From mspitzer at gmail.com Wed Jun 1 12:33:10 2011 From: mspitzer at gmail.com (Marc Spitzer) Date: Wed, 1 Jun 2011 12:33:10 -0400 Subject: [nycbug-talk] interesting article on geting the best bang for your buck on hosting websites In-Reply-To: <46EE21DB773C384D91FC9A87DFCB83C5195C4E@EXMBX07.netplexity.local> References: <46EE21DB773C384D91FC9A87DFCB83C5195C4E@EXMBX07.netplexity.local> Message-ID: well this is from 2009 On Wed, Jun 1, 2011 at 11:48 AM, Hans Zaunere wrote: >> http://markmaunder.com/2009/how-to-handle-1000s-of-concurrent-users-on-a-360mb-vps/ > > Though this begs the obvious question - why not just drop Apache... I have for the most part. > > H > > -- Freedom is nothing but a chance to be better. --Albert Camus ?The problem with socialism is that eventually you run out of other people's money. --Margaret Thatcher From mspitzer at gmail.com Thu Jun 2 18:13:37 2011 From: mspitzer at gmail.com (Marc Spitzer) Date: Thu, 2 Jun 2011 18:13:37 -0400 Subject: [nycbug-talk] Summer con is coming up next week Message-ID: SummerCON 2011: June 10-12 http://www.summercon.org/ It was a good con last year marc -- Freedom is nothing but a chance to be better. --Albert Camus ?The problem with socialism is that eventually you run out of other people's money. --Margaret Thatcher From george at ceetonetechnology.com Fri Jun 3 21:49:22 2011 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 03 Jun 2011 21:49:22 -0400 Subject: [nycbug-talk] OpenSSH book Message-ID: <4DE98F22.2050209@ceetonetechnology.com> Looks like Michael Lucas is aiming towards self-publishing a book just on OpenSSH: http://blather.michaelwlucas.com/archives/881 I think back to the manner in which Dru has queried people for book content and tips, and imagine we could do the same for an OpenSSH book, if there's a need. More likely, it would be cool to do a launch-type meeting. Heck, maybe ML will even provide a top-shelf open bar at a high-end restaurant for it. I know the 21 Club has appropriate rooms! g From spork at bway.net Fri Jun 3 23:19:42 2011 From: spork at bway.net (Charles Sprickman) Date: Fri, 3 Jun 2011 23:19:42 -0400 (EDT) Subject: [nycbug-talk] OpenSSH book In-Reply-To: <4DE98F22.2050209@ceetonetechnology.com> References: <4DE98F22.2050209@ceetonetechnology.com> Message-ID: On Fri, 3 Jun 2011, George Rosamond wrote: > Looks like Michael Lucas is aiming towards self-publishing a book just on > OpenSSH: > > http://blather.michaelwlucas.com/archives/881 > > I think back to the manner in which Dru has queried people for book content > and tips, and imagine we could do the same for an OpenSSH book, if there's a > need. I am going to bet I'm not alone in not keeping up with all the new features that have rolled out since I started using OpenSSH. As it stands, I use it daily and I'm probably missing out on enough to, well, fill a small book. I think mwl's project will be a smashing success. OT, but another fun mini-book would be "Learn to use tmux, you damn fool!". Especially after seeing some of the plans to integrate iTerm2 with tmux: https://docs.google.com/document/d/1ABI0kqUUxoAjxhWW3AsWFis6bgvMoEbcTcA2N21ncmU/edit?hl=en&authkey=COHZn78P&pli=1 Charles > More likely, it would be cool to do a launch-type meeting. Heck, maybe ML > will even provide a top-shelf open bar at a high-end restaurant for it. I > know the 21 Club has appropriate rooms! > g > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > From bcully at gmail.com Fri Jun 3 23:39:28 2011 From: bcully at gmail.com (Brian Cully) Date: Fri, 3 Jun 2011 23:39:28 -0400 Subject: [nycbug-talk] OpenSSH book In-Reply-To: <4DE98F22.2050209@ceetonetechnology.com> References: <4DE98F22.2050209@ceetonetechnology.com> Message-ID: On Jun 3, 2011, at 21:49, George Rosamond wrote: > I think back to the manner in which Dru has queried people for book content and tips, and imagine we could do the same for an OpenSSH book, if there's a need. OpenSSH is a neat tool. On the one hand it offers a very simple "give me a shell" functionality which will at least encrypt traffic and prevent MITM attacks. On the other hand it has some powerful, although somewhat esoteric