From bob at redivi.com  Tue Dec  5 16:40:31 2017
From: bob at redivi.com (Bob Ippolito)
Date: Tue, 05 Dec 2017 21:40:31 +0000
Subject: [talk] December meeting?
In-Reply-To: <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
Message-ID: <CACwMPm9d3eyfyB+91EJSKFHW8MNovc6RdqUbaxZv-hJowEsqCQ@mail.gmail.com>

On Thu, Nov 9, 2017 at 19:47 George Rosamond <george at ceetonetechnology.com>
wrote:

> James E Keenan:
> > On 11/09/2017 07:15 PM, assaf wrote:
> >> Hey all,
> >> I will be in the States (new york) for the first week in December and
> >> am wondering if a meet up is planned for that week. Thanks.
> >>
> >> Assaf
> >> (Currently living in Ecuador )
> >>
> >>
> >
> > We don't currently have a technical meeting scheduled for December.
> >
> > However, twice in the past three months we've had a social gathering on
> > the first Wednesday when we did not have a tech meeting.
> >
> > So stay tuned to the list for what might happen on Wed Dec 06.
>
> We could sort out meeting at Suspenders for Dec 6.
>
> Let's get some idea of how many people are interested.


Is this happening tomorrow? I?m in the city and haven?t made other plans
yet :)

-bob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171205/4fb04635/attachment.htm>

From Assafr at protonmail.com  Tue Dec  5 16:50:13 2017
From: Assafr at protonmail.com (assaf)
Date: Tue, 05 Dec 2017 16:50:13 -0500
Subject: [talk] December meeting?
In-Reply-To: <CACwMPm9d3eyfyB+91EJSKFHW8MNovc6RdqUbaxZv-hJowEsqCQ@mail.gmail.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
 <CACwMPm9d3eyfyB+91EJSKFHW8MNovc6RdqUbaxZv-hJowEsqCQ@mail.gmail.com>
Message-ID: <EWH5xj003kM197CivfRCYoYaVoSfAAeztYzSWL_WYedHEk5-OUwfDK2ZFqfs1-11mHfaXPvIVSnvpYCyRHYyk-jk1g9AGDfkkvM_wgwETG0=@protonmail.com>

Wondering the same thing. I'm in New York as well.

Sent from ProtonMail mobile

-------- Original Message --------
On Dec 5, 2017, 4:40 PM, Bob Ippolito wrote:

> On Thu, Nov 9, 2017 at 19:47 George Rosamond <george at ceetonetechnology.com> wrote:
>
>> James E Keenan:
>>> On 11/09/2017 07:15 PM, assaf wrote:
>>>> Hey all,
>>>> I will be in the States (new york) for the first week in December and
>>>> am wondering if a meet up is planned for that week. Thanks.
>>>>
>>>> Assaf
>>>> (Currently living in Ecuador )
>>>>
>>>>
>>>
>>> We don't currently have a technical meeting scheduled for December.
>>>
>>> However, twice in the past three months we've had a social gathering on
>>> the first Wednesday when we did not have a tech meeting.
>>>
>>> So stay tuned to the list for what might happen on Wed Dec 06.
>>
>> We could sort out meeting at Suspenders for Dec 6.
>>
>> Let's get some idea of how many people are interested.
>
>>
>
> Is this happening tomorrow? I?m in the city and haven?t made other plans yet :)
>
> -bob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171205/4ae75950/attachment.htm>

From jkeenan at pobox.com  Tue Dec  5 17:06:32 2017
From: jkeenan at pobox.com (James E Keenan)
Date: Tue, 5 Dec 2017 17:06:32 -0500
Subject: [talk] December meeting?
In-Reply-To: <CACwMPm9d3eyfyB+91EJSKFHW8MNovc6RdqUbaxZv-hJowEsqCQ@mail.gmail.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
 <CACwMPm9d3eyfyB+91EJSKFHW8MNovc6RdqUbaxZv-hJowEsqCQ@mail.gmail.com>
Message-ID: <cee755fd-6a17-dee5-1162-d13313cbbefd@pobox.com>

On 12/05/2017 04:40 PM, Bob Ippolito wrote:
> 
> On Thu, Nov 9, 2017 at 19:47 George Rosamond 
> <george at ceetonetechnology.com <mailto:george at ceetonetechnology.com>> wrote:
> 
>     James E Keenan:
>      > On 11/09/2017 07:15 PM, assaf wrote:
>      >> Hey all,
>      >> I will be in the States (new york) for the first week in
>     December and
>      >> am wondering if a meet up is planned for that week. Thanks.
>      >>
>      >> Assaf
>      >> (Currently living in Ecuador )
>      >>
>      >>
>      >
>      > We don't currently have a technical meeting scheduled for December.
>      >
>      > However, twice in the past three months we've had a social
>     gathering on
>      > the first Wednesday when we did not have a tech meeting.
>      >
>      > So stay tuned to the list for what might happen on Wed Dec 06.
> 
>     We could sort out meeting at Suspenders for Dec 6.
> 
>     Let's get some idea of how many people are interested.
> 
> 
> Is this happening tomorrow? I?m in the city and haven?t made other plans 
> yet :)
> 
> -bob
> 

AFAIK it is happening.  Freenode #nycbug has it in its topic.  I am 
planning to be there 6:45 pm (or a little earlier).



From george at ceetonetechnology.com  Tue Dec  5 18:53:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Tue, 05 Dec 2017 23:53:00 +0000
Subject: [talk] December meeting?
In-Reply-To: <cee755fd-6a17-dee5-1162-d13313cbbefd@pobox.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
 <CACwMPm9d3eyfyB+91EJSKFHW8MNovc6RdqUbaxZv-hJowEsqCQ@mail.gmail.com>
 <cee755fd-6a17-dee5-1162-d13313cbbefd@pobox.com>
Message-ID: <b130da2b-eba4-3127-28a1-ee48a54fec48@ceetonetechnology.com>

James E Keenan:
> On 12/05/2017 04:40 PM, Bob Ippolito wrote:
>>
>> On Thu, Nov 9, 2017 at 19:47 George Rosamond
>> <george at ceetonetechnology.com <mailto:george at ceetonetechnology.com>>
>> wrote:
>>
>>     James E Keenan:
>>      > On 11/09/2017 07:15 PM, assaf wrote:
>>      >> Hey all,
>>      >> I will be in the States (new york) for the first week in
>>     December and
>>      >> am wondering if a meet up is planned for that week. Thanks.
>>      >>
>>      >> Assaf
>>      >> (Currently living in Ecuador )
>>      >>
>>      >>
>>      >
>>      > We don't currently have a technical meeting scheduled for
>> December.
>>      >
>>      > However, twice in the past three months we've had a social
>>     gathering on
>>      > the first Wednesday when we did not have a tech meeting.
>>      >
>>      > So stay tuned to the list for what might happen on Wed Dec 06.
>>
>>     We could sort out meeting at Suspenders for Dec 6.
>>
>>     Let's get some idea of how many people are interested.
>>
>>
>> Is this happening tomorrow? I?m in the city and haven?t made other
>> plans yet :)
>>
>> -bob
>>
> 
> AFAIK it is happening.  Freenode #nycbug has it in its topic.  I am
> planning to be there 6:45 pm (or a little earlier).

Yup... I'll be there.

g



From raulcuza at gmail.com  Tue Dec  5 21:13:00 2017
From: raulcuza at gmail.com (Raul Cuza)
Date: Tue, 5 Dec 2017 21:13:00 -0500
Subject: [talk] December meeting?
In-Reply-To: <b130da2b-eba4-3127-28a1-ee48a54fec48@ceetonetechnology.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
 <CACwMPm9d3eyfyB+91EJSKFHW8MNovc6RdqUbaxZv-hJowEsqCQ@mail.gmail.com>
 <cee755fd-6a17-dee5-1162-d13313cbbefd@pobox.com>
 <b130da2b-eba4-3127-28a1-ee48a54fec48@ceetonetechnology.com>
Message-ID: <CAOnfn2yQJUjRQFyyNX5rRWTey330wC-KcqNiCFw_96SN7oTZWA@mail.gmail.com>

On Tue, Dec 5, 2017 at 6:53 PM, George Rosamond
<george at ceetonetechnology.com> wrote:
> James E Keenan:
>> On 12/05/2017 04:40 PM, Bob Ippolito wrote:
>>>
>>> On Thu, Nov 9, 2017 at 19:47 George Rosamond
>>> <george at ceetonetechnology.com <mailto:george at ceetonetechnology.com>>
>>> wrote:
>>>
>>>     James E Keenan:
>>>      > On 11/09/2017 07:15 PM, assaf wrote:
>>>      >> Hey all,
>>>      >> I will be in the States (new york) for the first week in
>>>     December and
>>>      >> am wondering if a meet up is planned for that week. Thanks.
>>>      >>
>>>      >> Assaf
>>>      >> (Currently living in Ecuador )
>>>      >>
>>>      >>
>>>      >
>>>      > We don't currently have a technical meeting scheduled for
>>> December.
>>>      >
>>>      > However, twice in the past three months we've had a social
>>>     gathering on
>>>      > the first Wednesday when we did not have a tech meeting.
>>>      >
>>>      > So stay tuned to the list for what might happen on Wed Dec 06.
>>>
>>>     We could sort out meeting at Suspenders for Dec 6.
>>>
>>>     Let's get some idea of how many people are interested.
>>>
>>>
>>> Is this happening tomorrow? I?m in the city and haven?t made other
>>> plans yet :)
>>>
>>> -bob
>>>
>>
>> AFAIK it is happening.  Freenode #nycbug has it in its topic.  I am
>> planning to be there 6:45 pm (or a little earlier).
>
> Yup... I'll be there.
>
> g
>

If we show, it will happen.

[consider_yourself_spared_a_meme_with_kevin_costner_and_a_corn_field.ps]



From george at ceetonetechnology.com  Tue Dec  5 22:08:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Wed, 06 Dec 2017 03:08:00 +0000
Subject: [talk] Wednesday, Dec 6 get-together
Message-ID: <8d6322ca-136e-9c04-d4c8-84008cb34eb5@ceetonetechnology.com>

A good number of new and old faces will be assembling at Suspenders at
108 Greenwich Street in downtown Manhattan on December 6th around 7 PM.

It will be a great opportunity to catch-up with everyone, and discuss
plans for 2018.



From kmsujit at gmail.com  Thu Dec  7 11:48:04 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Thu, 7 Dec 2017 22:18:04 +0530
Subject: [talk] Cross Site Scripting in Browsers
Message-ID: <CA+6mNeoY_fNw7Ws2HFQs+WqbMXXGWPDZkfzYo3eNVbQSshXiGw@mail.gmail.com>

Hi All,

I had a simple question, How is something like Cross Site Scripting
for example implemented in Browsers. A stupid idea(as even in open
source browsers) would be to change code and disable the code for
Cross Site Scripting and Hack. I call it stupid simply because the code is
going to be shared object.

As a two part to this how are security in browsers implemented is there any
documentation for this?

