From george at ceetonetechnology.com Mon Jan 2 12:03:26 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 02 Jan 2012 12:03:26 -0500 Subject: [nycbug-talk] Fwd: [announce] NYC*BUG This Wednesday: AWK In-Reply-To: <4F01E2EF.6090606@ceetonetechnology.com> References: <4F01E2EF.6090606@ceetonetechnology.com> Message-ID: <4F01E35E.2060207@ceetonetechnology.com> We are looking for more speakers for the February meeting. . . hit us on admin@ for proposals. -------- Original Message -------- Subject: [announce] NYC*BUG This Wednesday: AWK Date: Mon, 02 Jan 2012 12:01:35 -0500 Onward into the ninth year of NYC*BUG! * Wednesday January 4th Meeting * February Meeting Call for Presentations ***** January 04, 2012 Matthew Story on AWK 6:45 PM, Suspenders Restaurant backroom 111 Broadway in Manhattan Your developers came to you wanting to use a new programming framework they just saw on MTV. It only builds on Ubuntu, and requires some bleeding-edge ports only available as .deb packages, as well as some large rpm`s which for some reason only install via yum. Not to mention you run a largely *BSD environment, with a few Linux, Solaris, UNIX etc? boxes in the mix. This is the moment when you whip out awk(1), on any of your UNIX systems, and proceed to blow their minds. Bio Matthew Story is a software developer at Tablet Hotels, who regularly abuses tcp services for fun and profit. ***** Our February meeting will be on "BSD Networking Topics." We are looking for additional contributions on anything relevant to the day-to-day grind of using the BSDs in production network environments. Topics are expected to be short presentations on anything from useful scripts or configuration tweaks. Email your submission to admin@ to discuss further. We particularly encourage: * speakers who have not presented at NYC*BUG before * utilization of Unix as a tool kit of interoperability _______________________________________________ announce mailing list announce at lists.nycbug.org http://lists.nycbug.org/mailman/listinfo/announce From george at ceetonetechnology.com Thu Jan 5 09:46:24 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 05 Jan 2012 09:46:24 -0500 Subject: [nycbug-talk] two quick things Message-ID: <4F05B7C0.40003@ceetonetechnology.com> Excellent meeting last night. We should have the slides up on the web site today at some point. Also, way off-topic. . . In France the Academie Francais was created a few centuries back to unify and preserve the French language. So cognates or English are not used in technology. There are specific terms in French for everything from to connect (as in a cable) as "brancher." A network is "le cible." But there's one term I just learned which is an insane creation. . . for a network's DMZ, it's ADSL (or ADS-L) in French. Can you imagine troubleshooting an ADSL problem not knowing they meant a DMZ?? g (thanks Massimo. And good luck) From matt at tablethotels.com Thu Jan 5 11:47:20 2012 From: matt at tablethotels.com (Matthew Story) Date: Thu, 5 Jan 2012 11:47:20 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: <4F05B7C0.40003@ceetonetechnology.com> References: <4F05B7C0.40003@ceetonetechnology.com> Message-ID: Slides are viewable online here: https://docs.google.com/present/edit?id=0AfDUqFNz2o4eZGhoeDlnY3pfMTY2ZDJxY3B0Zmg Please submit any bugs you find in the talk to me, and I'll happily buy you a round at the next meeting. thanks for having me, -matt On Jan 5, 2012, at 9:46 AM, George Rosamond wrote: > Excellent meeting last night. We should have the slides up on the web site today at some point. > > Also, way off-topic. . . > > In France the Academie Francais was created a few centuries back to unify and preserve the French language. > > So cognates or English are not used in technology. There are specific terms in French for everything from to connect (as in a cable) as "brancher." A network is "le cible." > > But there's one term I just learned which is an insane creation. . . for a network's DMZ, it's ADSL (or ADS-L) in French. > > Can you imagine troubleshooting an ADSL problem not knowing they meant a DMZ?? > > g > > (thanks Massimo. And good luck) > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ike at blackskyresearch.net Thu Jan 5 11:50:03 2012 From: ike at blackskyresearch.net (Isaac Levy) Date: Thu, 5 Jan 2012 11:50:03 -0500 Subject: [nycbug-talk] January 2012 meeting audio Message-ID: <201201051651.q05Gp3p2027694@rs134.luxsci.com> Hi All, Our always-vigalant audo documentarian Nikolai was conspicuously missing last night, so an iPhone to the rescue. Audio of Matthew Story AWK presentation is online here: http://blackskyresearch.net/nycbug/nycbug20120104awk.mp3 I'll ping Nicolai off-list to see if he can snag the file to his archive, http://www.fetissov.org/public/nycbug/ Rocket- .ike From ike at blackskyresearch.net Thu Jan 5 14:28:53 2012 From: ike at blackskyresearch.net (Isaac Levy) Date: Thu, 5 Jan 2012 14:28:53 -0500 Subject: [nycbug-talk] Spitzer: Stevens?! Message-ID: <201201051929.q05JTDed020626@rs134.luxsci.com> Yo, Can you pass on a link to the new TCP/IP Illustrated books? Best, ike From george at ceetonetechnology.com Thu Jan 5 14:35:26 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 05 Jan 2012 14:35:26 -0500 Subject: [nycbug-talk] Spitzer: Stevens?! In-Reply-To: <201201051929.q05JTDed020626@rs134.luxsci.com> References: <201201051929.q05JTDed020626@rs134.luxsci.com> Message-ID: <4F05FB7E.7070908@ceetonetechnology.com> On 01/05/12 14:28, Isaac Levy wrote: > Yo, > > Can you pass on a link to the new TCP/IP Illustrated books? Assume you can find the internet address of a reputable book vendor online yourself. http://www.informit.com/store/product.aspx?isbn=0321336313 (informat is pearson is addison wesley etc) g From ike at blackskyresearch.net Thu Jan 5 15:21:12 2012 From: ike at blackskyresearch.net (Isaac Levy) Date: Thu, 5 Jan 2012 15:21:12 -0500 Subject: [nycbug-talk] Spitzer: Stevens?! In-Reply-To: <4F05FB7E.7070908@ceetonetechnology.com> References: <201201051929.q05JTDed020626@rs134.luxsci.com> <4F05FB7E.7070908@ceetonetechnology.com> Message-ID: <201201052022.q05KM4k1023905@rs134.luxsci.com> On Jan 5, 2012, at 2:35 PM, George Rosamond wrote: > On 01/05/12 14:28, Isaac Levy wrote: >> Yo, >> >> Can you pass on a link to the new TCP/IP Illustrated books? > > Assume you can find the internet address of a reputable book vendor online yourself. > > http://www.informit.com/store/product.aspx?isbn=0321336313 > > (informat is pearson is addison wesley etc) > > g Thanks- I came up with a ton of confusing info when searching for it, "he carefully explains Internet addressing in both IPv4 and IPv6 networks" That's the point I was looking for? /salute Best, .ike From matt at tablethotels.com Thu Jan 5 17:37:04 2012 From: matt at tablethotels.com (Matthew Story) Date: Thu, 5 Jan 2012 17:37:04 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: <20120105170733.GF22658@netmeister.org> References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> Message-ID: Decided to share a slick hack to cut the grep program out of the ps resulsts that Jan sent my way as a bug report ... this goes against what I said in the talk about there not being a way to do this with only 1 invocation of grep ... and is slick as hell (total nifty(1) fodder): On Jan 5, 2012, at 12:07 PM, Jan Schaumann wrote: > You want a [] in the grep to exclude the grep process itself. You also > want a \ to prevent termination of EOL: > > ps aux | grep runawa[y] | \ > awk '{print $2 }' | xargs kill -30 this seems to work for everything except ps aux | grep "gre[p]" From lists at eitanadler.com Thu Jan 5 17:42:29 2012 From: lists at eitanadler.com (Eitan Adler) Date: Thu, 5 Jan 2012 17:42:29 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> Message-ID: On Thu, Jan 5, 2012 at 5:37 PM, Matthew Story wrote: > Decided to share a slick hack to cut the grep program out of the ps resulsts that Jan sent my way as a bug report ... this goes against what I said in the talk about there not being a way to do this with only 1 invocation of grep ... and is slick as hell (total nifty(1) fodder): > ps aux | grep "gre[p]" or just use pgrep? -- Eitan Adler From matt at tablethotels.com Thu Jan 5 17:45:11 2012 From: matt at tablethotels.com (Matthew Story) Date: Thu, 5 Jan 2012 17:45:11 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> Message-ID: but my MacIntosh does not understand pgrep ... On Jan 5, 2012, at 5:42 PM, Eitan Adler wrote: > On Thu, Jan 5, 2012 at 5:37 PM, Matthew Story wrote: >> Decided to share a slick hack to cut the grep program out of the ps resulsts that Jan sent my way as a bug report ... this goes against what I said in the talk about there not being a way to do this with only 1 invocation of grep ... and is slick as hell (total nifty(1) fodder): > >> ps aux | grep "gre[p]" > > or just use pgrep? > > > > > -- > Eitan Adler > > From mspitzer at gmail.com Thu Jan 5 17:46:37 2012 From: mspitzer at gmail.com (Marc Spitzer) Date: Thu, 5 Jan 2012 17:46:37 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> Message-ID: install freebsd on it marc On Thu, Jan 5, 2012 at 5:45 PM, Matthew Story wrote: > but my MacIntosh does not understand pgrep ... > > On Jan 5, 2012, at 5:42 PM, Eitan Adler wrote: > >> On Thu, Jan 5, 2012 at 5:37 PM, Matthew Story wrote: >>> Decided to share a slick hack to cut the grep program out of the ps resulsts that Jan sent my way as a bug report ... this goes against what I said in the talk about there not being a way to do this with only 1 invocation of grep ... and is slick as hell (total nifty(1) fodder): >> >>> ps aux | grep "gre[p]" >> >> or just use pgrep? >> >> >> >> >> -- >> Eitan Adler >> >> > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk -- Freedom is nothing but a chance to be better. --Albert Camus ?The problem with socialism is that eventually you run out of other people's money. --Margaret Thatcher Do the arithmetic or be doomed to talk nonsense. --John McCarthy From lists at eitanadler.com Thu Jan 5 17:47:41 2012 From: lists at eitanadler.com (Eitan Adler) Date: Thu, 5 Jan 2012 17:47:41 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> Message-ID: On Thu, Jan 5, 2012 at 5:45 PM, Matthew Story wrote: > but my MacIntosh does not understand pgrep ... http://proctools.sourceforge.net/ ? -- Eitan Adler From mikel.king at olivent.com Thu Jan 5 20:34:33 2012 From: mikel.king at olivent.com (mikel king) Date: Thu, 5 Jan 2012 20:34:33 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> Message-ID: <9388A11D-6D65-47BE-84F6-57CF3E1007C3@olivent.com> On Jan 5, 2012, at 5:42 PM, Eitan Adler wrote: > On Thu, Jan 5, 2012 at 5:37 PM, Matthew Story wrote: >> Decided to share a slick hack to cut the grep program out of the ps resulsts that Jan sent my way as a bug report ... this goes against what I said in the talk about there not being a way to do this with only 1 invocation of grep ... and is slick as hell (total nifty(1) fodder): > >> ps aux | grep "gre[p]" > > or just use pgrep? > Or just not use grep at all. I use this one to capture PIDs of interest. Like to ensure that my rsync job to a specific host has only one job at a time. Substitute what ever entity you are searching for between the $0's and let awk work it's magick. ps ax | awk '$0~/rsync --stats -avzr /&&$0!~/awk/{print $1}'` Regards, Mikel King BSD News Network http://bsdnews.net skype: mikel.king http://twitter.com/mikelking -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at tablethotels.com Thu Jan 5 21:24:44 2012 From: matt at tablethotels.com (Matthew Story) Date: Thu, 5 Jan 2012 21:24:44 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: <9388A11D-6D65-47BE-84F6-57CF3E1007C3@olivent.com> References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> <9388A11D-6D65-47BE-84F6-57CF3E1007C3@olivent.com> Message-ID: <9FDA7353-263C-49B8-95C3-9F848CDA8FAD@tablethotels.com> > Or just not use grep at all. indeed ... for the uninitiated: http://partmaps.org/era/unix/award.html#grep > I use this one to capture PIDs of interest. Like to ensure that my rsync job to a specific host has only one job at a time. Substitute what ever entity you are searching for between the $0's and let awk work it's magick. If you really want to ensure that your rsync job to a specific host has only one job at a time ... use lockf (FreeBSD ... for linux I think it's flock, or you can use setlock if you're so inclined as to install daemontools). It's the simplest and most reliable way to guarantee exclusivity. lockf -t 0 -k /tmp/specific-hostname-rsync.lock rsync --stats -avzr ... If you are cool with failure on any given try (e.g. if the job runs every minute and might fail normally 5 or 6 times a day ...) check out the -s option which will make it silently fail. the awk one-liner has a race-condition if you're using it to detect exclusivity: ps ax | awk '/rsync --stats -avzr/ && /[a]wk/ { count++ } count > 1 { exit 1 }' && rsync --stats -avzr ... then you're exposing yourself to a (albeit unlikely) race condition From mikel.king at olivent.com Thu Jan 5 21:34:45 2012 From: mikel.king at olivent.com (mikel king) Date: Thu, 5 Jan 2012 21:34:45 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: <9FDA7353-263C-49B8-95C3-9F848CDA8FAD@tablethotels.com> References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> <9388A11D-6D65-47BE-84F6-57CF3E1007C3@olivent.com> <9FDA7353-263C-49B8-95C3-9F848CDA8FAD@tablethotels.com> Message-ID: <633E509F-0638-4452-AF44-F51BF52A7F78@olivent.com> On Jan 5, 2012, at 9:24 PM, Matthew Story wrote: > >> Or just not use grep at all. > > indeed ... for the uninitiated: http://partmaps.org/era/unix/award.html#grep > >> I use this one to capture PIDs of interest. Like to ensure that my rsync job to a specific host has only one job at a time. Substitute what ever entity you are searching for between the $0's and let awk work it's magick. > > If you really want to ensure that your rsync job to a specific host has only one job at a time ... use lockf (FreeBSD ... for linux I think it's flock, or you can use setlock if you're so inclined as to install daemontools). It's the simplest and most reliable way to guarantee exclusivity. > > lockf -t 0 -k /tmp/specific-hostname-rsync.lock rsync --stats -avzr ... > > If you are cool with failure on any given try (e.g. if the job runs every minute and might fail normally 5 or 6 times a day ...) check out the -s option which will make it silently fail. the awk one-liner has a race-condition if you're using it to detect exclusivity: > > ps ax | awk '/rsync --stats -avzr/ && /[a]wk/ { count++ } count > 1 { exit 1 }' && rsync --stats -avzr ... > > then you're exposing yourself to a (albeit unlikely) race condition Nice update. I use this method for more than rsyncs though. I just like to avoid using grep to search for something and the piping it into awk where possible. Especially since awk can do all the work in the first place. Cheers, m From jschauma at netmeister.org Thu Jan 5 21:39:59 2012 From: jschauma at netmeister.org (Jan Schaumann) Date: Thu, 5 Jan 2012 21:39:59 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: <9FDA7353-263C-49B8-95C3-9F848CDA8FAD@tablethotels.com> References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> <9388A11D-6D65-47BE-84F6-57CF3E1007C3@olivent.com> <9FDA7353-263C-49B8-95C3-9F848CDA8FAD@tablethotels.com> Message-ID: <20120106023959.GL22658@netmeister.org> Matthew Story wrote: > > > Or just not use grep at all. > > indeed ... for the uninitiated: http://partmaps.org/era/unix/award.html#grep On that occasion, I shall pimp my own "Useless Use of *" presentation I gave at SCALE back in 07: http://netmeister.org/misc/useless_use.pdf Based on the previous, obviously. -Jan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 478 bytes Desc: not available URL: From lists at eitanadler.com Thu Jan 5 21:50:31 2012 From: lists at eitanadler.com (Eitan Adler) Date: Thu, 5 Jan 2012 21:50:31 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: <20120106023959.GL22658@netmeister.org> References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> <9388A11D-6D65-47BE-84F6-57CF3E1007C3@olivent.com> <9FDA7353-263C-49B8-95C3-9F848CDA8FAD@tablethotels.com> <20120106023959.GL22658@netmeister.org> Message-ID: On Thu, Jan 5, 2012 at 9:39 PM, Jan Schaumann wrote: > Matthew Story wrote: >> >> > Or just not use grep at all. >> >> indeed ... for the uninitiated: http://partmaps.org/era/unix/award.html#grep > > On that occasion, I shall pimp my own "Useless Use of *" presentation I > gave at SCALE back in 07: > http://netmeister.org/misc/useless_use.pdf You have a useless use of awk here. awk '{print $2}' < file should be cut -d ' ' -f 2 file Generally it looks like a good presentation though. Wish I was there. -- Eitan Adler From matt at tablethotels.com Thu Jan 5 22:40:19 2012 From: matt at tablethotels.com (Matthew Story) Date: Thu, 5 Jan 2012 22:40:19 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> <9388A11D-6D65-47BE-84F6-57CF3E1007C3@olivent.com> <9FDA7353-263C-49B8-95C3-9F848CDA8FAD@tablethotels.com> <20120106023959.GL22658@netmeister.org> Message-ID: <65EDDA48-65B7-4825-B353-1C8AF5252603@tablethotels.com> the useless use of head, reminds me of my favorite quote from The UNIX Programming Environment ... With these ideas, it might seem sensible to write a program, called head, to print the first few lines of each filename argument. But sed 3q (or 10q) is so easy to type that we've never felt the need. ~ p.124 On Jan 5, 2012, at 9:50 PM, Eitan Adler wrote: > On Thu, Jan 5, 2012 at 9:39 PM, Jan Schaumann wrote: >> Matthew Story wrote: >>> >>>> Or just not use grep at all. >>> >>> indeed ... for the uninitiated: http://partmaps.org/era/unix/award.html#grep >> >> On that occasion, I shall pimp my own "Useless Use of *" presentation I >> gave at SCALE back in 07: >> http://netmeister.org/misc/useless_use.pdf > > You have a useless use of awk here. > > awk '{print $2}' < file > should