uses. The simple stuff doesn't really need explanation, IMHO. I'd love to see something that covers forward and reverse tunnels, auth mechanism integration, security/convenience tradeoffs of passwords vs. GSSAPI vs. DSA keys, why agent forwarding can be a bad idea and why it can be a good idea, and discussion of some of the stranger features like, say, UseLogin. OK, the last one was to stroke my ego. Does anyone actually use UseLogin? -bjc From jhb at freebsd.org Mon Jun 6 08:55:36 2011 From: jhb at freebsd.org (John Baldwin) Date: Mon, 6 Jun 2011 08:55:36 -0400 Subject: [nycbug-talk] OpenSSH book In-Reply-To: References: <4DE98F22.2050209@ceetonetechnology.com> Message-ID: <201106060855.36371.jhb@freebsd.org> On Friday, June 03, 2011 11:39:28 pm Brian Cully wrote: > On Jun 3, 2011, at 21:49, George Rosamond wrote: > > I think back to the manner in which Dru has queried people for book content and tips, and imagine we could do the same for an OpenSSH book, if there's a need. > > OpenSSH is a neat tool. On the one hand it offers a very simple "give me a shell" functionality which will at least encrypt traffic and prevent MITM attacks. On the other hand it has some powerful, although somewhat esoteric uses. > > The simple stuff doesn't really need explanation, IMHO. I'd love to see something that covers forward and reverse tunnels, auth mechanism integration, security/convenience tradeoffs of passwords vs. GSSAPI vs. DSA keys, why agent forwarding can be a bad idea and why it can be a good idea, and discussion of some of the stranger features like, say, UseLogin. > > OK, the last one was to stroke my ego. Does anyone actually use UseLogin? I've used it at a past job to make ssh connections respect /etc/login.access. -- John Baldwin From mwlucas at blackhelicopters.org Mon Jun 6 09:20:30 2011 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Mon, 6 Jun 2011 09:20:30 -0400 Subject: [nycbug-talk] OpenSSH book In-Reply-To: <201106060855.36371.jhb@freebsd.org> References: <4DE98F22.2050209@ceetonetechnology.com> <201106060855.36371.jhb@freebsd.org> Message-ID: <20110606132030.GA83211@bewilderbeast.blackhelicopters.org> On Mon, Jun 06, 2011 at 08:55:36AM -0400, John Baldwin wrote: > On Friday, June 03, 2011 11:39:28 pm Brian Cully wrote: > > On Jun 3, 2011, at 21:49, George Rosamond > wrote: > > > I think back to the manner in which Dru has queried people for book > content and tips, and imagine we could do the same for an OpenSSH book, if > there's a need. > > > > OpenSSH is a neat tool. On the one hand it offers a very simple "give me a > shell" functionality which will at least encrypt traffic and prevent MITM > attacks. On the other hand it has some powerful, although somewhat esoteric > uses. > > > > The simple stuff doesn't really need explanation, IMHO. I'd love to see > something that covers forward and reverse tunnels, auth mechanism integration, > security/convenience tradeoffs of passwords vs. GSSAPI vs. DSA keys, why agent > forwarding can be a bad idea and why it can be a good idea, and discussion of > some of the stranger features like, say, UseLogin. > > > > OK, the last one was to stroke my ego. Does anyone actually use UseLogin? > > I've used it at a past job to make ssh connections respect /etc/login.access. That's precisely the sort of weird edge case I'm NOT covering. :-) I am doing tunnels and security of agent forwarding, but not GSSAPI and complex auth mechanisms. The latter vary wildly depending on operating system. My target reader has downloaded PuTTY, typed in a username and password, and says "I'm secure!" Once you have a handle on keys, X11 forwarding, and restricting certain keys to certain commands (for automated use), they'll be able to use man pages and google for that weird crap. ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlucas at BlackHelicopters.org, Twitter @mwlauthor From drulavigne at sympatico.ca Mon Jun 6 11:24:16 2011 From: drulavigne at sympatico.ca (Dru Lavigne) Date: Mon, 6 Jun 2011 15:24:16 +0000 Subject: [nycbug-talk] IPv6-only testing snapshots Message-ID: Some of the people on this list might have some fun with the IPv6-only testing snapshots for FreeBSD and PC-BSD: http://freebsdfoundation.blogspot.com/2011/06/freebsd-foundation-and-ixsystems.html http://blog.pcbsd.org/2011/06/ipv6-only-version-of-pc-bsd-9-0-available-for-world-ipv6-day/ Cheers, Dru -------------- next part -------------- An HTML attachment was scrubbed... URL: From ike at blackskyresearch.net Mon Jun 6 12:04:17 2011 From: ike at blackskyresearch.net (Isaac Levy) Date: Mon, 6 Jun 2011 12:04:17 -0400 Subject: [nycbug-talk] tcp socket accept round robin? Message-ID: <201106061605.p56G52TB009273@rs75.luxsci.com> Hi All, A strange question: On FreeBSD: Does anyone know how to force accept on a tcp socket to go round robin? Or perhaps to make it flap between 2 backends? Doing some hacking to solve a problem with spawn-fcgi, and trying to find system tunable, syscall, or other mechanism to make this happen. Best, .ike From mikel.king at olivent.com Mon Jun 6 13:14:49 2011 From: mikel.king at olivent.com (mikel king) Date: Mon, 6 Jun 2011 13:14:49 -0400 Subject: [nycbug-talk] OpenSSH book In-Reply-To: <20110606132030.GA83211@bewilderbeast.blackhelicopters.org> References: <4DE98F22.2050209@ceetonetechnology.com> <201106060855.36371.jhb@freebsd.org> <20110606132030.GA83211@bewilderbeast.blackhelicopters.org> Message-ID: <1C007D1B-729B-4087-824C-866B03F7947A@olivent.com> On Jun 6, 2011, at 9:20 AM, Michael W. Lucas wrote: > That's precisely the sort of weird edge case I'm NOT covering. :-) > > I am doing tunnels and security of agent forwarding, but not GSSAPI > and complex auth mechanisms. The latter vary wildly depending on > operating system. > > My target reader has downloaded PuTTY, typed in a username and > password, and says "I'm secure!" Once you have a handle on keys, X11 > forwarding, and restricting certain keys to certain commands (for > automated use), they'll be able to use man pages and google for that > weird crap. > > ==ml So you'll not likely be covering rendezvous points and the like? Regards, Mikel From george at ceetonetechnology.com Mon Jun 6 14:40:52 2011 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 06 Jun 2011 14:40:52 -0400 Subject: [nycbug-talk] OpenSSH book In-Reply-To: <1C007D1B-729B-4087-824C-866B03F7947A@olivent.com> References: <4DE98F22.2050209@ceetonetechnology.com> <201106060855.36371.jhb@freebsd.org> <20110606132030.GA83211@bewilderbeast.blackhelicopters.org> <1C007D1B-729B-4087-824C-866B03F7947A@olivent.com> Message-ID: <4DED1F34.5040409@ceetonetechnology.com> On 06/06/11 13:14, mikel king wrote: > > On Jun 6, 2011, at 9:20 AM, Michael W. Lucas wrote: > >> That's precisely the sort of weird edge case I'm NOT covering. :-) >> >> I am doing tunnels and security of agent forwarding, but not GSSAPI >> and complex auth mechanisms. The latter vary wildly depending on >> operating system. >> >> My target reader has downloaded PuTTY, typed in a username and >> password, and says "I'm secure!" Once you have a handle on keys, X11 >> forwarding, and restricting certain keys to certain commands (for >> automated use), they'll be able to use man pages and google for that >> weird crap. >> >> ==ml > > > So you'll not likely be covering rendezvous points and the like? > I think the point ML is making about the audience is important. It's for PUTTY users. . . think about what next steps the majority of those users need. Tunneling would certainly be front and center from my guess, as using keys. There's nothing wrong with people raising more advanced functions and configs with ssh or sshd, since some of that stuff might fit in. And actually, I think it's a cool idea to add a section for "the adventurous" as mundane as the points might be to many others. But it seems to be, this is the "next step" for users just putty'g without keys, not knowing how to create tunnels, etc. I suspect these are the people who haven't been smart enough to tunnel their traffic at technical conferences :) g From mspitzer at gmail.com Mon Jun 6 19:01:20 2011 From: mspitzer at gmail.com (Marc Spitzer) Date: Mon, 6 Jun 2011 19:01:20 -0400 Subject: [nycbug-talk] tcp socket accept round robin? In-Reply-To: <201106061605.p56G52TB009273@rs75.luxsci.com> References: <201106061605.p56G52TB009273@rs75.luxsci.com> Message-ID: are we talking client or server? perhaps haproxy would do: http://haproxy.1wt.eu/ marc On Mon, Jun 6, 2011 at 12:04 PM, Isaac Levy wrote: > Hi All, > > A strange question: > > On FreeBSD: Does anyone know how to force accept on a tcp socket to go round robin? ?Or perhaps to make it flap between 2 backends? ?Doing some hacking to solve a problem with spawn-fcgi, and trying to find system tunable, syscall, or other mechanism to make this happen. > > Best, > .ike > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -- Freedom is nothing but a chance to be better. --Albert Camus ?The problem with socialism is that eventually you run out of other people's money. --Margaret Thatcher From bonsaime at gmail.com Mon Jun 6 19:12:45 2011 From: bonsaime at gmail.com (Jesse Callaway) Date: Mon, 6 Jun 2011 19:12:45 -0400 Subject: [nycbug-talk] tcp socket accept round robin? In-Reply-To: <201106061605.p56G52TB009273@rs75.luxsci.com> References: <201106061605.p56G52TB009273@rs75.luxsci.com> Message-ID: On Mon, Jun 6, 2011 at 12:04 PM, Isaac Levy wrote: > Hi All, > > A strange question: > > On FreeBSD: Does anyone know how to force accept on a tcp socket to go round robin? ?Or perhaps to make it flap between 2 backends? ?Doing some hacking to solve a problem with spawn-fcgi, and trying to find system tunable, syscall, or other mechanism to make this happen. > > Best, > .ike > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > Isn't that an application-level decision? I'm not sure... what's up? I'm interested. -- -jesse From george at ceetonetechnology.com Tue Jun 7 00:20:20 2011 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 07 Jun 2011 00:20:20 -0400 Subject: [nycbug-talk] tcp socket accept round robin? In-Reply-To: References: <201106061605.p56G52TB009273@rs75.luxsci.com> Message-ID: <4DEDA704.9050407@ceetonetechnology.com> On 06/06/11 19:12, Jesse Callaway wrote: > On Mon, Jun 6, 2011 at 12:04 PM, Isaac Levy wrote: >> Hi All, >> >> A strange question: >> >> On FreeBSD: Does anyone know how to force accept on a tcp socket to go round robin? Or perhaps to make it flap between 2 backends? Doing some hacking to solve a problem with spawn-fcgi, and trying to find system tunable, syscall, or other mechanism to make this happen. >> >> Best, >> .ike >> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nycbug.org >> http://lists.nycbug.org/mailman/listinfo/talk >> > > Isn't that an application-level decision? I'm not sure... what's up? > I'm interested. That's really the main question I'm guessing. . . he said "tcp sockets" not application sessions. Wrong layer. . . g From bonsaime at gmail.com Tue Jun 7 00:23:48 2011 From: bonsaime at gmail.com (Jesse Callaway) Date: Tue, 7 Jun 2011 00:23:48 -0400 Subject: [nycbug-talk] OpenSSH book In-Reply-To: <4DED1F34.5040409@ceetonetechnology.com> References: <4DE98F22.2050209@ceetonetechnology.com> <201106060855.36371.jhb@freebsd.org> <20110606132030.GA83211@bewilderbeast.blackhelicopters.org> <1C007D1B-729B-4087-824C-866B03F7947A@olivent.com> <4DED1F34.5040409@ceetonetechnology.com> Message-ID: On Jun 6, 2011 2:42 PM, "George Rosamond" wrote: > > On 06/06/11 13:14, mikel king wrote: >> >> >> On Jun 6, 2011, at 9:20 AM, Michael W. Lucas wrote: >> >>> That's precisely the sort of weird edge case I'm NOT covering. :-) >>> >>> I am doing tunnels and security of agent forwarding, but not GSSAPI >>> and complex auth mechanisms. The latter vary wildly depending on >>> operating system. >>> >>> My target reader has downloaded PuTTY, typed in a username and >>> password, and says "I'm secure!" Once you have a handle on keys, X11 >>> forwarding, and restricting certain keys to certain commands (for >>> automated use), they'll be able to use man pages and google for that >>> weird crap. >>> >>> ==ml >> >> >> >> So you'll not likely be covering rendezvous points and the like? >> > > I think the point ML is making about the audience is important. > > It's for PUTTY users. . . think about what next steps the majority of those users need. > > Tunneling would certainly