Regards,
Sujit K M



From pete at nomadlogic.org  Thu Dec  7 12:28:57 2017
From: pete at nomadlogic.org (Pete Wright)
Date: Thu, 7 Dec 2017 09:28:57 -0800
Subject: [talk] Cross Site Scripting in Browsers
In-Reply-To: <CA+6mNeoY_fNw7Ws2HFQs+WqbMXXGWPDZkfzYo3eNVbQSshXiGw@mail.gmail.com>
References: <CA+6mNeoY_fNw7Ws2HFQs+WqbMXXGWPDZkfzYo3eNVbQSshXiGw@mail.gmail.com>
Message-ID: <2b253403-9407-9e70-2a5a-f202a089beda@nomadlogic.org>



On 12/07/2017 08:48, Sujit K M wrote:
> Hi All,
>
> I had a simple question, How is something like Cross Site Scripting
> for example implemented in Browsers. A stupid idea(as even in open
> source browsers) would be to change code and disable the code for
> Cross Site Scripting and Hack. I call it stupid simply because the code is
> going to be shared object.
>
> As a two part to this how are security in browsers implemented is there any
> documentation for this?
not %100 sure i understand your question - are you asking how CORS 
(Cross Origin Resource Sharing) is implemented?? Cross Site Scripting 
(xss) is something browsers actively mitigate against so I'm a little 
confused I guess.

fwiw here's the moz docs on CORS which I think covers how it helps 
prevent XSS attacks while still allowing the browser to run code from 
multiple origins in a sorta-semi-but-probably-not-really-in-practice manner:

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

-pete

-- 
Pete Wright
pete at nomadlogic.org
@nomadlogicLA



From george at ceetonetechnology.com  Thu Dec  7 16:34:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Thu, 07 Dec 2017 21:34:00 +0000
Subject: [talk] BSDCan 2018 CFP Open
Message-ID: <7017feba-d1b8-5b56-42af-291068475cae@ceetonetechnology.com>

Dan writes. . .

BSDCan 2018 will be held 8-9 (Fri-Sat) June, 2017 in Ottawa,
at the University of Ottawa. It will be preceded by two
days of tutorials on 6-7 June (Wed-Thu).

Also: do not miss out on the Goat BOF on Tuesday 5 June.

We are now accepting proposals for talks.

The talks should be designed with a very strong technical content bias.
Proposals of a business development or marketing nature are not
appropriate for this venue.

See http://www.bsdcan.org/2018/

If you are doing something interesting with a BSD operating system,
please submit a proposal. Whether you are developing a very complex
system using BSD as the foundation, or helping others and have a story
to tell about how BSD played a role, we want to hear about your
experience.  People using BSD as a platform for research are also
encouraged to submit a proposal. Possible topics include:

* How we manage a giant installation with respect to handling spam.
* and/or sysadmin.
* and/or networking.
* Cool new stuff in BSD
* Tell us about your project which runs on BSD
* other topics (see next paragraph)

>From the BSDCan website, the Archives section will allow you to review
the wide variety of past BSDCan presentations as further examples.

Both users and developers are encouraged to share their experiences.

The schedule is:

1 Dec 2017 Proposal acceptance begins
19 Jan 2018 Proposal acceptance ends
19 Feb 2018 Confirmation of accepted proposals

See also http://www.bsdcan.org/2018/papers.php

Instructions for submitting a proposal to BSDCan 2018 are available
from: http://www.bsdcan.org/2018/submissions.php

-- 
Dan Langille - BSDCan / PGCon
dan at langille.org



From kmsujit at gmail.com  Fri Dec  8 09:56:58 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Fri, 8 Dec 2017 20:26:58 +0530
Subject: [talk] Cross Site Scripting in Browsers
In-Reply-To: <2b253403-9407-9e70-2a5a-f202a089beda@nomadlogic.org>
References: <CA+6mNeoY_fNw7Ws2HFQs+WqbMXXGWPDZkfzYo3eNVbQSshXiGw@mail.gmail.com>
 <2b253403-9407-9e70-2a5a-f202a089beda@nomadlogic.org>
Message-ID: <CA+6mNeqrgTCZiPaGqZjWsq2O3oBjqnN4F1Q4yjJOZO-hyJqsPw@mail.gmail.com>

On Thu, Dec 7, 2017 at 10:58 PM, Pete Wright <pete at nomadlogic.org> wrote:
>
>
> On 12/07/2017 08:48, Sujit K M wrote:
>>
>> Hi All,
>>
>> I had a simple question, How is something like Cross Site Scripting
>> for example implemented in Browsers. A stupid idea(as even in open
>> source browsers) would be to change code and disable the code for
>> Cross Site Scripting and Hack. I call it stupid simply because the code is
>> going to be shared object.
>>
>> As a two part to this how are security in browsers implemented is there
>> any
>> documentation for this?
>
> not %100 sure i understand your question - are you asking how CORS (Cross
> Origin Resource Sharing) is implemented?  Cross Site Scripting (xss) is
> something browsers actively mitigate against so I'm a little confused I
> guess.

To sort of clarify this. We have Server Side Code which translates into HTML,
Now You Know the Orgin. Then You use Same Orgin policy within your browse
implementation after that.

> fwiw here's the moz docs on CORS which I think covers how it helps prevent
> XSS attacks while still allowing the browser to run code from multiple
> origins in a sorta-semi-but-probably-not-really-in-practice manner:

This document makes it more difficult to understand basic concepts. It
for Instance
says that XMLHttpRequest used Same Origin policy. But As you said it is not
practical.

> https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
>
> -pete
>
> --
> Pete Wright
> pete at nomadlogic.org
> @nomadlogicLA
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From kmsujit at gmail.com  Sun Dec 17 00:54:53 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Sun, 17 Dec 2017 11:24:53 +0530
Subject: [talk] Golang and Platform Independence
Message-ID: <CA+6mNequx=fqPiq-xP54LjTktkbC743b27QPydFDxz-DpC_93g@mail.gmail.com>

Hi All,

Golang does allow you to build executable. But it allows you to
run the go program as an script. Below some of the commands
that can be used in a document I had refered. What I found was
that go can generate code on other platforms. So is my assumption
correct it can run on platforms that don't support the go program as such.

https://www.digitalocean.com/community/tutorials/how-to-build-go-executables-for-multiple-platforms-on-ubuntu-16-04

https://gobyexample.com/hello-world

Regards,
Sujit K M



From bcully at gmail.com  Sun Dec 17 07:28:22 2017
From: bcully at gmail.com (Brian Cully)
Date: Sun, 17 Dec 2017 07:28:22 -0500
Subject: [talk] Golang and Platform Independence
In-Reply-To: <CA+6mNequx=fqPiq-xP54LjTktkbC743b27QPydFDxz-DpC_93g@mail.gmail.com>
References: <CA+6mNequx=fqPiq-xP54LjTktkbC743b27QPydFDxz-DpC_93g@mail.gmail.com>
Message-ID: <CANtshGkjvKaLcFDcq_H62DzdpmNFuhJ_wVhKFmiWmgHeuZtt0A@mail.gmail.com>

On December 17, 2017 at 00:55:32, Sujit K M (kmsujit at gmail.com) wrote:
> Golang does allow you to build executable. But it allows you to
> run the go program as an script. Below some of the commands
> that can be used in a document I had refered. What I found was
> that go can generate code on other platforms. So is my assumption
> correct it can run on platforms that don't support the go program as such.

	Go does this by installing its own source code and cross-compiling
it[1], so there?s no difference between it and, say, GCC, which can
also cross-compile. Or perl, which supports a tremendous number of
platforms. There?s really nothing special about it. You still need
compiler support for the target platform.

	FWIW, this has been baked into the Go distribution for some time ? no
need for compiling from source any more.

-bjc

[1] I?m not sure why it needs to have its own source code around for
this. I can only assume it?s some kind of space-saving measure so you
don?t install a bunch of intermediate files for platforms you?re never
going to compile for, and instead it builds them only when needed at
least once. As with many decisions by Go, it?s an odd one; it?s not
like there aren?t other ways of accommodating that goal that have been
tried and used successfully for decades which work better.



From kmsujit at gmail.com  Sun Dec 17 08:30:19 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Sun, 17 Dec 2017 19:00:19 +0530
Subject: [talk] Golang and Platform Independence
In-Reply-To: <CANtshGkjvKaLcFDcq_H62DzdpmNFuhJ_wVhKFmiWmgHeuZtt0A@mail.gmail.com>
References: <CA+6mNequx=fqPiq-xP54LjTktkbC743b27QPydFDxz-DpC_93g@mail.gmail.com>
 <CANtshGkjvKaLcFDcq_H62DzdpmNFuhJ_wVhKFmiWmgHeuZtt0A@mail.gmail.com>
Message-ID: <CA+6mNeqUmjjOpUZtKzLpJbN=H4K-oTaLowjYdyB9MqxN955P9w@mail.gmail.com>

On Sun, Dec 17, 2017 at 5:58 PM, Brian Cully <bcully at gmail.com> wrote:
> On December 17, 2017 at 00:55:32, Sujit K M (kmsujit at gmail.com) wrote:
>> Golang does allow you to build executable. But it allows you to
>> run the go program as an script. Below some of the commands
>> that can be used in a document I had refered. What I found was
>> that go can generate code on other platforms. So is my assumption
>> correct it can run on platforms that don't support the go program as such.
>
>         Go does this by installing its own source code and cross-compiling
> it[1], so there?s no difference between it and, say, GCC, which can

I find it different from GCC for example does not look a specific language or
target. It compiles C/Assembly might be even C++. Where as the Golang set
of compilers don't depend on architecture for example as it is compiling an
go program.

>         FWIW, this has been baked into the Go distribution for some time ? no
> need for compiling from source any more.

Yeah but my original question is whether we can compile it to a target where the
go program is not run as an script.



From ike at blackskyresearch.net  Mon Dec 18 15:39:47 2017
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Mon, 18 Dec 2017 15:39:47 -0500
Subject: [talk] Holidaze, AWS, and astounding "clock drift outage"
Message-ID: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com>

Hi All,

A bit OT from the pit of internet hell, but perhaps of interest to folks
here: This weekend AWS has been doling out a disruption of service of
the worst kind, clock skew insanity.  And when I say insanity, I mean
true madness.

(For those who don't know me, this loathsome cloud infrastructure is
something I'm paid to use, not tech I think is great or even acceptable
for many uses, and I'm not engaging any "lets argue the value of the
cloud" here today.)

Is anyone else experiencing the clock/drift issue and have interesting
notes to share?


--
BIZARRE:
Clocks drifiting up to 7-9min.  Clocks drifting so fast that ntpdate and
rdate can't even "set the time"*.
Clocks drifting past ~5min window means that cryptographic network
operations in our world fail outright, (ssl/tls and http services).
Driftfile worthless- the drifting appears non-determinstic, we have
found no apparent pattern on analysis.
New instances coming up with clocks that are *years* in the past.  ntpd
freak out when trying to handle that at boot.

First, we thought the problem was skew, so we put in the ntpdate run
ahead of ntp start- that settled things for a bit.  Then 90min later,
hosts were drifting past 5min- NTP was reporting offsets of between
3k-45k and jitter of between 2k-60k on the *second and subsequent
polls*.

Just to keep systems functioning, we've got a cron job running every
15min (ironic) to restart ntpd.

--
AWS ACKNOWLEDGEMENT:

AWS is infamous for burrying outages in marketing material, so not a lot
to go on here.  Look, all green:
https://status.aws.amazon.com/
We have loose ack from AWS, mostly in the form of other customers
posting to AWS forums from their support tickets, like this:
https://forums.aws.amazon.com/thread.jspa?messageID=819947

Furthermore, AWS support contracts have nasty NDA's precluding customers
from sharing information from support tickets.  Therefore, companies
like mine cannot get much from support- because we'd be in breach of
contract for merely telling our own customers about an AWS outage- let
alone any technical details they'd provide.  So, companies like mine
can't get technical support contracts from AWS. (Of course I can neither
confirm nor deny if this is the case for my employ).
No worries though, after living with AWS technical support elsewhere,
it's abysmal and nearly useless anyhow.