be > cut -d ' ' -f 2 file > > Generally it looks like a good presentation though. Wish I was there. > > -- > Eitan Adler > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikel.king at olivent.com Thu Jan 5 22:48:46 2012 From: mikel.king at olivent.com (mikel king) Date: Thu, 5 Jan 2012 22:48:46 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: <65EDDA48-65B7-4825-B353-1C8AF5252603@tablethotels.com> References: <4F05B7C0.40003@ceetonetechnology.com> <20120105170733.GF22658@netmeister.org> <9388A11D-6D65-47BE-84F6-57CF3E1007C3@olivent.com> <9FDA7353-263C-49B8-95C3-9F848CDA8FAD@tablethotels.com> <20120106023959.GL22658@netmeister.org> <65EDDA48-65B7-4825-B353-1C8AF5252603@tablethotels.com> Message-ID: On Jan 5, 2012, at 10:40 PM, Matthew Story wrote: > the useless use of head, reminds me of my favorite quote from The UNIX Programming Environment ... > > With these ideas, it might seem sensible to write a program, called head, > to print the first few lines of each filename argument. But sed 3q (or 10q) > is so easy to type that we've never felt the need. > ~ p.124 =)) Love it thanks for sharing... m -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikel.king at olivent.com Fri Jan 6 10:52:30 2012 From: mikel.king at olivent.com (mikel king) Date: Fri, 6 Jan 2012 10:52:30 -0500 Subject: [nycbug-talk] Equipment recycling resources Message-ID: I have a client that has an excess of dead junk. As a result of their ecologically conscientiousness, I have been researching local recycling facilities. Currently, with the exception of rechargeable batteries, it is still legal for NYC residents to discard electronics in the trash until the year 2015. However, neither my client nor I feel that this is the responsible thing to do. http://www.nyc.gov/html/nycwasteless/html/stuff/harmful_hh_prod_electronics.shtml These are some of the companies that I have found so far. Has anyone had any experience with them? Does anyone know of others that I can add to the list? 4th Bin, Inc. Corporate Headquarters 708 3rd Ave., 6th Floor New York, NY, 10017 Call TOLL FREE: 855-ECYCLE1 ecyclenow at 4thbin.com Store47.com ATTN: Robert Migliorino 621 Fulton St. Farmingdale, NY 11735 631.643.1038 sales at store47.com http://www.store47.com Newtech Recycling Inc. 600A Apgar Drive, Somerset, NJ 08873 Phone:(732) 564 3110 Fax:(732) 469-8943 E-mail: info at newtechrecycling.com Jim Entwistle, President jim at newtechrecycling.com 732.564.3110 http://www.newtechrecycling.com Regards, Mikel King BSD News Network http://bsdnews.net skype: mikel.king http://twitter.com/mikelking -------------- next part -------------- An HTML attachment was scrubbed... URL: From mlists at konjz.org Fri Jan 6 11:08:03 2012 From: mlists at konjz.org (Bruno Scap) Date: Fri, 06 Jan 2012 11:08:03 -0500 Subject: [nycbug-talk] Equipment recycling resources In-Reply-To: References: Message-ID: <4F071C63.3010500@konjz.org> On 06/01/2012 10:52 AM, mikel king wrote: > I have a client that has an excess of dead junk. As a result of their > ecologically conscientiousness,I have been researching local recycling > facilities. Currently, with the exception of rechargeable batteries, it > is still legal for NYC residents to discard electronics in the trash > until the year 2015. However, neither my client nor I feel that this is > the responsible thing to do. > > http://www.nyc.gov/html/nycwasteless/html/stuff/harmful_hh_prod_electronics.shtml > > These are some of the companies that I have found so far. > > Has anyone had any experience with them? > > Does anyone know of others that I can add to the list? I recycled with http://www.lesecologycenter.org. Very easy, no hassle. Drive up, open the trunk and they take the junk. From bob at redivi.com Sat Jan 7 14:31:25 2012 From: bob at redivi.com (Bob Ippolito) Date: Sat, 7 Jan 2012 11:31:25 -0800 Subject: [nycbug-talk] Public-key sudo? Message-ID: I'm trying to catch up on the past few years of what's been happening with ops (ec2, puppet, chef, etc.) and I was wondering if public-key sudo has caught on at all? It annoys me every time I have to type in my password, and it bothers me more that it would be straightforward to lift my password in plaintext if I sudo on a compromised host. I started searching around and saw that there was a talk back in 2008 [1] that covers some implementation of this idea. I haven't listened to the talk yet, but is there an implementation available somewhere? Do people use it? On which platforms? Yes, I know I can avoid sudo altogether and just add my public key to root. [1] http://www.nycbug.org/index.php?NAV=Home;SUBM=10160 -bob -------------- next part -------------- An HTML attachment was scrubbed... URL: From pete at nomadlogic.org Sat Jan 7 14:42:36 2012 From: pete at nomadlogic.org (Pete Wright) Date: Sat, 07 Jan 2012 11:42:36 -0800 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: Message-ID: On Sat, 07 Jan 2012 11:31:25 -0800, Bob Ippolito wrote: > I'm trying to catch up on the past few years of what's been happening > with > ops (ec2, puppet, chef, etc.) and I was wondering if public-key sudo has > caught on at all? > > It annoys me every time I have to type in my password, and it bothers me > more that it would be straightforward to lift my password in plaintext > if I > sudo on a compromised host. I started searching around and saw that there > was a talk back in 2008 [1] that covers some implementation of this > idea. I > haven't listened to the talk yet, but is there an implementation > available > somewhere? Do people use it? On which platforms? > > Yes, I know I can avoid sudo altogether and just add my public key to > root. > > [1] http://www.nycbug.org/index.php?NAV=Home;SUBM=10160 michael lucas just did a write up on sudo auth via ssh-agent. this which i am working on implementing on my systems: http://blather.michaelwlucas.com/archives/1106 -pete -- Pete Wright pete at nomadlogic.org www.nomadlogic.org From jschauma at netmeister.org Sat Jan 7 14:47:27 2012 From: jschauma at netmeister.org (Jan Schaumann) Date: Sat, 7 Jan 2012 14:47:27 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: Message-ID: <20120107194726.GV22658@netmeister.org> Bob Ippolito wrote: > I'm trying to catch up on the past few years of what's been happening with > ops (ec2, puppet, chef, etc.) and I was wondering if public-key sudo has > caught on at all? Yahoo! recently started using a pam module to allow ssh-key authentication for sudo(8): http://pamsshagentauth.sourceforge.net/ I don't know if that is related to the project presented in 2008, though. -Jan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 478 bytes Desc: not available URL: From edlinuxguru at gmail.com Sat Jan 7 16:06:52 2012 From: edlinuxguru at gmail.com (Edward Capriolo) Date: Sat, 7 Jan 2012 16:06:52 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: <20120107194726.GV22658@netmeister.org> References: <20120107194726.GV22658@netmeister.org> Message-ID: I am a little bit curious about what people view as the distinction between: Force public key SSH and sudo NOPASSWD and Sudo using SSHAgent. I am doing the former in my deployment. I do not understand what advantage having sudo do an SSH auth would bring. On Sat, Jan 7, 2012 at 2:47 PM, Jan Schaumann wrote: > Bob Ippolito wrote: > > I'm trying to catch up on the past few years of what's been happening > with > > ops (ec2, puppet, chef, etc.) and I was wondering if public-key sudo has > > caught on at all? > > Yahoo! recently started using a pam module to allow ssh-key > authentication for sudo(8): > > http://pamsshagentauth.sourceforge.net/ > > I don't know if that is related to the project presented in 2008, > though. > > -Jan > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bob at redivi.com Sat Jan 7 16:31:30 2012 From: bob at redivi.com (Bob Ippolito) Date: Sat, 7 Jan 2012 13:31:30 -0800 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: <20120107194726.GV22658@netmeister.org> Message-ID: On Sat, Jan 7, 2012 at 1:06 PM, Edward Capriolo wrote: > I am a little bit curious about what people view as the distinction > between: > > Force public key SSH and sudo NOPASSWD and > Sudo using SSHAgent. > > I am doing the former in my deployment. I do not understand what advantage > having sudo do an SSH auth would bring. > Well, SSH agent can be better if you have it configured to ask for confirmation. It prevents a privilege escalation attack where the attacker gets at something running as my user and can get root just by executing sudo (if NOPASSWD). With SSH agent I would at least have to be connected with agent forwarding on, and if I'm paranoid and have confirmation turned on then the only way for them to escalate would be for me to confirm their request to use my agent (still a chance for human error). Of course if I have agent forwarding on without confirmation and the machine is compromised (root or my user), then I have a big problem. -bob -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhell at DataIX.net Sat Jan 7 19:49:08 2012 From: jhell at DataIX.net (Jason Hellenthal) Date: Sat, 7 Jan 2012 19:49:08 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: <20120107194726.GV22658@netmeister.org> Message-ID: <20120108004908.GA77400@DataIX.net> On Sat, Jan 07, 2012 at 04:06:52PM -0500, Edward Capriolo wrote: > I am a little bit curious about what people view as the distinction between: > > Force public key SSH and sudo NOPASSWD and > Sudo using SSHAgent. > > I am doing the former in my deployment. I do not understand what advantage > having sudo do an SSH auth would bring. I always find this to be amusing when people become lazy and do not want to type a password and would rather subvert the process by adding even more functionality that can be easily misunderstood and lead to breeches. Sudo already has the ability to adjust timeouts and such... Defaults timestamp_timeout = "180" Defaults !tty_tickets Defaults requiretty Defaults mail_badpass Defaults mail_no_host Defaults mail_no_perms Defaults mail_no_user With the right mix you may be able to get away with NOPASSWD using a combination with a users host. I don't see an advantage here besides "I don't have to type my password". Maybe pam_ssh.so PAM module could assist with this also... auth sufficient pam_ssh.so no_warn try_first_pass session optional pam_ssh.so > > On Sat, Jan 7, 2012 at 2:47 PM, Jan Schaumann wrote: > > > Bob Ippolito wrote: > > > I'm trying to catch up on the past few years of what's been happening > > with > > > ops (ec2, puppet, chef, etc.) and I was wondering if public-key sudo has > > > caught on at all? > > > > Yahoo! recently started using a pam module to allow ssh-key > > authentication for sudo(8): > > > > http://pamsshagentauth.sourceforge.net/ > > > > I don't know if that is related to the project presented in 2008, > > though. > > -- ;s =; -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 455 bytes Desc: not available URL: From edlinuxguru at gmail.com Sat Jan 7 20:25:31 2012 From: edlinuxguru at gmail.com (Edward Capriolo) Date: Sat, 7 Jan 2012 20:25:31 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: <20120108004908.GA77400@DataIX.net> References: <20120107194726.GV22658@netmeister.org> <20120108004908.GA77400@DataIX.net> Message-ID: It isn't lazyness. When I was "sold" on SSH keys the concept was that passwords are hard to rotate and not safe because people write them down on napkins, share them, etc. So since I have "bought into" this philosophy it seems contradictory to me to have sudo use a password. On Sat, Jan 7, 2012 at 7:49 PM, Jason Hellenthal wrote: > > > On Sat, Jan 07, 2012 at 04:06:52PM -0500, Edward Capriolo wrote: > > I am a little bit curious about what people view as the distinction > between: > > > > Force public key SSH and sudo NOPASSWD and > > Sudo using SSHAgent. > > > > I am doing the former in my deployment. I do not understand what > advantage > > having sudo do an SSH auth would bring. > > I always find this to be amusing when people become lazy and do not want > to type a password and would rather subvert the process by adding even more > functionality that can be easily misunderstood and lead to breeches. > > Sudo already has the ability to adjust timeouts and such... > Defaults timestamp_timeout = "180" > Defaults !tty_tickets > Defaults requiretty > Defaults mail_badpass > Defaults mail_no_host > Defaults mail_no_perms > Defaults mail_no_user > > With the right mix you may be able to get away with NOPASSWD using a > combination with a users host. > > I don't see an advantage here besides "I don't have to type my password". > > Maybe pam_ssh.so PAM module could assist with this also... > > auth sufficient pam_ssh.so no_warn > try_first_pass > session optional pam_ssh.so > > > > > On Sat, Jan 7, 2012 at 2:47 PM, Jan Schaumann >wrote: > > > > > Bob Ippolito wrote: > > > > I'm trying to catch up on the past few years of what's been happening > > > with > > > > ops (ec2, puppet, chef, etc.) and I was wondering if public-key sudo > has > > > > caught on at all? > > > > > > Yahoo! recently started using a pam module to allow ssh-key > > > authentication for sudo(8): > > > > > > http://pamsshagentauth.sourceforge.net/ > > > > > > I don't know if that is related to the project presented in 2008, > > > though. > > > > > -- > ;s =; > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pete at nomadlogic.org Sat Jan 7 20:29:24 2012 From: pete at nomadlogic.org (Pete Wright) Date: Sat, 07 Jan 2012 17:29:24 -0800 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: <20120108004908.GA77400@DataIX.net> References: <20120107194726.GV22658@netmeister.org> <20120108004908.GA77400@DataIX.net> Message-ID: On Sat, 07 Jan 2012 16:49:08 -0800, Jason Hellenthal wrote: > > > On Sat, Jan 07, 2012 at 04:06:52PM -0500, Edward Capriolo wrote: >> I am a little bit curious about what people view as the distinction >> between: >> >> Force public key SSH and sudo NOPASSWD and >> Sudo using SSHAgent. >> >> I am doing the former in my deployment. I do not understand what >> advantage >> having sudo do an SSH auth would bring. > > I always find this to be amusing when people become lazy and do not want > to type a password and would rather subvert the process by adding even > more functionality that can be easily misunderstood and lead to breeches. > > Sudo already has the ability to adjust timeouts and such... > Defaults timestamp_timeout = "180" > Defaults !tty_tickets > Defaults requiretty > Defaults mail_badpass > Defaults mail_no_host > Defaults mail_no_perms > Defaults mail_no_user > > With the right mix you may be able to get away with NOPASSWD using a > combination with a users host. > > I don't see an advantage here besides "I don't have to type my password". > > Maybe pam_ssh.so PAM module could assist with this also... > > auth sufficient pam_ssh.so no_warn > try_first_pass > session optional pam_ssh.so > >> michael lucas sum's up my thoughts on this pretty nicely: {quote} I have dozens of servers. They all have a central password provider (LDAP). They?re all secured, but I can?t guarantee that a script kiddie cannot crack them. This means I can?t truly trust my trusted servers. I really want to reduce how often I send my password onto a server. But I also need to require additional authentication for superuser activities, so using NOPASSWD in sudoers isn?t a real solution. By passing the sudo authentication back to my SSH agent, I reduce the number of times I must give my password to my hopefully-but-not-100%-certain-secure servers. I can also disable password access to sudo, so that even if someone steals my password, they can?t use it. (Yes, someone could possibly hijack my SSH agent socket, but that requires a level of skill beyond most script kiddies and raises the skill required for APT.) {quote} its the whole requiring an additional layer of security for sudo that i feel makes this a good solution. i really only feel NOPASSWORD is reserved for a last resort - for use by wrappers in automation scripts and the like. -pete -- Pete Wright pete at nomadlogic.org www.nomadlogic.org From pete at nomadlogic.org Sat Jan 7 20:32:30 2012 From: pete at nomadlogic.org (Pete Wright) Date: Sat, 07 Jan 2012 17:32:30 -0800 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: <20120107194726.GV22658@netmeister.org> <20120108004908.GA77400@DataIX.net> Message-ID: On Sat, 07 Jan 2012 17:25:31 -0800, Edward Capriolo wrote: > It isn't lazyness. When I was "sold" on SSH keys the concept was that > passwords are hard to rotate and not safe because people write them down > on > napkins, share them, etc. So since I have "bought into" this philosophy > it > seems contradictory to me to have sudo use a password. well your keys are locked with a password, aren't they? so i'm not sure that is a good argument to use ssh key based authentication... -p -- Pete Wright pete at nomadlogic.org www.nomadlogic.org From mspitzer at gmail.com Sat Jan 7 20:49:44 2012 From: mspitzer at gmail.com (Marc Spitzer) Date: Sat, 7 Jan 2012 20:49:44 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: <20120107194726.GV22658@netmeister.org> <20120108004908.GA77400@DataIX.net> Message-ID: On Sat, Jan 7, 2012 at 8:29 PM, Pete Wright wrote: > On Sat, 07 Jan 2012 16:49:08 -0800, Jason Hellenthal > wrote: > >> >> >> On Sat, Jan 07, 2012 at 04:06:52PM -0500, Edward Capriolo wrote: >>> >>> I am a little bit curious about what people view as the distinction >>> between: >>> >>> Force public key SSH and sudo NOPASSWD and >>> Sudo using SSHAgent. >>> >>> I am doing the former in my deployment. I do not understand what >>> advantage >>> having sudo do an SSH auth would bring. >> >> >> I always find this to be amusing when people become lazy and do not want >> to type a password and would rather subvert the process by adding even more >> functionality that can be easily misunderstood and lead to breeches. >> >> Sudo already has the ability to adjust timeouts and such... >> Defaults ? ? ? ?timestamp_timeout = "180" >> Defaults ? ? ? ?!tty_tickets >> Defaults ? ? ? ?requiretty >> Defaults ? ? ? ?mail_badpass >> Defaults ? ? ? ?mail_no_host >> Defaults ? ? ? ?mail_no_perms >> Defaults ? ? ? ?mail_no_user >> >> With the right mix you may be able to get away with NOPASSWD using a >> combination with a users host. >> >> I don't see an advantage here besides "I don't have to type my password". >> >> Maybe pam_ssh.so PAM module could assist with this also... >> >> auth ? ? ? ? ? sufficient ? ? ?pam_ssh.so ? ? ? ? ? ? ?no_warn >> try_first_pass >> session ? ? ? ?optional ? ? ? ?pam_ssh.so >> >>> > > michael lucas sum's up my thoughts on this pretty nicely: > > {quote} > I have dozens of servers. They all have a central password provider (LDAP). > They?re all secured, but I can?t guarantee that a script kiddie cannot crack > them. This means I can?t truly trust my trusted servers. I really want to > reduce how often I send my password onto a server. But I also need to > require additional authentication for superuser activities, so using > NOPASSWD in sudoers isn?t a real solution. By passing the sudo > authentication back to my SSH agent, I reduce the number of times I must > give my password to my hopefully-but-not-100%-certain-secure servers. I can > also disable password access to sudo, so that even if someone steals my > password, they can?t use it. (Yes, someone could possibly hijack my SSH > agent socket, but that requires a level of skill beyond most script kiddies > and raises the skill required for APT.) > {quote} > > its the whole requiring an additional layer of security for sudo that i feel > makes this a good solution. ?i really only feel NOPASSWORD is reserved for a > last resort - for use by wrappers in automation scripts and the like. > isn't this taken care of with kerberos? you type your password in once, for a configurable time period, and then the systems authenticate against your temporary kerberos granted credentials. marc -- Freedom is nothing but a chance to be better. --Albert Camus ?The problem with socialism is that eventually you run out of other people's money. --Margaret Thatcher Do the arithmetic or be doomed to talk nonsense. --John McCarthy From zippy1981 at gmail.com Sat Jan 7 21:17:43 2012 From: zippy1981 at gmail.com (Justin Dearing) Date: Sat, 7 Jan 2012 21:17:43 -0500 Subject: [nycbug-talk] Minor security bug fixed in putty 0.62 Message-ID: Hey all, In the same light of "what if a remote host is compromised" from the sudo thread on this list, putty was unnecessarily holding on to your password in memory. http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html Justin -------------- next part -------------- An HTML attachment was scrubbed... URL: From edlinuxguru at gmail.com Sun Jan 8 00:23:49 2012 From: edlinuxguru at gmail.com (Edward Capriolo) Date: Sun, 8 Jan 2012 00:23:49 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: <20120107194726.GV22658@netmeister.org> <20120108004908.GA77400@DataIX.net> Message-ID: You can tell people to lock their SSH keys keys with a password and store them on an encrypted drive, but counting on users is something I never do. People can strip the password encoded off a key, or chose to use some what ssh client that stores the key password in a non encrypted file. I used to like LDAP and Kerberos but a high percentage of admins hate LDAP auth. People who know LDAP and/or Kerberos are a serious minority. I have had the fight multiple times (the infamous LDAP is more more thing to break) argument. So I have moved on with my life. My argument is: I use SSH keys because the client server interaction is not based on short text strings that are easy to give away. I can push out keys to appropriate servers and control access. I definitely understand why people do not like NOPASSWD, but I just do not get having a password for sudo when it does not take one to get into the system. I do not count the password the user chose to lock there key as a password. On Sat, Jan 7, 2012 at 8:32 PM, Pete Wright wrote: > On Sat, 07 Jan 2012 17:25:31 -0800, Edward Capriolo > wrote: > > It isn't lazyness. When I was "sold" on SSH keys the concept was that >> passwords are hard to rotate and not safe because people write them down >> on >> napkins, share them, etc. So since I have "bought into" this philosophy it >> seems contradictory to me to have sudo use a password. >> > > well your keys are locked with a password, aren't they? so i'm not sure > that is a good argument to use ssh key based authentication... > > > -p > > -- > Pete Wright > pete at nomadlogic.org > www.nomadlogic.org > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ike at blackskyresearch.net Sun Jan 8 12:02:23 2012 From: ike at blackskyresearch.net (Isaac Levy) Date: Sun, 8 Jan 2012 12:02:23 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: Message-ID: <201201081703.q08H32ek009784@rs134.luxsci.com> This thread is a delightful can of worms, On Jan 7, 2012, at 2:31 PM, Bob Ippolito wrote: > I'm trying to catch up on the past few years of what's been happening with ops (ec2, puppet, chef, etc.) My initial response quickly turned into a 5-page diatribe on my experiences with puppet/chef, and ventured into stores about unicorns and goblins and all manner of dissapointments I've had to deal with living with them. (I've spared list from dealing with my grumpy flaming verbosity). With that, in the spirit of a question about public-key sudo, these tools all run very fast-n-loose, from a sanity/security perspective- affording different flavors of rapid deployment. From the ssh keys used by the puppet/chef processes, as they reach out to one's respective mothership, to the ssh keys they often deploy as they encompass user/group management as well- there's keys being deployed by daemons all over the place- a questionable practice. Yet, possibly acceptable in a given enviornment. Yet, since you mention ec2 here, I think it's worth noting there's one special concept in puppet/chef world that is often overlooked: Someone else has a super-superuser elsewhere- (even if that someone else is you, or a cloud provider- there is always some greater power to turn the server on/off and reset basic shell user/key/etc). Large server farms are also places where these tools have been a hit, and tht 'super-superuser' factor is typically the fact that admins have close physical access to the machines- (even over ipmi/console/etc). Long story short: I believe if you use these systems/config management tools, feel free to relax sudoers (no password for particular groups), but maintain stringent controls on your vm host, (ec2 console or scripts, jailing/xen hosts, even vmware hosts, etc?). On Jan 7, 2012, at 4:31 PM, Bob Ippolito wrote: > Of course if I have agent forwarding on without confirmation and the machine is compromised (root or my user), then I have a big problem. I even believe agent forewording is perhaps even a luxury Administrators of 'vm host' systems can't afford, specifically for this reason. IMHO The extra-cumbersome life of entering passwords, and keeping different passwords for classes of machines is cheap to live with, as long as it's applied to the most minimal 'core/critical' places. -- Relaxing sudoers really pales next to the cavernous security problems which puppet/chef introduce into your environment? (Like ruby/irb running as root, using passwordless ssh private keys, distributing user accounts ssh keys, ruby and libs which aren't signed, ability to perfom immeadiate updates severely hobbled or buried in rarely used utilities, etc?) > and I was wondering if public-key sudo has caught on at all? I've not seen it in the wild? However, it seems simpler and safer to me, to merely leverage users/groups, and give the groups you choose passwordless sudo privilige. > It annoys me every time I have to type in my password, and it bothers me more that it would be straightforward to lift my password in plaintext if I sudo on a compromised host. This issue has always bugged me to no end. However, for key-only ssh access, this problem is nicely mitigated- affording you time to change your password on other hosts, assuming the attacker isn't compromising your hosts through some mechansm that isn't ssh. > I started searching around and saw that there was a talk back in 2008 [1] that covers some implementation of this idea. I haven't listened to the talk yet, but is there an implementation available somewhere? Do people use it? On which platforms? > > Yes, I know I can avoid sudo altogether and just add my public key to root. Like AWS does for you right out the gate? /me smilewinces Rocket- .ike -------------- next part -------------- An HTML attachment was scrubbed... URL: From ike at blackskyresearch.net Sun Jan 8 12:08:22 2012 From: ike at blackskyresearch.net (Isaac Levy) Date: Sun, 8 Jan 2012 12:08:22 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: <20120107194726.GV22658@netmeister.org> <20120108004908.GA77400@DataIX.net> Message-ID: <201201081709.q08H92YL017227@rs134.luxsci.com> On Jan 8, 2012, at 12:23 AM, Edward Capriolo wrote: > You can tell people to lock their SSH keys keys with a password and store them on an encrypted drive, but counting on users is something I never do. > People can strip the password encoded off a key, or chose to use some what ssh client that stores the key password in a non encrypted file. Agreed, it's nearly a lost cause in the real world to trust this- even with extremely well-intentioned users. Per my sentiment earlier in this thread, separating trust/responsability is importnant. Trusting fellow Administrators to perform this basic task is something I've come to depend on, yet I agree, nearly impossible to expect of everyone with shells in an organization. Policy here is easy to roll out and enforce: create a culture of understanding *why* we all make sure we use ssh key passwords, (and don't store the password in silly places). -- What I find more fascinating, is that most developers and unix users *need* root/sudo to do our jobs these days, (hence the popularity of virtualized servers in various forms). From installing software, to restarting services- so much is so big and brittle. (When was the last time anyone tried to install some software package to their home directory, on a box where they did not have root/sudo privs?) Lots of this 'web-scale' software I've worked with in the last year is just so messy it's nearly impossible to work with it outside of this paradigm- frustrating. > I used to like LDAP and Kerberos but a high percentage of admins hate LDAP auth. People who know LDAP and/or Kerberos are a serious minority. I have had the fight multiple times (the infamous LDAP is more more thing to break) argument. So I have moved on with my life. > > My argument is: I use SSH keys because the client server interaction is not based on short text strings that are easy to give away. I can push out keys to appropriate servers and control access. > > I definitely understand why people do not like NOPASSWD, but I just do not get having a password for sudo when it does not take one to get into the system. I do not count the password the user chose to lock there key as a password. This whole thread didn't yet touch the 'muscle memory kills' problem which sudo w passwords mitigates, (e.g. the annoying pause before doing something potentially destructive, afforded by having to remember/type a password). hrm. Rocket- .ike -------------- next part -------------- An HTML attachment was scrubbed... URL: From ike at blackskyresearch.net Sun Jan 8 12:09:14 2012 From: ike at blackskyresearch.net (Isaac Levy) Date: Sun, 8 Jan 2012 12:09:14 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: Message-ID: <201201081710.q08HA3LE018951@rs134.luxsci.com> On Jan 7, 2012, at 2:31 PM, Bob Ippolito wrote: > happening with ops (ec2, puppet, chef, etc.) I believe it's well-worth bringing up cdist while you're up there: http://www.nico.schottelius.org/blog/migrating-away-from-puppet-to-cdist/ I've not used this tool, but at the very least, their list of items addressing fundamental design problems with puppet/chef is spot-on, IMHO. Best, .ike From mspitzer at gmail.com Sun Jan 8 16:18:39 2012 From: mspitzer at gmail.com (Marc Spitzer) Date: Sun, 8 Jan 2012 16:18:39 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: <201201081710.q08HA3LE018951@rs134.luxsci.com> References: <201201081710.q08HA3LE018951@rs134.luxsci.com> Message-ID: On Sun, Jan 8, 2012 at 12:09 PM, Isaac Levy wrote: > On Jan 7, 2012, at 2:31 PM, Bob Ippolito wrote: >> happening with ops (ec2, puppet, chef, etc.) > > I believe it's well-worth bringing up cdist while you're up there: > http://www.nico.schottelius.org/blog/migrating-away-from-puppet-to-cdist/ > > I've not used this tool, but at the very least, their list of items addressing fundamental design problems with puppet/chef is spot-on, IMHO. > > Best, > .ike that looks very useful thanks, marc -- Freedom is nothing but a chance to be better. --Albert Camus ?The problem with socialism is that eventually you run out of other people's money. --Margaret Thatcher Do the arithmetic or be doomed to talk nonsense. --John McCarthy From jschauma at netmeister.org Sun Jan 8 20:30:24 2012 From: jschauma at netmeister.org (Jan Schaumann) Date: Sun, 8 Jan 2012 20:30:24 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: <20120108004908.GA77400@DataIX.net> References: <20120107194726.GV22658@netmeister.org> <20120108004908.GA77400@DataIX.net> Message-ID: <20120109013024.GY22658@netmeister.org> Jason Hellenthal wrote: > I don't see an advantage here besides "I don't have to type my password". For starters / in addition to what others have already said, you don't have to actually have to _have_ a password hash sitting on the server in question. In some cases it's unacceptable to have your password hash be exposed to the host in question. -Jan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 478 bytes Desc: not available URL: From bob at redivi.com Sun Jan 8 21:37:33 2012 From: bob at redivi.com (Bob Ippolito) Date: Sun, 8 Jan 2012 18:37:33 -0800 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: <20120109013024.GY22658@netmeister.org> References: <20120107194726.GV22658@netmeister.org> <20120108004908.GA77400@DataIX.net> <20120109013024.GY22658@netmeister.org> Message-ID: On Sun, Jan 8, 2012 at 5:30 PM, Jan Schaumann wrote: > Jason Hellenthal wrote: > > > I don't see an advantage here besides "I don't have to type my password". > > For starters / in addition to what others have already said, you don't > have to actually have to _have_ a password hash sitting on the server in > question. In some cases it's unacceptable to have your password hash be > exposed to the host in question. Well, the password hash could be safely sitting in an LDAP server somewhere. The bigger issue is that the server that you're sudo-ing on gets your password in plaintext that could be snooped by a clever enough attacker with access to your pty or if they have superuser you've really lost because it would be even easier to get your password in plaintext by replacing the sudo binary or screwing with PAM. -bob -------------- next part -------------- An HTML attachment was scrubbed... URL: From bob at redivi.com Sun Jan 8 21:37:33 2012 From: bob at redivi.com (Bob Ippolito) Date: Sun, 8 Jan 2012 18:37:33 -0800 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: <20120109013024.GY22658@netmeister.org> References: <20120107194726.GV22658@netmeister.org> <20120108004908.GA77400@DataIX.net> <20120109013024.GY22658@netmeister.org> Message-ID: On Sun, Jan 8, 2012 at 5:30 PM, Jan Schaumann wrote: > Jason Hellenthal wrote: > > > I don't see an advantage here besides "I don't have to type my password". > > For starters / in addition to what others have already said, you don't > have to actually have to _have_ a password hash sitting on the server in > question. In some cases it's unacceptable to have your password hash be > exposed to the host in question. Well, the password hash could be safely sitting in an LDAP server somewhere. The bigger issue is that the server that you're sudo-ing on gets your password in plaintext that could be snooped by a clever enough attacker with access to your pty or if they have superuser you've really lost because it would be even easier to get your password in plaintext by replacing the sudo binary or screwing with PAM. -bob -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at tablethotels.com Sun Jan 8 21:48:00 2012 From: matt at tablethotels.com (Matthew Story) Date: Sun, 8 Jan 2012 21:48:00 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: <20120107194726.GV22658@netmeister.org> <20120108004908.GA77400@DataIX.net> <20120109013024.GY22658@netmeister.org> Message-ID: <97337746-1FAC-4282-BDFF-093D45DE90F9@tablethotels.com> On Jan 8, 2012, at 9:37 PM, Bob Ippolito wrote: > > > On Sun, Jan 8, 2012 at 5:30 PM, Jan Schaumann wrote: > Jason Hellenthal wrote: > > > I don't see an advantage here besides "I don't have to type my password". > > For starters / in addition to what others have already said, you don't > have to actually have to _have_ a password hash sitting on the server in > question. In some cases it's unacceptable to have your password hash be > exposed to the host in question. > > Well, the password hash could be safely sitting in an LDAP server somewhere. > > The bigger issue is that the server that you're sudo-ing on gets your password in plaintext that could be snooped by a clever enough attacker with access to your pty or if they have superuser you've really lost because it would be even easier to get your password in plaintext by replacing the sudo binary or screwing with PAM. if an attacker has access to a pty of your user ... even if you have password-less sudo, it would be simple enough for the attacker to write a sudo wrapper that throws an stty with a password prompt, and 99% of your users