does anyone
know a tool/package that can collect and display 'time to serve' in a
meaningful way to try and help find "the slow page". I am looking for
something I do not have to code up myself, because frankly then i am
responsible for it indefinitely. (and I have other things to deal with)

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110801/1d3fcb12/attachment.htm>

From jason at dixongroup.net  Mon Aug  1 16:47:42 2011
From: jason at dixongroup.net (Jason Dixon)
Date: Mon, 1 Aug 2011 16:47:42 -0400
Subject: [nycbug-talk] Any web stat program that collects data on time
 to serve
In-Reply-To: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
References: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
Message-ID: <20110801204742.GL3605@dixongroup.net>

What about real-time waterfall stuff like that found in the browser
dev toolkits?

-J.

On Mon, Aug 01, 2011 at 04:41:21PM -0400, Edward Capriolo wrote:
> I have been tasked with collecting the time-to-serve (milliseconds) from
> apache logs. I know this is a really fun and interesting tasks. I setup
> awstats which I thought had this out of the box. I was wrong. Does anyone
> know a tool/package that can collect and display 'time to serve' in a
> meaningful way to try and help find "the slow page". I am looking for
> something I do not have to code up myself, because frankly then i am
> responsible for it indefinitely. (and I have other things to deal with)
> 
> Thanks

> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk


-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/


From chsnyder at gmail.com  Mon Aug  1 17:08:06 2011
From: chsnyder at gmail.com (Chris Snyder)
Date: Mon, 1 Aug 2011 17:08:06 -0400
Subject: [nycbug-talk] Any web stat program that collects data on time
	to serve
In-Reply-To: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
References: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
Message-ID: <CAPKKYS2tSFvjaX45555VTJJQ8TbbjaWjj4__hSa_iD8kRz=8og@mail.gmail.com>

On Mon, Aug 1, 2011 at 4:41 PM, Edward Capriolo <edlinuxguru at gmail.com> wrote:
> I have been tasked with collecting the time-to-serve (milliseconds) from
> apache logs. I know this is a really fun and interesting tasks. I setup
> awstats which I thought had this out of the box. I was wrong. Does anyone
> know a tool/package that can collect and display 'time to serve' in a
> meaningful way to try and help find "the slow page". I am looking for
> something I do not have to code up myself, because frankly then i am
> responsible for it indefinitely. (and I have other things to deal with)
>

As you've discovered, Apache doesn't log the request separate from the
response, so a log analyzer is no help here.

If the higher-ups are only interested in server time, as opposed to
page-load time, you can add code to the controller that keeps track of
how long it takes PHP (or whatever) to generate the response, from the
time the controller starts processing to the end. Then write the times
to a log or database. If there's not just one controller script, you
can use auto_prepend and auto_append configuration directives to
include the profiling code.

If they are interested in actual page load times in real browsers,
you'll need to use a javascript approach that starts timing in <head>,
stops on page load, and uses an ajax request to send the results to a
tracking server. There must be 3rd party services that do this.

As you can see, very different approaches depending on what you
actually want to measure.


From chsnyder at gmail.com  Mon Aug  1 17:12:12 2011
From: chsnyder at gmail.com (Chris Snyder)
Date: Mon, 1 Aug 2011 17:12:12 -0400
Subject: [nycbug-talk] Any web stat program that collects data on time
	to serve
In-Reply-To: <CAPKKYS2tSFvjaX45555VTJJQ8TbbjaWjj4__hSa_iD8kRz=8og@mail.gmail.com>
References: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
	<CAPKKYS2tSFvjaX45555VTJJQ8TbbjaWjj4__hSa_iD8kRz=8og@mail.gmail.com>
Message-ID: <CAPKKYS0jeYu-C3jLDxMHvw4NJ=_zP_jsjNJy82Hdvp+4n0GT0g@mail.gmail.com>

On Mon, Aug 1, 2011 at 5:08 PM, Chris Snyder <chsnyder at gmail.com> wrote:
>
> As you've discovered, Apache doesn't log the request separate from the
> response, so a log analyzer is no help here.

But wait -- this isn't strictly true. Apache can be made to log the
time taken to serve the request, in microseconds. It just doesn't do
so in the standard log format.

http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats

But getting awstats or another log analyzer to pay attention is another story.


From pete at nomadlogic.org  Mon Aug  1 17:11:14 2011
From: pete at nomadlogic.org (Pete Wright)
Date: Mon, 1 Aug 2011 21:11:14 +0000
Subject: [nycbug-talk] Any web stat program that collects data on time
	to serve
In-Reply-To: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
References: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
Message-ID: <20110801211110.GH74724@pv.nomadlogic.org>

On Mon, Aug 01, 2011 at 04:41:21PM -0400, Edward Capriolo wrote:
> I have been tasked with collecting the time-to-serve (milliseconds) from
> apache logs. I know this is a really fun and interesting tasks. I setup
> awstats which I thought had this out of the box. I was wrong. Does anyone
> know a tool/package that can collect and display 'time to serve' in a
> meaningful way to try and help find "the slow page". I am looking for
> something I do not have to code up myself, because frankly then i am
> responsible for it indefinitely. (and I have other things to deal with)
> 

assuming you are only interested knowing how long it takes for your
httpd server to serve up a page i reckon you are using mod_header in
apache and pulling pertinet fields from that.  i do not know of any
programs that will do this for you, but it seems like a pretty simple
script that you can drop into your monitoring agent of choice. 

http://httpd.apache.org/docs/current/mod/mod_headers.html

in prod environments i tend to rely on external vendors with
geographically distributed POPs to monitor response time to give me a
better view of how we are doing - keynote for example.

-pete

-- 
Pete Wright
pete at nomadlogic.org



From bonsaime at gmail.com  Mon Aug  1 17:16:54 2011
From: bonsaime at gmail.com (Jesse Callaway)
Date: Mon, 1 Aug 2011 17:16:54 -0400
Subject: [nycbug-talk] Any web stat program that collects data on time
	to serve
In-Reply-To: <CAPKKYS0jeYu-C3jLDxMHvw4NJ=_zP_jsjNJy82Hdvp+4n0GT0g@mail.gmail.com>
References: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
	<CAPKKYS2tSFvjaX45555VTJJQ8TbbjaWjj4__hSa_iD8kRz=8og@mail.gmail.com>
	<CAPKKYS0jeYu-C3jLDxMHvw4NJ=_zP_jsjNJy82Hdvp+4n0GT0g@mail.gmail.com>
Message-ID: <CAJU5ZBNy=L7SrAXbq5tKjrQQBixmLDngudMnSQniQN91MJ58=Q@mail.gmail.com>

On Mon, Aug 1, 2011 at 5:12 PM, Chris Snyder <chsnyder at gmail.com> wrote:

> On Mon, Aug 1, 2011 at 5:08 PM, Chris Snyder <chsnyder at gmail.com> wrote:
> >
> > As you've discovered, Apache doesn't log the request separate from the
> > response, so a log analyzer is no help here.
>
> But wait -- this isn't strictly true. Apache can be made to log the
> time taken to serve the request, in microseconds. It just doesn't do
> so in the standard log format.
>
> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
>
> But getting awstats or another log analyzer to pay attention is another
> story.
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>


correctamundo...

Gotta go with sec (simple event correlator) or collectd for the easiest way.
Otherwise you're writing your own filter program for the apache logs...
which i mean it's kinda cool that you can just add a pipe character to the
logfile name, like in perl. But...



-- 
-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110801/7b08b811/attachment.htm>

From edlinuxguru at gmail.com  Tue Aug  2 10:14:44 2011
From: edlinuxguru at gmail.com (Edward Capriolo)
Date: Tue, 2 Aug 2011 10:14:44 -0400
Subject: [nycbug-talk] Any web stat program that collects data on time
	to serve
In-Reply-To: <CAJU5ZBNy=L7SrAXbq5tKjrQQBixmLDngudMnSQniQN91MJ58=Q@mail.gmail.com>
References: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
	<CAPKKYS2tSFvjaX45555VTJJQ8TbbjaWjj4__hSa_iD8kRz=8og@mail.gmail.com>
	<CAPKKYS0jeYu-C3jLDxMHvw4NJ=_zP_jsjNJy82Hdvp+4n0GT0g@mail.gmail.com>
	<CAJU5ZBNy=L7SrAXbq5tKjrQQBixmLDngudMnSQniQN91MJ58=Q@mail.gmail.com>
Message-ID: <CAENxBwyGyHQ7HgxwuhLAwBq7hi+3hhhSzkiFoxVwrtuUcL==Qg@mail.gmail.com>

On Mon, Aug 1, 2011 at 5:16 PM, Jesse Callaway <bonsaime at gmail.com> wrote:

>
>
> On Mon, Aug 1, 2011 at 5:12 PM, Chris Snyder <chsnyder at gmail.com> wrote:
>
>> On Mon, Aug 1, 2011 at 5:08 PM, Chris Snyder <chsnyder at gmail.com> wrote:
>> >
>> > As you've discovered, Apache doesn't log the request separate from the
>> > response, so a log analyzer is no help here.
>>
>> But wait -- this isn't strictly true. Apache can be made to log the
>> time taken to serve the request, in microseconds. It just doesn't do
>> so in the standard log format.
>>
>> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
>>
>> But getting awstats or another log analyzer to pay attention is another
>> story.
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>>
>
>
> correctamundo...
>
> Gotta go with sec (simple event correlator) or collectd for the easiest
> way. Otherwise you're writing your own filter program for the apache logs...
> which i mean it's kinda cool that you can just add a pipe character to the
> logfile name, like in perl. But...
>
>
>
> --
> -jesse
>

To be clear I am using:
     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"
%T %D" with_time
        CustomLog     /opt/awstats-7.0/wwwroot/cgi-bin/gui-access-perf.log
with_time

%D is the time in microseconds.

http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats

I know I can script something and make my own report, but I really do not
want to. If find when you write these things yourself you end up taking care
of them indefinitely. I was hoping to find some tool that would break down
%D by page. hits/average(time to serve),max(time_to_serve),95th
percentile(time_to_serve).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110802/2b5fe5a5/attachment.htm>

From bonsaime at gmail.com  Tue Aug  2 12:52:29 2011
From: bonsaime at gmail.com (Jesse Callaway)
Date: Tue, 2 Aug 2011 12:52:29 -0400
Subject: [nycbug-talk] Any web stat program that collects data on time
	to serve
In-Reply-To: <CAENxBwyGyHQ7HgxwuhLAwBq7hi+3hhhSzkiFoxVwrtuUcL==Qg@mail.gmail.com>
References: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
	<CAPKKYS2tSFvjaX45555VTJJQ8TbbjaWjj4__hSa_iD8kRz=8og@mail.gmail.com>
	<CAPKKYS0jeYu-C3jLDxMHvw4NJ=_zP_jsjNJy82Hdvp+4n0GT0g@mail.gmail.com>
	<CAJU5ZBNy=L7SrAXbq5tKjrQQBixmLDngudMnSQniQN91MJ58=Q@mail.gmail.com>
	<CAENxBwyGyHQ7HgxwuhLAwBq7hi+3hhhSzkiFoxVwrtuUcL==Qg@mail.gmail.com>
Message-ID: <CAJU5ZBNnXqetzX1ruSCVJtSYXwzXGP=aCNt94FUm5KuM3BJazQ@mail.gmail.com>

On Tue, Aug 2, 2011 at 10:14 AM, Edward Capriolo <edlinuxguru at gmail.com>wrote:

>
>
> On Mon, Aug 1, 2011 at 5:16 PM, Jesse Callaway <bonsaime at gmail.com> wrote:
>
>>
>>
>> On Mon, Aug 1, 2011 at 5:12 PM, Chris Snyder <chsnyder at gmail.com> wrote:
>>
>>> On Mon, Aug 1, 2011 at 5:08 PM, Chris Snyder <chsnyder at gmail.com> wrote:
>>> >
>>> > As you've discovered, Apache doesn't log the request separate from the
>>> > response, so a log analyzer is no help here.
>>>
>>> But wait -- this isn't strictly true. Apache can be made to log the
>>> time taken to serve the request, in microseconds. It just doesn't do
>>> so in the standard log format.
>>>
>>> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
>>>
>>> But getting awstats or another log analyzer to pay attention is another
>>> story.
>>> _______________________________________________
>>> talk mailing list
>>> talk at lists.nycbug.org
>>> http://lists.nycbug.org/mailman/listinfo/talk
>>>
>>
>>
>> correctamundo...
>>
>> Gotta go with sec (simple event correlator) or collectd for the easiest
>> way. Otherwise you're writing your own filter program for the apache logs...
>> which i mean it's kinda cool that you can just add a pipe character to the
>> logfile name, like in perl. But...
>>
>>
>>
>> --
>> -jesse
>>
>
> To be clear I am using:
>      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-agent}i\" %T %D" with_time
>         CustomLog     /opt/awstats-7.0/wwwroot/cgi-bin/gui-access-perf.log
> with_time
>
> %D is the time in microseconds.
>
>
> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
>
> I know I can script something and make my own report, but I really do not
> want to. If find when you write these things yourself you end up taking care
> of them indefinitely. I was hoping to find some tool that would break down
> %D by page. hits/average(time to serve),max(time_to_serve),95th
> percentile(time_to_serve).
>
>
Could you commit to the apache snmp module? Then you might possibly be able
to pawn off maintenance at some point. Er... nah, that wouldn't really work
per-page. Just thinking out loud.

-- 
-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110802/a1459aa7/attachment.htm>

From lists at stringsutils.com  Tue Aug  2 13:20:15 2011
From: lists at stringsutils.com (Francisco Reyes)
Date: Tue, 02 Aug 2011 13:20:15 -0400
Subject: [nycbug-talk] Secure, SAS70, data centers in NYC?
Message-ID: <4E3831CF.8010900@stringsutils.com>

Anyone can recommend a SAS70 compliant DC in NYC?
This will be a backup/secondary DC. Primary in NJ (DataPipe).