--
USERLAND EFFECTS OF THIS INSANITY:

We don't see things happening which would indicate CPU cycles are being
affected, just userland notions of time.  So, this makes 2 distinct
problems we see:
- Applications which rely on time, e.g. "do this at that time" are
completely hozed.  Less noticable with cron, totally happening with our
own apps.
- As mentioned above, cryptographic operations are so compromised they
outright fail when the clocks drift up over 5 min.

--
RANT ON THE PARADE OF THE AMATEUR, (possible root cause, AWS lit up some
chronyc!)

Looks like some fool decided they can do better than ntpd, specifically
for AWS.  Named 'chrony' or 'chronyc' on some platforms.
https://aws.amazon.com/about-aws/whats-new/2017/11/introducing-the-amazon-time-sync-service/
Some of the mind-blowingly bad decisions in here:
- deploy/announce an AWS-custom NTP daemon just weeks before Christmas
shopping crunch!  (What could possibly go wrong.)
- deploy/announce an AWS-custom NTP daemon in the first place,  (Ask
PHK, he makes NTP look easy!)
- keep using the NTP protocol, but abandon existing software, /facepalm

Now here's where it gets even more interesting,
<http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html>,
where we learn:
- "The Amazon Time Sync Service is available through NTP at the
169.254.169.123 IP address for any instance running in a VPC. Your
instance does not require access to the internet, and you do not have to
configure your security group rules or your network ACL rules to allow
access...."
That's right- beyond userland config massaging, they appear to have
forced global whitelisting of UDP to that single IP address across your
hand-built VPC ACL's.  (What could go wrong there.)

I don't think chronyc itself is the problem, but that they are smoking
crack over there at AWS.

--
So, as my team hobbles along today, does anyone else have any anectodal
stories to share on this one?
-  comment on the mechanics of cryptographic operations and time?
- root causes?
- any peek into actual technial detail, (kernel/hypervisors/drift?)
- impact to the GDP?

Best,
.ike



From pvarga at pvrg.net  Mon Dec 18 16:30:20 2017
From: pvarga at pvrg.net (Peter Varga)
Date: Mon, 18 Dec 2017 21:30:20 +0000
Subject: [talk] Holidaze, AWS, and astounding "clock drift outage"
In-Reply-To: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com>
References: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com>
Message-ID: <1513632620.2463424.1209262592.06DE8435@webmail.messagingengine.com>

You can consider it a lucky outcome versus a full guest os crash.  File
I/o and network I/o related operations are also done with never mind
expecting crypto to hold up

One solution for example fedora has packages to use the hosts time
instead the vm.  FreeBSD seems to work just fine and syncing to
host?s time.

On Mon, Dec 18, 2017, at 20:39, Isaac (.ike) Levy wrote:
> Hi All,
>
> A bit OT from the pit of internet hell, but perhaps of interest
> to folks> here: This weekend AWS has been doling out a disruption of service of> the worst kind, clock skew insanity.  And when I say insanity, I mean> true madness.
>
> (For those who don't know me, this loathsome cloud infrastructure is
> something I'm paid to use, not tech I think is great or even
> acceptable> for many uses, and I'm not engaging any "lets argue the value of the
> cloud" here today.)
>
> Is anyone else experiencing the clock/drift issue and have interesting> notes to share?
>
>
> --
> BIZARRE:
> Clocks drifiting up to 7-9min.  Clocks drifting so fast that
> ntpdate and> rdate can't even "set the time"*.
> Clocks drifting past ~5min window means that cryptographic network
> operations in our world fail outright, (ssl/tls and http services).
> Driftfile worthless- the drifting appears non-determinstic, we have
> found no apparent pattern on analysis.
> New instances coming up with clocks that are *years* in the
> past.  ntpd> freak out when trying to handle that at boot.
>
> First, we thought the problem was skew, so we put in the ntpdate run
> ahead of ntp start- that settled things for a bit.  Then 90min later,> hosts were drifting past 5min- NTP was reporting offsets of between
> 3k-45k and jitter of between 2k-60k on the *second and subsequent
> polls*.
>
> Just to keep systems functioning, we've got a cron job running every
> 15min (ironic) to restart ntpd.
>
> --
> AWS ACKNOWLEDGEMENT:
>
> AWS is infamous for burrying outages in marketing material, so
> not a lot> to go on here.  Look, all green:
> https://status.aws.amazon.com/
> We have loose ack from AWS, mostly in the form of other customers
> posting to AWS forums from their support tickets, like this:
> https://forums.aws.amazon.com/thread.jspa?messageID=819947
>
> Furthermore, AWS support contracts have nasty NDA's precluding
> customers> from sharing information from support tickets.  Therefore, companies
> like mine cannot get much from support- because we'd be in breach of
> contract for merely telling our own customers about an AWS outage- let> alone any technical details they'd provide.  So, companies like mine
> can't get technical support contracts from AWS. (Of course I
> can neither> confirm nor deny if this is the case for my employ).
> No worries though, after living with AWS technical support elsewhere,> it's abysmal and nearly useless anyhow.
>
> --
> USERLAND EFFECTS OF THIS INSANITY:
>
> We don't see things happening which would indicate CPU cycles
> are being> affected, just userland notions of time.  So, this makes 2 distinct
> problems we see:
> - Applications which rely on time, e.g. "do this at that time" are
> completely hozed.  Less noticable with cron, totally happening
> with our> own apps.
> - As mentioned above, cryptographic operations are so compromised they> outright fail when the clocks drift up over 5 min.
>
> --
> RANT ON THE PARADE OF THE AMATEUR, (possible root cause, AWS
> lit up some> chronyc!)
>
> Looks like some fool decided they can do better than ntpd,
> specifically> for AWS.  Named 'chrony' or 'chronyc' on some platforms.
> https://aws.amazon.com/about-aws/whats-new/2017/11/introducing-the-amazon-time-sync-service/> Some of the mind-blowingly bad decisions in here:
> - deploy/announce an AWS-custom NTP daemon just weeks before Christmas> shopping crunch!  (What could possibly go wrong.)
> - deploy/announce an AWS-custom NTP daemon in the first place,  (Ask
> PHK, he makes NTP look easy!)
> - keep using the NTP protocol, but abandon existing software,
>   /facepalm>
> Now here's where it gets even more interesting,
> <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html>,
> where we learn:
> - "The Amazon Time Sync Service is available through NTP at the
> 169.254.169.123 IP address for any instance running in a VPC. Your
> instance does not require access to the internet, and you do
> not have to> configure your security group rules or your network ACL rules to allow> access...."
> That's right- beyond userland config massaging, they appear to have
> forced global whitelisting of UDP to that single IP address
> across your> hand-built VPC ACL's.  (What could go wrong there.)
>
> I don't think chronyc itself is the problem, but that they are smoking> crack over there at AWS.
>
> --
> So, as my team hobbles along today, does anyone else have any
> anectodal> stories to share on this one?
> -  comment on the mechanics of cryptographic operations and time?
> - root causes?
> - any peek into actual technial detail, (kernel/hypervisors/drift?)
> - impact to the GDP?
>
> Best,
> .ike
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171218/637b9ad7/attachment.htm>

From pvarga at pvrg.net  Mon Dec 18 16:51:23 2017
From: pvarga at pvrg.net (Peter Varga)
Date: Mon, 18 Dec 2017 21:51:23 +0000
Subject: [talk] Holidaze, AWS, and astounding "clock drift outage"
In-Reply-To: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com>
References: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com>
Message-ID: <1513633883.2469437.1209283896.5DE04C2B@webmail.messagingengine.com>

Once Time is off by years or even just months ntpdate may fail due to ip
problems, more obvious ntp over tcp.  Yes date is the only command to
bring it close enough so ntp can work.  The ironic or chrony 15 mins
ntpdate may just time out and never correct.

On Mon, Dec 18, 2017, at 20:39, Isaac (.ike) Levy wrote:
> Hi All,
>
> A bit OT from the pit of internet hell, but perhaps of interest
> to folks> here: This weekend AWS has been doling out a disruption of service of> the worst kind, clock skew insanity.  And when I say insanity, I mean> true madness.
>
> (For those who don't know me, this loathsome cloud infrastructure is
> something I'm paid to use, not tech I think is great or even
> acceptable> for many uses, and I'm not engaging any "lets argue the value of the
> cloud" here today.)
>
> Is anyone else experiencing the clock/drift issue and have interesting> notes to share?
>
>
> --
> BIZARRE:
> Clocks drifiting up to 7-9min.  Clocks drifting so fast that
> ntpdate and> rdate can't even "set the time"*.
> Clocks drifting past ~5min window means that cryptographic network
> operations in our world fail outright, (ssl/tls and http services).
> Driftfile worthless- the drifting appears non-determinstic, we have
> found no apparent pattern on analysis.
> New instances coming up with clocks that are *years* in the
> past.  ntpd> freak out when trying to handle that at boot.
>
> First, we thought the problem was skew, so we put in the ntpdate run
> ahead of ntp start- that settled things for a bit.  Then 90min later,> hosts were drifting past 5min- NTP was reporting offsets of between
> 3k-45k and jitter of between 2k-60k on the *second and subsequent
> polls*.
>
> Just to keep systems functioning, we've got a cron job running every
> 15min (ironic) to restart ntpd.
>
> --
> AWS ACKNOWLEDGEMENT:
>
> AWS is infamous for burrying outages in marketing material, so
> not a lot> to go on here.  Look, all green:
> https://status.aws.amazon.com/
> We have loose ack from AWS, mostly in the form of other customers
> posting to AWS forums from their support tickets, like this:
> https://forums.aws.amazon.com/thread.jspa?messageID=819947
>
> Furthermore, AWS support contracts have nasty NDA's precluding
> customers> from sharing information from support tickets.  Therefore, companies
> like mine cannot get much from support- because we'd be in breach of
> contract for merely telling our own customers about an AWS outage- let> alone any technical details they'd provide.  So, companies like mine
> can't get technical support contracts from AWS. (Of course I
> can neither> confirm nor deny if this is the case for my employ).
> No worries though, after living with AWS technical support elsewhere,> it's abysmal and nearly useless anyhow.
>
> --
> USERLAND EFFECTS OF THIS INSANITY:
>
> We don't see things happening which would indicate CPU cycles
> are being> affected, just userland notions of time.  So, this makes 2 distinct
> problems we see:
> - Applications which rely on time, e.g. "do this at that time" are
> completely hozed.  Less noticable with cron, totally happening
> with our> own apps.
> - As mentioned above, cryptographic operations are so compromised they> outright fail when the clocks drift up over 5 min.
>
> --
> RANT ON THE PARADE OF THE AMATEUR, (possible root cause, AWS
> lit up some> chronyc!)
>
> Looks like some fool decided they can do better than ntpd,
> specifically> for AWS.  Named 'chrony' or 'chronyc' on some platforms.
> https://aws.amazon.com/about-aws/whats-new/2017/11/introducing-the-amazon-time-sync-service/> Some of the mind-blowingly bad decisions in here:
> - deploy/announce an AWS-custom NTP daemon just weeks before Christmas> shopping crunch!  (What could possibly go wrong.)
> - deploy/announce an AWS-custom NTP daemon in the first place,  (Ask
> PHK, he makes NTP look easy!)
> - keep using the NTP protocol, but abandon existing software,
>   /facepalm>
> Now here's where it gets even more interesting,
> <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html>,
> where we learn:
> - "The Amazon Time Sync Service is available through NTP at the
> 169.254.169.123 IP address for any instance running in a VPC. Your
> instance does not require access to the internet, and you do
> not have to> configure your security group rules or your network ACL rules to allow> access...."
> That's right- beyond userland config massaging, they appear to have
> forced global whitelisting of UDP to that single IP address
> across your> hand-built VPC ACL's.  (What could go wrong there.)
>
> I don't think chronyc itself is the problem, but that they are smoking> crack over there at AWS.
>
> --
> So, as my team hobbles along today, does anyone else have any
> anectodal> stories to share on this one?
> -  comment on the mechanics of cryptographic operations and time?
> - root causes?
> - any peek into actual technial detail, (kernel/hypervisors/drift?)
> - impact to the GDP?
>
> Best,
> .ike
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171218/dd568783/attachment.htm>

From ike at blackskyresearch.net  Tue Dec 19 09:25:15 2017
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Tue, 19 Dec 2017 09:25:15 -0500
Subject: [talk] simple crypto question
Message-ID: <1513693515.1562150.1210026768.4DE1C360@webmail.messagingengine.com>

Hey All,

So regarding time and cryptographic integrity-

Does anyone have any good examples for how network crypto can be compromised because of hosts with bad timekeeping?