will follow their conditioning and type a password when sudo prompts for it, regardless of system setup. password is a flawed protocol, we have the tech to fix it, but until the social conditioning of providing a secret when asked is broken, this is all pretty meaningless. -matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at tablethotels.com Mon Jan 9 00:16:10 2012 From: matt at tablethotels.com (Matthew Story) Date: Mon, 9 Jan 2012 00:16:10 -0500 Subject: [nycbug-talk] two quick things In-Reply-To: References: <4F05B7C0.40003@ceetonetechnology.com> Message-ID: <516B9309-878E-48E3-8E1F-7D24DB4A4632@tablethotels.com> On Jan 5, 2012, at 11:47 AM, Matthew Story wrote: > Slides are viewable online here: > > https://docs.google.com/present/edit?id=0AfDUqFNz2o4eZGhoeDlnY3pfMTY2ZDJxY3B0Zmg > > Please submit any bugs you find in the talk to me, and I'll happily buy you a round at the next meeting. I have fixed a few bugs in the talk, some submitted, others found, and re-published the presentation. I'm sure there are yet more, and the offer for a free round still stands for any bug found. Notable Fixes: @slide.27 ... credit: Jan Schaumann < ps aux | grep "runaway" | awk '{ print $2 }' | xargs kill -30 > ps aux | grep "runawa[y]" | awk '{ print $2 }' | xargs kill -30 @slide.28 ... credit: Jan Schaumann < ps aux | awk '/runaway/ { print $2 }' | xargs kill -30 > ps aux | awk '/runawa[y]/ { print $2 }' | xargs kill -30 @slide.47 ... no-arguments in argv-list handling for Solaris Bourne shell < exec /usr/bin/awk -f "${0%/*}/table2json.awk" -- "$@" > exec /usr/bin/awk -f "${0%/*}/table2json.awk" -- ${1+"$@"} @slide.55 ... this wasn't actually producing a factorial, or an infinite loop ... now it does. < for (i=x;i>1;i++) y = y*i > for (i=x;i>1;i--) y = y*i -------------- next part -------------- An HTML attachment was scrubbed... URL: From bob at redivi.com Mon Jan 9 16:56:33 2012 From: bob at redivi.com (Bob Ippolito) Date: Mon, 9 Jan 2012 13:56:33 -0800 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: <201201081710.q08HA3LE018951@rs134.luxsci.com> References: <201201081710.q08HA3LE018951@rs134.luxsci.com> Message-ID: On Sun, Jan 8, 2012 at 9:09 AM, Isaac Levy wrote: > On Jan 7, 2012, at 2:31 PM, Bob Ippolito wrote: > > happening with ops (ec2, puppet, chef, etc.) > > I believe it's well-worth bringing up cdist while you're up there: > http://www.nico.schottelius.org/blog/migrating-away-from-puppet-to-cdist/ > > I've not used this tool, but at the very least, their list of items > addressing fundamental design problems with puppet/chef is spot-on, IMHO. > It does sound like cdist solves some of the fundamental issues with puppet/chef, but of course it creates different ones. The major reason I won't give cdist the time of day is that I really don't think that push from a laptop is the right model for configuration management. Having SSH be the only way to do something is also a bit of a liability, I've seen a few problems with our sshd recently (something to do with PAM, LDAP and some kind of resource leak). Fortunately those machines have IPMI, but for this new project I'll have a bunch of Mac Minis in production so no hardware LOM/IPMI will be available to help us. I do want to try and get security as right as is reasonable by default, which is why I was wondering about the sudo thing. I'm personally leaning towards having a non-password (and rarely used) root SSH login for administration rather than using sudo at all. In my experience the past few years, things that need root get done (or should've been done) from Puppet anyway. -bob -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Mon Jan 9 17:23:47 2012 From: chsnyder at gmail.com (Chris Snyder) Date: Mon, 9 Jan 2012 17:23:47 -0500 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: <201201081710.q08HA3LE018951@rs134.luxsci.com> Message-ID: On Mon, Jan 9, 2012 at 4:56 PM, Bob Ippolito wrote: > won't give cdist the time of day is that I really don't think that push from > a laptop is the right model for configuration management. Push from a dedicated Chromebook that is otherwise not connected to the internet or used for anything other than cdist sounds a lot more secure to me than having a master server that is always hanging out online waiting for an exploit. I, too, have a deep-seated aversion to push management, but cdist looks like it's just automating what I already do as a sysadmin. The simplicity of the approach is very compelling. From bob at redivi.com Mon Jan 9 18:01:28 2012 From: bob at redivi.com (Bob Ippolito) Date: Mon, 9 Jan 2012 15:01:28 -0800 Subject: [nycbug-talk] Public-key sudo? In-Reply-To: References: <201201081710.q08HA3LE018951@rs134.luxsci.com> Message-ID: On Mon, Jan 9, 2012 at 2:23 PM, Chris Snyder wrote: > On Mon, Jan 9, 2012 at 4:56 PM, Bob Ippolito wrote: > > > won't give cdist the time of day is that I really don't think that push > from > > a laptop is the right model for configuration management. > > Push from a dedicated Chromebook that is otherwise not connected to > the internet or used for anything other than cdist sounds a lot more > secure to me than having a master server that is always hanging out > online waiting for an exploit. > > I, too, have a deep-seated aversion to push management, but cdist > looks like it's just automating what I already do as a sysadmin. The > simplicity of the approach is very compelling. > The simplicity of the approach is great, but if anything goes wrong (and there are a million things that can), you are potentially fucked. Having done a lot of traveling over the past few years I can't imagine a reliably successful result when trying to do push management to servers in the US from a laptop in China. Even if the connection was stable I sure would be waiting a long time to do something to a few hundred machines in multiple data centers. Having a periodic and pull-based approach allows for convergence to happen even if there are transient problems of just about any kind. You can also scale it horizontally. Yes, you can scale push too, but it doesn't seem like it would be very simple to do with something like cdist. -bob -------------- next part -------------- An HTML attachment was scrubbed... URL: From bob at redivi.com Mon Jan 9 20:41:10 2012 From: bob at redivi.com (Bob Ippolito) Date: Mon, 9 Jan 2012 17:41:10 -0800 Subject: [nycbug-talk] Nix - purely functional package management Message-ID: I saw a presentation on Nix a few years ago at ICFP. Unlike most of the things you'd see at one of those academic conferences, it appears that they're actually maintaining this research project well beyond the proof of concept stage: http://nixos.org/ Has anyone else looked at this or tried it? Seems very interesting to me, would solve a few of the problems that I've had to deal with over the past few years. Of particular interest to me is Nix (package manager) and Nixpkgs (packages compatible with Nix). The selling points are: * Purely functional. Multiple versions of a package can co-exist on the same system. Results are always reproducible. Atomic commits and rollback possible, etc. * Cross-platform. They claim to support Linux, FreeBSD, OpenBSD, and Mac OS X. * Multi-user support. You can use it without root. * Can do fast upgrades by building from binaries and doing deltas from binaries. Obvious cons would be: * Bleeding edge * It's a research project * Seems to be pretty complicated source (perl, c, c++, automake, ?) Very ambitious project, and there are some other interesting things they're working on in conjunction with this stuff: a distributed service deployment system (Disnix), a continuous build system (Hydra), and a Nix-based Linux OS (NixOS). Might be a good replacement for something like homebrew. -bob -------------- next part -------------- An HTML attachment was scrubbed... URL: From nikolai at fetissov.org Tue Jan 10 09:18:03 2012 From: nikolai at fetissov.org (Nikolai Fetissov) Date: Tue, 10 Jan 2012 09:18:03 -0500 Subject: [nycbug-talk] January 2012 meeting audio In-Reply-To: <201201051651.q05Gp3p2027694@rs134.luxsci.com> References: <201201051651.q05Gp3p2027694@rs134.luxsci.com> Message-ID: <6fafe077a125e56f0cc91e5ffb330939.squirrel@geekisp.com> > Hi All, > > Our always-vigalant audo documentarian Nikolai was conspicuously missing > last night, so an iPhone to the rescue. > > Audio of Matthew Story AWK presentation is online here: > http://blackskyresearch.net/nycbug/nycbug20120104awk.mp3 > > I'll ping Nicolai off-list to see if he can snag the file to his archive, > http://www.fetissov.org/public/nycbug/ > > Rocket- > .ike > Folks, Re-posted Ike's recording of January meeting at: http://www.fetissov.org/public/nycbug/nycbug-01-04-12.mp3 Apologies for the long delay. -- Nikolai From mark.saad at ymail.com Tue Jan 10 11:34:56 2012 From: mark.saad at ymail.com (Mark Saad) Date: Tue, 10 Jan 2012 11:34:56 -0500 Subject: [nycbug-talk] FreeBSD 9.0 Network install Message-ID: Talk Talk talk, Has anyone tried to jumpstart FreeBSD 9.0 using either sysinstall or the new bsd-installer ? Are there any docs on automating the new installer anywhere ? -- Mark Saad | mark.saad at ymail.com From ike at blackskyresearch.net Tue Jan 10 11:43:33 2012 From: ike at blackskyresearch.net (Isaac Levy) Date: Tue, 10 Jan 2012 11:43:33 -0500 Subject: [nycbug-talk] January 2012 meeting audio In-Reply-To: <6fafe077a125e56f0cc91e5ffb330939.squirrel@geekisp.com> References: <201201051651.q05Gp3p2027694@rs134.luxsci.com> <6fafe077a125e56f0cc91e5ffb330939.squirrel@geekisp.com> Message-ID: <201201101644.q0AGi4EQ007411@rs134.luxsci.com> On Jan 10, 2012, at 9:18 AM, Nikolai Fetissov wrote: >> Hi All, >> >> Our always-vigalant audo documentarian Nikolai was conspicuously missing >> last night, so an iPhone to the rescue. >> >> Audio of Matthew Story AWK presentation is online here: >> http://blackskyresearch.net/nycbug/nycbug20120104awk.mp3 >> >> I'll ping Nicolai off-list to see if he can snag the file to his archive, >> http://www.fetissov.org/public/nycbug/ >> >> Rocket- >> .ike >> > > Folks, > > Re-posted Ike's recording of January meeting at: > http://www.fetissov.org/public/nycbug/nycbug-01-04-12.mp3 > > Apologies for the long delay. > -- > Nikolai Thanks Nikolai! Best, .ike From brett.mahar at gmx.com Tue Jan 10 21:04:04 2012 From: brett.mahar at gmx.com (Brett) Date: Wed, 11 Jan 2012 13:04:04 +1100 Subject: [nycbug-talk] January 2012 meeting audio Message-ID: <20120111130404.aadadb26.brett.mahar@gmx.com> >> so an iPhone to the rescue. Hi, I found the audio to be more listenable than some prior months. Maybe the iPhone can be used more often for recordings? Unless it is just less background noise than usual... Thanks! From matt at tablethotels.com Tue Jan 10 21:52:36 2012 From: matt at tablethotels.com (Matthew Story) Date: Tue, 10 Jan 2012 21:52:36 -0500 Subject: [nycbug-talk] January 2012 meeting audio In-Reply-To: <20120111130404.aadadb26.brett.mahar@gmx.com> References: <20120111130404.aadadb26.brett.mahar@gmx.com> Message-ID: <689FCA29-B034-4ECE-B411-72BC0736714A@tablethotels.com> On Jan 10, 2012, at 9:04 PM, Brett wrote: >>> so an iPhone to the rescue. > > Hi, > I found the audio to be more listenable than some prior months. Maybe the iPhone can be used more often for recordings? Unless it is just less background noise than usual... > Thanks! I believe there was a higher rate of audience sleeping at the January meetings than in the past. From mark.saad at ymail.com Thu Jan 12 12:29:39 2012 From: mark.saad at ymail.com (Mark Saad) Date: Thu, 12 Jan 2012 12:29:39 -0500 Subject: [nycbug-talk] FBI OpenBSD Backdoors and RSA Cipher Vulnerability [Part Deux] Message-ID: Talk Talk Talk When I was reading this on crypome.org I figured It was worth alerting you attention to it. Best quote IMHO " Ross Pirasteh, who was either the Prime Minister of Finance for the Shah of Iran or actually the Shah of Iran himself. As the story goes, Ross and his family were snuck out of Iran rolled up in Persian rugs just prior to or during the 1979 revolution headed by Ayatollah Ruhollah Khomeini" Original article http://cryptome.org/2012/01/0032.htm -- Mark Saad | mark.saad at ymail.com From mspitzer at gmail.com Fri Jan 13 00:07:00 2012 From: mspitzer at gmail.com (Marc Spitzer) Date: Fri, 13 Jan 2012 00:07:00 -0500 Subject: [nycbug-talk] Fwd: [nine-announce] HOPE Preregistration Now Open In-Reply-To: <20120112213757.GA89047@phalse.2600.COM> References: <20120112213757.GA89047@phalse.2600.COM> Message-ID: ---------- Forwarded message ---------- From: Hackers On Planet Earth Date: Thu, Jan 12, 2012 at 4:37 PM Subject: [nine-announce] HOPE Preregistration Now Open To: nine-announce at 2600.com Greetings, This is a reminder to let you know that we've opened up preregistration for HOPE Number Nine. We're now offering tickets for nearly 20 percent off the door price. You can go to http://store.2600.com/hopenumbernine.html to preregister. Tickets will be emailed to you starting later this month. Further details on the conference will be posted at our official website which is http://www.hopenumbernine.net - announcements will also be posted on this list. We will be opening up speaker submissions in the days ahead and there will be numerous opportunities to get involved if you want to play a part in organizing this fun event. Also, to add to the fun, we will be releasing online video of our third conference - H2K - which took place back in 2000. Videos will be released hour by hour starting at 10 am ET Friday morning and running into Sunday evening. You'll be able to find them at http://store.2600.com/h2kdvds.html throughout the weekend. HOPE Number Nine will be taking place from July 13th to July 15th, 2012. We hope to see you there! --- To unsubscribe from this list, send email to majordomo at 2600.com with 'unsubscribe nine-announce' (no quotes) in the body. Be sure to do this from the address that you're subscribed from. -- Freedom is nothing but a chance to be better. --Albert Camus ?The problem with socialism is that eventually you run out of other people's money. --Margaret Thatcher Do the arithmetic or be doomed to talk nonsense. --John McCarthy From nikolai at fetissov.org Fri Jan 13 11:13:11 2012 From: nikolai at fetissov.org (Nikolai Fetissov) Date: Fri, 13 Jan 2012 11:13:11 -0500 Subject: [nycbug-talk] January 2012 meeting audio In-Reply-To: <20120111130404.aadadb26.brett.mahar@gmx.com> References: <20120111130404.aadadb26.brett.mahar@gmx.com> Message-ID: <4dfb6c6ff5800c6366ed96299a11cab0.squirrel@www.geekisp.com> >>> so an iPhone to the rescue. > > Hi, > I found the audio to be more listenable than some prior months. Maybe the > iPhone can be used more often for recordings? Unless it is just less > background noise than usual... > Thanks! The mp3 file produced by iphone is at least three times larger then what I get off my voice recorder. Can't really afford taking that much space at my isp every time. -- Nikolai From george at ceetonetechnology.com Fri Jan 13 11:16:07 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 13 Jan 2012 11:16:07 -0500 Subject: [nycbug-talk] January 2012 meeting audio In-Reply-To: <4dfb6c6ff5800c6366ed96299a11cab0.squirrel@www.geekisp.com> References: <20120111130404.aadadb26.brett.mahar@gmx.com> <4dfb6c6ff5800c6366ed96299a11cab0.squirrel@www.geekisp.com> Message-ID: <4F1058C7.80204@ceetonetechnology.com> On 01/13/12 11:13, Nikolai Fetissov wrote: >>>> so an iPhone to the rescue. >> >> Hi, >> I found the audio to be more listenable than some prior months. Maybe the >> iPhone can be used more often for recordings? Unless it is just less >> background noise than usual... >> Thanks! > > The mp3 file produced by iphone is at least three times larger then what I > get off my voice recorder. Can't really afford taking that much space at > my isp every time. Nikolai has been doing this for *years*. I think everyone appreciates his efforts, and consistent lower-quality beats periodic and too large high-quality IMHO. g From brett.mahar at gmx.com Sat Jan 14 07:21:32 2012 From: brett.mahar at gmx.com (Brett) Date: Sat, 14 Jan 2012 23:21:32 +1100 Subject: [nycbug-talk] January 2012 meeting audio In-Reply-To: References: Message-ID: <20120114232132.8e961e6a.brett.mahar@gmx.com> > > On 01/13/12 11:13, Nikolai Fetissov wrote: > >>>> so an iPhone to the rescue. > >> > >> Hi, > >> I found the audio to be more listenable than some prior months. Maybe the > >> iPhone can be used more often for recordings? Unless it is just less > >> background noise than usual... > >> Thanks! > > > > The mp3 file produced by iphone is at least three times larger then what I > > get off my voice recorder. Can't really afford taking that much space at > > my isp every time. > > Nikolai has been doing this for *years*. > > I think everyone appreciates his efforts, and consistent lower-quality > beats periodic and too large high-quality IMHO. > > g > Hope my original post didn't come across as sounding ungrateful. I would rather have lower-quality than nothing, and thanks for all the recordings! From george at ceetonetechnology.com Tue Jan 17 09:20:41 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 17 Jan 2012 09:20:41 -0500 Subject: [nycbug-talk] After the floods: hard drives Message-ID: <4F1583B9.3010906@ceetonetechnology.com> Any decent outlets for getting hard drives after the floods in Thailand? Pricewatch.com has pre-flood pricing on drives, but they are all dead links and/or refurbished. . . George From ike at blackskyresearch.net Tue Jan 17 09:33:53 2012 From: ike at blackskyresearch.net (Isaac Levy) Date: Tue, 17 Jan 2012 09:33:53 -0500 Subject: [nycbug-talk] After the floods: hard drives In-Reply-To: <4F1583B9.3010906@ceetonetechnology.com> References: <4F1583B9.3010906@ceetonetechnology.com> Message-ID: <201201171434.q0HEY2En031149@rs134.luxsci.com> On Jan 17, 2012, at 9:20 AM, George Rosamond wrote: > Any decent outlets for getting hard drives after the floods in