From mcevoy.pat at gmail.com Tue Jan 2 15:06:35 2018 From: mcevoy.pat at gmail.com (Pat McEvoy) Date: Tue, 2 Jan 2018 15:06:35 -0500 Subject: [talk] OpenBSD <-> projectors Message-ID: First off, Happy New Years! I have yet to go to a *BSD Conference / Event where someone with an OpenBSD laptop did not have issues getting it to play well with a projector. Does anyone have any crib sheets / notes / words of encouragement for me? I am not knocking the OS, just trying to make my life a little easier. P From john at netpurgatory.com Tue Jan 2 15:20:35 2018 From: john at netpurgatory.com (John C. Vernaleo) Date: Tue, 2 Jan 2018 15:20:35 -0500 (EST) Subject: [talk] OpenBSD <-> projectors In-Reply-To: References: Message-ID: The dance I always did (on a thinkpad anyway) was: 1. connect cable 2. xrandr (to confirm the output are what i think) 3. xrandr --output HDMI1 --auto ------------------------------------------------------- John C. Vernaleo, Ph.D. www.netpurgatory.com john at netpurgatory.com ------------------------------------------------------- On Tue, 2 Jan 2018, Pat McEvoy wrote: > First off, Happy New Years! > I have yet to go to a *BSD Conference / Event where someone with an OpenBSD laptop did not have issues getting it to play well with a projector. Does anyone have any crib sheets / notes / words of encouragement for me? I am not knocking the OS, just trying to make my life a little easier. > P > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > From okan at demirmen.com Tue Jan 2 15:24:57 2018 From: okan at demirmen.com (Okan Demirmen) Date: Tue, 2 Jan 2018 15:24:57 -0500 Subject: [talk] OpenBSD <-> projectors In-Reply-To: References: Message-ID: On Tue, Jan 2, 2018 at 3:06 PM, Pat McEvoy wrote: > First off, Happy New Years! > I have yet to go to a *BSD Conference / Event where someone with an OpenBSD laptop did not have issues getting it to play well with a projector. Does anyone have any crib sheets / notes / words of encouragement for me? I am not knocking the OS, just trying to make my life a little easier. > P It's typically a physical connector <-> projector challenge or the figuring out the 1000's of buttons in xrandr. > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From _ at thomaslevine.com Tue Jan 2 17:53:11 2018 From: _ at thomaslevine.com (Thomas Levine) Date: Tue, 02 Jan 2018 22:53:11 +0000 Subject: [talk] OpenBSD <-> projectors In-Reply-To: References: Message-ID: <20180102225313.2C4367E300@mailuser.nyi.internal> I use arandr. It always works flawlessly. From bcallah at devio.us Tue Jan 2 19:06:05 2018 From: bcallah at devio.us (Brian Callahan) Date: Tue, 2 Jan 2018 19:06:05 -0500 Subject: [talk] Workshop virtual machine for tomorrow Message-ID: <5e89f516-efff-0eea-b4d8-c8a0fc463ff8@devio.us> is here! http://mirrors.nycbug.org/pub/distfiles/NYCBUG.ova It's a VirtualBox VM that's all ready to go username: nycbug password: nycbug it's already set to do doas without a password This virtual machine is all up-to-date and all ready to get started. See everyone tomorrow! ~Brian From mcevoy.pat at gmail.com Tue Jan 2 19:44:44 2018 From: mcevoy.pat at gmail.com (Pat McEvoy) Date: Tue, 2 Jan 2018 19:44:44 -0500 Subject: [talk] NYC*BUG Stickers Message-ID: <2AC0A080-4D4B-4472-9211-CC3E44B581B1@gmail.com> If anyone has any of the NYC*BUG stickers left over from the last con, please bring. I know a number of the group are looking for them. TIA Patrick From mark.saad at ymail.com Tue Jan 2 20:32:31 2018 From: mark.saad at ymail.com (Mark Saad) Date: Tue, 2 Jan 2018 20:32:31 -0500 Subject: [talk] OpenBSD <-> projectors In-Reply-To: <20180102225313.2C4367E300@mailuser.nyi.internal> References: <20180102225313.2C4367E300@mailuser.nyi.internal> Message-ID: <7AF5031A-B0D5-494D-9906-CD3CD26D1818@ymail.com> > On Jan 2, 2018, at 5:53 PM, Thomas Levine <_ at thomaslevine.com> wrote: > > I use arandr. It always works flawlessly. Similarly I use lxrandr to have a slim GUI version of xrandr. > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk --- Mark Saad | mark.saad at ymail.com From ike at blackskyresearch.net Wed Jan 3 03:09:22 2018 From: ike at blackskyresearch.net (Isaac (.ike) Levy) Date: Wed, 03 Jan 2018 03:09:22 -0500 Subject: [talk] Holidaze, AWS, and astounding "clock drift outage" In-Reply-To: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com> References: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com> Message-ID: <1514966962.986492.1222611432.45AE2A15@webmail.messagingengine.com> Hi All, After weeks of nonsense (and boring long stories), On Mon, Dec 18, 2017, at 3:39 PM, Isaac (.ike) Levy wrote: > Hi All, > > A bit OT from the pit of internet hell, but perhaps of interest to folks > here: This weekend AWS has been doling out a disruption of service of > the worst kind, clock skew insanity. And when I say insanity, I mean > true madness. Updates, perhaps of interest in several categories, Through continued holiday NTP/hardware adventure, we were told we were casualties of a Xen exploit to be publicly announced Thursday: https://xenbits.xen.org/xsa/ As of today, Intel appears to be prepping to get in the mix, with issues apparently *quite* related, https://www.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/ http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table Thursday my Ops teammates and I will certainly be popping popcorn to watch this show. -- When we all knew how stupid this technical approach was years ago, why has the cloud taken the shape it has? https://youtu.be/z7LsKtHXAmo?t=2545 I'm looking forward to the day the current favella of what we currently call "the cloud" has burned to the ground. And, I hope not completely burned- so we can look upon it's ashes for centuries and know how *not* to build things. Best, .ike From spork at bway.net Wed Jan 3 03:41:47 2018 From: spork at bway.net (Charles Sprickman) Date: Wed, 3 Jan 2018 03:41:47 -0500 Subject: [talk] Holidaze, AWS, and astounding "clock drift outage" In-Reply-To: <1514966962.986492.1222611432.45AE2A15@webmail.messagingengine.com> References: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com> <1514966962.986492.1222611432.45AE2A15@webmail.messagingengine.com> Message-ID: > On Jan 3, 2018, at 3:09 AM, Isaac (.ike) Levy wrote: > > Hi All, > > After weeks of nonsense (and boring long stories), > > On Mon, Dec 18, 2017, at 3:39 PM, Isaac (.ike) Levy wrote: >> Hi All, >> >> A bit OT from the pit of internet hell, but perhaps of interest to folks >> here: This weekend AWS has been doling out a disruption of service of >> the worst kind, clock skew insanity. And when I say insanity, I mean >> true madness. > > Updates, perhaps of interest in several categories, > > Through continued holiday NTP/hardware adventure, we were told we were casualties of a Xen exploit to be publicly announced Thursday: > https://xenbits.xen.org/xsa/ > > As of today, Intel appears to be prepping to get in the mix, with issues apparently *quite* related, > https://www.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/ > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > Thursday my Ops teammates and I will certainly be popping popcorn to watch this show. Security concerns aside, if there really is a 30%-ish performance hit for ?some virtualization workloads?, and we assume AWS is basically all Intel, and that that 30% is now just datacenter-warming rather than computing, and 30% more capacity will be added, consuming 30% more power, is this like a whole ?add a Denmark to the power grid? event? Like a security flaw is going to hasten global warming? > > -- > When we all knew how stupid this technical approach was years ago, why has the cloud taken the shape it has? > https://youtu.be/z7LsKtHXAmo?t=2545 > > I'm looking forward to the day the current favella of what we currently call "the cloud" has burned to the ground. And, I hope not completely burned- so we can look upon it's ashes for centuries and know how *not* to build things. > > Best, > .ike > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From ike at blackskyresearch.net Wed Jan 3 04:15:25 2018 From: ike at blackskyresearch.net (Isaac (.ike) Levy) Date: Wed, 03 Jan 2018 04:15:25 -0500 Subject: [talk] Holidaze, AWS, and astounding "clock drift outage" In-Reply-To: References: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com> <1514966962.986492.1222611432.45AE2A15@webmail.messagingengine.com> Message-ID: <1514970925.999448.1222651088.32659052@webmail.messagingengine.com> On Wed, Jan 3, 2018, at 3:41 AM, Charles Sprickman wrote: > > > On Jan 3, 2018, at 3:09 AM, Isaac (.ike) Levy wrote: > > > > Hi All, > > > > After weeks of nonsense (and boring long stories), > > > > On Mon, Dec 18, 2017, at 3:39 PM, Isaac (.ike) Levy wrote: > >> Hi All, > >> > >> A bit OT from the pit of internet hell, but perhaps of interest to folks > >> here: This weekend AWS has been doling out a disruption of service of > >> the worst kind, clock skew insanity. And when I say insanity, I mean > >> true madness. > > > > Updates, perhaps of interest in several categories, > > > > Through continued holiday NTP/hardware adventure, we were told we were casualties of a Xen exploit to be publicly announced Thursday: > > https://xenbits.xen.org/xsa/ > > > > As of today, Intel appears to be prepping to get in the mix, with issues apparently *quite* related, > > https://www.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/ > > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > > > Thursday my Ops teammates and I will certainly be popping popcorn to watch this show. > > > Security concerns aside, if there really is a 30%-ish performance hit > for ?some virtualization workloads?, and we assume AWS is basically all > Intel, and that that 30% is now just datacenter-warming rather than > computing, and 30% more capacity will be added, consuming 30% more > power, is this like a whole ?add a Denmark to the power grid? event? > > Like a security flaw is going to hasten global warming? > I love it. I was more thinking about how *just the right virus* can hit a homogenious population of some biological entity, but your hot take is way more in line with recent events of 2017. On the same side track, and apparently quite real, "Intel's CEO Just Sold a Lot of Stock", https://darwininvestingnetwork.com/intel039s-ceo-just-sold-a-lot-of-stock-motley-fool/ Best, .ike From jim at netgate.com Wed Jan 3 04:42:09 2018 From: jim at netgate.com (Jim Thompson) Date: Wed, 3 Jan 2018 03:42:09 -0600 Subject: [talk] Holidaze, AWS, and astounding "clock drift outage" In-Reply-To: References: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com> <1514966962.986492.1222611432.45AE2A15@webmail.messagingengine.com> Message-ID: Newer Intel CPUs implement Process-Context Identifiers (PCIDs), though no BSD or Linux uses them yet AFAIK. These should help a lot on TLB shoot downs. http://forum.osdev.org/viewtopic.php?f=1&t=29935 Though there is a pending patch on CR3 flush during context switch that would preclude same: https://patchwork.kernel.org/patch/10138835/ The best layperson accessible write-up I?ve seen is this: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ If you just want the cloud rant: http://market-ticker.org/akcs-www?post=232732 The issue seems to be related to speculative execution. AMD gives a clue: https://lkml.org/lkml/2017/12/27/2 I found this pseudocode as a light reading example of what may be occurring https://twitter.com/pwnallthethings/status/947978927284383744 Jim -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Wed Jan 3 11:05:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 03 Jan 2018 16:05:00 +0000 Subject: [talk] NYC*BUG Tonight: OpenBSD Ports Message-ID: <25d82211-7cba-6ec7-5172-d3807001503e@ceetonetechnology.com> Yes, it's cold today, but was colder yesterday and will be even colder tomorrow. Nothing like an engaging NYC*BUG meeting to warm you up with... Jan 3, Tonight: OpenBSD Porting Workshop. Learn how to make ports!, Brian Callahan 18:45, LMHQ, 150 Broadway, 20th Floor, Manhattan Writing ports is a crucial aspect of *BSD development. There is a lot of software out in the world, and ports and packages make all our lives much easier. All the non-base software you use passed through the fingers of a porter. Making your own ports is an easy and fun way to make your first contributions to a *BSD project. Is there some piece of software you just can't live without? Do you have some software of your own that you would like to have readily available to *BSD users? Just interested in learning about ports and package management? This is the workshop for you! No experience necessary to participate. All set up, including an OpenBSD virtual machine, will be available for participants. We will be creating our own first ports for the OpenBSD project. This workshop will be a step-by-step from identifying the software you want to port through and including the final port ready for submission. By the end of the workshop, you will have submitted a new port to the OpenBSD ports@ mailing list! Speaker Bio Brian is a Ph.D. Candidate in the Department of Science & Technology Studies at Rensselaer Polytechnic Institute in Troy, NY. He is an OpenBSD developer, mostly working on ports. From raulcuza at gmail.com Wed Jan 3 11:31:16 2018 From: raulcuza at gmail.com (Raul Cuza) Date: Wed, 3 Jan 2018 11:31:16 -0500 Subject: [talk] [NEWS] Intel Flaw and *BSD Message-ID: https://forums.freebsd.org/threads/63955/ Not much to say about this yet, except I love that the thread starts with "Intel's CEO Just Sold a Lot of Stock" marking it as an important technological metric. Ra?l From bcallah at devio.us Wed Jan 3 12:29:54 2018 From: bcallah at devio.us (Brian Callahan) Date: Wed, 3 Jan 2018 12:29:54 -0500 Subject: [talk] NYC*BUG Tonight: OpenBSD Ports In-Reply-To: <25d82211-7cba-6ec7-5172-d3807001503e@ceetonetechnology.com> References: <25d82211-7cba-6ec7-5172-d3807001503e@ceetonetechnology.com> Message-ID: <37ba698f-3718-8fad-5291-3f644244b73e@devio.us> Don't forget to download the VM so you can play along with us: http://mirrors.nycbug.org/pub/distfiles/NYCBUG.ova Happy to have people work cooperatively on ports as well. ~Brian On 01/03/18 11:05, George Rosamond wrote: > Yes, it's cold today, but was colder yesterday and will be even colder > tomorrow. Nothing like an engaging NYC*BUG meeting to warm you up with... > > Jan 3, Tonight: > OpenBSD Porting Workshop. Learn how to make ports!, Brian Callahan > 18:45, LMHQ, 150 Broadway, 20th Floor, Manhattan > > Writing ports is a crucial aspect of *BSD development. There is a lot of > software out in the world, and ports and packages make all our lives > much easier. All the non-base software you use passed through the > fingers of a porter. > > Making your own ports is an easy and fun way to make your first > contributions to a *BSD project. Is there some piece of software you > just can't live without? Do you have some software of your own that you > would like to have readily available to *BSD users? Just interested in > learning about ports and package management? This is the workshop for > you! No experience necessary to participate. All set up, including an > OpenBSD virtual machine, will be available for participants. > > We will be creating our own first ports for the OpenBSD project. This > workshop will be a step-by-step from identifying the software you want > to port through and including the final port ready for submission. By > the end of the workshop, you will have submitted a new port to the > OpenBSD ports@ mailing list! > > Speaker Bio > > Brian is a Ph.D. Candidate in the Department of Science & Technology > Studies at Rensselaer Polytechnic Institute in Troy, NY. > > He is an OpenBSD developer, mostly working on ports. > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From pete at nomadlogic.org Wed Jan 3 13:23:11 2018 From: pete at nomadlogic.org (Pete Wright) Date: Wed, 3 Jan 2018 10:23:11 -0800 Subject: [talk] Holidaze, AWS, and astounding "clock drift outage" In-Reply-To: References: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com> <1514966962.986492.1222611432.45AE2A15@webmail.messagingengine.com> Message-ID: <4918e07a-780d-81a6-7151-712970fa065a@nomadlogic.org> On 01/03/2018 00:41, Charles Sprickman wrote: > > > Security concerns aside, if there really is a 30%-ish performance hit for ?some virtualization workloads?, and we assume AWS is basically all Intel, and that that 30% is now just datacenter-warming rather than computing, and 30% more capacity will be added, consuming 30% more power, is this like a whole ?add a Denmark to the power grid? event? > > Like a security flaw is going to hasten global warming? > lol - that's great!? and i used to get grumpy when people were running SETI at Home on our workstations overnight :) -pete -- Pete Wright pete at nomadlogic.org @nomadlogicLA From pete at nomadlogic.org Wed Jan 3 13:26:00 2018 From: pete at nomadlogic.org (Pete Wright) Date: Wed, 3 Jan 2018 10:26:00 -0800 Subject: [talk] Holidaze, AWS, and astounding "clock drift outage" In-Reply-To: <1514966962.986492.1222611432.45AE2A15@webmail.messagingengine.com> References: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com> <1514966962.986492.1222611432.45AE2A15@webmail.messagingengine.com> Message-ID: <3c61bff6-0cae-561f-3469-745c61faeb57@nomadlogic.org> On 01/03/2018 00:09, Isaac (.ike) Levy wrote: > Hi All, > > After weeks of nonsense (and boring long stories), > > On Mon, Dec 18, 2017, at 3:39 PM, Isaac (.ike) Levy wrote: >> Hi All, >> >> A bit OT from the pit of internet hell, but perhaps of interest to folks >> here: This weekend AWS has been doling out a disruption of service of >> the worst kind, clock skew insanity. And when I say insanity, I mean >> true madness. > Updates, perhaps of interest in several categories, > > Through continued holiday NTP/hardware adventure, we were told we were casualties of a Xen exploit to be publicly announced Thursday: > https://xenbits.xen.org/xsa/ > > As of today, Intel appears to be prepping to get in the mix, with issues apparently *quite* related, > https://www.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/ > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > Thursday my Ops teammates and I will certainly be popping popcorn to watch this show. > > -- > When we all knew how stupid this technical approach was years ago, why has the cloud taken the shape it has? > https://youtu.be/z7LsKtHXAmo?t=2545 > > I'm looking forward to the day the current favella of what we currently call "the cloud" has burned to the ground. And, I hope not completely burned- so we can look upon it's ashes for centuries and know how *not* to build things. it's funny - this whole thing is just another chapter in my rant that just like in the natural world a heterogeneous environment is a sign of a healthy ecosystem.? sure, it may take more effort and complexity to support a heterogeneous environment - but it does increase your ability to survive changes outside of your control. the fact that intel has something like %90 market share of CPU's was bound to have consequences, much like the fact that lord knows how many start-ups are solely dependent upon AWS :/ -pete -- Pete Wright pete at nomadlogic.org @nomadlogicLA From john at netpurgatory.com Wed Jan 3 13:28:04 2018 From: john at netpurgatory.com (John C. Vernaleo) Date: Wed, 3 Jan 2018 13:28:04 -0500 (EST) Subject: [talk] Holidaze, AWS, and astounding "clock drift outage" In-Reply-To: <3c61bff6-0cae-561f-3469-745c61faeb57@nomadlogic.org> References: <1513629587.1832583.1209156400.40A98C81@webmail.messagingengine.com> <1514966962.986492.1222611432.45AE2A15@webmail.messagingengine.com> <3c61bff6-0cae-561f-3469-745c61faeb57@nomadlogic.org> Message-ID: > it's funny - this whole thing is just another chapter in my rant that > just like in the natural world a heterogeneous environment is a sign of > a healthy ecosystem.? sure, it may take more effort and complexity to > support a heterogeneous environment - but it does increase your ability > to survive changes outside of your control. > > the fact that intel has something like %90 market share of CPU's was > bound to have consequences, much like the fact that lord knows how many > start-ups are solely dependent upon AWS :/ > > -pete Some are solely dependent on Google's cloud. That's almost diversity, right? From raulcuza at gmail.com Wed Jan 3 13:56:43 2018 From: raulcuza at gmail.com (Raul Cuza) Date: Wed, 3 Jan 2018 13:56:43 -0500 Subject: [talk] [NEWS] Intel Flaw and *BSD In-Reply-To: References: Message-ID: On Wed, Jan 3, 2018 at 11:31 AM, Raul Cuza wrote: > https://forums.freebsd.org/threads/63955/ > > Not much to say about this yet, except I love that the thread starts > with "Intel's CEO Just Sold a Lot of Stock" marking it as an important > technological metric. > > Ra?l /list-ops merge [subject: \[talk\] Holidaze, AWS, and astounding "clock drift outage"] /list-ops meta: reason: did not read before posting From george at ceetonetechnology.com Wed Jan 3 22:04:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 04 Jan 2018 03:04:00 +0000 Subject: [talk] tonight's meeting Message-ID: <5a313daf-479a-5577-7463-57a74fd96466@ceetonetechnology.com> Brian C did a good meeting on porting software to OpenBSD. Hopefully some new OpenBSD port submitters will come out of tonight. Feel free to use talk@ for any related discussion or review. We also collected $181 dollars for the OpenBSD Foundation which we will ping tomorrow. Some of us had an interesting conversation about doing a one-day conference for port maintainers for all the projects. There is a critical mass of them in NYC. It's unclear what would "bind" everyone together, and what exactly the sessions would be, but it's worth giving some thought. g -- 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 From george at ceetonetechnology.com Thu Jan 4 12:46:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 04 Jan 2018 17:46:00 +0000 Subject: [talk] a Port Maintainer day conference in NYC Message-ID: I'm forking this from my previous email, to open up the discussion and generate some concrete ideas. I'll repeat the basis: after Brian C's OpenBSD porting meeting last night, it became clear that there's a decent critical mass of port maintainers in the NYC area from the BSD projects. This specifically means people who port third-party applications to one BSD or another for inclusion in the respective ports and packages. It might include people who build and maintain large Mozilla ports, or simple shell-based utilities. There might even be those involved in the actual port-building infrastructure, ie, the Make environment that the ports systems dwell in. Assembling a bunch of them wouldn't be trivial, as we'd need space, etc., but we could probably do this without a lot of extras past NYCBSDCons require. Think no heavy sponsors, no catered food (except maybe pizzas), no hotels. There's some important issues to