Urls or incoherent sentences requiring search even appreciated...

Thanks!

Best,
.ike



From _ at thomaslevine.com  Tue Dec 19 09:40:00 2017
From: _ at thomaslevine.com (Thomas Levine)
Date: Tue, 19 Dec 2017 14:40:00 +0000
Subject: [talk] simple crypto question
In-Reply-To: <1513693515.1562150.1210026768.4DE1C360@webmail.messagingengine.com>
References: <1513693515.1562150.1210026768.4DE1C360@webmail.messagingengine.com>
Message-ID: <20171219144004.509037E3D8@mailuser.nyi.internal>

Dunno enough about cryptography to say anything interesting. So the only
thing that comes to mind is replay of a time-based one-time password
(such as RFC 6238), though you still need to get the time and password.



From njt at ayvali.org  Tue Dec 19 17:07:57 2017
From: njt at ayvali.org (N.J. Thomas)
Date: Tue, 19 Dec 2017 14:07:57 -0800
Subject: [talk] opnsense box for home: APU2 or something else?
Message-ID: <20171219220757.GG48961@ayvali.org>

Looking to pull the trigger on an OPNSense box for home. Cheap and low
power are probably my two main requirements. 

Currently eyeing the APU2, which looks to be about $190. If anyone's got
any other suggestions, I would love to hear it.

Thomas



From george at ceetonetechnology.com  Tue Dec 19 17:54:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Tue, 19 Dec 2017 22:54:00 +0000
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <20171219220757.GG48961@ayvali.org>
References: <20171219220757.GG48961@ayvali.org>
Message-ID: <92c2d108-afb7-1fb6-92df-3d50966f94e7@ceetonetechnology.com>

N.J. Thomas:
> Looking to pull the trigger on an OPNSense box for home. Cheap and low
> power are probably my two main requirements. 
> 
> Currently eyeing the APU2, which looks to be about $190. If anyone's got
> any other suggestions, I would love to hear it.
> 

Not to jump into the vendor game, but $190 is high.

http://pcengines.ch/newshop.php?c=4

g



From jim at netgate.com  Tue Dec 19 18:16:18 2017
From: jim at netgate.com (Jim Thompson)
Date: Tue, 19 Dec 2017 17:16:18 -0600
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <92c2d108-afb7-1fb6-92df-3d50966f94e7@ceetonetechnology.com>
References: <20171219220757.GG48961@ayvali.org>
 <92c2d108-afb7-1fb6-92df-3d50966f94e7@ceetonetechnology.com>
Message-ID: <8F73D52D-EA67-4142-8CB7-EFBFC7C646AF@netgate.com>



> On Dec 19, 2017, at 4:54 PM, George Rosamond <george at ceetonetechnology.com> wrote:
> 
> N.J. Thomas:
>> Looking to pull the trigger on an OPNSense box for home. Cheap and low
>> power are probably my two main requirements. 
>> 
>> Currently eyeing the APU2, which looks to be about $190. If anyone's got
>> any other suggestions, I would love to hear it.
>> 
> 
> Not to jump into the vendor game, but $190 is high.
> 
> http://pcengines.ch/newshop.php?c=4

Vendor game?  I?ll jump.  ;-)

I agree with George that $190 is high.  APU2C4: $128. case1Du $9.60 + PS $4.40 + 16GB m-sata $17.80 is all of $160 before shipping.

Yes, you can do it for less with a 2GB board, SD card, etc.

That said, to be a ?vendor' someone has to pay to ship the incoming goods, assemble them, load software, and pay for ?invisibles? normally known as carrying costs.

When it?s done, here isn?t much left to be a ?vendor? at $190 when the list price of the parts (above) is $160.

Yes, PC Engines gives some discount if you?re buying volume, but it?s not as much (or rather no longer as much) as you might think, and you?re already at a bit less than 19% ?mark-up? to pay for 
all the indirect costs.

In direct answer to Mr. Thomas:

A lot of the pfSense community are buying/building Qotom now. Sources for same are all over both the pfSense and OPNsense forums.  Qotom.net if you can?t find them otherwise.

Anyway, someday (maybe soon), I?ll finish the port of pfSense to the espresso.bin.  Much less expensive and low-power than the APU.

Jim



From njt at ayvali.org  Tue Dec 19 20:43:55 2017
From: njt at ayvali.org (N.J. Thomas)
Date: Tue, 19 Dec 2017 17:43:55 -0800
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <8F73D52D-EA67-4142-8CB7-EFBFC7C646AF@netgate.com>
References: <20171219220757.GG48961@ayvali.org>
 <92c2d108-afb7-1fb6-92df-3d50966f94e7@ceetonetechnology.com>
 <8F73D52D-EA67-4142-8CB7-EFBFC7C646AF@netgate.com>
Message-ID: <20171220014355.GH48961@ayvali.org>

* Jim Thompson <jim at netgate.com> [2017-12-19 17:16:18-0600]:
> I agree with George that $190 is high.  APU2C4: $128. case1Du $9.60 +
> PS $4.40 + 16GB m-sata $17.80 is all of $160 before shipping.
> 
> Yes, you can do it for less with a 2GB board, SD card, etc.

Hi Jim,

I had mentioned it to George on IRC, but yeah, I roughly spec'd it out
on PC Engines, but I calculated with the apu3b4 msata60b, and SD card
which accounted for the difference in price. (I was doing some very
rough calculations without thinking it through.)

But I think everyone is pretty much in agreement that this is the vendor
to go with, so I'll pull the trigger on this soon.

Thomas



From mark.saad at ymail.com  Tue Dec 19 21:29:12 2017
From: mark.saad at ymail.com (Mark Saad)
Date: Wed, 20 Dec 2017 02:29:12 +0000 (UTC)
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <92c2d108-afb7-1fb6-92df-3d50966f94e7@ceetonetechnology.com>
References: <20171219220757.GG48961@ayvali.org>
 <92c2d108-afb7-1fb6-92df-3d50966f94e7@ceetonetechnology.com>
Message-ID: <68530918.1553336.1513736952183@mail.yahoo.com>




________________________________
From: George Rosamond <george at ceetonetechnology.com>
To: talk at lists.nycbug.org 
Sent: Tuesday, December 19, 2017 5:54 PM
Subject: Re: [talk] opnsense box for home: APU2 or something else?



N.J. Thomas:
> Looking to pull the trigger on an OPNSense box for home. Cheap and low
> power are probably my two main requirements. 
> 
> Currently eyeing the APU2, which looks to be about $190. If anyone's got
> any other suggestions, I would love to hear it.
> 

Not to jump into the vendor game, but $190 is high.

http://pcengines.ch/newshop.php?c=4


g


How low can you go

Check out the used hp t610 thin client 25 - 40 bucks
https://www.ebay.com/p/HP-T610-Thin-Client-Units/1766188673

Dual core 64Bit cpu 4G ram and 16Gssd with 1G bge nic. both pci-e and compact pci-e . 

I have also used the t5630 and t5620 . If you dont want to run OpenSense all of the models
work well with NetBSD and OpenBSD as well. 






-- Mark Saad mark.saad at ymail.com


_______________________________________________talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk



From ike at blackskyresearch.net  Wed Dec 20 09:21:32 2017
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Wed, 20 Dec 2017 09:21:32 -0500
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <20171219220757.GG48961@ayvali.org>
References: <20171219220757.GG48961@ayvali.org>
Message-ID: <1513779692.4191423.1211198616.2E7CA343@webmail.messagingengine.com>

Hey There Thomas,

On Tue, Dec 19, 2017, at 5:07 PM, N.J. Thomas wrote:
> Looking to pull the trigger on an OPNSense box for home. Cheap and low
> power are probably my two main requirements.

w00t!
 
> 
> Currently eyeing the APU2, which looks to be about $190. If anyone's got
> any other suggestions, I would love to hear it.

Disclaimer for my ramble: I'm not a vendor, and don't work for PCEngines- but I am pretty biased.  After all of Pascal's donations to the *BSD universe over the years, I really love those folks and their gear- and I certainly do love my OPNSense systems.
Apologies in advance for not quite answering your question about alt hw:

OPNSense (and any FreeBSD) will run on nearly anything with >1 network interface, and there's certainly lots of small gear out there.  Yet, for a solid small GigE router, I highly recommend the APU2 boards from PCEngines, for a couple reasons:

- They are perhaps the smallest low-power box which allows all the big features of OPNSense.  Depending on your application, you may not want/need these features, and *way* smaller hardware is totally acceptable!

- MSATA slot, and cheap SSD's....  If you wish to use the OPNSense onboard Netflow traffic analysis tools <https://wiki.opnsense.org/manual/netflow.html>, or any of the anti-malware IDS/IPS rulesets, <https://wiki.opnsense.org/manual/ips.html>: you simply need some fast onboard disk to store netflows.  For this case, the APU2 boards come at an excellent price point, (their 20Gb SSD is quite reasonably priced, and way more than enough space).  These are *absolutely* features which are a no-go for systems using flash based media, not only because of speed, but burning them out with writes capturing all that network i/o.

- Plenty of CPU/Mem for other fun, and the GigE NICS are well supported by FreeBSD.

- The boards are really flexible- little things like slightly variable power requirements make it so that many wall-warts in a drawer will happily power the board, (within bounds).  This has saved my tail after power surges and the like.

- The boards are super solid.  I've been through nearly 100 APU series boards, and never have I received a dead one- (ALIX either), and knock on wood, none I own or manage have died.  I'm having a better run that I did with Soekris back in the day, but I remember only 1 board which came DOA, (and Soekris gear was high quality as well- I loved that gear too).

- Open Hardware, which I care a *lot* about.  The full hardware design spec is online, and PCEngines has been very nice answering specific details about chips on the board, etc...  In a world of hardware-compromised blackbox machines, this model is terribly important to me- how can one build securable networks with mystery stuff in the hardware?

Those are the things that matter to me, at home, and in applied use professionally.

--
As an aside, (not quite what you want), I've also built out slightly larger systems using Lanner hardware, http://www.lannerinc.com/ - basically just larger boxes than PCEngines, (more GigE NICS, for my applied use).  More expensive than PCEngines, but comparing per-port pricing in a build it's on par with PCEngines.  Hard part, their raw gear is hard to get- they sell mostly to VARS and don't do retail.
But, as an alternative, I've had similarly rock-solid experiences with this gear and OPNSense, (sized just below getting into big stuff with commodity server hardware).