Thailand? > > Pricewatch.com has pre-flood pricing on drives, but they are all dead links and/or refurbished. . . > > George Depends on the drives you want- I've had no problem getting at drives through various online vendors, (bounce from pricewatch, general searches, etc?), they're all just 200-300% the cost, depending? Best, .ike From george at ceetonetechnology.com Tue Jan 17 09:35:59 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 17 Jan 2012 09:35:59 -0500 Subject: [nycbug-talk] After the floods: hard drives In-Reply-To: <201201171434.q0HEY2En031149@rs134.luxsci.com> References: <4F1583B9.3010906@ceetonetechnology.com> <201201171434.q0HEY2En031149@rs134.luxsci.com> Message-ID: <4F15874F.2020105@ceetonetechnology.com> On 01/17/12 09:33, Isaac Levy wrote: > On Jan 17, 2012, at 9:20 AM, George Rosamond wrote: > >> Any decent outlets for getting hard drives after the floods in Thailand? >> >> Pricewatch.com has pre-flood pricing on drives, but they are all dead links and/or refurbished. . . >> >> George > > Depends on the drives you want- I've had no problem getting at drives through various online vendors, (bounce from pricewatch, general searches, etc?), they're all just 200-300% the cost, depending? > Oh, yeah. I know the drives are available. .. it's a question of cost. Don't want to dump $300 on 2tb SATA drives when they were $85 not too long ago. Wonder to what extent there's real or false scarcity in the big picture. g From matthewstory at gmail.com Tue Jan 17 10:20:11 2012 From: matthewstory at gmail.com (Matthew Story) Date: Tue, 17 Jan 2012 10:20:11 -0500 Subject: [nycbug-talk] postgres 9.2 potentially adding JSON support (Re: James Lowden on Free Database Systems: What They Should Be, And Why You Should Care) Message-ID: via .ike (off list, mostly for the comments section, which is a heck of a read on this guy): http://arstechnica.com/business/news/2012/01/native-json-features-submitted-for-postgresql-92.ars wondering if this is closer or further away from the aims proposed in James Lowden's talk. not implementing json as a wire-protocol (via front-counting, or some termination bit), just implementing ability to fetch results in json, or store values from a json string, ala the ever-famous CouchDB. -- regards, matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikel.king at olivent.com Tue Jan 17 10:31:33 2012 From: mikel.king at olivent.com (mikel king) Date: Tue, 17 Jan 2012 10:31:33 -0500 Subject: [nycbug-talk] SOPA DOA Message-ID: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> Some good news for a change. Obama Says So Long SOPA, Killing Controversial Internet Piracy Legislation http://onforb.es/zcgtED From george at ceetonetechnology.com Tue Jan 17 10:38:25 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 17 Jan 2012 10:38:25 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> Message-ID: <4F1595F1.9010203@ceetonetechnology.com> On 01/17/12 10:31, mikel king wrote: > Some good news for a change. > > Obama Says So Long SOPA, Killing Controversial Internet Piracy Legislation http://onforb.es/zcgtED SOPA might be dead, but PIPA isn't. And it seems that legislative justification for IP stuff is secondary to the practice. There's so much happening around this outside and beyond of SOPA/PIPA that I'm beginning to think SOPA was a decoy. Note the pressure the US is putting on other countries to implement IP laws. g From edlinuxguru at gmail.com Tue Jan 17 10:57:34 2012 From: edlinuxguru at gmail.com (Edward Capriolo) Date: Tue, 17 Jan 2012 10:57:34 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> Message-ID: I did not read into SOPA beyond a glance, so I am not saying I agree or disagree with it. But I recently spent 9 months of my life writing a book. I sold 400 copies up to Q3 this year. I checked some USENET stats for number of times my book was illegally downloaded just a couple weeks after it came out. It was over 300,000. I can find thousands of sites to illegally download it from. It would be nice if I could just get $1 ( about 0.025% the cover price) from each person that illegally downloaded my book. Not saying that I am super brilliant or deserve to be rich, but what is fair is fair. You download my book I should get SOMETHING for it. On Tue, Jan 17, 2012 at 10:31 AM, mikel king wrote: > Some good news for a change. > > Obama Says So Long SOPA, Killing Controversial Internet Piracy Legislation > http://onforb.es/zcgtED > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at dixongroup.net Tue Jan 17 11:04:01 2012 From: jason at dixongroup.net (Jason Dixon) Date: Tue, 17 Jan 2012 11:04:01 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> Message-ID: <20120117160401.GF11365@dixongroup.net> This has NOTHING to do with SOPA. -J. On Tue, Jan 17, 2012 at 10:57:34AM -0500, Edward Capriolo wrote: > I did not read into SOPA beyond a glance, so I am not saying I agree or > disagree with it. But I recently spent 9 months of my life writing a book. > I sold 400 copies up to Q3 this year. > > I checked some USENET stats for number of times my book was illegally > downloaded just a couple weeks after it came out. It was over 300,000. I > can find thousands of sites to illegally download it from. > > It would be nice if I could just get $1 ( about 0.025% the cover price) > from each person that illegally downloaded my book. > > Not saying that I am super brilliant or deserve to be rich, but what is > fair is fair. You download my book I should get SOMETHING for it. > > On Tue, Jan 17, 2012 at 10:31 AM, mikel king wrote: > > > Some good news for a change. > > > > Obama Says So Long SOPA, Killing Controversial Internet Piracy Legislation > > http://onforb.es/zcgtED > > _______________________________________________ > > talk mailing list > > talk at lists.nycbug.org > > http://lists.nycbug.org/mailman/listinfo/talk > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/ From edlinuxguru at gmail.com Tue Jan 17 11:08:11 2012 From: edlinuxguru at gmail.com (Edward Capriolo) Date: Tue, 17 Jan 2012 11:08:11 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: <20120117160401.GF11365@dixongroup.net> References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> <20120117160401.GF11365@dixongroup.net> Message-ID: http://en.wikipedia.org/wiki/Stop_Online_Piracy_Act The originally proposed bill would allow the U.S. Department of Justice, as well as copyright holders, to seek court orders against websites accused of enabling or facilitating copyright infringement. The bill would make unauthorized streaming of copyrighted content a crime, It sounds like that is exactly what it is about, Protecting copyrights, or are you saying it only protects "streaming" data? On Tue, Jan 17, 2012 at 11:04 AM, Jason Dixon wrote: > This has NOTHING to do with SOPA. > > -J. > > On Tue, Jan 17, 2012 at 10:57:34AM -0500, Edward Capriolo wrote: > > I did not read into SOPA beyond a glance, so I am not saying I agree or > > disagree with it. But I recently spent 9 months of my life writing a > book. > > I sold 400 copies up to Q3 this year. > > > > I checked some USENET stats for number of times my book was illegally > > downloaded just a couple weeks after it came out. It was over 300,000. I > > can find thousands of sites to illegally download it from. > > > > It would be nice if I could just get $1 ( about 0.025% the cover price) > > from each person that illegally downloaded my book. > > > > Not saying that I am super brilliant or deserve to be rich, but what is > > fair is fair. You download my book I should get SOMETHING for it. > > > > On Tue, Jan 17, 2012 at 10:31 AM, mikel king > wrote: > > > > > Some good news for a change. > > > > > > Obama Says So Long SOPA, Killing Controversial Internet Piracy > Legislation > > > http://onforb.es/zcgtED > > > _______________________________________________ > > > talk mailing list > > > talk at lists.nycbug.org > > > http://lists.nycbug.org/mailman/listinfo/talk > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nycbug.org > > http://lists.nycbug.org/mailman/listinfo/talk > > > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikel.king at olivent.com Tue Jan 17 11:25:27 2012 From: mikel.king at olivent.com (mikel king) Date: Tue, 17 Jan 2012 11:25:27 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> Message-ID: <10A9C106-0C71-492E-B0A2-163D23F27C32@olivent.com> On Jan 17, 2012, at 10:57 AM, Edward Capriolo wrote: > I did not read into SOPA beyond a glance, so I am not saying I agree or disagree with it. But I recently spent 9 months of my life writing a book. > I sold 400 copies up to Q3 this year. > > I checked some USENET stats for number of times my book was illegally downloaded just a couple weeks after it came out. It was over 300,000. I can find thousands of sites to illegally download it from. > > It would be nice if I could just get $1 ( about 0.025% the cover price) from each person that illegally downloaded my book. > > Not saying that I am super brilliant or deserve to be rich, but what is fair is fair. You download my book I should get SOMETHING for it. > > On Tue, Jan 17, 2012 at 10:31 AM, mikel king wrote: > Some good news for a change. > > Obama Says So Long SOPA, Killing Controversial Internet Piracy Legislation http://onforb.es/zcgtED SOPA & PIPA were drafted to address this sort of issue but the broad scope power that it gave copyright holders and the government were seriously out of line. If PIPA dies next week I am sure that these two proposals will be re-envisoined, hopefully into something more sensible. m From george at ceetonetechnology.com Tue Jan 17 11:32:50 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 17 Jan 2012 11:32:50 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: <10A9C106-0C71-492E-B0A2-163D23F27C32@olivent.com> References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> <10A9C106-0C71-492E-B0A2-163D23F27C32@olivent.com> Message-ID: <4F15A2B2.30005@ceetonetechnology.com> On 01/17/12 11:25, mikel king wrote: > > On Jan 17, 2012, at 10:57 AM, Edward Capriolo wrote: > >> I did not read into SOPA beyond a glance, so I am not saying I agree or disagree with it. But I recently spent 9 months of my life writing a book. >> I sold 400 copies up to Q3 this year. >> >> I checked some USENET stats for number of times my book was illegally downloaded just a couple weeks after it came out. It was over 300,000. I can find thousands of sites to illegally download it from. >> >> It would be nice if I could just get $1 ( about 0.025% the cover price) from each person that illegally downloaded my book. >> >> Not saying that I am super brilliant or deserve to be rich, but what is fair is fair. You download my book I should get SOMETHING for it. >> >> On Tue, Jan 17, 2012 at 10:31 AM, mikel king wrote: >> Some good news for a change. >> >> Obama Says So Long SOPA, Killing Controversial Internet Piracy Legislation http://onforb.es/zcgtED > > SOPA& PIPA were drafted to address this sort of issue but the broad scope power that it gave copyright holders and the government were seriously out of line. If PIPA dies next week I am sure that these two proposals will be re-envisoined, hopefully into something more sensible. Yeah, sorry Ed. Don't think this legislation nor the general 'protection of IP' measures had people like you in mind. :) Fundamentally, these acts are measures to undercut the semblance of neutrality on the internet. I would even say it's a move to "balkanizing" the internet beyond what anyone would have ever envisioned. The major questions are around control of DNS and a guilty before even charged enforcement. There's a reason why the brunt of internet businesses are against it. g From pete at nomadlogic.org Tue Jan 17 18:33:20 2012 From: pete at nomadlogic.org (Pete Wright) Date: Tue, 17 Jan 2012 15:33:20 -0800 Subject: [nycbug-talk] SOPA DOA In-Reply-To: References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> <20120117160401.GF11365@dixongroup.net> Message-ID: <20120117233318.GG63149@arp.nomadlogic.org> On Tue, Jan 17, 2012 at 11:08:11AM -0500, Edward Capriolo wrote: > http://en.wikipedia.org/wiki/Stop_Online_Piracy_Act > > The originally proposed bill would allow the U.S. Department of Justice, as > well as copyright holders, to seek court orders against websites accused of > enabling or facilitating copyright infringement. > > The bill would make unauthorized streaming of copyrighted content a crime, > > It sounds like that is exactly what it is about, Protecting copyrights, or > are you saying it only protects "streaming" data? > i think if you do a little research into SOPA you will find that not only is the bill a misguided attempt to stop "piracy" - but is a pretty blatant attempt to break DNS and the foundation of how the internet works on a fundemental level. regarding "piracy" - i've worked for alot of the companies that back SOPA (film studios, video game studios etc...) and frankly i really don't feel bad for them. to sink over a year of your life into a game, see it be a block-buster (cough MW2) then to have your employer *not* give you a raise is pretty dispicable, or in the case of film - to get laid off right at the end of production - is aweful. all this legal wrangling (DMCAA, SOPA...etc...) is just the major stake holders trying to keep costs down while trying to delay the major cultural changes that need to happen in these organizations to deal with the internet. -pete -- Pete Wright pete at nomadlogic.org From mwlucas at blackhelicopters.org Tue Jan 17 11:34:17 2012 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Tue, 17 Jan 2012 11:34:17 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> Message-ID: <20120117163417.GA96306@bewilderbeast.blackhelicopters.org> On Tue, Jan 17, 2012 at 10:57:34AM -0500, Edward Capriolo wrote: > I did not read into SOPA beyond a glance, so I am not saying I agree or > disagree with it. But I recently spent 9 months of my life writing a book. > I sold 400 copies up to Q3 this year. > > I checked some USENET stats for number of times my book was illegally > downloaded just a couple weeks after it came out. It was over 300,000. I > can find thousands of sites to illegally download it from. > > It would be nice if I could just get $1 ( about 0.025% the cover price) > from each person that illegally downloaded my book. > > Not saying that I am super brilliant or deserve to be rich, but what is > fair is fair. You download my book I should get SOMETHING for it. Edward, I feel your pain. I really do. At my best guess, unlicensed downloads have cut my writing income by about %40 -- assuming that I haven't expanded my audience and that my books have not gotten worse with time. But SOPA and PIPA were lousy tools for eliminating unlicensed downloads. The real problem is more insidious. At a conference several years ago, a young man made a point of telling me that "Absolute BSD" helped him stand up several dozen servers and he was now printing money as a result. He wanted to thank me. That's always nice to hear. I thanked him for buying my book. He said that he had downloaded it for free, but that he'd now go buy a copy. I was stunned, and let him walk away, alive, with all his limbs and everything. (I'll be more prepared next time.) As long as people think that this stuff should be free, and as long as people invest time in bypassing access controls, no technological means will prevent unlicensed downloads. The same tools that let people escape government censorship can be applied directly to books. I've forced myself to accept that helping Tibetans escape tyrrany is more important than my income. But I don't have to like it. If current trends continue, I'll probably stop writing tech books at some point in the next ten years. If I'm not going to get paid to write, and I cannot cure this sick compulsion to write, I might as well write what I find most easy and fun. ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlucas at BlackHelicopters.org, Twitter @mwlauthor From spork at bway.net Tue Jan 17 11:35:59 2012 From: spork at bway.net (Charles Sprickman) Date: Tue, 17 Jan 2012 11:35:59 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: <10A9C106-0C71-492E-B0A2-163D23F27C32@olivent.com> References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> <10A9C106-0C71-492E-B0A2-163D23F27C32@olivent.com> Message-ID: On Jan 17, 2012, at 11:25 AM, mikel king wrote: > > On Jan 17, 2012, at 10:57 AM, Edward Capriolo wrote: > >> I did not read into SOPA beyond a glance, so I am not saying I agree or disagree with it. But I recently spent 9 months of my life writing a book. >> I sold 400 copies up to Q3 this year. >> >> I checked some USENET stats for number of times my book was illegally downloaded just a couple weeks after it came out. It was over 300,000. I can find thousands of sites to illegally download it from. >> >> It would be nice if I could just get $1 ( about 0.025% the cover price) from each person that illegally downloaded my book. >> >> Not saying that I am super brilliant or deserve to be rich, but what is fair is fair. You download my book I should get SOMETHING for it. >> >> On Tue, Jan 17, 2012 at 10:31 AM, mikel king wrote: >> Some good news for a change. >> >> Obama Says So Long SOPA, Killing Controversial Internet Piracy Legislation http://onforb.es/zcgtED > > SOPA & PIPA were drafted to address this sort of issue but the broad scope power that it gave copyright holders and the government were seriously out of line. Additionally it's basically the MPAA and RIAA getting the taxpayers to shoulder the cost of enforcing their copyrights. I have some serious misgivings about that. If you're business model is failing and civil actions are not enough to protect it, perhaps it's time to rethink your business model (IMHO, of course). The large content distributors I think are more scared of things like this than piracy: https://buy.louisck.net/news Look who's missing revenue in that situation... Charles > If PIPA dies next week I am sure that these two proposals will be re-envisoined, hopefully into something more sensible. > > m > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From edlinuxguru at gmail.com Tue Jan 17 12:36:05 2012 From: edlinuxguru at gmail.com (Edward Capriolo) Date: Tue, 17 Jan 2012 12:36:05 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: <20120117163417.GA96306@bewilderbeast.blackhelicopters.org> References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> <20120117163417.GA96306@bewilderbeast.blackhelicopters.org> Message-ID: On Tue, Jan 17, 2012 at 11:34 AM, Michael W. Lucas < mwlucas at blackhelicopters.org> wrote: > On Tue, Jan 17, 2012 at 10:57:34AM -0500, Edward Capriolo wrote: > > I did not read into SOPA beyond a glance, so I am not saying I agree or > > disagree with it. But I recently spent 9 months of my life writing a > book. > > I sold 400 copies up to Q3 this year. > > > > I checked some USENET stats for number of times my book was illegally > > downloaded just a couple weeks after it came out. It was over 300,000. I > > can find thousands of sites to illegally download it from. > > > > It would be nice if I could just get $1 ( about 0.025% the cover price) > > from each person that illegally downloaded my book. > > > > Not saying that I am super brilliant or deserve to be rich, but what is > > fair is fair. You download my book I should get SOMETHING for it. > > > Edward, > > I feel your pain. I really do. > > At my best guess, unlicensed downloads have cut my writing income by > about %40 -- assuming that I haven't expanded my audience and that my > books have not gotten worse with time. But SOPA and PIPA were lousy > tools for eliminating unlicensed downloads. > > The real problem is more insidious. > > At a conference several years ago, a young man made a point of telling > me that "Absolute BSD" helped him stand up several dozen servers and > he was now printing money as a result. He wanted to thank me. That's > always nice to hear. I thanked him for buying my book. He said that > he had downloaded it for free, but that he'd now go buy a copy. I was > stunned, and let him walk away, alive, with all his limbs and > everything. (I'll be more prepared next time.) > > As long as people think that this stuff should be free, and as long as > people invest time in bypassing access controls, no technological > means will prevent unlicensed downloads. > > The same tools that let people escape government censorship can be > applied directly to books. I've forced myself to accept that helping > Tibetans escape tyrrany is more important than my income. But I don't > have to like it. > > If current trends continue, I'll probably stop writing tech books at > some point in the next ten years. If I'm not going to get paid to > write, and I cannot cure this sick compulsion to write, I might as > well write what I find most easy and fun. > > ==ml > > -- > Michael W. Lucas > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ > mwlucas at BlackHelicopters.org, Twitter @mwlauthor > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > @Michael I feel your pain :) I heard of a musical artist, that his friends told him he was so great he should quit his job to pursue his music full time. After he did that the same people were streaming illegal copies of his music on myspace! Also had a class in college, the book was written by the professor, and someone came in with a photocopied version of the book! Here is my dumb story: I am not a copyright owner of my book (the publishing company is) but I get royalties. Financially, if someone infringes on my copyright I lose money. As I mentioned I knew when I wrote this book that I was never going to be a millionaire from it's proceeds. However, I would like to make all the money from it I deserve. If you were to google the name of my book, by putting into google search: "high performance cassandra cookbook download pdf" You would find the top result is legitimate. The next 6 results are from these network of mirror sites. bookf.net, filestube.com, hotfilesearch.com, www.downloadpdffree.com, there are 10 pages. Likely they are 90% populated with illegal copies, because obviously there is some mirror network. Now besides the fact that none of these sites have the right to sell/give away copies of my book, they are also serving ads and making money on page views and clicks. Write my prospective this just stinks. What can I do? Find a lawyer and try to go after every site in this worldwide mirror network? Yea right. I can not "fight back" and issue a DDOS attack or something because then I am in the wrong. One of the things that made the United States a super power was the power of our patent office and power to enforce copyrights. It rewards the inventor and the innovator. In a nutshell, it is the driving force behind capitalism. I think a few people have chimed in and really illustrated that piracy really cripples the innovator, and as you can see we are really helpless to protect ourselves. Now I worked at a data center. I know I would not want the government to kick down the door and seize every computer in the shot because there may be "an illegal copy of a PDF somewhere in this data center". However, let me say this. Facilitating a crime in most cases is a crime. For example, if you watch a dogfight, your a facilitator, that is a crime. If you watch a street race, your a facilitator that is a crime. I know it is very hard to know as an ISP to know if people your data center are committing or facilitating a crime. Likewise if you are an ad network that ends up showing an ad on a site it is hard to know if that site is committing or facilitating a crime. Or, if your google, it is hard for you to know that nice of the top ten search results are sites facilitating or committing a crime. However, I think we always have to hold ourselves to a higher standard. An ISP does not want to be known as a "spam friendly ISP" so they introduce clauses in their contract that punish or allow them to disable the connection if they detect SPAM. Can and should google employ some algorithm to help prevent sites obviously trafficking stoled E-books from showing up in search results? I think so. Can an ad network be diligent and not serve ads on these type of sites? I think so. As I stated up in my first reply I am not not saying SOPA was/is good/bad/whatever, but I did want to chime in with my half brained thoughts because it puts a face on some issue for the "the little guy". I did not make a multi-platinum CD and have the RIAA suing 12 year olds. I'm just a guy who really hates searching for his book and finding filestube.com as the #1 result. Edward -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Tue Jan 17 13:18:29 2012 From: chsnyder at gmail.com (Chris Snyder) Date: Tue, 17 Jan 2012 13:18:29 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> <20120117163417.GA96306@bewilderbeast.blackhelicopters.org> Message-ID: Just curious, was there ever a time when you could make a living writing a book as specialized as "Cassandra High Performance Cookbook?" Did you publisher lead you to believe that you could? I've written a tech book, too. I'd be thrilled to find out that 300,000 people downloaded it, and over-the-moon to discover that more than a handful actually cared to read it. You can make the lawyers fatter, or you can accept the fact that free and even ad-supported downloads are part of the world we live in and work with it. Every download is a potential customer. From edlinuxguru at gmail.com Tue Jan 17 14:15:49 2012 From: edlinuxguru at gmail.com (Edward Capriolo) Date: Tue, 17 Jan 2012 14:15:49 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> <20120117163417.GA96306@bewilderbeast.blackhelicopters.org> Message-ID: On Tue, Jan 17, 2012 at 1:18 PM, Chris Snyder wrote: > Just curious, was there ever a time when you could make a living > writing a book as specialized as "Cassandra High Performance > Cookbook?" Did you publisher lead you to believe that you could? > > I've written a tech book, too. I'd be thrilled to find out that > 300,000 people downloaded it, and over-the-moon to discover that more > than a handful actually cared to read it. > > You can make the lawyers fatter, or you can accept the fact that free > and even ad-supported downloads are part of the world we live in and > work with it. Every download is a potential customer. > No. I am not living on pipe-dreams that writing specialized tech books would make me rich. I am sure most of the 300,000 downloads were just robots or whatever. I am sure that some whiz kid data science summer intern guy at google could design some algorithm and filter to filter out search results to illegal software, movies, or books in like a month. But google has no intensive to do that. In fact, it is the opposite. their intensive is to not block stuff. So everyone wins, the ad serving site (google), the illegal downloading site (edonky.com), the download-er (the dirtbag). Well almost everyone. CAN-SPAM helped, Do Not Call Registry helped, the advertising industry self imposed do_not_track helped. So if people are given the proper incentive to do the right thing, great events occasionally unfold. -------------- next part -------------- An HTML attachment was scrubbed... URL: From henry95 at gmail.com Tue Jan 17 15:53:57 2012 From: henry95 at gmail.com (Henry M) Date: Tue, 17 Jan 2012 15:53:57 -0500 Subject: [nycbug-talk] Decent hosting provider? Message-ID: Hi all, Does anyone have any good experience with any web hosting providers? Currently I run a website & message board on 1and1.com. I have the "Business" package at $9.00 a month for 250GB of space, 1TB of network traffic, and 50 databases, 100MB each. For what it's used for, I don't need that much, however I have hit the database limit, and I can't upgrade my package, without going to a VPS or some other silly "cloud" solution with them. Requirements: 100GB or more space (pictures) Network usage is minimal >100MB database limit. Thanks dudes, -Henry -------------- next part -------------- An HTML attachment was scrubbed... URL: From mwlucas at blackhelicopters.org Tue Jan 17 15:56:21 2012 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Tue, 17 Jan 2012 15:56:21 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> <20120117163417.GA96306@bewilderbeast.blackhelicopters.org> Message-ID: <20120117205621.GA97448@bewilderbeast.blackhelicopters.org> On Tue, Jan 17, 2012 at 12:36:05PM -0500, Edward Capriolo wrote:> > If you were to google the name of my book, by putting into google search: > > "high performance cassandra cookbook download pdf" > > You would find the top result is legitimate. The next 6 results are from > these network of mirror sites. bookf.net, filestube.com, hotfilesearch.com, > www.downloadpdffree.com, there are 10 pages. Likely they are 90% populated > with illegal copies, because obviously there is some mirror network. Very typical results. A google search for "Absolute FreeBSD download PDF" does not list any legitimate site. > Now besides the fact that none of these sites have the right to sell/give > away copies of my book, they are also serving ads and making money on page > views and clicks. > > Write my prospective this just stinks. Yep. It's infuriating. It sucks. It sucks putrescent weasel wang. The most important thing an author can do is to not let it affect your outlook on life. A friend of mine stroked out & died not long ago, in part because of his blood pressure, which was high in part because he let this crap get to him. I can't say "book piracy" killed him, but it sure didn't help. So, Edward: take a deep breath, chill out, don't give yourself a stroke. On to the part the rest of the list might vaguely care about: We (for a REALLY wide value of we) have created a technology that has mostly eliminated the cost of successive copies. The first copy of a book/movie/song/artwork is expensive, all others are effectively free. The trick is to pay for that first copy, and hopefully a per-copy bonus afterwards for popular creations. (If your creation is used twenty million times, it would be nice if you got something extra compared to the guy whose work is used twenty times.) People and companies want this structure. But where will it come from? 1) We can throw up our hands and say "It's a social problem, there's nothing we can do." This is where the tech community is today, and I expect that we'll be there for the forseeable future. 2) We can decide that it's important that content creators get compensated, and develop a technical means for that to happen. I would really, really like to see this happen. 3) We can let the legislature decide on the solution. This path leads to DMCA, SOPA, PIPA, and worse. If we do nothing, big money will write the law. My personal belief is that the technical community will do nothing, the legislature will do something annoying and ineffective, and the end result will be a wholesale destruction of today's content creation industry. A new content creation industry will arise. Technology companies will purchase some content creators, while other creators will subsist on sponsorship. Content creators will need to develop entirely new business models. Many of these will resemble pre-Gutenberg business models. I can easily imagine "Absolute FreeBSD, 5th Ed" coming about by: a) being sponsored by (hypothetically) the FreeBSD Foundation, iX Systems, Hudson River Trading, and assorted other folks who support FreeBSD. b) a kickstarter-style project that says "This book is six man-months of effort. I will release it to the wild and as a $2.99 ebook in exchange for $20,000." (Numbers are rectally extracted, but you get the general idea; a survivable professional-ish wage in exchange for content.) c) Someone who shall remain unnamed but has the initials "George R" trapping me in a server room until the book is complete, feeding me by shoving pizza under the door. The entire FreeBSD community swears that he was with them at the time. d) ??? In short, the community with financial resources will pay for quality work. One way or another. We pay for code creation, we'll pay for docs. ==ml > What can I do? Find a lawyer and try > to go after every site in this worldwide mirror network? Yea right. I can > not "fight back" and issue a DDOS attack or something because then I am in > the wrong. > > One of the things that made the United States a super power was the power > of our patent office and power to enforce copyrights. It rewards the > inventor and the innovator. In a nutshell, it is the driving force behind > capitalism. I think a few people have chimed in and really illustrated that > piracy really cripples the innovator, and as you can see we are really > helpless to protect ourselves. > > Now I worked at a data center. I know I would not want the government to > kick down the door and seize every computer in the shot because there may > be "an illegal copy of a PDF somewhere in this data center". However, let > me say this. Facilitating a crime in most cases is a crime. For example, if > you watch a dogfight, your a facilitator, that is a crime. If you watch a > street race, your a facilitator that is a crime. > > I know it is very hard to know as an ISP to know if people your data center > are committing or facilitating a crime. Likewise if you are an ad network > that ends up showing an ad on a site it is hard to know if that site is > committing or facilitating a crime. Or, if your google, it is hard for you > to know that nice of the top ten search results are sites facilitating or > committing a crime. > > However, I think we always have to hold ourselves to a higher standard. An > ISP does not want to be known as a "spam friendly ISP" so they introduce > clauses in their contract that punish or allow them to disable the > connection if they detect SPAM. Can and should google employ some algorithm > to help prevent sites obviously trafficking stoled E-books from showing up > in search results? I think so. Can an ad network be diligent and not serve > ads on these type of sites? I think so. > > As I stated up in my first reply I am not not saying SOPA was/is > good/bad/whatever, but I did want to chime in with my half brained thoughts > because it puts a face on some issue for the "the little guy". I did not > make a multi-platinum CD and have the RIAA suing 12 year olds. I'm just a > guy who really hates searching for his book and finding filestube.com as > the #1 result. > > Edward -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlucas at BlackHelicopters.org, Twitter @mwlauthor From zippy1981 at gmail.com Tue Jan 17 16:34:44 2012 From: zippy1981 at gmail.com (Justin Dearing) Date: Tue, 17 Jan 2012 16:34:44 -0500 Subject: [nycbug-talk] Decent hosting provider? In-Reply-To: References: Message-ID: Henry, What is wrong with a cloud solution? Is it the cost? Do you have a legitimate security concern? Look at dreamhost. I think there is a comparable package with an unlimited number of mysql databases. Justin On Tue, Jan 17, 2012 at 3:53 PM, Henry M wrote: > Hi all, > > Does anyone have any good experience with any web hosting providers? > Currently I run a website & message board on 1and1.com. I have the > "Business" package at $9.00 a month for 250GB of space, 1TB of network > traffic, and 50 databases, 100MB each. For what it's used for, I don't need > that much, however I have hit the database limit, and I can't upgrade my > package, without going to a VPS or some other silly "cloud" solution with > them. > > Requirements: > 100GB or more space (pictures) > Network usage is minimal > >100MB database limit. > > Thanks dudes, > -Henry > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at dixongroup.net Tue Jan 17 16:38:22 2012 From: jason at dixongroup.net (Jason Dixon) Date: Tue, 17 Jan 2012 16:38:22 -0500 Subject: [nycbug-talk] Decent hosting provider? In-Reply-To: References: Message-ID: <20120117213822.GG11365@dixongroup.net> FWIW, there are quite a few ways of hosting applications (and databases) on Heroku for free. -J. On Tue, Jan 17, 2012 at 04:34:44PM -0500, Justin Dearing wrote: > Henry, > > What is wrong with a cloud solution? Is it the cost? Do you have a > legitimate security concern? > > Look at dreamhost. I think there is a comparable package with an unlimited > number of mysql databases. > > Justin > > On Tue, Jan 17, 2012 at 3:53 PM, Henry M wrote: > > > Hi all, > > > > Does anyone have any good experience with any web hosting providers? > > Currently I run a website & message board on 1and1.com. I have the > > "Business" package at $9.00 a month for 250GB of space, 1TB of network > > traffic, and 50 databases, 100MB each. For what it's used for, I don't need > > that much, however I have hit the database limit, and I can't upgrade my > > package, without going to a VPS or some other silly "cloud" solution with > > them. > > > > Requirements: > > 100GB or more space (pictures) > > Network usage is minimal > > >100MB database limit. > > > > Thanks dudes, > > -Henry > > > > _______________________________________________ > > talk mailing list > > talk at lists.nycbug.org > > http://lists.nycbug.