establish first: * is the event aimed at current maintainers talking to other maintainers? * if above is true, what topics would actually have them speaking the same tongue to make the event worthwhile? * would prospective maintainers be included on some level? * if above is true, would porting workshops (like last night) be part of the agenda? Anyways, I hope this opens up some discussion on the topic, since this will be the basis to determine whether this sort of event is feasible in NYC. g -- 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 From john at netpurgatory.com Thu Jan 4 13:25:18 2018 From: john at netpurgatory.com (John C. Vernaleo) Date: Thu, 4 Jan 2018 13:25:18 -0500 (EST) Subject: [talk] a Port Maintainer day conference in NYC In-Reply-To: References: Message-ID: As a (former) maintainer of lots of ports and ports plumbing, I think this is a great idea. ------------------------------------------------------- John C. Vernaleo, Ph.D. www.netpurgatory.com john at netpurgatory.com ------------------------------------------------------- On Thu, 4 Jan 2018, George Rosamond wrote: > I'm forking this from my previous email, to open up the discussion and > generate some concrete ideas. > > I'll repeat the basis: > > after Brian C's OpenBSD porting meeting last night, it became clear that > there's a decent critical mass of port maintainers in the NYC area from > the BSD projects. > > This specifically means people who port third-party applications to one > BSD or another for inclusion in the respective ports and packages. It > might include people who build and maintain large Mozilla ports, or > simple shell-based utilities. There might even be those involved in the > actual port-building infrastructure, ie, the Make environment that the > ports systems dwell in. > > Assembling a bunch of them wouldn't be trivial, as we'd need space, > etc., but we could probably do this without a lot of extras past > NYCBSDCons require. Think no heavy sponsors, no catered food (except > maybe pizzas), no hotels. > > There's some important issues to establish first: > > * is the event aimed at current maintainers talking to other maintainers? > > * if above is true, what topics would actually have them speaking the > same tongue to make the event worthwhile? > > * would prospective maintainers be included on some level? > > * if above is true, would porting workshops (like last night) be part of > the agenda? > > Anyways, I hope this opens up some discussion on the topic, since this > will be the basis to determine whether this sort of event is feasible in > NYC. > > g > > -- > > > 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > From raulcuza at gmail.com Fri Jan 5 09:35:37 2018 From: raulcuza at gmail.com (Raul Cuza) Date: Fri, 5 Jan 2018 09:35:37 -0500 Subject: [talk] a Port Maintainer day conference in NYC In-Reply-To: References: Message-ID: On Thu, Jan 4, 2018 at 12:46 PM, George Rosamond wrote: > I'm forking this from my previous email, to open up the discussion and > generate some concrete ideas. > > I'll repeat the basis: > > after Brian C's OpenBSD porting meeting last night, it became clear that > there's a decent critical mass of port maintainers in the NYC area from > the BSD projects. > > This specifically means people who port third-party applications to one > BSD or another for inclusion in the respective ports and packages. It > might include people who build and maintain large Mozilla ports, or > simple shell-based utilities. There might even be those involved in the > actual port-building infrastructure, ie, the Make environment that the > ports systems dwell in. > > Assembling a bunch of them wouldn't be trivial, as we'd need space, > etc., but we could probably do this without a lot of extras past > NYCBSDCons require. Think no heavy sponsors, no catered food (except > maybe pizzas), no hotels. > > There's some important issues to establish first: > > * is the event aimed at current maintainers talking to other maintainers? > > * if above is true, what topics would actually have them speaking the > same tongue to make the event worthwhile? > > * would prospective maintainers be included on some level? > > * if above is true, would porting workshops (like last night) be part of > the agenda? > > Anyways, I hope this opens up some discussion on the topic, since this > will be the basis to determine whether this sort of event is feasible in > NYC. > > g > > -- > > > 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk I think this is a great idea. I would recommend making it open to current port maintainers and to people interested in maintaining one or more ports. I'd probably break the day up into two parts, with the first part being for people who maintain ports. This part of the day can be organized unconference style (i.e. the topics are generated by the people who show up) with space/time being given to hands on work and collaboration. The second half of the day would include new porters with one or more laptop-open tutorials (similar to Brian's talk on Wednesday). I'd like to see software developers show up. No better way to have people use your software than to make it easy to install. It would be like an install fest but for ports. Ra?l From raulcuza at gmail.com Fri Jan 5 09:38:34 2018 From: raulcuza at gmail.com (Raul Cuza) Date: Fri, 5 Jan 2018 09:38:34 -0500 Subject: [talk] a Port Maintainer day conference in NYC In-Reply-To: References: Message-ID: On Thu, Jan 4, 2018 at 12:46 PM, George Rosamond wrote: > I'm forking this from my previous email, to open up the discussion and > generate some concrete ideas. > > I'll repeat the basis: > > after Brian C's OpenBSD porting meeting last night, it became clear that > there's a decent critical mass of port maintainers in the NYC area from > the BSD projects. > > This specifically means people who port third-party applications to one > BSD or another for inclusion in the respective ports and packages. It > might include people who build and maintain large Mozilla ports, or > simple shell-based utilities. There might even be those involved in the > actual port-building infrastructure, ie, the Make environment that the > ports systems dwell in. > > Assembling a bunch of them wouldn't be trivial, as we'd need space, > etc., but we could probably do this without a lot of extras past > NYCBSDCons require. Think no heavy sponsors, no catered food (except > maybe pizzas), no hotels. > > There's some important issues to establish first: > > * is the event aimed at current maintainers talking to other maintainers? > > * if above is true, what topics would actually have them speaking the > same tongue to make the event worthwhile? > > * would prospective maintainers be included on some level? > > * if above is true, would porting workshops (like last night) be part of > the agenda? > > Anyways, I hope this opens up some discussion on the topic, since this > will be the basis to determine whether this sort of event is feasible in > NYC. > > g > > -- > > > 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk At the risk of being asked to leave the ranch, I think learning to make Homebrew ports should be included. For all its faults, OS X is a BSD at its core. Ra?l From kmsujit at gmail.com Sun Jan 7 00:25:44 2018 From: kmsujit at gmail.com (Sujit K M) Date: Sun, 7 Jan 2018 10:55:44 +0530 Subject: [talk] Obscurity Vs Security Message-ID: I find a usecase which we should check while securing security. Obscurity. I know we have a way of remembering password/credit card pins. Some write it down in a book, or personal device. But we unknowingly remember a change or a failure to authenticate with a short cut which I call mental calculation. Now that breaks the contract that it is not an repeated password at the least. As per me we should check as I call it obscurity while allowing people to change password. As you would see we might be using a sequence of alphabets/number/special characters in the password which makes it easier to crack the password/pin. Any compromise can make it easier your set of password not just at the compromise location but at any place where you have made a presence. From george at ceetonetechnology.com Sun Jan 7 17:23:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Sun, 07 Jan 2018 22:23:00 +0000 Subject: [talk] a Port Maintainer day conference in NYC In-Reply-To: References: Message-ID: <05e539f4-f14b-cc1c-c6b6-0acab1669513@ceetonetechnology.com> Raul Cuza: > On Thu, Jan 4, 2018 at 12:46 PM, George Rosamond > wrote: >> I'm forking this from my previous email, to open up the discussion and >> generate some concrete ideas. >> >> I'll repeat the basis: >> >> after Brian C's OpenBSD porting meeting last night, it became clear that >> there's a decent critical mass of port maintainers in the NYC area from >> the BSD projects. >> >> This specifically means people who port third-party applications to one >> BSD or another for inclusion in the respective ports and packages. It >> might include people who build and maintain large Mozilla ports, or >> simple shell-based utilities. There might even be those involved in the >> actual port-building infrastructure, ie, the Make environment that the >> ports systems dwell in. >> >> Assembling a bunch of them wouldn't be trivial, as we'd need space, >> etc., but we could probably do this without a lot of extras past >> NYCBSDCons require. Think no heavy sponsors, no catered food (except >> maybe pizzas), no hotels. >> >> There's some important issues to establish first: >> >> * is the event aimed at current maintainers talking to other maintainers? >> >> * if above is true, what topics would actually have them speaking the >> same tongue to make the event worthwhile? >> >> * would prospective maintainers be included on some level? >> >> * if above is true, would porting workshops (like last night) be part of >> the agenda? >> >> Anyways, I hope this opens up some discussion on the topic, since this >> will be the basis to determine whether this sort of event is feasible in >> NYC. >> >> g >> >> -- >> >> >> 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 >> >> _______________________________________________ >> talk mailing list >> talk at lists.nycbug.org >> http://lists.nycbug.org/mailman/listinfo/talk > > At the risk of being asked to leave the ranch, I think learning to > make Homebrew ports should be included. For all its faults, OS X is a > BSD at its core. Off the ranch! I'd be -1 on that, personally. Maybe a better approach would be to gear the event towards tutorials. There is an instructor for each BSD port system, and two time slots. Users sign up for the BSD port system they intend to use, and in the first session it's an overview, then the second one is hands-on, with possible port submissions. Users would have to pick which BSD, and we could assess the number of 'helpers' at each session. If, say, 20 users sign up for LoopyBSD, the 2nd hands-on tutorial might require x people to be there. Something like BCallah's doc sprint, without the DDOS effect? Then we could have more general sessions preceding or following the two BSD-specific time slots. We could ultimately judge the results in (serious) ports submitted. Still toying with the idea, but we're not going to even consider it without more input. g From arielsanchezmora at gmail.com Sun Jan 7 17:31:03 2018 From: arielsanchezmora at gmail.com (Ariel Sanchez Mora) Date: Sun, 7 Jan 2018 17:31:03 -0500 Subject: [talk] a