Best,
.ike

 
> 
> Thomas
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From kmsujit at gmail.com  Wed Dec 20 09:53:27 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Wed, 20 Dec 2017 20:23:27 +0530
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <CA+6mNerLhVmu8-=c9iNCbmHm_iDX5Fvz_QAkGD+00mQ6-HeRsw@mail.gmail.com>
References: <20171219220757.GG48961@ayvali.org>
 <1513779692.4191423.1211198616.2E7CA343@webmail.messagingengine.com>
 <CA+6mNerLhVmu8-=c9iNCbmHm_iDX5Fvz_QAkGD+00mQ6-HeRsw@mail.gmail.com>
Message-ID: <CA+6mNeo5pWDBL0_AnwMedA9_TnbgCbUgq6jYHZE_33hpXJMQzw@mail.gmail.com>

On Dec 20, 2017 7:52 PM, "Isaac (.ike) Levy" <ike at blackskyresearch.net>
wrote:

Hey There Thomas,

On Tue, Dec 19, 2017, at 5:07 PM, N.J. Thomas wrote:
> Looking to pull the trigger on an OPNSense box for home. Cheap and low
> power are probably my two main requirements.

w00t!

>
> Currently eyeing the APU2, which looks to be about $190. If anyone's got
> any other suggestions, I would love to hear it.

Disclaimer for my ramble: I'm not a vendor, and don't work for PCEngines-
but I am pretty biased.  After all of Pascal's donations to the *BSD
universe over the years, I really love those folks and their gear- and I
certainly do love my OPNSense systems.
Apologies in advance for not quite answering your question about alt hw:

OPNSense (and any FreeBSD) will run on nearly anything with >1 network
interface, and there's certainly lots of small gear out there.  Yet, for a
solid small GigE router, I highly recommend the APU2 boards from PCEngines,
for a couple reasons:

- They are perhaps the smallest low-power box which allows all the big
features of OPNSense.  Depending on your application, you may not want/need
these features, and *way* smaller hardware is totally acceptable!

- MSATA slot, and cheap SSD's....  If you wish to use the OPNSense onboard
Netflow traffic analysis tools <https://wiki.opnsense.org/
manual/netflow.html>, or any of the anti-malware IDS/IPS rulesets, <
https://wiki.opnsense.org/manual/ips.html>: you simply need some fast
onboard disk to store netflows.  For this case, the APU2 boards come at an
excellent price point, (their 20Gb SSD is quite reasonably priced, and way
more than enough space).  These are *absolutely* features which are a no-go
for systems using flash based media, not only because of speed, but burning
them out with writes capturing all that network i/o.

- Plenty of CPU/Mem for other fun, and the GigE NICS are well supported by
FreeBSD.

- The boards are really flexible- little things like slightly variable
power requirements make it so that many wall-warts in a drawer will happily
power the board, (within bounds).  This has saved my tail after power
surges and the like.

- The boards are super solid.  I've been through nearly 100 APU series
boards, and never have I received a dead one- (ALIX either), and knock on
wood, none I own or manage have died.  I'm having a better run that I did
with Soekris back in the day, but I remember only 1 board which came DOA,
(and Soekris gear was high quality as well- I loved that gear too).

- Open Hardware, which I care a *lot* about.  The full hardware design spec
is online, and PCEngines has been very nice answering specific details
about chips on the board, etc...  In a world of hardware-compromised
blackbox machines, this model is terribly important to me- how can one
build securable networks with mystery stuff in the hardware?

Those are the things that matter to me, at home, and in applied use
professionally.

--
As an aside, (not quite what you want), I've also built out slightly larger
systems using Lanner hardware, http://www.lannerinc.com/ - basically just
larger boxes than PCEngines, (more GigE NICS, for my applied use).  More
expensive than PCEngines, but comparing per-port pricing in a build it's on
par with PCEngines.  Hard part, their raw gear is hard to get- they sell
mostly to VARS and don't do retail.
But, as an alternative, I've had similarly rock-solid experiences with this
gear and OPNSense, (sized just below getting into big stuff with commodity
server hardware).

Best,
.ike


>
> Thomas
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk


What is the purpose? If it is just home network ing. There are branded
one's like D-Link.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171220/49efa3b7/attachment.htm>

From okan at demirmen.com  Wed Dec 20 11:10:31 2017
From: okan at demirmen.com (Okan Demirmen)
Date: Wed, 20 Dec 2017 11:10:31 -0500
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <CA+6mNeo5pWDBL0_AnwMedA9_TnbgCbUgq6jYHZE_33hpXJMQzw@mail.gmail.com>
References: <20171219220757.GG48961@ayvali.org>
 <1513779692.4191423.1211198616.2E7CA343@webmail.messagingengine.com>
 <CA+6mNerLhVmu8-=c9iNCbmHm_iDX5Fvz_QAkGD+00mQ6-HeRsw@mail.gmail.com>
 <CA+6mNeo5pWDBL0_AnwMedA9_TnbgCbUgq6jYHZE_33hpXJMQzw@mail.gmail.com>
Message-ID: <CACs0eVTyfiPGZ_da4S-obd+0bjtq1oshBhcEgnZz6XWQP3X--w@mail.gmail.com>

On Wed, Dec 20, 2017 at 9:53 AM, Sujit K M <kmsujit at gmail.com> wrote:
>
> On Dec 20, 2017 7:52 PM, "Isaac (.ike) Levy" <ike at blackskyresearch.net>
> wrote:
>
> Hey There Thomas,
>
> On Tue, Dec 19, 2017, at 5:07 PM, N.J. Thomas wrote:
>> Looking to pull the trigger on an OPNSense box for home. Cheap and low
>> power are probably my two main requirements.
>
> w00t!
>
>>
>> Currently eyeing the APU2, which looks to be about $190. If anyone's got
>> any other suggestions, I would love to hear it.
>
> Disclaimer for my ramble: I'm not a vendor, and don't work for PCEngines-
> but I am pretty biased.  After all of Pascal's donations to the *BSD
> universe over the years, I really love those folks and their gear- and I
> certainly do love my OPNSense systems.
> Apologies in advance for not quite answering your question about alt hw:
>
> OPNSense (and any FreeBSD) will run on nearly anything with >1 network
> interface, and there's certainly lots of small gear out there.  Yet, for a
> solid small GigE router, I highly recommend the APU2 boards from PCEngines,
> for a couple reasons:
>
> - They are perhaps the smallest low-power box which allows all the big
> features of OPNSense.  Depending on your application, you may not want/need
> these features, and *way* smaller hardware is totally acceptable!
>
> - MSATA slot, and cheap SSD's....  If you wish to use the OPNSense onboard
> Netflow traffic analysis tools
> <https://wiki.opnsense.org/manual/netflow.html>, or any of the anti-malware
> IDS/IPS rulesets, <https://wiki.opnsense.org/manual/ips.html>: you simply
> need some fast onboard disk to store netflows.  For this case, the APU2
> boards come at an excellent price point, (their 20Gb SSD is quite reasonably
> priced, and way more than enough space).  These are *absolutely* features
> which are a no-go for systems using flash based media, not only because of
> speed, but burning them out with writes capturing all that network i/o.
>
> - Plenty of CPU/Mem for other fun, and the GigE NICS are well supported by
> FreeBSD.
>
> - The boards are really flexible- little things like slightly variable power
> requirements make it so that many wall-warts in a drawer will happily power
> the board, (within bounds).  This has saved my tail after power surges and
> the like.
>
> - The boards are super solid.  I've been through nearly 100 APU series
> boards, and never have I received a dead one- (ALIX either), and knock on
> wood, none I own or manage have died.  I'm having a better run that I did
> with Soekris back in the day, but I remember only 1 board which came DOA,
> (and Soekris gear was high quality as well- I loved that gear too).
>
> - Open Hardware, which I care a *lot* about.  The full hardware design spec
> is online, and PCEngines has been very nice answering specific details about
> chips on the board, etc...  In a world of hardware-compromised blackbox
> machines, this model is terribly important to me- how can one build
> securable networks with mystery stuff in the hardware?
>
> Those are the things that matter to me, at home, and in applied use
> professionally.
>
> --
> As an aside, (not quite what you want), I've also built out slightly larger
> systems using Lanner hardware, http://www.lannerinc.com/ - basically just
> larger boxes than PCEngines, (more GigE NICS, for my applied use).  More
> expensive than PCEngines, but comparing per-port pricing in a build it's on
> par with PCEngines.  Hard part, their raw gear is hard to get- they sell
> mostly to VARS and don't do retail.
> But, as an alternative, I've had similarly rock-solid experiences with this
> gear and OPNSense, (sized just below getting into big stuff with commodity
> server hardware).
>
> Best,
> .ike
>
>
>>
>> Thomas
>
> What is the purpose? If it is just home network ing. There are branded one's
> like D-Link.

I believe the purpose above is to avoid all that crap.



From _ at thomaslevine.com  Wed Dec 20 12:32:55 2017
From: _ at thomaslevine.com (Thomas Levine)
Date: Wed, 20 Dec 2017 17:32:55 +0000
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <CACs0eVTyfiPGZ_da4S-obd+0bjtq1oshBhcEgnZz6XWQP3X--w@mail.gmail.com>
References: <20171219220757.GG48961@ayvali.org>
 <1513779692.4191423.1211198616.2E7CA343@webmail.messagingengine.com>
 <CA+6mNerLhVmu8-=c9iNCbmHm_iDX5Fvz_QAkGD+00mQ6-HeRsw@mail.gmail.com>
 <CA+6mNeo5pWDBL0_AnwMedA9_TnbgCbUgq6jYHZE_33hpXJMQzw@mail.gmail.com>
 <CACs0eVTyfiPGZ_da4S-obd+0bjtq1oshBhcEgnZz6XWQP3X--w@mail.gmail.com>
Message-ID: <20171220173349.6AC4A7E2E6@mailuser.nyi.internal>

This reminds me of something I have been wondering.

I recently purchased three routers that are compatible with dd-wrt,
because I needed one and there was a cheap lot of three on eBay.
All of them were uselessly slow, and of course way slower than my
OPNSense router. I didn't figure out why they were slow, but I also
didn't really try; I just switched back to the OPNSense router.

It is only in the past two years that I have found normal cheap
proprietary routers to be slow. Has something about networking changed?
Or, next time that I come across such a slow router, how can I figure
out why it is slow, particularly if I can't install free firmware on it?



From njt at ayvali.org  Wed Dec 20 13:19:53 2017
From: njt at ayvali.org (N.J. Thomas)
Date: Wed, 20 Dec 2017 10:19:53 -0800
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <68530918.1553336.1513736952183@mail.yahoo.com>
References: <20171219220757.GG48961@ayvali.org>
 <92c2d108-afb7-1fb6-92df-3d50966f94e7@ceetonetechnology.com>
 <68530918.1553336.1513736952183@mail.yahoo.com>
Message-ID: <20171220181953.GI48961@ayvali.org>

* Mark Saad <mark.saad at ymail.com> [2017-12-20 02:29:12+0000]:
> > > Currently eyeing the APU2
> > 
> > Not to jump into the vendor game, but $190 is high.
> 
> Check out the used hp t610 thin client 25 - 40 bucks
> https://www.ebay.com/p/HP-T610-Thin-Client-Units/1766188673

Oh my. $40 is very attractive.

My only concern would be the power draw. I expect to turn this thing on,
stick it behind my cable modem and then forget about it. HP's power
specs for these devices don't mention much.

I think the APU2s would draw less power though, their specs say it to be
around 6-12W.