From dave at donnerjack.com  Tue Aug  2 13:21:45 2011
From: dave at donnerjack.com (David Lawson)
Date: Tue, 2 Aug 2011 13:21:45 -0400
Subject: [nycbug-talk] Any web stat program that collects data on time
	to serve
In-Reply-To: <CAJU5ZBNnXqetzX1ruSCVJtSYXwzXGP=aCNt94FUm5KuM3BJazQ@mail.gmail.com>
References: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
	<CAPKKYS2tSFvjaX45555VTJJQ8TbbjaWjj4__hSa_iD8kRz=8og@mail.gmail.com>
	<CAPKKYS0jeYu-C3jLDxMHvw4NJ=_zP_jsjNJy82Hdvp+4n0GT0g@mail.gmail.com>
	<CAJU5ZBNy=L7SrAXbq5tKjrQQBixmLDngudMnSQniQN91MJ58=Q@mail.gmail.com>
	<CAENxBwyGyHQ7HgxwuhLAwBq7hi+3hhhSzkiFoxVwrtuUcL==Qg@mail.gmail.com>
	<CAJU5ZBNnXqetzX1ruSCVJtSYXwzXGP=aCNt94FUm5KuM3BJazQ@mail.gmail.com>
Message-ID: <1F11AEF1-97F1-4259-B9A5-774A238D3CD3@donnerjack.com>


On Aug 2, 2011, at 12:52 PM, Jesse Callaway wrote:

> 
> 
> On Tue, Aug 2, 2011 at 10:14 AM, Edward Capriolo <edlinuxguru at gmail.com> wrote:
> 
> 
> On Mon, Aug 1, 2011 at 5:16 PM, Jesse Callaway <bonsaime at gmail.com> wrote:
> 
> 
> On Mon, Aug 1, 2011 at 5:12 PM, Chris Snyder <chsnyder at gmail.com> wrote:
> On Mon, Aug 1, 2011 at 5:08 PM, Chris Snyder <chsnyder at gmail.com> wrote:
> >
> > As you've discovered, Apache doesn't log the request separate from the
> > response, so a log analyzer is no help here.
> 
> But wait -- this isn't strictly true. Apache can be made to log the
> time taken to serve the request, in microseconds. It just doesn't do
> so in the standard log format.
> 
> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
> 
> But getting awstats or another log analyzer to pay attention is another story.
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
> 
> 
> correctamundo... 
> 
> Gotta go with sec (simple event correlator) or collectd for the easiest way. Otherwise you're writing your own filter program for the apache logs... which i mean it's kinda cool that you can just add a pipe character to the logfile name, like in perl. But...
> 
> 
> 
> -- 
> -jesse
> 
> To be clear I am using: 
>      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %T %D" with_time
>         CustomLog     /opt/awstats-7.0/wwwroot/cgi-bin/gui-access-perf.log with_time
> 
> %D is the time in microseconds.
> 
> 
> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
> 
> I know I can script something and make my own report, but I really do not want to. If find when you write these things yourself you end up taking care of them indefinitely. I was hoping to find some tool that would break down %D by page. hits/average(time to serve),max(time_to_serve),95th percentile(time_to_serve). 
> 

Calamaris is a Squid log analysis tool, but it might support the kind of thing you're trying to do on Apache log files as well.

--Dave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110802/d1e825ca/attachment.htm>

From edlinuxguru at gmail.com  Tue Aug  2 13:23:14 2011
From: edlinuxguru at gmail.com (Edward Capriolo)
Date: Tue, 2 Aug 2011 13:23:14 -0400
Subject: [nycbug-talk] Any web stat program that collects data on time
	to serve
In-Reply-To: <CAJU5ZBNnXqetzX1ruSCVJtSYXwzXGP=aCNt94FUm5KuM3BJazQ@mail.gmail.com>
References: <CAENxBwwTp5HO9sfzaH+KS4RFs_0+VGZoywFYXFpNie8ktq4kPw@mail.gmail.com>
	<CAPKKYS2tSFvjaX45555VTJJQ8TbbjaWjj4__hSa_iD8kRz=8og@mail.gmail.com>
	<CAPKKYS0jeYu-C3jLDxMHvw4NJ=_zP_jsjNJy82Hdvp+4n0GT0g@mail.gmail.com>
	<CAJU5ZBNy=L7SrAXbq5tKjrQQBixmLDngudMnSQniQN91MJ58=Q@mail.gmail.com>
	<CAENxBwyGyHQ7HgxwuhLAwBq7hi+3hhhSzkiFoxVwrtuUcL==Qg@mail.gmail.com>
	<CAJU5ZBNnXqetzX1ruSCVJtSYXwzXGP=aCNt94FUm5KuM3BJazQ@mail.gmail.com>
Message-ID: <CAENxBwyEL2Z5+zxfONoEds1utyO0iWKLO0aZYUvoiRQmS8pb-A@mail.gmail.com>

On Tue, Aug 2, 2011 at 12:52 PM, Jesse Callaway <bonsaime at gmail.com> wrote:

>
>
> On Tue, Aug 2, 2011 at 10:14 AM, Edward Capriolo <edlinuxguru at gmail.com>wrote:
>
>>
>>
>> On Mon, Aug 1, 2011 at 5:16 PM, Jesse Callaway <bonsaime at gmail.com>wrote:
>>
>>>
>>>
>>> On Mon, Aug 1, 2011 at 5:12 PM, Chris Snyder <chsnyder at gmail.com> wrote:
>>>
>>>> On Mon, Aug 1, 2011 at 5:08 PM, Chris Snyder <chsnyder at gmail.com>
>>>> wrote:
>>>> >
>>>> > As you've discovered, Apache doesn't log the request separate from the
>>>> > response, so a log analyzer is no help here.
>>>>
>>>> But wait -- this isn't strictly true. Apache can be made to log the
>>>> time taken to serve the request, in microseconds. It just doesn't do
>>>> so in the standard log format.
>>>>
>>>> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
>>>>
>>>> But getting awstats or another log analyzer to pay attention is another
>>>> story.
>>>> _______________________________________________
>>>> talk mailing list
>>>> talk at lists.nycbug.org
>>>> http://lists.nycbug.org/mailman/listinfo/talk
>>>>
>>>
>>>
>>> correctamundo...
>>>
>>> Gotta go with sec (simple event correlator) or collectd for the easiest
>>> way. Otherwise you're writing your own filter program for the apache logs...
>>> which i mean it's kinda cool that you can just add a pipe character to the
>>> logfile name, like in perl. But...
>>>
>>>
>>>
>>> --
>>> -jesse
>>>
>>
>> To be clear I am using:
>>      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
>> \"%{User-agent}i\" %T %D" with_time
>>         CustomLog     /opt/awstats-7.0/wwwroot/cgi-bin/gui-access-perf.log
>> with_time
>>
>> %D is the time in microseconds.
>>
>>
>> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
>>
>> I know I can script something and make my own report, but I really do not
>> want to. If find when you write these things yourself you end up taking care
>> of them indefinitely. I was hoping to find some tool that would break down
>> %D by page. hits/average(time to serve),max(time_to_serve),95th
>> percentile(time_to_serve).
>>
>>
> Could you commit to the apache snmp module? Then you might possibly be able
> to pawn off maintenance at some point. Er... nah, that wouldn't really work
> per-page. Just thinking out loud.
>
> --
> -jesse
>

I am not trying to show off but I like closing up threads. I buckled and
just wrote it myself :(. I used a mix of shell, hadoop, and hive. This is
the gist of it:

sh produce_tts_stats.sh
awk '{print $7 "\t" $NF }' gui-access-perf.log > gui-access-perf_1
hadoop dfs -rm
/user/hive/warehouse/edward.db/time_to_serve/gui-access-perf_1
hadoop dfs -copyFromLocal gui-access-perf_1
/user/hive/warehouse/edward.db/time_to_serve

hive -e "create table time_to_serve fields terminated by '\t'" #<---one time
step

hive -e "
use edward;
set mapred.map.tasks=1;
set hive.cli.print.header=true;
select url,count(1) as count, max(tts) as tts_max ,min(tts) as tts_min
,avg(tts) as tts_avg from time_to_serve group by url order by tts_avg limit
4000000;
" > outfile

[edward at etl02 ~]$ head outfile
url count tts_max tts_min tts_avg
/ 21429 39520 37 72.10341126510804
/robots.txt 1 74 74 74.0
/w00tw00t.at.ISC.SANS.DFind:) 1 77 77 77.0

It is a couple more steps with cron and was not really enough data to
justify distributed computing.  Hive was a nice fit though because it
handled all the group stuff I did not want to code up by hand.

Edward
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110802/7d306a01/attachment.htm>

From alq at datadoghq.com  Tue Aug  2 14:27:48 2011
From: alq at datadoghq.com (=?UTF-8?B?QWxleGlzIEzDqi1RdcO0Yw==?=)
Date: Tue, 2 Aug 2011 14:27:48 -0400
Subject: [nycbug-talk] Secure, SAS70, data centers in NYC?
In-Reply-To: <4E3831CF.8010900@stringsutils.com>
References: <4E3831CF.8010900@stringsutils.com>
Message-ID: <CAAGz8TOtvfC3Dtavpp1dKp3vV-TkFwEOnyEP2Rn7Z6L1akkt9A@mail.gmail.com>

On Tue, Aug 2, 2011 at 1:20 PM, Francisco Reyes <lists at stringsutils.com> wrote:
> Anyone can recommend a SAS70 compliant DC in NYC?
> This will be a backup/secondary DC. Primary in NJ (DataPipe).

Based on past experience I would _not_ recommend Level3 at 85 10th Ave
in Chelsea. More expensive, less accommodating and less well
maintained than Datapipe in NJ. Can't speak to their SAS70 compliance.

-- 
Alexis L?-Qu?c | Datadog, Inc. | http://datadoghq.com
ph: +1-917-512-6452
tw: @alq
irc: #datadog (freenode)


From pete at nomadlogic.org  Tue Aug  2 14:44:46 2011
From: pete at nomadlogic.org (Pete Wright)
Date: Tue, 2 Aug 2011 18:44:46 +0000
Subject: [nycbug-talk] Secure, SAS70, data centers in NYC?
In-Reply-To: <4E3831CF.8010900@stringsutils.com>
References: <4E3831CF.8010900@stringsutils.com>
Message-ID: <20110802184442.GI74724@pv.nomadlogic.org>

On Tue, Aug 02, 2011 at 01:20:15PM -0400, Francisco Reyes wrote:
> Anyone can recommend a SAS70 compliant DC in NYC?
> This will be a backup/secondary DC. Primary in NJ (DataPipe).

looks like NYI may meet your requirements:

https://sas70registry.com/registry/new-york-internet-nyi


they are a great hosting provider as well, with colo's in nyc and nj.

-pete

-- 
Pete Wright
pete at nomadlogic.org



From akosela at andykosela.com  Tue Aug  2 18:01:01 2011
From: akosela at andykosela.com (Andy Kosela)
Date: Wed, 3 Aug 2011 00:01:01 +0200
Subject: [nycbug-talk] Secure, SAS70, data centers in NYC?
In-Reply-To: <20110802184442.GI74724@pv.nomadlogic.org>
References: <4E3831CF.8010900@stringsutils.com>
	<20110802184442.GI74724@pv.nomadlogic.org>
Message-ID: <CALMnNGh3Rv+LSX6YmNX++=K8gCqjfHze7qvF3j0EFYt9ikS9Kw@mail.gmail.com>

On Tue, Aug 2, 2011 at 8:44 PM, Pete Wright <pete at nomadlogic.org> wrote:
> On Tue, Aug 02, 2011 at 01:20:15PM -0400, Francisco Reyes wrote:
>> Anyone can recommend a SAS70 compliant DC in NYC?
>> This will be a backup/secondary DC. Primary in NJ (DataPipe).
>
> looks like NYI may meet your requirements:
>
> https://sas70registry.com/registry/new-york-internet-nyi
>
>
> they are a great hosting provider as well, with colo's in nyc and nj.

I second that.  Probably the best hosting provider in NYC, plus
running a lot of FreeBSD.  What can be better than that? :)

--Andy


From izaac at setec.org  Tue Aug  2 17:38:19 2011
From: izaac at setec.org (Izaac)
Date: Tue, 2 Aug 2011 17:38:19 -0400
Subject: [nycbug-talk] Secure, SAS70, data centers in NYC?
In-Reply-To: <4E3831CF.8010900@stringsutils.com>
References: <4E3831CF.8010900@stringsutils.com>
Message-ID: <20110802T213630Z@localhost>

On Tue, Aug 02, 2011 at 01:20:15PM -0400, Francisco Reyes wrote:
> Anyone can recommend a SAS70 compliant DC in NYC?

NYI
http://www.nyi.net/

-- 
. ___ ___  .   .  ___
.  \    /  |\  |\ \
.  _\_ /__ |-\ |-\ \__


From brian.gupta at gmail.com  Fri Aug  5 16:15:02 2011
From: brian.gupta at gmail.com (Brian Gupta)
Date: Fri, 5 Aug 2011 16:15:02 -0400
Subject: [nycbug-talk] Off topic: S3 backups
In-Reply-To: <C877205C.E7B3%matt@thehour.com>
References: <40f470bbb1ce394ca420d693d1770ec5.squirrel@www.atopia.net>
	<C877205C.E7B3%matt@thehour.com>
Message-ID: <CAAGunsRL9-fx9cUhtz__1710ZMPejvq2xW3yBTkYd9s8tEYcQw@mail.gmail.com>

It's not a library issue. You MUST in all cases delete all the
contained objects first. If you have versioning turned on, deleting
the old versions requires that you go out of your way to "delete
everything", so it's unlikely that you would accidentally delete the
bucket. That said, if you want to be extra safe, and you are willing
to put a bit of time into it, you should be able to create the access
restrictions you desire through a combination of S3 ACLs and AWS IAM
(Identity and Access Management) See the following for more details:
http://aws.amazon.com/iam/ and
http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?UsingIAMPolicies.html

- Brian Gupta

New York City user groups calendar:
http://nyc.brandorr.com/


On Thu, Jul 29, 2010 at 12:11 PM, Matthew Terenzio <matt at thehour.com> wrote:
>
>
>
> On 7/29/10 12:00 PM, "matt at atopia.net" <matt at atopia.net> wrote:
>
>> but does that stop someone from logging in and accidentally deleting the
>> bucket? :)
>
> I believe all objects in a bucket must be deleted before a bucket can be
> deleted. At least with the library I use to work with the API.
>
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>


From matt at atopia.net  Fri Aug  5 19:05:34 2011
From: matt at atopia.net (Matt Juszczak)
Date: Fri, 5 Aug 2011 19:05:34 -0400 (EDT)
Subject: [nycbug-talk] DNS naming scheme mind-blocker :)
Message-ID: <alpine.BSF.2.00.1108051857420.32752@venus.atopia.net>

Hi folks,

I've come up with a great DNS naming scheme that I'm going to be using for 
my customers.

Let's say a customer's company is "abc corp".  I name the hosts:

<server name>.<data center>.abc-networks.net

With an internal DNS record (powered by pdns/ldap backend) of:

<server name>.<data center>.abc-networks.internal

App connections use abc-app.com, such as:

db.appname.abc-app.com / db.appname.abc-app.internal

So in theory, I can launch a server called "bob" in the "bwi01" data 
center, have it be a master database server for the "primary" database.

db.primary.abc-app.com ->
    db1.primary.abc-app.com ->
    bob.bwi01.abc-networks.net

This way, I keep the network and app "dns" separate, and things stay 
clean, and I can easily re-point things.

But I'm stuck.  Puppet is technically a piece of software, but it only 
powers the server configuration, nothing else (and isn't part of any 
specific app).  Even more so, I setup a puppet pool per data center.