Port Maintainer day conference in NYC In-Reply-To: <05e539f4-f14b-cc1c-c6b6-0acab1669513@ceetonetechnology.com> References: <05e539f4-f14b-cc1c-c6b6-0acab1669513@ceetonetechnology.com> Message-ID: All I'll add (since I don't live in NYC anymore) is that I miss bring part of such a vibrant community. If you are on the fence, don't take this lightly - dive in! It's an amazing opportunity! On Jan 7, 2018 5:24 PM, "George Rosamond" wrote: > Raul Cuza: > > On Thu, Jan 4, 2018 at 12:46 PM, George Rosamond > > wrote: > >> I'm forking this from my previous email, to open up the discussion and > >> generate some concrete ideas. > >> > >> I'll repeat the basis: > >> > >> after Brian C's OpenBSD porting meeting last night, it became clear that > >> there's a decent critical mass of port maintainers in the NYC area from > >> the BSD projects. > >> > >> This specifically means people who port third-party applications to one > >> BSD or another for inclusion in the respective ports and packages. It > >> might include people who build and maintain large Mozilla ports, or > >> simple shell-based utilities. There might even be those involved in the > >> actual port-building infrastructure, ie, the Make environment that the > >> ports systems dwell in. > >> > >> Assembling a bunch of them wouldn't be trivial, as we'd need space, > >> etc., but we could probably do this without a lot of extras past > >> NYCBSDCons require. Think no heavy sponsors, no catered food (except > >> maybe pizzas), no hotels. > >> > >> There's some important issues to establish first: > >> > >> * is the event aimed at current maintainers talking to other > maintainers? > >> > >> * if above is true, what topics would actually have them speaking the > >> same tongue to make the event worthwhile? > >> > >> * would prospective maintainers be included on some level? > >> > >> * if above is true, would porting workshops (like last night) be part of > >> the agenda? > >> > >> Anyways, I hope this opens up some discussion on the topic, since this > >> will be the basis to determine whether this sort of event is feasible in > >> NYC. > >> > >> g > >> > >> -- > >> > >> > >> 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 > >> > >> _______________________________________________ > >> talk mailing list > >> talk at lists.nycbug.org > >> http://lists.nycbug.org/mailman/listinfo/talk > > > > At the risk of being asked to leave the ranch, I think learning to > > make Homebrew ports should be included. For all its faults, OS X is a > > BSD at its core. > > Off the ranch! > > I'd be -1 on that, personally. > > Maybe a better approach would be to gear the event towards tutorials. > > There is an instructor for each BSD port system, and two time slots. > Users sign up for the BSD port system they intend to use, and in the > first session it's an overview, then the second one is hands-on, with > possible port submissions. > > Users would have to pick which BSD, and we could assess the number of > 'helpers' at each session. If, say, 20 users sign up for LoopyBSD, the > 2nd hands-on tutorial might require x people to be there. > > Something like BCallah's doc sprint, without the DDOS effect? > > Then we could have more general sessions preceding or following the two > BSD-specific time slots. > > We could ultimately judge the results in (serious) ports submitted. > > Still toying with the idea, but we're not going to even consider it > without more input. > > g > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bcully at gmail.com Fri Jan 12 09:47:34 2018 From: bcully at gmail.com (Brian Cully) Date: Fri, 12 Jan 2018 06:47:34 -0800 Subject: [talk] pfSense home unit Message-ID: I?m looking to buy a pfSense router for home use, and was looking for recommendations. I don?t want to spend too much money, and the Netgate ones seem kind of pricy and overkill for what I need. The home is served by a 200Mbps cable modem, so I?d think basically any router would work fine. My main needs are: 1) Ad blocking. I?ve gotten to the point where I want to put this on the router itself, since they?re in goddamn everything and there?s no such thing as Little Snitch for iOS. 2) IPv6 tunnel with tunnelbroker.net. I?m pretty sure any pfSense device can deal with point 2, but I?d like to be sure before I drop the cash. As for ad blocking, I think I might need a little more horsepower to handle it. I also get the impression that the only platform that has universal support is amd64. So can anyone recommend something, preferably amd64-based, that?ll deal with the above, and preferably under $200? -bjc From shawn.webb at hardenedbsd.org Fri Jan 12 09:51:02 2018 From: shawn.webb at hardenedbsd.org (Shawn Webb) Date: Fri, 12 Jan 2018 09:51:02 -0500 Subject: [talk] pfSense home unit In-Reply-To: References: Message-ID: <20180112145102.uixbel223gbsszjo@mutt-hbsd> Hey Brian, OPNsense works great on the APU2c4 devices from PC Engines (link below). Both of your requirements can be met with OPNsense on it. PC Engines: https://pcengines.ch/ Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE On Fri, Jan 12, 2018 at 06:47:34AM -0800, Brian Cully wrote: > I???m looking to buy a pfSense router for home use, and was looking for > recommendations. I don???t want to spend too much money, and the Netgate > ones seem kind of pricy and overkill for what I need. > > The home is served by a 200Mbps cable modem, so I???d think basically > any router would work fine. My main needs are: > > 1) Ad blocking. I???ve gotten to the point where I want to put this on > the router itself, since they???re in goddamn everything and there???s no > such thing as Little Snitch for iOS. > > 2) IPv6 tunnel with tunnelbroker.net. > > I???m pretty sure any pfSense device can deal with point 2, but I???d > like to be sure before I drop the cash. As for ad blocking, I think I > might need a little more horsepower to handle it. I also get the > impression that the only platform that has universal support is amd64. > > So can anyone recommend something, preferably amd64-based, that???ll > deal with the above, and preferably under $200? > > -bjc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From zaphod at berentweb.com Fri Jan 12 11:15:17 2018 From: zaphod at berentweb.com (Beeblebrox) Date: Fri, 12 Jan 2018 16:15:17 +0000 Subject: [talk] pfSense home unit In-Reply-To: <89708671-2E19-4EAB-A46F-160B6E125FA5@berentweb.com> References: <89708671-2E19-4EAB-A46F-160B6E125FA5@berentweb.com> Message-ID: <1A92CBB1-AA97-4EFD-B10C-9BD2B82AEFA0@berentweb.com> Seems I sent failed to cc the list when sending this > I?m looking to buy a pfSense router for home use Also take a look at OPNSense IMHO. > and was looking for recommendations. On the hardware side, don't forget that router boxes are optimally designed to handle traffic, so they will perform better than say a generic card + cpu with dual NIC's. > As for ad blocking, I think I might need a little more horsepower to handle it. Nope, this is pretty easy; you run your own DNS resolver (unbound) and poison the ad sites by Yoyo.org anti-ad server listing. You can also run encrypted DNS lookup + DNSSEC. A bit out dated, but I once wrote a how-to: https://forums.freebsd.org/threads/48966/ As side note, I would also recommend Privoxy for enhanced privacy. Runs as front-end proxy and privacy filter. You can forward traffic to Tor, based on a "user-agent" filter parameter: https://forums.freebsd.org/threads/61601/ HTH... From jkeenan at pobox.com Fri Jan 12 11:49:46 2018 From: jkeenan at pobox.com (James E Keenan) Date: Fri, 12 Jan 2018 11:49:46 -0500 Subject: [talk] Strength of internet connection has significant impact on OpenBSD 'pkg-add' Message-ID: <1a8bfc07-c83e-b403-fae7-1ab14db26bd1@pobox.com> OpenBSD's pkg_add command and certain forms of pkg_info -- e.g., pkg_info -Q -- are sensitive to the quality of one's internet connection to a surprising degree. Background In the last week of December I noticed that my home internet service -- Verizon DSL -- was deteriorating severely. Previously, I might get at most 3% packet loss during 'ping'. Now I was losing 11% -- and that was to go up to over 20% at times. I could still download most files, albeit much more slowly. However, when I tried to download the Vagrant box holding an OpenBSD-6.2 VM prepared by Brian Callahan for the Jan 3 NYCBUG meeting, the estimated time was more than 14 hours. (Even when I got to LMHQ for the meeting, the download still took between 60 and 90 minutes, so that was a very large file indeed.) The packet loss problem got to the point where I threw in the towel on Verizon (after 14 years) and next week I'll have Optimum installed. But while I would have expected that a lousy net connection would have impeded large downloads of files, I would not have expected that it would have impeded *other* network calls even more completely. The case in point: OpenBSD's 'pkg' command and (at least) the 'pkg_info -Q' syntax of that command. Last week, following some guidance from Brian, I was able to use the ports system to install certain programs (e.g., git, perl, subversion) and to prepare two new ports for submission. So I did not anticipate that when I would switch the 'pkg' for software installation purposes, I would have no success. As I described on freenode #nycbug, ##### Anyone around who can answer questions about OpenBSD pkg_add? Based on http://ports.su/devel, I know that there exists a package 'p5-Path-Tiny-0.014' at http://ports.su/devel/p5-Path-Tiny. But when I call: sudo pkg_add p5-Path-Tiny, I get (after a delay): https://ftp4.usa.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/: Read short file. Can't find p5-Path-Tiny ##### This morning I got diagnostic suggestions on IRC from gman999, okan and bcallah. To make a long story short, there was no problem in /etc/installurl or in /etc/doas.conf. Setting $PKG_CONF (per M Lucas book) or not made no difference. okan indicated that "a short read means that the file was not fully fetched -- as in, ftp fetch knows the size it should have gotten, but the actual number of bytes doesn't match." To which I responded, "s it correct to infer from this that, when 'pkg_info -Q' or 'pkg_add' starts up, it goes out to the net and first tries to read a file so big that packet loss can be deadly?" okan replied, "the index file is largish, so could be." So I now write from an internet cafe where there is presumably a satisfactory network connection (most importantly, 0% packet loss from ping). Here's what I got. ##### $ time pkg_info -Q p5-Path-Tiny p5-Path-Tiny-0.104 (installed) 0m01.94s real 0m00.16s user 0m00.04s system ##### And pkg-add subsequently took only a few seconds to install that package. ##### $ perl -MPath::Tiny -E 'say q|hello world|' hello world ##### Now, notwithstanding the fact that OpenBSD can be used as a desktop OS, my hunch is that the vast majority of OpenBSD installations are on servers where the internet connection is fast and solid. So the total number of humans affected by this problem is likely to be small. Nonetheless, the vulnerability of 'pkg_add', etc., to inferior network connections is, to me at least, surprising. So perhaps an area for improvement. Thank you very much. Jim Keenan From ike at blackskyresearch.net Fri Jan 12 13:01:48 2018 From: ike at blackskyresearch.net (Isaac (.ike) Levy) Date: Fri, 12 Jan 2018 13:01:48 -0500 Subject: [talk] pfSense home unit In-Reply-To: <20180112145102.uixbel223gbsszjo@mutt-hbsd> References: <20180112145102.uixbel223gbsszjo@mutt-hbsd> Message-ID: <1515780108.508324.1233430224.078CE363@webmail.messagingengine.com> Hi Brian, Top posting aside, my comments inline. Full disclosure: I reccommend OPNSense as an early contributor to the project, (even though I had contributed to PFSense from it's beginning until OPNSense). On Fri, Jan 12, 2018, at 9:51 AM, Shawn Webb wrote: > Hey Brian, > > OPNsense works great on the APU2c4 devices from PC Engines (link > below). Both of your requirements can be met with OPNsense on it. > > PC Engines: https://pcengines.ch/ > > Thanks, > > -- > Shawn Webb > Cofounder and Security Engineer > HardenedBSD > > Tor-ified Signal: +1 443-546-8752 > GPG Key ID: 0x6A84658F52456EEE > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE > > On Fri, Jan 12, 2018 at 06:47:34AM -0800, Brian Cully wrote: > > I???m looking to buy a pfSense router for home use, and was looking for > > recommendations. I don???t want to spend too much money, and the Netgate > > ones seem kind of pricy and overkill for what I need. I'll second Shawn on this, there was just a thread on PCEngines this in December, here's my long ramble: http://lists.nycbug.org/pipermail/talk/2017-December/017422.html In short- the PCEngines people are awesome, the gear is stellar for your purposes. PCEngines board - apu2c4 - $132 http://pcengines.ch/apu2c4.htm Case - case1d2blku - $10.00 (Case can be black, red, blue) http://pcengines.ch/case1d2blku.htm AC adapter 12V 2A US plug - ac12vus2 $4.40 http://pcengines.ch/ac12vus2.htm SSD M-Sata 16GB MLC - $17.80 http://pcengines.ch/msata16g.htm $ 164.20 - Each Router + shipping. > > > > The home is served by a 200Mbps cable modem, so I???d think basically > > any router would work fine. My main needs are: > > > > 1) Ad blocking. I???ve gotten to the point where I want to put this on > > the router itself, since they???re in goddamn everything and there???s no > > such thing as Little Snitch for iOS. https://devinstechblog.com/block-ads-with-dns-in-opnsense/ https://forum.opnsense.org/index.php?topic=1351.0 Loads of ways to get this done. > > > > 2) IPv6 tunnel with tunnelbroker.net. > > > > I???m pretty sure any pfSense device can deal with point 2, but I???d > > like to be sure before I drop the cash. As for ad blocking, I think I > > might need a little more horsepower to handle it. I also get the > > impression that the only platform that has universal support is amd64. https://wiki.opnsense.org/manual/how-tos/ipv6_tunnelbroker.html > > > > So can anyone recommend something, preferably amd64-based, that???ll > > deal with the above, and preferably under $200? That PCEngines gear listed above does it- and, if you hate it as a network appliance, you can always drop in a 500G-1T msata SSD and you have a perfectly awesome low-power server running any OS you want. Best, .ike > > > > -bjc > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > Email had 1 attachment: > + signature.asc > 1k (application/pgp-signature) From jim at netgate.com Fri Jan 12 19:39:16 2018 From: jim at netgate.com (Jim Thompson) Date: Fri, 12 Jan 2018 17:39:16 -0700 Subject: [talk] pfSense home unit In-Reply-To: References: Message-ID: <80714E8D-D518-414C-8BC6-3230F9763139@netgate.com> Wait 60 days. Not saying why. Jim > On Jan 12, 2018, at 7:47 AM, Brian Cully wrote: > > I?m looking to buy a pfSense router for home use, and was looking for > recommendations. I don?t want to spend too much money, and the Netgate > ones seem kind of pricy and overkill for what I need. > > The home is served by a 200Mbps cable modem, so I?d think basically > any router would work fine. My main needs are: > > 1) Ad blocking. I?ve gotten to the point where I want to put this on > the router itself, since they?re in goddamn everything and there?s no > such thing as Little Snitch for iOS. > > 2) IPv6 tunnel with tunnelbroker.net. > > I?m pretty sure any pfSense device can deal with point 2, but I?d > like to be sure before I drop the cash. As for ad blocking, I think I > might need a little more horsepower to handle it. I also get the > impression that the only platform that has universal support is amd64. > > So can anyone recommend something, preferably amd64-based, that?ll > deal with the above, and preferably under $200? > > -bjc > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From spork at bway.net Fri Jan 12 21:49:16 2018 From: spork at bway.net (Charles Sprickman) Date: Fri, 12 Jan 2018 21:49:16 -0500 Subject: [talk] Pi or other device for remote mgmt? Message-ID: <938D9419-928F-4F39-A3F5-6305B3230B56@bway.net> Hi all, With all the ARM fans here, maybe someone has some ideas for this. As some of you know, I do freelance work for an ISP and they are in NYC and I am not. I?ve got a box in their office that I use to setup new gear and such, either by serial or ethernet and then at some point an ssh tunnel to my box for web-based configs and the like. For some on-site work they?ll just dump a windows laptop with TeamViewer (henceforth, ?TV?) and that?s my entry point to a network. Both work well, the TV is sometimes a bit clunky because it can be laggy and it?s windows (blessing for things that need windows tools, curse otherwise). It also craps out if I break the network, as I can then no longer reach the TV laptop. Of note, TV is handy in that it ?reaches out? to a proxy rather than relying on me punching holes in to reach it. I?m looking to create a hybrid. I?d like to take a cellular device like a cradlepoint or mifi and pair that with a tiny *nix box loaded up with tools. This could solve a bunch of problems: - Rather than relying on on-site internet access, it relies on the cell network, so if I break something on-site, I still maintain access to my toolbox and may then be able to undo what I?ve done - It?s not windows - It has all the tools I need - It?s not a big laptop, it?s two small devices strapped together - It could hopefully all be powered via batteries or PoE (handy for wireless PoPs) - If lost/stolen, it?s not a laptop Where I?m a bit lost as to what hardware to fetch: - The Pi or equivalent would need at least two ethernet ports, one for the cell modem, one for the network I?m working on - wifi would be helpful in cases where I?m looking at some onsite wifi problem - Able to be powered via one of those phone charger battery packs, would like at least 8 hours runtime on a large (say 12AH) battery - Able be able to be powered via PoE (passive/WISP-style and/or standards-based) - Should have a decent case available to protect it - Hardware should be reliable - Some kind of LCD panel to show status (like ?hey, I have an IP and I?ve nailed up a VPN connection?), or just some LEDs blinking in a pattern - Additionally, any pointers on a decent 3G/LTE modem/carrier that has ethernet as opposed to wifi? No ethernet is a deal breaker. OS/software-related questions: - How can I set this thing up so that as soon as it power on and sees a network it will ?phone home? and setup a tunnel back to a server somewhere? I don?t trust IPSEC with all the garbage between the device and the server. OpenVPN started on boot to just nail up a connection? - If something is amiss, a very basic GUI or something to allow a helper to plug in a monitor/kbd and read me back some info (any alternatives to X yet?). - Are there any *BSD derivatives that bundle a bunch of tools, security and otherwise (for example, Parrot: https://www.parrotsec.org/) - this isn?t necessarily for security work, but things like Parrot tend to bundle a ton of general use tools, and usually some neat wifi tools. Lastly, maybe someone has already built this and sells it as a penetration testing device. Sound familiar to anyone? Thanks, Charles From kmsujit at gmail.com Sat Jan 13 00:04:59 2018 From: kmsujit at gmail.com (Sujit K M) Date: Sat, 13 Jan 2018 10:34:59 +0530 Subject: [talk] Pulled PorK Message-ID: What is Snort VS http://blog.snort.org/2017/12/pulledpork-073-release.html? Not able to find documentation. Seems to be a Retro Fit. From kmsujit at gmail.com Sat Jan 13 06:43:29 2018 From: kmsujit at gmail.com (Sujit K M) Date: Sat, 13 Jan 2018 17:13:29 +0530 Subject: [talk] Pi or other device for remote mgmt? In-Reply-To: <938D9419-928F-4F39-A3F5-6305B3230B56@bway.net> References: <938D9419-928F-4F39-A3F5-6305B3230B56@bway.net> Message-ID: On Sat, Jan 13, 2018 at 8:19 AM, Charles Sprickman wrote: > Hi all, > > With all the ARM fans here, maybe someone has some ideas for this. > > As some of you know, I do freelance work for an ISP and they are in NYC and I am not. I?ve got a box in their office that I use to setup new gear and such, either by serial or > ethernet and then at some point an ssh tunnel to my box for web-based configs and the like. For some on-site work they?ll just dump a windows laptop with TeamViewer >(henceforth, ?TV?) and that?s my entry point to a network. Both work well, the TV is sometimes a bit clunky because it can be laggy and it?s windows (blessing for things that >need windows tools, curse otherwise). It also craps out if I break the network, as I can then no longer reach the TV laptop. Of note, TV is handy in that it ?reaches out? to a >proxy rather than relying on me punching holes in to reach it. I would suggest you have for example to prod boxes access with security like SSH, Then you can use term to login to the systems. Though It might not be permitted directly. You can always use an what is called an Jump Box to log to your PROD Environment. I would Suggest if Graphics(UNIX might be but Linux for Sure) use VNC similar to TV. Also Once I had worked at work to create a Graphical Interface for Solaris Using Cygwin on Windows. You can infact have an entire screen look like as though it is an Solaris Local Box. From kmsujit at gmail.com Sat Jan 13 06:51:50 2018 From: kmsujit at gmail.com (Sujit K M) Date: Sat, 13 Jan 2018 17:21:50 +0530 Subject: [talk] Strength of internet connection has significant impact on OpenBSD 'pkg-add' In-Reply-To: <1a8bfc07-c83e-b403-fae7-1ab14db26bd1@pobox.com> References: <1a8bfc07-c83e-b403-fae7-1ab14db26bd1@pobox.com> Message-ID: On Fri, Jan 12, 2018 at 10:19 PM, James E Keenan wrote: > OpenBSD's pkg_add command and certain forms of pkg_info -- e.g., pkg_info -Q > -- are sensitive to the quality of one's internet connection to a surprising > degree. > > Background > > In the last week of December I noticed that my home internet service -- > Verizon DSL -- was deteriorating severely. Previously, I might get at most > 3% packet loss during 'ping'. Now I was losing 11% -- and that was to go up > to over 20% at times. I could still download most files, albeit much more > slowly. However, when I tried to download the Vagrant box holding an > OpenBSD-6.2 VM prepared by Brian Callahan for the Jan 3 NYCBUG meeting, the > estimated time was more than 14 hours. (Even when I got to LMHQ for the > meeting, the download still took between 60 and 90 minutes, so that was a > very large file indeed.) I would suggest some sort of problem with the OpenBSD and Verizon Network in case of the packet loss, since below you had mentioned it is zero in another network you had tried. But that said why is a port download taking 14 hours, I would either suggest lot of collision within your network or with the network you are connected to and I think this is a case of Random Collision which would be because there is not a case of every 3rd or 5th packet for instance to be lost due to collision, this causes havoc to packet