be front and center from my guess, as using keys. > > There's nothing wrong with people raising more advanced functions and configs with ssh or sshd, since some of that stuff might fit in. And actually, I think it's a cool idea to add a section for "the adventurous" as mundane as the points might be to many others. > > But it seems to be, this is the "next step" for users just putty'g without keys, not knowing how to create tunnels, etc. > > I suspect these are the people who haven't been smart enough to tunnel their traffic at technical conferences :) > > > g > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk I'd cover how to convert keys from one format to another, viz openssh vs rfc vs? file permissions, possibly. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mwlucas at blackhelicopters.org Wed Jun 15 10:54:13 2011 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Wed, 15 Jun 2011 10:54:13 -0400 Subject: [nycbug-talk] OpenSSH book In-Reply-To: References: <4DE98F22.2050209@ceetonetechnology.com> <201106060855.36371.jhb@freebsd.org> <20110606132030.GA83211@bewilderbeast.blackhelicopters.org> <1C007D1B-729B-4087-824C-866B03F7947A@olivent.com> <4DED1F34.5040409@ceetonetechnology.com> Message-ID: <20110615145413.GA34397@bewilderbeast.blackhelicopters.org> One last post on this. Now looking for prepub reviewers. http://blather.michaelwlucas.com/archives/902 ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlucas at BlackHelicopters.org, Twitter @mwlauthor From jpb at jimby.name Mon Jun 20 22:24:37 2011 From: jpb at jimby.name (Jim B.) Date: Mon, 20 Jun 2011 22:24:37 -0400 Subject: [nycbug-talk] Binary Package Repos Help Needed Message-ID: <20110621022437.GA13366@jimby.name> Hi All, Can anyone advise me on the best location(s) to mirror just the binary package repos for DFly, Free, Net, and Open? Starting with Free, my rsync keeps crapping out: rsync -av ftp.cz.FreeBSD.org::pub/FreeBSD/ports/i386/packages/ \ /usr/home/jpb/Downloads/packages-FreeBSD-8.2-release The Czech mirror is the only one I can find that will let me mirror just the package repo, but about 100 or so files into the transfer, it craps out. Might be me, might be them. I dunno. Different every time. I do have enough disk space. I also need a good source for the package repos (only!) from the other projects. I'd be fine with weekly updates. Note- I don't need the ports collection- just binary packages or pkgsrc for i386 (32 bit) architecture only. Any help most appreciated! Cheers, Jim B. From george at ceetonetechnology.com Mon Jun 20 22:54:26 2011 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 20 Jun 2011 22:54:26 -0400 Subject: [nycbug-talk] Binary Package Repos Help Needed In-Reply-To: <20110621022437.GA13366@jimby.name> References: <20110621022437.GA13366@jimby.name> Message-ID: <4E0007E2.3020309@ceetonetechnology.com> On 06/20/11 22:24, Jim B. wrote: > Hi All, > > Can anyone advise me on the best location(s) to mirror > just the binary package repos for DFly, Free, Net, and Open? > > Starting with Free, my rsync keeps crapping out: > rsync -av ftp.cz.FreeBSD.org::pub/FreeBSD/ports/i386/packages/ \ > /usr/home/jpb/Downloads/packages-FreeBSD-8.2-release > > The Czech mirror is the only one I can find that will let me > mirror just the package repo, but about 100 or so files into > the transfer, it craps out. Might be me, might be them. I dunno. > Different every time. I do have enough disk space./ > > I also need a good source for the package repos (only!) from > the other projects. I'd be fine with weekly updates. > > Note- I don't need the ports collection- just binary packages > or pkgsrc for i386 (32 bit) architecture only. > > > Any help most appreciated! > Just on the FreeBSD rsync issue, it looks fine when I hit the UK rsync://rsync.mirrorservice.org/. But ftp in to check the path. . . my package path and syntax is different. I'm using: rsync -av rsync://rsync.mirrorservice.org:/pub/FreeBSD/ports/i386/packages-8-stable . Not sure about why you're getting dropped. . . maybe your ISP thinks your streaming video :) ftp13 in the US seems to be topping out at 30 connections. HTH g