So in that case, would I make an exception and do:

puppet.bwi01.abc-networks.net (pointing to the pool of puppet servers 
listening on port 8130)

or would I do:

bwi01.puppet.abc-app.com

to indicate the "app" called puppet and the "bwi01" server.

Any input? :) This is going to be spread out across multiple clients, and 
hard to change later, so I wanted to throw my thoughts out there.

-Matt


From bcully at gmail.com  Fri Aug  5 19:20:31 2011
From: bcully at gmail.com (Brian Cully)
Date: Fri, 5 Aug 2011 19:20:31 -0400
Subject: [nycbug-talk] DNS naming scheme mind-blocker :)
In-Reply-To: <alpine.BSF.2.00.1108051857420.32752@venus.atopia.net>
References: <alpine.BSF.2.00.1108051857420.32752@venus.atopia.net>
Message-ID: <E0615BEF-1B0C-4B8E-936A-FEB02CFF2650@gmail.com>

I like naming from most-specific to least, in proper DNS fashion. We actually do similar things here across our data centers. So I'd say:

puppet.$datacenter.$client.$tld

The only reason we did this was for the aforementioned most-to-least specific strategy. You can obviously configure puppet to use whatever you want. A nice side effect, though, was being able to reference puppet as nothing more than "puppet" thanks to using resolv.conf search settings and always getting the closest server.

On Aug 5, 2011, at 19:05, Matt Juszczak <matt at atopia.net> wrote:

> Hi folks,
> 
> I've come up with a great DNS naming scheme that I'm going to be using for my customers.
> 
> Let's say a customer's company is "abc corp".  I name the hosts:
> 
> <server name>.<data center>.abc-networks.net
> 
> With an internal DNS record (powered by pdns/ldap backend) of:
> 
> <server name>.<data center>.abc-networks.internal
> 
> App connections use abc-app.com, such as:
> 
> db.appname.abc-app.com / db.appname.abc-app.internal
> 
> So in theory, I can launch a server called "bob" in the "bwi01" data center, have it be a master database server for the "primary" database.
> 
> db.primary.abc-app.com ->
>   db1.primary.abc-app.com ->
>   bob.bwi01.abc-networks.net
> 
> This way, I keep the network and app "dns" separate, and things stay clean, and I can easily re-point things.
> 
> But I'm stuck.  Puppet is technically a piece of software, but it only powers the server configuration, nothing else (and isn't part of any specific app).  Even more so, I setup a puppet pool per data center.
> 
> So in that case, would I make an exception and do:
> 
> puppet.bwi01.abc-networks.net (pointing to the pool of puppet servers listening on port 8130)
> 
> or would I do:
> 
> bwi01.puppet.abc-app.com
> 
> to indicate the "app" called puppet and the "bwi01" server.
> 
> Any input? :) This is going to be spread out across multiple clients, and hard to change later, so I wanted to throw my thoughts out there.
> 
> -Matt
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk


From bonsaime at gmail.com  Fri Aug  5 20:28:13 2011
From: bonsaime at gmail.com (Jesse Callaway)
Date: Fri, 5 Aug 2011 20:28:13 -0400
Subject: [nycbug-talk] DNS naming scheme mind-blocker :)
In-Reply-To: <E0615BEF-1B0C-4B8E-936A-FEB02CFF2650@gmail.com>
References: <alpine.BSF.2.00.1108051857420.32752@venus.atopia.net>
	<E0615BEF-1B0C-4B8E-936A-FEB02CFF2650@gmail.com>
Message-ID: <CAJU5ZBOAq_Eem17b3_PTGaetsWN59v4u1w2c27j6G8RMO-gSmA@mail.gmail.com>

I second that. Its consistent with your convention... and search domains
rock.
On Aug 5, 2011 7:22 PM, "Brian Cully" <bcully at gmail.com> wrote:
> I like naming from most-specific to least, in proper DNS fashion. We
actually do similar things here across our data centers. So I'd say:
>
> puppet.$datacenter.$client.$tld
>
> The only reason we did this was for the aforementioned most-to-least
specific strategy. You can obviously configure puppet to use whatever you
want. A nice side effect, though, was being able to reference puppet as
nothing more than "puppet" thanks to using resolv.conf search settings and
always getting the closest server.
>
> On Aug 5, 2011, at 19:05, Matt Juszczak <matt at atopia.net> wrote:
>
>> Hi folks,
>>
>> I've come up with a great DNS naming scheme that I'm going to be using
for my customers.
>>
>> Let's say a customer's company is "abc corp". I name the hosts:
>>
>> <server name>.<data center>.abc-networks.net
>>
>> With an internal DNS record (powered by pdns/ldap backend) of:
>>
>> <server name>.<data center>.abc-networks.internal
>>
>> App connections use abc-app.com, such as:
>>
>> db.appname.abc-app.com / db.appname.abc-app.internal
>>
>> So in theory, I can launch a server called "bob" in the "bwi01" data
center, have it be a master database server for the "primary" database.
>>
>> db.primary.abc-app.com ->
>> db1.primary.abc-app.com ->
>> bob.bwi01.abc-networks.net
>>
>> This way, I keep the network and app "dns" separate, and things stay
clean, and I can easily re-point things.
>>
>> But I'm stuck. Puppet is technically a piece of software, but it only
powers the server configuration, nothing else (and isn't part of any
specific app). Even more so, I setup a puppet pool per data center.
>>
>> So in that case, would I make an exception and do:
>>
>> puppet.bwi01.abc-networks.net (pointing to the pool of puppet servers
listening on port 8130)
>>
>> or would I do:
>>
>> bwi01.puppet.abc-app.com
>>
>> to indicate the "app" called puppet and the "bwi01" server.
>>
>> Any input? :) This is going to be spread out across multiple clients, and
hard to change later, so I wanted to throw my thoughts out there.
>>
>> -Matt
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110805/31106596/attachment.htm>

From alex at pilosoft.com  Fri Aug  5 19:24:47 2011
From: alex at pilosoft.com (Alex Pilosov)
Date: Fri, 5 Aug 2011 19:24:47 -0400 (EDT)
Subject: [nycbug-talk] DNS naming scheme mind-blocker :)
In-Reply-To: <alpine.BSF.2.00.1108051857420.32752@venus.atopia.net>
Message-ID: <Pine.LNX.4.44.1108051921040.18814-100000@bawx.pilosoft.com>

On Fri, 5 Aug 2011, Matt Juszczak wrote:
> But I'm stuck.  Puppet is technically a piece of software, but it only 
> powers the server configuration, nothing else (and isn't part of any 
> specific app).  Even more so, I setup a puppet pool per data center.
> 
> So in that case, would I make an exception and do:
> 
> or would I do:
I'm just going to point at two proverbs:

a) do something even if its wrong 

b) why should you care what color bikeshed is

In other words, it doesn't seem that either way is significantly better, 
so just pick one. Don't spend time analyzing and deciding - and don't ask 
or accept advice one way or the other, because its an issue that everyone 
will have an opinion on.

-alex



From matt at atopia.net  Sat Aug  6 12:38:33 2011
From: matt at atopia.net (Matt Juszczak)
Date: Sat, 6 Aug 2011 12:38:33 -0400 (EDT)
Subject: [nycbug-talk] DNS naming scheme mind-blocker :)
In-Reply-To: <CAJU5ZBOAq_Eem17b3_PTGaetsWN59v4u1w2c27j6G8RMO-gSmA@mail.gmail.com>
References: <alpine.BSF.2.00.1108051857420.32752@venus.atopia.net>
	<E0615BEF-1B0C-4B8E-936A-FEB02CFF2650@gmail.com>
	<CAJU5ZBOAq_Eem17b3_PTGaetsWN59v4u1w2c27j6G8RMO-gSmA@mail.gmail.com>
Message-ID: <alpine.BSF.2.00.1108061237350.44168@venus.atopia.net>

> I second that. Its consistent with your convention... and search domains
> rock.

My only worry there is then it causes potential conflicts.

if abc-networks.net is just supposed to be servers, some might think 
"puppet" is the name of a server.

Is it okay to have them on the same level?

saturn.dfw01.abc-networks.net
uranus.dfw01.abc-networks.net
pluto.dfw01.abc-networks.net

^ actual servers

puppet.dfw01.abc-networks.net

^ not a server




From bonsaime at gmail.com  Sun Aug  7 13:46:47 2011
From: bonsaime at gmail.com (Jesse Callaway)
Date: Sun, 7 Aug 2011 13:46:47 -0400
Subject: [nycbug-talk] DNS naming scheme mind-blocker :)
In-Reply-To: <alpine.BSF.2.00.1108061237350.44168@venus.atopia.net>
References: <alpine.BSF.2.00.1108051857420.32752@venus.atopia.net>
	<E0615BEF-1B0C-4B8E-936A-FEB02CFF2650@gmail.com>
	<CAJU5ZBOAq_Eem17b3_PTGaetsWN59v4u1w2c27j6G8RMO-gSmA@mail.gmail.com>
	<alpine.BSF.2.00.1108061237350.44168@venus.atopia.net>
Message-ID: <CAJU5ZBNH8zs5qLbr==gHfN3rp2X9cjFDAC+CsUvRKGReZ78uag@mail.gmail.com>

On Sat, Aug 6, 2011 at 12:38 PM, Matt Juszczak <matt at atopia.net> wrote:

> I second that. Its consistent with your convention... and search domains
>> rock.
>>
>
> My only worry there is then it causes potential conflicts.
>
> if abc-networks.net is just supposed to be servers, some might think
> "puppet" is the name of a server.
>
> Is it okay to have them on the same level?
>
> saturn.dfw01.abc-networks.net
> uranus.dfw01.abc-networks.net
> pluto.dfw01.abc-networks.net
>
> ^ actual servers
>
> puppet.dfw01.abc-networks.net
>
> ^ not a server
>
>
>
name it puppet... if it sucks there's always CNAMES to dig out of the hole

-- 
-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110807/6b1239ae/attachment.htm>

From nikolai at fetissov.org  Sun Aug  7 19:18:15 2011
From: nikolai at fetissov.org (Nikolai Fetissov)
Date: Sun, 7 Aug 2011 19:18:15 -0400
Subject: [nycbug-talk] August 2011 meeting audio
Message-ID: <730005bb94ada227f243decda717af6c.squirrel@geekisp.com>

Folks,

Audio of last meeting is online at:
http://www.fetissov.org/public/nycbug/nycbug-08-03-11.mp3
Apologies for the delay.

Cheers,
--
 Nikolai


From lists at stringsutils.com  Sun Aug  7 22:53:29 2011
From: lists at stringsutils.com (Francisco Reyes)
Date: Sun, 07 Aug 2011 22:53:29 -0400
Subject: [nycbug-talk] Secure, SAS70, data centers in NYC?
In-Reply-To: <20110802184442.GI74724@pv.nomadlogic.org>
References: <4E3831CF.8010900@stringsutils.com>
	<20110802184442.GI74724@pv.nomadlogic.org>
Message-ID: <4E3F4FA9.4030604@stringsutils.com>

On 08/02/2011 02:44 PM, Pete Wright wrote:
>
> https://sas70registry.com/registry/new-york-internet-nyi
>
>
> they are a great hosting provider as well, with colo's in nyc and nj.

Thanks for link.
Will put NY in the "short list"


From george at ceetonetechnology.com  Thu Aug 11 11:38:55 2011
From: george at ceetonetechnology.com (George Rosamond)
Date: Thu, 11 Aug 2011 11:38:55 -0400
Subject: [nycbug-talk] cheap CF cards
Message-ID: <4E43F78F.5090000@ceetonetechnology.com>

Quick question:

Has anyone used Dane-Elec CF cards?

They're dirt cheap at J&R (~$12) for a 4 gig.  They apparently have some 
problem when used with DSLR cameras, but seem fine for embedded devices 
so far.

Curious to hear if anyone's had issues... Don't want to have to do a 
mass swap-out if they are unreliable.

g


From ike at blackskyresearch.net  Thu Aug 11 11:48:15 2011
From: ike at blackskyresearch.net (Isaac Levy)
Date: Thu, 11 Aug 2011 11:48:15 -0400
Subject: [nycbug-talk] cheap CF cards
In-Reply-To: <4E43F78F.5090000@ceetonetechnology.com>
References: <4E43F78F.5090000@ceetonetechnology.com>
Message-ID: <201108111549.p7BFn3H4013329@rs134.luxsci.com>

On Aug 11, 2011, at 11:38 AM, George Rosamond wrote:

> Quick question:
> 
> Has anyone used Dane-Elec CF cards?
> 
> They're dirt cheap at J&R (~$12) for a 4 gig.  They apparently have some problem when used with DSLR cameras, but seem fine for embedded devices so far.
> 
> Curious to hear if anyone's had issues... Don't want to have to do a mass swap-out if they are unreliable.
> 
> g

Not what you asked for, but the SanDisk cards, (known good with no boot problems etc.) are nearly as cheep at JR...

Rocket-
.ike




From mspitzer at gmail.com  Wed Aug 17 21:03:56 2011
From: mspitzer at gmail.com (Marc Spitzer)
Date: Wed, 17 Aug 2011 21:03:56 -0400
Subject: [nycbug-talk] interop in october free floor pass Fwd: FW: Only One
 Week Left to Save an Extra 10% on Early Pricing
Message-ID: <CA+qr9e7LZjDjO4ykxSnJF8QkVDN5aeuo2Kg2ZQrb==bwN5JKuQ@mail.gmail.com>

---------- Forwarded message ----------
From: Marc Spitzer <mas7015 at med.cornell.edu>
Date: Wed, Aug 17, 2011 at 3:11 PM
Subject: FW: Only One Week Left to Save an Extra 10% on Early Pricing
To: "mspitzer at gmail.com" <mspitzer at gmail.com>



----
Marc Spitzer
Sr. Elearning Admin
646-962-9958
mas7015 at med.cornell.edu


\

Only Seven Days Left to Save an Additional 10% on Early Pricing, Register
Today<http://links.email.techwebevents.com/ctt?kn=15&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
.

View this email online if it does not display
properly.<http://links.email.techwebevents.com/ctt?kn=3&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>Don't
miss Interop news and updates ? please add
interop at email.techwebevents-sf.com to your contact list or address book.

[image: Interop :: October 3-7, 2011 :: New York :: Javits Center - Early
Registration Ends 9/2 - Register by 8/24 to Save an Additional
10%]<http://links.email.techwebevents.com/ctt?kn=15&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>

[image: Register
Today]<http://links.email.techwebevents.com/ctt?kn=18&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
[image: Conference]<http://links.email.techwebevents.com/ctt?kn=39&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
[image: Pre-Conference
Workshops]<http://links.email.techwebevents.com/ctt?kn=34&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
[image: Expo]<http://links.email.techwebevents.com/ctt?kn=13&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>

*Who Should Attend:*
? IT Professionals
? Business Managers
? Channel

*Keynotes:*
Hear about the future of technology from visionary leaders. Included in all
Interop passes.