assembly on your machine as on the Server. From jkeenan at pobox.com Sat Jan 13 07:49:30 2018 From: jkeenan at pobox.com (James E Keenan) Date: Sat, 13 Jan 2018 07:49:30 -0500 Subject: [talk] Strength of internet connection has significant impact on OpenBSD 'pkg-add' In-Reply-To: References: <1a8bfc07-c83e-b403-fae7-1ab14db26bd1@pobox.com> Message-ID: <5e25b688-04e0-88cc-5069-737600ef5bb7@pobox.com> On 01/13/2018 06:51 AM, Sujit K M wrote: > On Fri, Jan 12, 2018 at 10:19 PM, James E Keenan wrote: >> OpenBSD's pkg_add command and certain forms of pkg_info -- e.g., pkg_info -Q >> -- are sensitive to the quality of one's internet connection to a surprising >> degree. >> >> Background >> >> In the last week of December I noticed that my home internet service -- >> Verizon DSL -- was deteriorating severely. Previously, I might get at most >> 3% packet loss during 'ping'. Now I was losing 11% -- and that was to go up >> to over 20% at times. I could still download most files, albeit much more >> slowly. However, when I tried to download the Vagrant box holding an >> OpenBSD-6.2 VM prepared by Brian Callahan for the Jan 3 NYCBUG meeting, the >> estimated time was more than 14 hours. (Even when I got to LMHQ for the >> meeting, the download still took between 60 and 90 minutes, so that was a >> very large file indeed.) > > I would suggest some sort of problem with the OpenBSD and Verizon Network > in case of the packet loss, since below you had mentioned it is zero in another > network you had tried. But that said why is a port download taking 14 hours, It was not a port download that was projected to take 14 hours; it was a download of an entire VM. > I would either suggest lot of collision within your network or with the network > you are connected to and I think this is a case of Random Collision which would > be because there is not a case of every 3rd or 5th packet for instance > to be lost > due to collision, this causes havoc to packet assembly on your machine as on the > Server. > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > From mark.saad at ymail.com Sat Jan 13 10:40:17 2018 From: mark.saad at ymail.com (Mark Saad) Date: Sat, 13 Jan 2018 10:40:17 -0500 Subject: [talk] Strength of internet connection has significant impact on OpenBSD 'pkg-add' In-Reply-To: <5e25b688-04e0-88cc-5069-737600ef5bb7@pobox.com> References: <1a8bfc07-c83e-b403-fae7-1ab14db26bd1@pobox.com> <5e25b688-04e0-88cc-5069-737600ef5bb7@pobox.com> Message-ID: Jim When you get the optimum setup ; promptly return all of the equipment the left you and purchase your own ?new? cable modem ; and set you own router . Depending on where you live they rent the modem to you for $5-15. A new modem is about $45-60 bucks. Why do all of this ? Most of the gear they leave with you is not new it?s pulled from old customer sites . Two the optimum provided router modem combo also has a public hotspot in it ; which is hard to fully disable . Optimum does a good job at segregation of the hotspot from your network but why you need to do it it?s always a good idea . Lastly you ca run a real openbsd router hooked up to your own modem and enjoy the fun of that . To swap the modem you will need to contact optimum to swap in the new modem on their end . --- Mark Saad | mark.saad at ymail.com > On Jan 13, 2018, at 7:49 AM, James E Keenan wrote: > >> On 01/13/2018 06:51 AM, Sujit K M wrote: >>> On Fri, Jan 12, 2018 at 10:19 PM, James E Keenan wrote: >>> OpenBSD's pkg_add command and certain forms of pkg_info -- e.g., pkg_info -Q >>> -- are sensitive to the quality of one's internet connection to a surprising >>> degree. >>> >>> Background >>> >>> In the last week of December I noticed that my home internet service -- >>> Verizon DSL -- was deteriorating severely. Previously, I might get at most >>> 3% packet loss during 'ping'. Now I was losing 11% -- and that was to go up >>> to over 20% at times. I could still download most files, albeit much more >>> slowly. However, when I tried to download the Vagrant box holding an >>> OpenBSD-6.2 VM prepared by Brian Callahan for the Jan 3 NYCBUG meeting, the >>> estimated time was more than 14 hours. (Even when I got to LMHQ for the >>> meeting, the download still took between 60 and 90 minutes, so that was a >>> very large file indeed.) >> I would suggest some sort of problem with the OpenBSD and Verizon Network >> in case of the packet loss, since below you had mentioned it is zero in another >> network you had tried. But that said why is a port download taking 14 hours, > > It was not a port download that was projected to take 14 hours; it was a download of an entire VM. > >> I would either suggest lot of collision within your network or with the network >> you are connected to and I think this is a case of Random Collision which would >> be because there is not a case of every 3rd or 5th packet for instance >> to be lost >> due to collision, this causes havoc to packet assembly on your machine as on the >> Server. >> _______________________________________________ >> talk mailing list >> talk at lists.nycbug.org >> http://lists.nycbug.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From bcully at gmail.com Sun Jan 14 10:02:59 2018 From: bcully at gmail.com (Brian Cully) Date: Sun, 14 Jan 2018 10:02:59 -0500 Subject: [talk] pfSense home unit In-Reply-To: <1515780108.508324.1233430224.078CE363@webmail.messagingengine.com> References: <20180112145102.uixbel223gbsszjo@mutt-hbsd> <1515780108.508324.1233430224.078CE363@webmail.messagingengine.com> Message-ID: On January 12, 2018 at 13:02:15, Isaac (.ike) Levy (ike at blackskyresearch.net) wrote: > I'll second Shawn on this, there was just a thread on PCEngines this in December, here's > my long ramble: > http://lists.nycbug.org/pipermail/talk/2017-December/017422.html > In short- the PCEngines people are awesome, the gear is stellar for your purposes. > > PCEngines board - apu2c4 - $132 > http://pcengines.ch/apu2c4.htm > > Case - case1d2blku - $10.00 > (Case can be black, red, blue) > http://pcengines.ch/case1d2blku.htm > > AC adapter 12V 2A US plug - ac12vus2 $4.40 > http://pcengines.ch/ac12vus2.htm > > SSD M-Sata 16GB MLC - $17.80 > http://pcengines.ch/msata16g.htm > > $ 164.20 - Each Router + shipping. Thanks, everyone. I did end up purchasing an apu2c4. Price was higher than this (by almost $100!), though. pcengines was sold out of their boards, and external vendors were more expensive. But at least it all comes pre-assembled, so less waiting for parts. -bjc From spork at bway.net Sun Jan 14 15:24:29 2018 From: spork at bway.net (Charles Sprickman) Date: Sun, 14 Jan 2018 15:24:29 -0500 Subject: [talk] pfSense home unit In-Reply-To: References: <20180112145102.uixbel223gbsszjo@mutt-hbsd> <1515780108.508324.1233430224.078CE363@webmail.messagingengine.com> Message-ID: > On Jan 14, 2018, at 10:02 AM, Brian Cully wrote: > > On January 12, 2018 at 13:02:15, Isaac (.ike) Levy > (ike at blackskyresearch.net) wrote: >> I'll second Shawn on this, there was just a thread on PCEngines this in December, here's >> my long ramble: >> http://lists.nycbug.org/pipermail/talk/2017-December/017422.html >> In short- the PCEngines people are awesome, the gear is stellar for your purposes. >> >> PCEngines board - apu2c4 - $132 >> http://pcengines.ch/apu2c4.htm >> >> Case - case1d2blku - $10.00 >> (Case can be black, red, blue) >> http://pcengines.ch/case1d2blku.htm >> >> AC adapter 12V 2A US plug - ac12vus2 $4.40 >> http://pcengines.ch/ac12vus2.htm >> >> SSD M-Sata 16GB MLC - $17.80 >> http://pcengines.ch/msata16g.htm >> >> $ 164.20 - Each Router + shipping. > > Thanks, everyone. I did end up purchasing an apu2c4. Price was higher > than this (by almost $100!), though. pcengines was sold out of their > boards, and external vendors were more expensive. But at least it all > comes pre-assembled, so less waiting for parts. Just another option to think about? I was recently looking for a replacement for a personal 1U box on ebay (and I missed a good one by hours!), but I found quite a few people selling Supermicro 1U Atom boxes. Maybe not the best, but cheap, can likely survive without a fan, and you likely jam more ports in there. Example of an ended auction: https://www.ebay.com/itm/Server-Supermicro-Intel-Atom-D525-Mini-1U-Rackmount-SATA-TESTED-Working-Great-/232596282461?_trksid=p2047675.l2557&nma=true&si=gWZ%252FyqhCG6KLYlzQFPHYl3Gdr5U%253D&orig_cvip=true&rt=nc > > -bjc > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Sun Jan 14 15:30:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Sun, 14 Jan 2018 20:30:00 +0000 Subject: [talk] pfSense home unit In-Reply-To: References: <20180112145102.uixbel223gbsszjo@mutt-hbsd> <1515780108.508324.1233430224.078CE363@webmail.messagingengine.com> Message-ID: <1d07249f-03ba-029c-82dd-492373c18bcf@ceetonetechnology.com> Charles Sprickman: > >> On Jan 14, 2018, at 10:02 AM, Brian Cully >> wrote: >> >> On January 12, 2018 at 13:02:15, Isaac (.ike) Levy >> (ike at blackskyresearch.net) wrote: >>> I'll second Shawn on this, there was just a thread on PCEngines >>> this in December, here's my long ramble: >>> http://lists.nycbug.org/pipermail/talk/2017-December/017422.html >>> In short- the PCEngines people are awesome, the gear is stellar >>> for your purposes. >>> >>> PCEngines board - apu2c4 - $132 http://pcengines.ch/apu2c4.htm >>> >>> Case - case1d2blku - $10.00 (Case can be black, red, blue) >>> http://pcengines.ch/case1d2blku.htm >>> >>> AC adapter 12V 2A US plug - ac12vus2 $4.40 >>> http://pcengines.ch/ac12vus2.htm >>> >>> SSD M-Sata 16GB MLC - $17.80 http://pcengines.ch/msata16g.htm >>> >>> $ 164.20 - Each Router + shipping. >> >> Thanks, everyone. I did end up purchasing an apu2c4. Price was >> higher than this (by almost $100!), though. pcengines was sold out >> of their boards, and external vendors were more expensive. But at >> least it all comes pre-assembled, so less waiting for parts. > > Just another option to think about? I was recently looking for a > replacement for a personal 1U box on ebay (and I missed a good one by > hours!), but I found quite a few people selling Supermicro 1U Atom > boxes. Maybe not the best, but cheap, can likely survive without a > fan, and you likely jam more ports in there. > > Example of an ended auction: > > https://www.ebay.com/itm/Server-Supermicro-Intel-Atom-D525-Mini-1U-Rackmount-SATA-TESTED-Working-Great-/232596282461?