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/ From matthewstory at gmail.com Tue Jan 17 16:45:38 2012 From: matthewstory at gmail.com (Matthew Story) Date: Tue, 17 Jan 2012 16:45:38 -0500 Subject: [nycbug-talk] Decent hosting provider? In-Reply-To: References: Message-ID: oops, forgot to send to list. On Tue, Jan 17, 2012 at 4:38 PM, Matthew Story wrote: > On Tue, Jan 17, 2012 at 4:34 PM, Justin Dearing wrote: > >> [...] >> Look at dreamhost. I think there is a comparable package with an >> unlimited number of mysql databases. >> > > I've used dreamhost in the past, and it's always worked nicely for me, I > believe it's also slightly cheaper than OP's current situation. > > >> Justin >> >> On Tue, Jan 17, 2012 at 3:53 PM, Henry M wrote: >> >>> Hi all, >>> >>> Does anyone have any good experience with any web hosting providers? >>> Currently I run a website & message board on 1and1.com. I have the >>> "Business" package at $9.00 a month for 250GB of space, 1TB of network >>> traffic, and 50 databases, 100MB each. For what it's used for, I don't need >>> that much, however I have hit the database limit, and I can't upgrade my >>> package, without going to a VPS or some other silly "cloud" solution with >>> them. >>> >>> Requirements: >>> 100GB or more space (pictures) >>> Network usage is minimal >>> >100MB database limit. >>> >>> Thanks dudes, >>> -Henry >>> >> > -- > regards, > matt > -- regards, matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From pete at nomadlogic.org Tue Jan 17 23:53:04 2012 From: pete at nomadlogic.org (Pete Wright) Date: Tue, 17 Jan 2012 20:53:04 -0800 Subject: [nycbug-talk] Decent hosting provider? In-Reply-To: References: Message-ID: <20120118045302.GJ63149@arp.nomadlogic.org> On Tue, Jan 17, 2012 at 03:53:57PM -0500, Henry M wrote: > Hi all, > > Does anyone have any good experience with any web hosting providers? > Currently I run a website & message board on 1and1.com. I have the > "Business" package at $9.00 a month for 250GB of space, 1TB of network > traffic, and 50 databases, 100MB each. For what it's used for, I don't need > that much, however I have hit the database limit, and I can't upgrade my > package, without going to a VPS or some other silly "cloud" solution with > them. > > Requirements: > 100GB or more space (pictures) > Network usage is minimal > >100MB database limit. > i have to hosting providers i like: New York Internet www.nyi.net And Arp Networks: http://arpnetworks.com/ Both of very friendly BSD shops. I currently have some VPC instances with ARP and have been very impressed with them. Like NYI, they have *very* good internet connectivity. -pete -- Pete Wright pete at nomadlogic.org From henry95 at gmail.com Tue Jan 17 16:59:36 2012 From: henry95 at gmail.com (Henry M) Date: Tue, 17 Jan 2012 16:59:36 -0500 Subject: [nycbug-talk] Decent hosting provider? In-Reply-To: References: Message-ID: I'm not too familiar with cloud solutions, but cost per GB of storage is my biggest concern. I don't serve a lot of images, but I do store a decent amount of them. On Tue, Jan 17, 2012 at 4:34 PM, Justin Dearing wrote: > Henry, > > What is wrong with a cloud solution? Is it the cost? Do you have a > legitimate security concern? > > Look at dreamhost. I think there is a comparable package with an unlimited > number of mysql databases. > > Justin > > On Tue, Jan 17, 2012 at 3:53 PM, Henry M wrote: > >> Hi all, >> >> Does anyone have any good experience with any web hosting providers? >> Currently I run a website & message board on 1and1.com. I have the >> "Business" package at $9.00 a month for 250GB of space, 1TB of network >> traffic, and 50 databases, 100MB each. For what it's used for, I don't need >> that much, however I have hit the database limit, and I can't upgrade my >> package, without going to a VPS or some other silly "cloud" solution with >> them. >> >> Requirements: >> 100GB or more space (pictures) >> Network usage is minimal >> >100MB database limit. >> >> Thanks dudes, >> -Henry >> >> _______________________________________________ >> talk mailing list >> talk at lists.nycbug.org >> http://lists.nycbug.org/mailman/listinfo/talk >> >> > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Tue Jan 17 17:23:38 2012 From: chsnyder at gmail.com (Chris Snyder) Date: Tue, 17 Jan 2012 17:23:38 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: <20120117205621.GA97448@bewilderbeast.blackhelicopters.org> References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> <20120117163417.GA96306@bewilderbeast.blackhelicopters.org> <20120117205621.GA97448@bewilderbeast.blackhelicopters.org> Message-ID: On Tue, Jan 17, 2012 at 3:56 PM, Michael W. Lucas wrote: > > 2) We can decide that it's important that content creators get > compensated, and develop a technical means for that to happen. I would > really, really like to see this happen. A myriad of technical means already exist for this to happen. From the Kindle and iTunes stores to the local Walmart, millions of people purchase things every day that they *could* download for free on the internets. It's a business issue not a technical one. Or to put it another way, if piracy could kill big media we'd be rid of the bastards by now. > b) a kickstarter-style project that says "This book is six man-months > of effort. I will release it to the wild and as a $2.99 ebook in > exchange for $20,000." (Numbers are rectally extracted, but you get > the general idea; a survivable professional-ish wage in exchange for > content.) Yes. But you need to raise enough to pay for yourself, an editor, a designer, and a typesetter. Or you could just stick with No Starch and hope their progressive outlook and association with O'Reilly helps them figure out a digital business model. I think it's really interesting to approach publishing from the mindset of the free software movement, because a lot of us went through this already as programmers: 1) Get paid to be a writer, not to sell copies of what you write. 2) Use copyright law to protect your claim of authorship and prevent derivatives from being published under your name. 3) Make it free and easy for people to copy and redistribute the work. 4) Sell nicely-packaged copies in various media for bonus income. 5) License the work to commercial entities and publishers for bonus income. 6) Use your status as an authority for bonus income and perks. The first step is the hardest one, as long as publishers persist in using royalties as the sole means of compensation for authors. From billtotman at billtotman.com Tue Jan 17 18:26:31 2012 From: billtotman at billtotman.com (Bill Totman) Date: Tue, 17 Jan 2012 18:26:31 -0500 Subject: [nycbug-talk] Decent hosting provider? In-Reply-To: References: Message-ID: On Jan 17, 2012, at 16:34, Justin Dearing wrote: > Henry, > > What is wrong with a cloud solution? Is it the cost? Do you have a legitimate security concern? > > Look at dreamhost. I think there is a comparable package with an unlimited number of mysql databases. > > Justin > I, too, have had years of good experiences with Dreamhost. -bt From pete at nomadlogic.org Wed Jan 18 01:32:04 2012 From: pete at nomadlogic.org (Pete Wright) Date: Tue, 17 Jan 2012 22:32:04 -0800 Subject: [nycbug-talk] Decent hosting provider? In-Reply-To: References: Message-ID: <20120118063202.GK63149@arp.nomadlogic.org> On Tue, Jan 17, 2012 at 06:26:31PM -0500, Bill Totman wrote: > On Jan 17, 2012, at 16:34, Justin Dearing wrote: > > > Henry, > > > > What is wrong with a cloud solution? Is it the cost? Do you have a legitimate security concern? > > > > Look at dreamhost. I think there is a comparable package with an unlimited number of mysql databases. > > > > Justin > > > > I, too, have had years of good experiences with Dreamhost. > does dreamhost support *BSD VPS or dedicated servers? i looked on their site and they seemed to mention only debian. -p -- Pete Wright pete at nomadlogic.org From george at ceetonetechnology.com Tue Jan 17 23:11:44 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 17 Jan 2012 23:11:44 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: <20120117233318.GG63149@arp.nomadlogic.org> References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> <20120117160401.GF11365@dixongroup.net> <20120117233318.GG63149@arp.nomadlogic.org> Message-ID: <4F164680.2080206@ceetonetechnology.com> On 01/17/12 18:33, Pete Wright wrote: > On Tue, Jan 17, 2012 at 11:08:11AM -0500, Edward Capriolo wrote: >> http://en.wikipedia.org/wiki/Stop_Online_Piracy_Act >> >> The originally proposed bill would allow the U.S. Department of Justice, as >> well as copyright holders, to seek court orders against websites accused of >> enabling or facilitating copyright infringement. >> >> The bill would make unauthorized streaming of copyrighted content a crime, >> >> It sounds like that is exactly what it is about, Protecting copyrights, or >> are you saying it only protects "streaming" data? >> > > i think if you do a little research into SOPA you will find that not > only is the bill a misguided attempt to stop "piracy" - but is a pretty > blatant attempt to break DNS and the foundation of how the internet > works on a fundemental level. > > regarding "piracy" - i've worked for alot of the companies that back > SOPA (film studios, video game studios etc...) and frankly i really > don't feel bad for them. to sink over a year of your life into a game, > see it be a block-buster (cough MW2) then to have your employer *not* > give you a raise is pretty dispicable, or in the case of film - to get > laid off right at the end of production - is aweful. > > all this legal wrangling (DMCAA, SOPA...etc...) is just the major stake > holders trying to keep costs down while trying to delay the major I hate to swing this discussion, but I really see a *certain* parallel with the GPL v BSD license. If you think the question of software rights should be decided in the legal realm, then the GPL is yours. Good luck. I spoke to a significant vendor in a certain area that uses Linux for its embedded system. They knew nothing about the GPL. I'd put money they are even using GPL v3 stuff. I almost felt sympathy for them since they were pretty clueless on the implications. Sounds like a real field day for lawyers. You're damn right Pete. I would even go so far as to argue that if GPL enforcers were so inclined, they should consider their own version of SOPA. (coming from way way out in left field. . .) g From chsnyder at gmail.com Wed Jan 18 11:43:09 2012 From: chsnyder at gmail.com (Chris Snyder) Date: Wed, 18 Jan 2012 11:43:09 -0500 Subject: [nycbug-talk] SOPA DOA In-Reply-To: <4F164680.2080206@ceetonetechnology.com> References: <7B232E53-B7FF-4A55-BB7C-BE3723932290@olivent.com> <20120117160401.GF11365@dixongroup.net> <20120117233318.GG63149@arp.nomadlogic.org> <4F164680.2080206@ceetonetechnology.com> Message-ID: On Tue, Jan 17, 2012 at 11:11 PM, George Rosamond wrote: > > I would even go so far as to argue that if GPL enforcers were so inclined, > they should consider their own version of SOPA. > "Arrr, post yer source or prepare to be blasted off the interwebs!" -- the dread pirate GNUbeard From mark.saad at ymail.com Thu Jan 19 12:30:03 2012 From: mark.saad at ymail.com (Mark Saad) Date: Thu, 19 Jan 2012 12:30:03 -0500 Subject: [nycbug-talk] FreeBSD has serious problems with focus, longevity, and lifecycle Message-ID: Talk I know someone you have been following this thread. " FreeBSD has serious problems with focus, longevity, and lifecycle" I want to know what the NYC BSD users think of this. I wish each release was developed and maintained longer. I am now running lots of 7.3-RELEASE servers and I would like to see 7.5 and beyond . I do not want to put time into rebuilding software and upgrading again to find out there is another newer release . When the 4.x life cycle was in full swing you could depend on freebsd 4.x+1 being just around the corner with bug fixes driver updates and small new features. What happened to this ? What do we do ? For the complete story see the freebsd hackers archive http://permalink.gmane.org/gmane.os.freebsd.devel.hackers/45459 -- Mark Saad | mark.saad at ymail.com From george at ceetonetechnology.com Thu Jan 19 15:40:51 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 19 Jan 2012 15:40:51 -0500 Subject: [nycbug-talk] FreeBSD has serious problems with focus, longevity, and lifecycle In-Reply-To: References: Message-ID: <4F187FD3.7020204@ceetonetechnology.com> On 01/19/12 12:30, Mark Saad wrote: > Talk > I know someone you have been following this thread. " FreeBSD has > serious problems with focus, longevity, and lifecycle" > I want to know what the NYC BSD users think of this. > > I wish each release was developed and maintained longer. I am now > running lots of 7.3-RELEASE servers and I would like to see 7.5 and > beyond . I do not want to put time into rebuilding software and > upgrading again to find out there is another newer release . When the > 4.x life cycle was in full swing you could depend on freebsd 4.x+1 > being just around the corner with bug fixes driver updates and small > new features. What happened to this ? > What do we do ? > > > For the complete story see the freebsd hackers archive > http://permalink.gmane.org/gmane.os.freebsd.devel.hackers/45459 > I saw this thread also. Can't we talk about SOPA more? Longevity of the releases is certainly important, but that is always limited by something else, such as the number of releases :) That's the real perplexing part for me. 4.x was nice and stable and pretty for so long. Everything was nice and clean. And there was focus. From the outside, it is confusing to watch 7.x 8.x and 9.x, plus 10.x the foci. Why is that going on? I know there are significant overhauls happening, like replacing gpl code and gcc for 10.x, but I'd rather be confident that ONE of the releases was the main production focus. There are huge changes between 7.x through 10.x, which would reinforce this all the more. The OpenBSD release approach makes the most sense to me. You can plan your holidays around it. Don't go on vacation early May or November. You are in rhythm with many thousands of other users. Problems and questions happen concurrently. Everyone is speaking the same language and experiencing the same upgrades. And yes, I sympathize Mark. In my context, I *can* have 6.x, 7.x and 8.x boxes in production and just deal with stuff as it comes. But being EOL'd and all of the sudden the most current is three releases ahead is an ugly scenario. Anyway, my $0.02. g From jason at dixongroup.net Thu Jan 19 16:16:18 2012 From: jason at dixongroup.net (Jason Dixon) Date: Thu, 19 Jan 2012 16:16:18 -0500 Subject: [nycbug-talk] FreeBSD has serious problems with focus, longevity, and lifecycle In-Reply-To: <4F187FD3.7020204@ceetonetechnology.com> References: <4F187FD3.7020204@ceetonetechnology.com> Message-ID: <20120119211618.GA25415@dixongroup.net> On Thu, Jan 19, 2012 at 03:40:51PM -0500, George Rosamond wrote: > > The OpenBSD release approach makes the most sense to me. You can > plan your holidays around it. Don't go on vacation early May or > November. You are in rhythm with many thousands of other users. > Problems and questions happen concurrently. Everyone is speaking > the same language and experiencing the same upgrades. THIS. I was lol'g when I read this, but seriously. That's real clarity there. :) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/ From mark.saad at ymail.com Thu Jan 19 16:28:30 2012 From: mark.saad at ymail.com (Mark Saad) Date: Thu, 19 Jan 2012 16:28:30 -0500 Subject: [nycbug-talk] FreeBSD has serious problems with focus, longevity, and lifecycle In-Reply-To: <20120119211618.GA25415@dixongroup.net> References: <4F187FD3.7020204@ceetonetechnology.com> <20120119211618.GA25415@dixongroup.net> Message-ID: On Thu, Jan 19, 2012 at 4:16 PM, Jason Dixon wrote: > On Thu, Jan 19, 2012 at 03:40:51PM -0500, George Rosamond wrote: >> >> The OpenBSD release approach makes the most sense to me. ?You can >> plan your holidays around it. ?Don't go on vacation early May or >> November. You are in rhythm with many thousands of other users. >> Problems and questions happen concurrently. ?Everyone is speaking >> the same language and experiencing the same upgrades. > > THIS. I was lol'g when I read this, but seriously. That's real clarity > there. :) > My issue is that I feel left in the dust . The prospect of a 7.5-RELEASE and beyond is dwindling and I would prefer not to be stuck in a abandoned release, again. > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net/ > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk -- Mark Saad | mark.saad at ymail.com From george at