Thomas



From john at netpurgatory.com  Tue Dec 19 17:13:51 2017
From: john at netpurgatory.com (John C. Vernaleo)
Date: Tue, 19 Dec 2017 17:13:51 -0500 (EST)
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <20171219220757.GG48961@ayvali.org>
References: <20171219220757.GG48961@ayvali.org>
Message-ID: <alpine.DEB.2.20.1712191713001.11329@triforce>

I haven't tried an APU2 but I've been super happy with my APU as a 
OpenBSD (and Bitrig back when that was a thing) router.

-------------------------------------------------------
John C. Vernaleo, Ph.D.
www.netpurgatory.com
john at netpurgatory.com
-------------------------------------------------------

On Tue, 19 Dec 2017, N.J. Thomas wrote:

> Looking to pull the trigger on an OPNSense box for home. Cheap and low
> power are probably my two main requirements.
>
> Currently eyeing the APU2, which looks to be about $190. If anyone's got
> any other suggestions, I would love to hear it.
>
> Thomas
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>



From jim at netgate.com  Thu Dec 21 00:21:55 2017
From: jim at netgate.com (Jim Thompson)
Date: Wed, 20 Dec 2017 23:21:55 -0600
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <alpine.DEB.2.20.1712191713001.11329@triforce>
References: <20171219220757.GG48961@ayvali.org>
 <alpine.DEB.2.20.1712191713001.11329@triforce>
Message-ID: <926EFF39-B4E2-449B-86B0-D3BF83867230@netgate.com>


If you want an APU (not APU2 or APU3) I have a fifteen or more of them sitting in a box in my office.  With cases, SDcards and power supplies.

I won?t load anything for you, but I will test that FreeBSD or OpenBSD loads to a m-SATA.

You pay shipping.  If you?re outside the USA, be prepared to pay duties and taxes, too. 

Jim

https://imgur.com/gallery/7janM

> On Dec 19, 2017, at 4:13 PM, John C. Vernaleo <john at netpurgatory.com> wrote:
> 
> I haven't tried an APU2 but I've been super happy with my APU as a OpenBSD (and Bitrig back when that was a thing) router.
> 
> -------------------------------------------------------
> John C. Vernaleo, Ph.D.
> www.netpurgatory.com
> john at netpurgatory.com
> -------------------------------------------------------
> 
>> On Tue, 19 Dec 2017, N.J. Thomas wrote:
>> 
>> Looking to pull the trigger on an OPNSense box for home. Cheap and low
>> power are probably my two main requirements.
>> 
>> Currently eyeing the APU2, which looks to be about $190. If anyone's got
>> any other suggestions, I would love to hear it.
>> 
>> Thomas
>> 
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171220/6a643b97/attachment.htm>

From kmsujit at gmail.com  Thu Dec 21 00:27:02 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Thu, 21 Dec 2017 10:57:02 +0530
Subject: [talk] opnsense box for home: APU2 or something else?
In-Reply-To: <20171220173349.6AC4A7E2E6@mailuser.nyi.internal>
References: <20171219220757.GG48961@ayvali.org>
 <1513779692.4191423.1211198616.2E7CA343@webmail.messagingengine.com>
 <CA+6mNerLhVmu8-=c9iNCbmHm_iDX5Fvz_QAkGD+00mQ6-HeRsw@mail.gmail.com>
 <CA+6mNeo5pWDBL0_AnwMedA9_TnbgCbUgq6jYHZE_33hpXJMQzw@mail.gmail.com>
 <CACs0eVTyfiPGZ_da4S-obd+0bjtq1oshBhcEgnZz6XWQP3X--w@mail.gmail.com>
 <20171220173349.6AC4A7E2E6@mailuser.nyi.internal>
Message-ID: <CA+6mNeoBpj6V=OSHVHb9EHgFOOoH5UTX_DXEZX=T6vZ2QZmTFw@mail.gmail.com>

On Dec 20, 2017 11:04 PM, "Thomas Levine" <_ at thomaslevine.com> wrote:

This reminds me of something I have been wondering.

I recently purchased three routers that are compatible with dd-wrt,
because I needed one and there was a cheap lot of three on eBay.
All of them were uselessly slow, and of course way slower than my
OPNSense router. I didn't figure out why they were slow, but I also
didn't really try; I just switched back to the OPNSense router.

It is only in the past two years that I have found normal cheap
proprietary routers to be slow. Has something about networking changed?
Or, next time that I come across such a slow router, how can I figure
out why it is slow, particularly if I can't install free firmware on it?


What I find is branded home network ing device's are very low end. Can't
take more than one YouTube video at time. The other machine's suffer due to
this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171221/43f33e6c/attachment.htm>

From kmsujit at gmail.com  Fri Dec 22 02:00:13 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Fri, 22 Dec 2017 12:30:13 +0530
Subject: [talk] Golang book
In-Reply-To: <CA+6mNeocFKyRrRgcNE_kq+xPOcNHTLLM=c=O69dCX-_ryKYFsw@mail.gmail.com>
References: <CA+6mNepFP09fd6ikThVLoP_yKkGHkHTXunBoRNxwDcS6Yucbtg@mail.gmail.com>
 <CA+6mNepJCrb2sPiE5nka-nJqR02xnmH7ZSViRF4zpZoTKqLSbQ@mail.gmail.com>
 <CA+6mNeocFKyRrRgcNE_kq+xPOcNHTLLM=c=O69dCX-_ryKYFsw@mail.gmail.com>
Message-ID: <CA+6mNeqtvhM1LVcwwRDCOe5uPDGphKHVnrODgg-sWpfCdcnBQg@mail.gmail.com>

How do you rate this book? Go programming blueprints.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171222/8f86ac03/attachment.htm>

From crossd at gmail.com  Fri Dec 22 17:51:14 2017
From: crossd at gmail.com (Dan Cross)
Date: Fri, 22 Dec 2017 17:51:14 -0500
Subject: [talk] Golang book
In-Reply-To: <CA+6mNeqtvhM1LVcwwRDCOe5uPDGphKHVnrODgg-sWpfCdcnBQg@mail.gmail.com>
References: <CA+6mNepFP09fd6ikThVLoP_yKkGHkHTXunBoRNxwDcS6Yucbtg@mail.gmail.com>
 <CA+6mNepJCrb2sPiE5nka-nJqR02xnmH7ZSViRF4zpZoTKqLSbQ@mail.gmail.com>
 <CA+6mNeocFKyRrRgcNE_kq+xPOcNHTLLM=c=O69dCX-_ryKYFsw@mail.gmail.com>
 <CA+6mNeqtvhM1LVcwwRDCOe5uPDGphKHVnrODgg-sWpfCdcnBQg@mail.gmail.com>
Message-ID: <CAEoi9W5s4=LeFY1Zcp55DOM+yH+7SdMSc4M1NV2yun6aJowx0A@mail.gmail.com>

Disclaimer: I don't work on Go, but I sit in the office next to the project
lead and know most of the Go compiler/runtime folks fairly well.

I would recommend "The Go Programming Language" by Donovan and Kernighan.

On Fri, Dec 22, 2017 at 2:00 AM, Sujit K M <kmsujit at gmail.com> wrote:

> How do you rate this book? Go programming blueprints.
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171222/d0ffa083/attachment.htm>

From akosela at andykosela.com  Fri Dec 22 19:59:18 2017
From: akosela at andykosela.com (Andy Kosela)
Date: Fri, 22 Dec 2017 18:59:18 -0600
Subject: [talk] Golang book
In-Reply-To: <CAEoi9W5s4=LeFY1Zcp55DOM+yH+7SdMSc4M1NV2yun6aJowx0A@mail.gmail.com>
References: <CA+6mNepFP09fd6ikThVLoP_yKkGHkHTXunBoRNxwDcS6Yucbtg@mail.gmail.com>
 <CA+6mNepJCrb2sPiE5nka-nJqR02xnmH7ZSViRF4zpZoTKqLSbQ@mail.gmail.com>
 <CA+6mNeocFKyRrRgcNE_kq+xPOcNHTLLM=c=O69dCX-_ryKYFsw@mail.gmail.com>
 <CA+6mNeqtvhM1LVcwwRDCOe5uPDGphKHVnrODgg-sWpfCdcnBQg@mail.gmail.com>
 <CAEoi9W5s4=LeFY1Zcp55DOM+yH+7SdMSc4M1NV2yun6aJowx0A@mail.gmail.com>
Message-ID: <CALMnNGix5ZAKGkMMwVEG2XQiDdWo2GfkDmZ=L1EYUod+37mAog@mail.gmail.com>

On Fri, Dec 22, 2017 at 4:51 PM, Dan Cross <crossd at gmail.com> wrote:
> Disclaimer: I don't work on Go, but I sit in the office next to the project
> lead and know most of the Go compiler/runtime folks fairly well.
>
> I would recommend "The Go Programming Language" by Donovan and Kernighan.

I second that.  This is basically K&R book for Go, golden standard.

I also like "Go Programming Language Phrasebook" by David Chisnall.
He happens to be also a FreeBSD and LLVM developer and seem to know
what he is writing about...

--Andy



From zebdeos at bayprogrammer.com  Fri Dec 22 21:21:30 2017
From: zebdeos at bayprogrammer.com (Zeb DeOs)
Date: Fri, 22 Dec 2017 18:21:30 -0800
Subject: [talk] Golang book
In-Reply-To: <CALMnNGix5ZAKGkMMwVEG2XQiDdWo2GfkDmZ=L1EYUod+37mAog@mail.gmail.com>
References: <CA+6mNepFP09fd6ikThVLoP_yKkGHkHTXunBoRNxwDcS6Yucbtg@mail.gmail.com>
 <CA+6mNepJCrb2sPiE5nka-nJqR02xnmH7ZSViRF4zpZoTKqLSbQ@mail.gmail.com>
 <CA+6mNeocFKyRrRgcNE_kq+xPOcNHTLLM=c=O69dCX-_ryKYFsw@mail.gmail.com>
 <CA+6mNeqtvhM1LVcwwRDCOe5uPDGphKHVnrODgg-sWpfCdcnBQg@mail.gmail.com>
 <CAEoi9W5s4=LeFY1Zcp55DOM+yH+7SdMSc4M1NV2yun6aJowx0A@mail.gmail.com>
 <CALMnNGix5ZAKGkMMwVEG2XQiDdWo2GfkDmZ=L1EYUod+37mAog@mail.gmail.com>
Message-ID: <CAMVnNAHny=17CO+kDXE02N5DwdUTcjUiJC4nR0aOBD1Dc=KsEw@mail.gmail.com>

I know I'm not the one who asked the original question, but this
thread caught my eye. These are timely recommendations for me
(recently got seriously interested in Go), thanks for sharing them!
Noticed they're both available as eBooks on InformIT as well (if
anyone prefers DRM free ebooks to dead tree versions) which means I
can get them tonight. Hurrah!

> > I would recommend "The Go Programming Language" by Donovan and Kernighan.

http://www.informit.com/store/go-programming-language-9780134190440

> I also like "Go Programming Language Phrasebook" by David Chisnall.

http://www.informit.com/store/go-programming-language-phrasebook-9780321817143



From spork at bway.net  Tue Dec 26 13:59:53 2017
From: spork at bway.net (Charles Sprickman)
Date: Tue, 26 Dec 2017 13:59:53 -0500
Subject: [talk] Supermicro source?
Message-ID: <F9EFCC95-31EB-43F6-AC8F-05BB9EECC76D@bway.net>

Hi all,

I?m looking for a Supermicro vendor that?s somewhere between the ?shopping at 3 different stores to find chassis, RAM, drives, etc.? and full white-labelled servers.  Like I pick a chassis/motherboard and the vendor deals with finding compatible RAM and any oddball stuff like the drive backplane for some small premium/markup.  The last guy I knew that did this has been out of the business for at least 5 years (GCS).