*Register*<http://links.email.techwebevents.com/ctt?kn=18&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>by
10/31 for Free Expo Pass
[image: Stay Connected][image:
Twitter]<http://links.email.techwebevents.com/ctt?kn=43&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>[image:
Facebook]<http://links.email.techwebevents.com/ctt?kn=2&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>[image:
LinkedIn]<http://links.email.techwebevents.com/ctt?kn=26&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>[image:
Flickr]<http://links.email.techwebevents.com/ctt?kn=1&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>[image:
Blog]<http://links.email.techwebevents.com/ctt?kn=12&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
Sponsor:

[image: Free IT Management 101
eBook]<http://links.email.techwebevents.com/ctt?kn=6&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>

*Don't Miss the Biggest IT Event of the Year. ? Early Registration Ends 9/2
? Register<http://links.email.techwebevents.com/ctt?kn=15&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>by
8/24 to Save an Additional 10%
*

Dear Sinan,[image: Download Event
Brochure]<http://links.email.techwebevents.com/ctt?kn=24&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>

See innovative technologies that promise to change your IT organization ?
including *virtualization*<http://links.email.techwebevents.com/ctt?kn=32&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>,
*mobility*<http://links.email.techwebevents.com/ctt?kn=33&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>,
*cloud computing*<http://links.email.techwebevents.com/ctt?kn=5&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>,
*networking*<http://links.email.techwebevents.com/ctt?kn=4&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>,
*video*<http://links.email.techwebevents.com/ctt?kn=8&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>and
*data center*<http://links.email.techwebevents.com/ctt?kn=7&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>advances.

? Meet 150+ Exhibitors<http://links.email.techwebevents.com/ctt?kn=13&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>including
Avaya, Cisco, Dell, Huawei, HP, Intel, Microsoft and VMware
? Gain comprehensive insight across 11 key IT
topics<http://links.email.techwebevents.com/ctt?kn=39&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
? Hear industry visionaries speak on the future of business technology

*Register<http://links.email.techwebevents.com/ctt?kn=11&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>by
August 24 with Priority Code CPJQNY07 and Save an Additional 10% on
Conference Passes* or for a Free Expo Pass. Early Registration ends 9/2.*
*Conference<http://links.email.techwebevents.com/ctt?kn=10&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
*
Gain comprehensive thought leadership from technology experts.

? Virtualization<http://links.email.techwebevents.com/ctt?kn=32&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
? Wireless and Mobility<http://links.email.techwebevents.com/ctt?kn=33&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
? Video<http://links.email.techwebevents.com/ctt?kn=8&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
? Communications as a
Service<http://links.email.techwebevents.com/ctt?kn=9&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
? Data Center<http://links.email.techwebevents.com/ctt?kn=7&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
? Future of Work<http://links.email.techwebevents.com/ctt?kn=35&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>?
Cloud Computing<http://links.email.techwebevents.com/ctt?kn=5&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
? Information Security and
Risk<http://links.email.techwebevents.com/ctt?kn=16&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
  Management<http://links.email.techwebevents.com/ctt?kn=16&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
? Enterprise 2.0<http://links.email.techwebevents.com/ctt?kn=25&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
? Networking<http://links.email.techwebevents.com/ctt?kn=4&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
? Storage<http://links.email.techwebevents.com/ctt?kn=28&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
*Pre-Conference
Workshops<http://links.email.techwebevents.com/ctt?kn=34&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
*
Focus on key IT issues in full day programs before the conference.

*CIO Boot Camp:*<http://links.email.techwebevents.com/ctt?kn=29&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
* IT Emergent: High Value Leadership in a Low Tolerance World:* Intensive
two-day program that helps CIOs, CTOs and senior IT executives learn the
skills and strategies needed to position their organization for growth.

*Enterprise Cloud Summit: Private
Clouds<http://links.email.techwebevents.com/ctt?kn=31&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
:* Look at how cloud technologies, from big data and turnkey cloud stacks,
are transforming private infrastructure, and take a deep dive into the
leading private cloud stacks.

*Enterprise Cloud Summit: Public
Clouds<http://links.email.techwebevents.com/ctt?kn=38&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
:* Explore how to keep data private in public places, review the economics
of cloud computing and learn from end users' actual experience with clouds.

*Desktop Virtualization<http://links.email.techwebevents.com/ctt?kn=40&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>:
The New ?Desktop?:* Learn everything you need to know about planning,
implementation and support of desktop and application delivery through
virtualization.

*Virtualization
Management<http://links.email.techwebevents.com/ctt?kn=42&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>:
The Road to Private Cloud:* Fulfill the full promise of virtualization and
the move to private cloud computing by improving operational efficiencies,
optimization, automation, and IT agility.

*Principles of Effective IT
Management:*<http://links.email.techwebevents.com/ctt?kn=45&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>Learn
specific steps you can take to improve your IT organization, business
model, tools, staffing and skill levels.

*Carrier Cloud Forum<http://links.email.techwebevents.com/ctt?kn=36&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
:* Learn how to build a manageable and billable cloud infrastructure, while
ensuring high-performance security and service quality to meet SLA demands.

*Additional Workshops<http://links.email.techwebevents.com/ctt?kn=34&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
*
? Deep Packet Inspection with Wireshark
? Security Tool Time
? Critical Technologies to Overcome Today's Security Threats
? The Big Fix: Application Performance Analysis and Troubleshooting
? Mastering Enterprise Mobility



[image: Event At-a-Glance]<http://links.email.techwebevents.com/ctt?kn=27&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>



*Free Expo Pass offer expires 10/3/11. $400 discount on Conference Passes
expires on 9/2/11 and is given off the On-site rate.

*Share:    ***<http://links.email.techwebevents.com/s2s?m=36937377&r=OTI0MDYzMzgyNwS2&rj=MTA5NjYyMzMwS0&j=MTA5NjYyMzMwS0&rt=0&n=FA>
* **Facebook*<http://links.email.techwebevents.com/s2s?m=36937377&r=OTI0MDYzMzgyNwS2&rj=MTA5NjYyMzMwS0&j=MTA5NjYyMzMwS0&rt=0&n=FA>
*   ***<http://links.email.techwebevents.com/s2s?m=36937377&r=OTI0MDYzMzgyNwS2&rj=MTA5NjYyMzMwS0&j=MTA5NjYyMzMwS0&rt=0&n=LI>
* **LinkedIn*<http://links.email.techwebevents.com/s2s?m=36937377&r=OTI0MDYzMzgyNwS2&rj=MTA5NjYyMzMwS0&j=MTA5NjYyMzMwS0&rt=0&n=LI>
*   ***<http://links.email.techwebevents.com/s2s?m=36937377&r=OTI0MDYzMzgyNwS2&rj=MTA5NjYyMzMwS0&j=MTA5NjYyMzMwS0&rt=0&n=TW&qstparam=%26text%3DRegister+today+with+code+CPJQNY60+to+claim+a+free+Expo+Pass+to+Interop+NY.%26via%3Dinterop%26related%3D>
* **Twitter*<http://links.email.techwebevents.com/s2s?m=36937377&r=OTI0MDYzMzgyNwS2&rj=MTA5NjYyMzMwS0&j=MTA5NjYyMzMwS0&rt=0&n=TW&qstparam=%26text%3DRegister+today+with+code+CPJQNY60+to+claim+a+free+Expo+Pass+to+Interop+NY.%26via%3Dinterop%26related%3D>
*   *

[image: UBM / TechWeb]<http://links.email.techwebevents.com/ctt?kn=30&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>
(C) UBM TechWeb 2011. All Rights Reserved. Interop c/o UBM TechWeb, 303
Second St., Suite 900 South Tower, San Francisco, CA 94107. UBM TechWeb, and
associated design marks and logos are trademarks owned or used under license
by United Business Media LLC, and may be registered in the United States and
other countries. Other names mentioned may be the trademark or service mark
of their respective owners.

Interop respects your privacy. This message is sent to qualified recipients
who recently attended, or requested or downloaded information about either
Interop or a related United Business Media event or publication or requested
information about our events, publications and products.

Unsubscribe<http://links.email.techwebevents.com/ctt?kn=21&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>from
Interop New York.

This email was sent to usasig at hotmail.com. If this email was forwarded to
you and you would like to begin receiving a copy of your own, please visit
our site<http://links.email.techwebevents.com/ctt?kn=17&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>to
receive Interop news and special offers directly. Please do not reply
to
this email as replies are not being read.

Privacy Policy<http://links.email.techwebevents.com/ctt?kn=20&ms=MzY5MzczNzcS1&r=OTI0MDYzMzgyNwS2&b=0&j=MTA5NjYyMzMwS0&mt=1&rt=0>





-- 
Freedom is nothing but a chance to be better.
--Albert Camus

 The problem with socialism is that eventually you run out
of other people's money.
--Margaret Thatcher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110817/49f02b7f/attachment.htm>

From ike at blackskyresearch.net  Fri Aug 19 11:43:09 2011
From: ike at blackskyresearch.net (Isaac Levy)
Date: Fri, 19 Aug 2011 11:43:09 -0400
Subject: [nycbug-talk] Thoughts on Creating Internship Programs?
Message-ID: <201108191544.p7JFi2re028904@rs134.luxsci.com>

Hi All,

So I was inspired a while back by an internship program at my old company, (but not in the tech groups- in Business/Product development).  Essentially, the project pulled candidates from local schools, gave them well-defined projects to complete during their term, and the results were really excellent- the energy and ideas that the interns brought was amazing.

With that, I'm trying to think of how to create a similar program, in a Systems-Engineering (SysAdmin) group.  Aside from the idea of bringing people in to push projects through, I love the idea of all the fresh energy- and the temporal nature of having 'guests' working on deck- it's selfish really, I want the fresh eyes and ideas on deck.


However, I'd really love to hear people's thoughts on:

--------
PROBLEMS

SA Interns (contrary to other types of groups), have some obvious issues:

- Liability carried at the Systems Admin/Engineer station
(obviously can't walk the interns/temps in and hand them root or privileged sys internals, in spirit)

- Stringent Requirements of Systems Engineering
when Sys tools break, (N) developers to the (N)th business peoples wail, (at high cost to the business)

- Overall Systems Complexity
Without a terrific amount of oversight, (or extremely well defined projects), there is risk that SA interns could leave behind well intentioned, yet structurally inappropriate implementations- (e.g. wow, where did this ldap store come from, and why does the website now stop functioning when we turn it off?)  This could be quite damaging...

Problem is, these are all valuable 'real-world' components of Systems Engineering / Systems Administration- (or any tech team responsible for operations and maintenance).  It's of little use to me to bring on an intern, (or any SA IHMO), and just turn them into gruntwork-slaves, even though we all know how much grunt-work is involved in any job or task...



--------------------------------------------------
IDEAS FOR  INTERNS, SysAdmin / Systems Engineering

- Working in-house on Open Source/Public projects which directly benefit the company, (ala Google summer of code type attitude)?
(but then what's compelling to bring an Intern in-house?)

- Working on one or two extremely well-defined projects?
(but then what value do they take that's different than the structure of a classroom?)

- Work on redundancy oriented projects, e.g. DB Replication and failover, other systems replication and failover, writing overall "Systems Regressions Testing" tools?



Hrm.  Would love to hear what people think- I'm now really serious about trying to create a program.

Best,
.ike





From henry95 at gmail.com  Fri Aug 19 16:16:58 2011
From: henry95 at gmail.com (Henry M)
Date: Fri, 19 Aug 2011 16:16:58 -0400
Subject: [nycbug-talk] Thoughts on Creating Internship Programs?
In-Reply-To: <201108191544.p7JFi2re028904@rs134.luxsci.com>
References: <201108191544.p7JFi2re028904@rs134.luxsci.com>
Message-ID: <CAK1r8CUOVxnn91V5hLbJGn11tdFc8ZL54n1Qy0oAabJHa5Ls=A@mail.gmail.com>

Ike,

You have some good ideas there, I'm all for intern programs as long as they
are valuable to both the intern, and the business.

Personally, I'd never give an intern with escalated privileges on any
critical machine. Hell, I don't like to give escalated privileges to some of
the people I work with! However, you can limit what commands they can run
via sudo which I think would be beneficial.

Here are some ideas that I think would be good for intern SA tasks.

* Documentation- Having the ability to document your knowledge and
architecture is just as important as actually putting it to work. You could
walk them through the layout of the land, and see if they can make simple
diagrams or docs. After a few review revisions you should be able to get
some decent docs.

* Server Installs- Base server installations are always a good place to
start. They learn the general setup of machine, network configs etc. This
also leads into software installations. Also, one less server you need to
build : )

* Testing- You can have them help you test certain situations. Exampls: "Go
unplug this machine and lets see how well our failover/backups work"

* Backups-  If you don't have a solid backup solution in place, they can
think and work on a good backup solution for different server/software
suites that you might use. Also a good chance to check out their scripting
abilities.

Those are just some of the stuff I can think of right now for an intern SA.

Good luck !

Regards,
Henry

P.S- All intern SA's should  be able to make network cables quickly. Even if
they aren't needed! (You need to abuse them a little!)


On Fri, Aug 19, 2011 at 11:43 AM, Isaac Levy <ike at blackskyresearch.net>wrote:

> Hi All,
>
> So I was inspired a while back by an internship program at my old company,
> (but not in the tech groups- in Business/Product development).  Essentially,
> the project pulled candidates from local schools, gave them well-defined
> projects to complete during their term, and the results were really
> excellent- the energy and ideas that the interns brought was amazing.
>
> With that, I'm trying to think of how to create a similar program, in a
> Systems-Engineering (SysAdmin) group.  Aside from the idea of bringing
> people in to push projects through, I love the idea of all the fresh energy-
> and the temporal nature of having 'guests' working on deck- it's selfish
> really, I want the fresh eyes and ideas on deck.
>
>
> However, I'd really love to hear people's thoughts on:
>
> --------
> PROBLEMS
>
> SA Interns (contrary to other types of groups), have some obvious issues:
>
> - Liability carried at the Systems Admin/Engineer station
> (obviously can't walk the interns/temps in and hand them root or privileged
> sys internals, in spirit)
>
> - Stringent Requirements of Systems Engineering
> when Sys tools break, (N) developers to the (N)th business peoples wail,
> (at high cost to the business)
>
> - Overall Systems Complexity
> Without a terrific amount of oversight, (or extremely well defined
> projects), there is risk that SA interns could leave behind well
> intentioned, yet structurally inappropriate implementations- (e.g. wow,
> where did this ldap store come from, and why does the website now stop
> functioning when we turn it off?)  This could be quite damaging...
>
> Problem is, these are all valuable 'real-world' components of Systems
> Engineering / Systems Administration- (or any tech team responsible for
> operations and maintenance).  It's of little use to me to bring on an
> intern, (or any SA IHMO), and just turn them into gruntwork-slaves, even
> though we all know how much grunt-work is involved in any job or task...
>
>
>
> --------------------------------------------------
> IDEAS FOR  INTERNS, SysAdmin / Systems Engineering
>
> - Working in-house on Open Source/Public projects which directly benefit
> the company, (ala Google summer of code type attitude)?
> (but then what's compelling to bring an Intern in-house?)
>
> - Working on one or two extremely well-defined projects?
> (but then what value do they take that's different than the structure of a
> classroom?)
>
> - Work on redundancy oriented projects, e.g. DB Replication and failover,
> other systems replication and failover, writing overall "Systems Regressions
> Testing" tools?
>
>
>
> Hrm.  Would love to hear what people think- I'm now really serious about
> trying to create a program.
>
> Best,
> .ike
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110819/7fe3e3e0/attachment.htm>

From mspitzer at gmail.com  Fri Aug 19 21:42:17 2011
From: mspitzer at gmail.com (Marc Spitzer)
Date: Fri, 19 Aug 2011 21:42:17 -0400
Subject: [nycbug-talk] Thoughts on Creating Internship Programs?
In-Reply-To: <201108191544.p7JFi2re028904@rs134.luxsci.com>
References: <201108191544.p7JFi2re028904@rs134.luxsci.com>
Message-ID: <CA+qr9e7EWOnB-4EXBJvgB+ZtFtS_oH5gOfg8uTpSKokU4456nA@mail.gmail.com>

Well I think projects need to fit the following criteria:

1: read only, as much as possible
2: not root, as much as possible
3: genuinely useful
4: neato shiny output, kids like this shit
5: kept away from anything that can have mission or business critical
put next to it
6: if possible they should be able to keep a copy of the work to show
future employers
7: well defined, small and incremental.

one of the problems with SA tasks is that they are all about good
judgement and good judgement is all about making mistakes at your
previous jobs.  And interns not having previous jobs are just waiting
to get some experience.