ceetonetechnology.com Thu Jan 19 16:35:33 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 19 Jan 2012 16:35:33 -0500 Subject: [nycbug-talk] FreeBSD has serious problems with focus, longevity, and lifecycle In-Reply-To: References: <4F187FD3.7020204@ceetonetechnology.com> <20120119211618.GA25415@dixongroup.net> Message-ID: <4F188CA5.2080609@ceetonetechnology.com> On 01/19/12 16:28, Mark Saad wrote: > On Thu, Jan 19, 2012 at 4:16 PM, Jason Dixon wrote: >> On Thu, Jan 19, 2012 at 03:40:51PM -0500, George Rosamond wrote: >>> >>> The OpenBSD release approach makes the most sense to me. You can >>> plan your holidays around it. Don't go on vacation early May or >>> November. You are in rhythm with many thousands of other users. >>> Problems and questions happen concurrently. Everyone is speaking >>> the same language and experiencing the same upgrades. >> >> THIS. I was lol'g when I read this, but seriously. That's real clarity >> there. :) >> > > My issue is that I feel left in the dust . The prospect of a > 7.5-RELEASE and beyond is dwindling and I would prefer not to be stuck > in a abandoned release, again. Yes, and that's what was nice about 4.x Releases have to be EOL'd at *some* point. But there are/will be some enormous steps, not that I understand what distinguishes release branches. Is it the qualitative changes? Aren't places like Verio still running 4.x? g PS Hire more BSD devs there Mark :) From cwolsen at ubixos.com Fri Jan 20 08:11:25 2012 From: cwolsen at ubixos.com (Christopher Olsen) Date: Fri, 20 Jan 2012 08:11:25 -0500 Subject: [nycbug-talk] Extremely large SAN/NAS Message-ID: Hello Everyone, Anyone here have any experience or thoughts on how to put together a large Data store? What I would like to accomplish would be to have something with the capacity in the area of 5,000 terabytes and also have the ability to take snapshots... It wouldn't necessarily need to appear as a single node but I definitely want to get the highest possible storage density per node. Also performance need not be considered as long as its within reason. -Christopher From george at ceetonetechnology.com Fri Jan 20 09:13:10 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 20 Jan 2012 09:13:10 -0500 Subject: [nycbug-talk] Extremely large SAN/NAS In-Reply-To: References: Message-ID: <4F197676.9000001@ceetonetechnology.com> On 01/20/12 08:11, Christopher Olsen wrote: > Hello Everyone, > > Anyone here have any experience or thoughts on how to put together a > large Data store? > > What I would like to accomplish would be to have something with the > capacity in the area of 5,000 terabytes and also have the ability to > take snapshots... > > It wouldn't necessarily need to appear as a single node but I > definitely want to get the highest possible storage density per node. > Also performance need not be considered as long as its within > reason. Assume you mean hardware-wise. For software, I'd run Ubuntu-creamsicle with Ruby on Grilled Peaches on top. But seriously, there's a thread 6 mos back about the cost of building a NAS device but with smaller storage. The cost dropped dramatically over the years, except now when it comes to hard drive costs, of course. For a data store that size, I would look to keep it on multiple nodes from the start, but especially if you'd have to scale later on. Software-wise, the easy way is to go with FreeNAS. They make it *very* easy. And there's support for fibre channel and Infiniband. And certainly ZFS at that scale. Run it off a cf card and you should be happy to your heart's delight. g From pete at nomadlogic.org Fri Jan 20 16:34:51 2012 From: pete at nomadlogic.org (Pete Wright) Date: Fri, 20 Jan 2012 13:34:51 -0800 Subject: [nycbug-talk] Extremely large SAN/NAS In-Reply-To: References: Message-ID: <20120120213449.GL63149@arp.nomadlogic.org> On Fri, Jan 20, 2012 at 08:11:25AM -0500, Christopher Olsen wrote: > Hello Everyone, > > Anyone here have any experience or thoughts on how to put together a large Data store? > > What I would like to accomplish would be to have something with the capacity in the area of 5,000 terabytes and also have the ability to take snapshots... > > It wouldn't necessarily need to appear as a single node but I definitely want to get the highest possible storage density per node. Also performance need not be considered as long as its within reason. > i think there are a couple things to keep in mind when building any large storage architecture. the first is - what is your application/use-case? this will help you figure out if you need a SAN or if a NAS will suffice. For example - building out a huge SAN, what filesystem will eventually be overlayed on your LUN's, do you really need a 5PB SAN or can it be broken down into more managable pools...etc. Lets assume you are building a NAS infrastructure though, as I imagine that would be a more common use-case for a 5PB storage architecture. My opinion is that if you are building out something this big you really would benefit working with an appliance vendor - esp. if this a tier-1 system you are building (interestingly enough you'll find that vendors like Isilon and NetApp are actually based on FreeBSD). Aside from hardware integration and support - appliances will also generally take care of HA clustering and other difficult problems. You wouldn't want your 5PB datastore to have a SPOF would you :) A final thought is - check out clustered filesystems like Gluster, Ceph (http://ceph.newdream.net/) or something similar. These solutions will allow you to leverage off the shelf hardware w/o sacrificing HA capabilities. They also should scale if designed correctly from the begining. Although - like I said in the begining you really need to figure out your usecase when buiding something to scale like this. Once you figure out how data is being accessed (block level via a SAN, at the IP layer via a NAS, or via an API from a clustered filesystem) that'll help you figure out what your system will look like at the end of the day. Each one has is benefits and drawbacks. HTH, -pete -- Pete Wright pete at nomadlogic.org From edlinuxguru at gmail.com Fri Jan 20 10:41:10 2012 From: edlinuxguru at gmail.com (Edward Capriolo) Date: Fri, 20 Jan 2012 10:41:10 -0500 Subject: [nycbug-talk] Extremely large SAN/NAS In-Reply-To: <20120120213449.GL63149@arp.nomadlogic.org> References: <20120120213449.GL63149@arp.nomadlogic.org> Message-ID: On Fri, Jan 20, 2012 at 4:34 PM, Pete Wright wrote: > On Fri, Jan 20, 2012 at 08:11:25AM -0500, Christopher Olsen wrote: > > Hello Everyone, > > > > Anyone here have any experience or thoughts on how to put together a > large Data store? > > > > What I would like to accomplish would be to have something with the > capacity in the area of 5,000 terabytes and also have the ability to take > snapshots... > > > > It wouldn't necessarily need to appear as a single node but I definitely > want to get the highest possible storage density per node. Also performance > need not be considered as long as its within reason. > > > > i think there are a couple things to keep in mind when building any > large storage architecture. the first is - what is your > application/use-case? this will help you figure out if you need a SAN > or if a NAS will suffice. For example - building out a huge SAN, what > filesystem will eventually be overlayed on your LUN's, do you really > need a 5PB SAN or can it be broken down into more managable pools...etc. > > Lets assume you are building a NAS infrastructure though, as I imagine > that would be a more common use-case for a 5PB storage architecture. My > opinion is that if you are building out something this big you really > would benefit working with an appliance vendor - esp. if this a tier-1 > system you are building (interestingly enough you'll find that vendors > like Isilon and NetApp are actually based on FreeBSD). Aside from > hardware integration and support - appliances will also generally take > care of HA clustering and other difficult problems. You wouldn't want > your 5PB datastore to have a SPOF would you :) > > A final thought is - check out clustered filesystems like Gluster, > Ceph (http://ceph.newdream.net/) or something similar. These solutions > will allow you to leverage off the shelf hardware w/o sacrificing HA > capabilities. They also should scale if designed correctly from the > begining. > > > Although - like I said in the begining you really need to figure out > your usecase when buiding something to scale like this. Once you figure > out how data is being accessed (block level via a SAN, at the IP layer > via a NAS, or via an API from a clustered filesystem) that'll help you > figure out what your system will look like at the end of the day. Each > one has is benefits and drawbacks. > > HTH, > -pete > > -- > Pete Wright > pete at nomadlogic.org > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > Tools like Lustre, Ceph, or OCFS2 seemed attractive to me at first, in that you get the full semantics that you are used to from a filesystem, but you really cant open a 9 TB file with vi. Would I want to run MySQL ontop of OCFS2. Would I want to have 5 systems sharing the same OCFS2 partition with mysql external locking? (probably not) These solutions (Lustre, Ceph, or OCFS2) are great if I have a bank of 1000 web servers each run by a different entity and I want to give everyone there own secured LUN in a SAN style. But for my needs I determined that was not what I wanted. I wanted to scale a single application horizontally in both storage an processing. I wanted to be able to store all my web logs from a very busy site in a single system and process them with distributed storage and distributed computation, or I wanted a key value store that stretched out across 30 nodes. These very large storage use cases were why I got into hadoop. http://hadoop.apache.org/. Hadoop is not a POSIX filesystem (so you can not mount it directly) Although some vendors do offer alternative hadoop implementations that can be mounted and used like an NFS disk. Also why I work with Cassandra http://cassandra.apache.org . To wrap it up knowing what you wish to to with your 5PB is important. You may just want a large pool of SAN/NAS storage. That could be as simple as having thousands of beefy servers with ZFS and managing who mounts what. You could go with an Isilon if you really want one /export/bigdrive that every server in your company can write to and read from. Or if you just want to manage all your storage as single system you can go with an iscsi vendor. (wow the $ value for a 5PB SAN would be sick! I would love to see that quote), or if what you really want is a scalable "database" that is not a filesystem you can check out some of the other tools I mentioned. -------------- next part -------------- An HTML attachment was scrubbed... URL: From riegersteve at gmail.com Fri Jan 20 10:46:54 2012 From: riegersteve at gmail.com (steve rieger) Date: Fri, 20 Jan 2012 07:46:54 -0800 Subject: [nycbug-talk] Extremely large SAN/NAS In-Reply-To: References: Message-ID: I recently setup a 5.6pb array using gpfs Designing an even larger array now for nasa. Two different technologies with very different use case scenarios On Jan 20, 2012 5:30 AM, "Christopher Olsen" wrote: > Hello Everyone, > > Anyone here have any experience or thoughts on how to put together a large > Data store? > > What I would like to accomplish would be to have something with the > capacity in the area of 5,000 terabytes and also have the ability to take > snapshots... > > It wouldn't necessarily need to appear as a single node but I definitely > want to get the highest possible storage density per node. Also performance > need not be considered as long as its within reason. > > -Christopher > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -------------- next part -------------- An HTML attachment was scrubbed... URL: From edlinuxguru at gmail.com Fri Jan 20 10:59:06 2012 From: edlinuxguru at gmail.com (Edward Capriolo) Date: Fri, 20 Jan 2012 10:59:06 -0500 Subject: [nycbug-talk] Extremely large SAN/NAS In-Reply-To: References: Message-ID: I know this box is a bit short of 5PB but 135TB $7,384 is still pretty sweet. http://blog.backblaze.com/2011/07/20/petabytes-on-a-budget-v2-0revealing-more-secrets/ On Fri, Jan 20, 2012 at 10:46 AM, steve rieger wrote: > I recently setup a 5.6pb array using gpfs > > Designing an even larger array now for nasa. > > Two different technologies with very different use case scenarios > On Jan 20, 2012 5:30 AM, "Christopher Olsen" wrote: > >> Hello Everyone, >> >> Anyone here have any experience or thoughts on how to put together a >> large Data store? >> >> What I would like to accomplish would be to have something with the >> capacity in the area of 5,000 terabytes and also have the ability to take >> snapshots... >> >> It wouldn't necessarily need to appear as a single node but I definitely >> want to get the highest possible storage density per node. Also performance >> need not be considered as long as its within reason. >> >> -Christopher >> _______________________________________________ >> talk mailing list >> talk at lists.nycbug.org >> http://lists.nycbug.org/mailman/listinfo/talk >> > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cwolsen at ubixos.com Fri Jan 20 11:30:05 2012 From: cwolsen at ubixos.com (Christopher Olsen) Date: Fri, 20 Jan 2012 11:30:05 -0500 Subject: [nycbug-talk] Extremely large SAN/NAS In-Reply-To: <4F197676.9000001@ceetonetechnology.com> References: <4F197676.9000001@ceetonetechnology.com> Message-ID: <034401ccd790$c594d670$50be8350$@ubixos.com> George, To address you and Pete and others as this thread goes on... Right now I have about 28T of storage in a single NAS. Now I have a bunch of remote servers that rsync all of their data to this NAS.. The NAS in turn keeps 90 daily snapshots for retention purposes... So I need to be able to still store the 90 daily snapshots as well as be able to rsync data to the storage pool.. It doesn't need to be a single point but It would be a nightmare to manage 2000 NASs.. But I need it to scale as far as the 10PB I wont need that tomorrow but I most likely need to expand at a rate of atleast 2PB every 12 months topping out at the 10PB so I wanted to make sure all thoughts were on the top end of the requirement. -----Original Message----- From: talk-bounces at lists.nycbug.org [mailto:talk-bounces at lists.nycbug.org] On Behalf Of George Rosamond Sent: Friday, January 20, 2012 9:13 AM To: talk at lists.nycbug.org Subject: Re: [nycbug-talk] Extremely large SAN/NAS On 01/20/12 08:11, Christopher Olsen wrote: > Hello Everyone, > > Anyone here have any experience or thoughts on how to put together a > large Data store? > > What I would like to accomplish would be to have something with the > capacity in the area of 5,000 terabytes and also have the ability to > take snapshots... > > It wouldn't necessarily need to appear as a single node but I > definitely want to get the highest possible storage density per node. > Also performance need not be considered as long as its within reason. Assume you mean hardware-wise. For software, I'd run Ubuntu-creamsicle with Ruby on Grilled Peaches on top. But seriously, there's a thread 6 mos back about the cost of building a NAS device but with smaller storage. The cost dropped dramatically over the years, except now when it comes to hard drive costs, of course. For a data store that size, I would look to keep it on multiple nodes from the start, but especially if you'd have to scale later on. Software-wise, the easy way is to go with FreeNAS. They make it *very* easy. And there's support for fibre channel and Infiniband. And certainly ZFS at that scale. Run it off a cf card and you should be happy to your heart's delight. g _______________________________________________ talk mailing list talk at lists.nycbug.org http://lists.nycbug.org/mailman/listinfo/talk From pete at nomadlogic.org Sun Jan 22 02:18:47 2012 From: pete at nomadlogic.org (Pete Wright) Date: Sat, 21 Jan 2012 23:18:47 -0800 Subject: [nycbug-talk] Decent hosting provider? In-Reply-To: References: Message-ID: <20120122071844.GM63149@arp.nomadlogic.org> On Tue, Jan 17, 2012 at 04:34:44PM -0500, Justin Dearing wrote: > Henry, > > What is wrong with a cloud solution? Is it the cost? Do you have a > legitimate security concern? > > Look at dreamhost. I think there is a comparable package with an unlimited > number of mysql databases. > woops: http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/ -pete -- Pete Wright pete at nomadlogic.org From george at ceetonetechnology.com Tue Jan 24 18:48:07 2012 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 24 Jan 2012 18:48:07 -0500 Subject: [nycbug-talk] MWL's OpenSSH book Message-ID: <4F1F4337.5070002@ceetonetechnology.com> Who said technical book publishing is dead. . . http://blather.michaelwlucas.com/archives/1191 Number 2 on the best sellers list with smashwords.com It must have been the insightful technical reviewers. . . seriously, good stuff. Strongly recommend it. It's a recommended purchase for the Putty-only dwelling people who get thrown off by using a different login name or need to setup keys. Nice job Michael! g From mwlucas at blackhelicopters.org Thu Jan 26 09:06:02 2012 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Thu, 26 Jan 2012 09:06:02 -0500 Subject: [nycbug-talk] MWL's OpenSSH book In-Reply-To: <4F1F4337.5070002@ceetonetechnology.com> References: <4F1F4337.5070002@ceetonetechnology.com> Message-ID: <20120126140602.GB51297@bewilderbeast.blackhelicopters.org> On Tue, Jan 24, 2012 at 06:48:07PM -0500, George Rosamond wrote: > Who said technical book publishing is dead. . . That was me. Seriously, if any bloggers on the list want review copies, let me know. It's ebook only at the moment, print coming soon. ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlucas at BlackHelicopters.org, Twitter @mwlauthor