Failing that, after some really bad experiences with overblown IBM/Lenovo garbage, if I go with a server vendor, Dell feels like the least insane choice.  Lenovo is really only for folks who are thrilled with long-term support contracts where ?fixing? things is basically swapping out hardware until it works.  Also screw IBM and their EFI that takes 15 minutes to boot. The HP server I have at home is a bit too proprietary.  The few Dells I?ve dealt with seem to have a fairly minimal amount of bells and whistles and have been in service for ages.  Any thoughts on their current lineup?

Thanks,

Charles



From arielsanchezmora at gmail.com  Tue Dec 26 18:16:44 2017
From: arielsanchezmora at gmail.com (Ariel Sanchez Mora)
Date: Tue, 26 Dec 2017 18:16:44 -0500
Subject: [talk] Supermicro source?
In-Reply-To: <CADN2GVs9enstSCvzJJfLBHUxhNOSrmL4Yc2Ep268AOBJOLC-Fg@mail.gmail.com>
References: <F9EFCC95-31EB-43F6-AC8F-05BB9EECC76D@bway.net>
 <CADN2GVs9enstSCvzJJfLBHUxhNOSrmL4Yc2Ep268AOBJOLC-Fg@mail.gmail.com>
Message-ID: <CADN2GVuxiLtqLj3fUcYtYs11VPzRJp=i74+6Ju5EE5XqpOqEDQ@mail.gmail.com>

A friend of mine likes CyberZone - several have bought these homelab bundles

https://tinkertry.com/superservers



On Dec 26, 2017 2:16 PM, "Charles Sprickman" <spork at bway.net> wrote:

Hi all,

I?m looking for a Supermicro vendor that?s somewhere between the ?shopping
at 3 different stores to find chassis, RAM, drives, etc.? and full
white-labelled servers.  Like I pick a chassis/motherboard and the vendor
deals with finding compatible RAM and any oddball stuff like the drive
backplane for some small premium/markup.  The last guy I knew that did this
has been out of the business for at least 5 years (GCS).

Failing that, after some really bad experiences with overblown IBM/Lenovo
garbage, if I go with a server vendor, Dell feels like the least insane
choice.  Lenovo is really only for folks who are thrilled with long-term
support contracts where ?fixing? things is basically swapping out hardware
until it works.  Also screw IBM and their EFI that takes 15 minutes to
boot. The HP server I have at home is a bit too proprietary.  The few Dells
I?ve dealt with seem to have a fairly minimal amount of bells and whistles
and have been in service for ages.  Any thoughts on their current lineup?

Thanks,

Charles

_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171226/8d65627e/attachment.htm>

From spork at bway.net  Tue Dec 26 19:45:51 2017
From: spork at bway.net (Charles Sprickman)
Date: Tue, 26 Dec 2017 19:45:51 -0500
Subject: [talk] Supermicro source?
In-Reply-To: <F9EFCC95-31EB-43F6-AC8F-05BB9EECC76D@bway.net>
References: <F9EFCC95-31EB-43F6-AC8F-05BB9EECC76D@bway.net>
Message-ID: <C36771B0-E58C-49E5-875B-7DB9B3329506@bway.net>

I can top-post back to myself, right? :)

I have one private reply and I reached out to that vendor.

Also put in a quote request at ixSystems (like 5 hours ago) and no response, that?s a bit disappointing.

Just going off Supermicro?s list of resellers, I narrowed it down to these vendors, curious if anyone has experience with them.  I ruled out places that don?t have some kind of quick quote generator.

https://www.siliconmechanics.com/c1246/rack-server-products.php <https://www.siliconmechanics.com/c1246/rack-server-products.php>
http://www.asacomputers.com/2U-Server.html <http://www.asacomputers.com/2U-Server.html>
http://www.broadberry.com/ <http://www.broadberry.com/>

Dell R530 was interesting, but their lead time is worse than I expected, so they?re at the bottom of the list.  And their rack mounting stuff is about 2? too deep for our weird old cabinet.

Thanks,

Charles

> On Dec 26, 2017, at 1:59 PM, Charles Sprickman <spork at bway.net> wrote:
> 
> Hi all,
> 
> I?m looking for a Supermicro vendor that?s somewhere between the ?shopping at 3 different stores to find chassis, RAM, drives, etc.? and full white-labelled servers.  Like I pick a chassis/motherboard and the vendor deals with finding compatible RAM and any oddball stuff like the drive backplane for some small premium/markup.  The last guy I knew that did this has been out of the business for at least 5 years (GCS).
> 
> Failing that, after some really bad experiences with overblown IBM/Lenovo garbage, if I go with a server vendor, Dell feels like the least insane choice.  Lenovo is really only for folks who are thrilled with long-term support contracts where ?fixing? things is basically swapping out hardware until it works.  Also screw IBM and their EFI that takes 15 minutes to boot. The HP server I have at home is a bit too proprietary.  The few Dells I?ve dealt with seem to have a fairly minimal amount of bells and whistles and have been in service for ages.  Any thoughts on their current lineup?
> 
> Thanks,
> 
> Charles
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171226/8f46fa7e/attachment.htm>

From kmsujit at gmail.com  Wed Dec 27 23:24:11 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Thu, 28 Dec 2017 09:54:11 +0530
Subject: [talk] Cyber False Login
Message-ID: <CA+6mNerD_Eo1OMAPoW=gffAn6u2Vt1ODQbMBr9_zqdqee43X5Q@mail.gmail.com>

Hi All,

I have recently been working in my free time on an security flaw which
might have not been reported thus far or major sites don't test.

Say there is an site A dependent on site B for login. Now say a person
P log's into A and doesn't logout. Say now some else gets access to the
machine and deploys locally his own site which is dependent on site B
for login. He can get information regarding Person P.

I checked with some of the popular sites but this doesn't seem to be
possible, what could be the reason.

Regards,
Sujit K M



From johnweintraub at gmail.com  Wed Dec 27 23:43:24 2017
From: johnweintraub at gmail.com (John Weintraub)
Date: Wed, 27 Dec 2017 20:43:24 -0800
Subject: [talk] Cyber False Login
In-Reply-To: <CA+6mNerD_Eo1OMAPoW=gffAn6u2Vt1ODQbMBr9_zqdqee43X5Q@mail.gmail.com>
References: <CA+6mNerD_Eo1OMAPoW=gffAn6u2Vt1ODQbMBr9_zqdqee43X5Q@mail.gmail.com>
Message-ID: <CAKQkF1Z1JfEOJ2qK0hs1jTpmxLJMzEf8PoRCNsaztKQQOCzwKw@mail.gmail.com>

Hi Sujit;

I'd think that the site A or B or both have some auto-logoff feature, where
after not very long, if no activity is detected, the user is logged out.
This could be, say three to five minutes of inactivity. I know that would
create some vulnerability, but that's a pretty narrow window in which to
hack a website. And for my money, I think it would be site A that would
have the auto-logoff feature, which might be as simple as a script telling
site B to log out the inactive user.

Cheers JJW

On Wed, Dec 27, 2017 at 8:24 PM, Sujit K M <kmsujit at gmail.com> wrote:

> Hi All,
>
> I have recently been working in my free time on an security flaw which
> might have not been reported thus far or major sites don't test.
>
> Say there is an site A dependent on site B for login. Now say a person
> P log's into A and doesn't logout. Say now some else gets access to the
> machine and deploys locally his own site which is dependent on site B
> for login. He can get information regarding Person P.
>
> I checked with some of the popular sites but this doesn't seem to be
> possible, what could be the reason.
>
> Regards,
> Sujit K M
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>



-- 
John Weintraub
#333-7451 Moffatt Rd.
Richmond BC Canada
V6Y 3W3
604-813-9830
johnweintraub at gmail.com
www.johnweintraub.online
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171227/0cb4eb1b/attachment.htm>

From kmsujit at gmail.com  Thu Dec 28 03:17:08 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Thu, 28 Dec 2017 13:47:08 +0530
Subject: [talk] Cyber False Login
In-Reply-To: <CAKQkF1Z1JfEOJ2qK0hs1jTpmxLJMzEf8PoRCNsaztKQQOCzwKw@mail.gmail.com>
References: <CA+6mNerD_Eo1OMAPoW=gffAn6u2Vt1ODQbMBr9_zqdqee43X5Q@mail.gmail.com>
 <CAKQkF1Z1JfEOJ2qK0hs1jTpmxLJMzEf8PoRCNsaztKQQOCzwKw@mail.gmail.com>
Message-ID: <CA+6mNeoyH0sfUXs+E=etUqbxfGUid0X7p6HZq_G8_xOKyh_7nQ@mail.gmail.com>

On Thu, Dec 28, 2017 at 10:13 AM, John Weintraub
<johnweintraub at gmail.com> wrote:
> Hi Sujit;
>
> I'd think that the site A or B or both have some auto-logoff feature, where
> after not very long, if no activity is detected, the user is logged out.
> This could be, say three to five minutes of inactivity. I know that would
> create some vulnerability, but that's a pretty narrow window in which to
> hack a website. And for my money, I think it would be site A that would have
> the auto-logoff feature, which might be as simple as a script telling site B
> to log out the inactive user.
>

Another way to look at it is since A calls B and B knows A is the One
that is authenticated.
It doesn't let Another Site C To use the authentication owned by A.



From johnweintraub at gmail.com  Thu Dec 28 03:24:08 2017
From: johnweintraub at gmail.com (John Weintraub)
Date: Thu, 28 Dec 2017 00:24:08 -0800
Subject: [talk] Cyber False Login
In-Reply-To: <CAKQkF1Y=71cC8PoT5YBCQ3gyvnC7=t0iwO3RQz-sVCzSvnR4iA@mail.gmail.com>
References: <CA+6mNerD_Eo1OMAPoW=gffAn6u2Vt1ODQbMBr9_zqdqee43X5Q@mail.gmail.com>
 <CAKQkF1Z1JfEOJ2qK0hs1jTpmxLJMzEf8PoRCNsaztKQQOCzwKw@mail.gmail.com>
 <CA+6mNeoyH0sfUXs+E=etUqbxfGUid0X7p6HZq_G8_xOKyh_7nQ@mail.gmail.com>
 <CAKQkF1Y=71cC8PoT5YBCQ3gyvnC7=t0iwO3RQz-sVCzSvnR4iA@mail.gmail.com>
Message-ID: <CAKQkF1aQmby9P=m4_ov4ekTnjv8GSkEaDEcZCzza1JU6E48RMg@mail.gmail.com>

unless C convinces B that it's A when in fact it's not A at all.

On Dec 28, 2017 12:17 AM, "Sujit K M" <kmsujit at gmail.com> wrote:

On Thu, Dec 28, 2017 at 10:13 AM, John Weintraub
<johnweintraub at gmail.com> wrote:
> Hi Sujit;
>
> I'd think that the site A or B or both have some auto-logoff feature,
where
> after not very long, if no activity is detected, the user is logged out.
> This could be, say three to five minutes of inactivity. I know that would
> create some vulnerability, but that's a pretty narrow window in which to
> hack a website. And for my money, I think it would be site A that would
have
> the auto-logoff feature, which might be as simple as a script telling
site B
> to log out the inactive user.
>

Another way to look at it is since A calls B and B knows A is the One
that is authenticated.
It doesn't let Another Site C To use the authentication owned by A.