Some of the things that come to mind are:

1: system/network audit/reporting scripts, you can have lots of fun with SNMP
2: nagios/monitoring setup/cleanup or collectd etc
3: event correlation/log analysis
4: system documentation, as mentioned elsewhere
5: cable tester
6: and make sure he measures the impedance mismatch on your virtual circuits
7: basic capacity planning comes to mind, if it is not there, with reports


I would not do backups as when you need them you do not get a do over.

thanks,

marc


On Fri, Aug 19, 2011 at 11:43 AM, Isaac Levy <ike at blackskyresearch.net> wrote:
> Hi All,
>
> So I was inspired a while back by an internship program at my old company, (but not in the tech groups- in Business/Product development). ?Essentially, the project pulled candidates from local schools, gave them well-defined projects to complete during their term, and the results were really excellent- the energy and ideas that the interns brought was amazing.
>
> With that, I'm trying to think of how to create a similar program, in a Systems-Engineering (SysAdmin) group. ?Aside from the idea of bringing people in to push projects through, I love the idea of all the fresh energy- and the temporal nature of having 'guests' working on deck- it's selfish really, I want the fresh eyes and ideas on deck.
>
>
> However, I'd really love to hear people's thoughts on:
>
> --------
> PROBLEMS
>
> SA Interns (contrary to other types of groups), have some obvious issues:
>
> - Liability carried at the Systems Admin/Engineer station
> (obviously can't walk the interns/temps in and hand them root or privileged sys internals, in spirit)
>
> - Stringent Requirements of Systems Engineering
> when Sys tools break, (N) developers to the (N)th business peoples wail, (at high cost to the business)
>
> - Overall Systems Complexity
> Without a terrific amount of oversight, (or extremely well defined projects), there is risk that SA interns could leave behind well intentioned, yet structurally inappropriate implementations- (e.g. wow, where did this ldap store come from, and why does the website now stop functioning when we turn it off?) ?This could be quite damaging...
>
> Problem is, these are all valuable 'real-world' components of Systems Engineering / Systems Administration- (or any tech team responsible for operations and maintenance). ?It's of little use to me to bring on an intern, (or any SA IHMO), and just turn them into gruntwork-slaves, even though we all know how much grunt-work is involved in any job or task...
>
>
>
> --------------------------------------------------
> IDEAS FOR ?INTERNS, SysAdmin / Systems Engineering
>
> - Working in-house on Open Source/Public projects which directly benefit the company, (ala Google summer of code type attitude)?
> (but then what's compelling to bring an Intern in-house?)
>
> - Working on one or two extremely well-defined projects?
> (but then what value do they take that's different than the structure of a classroom?)
>
> - Work on redundancy oriented projects, e.g. DB Replication and failover, other systems replication and failover, writing overall "Systems Regressions Testing" tools?
>
>
>
> Hrm. ?Would love to hear what people think- I'm now really serious about trying to create a program.
>
> Best,
> .ike
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>



-- 
Freedom is nothing but a chance to be better.
--Albert Camus

?The problem with socialism is that eventually you run out
of other people's money.
--Margaret Thatcher


From lists at eitanadler.com  Sat Aug 20 21:43:07 2011
From: lists at eitanadler.com (Eitan Adler)
Date: Sat, 20 Aug 2011 21:43:07 -0400
Subject: [nycbug-talk] Thoughts on Creating Internship Programs?
In-Reply-To: <CA+qr9e7EWOnB-4EXBJvgB+ZtFtS_oH5gOfg8uTpSKokU4456nA@mail.gmail.com>
References: <201108191544.p7JFi2re028904@rs134.luxsci.com>
	<CA+qr9e7EWOnB-4EXBJvgB+ZtFtS_oH5gOfg8uTpSKokU4456nA@mail.gmail.com>
Message-ID: <CAF6rxgnioqf+tMg1rD4+UqTAV=JEOzr399fDk0pQQuFFtJcWAA@mail.gmail.com>

This is what I'm looking for in an internship program:

1. Something useful to the company - that they will be using long after I'm gone
2. Something with my name that I completed from start to completion. I
don't want to be a "small cog in a large wheel"
3. Useful skills - I should be learning something marketable that I
would not easily be able to learn on my own and that has a use in
later jobs.
4. Less important - but still a plus - it should be visible to the
world as opposed to an internal only setup.
5. Regarding root: I've had different internships which treated me
differently. Sometimes I've been an "untrusted random user" and
sometimes I've had root on every machine. I don't expect root access.
6. Payment - don't do an unpaid internship program in the tech field.

Some good project ideas for an SA intern:
- migrate firewall with pf instead of ipfw (obviously, this should be
done on a test network)
- create puppet master configuration to automate what was previously
done automatically.
- create script to automate virtual machine creation so that the devs
don't have to test on production machines (this one I've done)
- nagios/monitoring setup/cleanup or collectd etc

Some bad projects:
- Document current network setup (this isn't very fun) [and why don't
you have this done already? :-p]
- Research and document alternative software choices (unless the
intern is also making the decision on which one to use)

Other notes:
- The intern should be learning useful skills, not only the "fun"
skills. This means that s/he should be documenting everything they are
doing and provide a sound rationale for their decisions. On the other
hand it should be *only* a documentation job.

Overall you have to remember that an internship is for the intern, not
the company. While the company is hopefully going to gain something
from the internship as well, the intern should not walk away feeling
like it was a waste of his/her time.


On Fri, Aug 19, 2011 at 9:42 PM, Marc Spitzer <mspitzer at gmail.com> wrote:
> Well I think projects need to fit the following criteria:
>
> 1: read only, as much as possible
> 2: not root, as much as possible
> 3: genuinely useful
> 4: neato shiny output, kids like this shit
> 5: kept away from anything that can have mission or business critical
> put next to it
> 6: if possible they should be able to keep a copy of the work to show
> future employers
> 7: well defined, small and incremental.
>
> one of the problems with SA tasks is that they are all about good
> judgement and good judgement is all about making mistakes at your
> previous jobs. ?And interns not having previous jobs are just waiting
> to get some experience.
>
> Some of the things that come to mind are:
>
> 1: system/network audit/reporting scripts, you can have lots of fun with SNMP
> 2: nagios/monitoring setup/cleanup or collectd etc
> 3: event correlation/log analysis
> 4: system documentation, as mentioned elsewhere
> 5: cable tester
> 6: and make sure he measures the impedance mismatch on your virtual circuits
> 7: basic capacity planning comes to mind, if it is not there, with reports
>
>
> I would not do backups as when you need them you do not get a do over.
>
> thanks,
>
> marc
>
>
> On Fri, Aug 19, 2011 at 11:43 AM, Isaac Levy <ike at blackskyresearch.net> wrote:
>> Hi All,
>>
>> So I was inspired a while back by an internship program at my old company, (but not in the tech groups- in Business/Product development). ?Essentially, the project pulled candidates from local schools, gave them well-defined projects to complete during their term, and the results were really excellent- the energy and ideas that the interns brought was amazing.
>>
>> With that, I'm trying to think of how to create a similar program, in a Systems-Engineering (SysAdmin) group. ?Aside from the idea of bringing people in to push projects through, I love the idea of all the fresh energy- and the temporal nature of having 'guests' working on deck- it's selfish really, I want the fresh eyes and ideas on deck.
>>
>>
>> However, I'd really love to hear people's thoughts on:
>>
>> --------
>> PROBLEMS
>>
>> SA Interns (contrary to other types of groups), have some obvious issues:
>>
>> - Liability carried at the Systems Admin/Engineer station
>> (obviously can't walk the interns/temps in and hand them root or privileged sys internals, in spirit)
>>
>> - Stringent Requirements of Systems Engineering
>> when Sys tools break, (N) developers to the (N)th business peoples wail, (at high cost to the business)
>>
>> - Overall Systems Complexity
>> Without a terrific amount of oversight, (or extremely well defined projects), there is risk that SA interns could leave behind well intentioned, yet structurally inappropriate implementations- (e.g. wow, where did this ldap store come from, and why does the website now stop functioning when we turn it off?) ?This could be quite damaging...
>>
>> Problem is, these are all valuable 'real-world' components of Systems Engineering / Systems Administration- (or any tech team responsible for operations and maintenance). ?It's of little use to me to bring on an intern, (or any SA IHMO), and just turn them into gruntwork-slaves, even though we all know how much grunt-work is involved in any job or task...
>>
>>
>>
>> --------------------------------------------------
>> IDEAS FOR ?INTERNS, SysAdmin / Systems Engineering
>>
>> - Working in-house on Open Source/Public projects which directly benefit the company, (ala Google summer of code type attitude)?
>> (but then what's compelling to bring an Intern in-house?)
>>
>> - Working on one or two extremely well-defined projects?
>> (but then what value do they take that's different than the structure of a classroom?)
>>
>> - Work on redundancy oriented projects, e.g. DB Replication and failover, other systems replication and failover, writing overall "Systems Regressions Testing" tools?
>>
>>
>>
>> Hrm. ?Would love to hear what people think- I'm now really serious about trying to create a program.
>>
>> Best,
>> .ike
>>
>>
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>>
>
>
>
> --
> Freedom is nothing but a chance to be better.
> --Albert Camus
>
> ?The problem with socialism is that eventually you run out
> of other people's money.
> --Margaret Thatcher
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>



-- 
Eitan Adler


From submodd at gmail.com  Mon Aug 22 13:14:43 2011
From: submodd at gmail.com (george magiros)
Date: Mon, 22 Aug 2011 13:14:43 -0400
Subject: [nycbug-talk] Does anyone know anyone at Software in the Public
 Interest or the Software Freedom Conservancy?
Message-ID: <CAOYiD9NZ227r-cf1=hc+xE4Kz8imS233uq_WWpogJLzQFNr78Q@mail.gmail.com>

I was hoping to get involved with them.  Here are the links:
George 2127991720

SFC list of projects:
Amarok ArgoUML Bongo Boost BusyBox Darcs Evergreen Foresight Linux
Gevent Git Inkscape jQuery K-3D Kohana Libbraille Mercurial OpenChange
PyPy Samba Selenium Squeak Sugar Labs SurveyOS SWIG Twisted uCLibc Wine
http://sfconservancy.org/members/current/

Officers at SFC:
http://sfconservancy.org/about/board/
http://sfconservancy.org/about/officers/
http://sfconservancy.org/about/staff/

SPI list of projects:
ankur.org.in aptosid Debian Drizzle Drupal freedesktop.org
Fresco Gallery GNUstep GNU TeXmacs Jenkins LibreOffice madwifi.org
OFTC OpenOffice.org OpenVAS Open Voting Foundation Open64 OpenWrt
OSUNIX Path64 PostgreSQL Privoxy The HeliOS Project Tux4Kids Yafaray
http://www.spi-inc.org/projects/

Officers at SPI:
http://www.spi-inc.org/meetings/minutes/2011/2011-07-13/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110822/3324d8da/attachment.htm>

From ike at blackskyresearch.net  Tue Aug 23 15:14:26 2011
From: ike at blackskyresearch.net (Isaac Levy)
Date: Tue, 23 Aug 2011 15:14:26 -0400
Subject: [nycbug-talk] Thoughts on Creating Internship Programs?
In-Reply-To: <CAF6rxgnioqf+tMg1rD4+UqTAV=JEOzr399fDk0pQQuFFtJcWAA@mail.gmail.com>
References: <201108191544.p7JFi2re028904@rs134.luxsci.com>
	<CA+qr9e7EWOnB-4EXBJvgB+ZtFtS_oH5gOfg8uTpSKokU4456nA@mail.gmail.com>
	<CAF6rxgnioqf+tMg1rD4+UqTAV=JEOzr399fDk0pQQuFFtJcWAA@mail.gmail.com>
Message-ID: <201108231915.p7NJF43e015328@rs134.luxsci.com>

Hi All,

Thanks for the thoughtful replies, from all sides of the question!

I received a few great responses offline as well, the gist of them was:

  Define Projects in advance, period.

Will reflect on these responses while we craft a program here...

Thanks!

Best,
.ike




From ike at blackskyresearch.net  Tue Aug 23 15:16:22 2011
From: ike at blackskyresearch.net (Isaac Levy)
Date: Tue, 23 Aug 2011 15:16:22 -0400
Subject: [nycbug-talk] Ping - (earthquake)
Message-ID: <201108231917.p7NJH4fE019336@rs134.luxsci.com>

So I guess everyone is still online with the tremors :)

Mobile services in the city seem slammed, I'm interested to hear if there's any other shifts in networks activities today...

Best,
.ike




From dave at donnerjack.com  Tue Aug 23 15:26:09 2011
From: dave at donnerjack.com (David Lawson)
Date: Tue, 23 Aug 2011 15:26:09 -0400
Subject: [nycbug-talk] Ping - (earthquake)
In-Reply-To: <201108231917.p7NJH4fE019336@rs134.luxsci.com>
References: <201108231917.p7NJH4fE019336@rs134.luxsci.com>
Message-ID: <DE0EB7CB-11EB-4101-91C6-63ADF7591DD3@donnerjack.com>


On Aug 23, 2011, at 3:16 PM, Isaac Levy wrote:

> So I guess everyone is still online with the tremors :)
> 
> Mobile services in the city seem slammed, I'm interested to hear if there's any other shifts in networks activities today?

Entertainingly, I was in the middle of setting up a phone interview when it happened, I'm about ten miles away.  Cell service completely failed, but Skype worked like a champ.

--Dave



From netmantej at gmail.com  Tue Aug 23 15:31:34 2011
From: netmantej at gmail.com (tim jacques)
Date: Tue, 23 Aug 2011 15:31:34 -0400
Subject: [nycbug-talk] Ping - (earthquake)
In-Reply-To: <201108231917.p7NJH4fE019336@rs134.luxsci.com>
References: <201108231917.p7NJH4fE019336@rs134.luxsci.com>
Message-ID: <CAADds6GFExQvsAFxa1x+JyF9=KEGPGJqTus-z7EAUJofzFgU+w@mail.gmail.com>

Hello all.

I am in eastern North Carolina.  The 1:52 pm. quake made my interior doors
rattle and a large framed poster bounce on the wall.
The local cell service is spotty, I suspect it is a volume issue.
I called Cleveland Ohio and upstate NY and was met with a 30% success rate.
Networks are up , not even a hiccup. yay...

I hope everyone is well.

Take care people.

Tim ..
------------------------------------------------------------------------------------------------------------


On Tue, Aug 23, 2011 at 3:16 PM, Isaac Levy <ike at blackskyresearch.net>wrote:

> So I guess everyone is still online with the tremors :)
>
> Mobile services in the city seem slammed, I'm interested to hear if there's
> any other shifts in networks activities today...
>
> Best,
> .ike
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110823/4a3781a4/attachment.htm>

From ike at blackskyresearch.net  Tue Aug 23 15:30:28 2011
From: ike at blackskyresearch.net (Isaac Levy)
Date: Tue, 23 Aug 2011 15:30:28 -0400
Subject: [nycbug-talk] Ping - (earthquake)
In-Reply-To: <DE0EB7CB-11EB-4101-91C6-63ADF7591DD3@donnerjack.com>
References: <201108231917.p7NJH4fE019336@rs134.luxsci.com>
	<DE0EB7CB-11EB-4101-91C6-63ADF7591DD3@donnerjack.com>
Message-ID: <201108231931.p7NJV4A2015630@rs134.luxsci.com>

On Aug 23, 2011, at 3:26 PM, David Lawson wrote:

> On Aug 23, 2011, at 3:16 PM, Isaac Levy wrote:
> 
>> So I guess everyone is still online with the tremors :)
>> 
>> Mobile services in the city seem slammed, I'm interested to hear if there's any other shifts in networks activities today?
> 
> Entertainingly, I was in the middle of setting up a phone interview when it happened, I'm about ten miles away.  Cell service completely failed, but Skype worked like a champ.
> 
> --Dave

!!!

Harder than Ever, Rocket-
.ike




From billtotman at billtotman.com  Tue Aug 23 15:53:55 2011
From: billtotman at billtotman.com (Bill Totman)
Date: Tue, 23 Aug 2011 15:53:55 -0400
Subject: [nycbug-talk] Ping - (earthquake)
In-Reply-To: <201108231931.p7NJV4A2015630@rs134.luxsci.com>
References: <201108231917.p7NJH4fE019336@rs134.luxsci.com>
	<DE0EB7CB-11EB-4101-91C6-63ADF7591DD3@donnerjack.com>
	<201108231931.p7NJV4A2015630@rs134.luxsci.com>
Message-ID: <B93C029A-44B4-4146-8A53-56BD49A1946B@billtotman.com>


On Aug 23, 2011, at 15:30, Isaac Levy <ike at blackskyresearch.net> wrote:

> On Aug 23, 2011, at 3:26 PM, David Lawson wrote:
> 
>> On Aug 23, 2011, at 3:16 PM, Isaac Levy wrote:
>> 
>>> So I guess everyone is still online with the tremors :)
>>> 
>>> Mobile services in the city seem slammed, I'm interested to hear if there's any other shifts in networks activities today?
>> 
>> Entertainingly, I was in the middle of setting up a phone interview when it happened, I'm about ten miles away.  Cell service completely failed, but Skype worked like a champ.
>> 
>> --Dave
> 
> !!!
> 
> Harder than Ever, Rocket-
> .ike
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

The only 'congestion' I experienced was on Broadway after several building managers south of Wall St over reacted and evacuated their office tenants.

-bt

From freebsd-listen at fabiankeil.de  Tue Aug 23 15:41:10 2011
From: freebsd-listen at fabiankeil.de (Fabian Keil)
Date: Tue, 23 Aug 2011 21:41:10 +0200
Subject: [nycbug-talk] Does anyone know anyone at Software in the Public
 Interest or the Software Freedom Conservancy?
In-Reply-To: <CAOYiD9NZ227r-cf1=hc+xE4Kz8imS233uq_WWpogJLzQFNr78Q@mail.gmail.com>
References: <CAOYiD9NZ227r-cf1=hc+xE4Kz8imS233uq_WWpogJLzQFNr78Q@mail.gmail.com>
Message-ID: <20110823214110.24df71f3@fabiankeil.de>

george magiros <submodd at gmail.com> wrote:

> I was hoping to get involved with them.  Here are the links:
> George 2127991720
> 
> SFC list of projects:
> Amarok ArgoUML Bongo Boost BusyBox Darcs Evergreen Foresight Linux
> Gevent Git Inkscape jQuery K-3D Kohana Libbraille Mercurial OpenChange
> PyPy Samba Selenium Squeak Sugar Labs SurveyOS SWIG Twisted uCLibc Wine
> http://sfconservancy.org/members/current/
> 
> Officers at SFC:
> http://sfconservancy.org/about/board/
> http://sfconservancy.org/about/officers/
> http://sfconservancy.org/about/staff/
> 
> SPI list of projects:
> ankur.org.in aptosid Debian Drizzle Drupal freedesktop.org
> Fresco Gallery GNUstep GNU TeXmacs Jenkins LibreOffice madwifi.org
> OFTC OpenOffice.org OpenVAS Open Voting Foundation Open64 OpenWrt
> OSUNIX Path64 PostgreSQL Privoxy The HeliOS Project Tux4Kids Yafaray
> http://www.spi-inc.org/projects/
> 
> Officers at SPI:
> http://www.spi-inc.org/meetings/minutes/2011/2011-07-13/

I'm Privoxy's SPI liaison.

At the time the Privoxy project joined SPI, SFC didn't exist
yet (I believe), so I don't know how they compare.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110823/38a7c212/attachment.bin>

From riegersteve at gmail.com  Tue Aug 23 15:57:27 2011
From: riegersteve at gmail.com (steve rieger)
Date: Tue, 23 Aug 2011 12:57:27 -0700
Subject: [nycbug-talk] Ping - (earthquake)
In-Reply-To: <B93C029A-44B4-4146-8A53-56BD49A1946B@billtotman.com>
References: <201108231917.p7NJH4fE019336@rs134.luxsci.com>
	<DE0EB7CB-11EB-4101-91C6-63ADF7591DD3@donnerjack.com>
	<201108231931.p7NJV4A2015630@rs134.luxsci.com>
	<B93C029A-44B4-4146-8A53-56BD49A1946B@billtotman.com>
Message-ID: <4E540627.4050503@gmail.com>

On 8/23/2011 12:53 PM, Bill Totman wrote:
> The only 'congestion' I experienced was on Broadway after several 
> building managers south of Wall St over reacted and evacuated their 
> office tenants. -bt
I only evacuate for anything larger than 7.0




From jkeen at verizon.net  Tue Aug 23 20:02:49 2011
From: jkeen at verizon.net (James E Keenan)
Date: Tue, 23 Aug 2011 20:02:49 -0400
Subject: [nycbug-talk] Does anyone know anyone at Software in the Public
 Interest or, the Software Freedom Conservancy?
In-Reply-To: <mailman.3.1314115202.7414.talk@lists.nycbug.org>
References: <mailman.3.1314115202.7414.talk@lists.nycbug.org>
Message-ID: <4E543FA9.3070700@verizon.net>

On 8/23/11 12:00 PM, talk-request at lists.nycbug.org wrote:
> Does anyone know anyone at Software in the Public Interest or
>        the Software Freedom Conservancy?

The Parrot project (http://parrot.org) is in the very preliminary stages 
of discussing placing ourselves under the auspices of Software Freedom 
Conservancy.  But I personally have not yet met with anyone from them. 
That's all I can say at this point.


From henry95 at gmail.com  Wed Aug 24 15:33:23 2011
From: henry95 at gmail.com (Henry M)
Date: Wed, 24 Aug 2011 15:33:23 -0400
Subject: [nycbug-talk] Fwd: Advisory: Range header DoS vulnerability Apache
	HTTPD 1.3/2.x \(CVE-2011-3192\)
In-Reply-To: <4E5550E8.20605@tablethotels.com>
References: <20110824161640.122D387DD@minotaur.apache.org>
	<4E5550E8.20605@tablethotels.com>
Message-ID: <CAK1r8CUTYV6pdzDEaNPEb3rNvPOF+=CNda_GvUXuczabNzXtpw@mail.gmail.com>

Just in case anyone didn't see this yet...

Here is a thread discussing it a little more:
http://www.gossamer-threads.com/lists/apache/dev/401638


Stay safe!
-Henry

-------- Original Message -------
 Subject: Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x
\(CVE-2011-3192\)  Date: Wed, 24 Aug 2011 16:16:39 +0000 (UTC)  From:
dirkx at apache.org (Dirk-Willem van Gulik)  To: announce at httpd.apache.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

          Apache HTTPD Security ADVISORY
          ==============================

Title:    Range header DoS vulnerability Apache HTTPD 1.3/2.x

CVE:      CVE-2011-3192:
Date:     20110824 1600Z
Product:  Apache HTTPD Web Server
Versions: Apache 1.3 all versions, Apache 2 all versions

Description:
============

A denial of service vulnerability has been found in the way the multiple
overlapping ranges are handled by the Apache HTTPD server:

     http://seclists.org/fulldisclosure/2011/Aug/175

An attack tool is circulating in the wild. Active use of this tools has
been observed.

The attack can be done remotely and with a modest number of requests can
cause very significant memory and CPU usage on the server.

The default Apache HTTPD installation is vulnerable.

There is currently no patch/new version of Apache HTTPD which fixes this
vulnerability. This advisory will be updated when a long term fix
is available.

A full fix is expected in the next 48 hours.

Mitigation:
============

However there are several immediate options to mitigate this issue until
a full fix is available:

1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then
   either ignore the Range: header or reject the request.

   Option 1: (Apache 2.0 and 2.2)

          # Drop the Range header when more than 5 ranges.
          # CVE-2011-3192
          SetEnvIf Range (,.*?){5,} bad-range=1
          RequestHeader unset Range env=bad-range

          # optional logging.
          CustomLog logs/range-CVE-2011-3192.log common env=bad-range

   Option 2: (Also for Apache 1.3)

          # Reject request when more than 5 ranges in the Range: header.
          # CVE-2011-3192
          #
          RewriteEngine on
          RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$)
          RewriteRule .* - [F]

   The number 5 is arbitrary. Several 10's should not be an issue and may be
   required for sites which for example serve PDFs to very high end eReaders
   or use things such complex http based video streaming.

2) Limit the size of the request field to a few hundred bytes. Note that while
   this keeps the offending Range header short - it may break other headers;
   such as sizeable cookies or security fields.

          LimitRequestFieldSize 200

   Note that as the attack evolves in the field you are likely to have
   to further limit this and/or impose other LimitRequestFields limits.

   See: http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize

3) Use mod_headers to completely dis-allow the use of Range headers:

          RequestHeader unset Range

   Note that this may break certain clients - such as those used for
   e-Readers and progressive/http-streaming video.

4) Deploy a Range header count module as a temporary stopgap measure:

     http://people.apache.org/~dirkx/mod_rangecnt.c

   Precompiled binaries for some platforms are available at:

	http://people.apache.org/~dirkx/BINARIES.txt

5) Apply any of the current patches under discussion - such as:

   http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g at mail.gmail.com%3e

Actions:
========

Apache HTTPD users who are concerned about a DoS attack against their server
should consider implementing any of the above mitigations immediately.

When using a third party attack tool to verify vulnerability - know that most
of the versions in the wild currently check for the presence of mod_deflate;
and will (mis)report that your server is not vulnerable if this module is not
present. This vulnerability is not dependent on presence or absence of
that module.

Planning:
=========

This advisory will be updated when new information, a patch or a new release
is available. A patch or new apache release for Apache 2.0 and 2.2 is expected
in the next 48 hours. Note that, while popular, Apache 1.3 is deprecated.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)

iEYEARECAAYFAk5VI+MACgkQ/W+IxiHQpxsz4wCgipR6nQmd45hAgFmI/8dHULLF
BtoAmQGsi2efZKibpaSMI+aCt8fQgWgS
=11BG
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110824/a0d8bd69/attachment.htm>

From ike at blackskyresearch.net  Mon Aug 29 09:08:00 2011
From: ike at blackskyresearch.net (Isaac Levy)
Date: Mon, 29 Aug 2011 09:08:00 -0400
Subject: [nycbug-talk] interesting read (old pacemaker thread)
Message-ID: <201108291308.p7TD82Ab002791@rs134.luxsci.com>

Hi All,

Dragging open a feisty 6 year old thread, who remembers "the pacemaker scenario":

> On Sat, 21 May 2005 alex at pilosoft.com wrote:
>>> Let's keep in mind that the trustworthiness of a life-critical
>>> application has everything to do with how that program was written

http://lists.nycbug.org/pipermail/talk/2005-May/005497.html


--
From BlackHat this summer:

"Earlier this month, Jay Radcliffe, a computer security professional who is also diabetic, showed how an attacker could remotely control insulin pumps to deliver too much or too little insulin to the individual wearing the device."

http://www.wired.com/threatlevel/2011/08/medical-device-security/


Rocket-
.ike




From chsnyder at gmail.com  Mon Aug 29 09:31:48 2011
From: chsnyder at gmail.com (Chris Snyder)
Date: Mon, 29 Aug 2011 09:31:48 -0400
Subject: [nycbug-talk] interesting read (old pacemaker thread)
In-Reply-To: <201108291308.p7TD82Ab002791@rs134.luxsci.com>
References: <201108291308.p7TD82Ab002791@rs134.luxsci.com>
Message-ID: <CAPKKYS2_kRsgGs2NEiPovZfie5k3U+105LKTW7X9t8A1d2XKHg@mail.gmail.com>

On Mon, Aug 29, 2011 at 9:08 AM, Isaac Levy <ike at blackskyresearch.net> wrote:
>
> "Earlier this month, Jay Radcliffe, a computer security professional who is also diabetic, showed how an attacker could remotely control insulin pumps to deliver too much or too little insulin to the individual wearing the device."
>
> http://www.wired.com/threatlevel/2011/08/medical-device-security/
>
>
> Rocket-
> .ike
>

Wow. That really pisses me off.