_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171228/bdd0e84b/attachment.htm>

From zaphod at berentweb.com  Thu Dec 28 09:36:50 2017
From: zaphod at berentweb.com (Beeblebrox)
Date: Thu, 28 Dec 2017 14:36:50 +0000
Subject: [talk] Housing Q
Message-ID: <B02D2C2D-4407-4399-970D-FA77D2FE6A06@berentweb.com>

Off-topic, but sort of an emergency:

Anyone on the list have 2-3 months housing available (self or friend)
in the NJ / NY state area for sub lease in the $1000 - $1200 range?
Prefer furnished studio, but given circumstances will consider minimal furnished room.
Distance to NYC not an issue as long as area is close to public transport and market.
Actually hoping to find a place at a lower cost but farther out from NYC.
Move in: Immediate!!
Feel free to PM me if you have any contact to pass on.

PS: Question is for any "personal knowledge" of such a place or town; I have web-based solutions (airbnb for example) pretty much covered.
For example, someone may be going on an extended trip and may consider leasing their unit while away.

Thanks & Regards



From george at ceetonetechnology.com  Thu Dec 28 10:59:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Thu, 28 Dec 2017 15:59:00 +0000
Subject: [talk] unpatched SSHD vulnerabilities in FreeBSD?
Message-ID: <3e464a1f-c989-11c8-7d3e-129c51ed7d63@ceetonetechnology.com>

I noticed this in from a recent Trustwave audit, but it seems that
CVE-2017-15906 has gone unpatched in FreeBSD, and maybe CVE-2016-10012.
Am I missing something?

They don't show up on the advisories page.

g


-- 


5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6



From pete at nomadlogic.org  Thu Dec 28 12:34:21 2017
From: pete at nomadlogic.org (Pete Wright)
Date: Thu, 28 Dec 2017 09:34:21 -0800
Subject: [talk] Cyber False Login
In-Reply-To: <CA+6mNerD_Eo1OMAPoW=gffAn6u2Vt1ODQbMBr9_zqdqee43X5Q@mail.gmail.com>
References: <CA+6mNerD_Eo1OMAPoW=gffAn6u2Vt1ODQbMBr9_zqdqee43X5Q@mail.gmail.com>
Message-ID: <7326300e-7e36-2641-4919-d82446b86090@nomadlogic.org>



On 12/27/2017 20:24, Sujit K M wrote:
> Hi All,
>
> I have recently been working in my free time on an security flaw which
> might have not been reported thus far or major sites don't test.
>
> Say there is an site A dependent on site B for login. Now say a person
> P log's into A and doesn't logout. Say now some else gets access to the
> machine and deploys locally his own site which is dependent on site B
> for login. He can get information regarding Person P.
>
> I checked with some of the popular sites but this doesn't seem to be
> possible, what could be the reason.

the devil is in the details, but i think i understand where you are 
going with this.? i've worked at a couple shops now that make heavy use 
of Auth tokens in a similar way you are describing.? For your scenario 
above it sounds like a good use-case of JWT:

https://en.wikipedia.org/wiki/JSON_Web_Token

That should give the developer enough flexibility to define how a given 
token can be used potentially mitigating token hijacking issues.

-p


-- 
Pete Wright
pete at nomadlogic.org
@nomadlogicLA



From pete at nomadlogic.org  Thu Dec 28 15:11:29 2017
From: pete at nomadlogic.org (Pete Wright)
Date: Thu, 28 Dec 2017 12:11:29 -0800
Subject: [talk] unpatched SSHD vulnerabilities in FreeBSD?
In-Reply-To: <3e464a1f-c989-11c8-7d3e-129c51ed7d63@ceetonetechnology.com>
References: <3e464a1f-c989-11c8-7d3e-129c51ed7d63@ceetonetechnology.com>
Message-ID: <cd7f13de-369d-79ae-db99-9da688a007b0@nomadlogic.org>



On 12/28/2017 07:59, George Rosamond wrote:
> I noticed this in from a recent Trustwave audit, but it seems that
> CVE-2017-15906 has gone unpatched in FreeBSD, and maybe CVE-2016-10012.
> Am I missing something?
>
> They don't show up on the advisories page.

yea it looks like neither of these fixes have been applied to 
11-RELEASE, and CVE-2017-15906 would seem to be vulnerable on 12-CURRENT 
from what i can tell.? Maybe submit a PR if you have time?

-p

-- 
Pete Wright
pete at nomadlogic.org
@nomadlogicLA



From lists at eitanadler.com  Thu Dec 28 21:20:54 2017
From: lists at eitanadler.com (Eitan Adler)
Date: Thu, 28 Dec 2017 18:20:54 -0800
Subject: [talk] unpatched SSHD vulnerabilities in FreeBSD?
In-Reply-To: <cd7f13de-369d-79ae-db99-9da688a007b0@nomadlogic.org>
References: <3e464a1f-c989-11c8-7d3e-129c51ed7d63@ceetonetechnology.com>
 <cd7f13de-369d-79ae-db99-9da688a007b0@nomadlogic.org>
Message-ID: <CAF6rxgmBJ1GEYue+4xqztMiha7+QxXHpFp+RtZHNncA7fY4pmw@mail.gmail.com>

+secteam

On 28 December 2017 at 12:11, Pete Wright <pete at nomadlogic.org> wrote:
>
>
> On 12/28/2017 07:59, George Rosamond wrote:
>>
>> I noticed this in from a recent Trustwave audit, but it seems that
>> CVE-2017-15906 has gone unpatched in FreeBSD, and maybe CVE-2016-10012.
>> Am I missing something?
>>
>> They don't show up on the advisories page.
>
>
> yea it looks like neither of these fixes have been applied to 11-RELEASE,
> and CVE-2017-15906 would seem to be vulnerable on 12-CURRENT from what i can
> tell.  Maybe submit a PR if you have time?




-- 
Eitan Adler



From george at ceetonetechnology.com  Fri Dec 29 10:20:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Fri, 29 Dec 2017 15:20:00 +0000
Subject: [talk] NYC*BUG: Jan 3 on OpenBSD Porting and more
Message-ID: <dc3b0562-ecf3-0207-af76-ac24adfddb5c@ceetonetechnology.com>

Upcoming NYC*BUG meetings plus Bryan Cantril speaking at Jane Street Jan
18. There is a February 7 meeting sorted out about Reproducible Builds,
but is not yet posted on the web site.

The CFP for BSDCan 2018 is open.

*****

Wednesday, January 3
OpenBSD Porting Workshop. Learn how to make ports!, Brian Callahan
18:45, LMHQ, 150 Broadway, 20th Floor, Manhattan

Writing ports is a crucial aspect of *BSD development. There is a lot of
software out in the world, and ports and packages make all our lives
much easier. All the non-base software you use passed through the
fingers of a porter.

Making your own ports is an easy and fun way to make your first
contributions to a *BSD project. Is there some piece of software you
just can't live without? Do you have some software of your own that you
would like to have readily available to *BSD users? Just interested in
learning about ports and package management? This is the workshop for
you! No experience necessary to participate. All set up, including an
OpenBSD virtual machine, will be available for participants.

We will be creating our own first ports for the OpenBSD project. This
workshop will be a step-by-step from identifying the software you want
to port through and including the final port ready for submission. By
the end of the workshop, you will have submitted a new port to the
OpenBSD ports@ mailing list!

Speaker Bio

Brian is a Ph.D. Candidate in the Department of Science & Technology
Studies at Rensselaer Polytechnic Institute in Troy, NY.

He is an OpenBSD developer, mostly working on ports.

*****

We generally do not post non-NYC*BUG/BSD events, but we'll make an
exception for this

Jan 18, 2018

The Hurricane's Butterfly: Debugging Pathologically Performing Systems
Speaker: Bryan Cantrill
18:15, Downtown Manhattan

Abstract

Despite significant advances in tooling over the past two decades,
performance debugging?finding and rectifying those limiters to systems
performance?remains a singular challenge in our production systems. This
challenge persists in part because of a butterfly effect in complicated
systems: small but ill-behaving components can have an outsized effect
on the performance of a system in aggregate.

This talk will explore this challenge, including why simple problems can
cause non-linear performance effects, how they can remain so elusive and
what we can do to better debug them.

Registration

As space is limited and building security requires visitor registration,
please register for this talk here.
(https://goo.gl/forms/uL3ME5T1UfGiexG22) We'll send you full location
details when you register.

https://www.janestreet.com/tech-talks/hurricanes-butterfly/

Speaker bio

Bryan Cantrill is CTO at Joyent, where since 2010 he has had
responsibility for Joyent's SmartOS, Triton and Manta technologies.
Previously a Distinguished Engineer at Sun Microsystems, Bryan led the
team that designed and implemented DTrace, a facility for dynamic
instrumentation of production systems that won the Wall Street Journal?s
top Technology Innovation Award in 2006. He received
the ScB magna cum laude with honors in Computer Science from Brown
University.



From bcallah at devio.us  Fri Dec 29 22:25:06 2017
From: bcallah at devio.us (Brian Callahan)
Date: Fri, 29 Dec 2017 22:25:06 -0500
Subject: [talk] January 3 meeting, claim your ports! :)
Message-ID: <f1efa08b-3981-f16f-8dec-436c0be7d519@devio.us>

Hi talk --

Upcoming for the workshop on January 3, I thought I would collate some 
un-ported software so participants have some hands-on material. 
Participants will have completed ports to submit by the end! :)

I am also making a VirtualBox VM for people to use, which will be 
uploaded to the NYC*BUG mirror box. I will send a link once it is 
available. It's all set up and ready to start making ports.

You are of course welcome to port your own software, but here's a list 
of what I have for people:
* aee - A console and X11 editor that is very similar to FreeBSD's ee editor
* GNU bc - the GNU project's version of the bc and dc commands
* BSOD - a small program that recreates the authentic experience of 
using Windows XP - 7
* GNU Interactive Tools - a small suite of command-line tools (file 
browser, hex viewer, and ps viewer) from the GNU project
* py-bblame - an ncurses-based git history browser written in Python

This'll let us all tackle building ports written in C, C++, and Python, 
which are probably the most common languages in the ports tree. If 
there's something in the above list that you really want to write the 
port for, respond to the list and let us know!

NOTE: I highly recommend bringing a notebook and a pen to the workshop. 
Seriously. It's going to be a lot of material. We'll probably go over 
time (sorry in advance!).

Who here is planning on attending and writing a port? Even if it's not 
for one of the piece of software above, let me/us know if you're 
participating.

~Brian



From george at ceetonetechnology.com  Sat Dec 30 00:14:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Sat, 30 Dec 2017 05:14:00 +0000
Subject: [talk] passing-the-hat for the BSD projects
Message-ID: <ed75c01e-4bfa-df69-8b43-2bd06bd11b58@ceetonetechnology.com>

For the next few meetings, NYC*BUG will be doing a collection for each
of the BSD projects.

Since our beginnings, we have contributed to a variety of fundraising
efforts for the BSD projects. Most significantly, the profits from each
of our conferences has been divided up between the BSD projects. We have
done a number of other activities for monetary donations, besides
connecting developers to hardware.

For the January meeting, the collection will go to OpenBSD, followed by
NetBSD in February, with FreeBSD and DragonFly BSD to follow.

There is no obligation to contribute, but even small donations
aggregated can matter. Of course we don't have a credit card machine,
but cash or checks made out to the respective BSD project (in this case
"the OpenBSD Foundation") are welcome.

If you want to use a credit card, won't be attending the meeting, or
just prefer to donate directly, these links provide the relevant
information:

https://www.dragonflybsd.org/donations/

https://www.freebsdfoundation.org/donate/

https://www.netbsd.org/donations/

https://www.openbsd.org/donations.html