As in, everyone responsible for that product should be publicly
humiliated and prevented from ever working on medical devices again.
And how did it get licensed for use?


From george at ceetonetechnology.com  Mon Aug 29 09:32:44 2011
From: george at ceetonetechnology.com (George Rosamond)
Date: Mon, 29 Aug 2011 09:32:44 -0400
Subject: [nycbug-talk] Storm
Message-ID: <4E5B94FC.9000301@ceetonetechnology.com>

Out of curiosity, did anyone have issues?

I had no problems anywhere. . .

George


From ike at blackskyresearch.net  Mon Aug 29 09:46:22 2011
From: ike at blackskyresearch.net (Isaac Levy)
Date: Mon, 29 Aug 2011 09:46:22 -0400
Subject: [nycbug-talk] interesting read (old pacemaker thread)
In-Reply-To: <CAPKKYS2_kRsgGs2NEiPovZfie5k3U+105LKTW7X9t8A1d2XKHg@mail.gmail.com>
References: <201108291308.p7TD82Ab002791@rs134.luxsci.com>
	<CAPKKYS2_kRsgGs2NEiPovZfie5k3U+105LKTW7X9t8A1d2XKHg@mail.gmail.com>
Message-ID: <201108291347.p7TDl2w8003619@rs134.luxsci.com>

On Aug 29, 2011, at 9:31 AM, Chris Snyder wrote:

> On Mon, Aug 29, 2011 at 9:08 AM, Isaac Levy <ike at blackskyresearch.net> wrote:
>> 
>> "Earlier this month, Jay Radcliffe, a computer security professional who is also diabetic, showed how an attacker could remotely control insulin pumps to deliver too much or too little insulin to the individual wearing the device."
>> 
>> http://www.wired.com/threatlevel/2011/08/medical-device-security/
>> 
>> 
>> Rocket-
>> .ike
>> 
> 
> Wow. That really pisses me off.

Indeed.

> 
> As in, everyone responsible for that product should be publicly
> humiliated and prevented from ever working on medical devices again.
> And how did it get licensed for use?

Not sure if this is a pleasing response, but:
"I wasn't scared, but I was up there looking around, I realised that I was sitting on a rocket with six thousand components, every one built by the low bidder."
- Alan Shepard, First American to go to Space

Rocket-
.ike




From billtotman at billtotman.com  Mon Aug 29 09:51:59 2011
From: billtotman at billtotman.com (Bill Totman)
Date: Mon, 29 Aug 2011 09:51:59 -0400
Subject: [nycbug-talk] Storm
In-Reply-To: <4E5B94FC.9000301@ceetonetechnology.com>
References: <4E5B94FC.9000301@ceetonetechnology.com>
Message-ID: <683963A9-D2FC-48E6-AA6E-9EAF850D9EC6@billtotman.com>

On Aug 29, 2011, at 9:32, George Rosamond <george at ceetonetechnology.com> wrote:

> Out of curiosity, did anyone have issues?
> 
> I had no problems anywhere. . .
> 
> George
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

No problems but was amazed at the lack of rain on the south side of the storm.

-bt

From matt at atopia.net  Mon Aug 29 11:34:13 2011
From: matt at atopia.net (Matt Juszczak)
Date: Mon, 29 Aug 2011 11:34:13 -0400 (EDT)
Subject: [nycbug-talk] How do you bootstrap puppet?
Message-ID: <alpine.BSF.2.00.1108291131330.25814@venus.atopia.net>

Hi folks,

I'm launching a puppet setup from scratch.  Historically, I've simply 
setup /etc/puppet/manifests|modules on the puppetmaster and launched the 
puppetmaster and puppet processes and let puppet configure itself to get 
the master up and running.

However, I'm now using external nodes via LDAP as well as MySQL for stored 
configs.  So before puppetmaster can be "fully operational", I need MySQL 
and openldap installed and up and running as well. So I'm wondering how I 
setup the LDAP portion of the server:

* Should I just do that manually?

* Should I create a node.pp with just my puppet master and nothing else 
and enable external nodes after the puppet master has been puppetized?

* Should I write a bootstrap.sh script that installs MySQL, OpenLDAP, and 
puppet master, gets them up and running with their appropriate 
configurations, checks out the puppet repository from SVN, and then signs 
the local certificate to continue configuration of the local box?

Any thoughts would be appreciated - thanks!

-Matt


From mikel.king at olivent.com  Mon Aug 29 14:13:54 2011
From: mikel.king at olivent.com (mikel king)
Date: Mon, 29 Aug 2011 14:13:54 -0400
Subject: [nycbug-talk] Storm
In-Reply-To: <4E5B94FC.9000301@ceetonetechnology.com>
References: <4E5B94FC.9000301@ceetonetechnology.com>
Message-ID: <EA158502-BF43-4E27-93E3-595998066712@olivent.com>

Only just got power & internet back a few minutes ago...


On Aug 29, 2011, at 9:32 AM, George Rosamond wrote:

> Out of curiosity, did anyone have issues?
> 
> I had no problems anywhere. . .
> 
> George
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk




From spork at bway.net  Mon Aug 29 17:52:36 2011
From: spork at bway.net (Charles Sprickman)
Date: Mon, 29 Aug 2011 17:52:36 -0400
Subject: [nycbug-talk] Storm
In-Reply-To: <EA158502-BF43-4E27-93E3-595998066712@olivent.com>
References: <4E5B94FC.9000301@ceetonetechnology.com>
	<EA158502-BF43-4E27-93E3-595998066712@olivent.com>
Message-ID: <4E5C0A24.2030108@bway.net>

mikel king wrote:
> Only just got power & internet back a few minutes ago...

Lucky you.  I have a borrowed generator for a few hours to catch up on
email, but no place to do "real work" nearby.  Whole town is dark, so no
starbucks or other distraction-filled cafe-type thing.

http://morristown.patch.com/articles/mayor-power-should-be-on-by-4-pm-monday-downtown-by-midnight

Who builds a substation next to a river?  And since when does
"unprecedented" mean "not since 1999".  Consolidation of power companies
and their zeal for saving costs on maintenance isn't working out so good
for me.

Charles

> 
> On Aug 29, 2011, at 9:32 AM, George Rosamond wrote:
> 
>> Out of curiosity, did anyone have issues?
>>
>> I had no problems anywhere. . .
>>
>> George
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk


From bonsaime at gmail.com  Mon Aug 29 18:01:28 2011
From: bonsaime at gmail.com (Jesse Callaway)
Date: Mon, 29 Aug 2011 18:01:28 -0400
Subject: [nycbug-talk] How do you bootstrap puppet?
In-Reply-To: <alpine.BSF.2.00.1108291131330.25814@venus.atopia.net>
References: <alpine.BSF.2.00.1108291131330.25814@venus.atopia.net>
Message-ID: <CAJU5ZBMdmq+=TxRAGdTG-0dtUKL2go5tQ-1ZJc5ouH+jEG14zw@mail.gmail.com>

I pick choice 3. Relying on puppet to install puppetmaster sounds like
something has to be manually installed at some point.  If you have just that
bootstrapping scripted then you should be golden.
Seems like you have a fairly complex setup,  so i dunno.
On Aug 29, 2011 11:37 AM, "Matt Juszczak" <matt at atopia.net> wrote:
> Hi folks,
>
> I'm launching a puppet setup from scratch. Historically, I've simply
> setup /etc/puppet/manifests|modules on the puppetmaster and launched the
> puppetmaster and puppet processes and let puppet configure itself to get
> the master up and running.
>
> However, I'm now using external nodes via LDAP as well as MySQL for stored

> configs. So before puppetmaster can be "fully operational", I need MySQL
> and openldap installed and up and running as well. So I'm wondering how I
> setup the LDAP portion of the server:
>
> * Should I just do that manually?
>
> * Should I create a node.pp with just my puppet master and nothing else
> and enable external nodes after the puppet master has been puppetized?
>
> * Should I write a bootstrap.sh script that installs MySQL, OpenLDAP, and
> puppet master, gets them up and running with their appropriate
> configurations, checks out the puppet repository from SVN, and then signs
> the local certificate to continue configuration of the local box?
>
> Any thoughts would be appreciated - thanks!
>
> -Matt
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110829/c1b9f8c2/attachment.htm>

From bonsaime at gmail.com  Mon Aug 29 18:03:34 2011
From: bonsaime at gmail.com (Jesse Callaway)
Date: Mon, 29 Aug 2011 18:03:34 -0400
Subject: [nycbug-talk] How do you bootstrap puppet?
Message-ID: <CAJU5ZBNHPUiFnEtWUwoUAteO7ydoa5BMQvg1MBoKCcWTF98hGg@mail.gmail.com>

Oh wait i thought this was the puppet list. Check
puppet-nyc at googlegroups.com
On Aug 29, 2011 6:01 PM, "Jesse Callaway" <bonsaime at gmail.com> wrote:
> I pick choice 3. Relying on puppet to install puppetmaster sounds like
> something has to be manually installed at some point. If you have just
that
> bootstrapping scripted then you should be golden.
> Seems like you have a fairly complex setup, so i dunno.
> On Aug 29, 2011 11:37 AM, "Matt Juszczak" <matt at atopia.net> wrote:
>> Hi folks,
>>
>> I'm launching a puppet setup from scratch. Historically, I've simply
>> setup /etc/puppet/manifests|modules on the puppetmaster and launched the
>> puppetmaster and puppet processes and let puppet configure itself to get
>> the master up and running.
>>
>> However, I'm now using external nodes via LDAP as well as MySQL for
stored
>
>> configs. So before puppetmaster can be "fully operational", I need MySQL
>> and openldap installed and up and running as well. So I'm wondering how I
>> setup the LDAP portion of the server:
>>
>> * Should I just do that manually?
>>
>> * Should I create a node.pp with just my puppet master and nothing else
>> and enable external nodes after the puppet master has been puppetized?
>>
>> * Should I write a bootstrap.sh script that installs MySQL, OpenLDAP, and
>> puppet master, gets them up and running with their appropriate
>> configurations, checks out the puppet repository from SVN, and then signs
>> the local certificate to continue configuration of the local box?
>>
>> Any thoughts would be appreciated - thanks!
>>
>> -Matt
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110829/c84e1a97/attachment.htm>

From mspitzer at gmail.com  Tue Aug 30 12:32:16 2011
From: mspitzer at gmail.com (Marc Spitzer)
Date: Tue, 30 Aug 2011 12:32:16 -0400
Subject: [nycbug-talk] simple apache log parser
Message-ID: <CA+qr9e72qRw4g9Ese_c2Lu2mTPFfjQeqiEVHoNiQ0sREtk_img@mail.gmail.com>

Hello all,

I am looking for a simple common log parser for apache. What I would
like is a simple script that takes a log file and spits out sqlite
insert statements.  My goal is some add hoc reporting on my logs,
webdav related issue, to figure out what is going on.

Any ideas?

thanks,

marc
-- 
Freedom is nothing but a chance to be better.
--Albert Camus

?The problem with socialism is that eventually you run out
of other people's money.
--Margaret Thatcher


From mikel.king at olivent.com  Tue Aug 30 12:44:31 2011
From: mikel.king at olivent.com (mikel king)
Date: Tue, 30 Aug 2011 12:44:31 -0400
Subject: [nycbug-talk] simple apache log parser
In-Reply-To: <CA+qr9e72qRw4g9Ese_c2Lu2mTPFfjQeqiEVHoNiQ0sREtk_img@mail.gmail.com>
References: <CA+qr9e72qRw4g9Ese_c2Lu2mTPFfjQeqiEVHoNiQ0sREtk_img@mail.gmail.com>
Message-ID: <FFF9D1F1-F383-49BF-A463-EFF0921B362F@olivent.com>


On Aug 30, 2011, at 12:32 PM, Marc Spitzer wrote:

> Hello all,
> 
> I am looking for a simple common log parser for apache. What I would
> like is a simple script that takes a log file and spits out sqlite
> insert statements.  My goal is some add hoc reporting on my logs,
> webdav related issue, to figure out what is going on.
> 
> Any ideas?
> 
> thanks,
> 
> marc

Marc,

	A long time ago I used the Apache custom log format to write the logs as SQL statements and then used a script to pump that custom log into MySql. Once in the db I was able to search and sort based on the information in the columns. 

	It may not be optimal but it saved a lot of parsing and gave me somewhat dynamic logging for my servers.

Cheers,
Mikel


From mspitzer at gmail.com  Tue Aug 30 14:26:01 2011
From: mspitzer at gmail.com (Marc Spitzer)
Date: Tue, 30 Aug 2011 14:26:01 -0400
Subject: [nycbug-talk] simple apache log parser
In-Reply-To: <CA+qr9e72qRw4g9Ese_c2Lu2mTPFfjQeqiEVHoNiQ0sREtk_img@mail.gmail.com>
References: <CA+qr9e72qRw4g9Ese_c2Lu2mTPFfjQeqiEVHoNiQ0sREtk_img@mail.gmail.com>
Message-ID: <CA+qr9e4YsAJFtjZ3nMO_bUN3Z4GNjchQ67cuo8x7RczQT40qNg@mail.gmail.com>

As usual should have looked in ports first,
http://www.steve.org.uk/Software/asql/ looks like just what I want.
Its in www/asql

thanks,

marc

On Tue, Aug 30, 2011 at 12:32 PM, Marc Spitzer <mspitzer at gmail.com> wrote:
> Hello all,
>
> I am looking for a simple common log parser for apache. What I would
> like is a simple script that takes a log file and spits out sqlite
> insert statements. ?My goal is some add hoc reporting on my logs,
> webdav related issue, to figure out what is going on.
>
> Any ideas?
>
> thanks,
>
> marc
> --
> Freedom is nothing but a chance to be better.
> --Albert Camus
>
> ?The problem with socialism is that eventually you run out
> of other people's money.
> --Margaret Thatcher
>



-- 
Freedom is nothing but a chance to be better.
--Albert Camus

?The problem with socialism is that eventually you run out
of other people's money.
--Margaret Thatcher


From mark.saad at ymail.com  Wed Aug 31 13:23:46 2011
From: mark.saad at ymail.com (Mark Saad)
Date: Wed, 31 Aug 2011 13:23:46 -0400
Subject: [nycbug-talk] Ping - (earthquake)
In-Reply-To: <4E540627.4050503@gmail.com>
References: <201108231917.p7NJH4fE019336@rs134.luxsci.com>
	<DE0EB7CB-11EB-4101-91C6-63ADF7591DD3@donnerjack.com>
	<201108231931.p7NJV4A2015630@rs134.luxsci.com>
	<B93C029A-44B4-4146-8A53-56BD49A1946B@billtotman.com>
	<4E540627.4050503@gmail.com>
Message-ID: <CAMXt9NYq4F6AGVynXE7AZc3Kjq4Az_CVBPPfbLcTgCa6EuJc3A@mail.gmail.com>

Hey Eveybody
   I am just getting back on line today. I was stuck out in long island for
the past few days.
One strange thing that I lost during the storm was Verizon's LTE Service.
Prior to the storm I could connect to Both the LTE Network and EV-DO Rev Ae
networks via a Verizon MiFi hotspot. After the rain stopped I could only get
on the 1x.RTT networks at 33Kbs .
I would have to guess vzw lost a cell site / pop during the storm .

--
Mark Saad
Mark.saad at longcount.org
------------------------------
On Aug 23, 2011 3:59 PM, steve rieger <riegersteve at gmail.com> wrote:

On 8/23/2011 12:53 PM, Bill Totman wrote:
> The only 'congestion' I experienced was on Broadway after several
> building managers south of Wall St over reacted and evacuated their
> office tenants. -bt
I only evacuate for anything larger than 7.0


_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110831/a6654bb2/attachment.htm>

From mark.saad at ymail.com  Wed Aug 31 13:49:40 2011
From: mark.saad at ymail.com (Mark Saad)
Date: Wed, 31 Aug 2011 13:49:40 -0400
Subject: [nycbug-talk] interesting read (old pacemaker thread)
In-Reply-To: <201108291347.p7TDl2w8003619@rs134.luxsci.com>
References: <201108291308.p7TD82Ab002791@rs134.luxsci.com>
	<CAPKKYS2_kRsgGs2NEiPovZfie5k3U+105LKTW7X9t8A1d2XKHg@mail.gmail.com>
	<201108291347.p7TDl2w8003619@rs134.luxsci.com>
Message-ID: <CAMXt9NaHNLj=6Q+P5X6-jBHHMDpspSSkxxKSZAeej6NyUzF=2g@mail.gmail.com>

On Mon, Aug 29, 2011 at 9:46 AM, Isaac Levy <ike at blackskyresearch.net> wrote:
> On Aug 29, 2011, at 9:31 AM, Chris Snyder wrote:
>
>> On Mon, Aug 29, 2011 at 9:08 AM, Isaac Levy <ike at blackskyresearch.net> wrote:
>>>
>>> "Earlier this month, Jay Radcliffe, a computer security professional who is also diabetic, showed how an attacker could remotely control insulin pumps to deliver too much or too little insulin to the individual wearing the device."
>>>
>>> http://www.wired.com/threatlevel/2011/08/medical-device-security/
>>>
>>>
>>> Rocket-
>>> .ike
>>>
>>
>> Wow. That really pisses me off.
>
> Indeed.
>
>>
>> As in, everyone responsible for that product should be publicly
>> humiliated and prevented from ever working on medical devices again.
>> And how did it get licensed for use?
>
> Not sure if this is a pleasing response, but:
> "I wasn't scared, but I was up there looking around, I realised that I was sitting on a rocket with six thousand components, every one built by the low bidder."
> - Alan Shepard, First American to go to Space
>
> Rocket-
> .ike
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
My wife who is a diabetic heard about this and first said "why would
he do that , now nothing will get approved by the FDA" . However she
was looking into how she could listen to her wireless glucose monitor
to have a desktop application that would show here count on the
computer she was working at.  My take on this is that the FDA should
publish a RFC for wireless device communications and design a nice
strict protocol for communications . The big issue I see here is each
dumb pharma company wants to copyright their product to make the most
money on their work. If they do a crap job no one will know they keep
all of their work closed and private. With the network they use open
and well designed and freely licensable  , big pharma can concentrate
on the nuts and bolts , the the over all quality of the mechanical
parts in the devices, and the software.

--
Mark Saad | mark.saad at ymail.com


From openbsd at aise.re  Wed Aug 31 14:06:44 2011
From: openbsd at aise.re (milo)
Date: Wed, 31 Aug 2011 22:06:44 +0400
Subject: [nycbug-talk] ikev2 vpn
Message-ID: <401c20035bbdc021f28bc727558a8fb1@localhost>

Hi,

Is there someone to help me on building vpn
between a Win7 workstation and an OpenBSD 4.9 gateway
using ikev2. I already read man pages of iked; ikectl and
iked.conf. I tried to do it but no success.

What i have done on the OpenBSD Box :

2 network card rl0:192.168.0.0/24
and em0:public_ip_address

>iked.conf:
user "milo" "password456"
ikev2 "win7" esp \
       from any to any \
       eap "mschap-v2" \
       tag "$name-$id"

ikectl ca vpn create
ikectl ca vpn certificate ip_openbsd create
ikectl ca vpn certificate ip_win7 create
ikectl ca vpn install
ikectl ca vpn certificate ip_openbsd install
ikectl ca vpn certificate ip_win7 export

>pf.conf:
skip on { lo, enc0 }
match out on egress inet from rl0:network to any nat-to egress:0
pass

What i have done on win7 :
Only one network card, with a public_ip_address
I configure a vpn connection with ikev2 protocol and EAP-MSCHAP-V2
Install certificate : ip_win7 and vpn certificate.
Firewall is disable. I can ping the public ip address of my OpenBSD
gateway.
I can use putty to connect on it using ssh.
When i start the vpn i have error 809 (stop on username and password
verification)

So if someone can help me... you're welcome.
And perhaps, there's a better way to have a good vpn without using third
software on win7...

All the best,

Milo.



From edlinuxguru at gmail.com  Wed Aug 31 14:25:55 2011
From: edlinuxguru at gmail.com (Edward Capriolo)
Date: Wed, 31 Aug 2011 14:25:55 -0400
Subject: [nycbug-talk] interesting read (old pacemaker thread)
In-Reply-To: <CAMXt9NaHNLj=6Q+P5X6-jBHHMDpspSSkxxKSZAeej6NyUzF=2g@mail.gmail.com>
References: <201108291308.p7TD82Ab002791@rs134.luxsci.com>
	<CAPKKYS2_kRsgGs2NEiPovZfie5k3U+105LKTW7X9t8A1d2XKHg@mail.gmail.com>
	<201108291347.p7TDl2w8003619@rs134.luxsci.com>
	<CAMXt9NaHNLj=6Q+P5X6-jBHHMDpspSSkxxKSZAeej6NyUzF=2g@mail.gmail.com>
Message-ID: <CAENxBww6GxRJjxR0n+d531D=shrH6yAgrvPO6=32Ur_QU-b4sA@mail.gmail.com>

On Wed, Aug 31, 2011 at 1:49 PM, Mark Saad <mark.saad at ymail.com> wrote:

> On Mon, Aug 29, 2011 at 9:46 AM, Isaac Levy <ike at blackskyresearch.net>
> wrote:
> > On Aug 29, 2011, at 9:31 AM, Chris Snyder wrote:
> >
> >> On Mon, Aug 29, 2011 at 9:08 AM, Isaac Levy <ike at blackskyresearch.net>
> wrote:
> >>>
> >>> "Earlier this month, Jay Radcliffe, a computer security professional
> who is also diabetic, showed how an attacker could remotely control insulin
> pumps to deliver too much or too little insulin to the individual wearing
> the device."
> >>>
> >>> http://www.wired.com/threatlevel/2011/08/medical-device-security/
> >>>
> >>>
> >>> Rocket-
> >>> .ike
> >>>
> >>
> >> Wow. That really pisses me off.
> >
> > Indeed.
> >
> >>
> >> As in, everyone responsible for that product should be publicly
> >> humiliated and prevented from ever working on medical devices again.
> >> And how did it get licensed for use?
> >
> > Not sure if this is a pleasing response, but:
> > "I wasn't scared, but I was up there looking around, I realised that I
> was sitting on a rocket with six thousand components, every one built by the
> low bidder."
> > - Alan Shepard, First American to go to Space
> >
> > Rocket-
> > .ike
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nycbug.org
> > http://lists.nycbug.org/mailman/listinfo/talk
> >
> My wife who is a diabetic heard about this and first said "why would
> he do that , now nothing will get approved by the FDA" . However she
> was looking into how she could listen to her wireless glucose monitor
> to have a desktop application that would show here count on the
> computer she was working at.  My take on this is that the FDA should
> publish a RFC for wireless device communications and design a nice
> strict protocol for communications . The big issue I see here is each
> dumb pharma company wants to copyright their product to make the most
> money on their work. If they do a crap job no one will know they keep
> all of their work closed and private. With the network they use open
> and well designed and freely licensable  , big pharma can concentrate
> on the nuts and bolts , the the over all quality of the mechanical
> parts in the devices, and the software.
>
> --
> Mark Saad | mark.saad at ymail.com
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

When I get older I will probably be on wiki's and php BB for tips on
over-clocking my pacemaker :)

I feel that the consumer should not be able to demand a product to open
source. This topic boggles my mind. I do believe open source make the best
code, but I saw an apache/BSD licence on a pacemaker with that no warranty
clause. I might opt for closed source. Also the domain specific knowledge of
such a product is so large getting critical mass for an open source project
seems difficult.

I do like your point about designing parts of the wireless protocol around
RFC.

http://www.wired.com/threatlevel/2011/08/medical-device-security/ <- This
makes me think of sandra bullock and the net. My general perception is that
the world is lax on computer security, then again this is just as true
outside of computers. We all say things like "a real care thief can defeat
this alarm" and most door locks can be foiled with a credit card. Can we
hold medical devices to some higher standard when most of our non-technical
friends will turn off their writeless-routers wap and security features just
to make life that much easier?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20110831/ea275c44/attachment.htm>

From george at ceetonetechnology.com  Wed Aug 31 15:04:05 2011
From: george at ceetonetechnology.com (George Rosamond)
Date: Wed, 31 Aug 2011 15:04:05 -0400
Subject: [nycbug-talk] interesting read (old pacemaker thread)
In-Reply-To: <CAENxBww6GxRJjxR0n+d531D=shrH6yAgrvPO6=32Ur_QU-b4sA@mail.gmail.com>
References: <201108291308.p7TD82Ab002791@rs134.luxsci.com>
	<CAPKKYS2_kRsgGs2NEiPovZfie5k3U+105LKTW7X9t8A1d2XKHg@mail.gmail.com>
	<201108291347.p7TDl2w8003619@rs134.luxsci.com>
	<CAMXt9NaHNLj=6Q+P5X6-jBHHMDpspSSkxxKSZAeej6NyUzF=2g@mail.gmail.com>
	<CAENxBww6GxRJjxR0n+d531D=shrH6yAgrvPO6=32Ur_QU-b4sA@mail.gmail.com>
Message-ID: <4E5E85A5.8080207@ceetonetechnology.com>

On 08/31/11 14:25, Edward Capriolo wrote:
> On Wed, Aug 31, 2011 at 1:49 PM, Mark Saad<mark.saad at ymail.com>  wrote:
>
>> On Mon, Aug 29, 2011 at 9:46 AM, Isaac Levy<ike at blackskyresearch.net>
>> wrote:
>>> On Aug 29, 2011, at 9:31 AM, Chris Snyder wrote:
>>>
>>>> On Mon, Aug 29, 2011 at 9:08 AM, Isaac Levy<ike at blackskyresearch.net>
>> wrote:
>>>>>
>>>>> "Earlier this month, Jay Radcliffe, a computer security professional
>> who is also diabetic, showed how an attacker could remotely control insulin
>> pumps to deliver too much or too little insulin to the individual wearing
>> the device."
>>>>>
>>>>> http://www.wired.com/threatlevel/2011/08/medical-device-security/
>>>>>
>>>>>
>>>>> Rocket-
>>>>> .ike
>>>>>
>>>>
>>>> Wow. That really pisses me off.
>>>
>>> Indeed.
>>>
>>>>
>>>> As in, everyone responsible for that product should be publicly
>>>> humiliated and prevented from ever working on medical devices again.
>>>> And how did it get licensed for use?
>>>
>>> Not sure if this is a pleasing response, but:
>>> "I wasn't scared, but I was up there looking around, I realised that I
>> was sitting on a rocket with six thousand components, every one built by the
>> low bidder."
>>> - Alan Shepard, First American to go to Space
>>>
>>> Rocket-
>>> .ike
>>>
>>>
>>> _______________________________________________
>>> talk mailing list
>>> talk at lists.nycbug.org
>>> http://lists.nycbug.org/mailman/listinfo/talk
>>>
>> My wife who is a diabetic heard about this and first said "why would
>> he do that , now nothing will get approved by the FDA" . However she
>> was looking into how she could listen to her wireless glucose monitor
>> to have a desktop application that would show here count on the
>> computer she was working at.  My take on this is that the FDA should
>> publish a RFC for wireless device communications and design a nice
>> strict protocol for communications . The big issue I see here is each
>> dumb pharma company wants to copyright their product to make the most
>> money on their work. If they do a crap job no one will know they keep
>> all of their work closed and private. With the network they use open
>> and well designed and freely licensable  , big pharma can concentrate
>> on the nuts and bolts , the the over all quality of the mechanical
>> parts in the devices, and the software.
>>
>> --
>> Mark Saad | mark.saad at ymail.com
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>>
>
> When I get older I will probably be on wiki's and php BB for tips on
> over-clocking my pacemaker :)
>
> I feel that the consumer should not be able to demand a product to open
> source. This topic boggles my mind. I do believe open source make the best
> code, but I saw an apache/BSD licence on a pacemaker with that no warranty
> clause. I might opt for closed source. Also the domain specific knowledge of
> such a product is so large getting critical mass for an open source project
> seems difficult.

I disagree Ed.

If you're talking about a bunch of crappy developers that populate a lot 
of open source projects today, then who wouldn't opt for closed source, 
so at least your family has someone to sue after you die.

I don't think many of us could grasp the world of open source applied to 
things other than our realm of software.

I think of the old reality in electronics when people got comprehensive 
schematics and parts were accessible.  It trained an enormous layer of 
people to tinker and troubleshoot, and put them in control.  And you 
could still due the manufacturers :)

That died out hard and fast for a variety of reasons.

Now imagine that pacemaker was available on some easy wiki, and a close 
family member was on it. . .

The eyeballs argument about open source security gets a bit distorted 
today.  It's meant for a narrow layer of people and only few of actually 
look at the code.

But in other realms I think the context could change drastically. 
Broadening out the layer of 'tinkerers' on the product would be of huge 
benefit.

Not that I would trust most of you with my pacemaker. . .

I posted this a long while back, but think it has some relevance.  It's 
an article from the BLS about open source development of the airplane 
industry.

http://www.hbs.edu/entrepreneurship/pdf/Meyer-summary.pdf

g

>
> I do like your point about designing parts of the wireless protocol around
> RFC.
>
> http://www.wired.com/threatlevel/2011/08/medical-device-security/<- This
> makes me think of sandra bullock and the net. My general perception is that
> the world is lax on computer security, then again this is just as true
> outside of computers. We all say things like "a real care thief can defeat
> this alarm" and most door locks can be foiled with a credit card. Can we
> hold medical devices to some higher standard when most of our non-technical
> friends will turn off their writeless-routers wap and security features just
> to make life that much easier?
>