_trksid=p2047675.l2557&nma=true&si=gWZ%252FyqhCG6KLYlzQFPHYl3Gdr5U%253D&orig_cvip=true&rt=nc > When it comes to Atoms, I have lost my patience for most purposes, unless it's for a specific low-power single-function. They are so incredibly underpowered that I'd prefer a decent i386 box in many cases. Mark S had recommended, and I'll +1 it, to recommend Dell R210 II for small half-depth servers. Cheap, and pack a decent processor and RAM maximum is good. Of course, all this discussion makes me feel queasy with the ugly Intel reality today. g From spork at bway.net Sun Jan 14 15:44:36 2018 From: spork at bway.net (Charles Sprickman) Date: Sun, 14 Jan 2018 15:44:36 -0500 Subject: [talk] pfSense home unit In-Reply-To: <1d07249f-03ba-029c-82dd-492373c18bcf@ceetonetechnology.com> References: <20180112145102.uixbel223gbsszjo@mutt-hbsd> <1515780108.508324.1233430224.078CE363@webmail.messagingengine.com> <1d07249f-03ba-029c-82dd-492373c18bcf@ceetonetechnology.com> Message-ID: <4F8F9AE4-3876-4BB7-8F65-585682F61BF5@bway.net> > On Jan 14, 2018, at 3:30 PM, George Rosamond wrote: > > Charles Sprickman: >> >>> On Jan 14, 2018, at 10:02 AM, Brian Cully >>> wrote: >>> >>> On January 12, 2018 at 13:02:15, Isaac (.ike) Levy >>> (ike at blackskyresearch.net) wrote: >>>> I'll second Shawn on this, there was just a thread on PCEngines >>>> this in December, here's my long ramble: >>>> http://lists.nycbug.org/pipermail/talk/2017-December/017422.html >>>> In short- the PCEngines people are awesome, the gear is stellar >>>> for your purposes. >>>> >>>> PCEngines board - apu2c4 - $132 http://pcengines.ch/apu2c4.htm >>>> >>>> Case - case1d2blku - $10.00 (Case can be black, red, blue) >>>> http://pcengines.ch/case1d2blku.htm >>>> >>>> AC adapter 12V 2A US plug - ac12vus2 $4.40 >>>> http://pcengines.ch/ac12vus2.htm >>>> >>>> SSD M-Sata 16GB MLC - $17.80 http://pcengines.ch/msata16g.htm >>>> >>>> $ 164.20 - Each Router + shipping. >>> >>> Thanks, everyone. I did end up purchasing an apu2c4. Price was >>> higher than this (by almost $100!), though. pcengines was sold out >>> of their boards, and external vendors were more expensive. But at >>> least it all comes pre-assembled, so less waiting for parts. >> >> Just another option to think about? I was recently looking for a >> replacement for a personal 1U box on ebay (and I missed a good one by >> hours!), but I found quite a few people selling Supermicro 1U Atom >> boxes. Maybe not the best, but cheap, can likely survive without a >> fan, and you likely jam more ports in there. >> >> Example of an ended auction: >> >> https://www.ebay.com/itm/Server-Supermicro-Intel-Atom-D525-Mini-1U-Rackmount-SATA-TESTED-Working-Great-/232596282461?_trksid=p2047675.l2557&nma=true&si=gWZ%252FyqhCG6KLYlzQFPHYl3Gdr5U%253D&orig_cvip=true&rt=nc >> > > When it comes to Atoms, I have lost my patience for most purposes, > unless it's for a specific low-power single-function. > > They are so incredibly underpowered that I'd prefer a decent i386 box in > many cases. > > Mark S had recommended, and I'll +1 it, to recommend Dell R210 II for > small half-depth servers. Cheap, and pack a decent processor and RAM > maximum is good. This looks to be a bit newer, only 14W TDP, so probably quiet and cool: https://www.newegg.com/Product/Product.aspx?Item=N82E16816101874&ignorebbr=1&cm_re=supermicro_1u_atom-_-16-101-874-_-Product 2.4GHz, but no idea how that relates to other processors, I?m assuming a much newer Atom series than the ebay model (and 4 GbE ports). C > > Of course, all this discussion makes me feel queasy with the ugly Intel > reality today. > > g > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Sun Jan 14 15:45:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Sun, 14 Jan 2018 20:45:00 +0000 Subject: [talk] a Port Maintainer day conference in NYC In-Reply-To: References: <05e539f4-f14b-cc1c-c6b6-0acab1669513@ceetonetechnology.com> Message-ID: <4ff3e4d7-caf1-6d42-88d5-f632e39e3c4b@ceetonetechnology.com> Ariel Sanchez Mora: > All I'll add (since I don't live in NYC anymore) is that I miss bring part > of such a vibrant community. If you are on the fence, don't take this > lightly - dive in! It's an amazing opportunity! Continuing the thread as a repository for sloppy streams of consciousness. . . I'm wondering if a good way to structure it might be: morning: each bsd project aggregates its port maintainers, and the figure out the objectives for the afternoon, target ports, infrastructure-related topics, and how to do afternoon tutorials for new devs. the prospective port maintainers are in a general session about ports. Let me explain this. I realize everyone is not living in 1999 Jordan Hubbard-land, but looking at the commonalities of porting software is possible. Licensing. Building from source. GitHub. There must be some common way to provide an overview of topics when it comes to porting to the BSDs. Although I can only think of a handful of people who could/would do this with enough experience with porting to different BSDs. afternoon: this could be where the "prospects" go to their relevant BSD project, and get hands-on and dirty, with some of the current maintainers assisting, while others are openly working on the tasks they designated earlier. Keeping this alive... g From george at ceetonetechnology.com Wed Jan 17 16:05:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 17 Jan 2018 21:05:00 +0000 Subject: [talk] rctl(8) on FreeBSD Message-ID: Not sure if anyone has dabbled in it, but I'm not seeing rctl(8) on FreeBSD actually performing "deny" on FreeBSD 11-current. /boot/loader.conf is set correctly with racct with kern.acct.enable=1 as a read-only sysctl, outputs correctly: % sysctl kern.racct.enable kern.racct.enable: 1 The rule is simple, where ${user} is the particular daemon user: user:${user}:memoryuse:deny=2500000/user Am I missing something? g -- 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 From george at ceetonetechnology.com Wed Jan 17 16:24:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 17 Jan 2018 21:24:00 +0000 Subject: [talk] Intel vulnerability discussion Message-ID: <37033b3e-638a-22c5-90f5-011120a55327@ceetonetechnology.com> There was a conference call yesterday regarding the Intel chip security issues. Ike of NYC*BUG and Ed Maste of FreeBSD among others. Here's the audio if anyone's interested: https://drive.google.com/file/d/1fkNfl1RTGiEFZ8PzjW_GTu3F1VK6WFp_/view https://www.gotostage.com/channel/92a6c9fc676543d68250ef5376dcfd90/recording/f80d33a2702145cab2178bbb1e8ea98e/watch?login=corporate&tos=true For most people on the list, the value is purely about Ike shooting from the hip at the state of things. If his comments horrify or even shock you, unsubs to talk@ are encouraged! g -- 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 From spork at bway.net Wed Jan 17 16:48:47 2018 From: spork at bway.net (Charles Sprickman) Date: Wed, 17 Jan 2018 16:48:47 -0500 Subject: [talk] Intel vulnerability discussion In-Reply-To: <37033b3e-638a-22c5-90f5-011120a55327@ceetonetechnology.com> References: <37033b3e-638a-22c5-90f5-011120a55327@ceetonetechnology.com> Message-ID: <4A1651CD-B541-466E-9D3A-425DC80E334F@bway.net> > On Jan 17, 2018, at 4:24 PM, George Rosamond wrote: > > There was a conference call yesterday regarding the Intel chip security > issues. Ike of NYC*BUG and Ed Maste of FreeBSD among others. > > Here's the audio if anyone's interested: > > https://drive.google.com/file/d/1fkNfl1RTGiEFZ8PzjW_GTu3F1VK6WFp_/view > > https://www.gotostage.com/channel/92a6c9fc676543d68250ef5376dcfd90/recording/f80d33a2702145cab2178bbb1e8ea98e/watch?login=corporate&tos=true Without having listened to it yet, I?ll tell you one thing that really pisses me off about this? It?s like a flashback to the ?oughts - Linux guys get a TON of advance notice - FreeBSD gets, what, a week or a few days? In the old days I was also pissed about the *BSD red-headed stepchild treatment by vendors, but with FreeBSD specifically and the Foundation being a legit entity that can sign NDAs and the like, I don?t know what the excuse is today for not giving FreeBSD (or other *BSDs) more advance notice. Really disappointing. Charles > For most people on the list, the value is purely about Ike shooting from > the hip at the state of things. If his comments horrify or even shock > you, unsubs to talk@ are encouraged! > > g > > -- > > > 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Wed Jan 17 16:54:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 17 Jan 2018 21:54:00 +0000 Subject: [talk] Intel vulnerability discussion In-Reply-To: <4A1651CD-B541-466E-9D3A-425DC80E334F@bway.net> References: <37033b3e-638a-22c5-90f5-011120a55327@ceetonetechnology.com> <4A1651CD-B541-466E-9D3A-425DC80E334F@bway.net> Message-ID: Charles Sprickman: > >> On Jan 17, 2018, at 4:24 PM, George Rosamond wrote: >> >> There was a conference call yesterday regarding the Intel chip security >> issues. Ike of NYC*BUG and Ed Maste of FreeBSD among others. >> >> Here's the audio if anyone's interested: >> >> https://drive.google.com/file/d/1fkNfl1RTGiEFZ8PzjW_GTu3F1VK6WFp_/view >> >> https://www.gotostage.com/channel/92a6c9fc676543d68250ef5376dcfd90/recording/f80d33a2702145cab2178bbb1e8ea98e/watch?login=corporate&tos=true > > Without having listened to it yet, I?ll tell you one thing that really pisses me off about > this? It?s like a flashback to the ?oughts - Linux guys get a TON of advance notice > - FreeBSD gets, what, a week or a few days? > > In the old days I was also pissed about the *BSD red-headed stepchild treatment > by vendors, but with FreeBSD specifically and the Foundation being a legit entity > that can sign NDAs and the like, I don?t know what the excuse is today for not > giving FreeBSD (or other *BSDs) more advance notice. Really disappointing. I don't know about NetBSD, but I believe that OpenBSD didn't get any notification, and FreeBSD had enough time to do a press release. DragonFly? Ultimately, you'd expect more transparency from Intel in the future. But that same expecter would be deluding themselves. So whatever the various memes about OpenBSD not being "trustworthy" about keeping it quiet until public disclosure, I think their attitude is an antidote, not a problem. And what about Intel's collaborators/abettors in this? g From justin at shiningsilence.com Wed Jan 17 17:54:06 2018 From: justin at shiningsilence.com (Justin Sherrill) Date: Wed, 17 Jan 2018 17:54:06 -0500 Subject: [talk] Intel vulnerability discussion In-Reply-To: References: <37033b3e-638a-22c5-90f5-011120a55327@ceetonetechnology.com> <4A1651CD-B541-466E-9D3A-425DC80E334F@bway.net> Message-ID: On Wed, Jan 17, 2018 at 4:54 PM, George Rosamond wrote: > I don't know about NetBSD, but I believe that OpenBSD didn't get any > notification, and FreeBSD had enough time to do a press release. DragonFly? Nothing for DragonFly. Though Matt had fixes in DragonFly within 48 hours or so... which implies it could have been fixed 5 months and 29 days sooner, if this embargo hadn't been in place. It didn't add to anyone's workload to notify, and it's not hard to provide that notification. Even if BSD systems are 1% of the market, it affects almost 100% of BSD users... so they should have made the effort. Not doing it hurt the fix process. From mark.saad at ymail.com Wed Jan 17 19:14:35 2018 From: mark.saad at ymail.com (Mark Saad) Date: Wed, 17 Jan 2018 19:14:35 -0500 Subject: [talk] rctl(8) on FreeBSD In-Reply-To: References: Message-ID: <3D2208FE-451B-4FDD-BF42-1CBC469CE04F@ymail.com> George Iirc you have to rebuild the kernel with the following options. options RACCT options RCTL --- Mark Saad | mark.saad at ymail.com > On Jan 17, 2018, at 4:05 PM, George Rosamond wrote: > > Not sure if anyone has dabbled in it, but I'm not seeing rctl(8) on > FreeBSD actually performing "deny" on FreeBSD 11-current. > > /boot/loader.conf is set correctly with racct with kern.acct.enable=1 as > a read-only sysctl, outputs correctly: > > % sysctl kern.racct.enable > kern.racct.enable: 1 > > The rule is simple, where ${user} is the particular daemon user: > > user:${user}:memoryuse:deny=2500000/user > > Am I missing something? > > g > > -- > > > 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6 > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Wed Jan 17 20:17:00 2018 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 18 Jan 2018 01:17:00 +0000 Subject: [talk] rctl(8) on FreeBSD In-Reply-To: <3D2208FE-451B-4FDD-BF42-1CBC469CE04F@ymail.com> References: <3D2208FE-451B-4FDD-BF42-1CBC469CE04F@ymail.com> Message-ID: Mark Saad: > George > Iirc you have to rebuild the kernel with the following options. > > options RACCT > options RCTL On 11.x it's default according to the Handbook section 13.13.2. Prior to 10.2 it requires those options. g From shawn.webb at hardenedbsd.org Wed Jan 17 21:22:49 2018 From: shawn.webb at hardenedbsd.org (Shawn Webb) Date: Wed, 17 Jan 2018 21:22:49 -0500 Subject: [talk] Intel vulnerability discussion In-Reply-To: <37033b3e-638a-22c5-90f5-011120a55327@ceetonetechnology.com> References: <37033b3e-638a-22c5-90f5-011120a55327@ceetonetechnology.com> Message-ID: <20180118022249.dfbcdddjss4d2nmj@mutt-hbsd> On Wed, Jan 17, 2018 at 09:24:00PM +0000, George Rosamond wrote: > There was a conference call yesterday regarding the Intel chip security > issues. Ike of NYC*BUG and Ed Maste of FreeBSD among others. > > Here's the audio if anyone's interested: > > https://drive.google.com/file/d/1fkNfl1RTGiEFZ8PzjW_GTu3F1VK6WFp_/view > > https://www.gotostage.com/channel/92a6c9fc676543d68250ef5376dcfd90/recording/f80d33a2702145cab2178bbb1e8ea98e/watch?login=corporate&tos=true > > For most people on the list, the value is purely about Ike shooting from > the hip at the state of things. If his comments horrify or even shock > you, unsubs to talk@ are encouraged! And right on the heels of that discussion is yet another branded and embargoed vulnerability: https://skyfallattack.com/ Who do I have to pay to receive advanced notifications? Embargoes seem to be just another form of extortion at this point. -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From zaphod at berentweb.com Wed Jan 17 21:59:19 2018 From: zaphod at berentweb.com (Beeblebrox) Date: Thu, 18 Jan 2018 02:59:19 +0000 Subject: [talk] Intel vulnerability discussion In-Reply-To: <20180118022249.dfbcdddjss4d2nmj@mutt-hbsd> References: <37033b3e-638a-22c5-90f5-011120a55327@ceetonetechnology.com> <20180118022249.dfbcdddjss4d2nmj@mutt-hbsd> Message-ID: Non-disclosure to the *BSD family of OS IMHO goes beyond trivial excuses like "market share" or "NDA issues". I smell deliberate malice. I wonder whether any Anti-Trust laws would be applicable? But, you need funds for that... From kmsujit at gmail.com Thu Jan 18 01:22:11 2018 From: kmsujit at gmail.com (Sujit K M) Date: Thu, 18 Jan 2018 11:52:11 +0530 Subject: [talk] Intel vulnerability discussion In-Reply-To: References: <37033b3e-638a-22c5-90f5-011120a55327@ceetonetechnology.com> <20180118022249.dfbcdddjss4d2nmj@mutt-hbsd> Message-ID: On Jan 18, 2018 8:29 AM, "Beeblebrox" wrote: Non-disclosure to the *BSD family of OS IMHO goes beyond trivial excuses like "market share" or "NDA issues". I smell deliberate malice. I wonder whether any Anti-Trust laws would be applicable? But, you need funds for that... _______________________________________________ talk mailing list talk at lists.nycbug.org http://lists.nycbug.org/mailman/listinfo/talk The centralized mechanism might be a problem. Bigger companies have only derived from BSD. -------------- next part -------------- An HTML attachment was scrubbed... URL: From edlinuxguru at gmail.com Thu Jan 18 08:21:11 2018 From: edlinuxguru at gmail.com (Edward Capriolo) Date: Thu, 18 Jan 2018 08:21:11 -0500 Subject: [talk] Intel vulnerability discussion In-Reply-To: References: <37033b3e-638a-22c5-90f5-011120a55327@ceetonetechnology.com> <20180118022249.dfbcdddjss4d2nmj@mutt-hbsd> Message-ID: On Wed, Jan 17, 2018 at 9:59 PM, Beeblebrox wrote: > Non-disclosure to the *BSD family of OS IMHO goes beyond trivial excuses > like "market share" or "NDA issues". I smell deliberate malice. > > I wonder whether any Anti-Trust laws would be applicable? > But, you need funds for that... > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > You are giving the world too much credit for being organized. AMD chips produced several chip lines that were far better then intel counterparts. They ran cooler, used less power, and benchmarked better. This went on for about 2 years (IMHO) but majority of people (users, BSD sysadmins, vars) did not make the switch. In the time that no one took action intel just used enough capital to re-invent and catch up. Hard to cry that "intel dont love us" when the vast majority of people wont actively buy chips from competitors. They don't care your going to buy their chips anyway! -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Thu Jan 18 09:41:42 2018 From: chsnyder at gmail.com (Chris Snyder) Date: Thu, 18 Jan 2018 09:41:42 -0500 Subject: [talk] Intel vulnerability discussion In-Reply-To: <20180118022249.dfbcdddjss4d2nmj@mutt-hbsd> References: <37033b3e-638a-22c5-90f5-011120a55327@ceetonetechnology.com> <20180118022249.dfbcdddjss4d2nmj@mutt-hbsd> Message-ID: On Wed, Jan 17, 2018 at 9:22 PM, Shawn Webb wrote: > > And right on the heels of that discussion is yet another branded and > embargoed vulnerability: https://skyfallattack.com/ The worst part of all of this is the Bond references, imo. Instant eye-glazer for anyone who isn't a security pro. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark.saad at ymail.com Thu Jan 18 12:30:04 2018 From: mark.saad at ymail.com (Mark Saad) Date: Thu, 18 Jan 2018 17:30:04 +0000 (UTC) Subject: [talk] Looking for a DDR3 RAM Tester References: <1793108581.622604.1516296604101.ref@mail.yahoo.com> Message-ID: <1793108581.622604.1516296604101@mail.yahoo.com> All I am wondering if anyone in the NYC area has a hardware DDR3 RAM tester. I am looking to rent or borrow it for a day to test a pile of DDR3 Registered ECC ram I own. To be clear this is not something that is easily done in a pc / server as it has to be done in matched pairs. I use to have this a Ramcheck LX until someone mistakenly recycled it with our server recycler junk collector vendor . http://www.memorytesters.com/products.htm -- Mark Saad mark.saad at ymail.com From zaphod at berentweb.com Wed Jan 24 09:54:43 2018 From: zaphod at berentweb.com (Beeblebrox) Date: Wed, 24 Jan 2018 14:54:43 +0000 Subject: [talk] opnsense box for home: APU2 or something else? In-Reply-To: <926EFF39-B4E2-449B-86B0-D3BF83867230@netgate.com> References: <20171219220757.GG48961@ayvali.org> <926EFF39-B4E2-449B-86B0-D3BF83867230@netgate.com> Message-ID: Hey Jim, >If you want an APU (not APU2 or APU3) I have a fifteen or more of them >sitting in a box in my office. With cases, SDcards and power supplies. I would like to experiment with those units, if the offer still stands. In NYC area so can come in to pick it up. Please PM me if ok. RSB From Assafr at protonmail.com Tue Jan 30 18:38:54 2018 From: Assafr at protonmail.com (assaf) Date: Tue, 30 Jan 2018 18:38:54 -0500 Subject: [talk] usenet Message-ID: Folks, Any thoughts on usenet providers (which to use or avoid) and services? Do any of you pay for the service? is it even possible to access usenet groups/servers for free? I am happy to pay for a if necessary. Thanks. Sent with [ProtonMail](https://protonmail.com) Secure Email. -------------- next part -------------- An HTML attachment was scrubbed... URL: From spork at bway.net Tue Jan 30 19:00:34 2018 From: spork at bway.net (Charles Sprickman) Date: Tue, 30 Jan 2018 19:00:34 -0500 Subject: [talk] usenet In-Reply-To: References: Message-ID: > On Jan 30, 2018, at 6:38 PM, assaf wrote: > > Folks, > Any thoughts on usenet providers (which to use or avoid) and services? Do any of you pay for the service? is it even possible to access usenet groups/servers for free? I am happy to pay for a if necessary. Thanks. Which kind of usenet? Text or bins? If the latter, I?m very happy with Astraweb. If the former, no idea, but I do miss DejaVu. Charles > > > Sent with ProtonMail Secure Email. > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From scottro11 at gmail.com Tue Jan 30 19:27:00 2018 From: scottro11 at gmail.com (Scott Robbins) Date: Tue, 30 Jan 2018 19:27:00 -0500 Subject: [talk] usenet In-Reply-To: References: Message-ID: <20180131002700.GA32685@scott1.scottro.net> On Tue, Jan 30, 2018 at 07:00:34PM -0500, Charles Sprickman wrote: > > > On Jan 30, 2018, at 6:38 PM, assaf wrote: > > > > Folks, > > Any thoughts on usenet providers (which to use or avoid) and services? Do any of you pay for the service? is it even possible to access usenet groups/servers for free? I am happy to pay for a if necessary. Thanks. > > Which kind of usenet? Text or bins? If the latter, I?m very happy with Astraweb. If the former, no idea, but I do miss DejaVu. > For bins blocknews will sell blocks for a reasonable price. Frugalusenet is very cheap ($4.99/monthly, $50/yearly) offering 1000 days of retention. usenetnow has longer retention, costs a bit more, $12/monthly, $30.49 for 3 month blocks. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 From Assafr at protonmail.com Tue Jan 30 19:05:40 2018 From: Assafr at protonmail.com (assaf) Date: Tue, 30 Jan 2018 19:05:40 -0500 Subject: [talk] usenet In-Reply-To: References: Message-ID: Either. Since I am bandwidth constrained here in Ecuador, would you recommend one over the other? Sent from ProtonMail mobile -------- Original Message -------- On Jan 30, 2018, 7:00 PM, Charles Sprickman wrote: >> On Jan 30, 2018, at 6:38 PM, assaf wrote: >> >> Folks, >> Any thoughts on usenet providers (which to use or avoid) and services? Do any of you pay for the service? is it even possible to access usenet groups/servers for free? I am happy to pay for a if necessary. Thanks. > > Which kind of usenet? Text or bins? If the latter, I?m very happy with Astraweb. If the former, no idea, but I do miss DejaVu. > > Charles > >> Sent with [ProtonMail](https://protonmail.com/) Secure Email. >> >> _______________________________________________ >> talk mailing list >> talk at lists.nycbug.org >> http://lists.nycbug.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From pete at nomadlogic.org Tue Jan 30 19:55:38 2018 From: pete at nomadlogic.org (Pete Wright) Date: Tue, 30 Jan 2018 16:55:38 -0800 Subject: [talk] usenet In-Reply-To: References: Message-ID: On 01/30/2018 16:00, Charles Sprickman wrote: > >> On Jan 30, 2018, at 6:38 PM, assaf > > wrote: >> >> Folks, >> Any thoughts on usenet providers (which to use or avoid) and >> services? Do any of you pay for the service? is it even possible to >> access usenet groups/servers for free? I am happy to pay for a? if >> necessary. Thanks. > > Which kind of usenet? ?Text or bins? ?If the latter, I?m very happy > with Astraweb. ?If the former, no idea, but I do miss DejaVu. > i miss DejaVu too. i've used the usenet interface on my free SDF shell server: http://sdf.org/?faq?USENET?01 http://sdf.org/?join but its been a while since i've used it tbh so i'm not really sure what the state of it is these days. -pete -- Pete Wright pete at nomadlogic.org @nomadlogicLA -------------- next part -------------- An HTML attachment was scrubbed... URL: From njt at ayvali.org Wed Jan 31 01:21:27 2018 From: njt at ayvali.org (N.J. Thomas) Date: Tue, 30 Jan 2018 22:21:27 -0800 Subject: [talk] usenet In-Reply-To: References: Message-ID: <20180131062127.GI77454@ayvali.org> * assaf [2018-01-30 18:38:54-0500]: > Any thoughts on usenet providers (which to use or avoid) and services? > Do any of you pay for the service? is it even possible to access > usenet groups/servers for free? I am happy to pay for a if necessary. Fascinating stuff. I abandoned netnews in the early 2000s, mostly due to spam, and also because everyone else had moved onto web-based forums. But I found out recently that comp.lang.awk is alive and well, which makes me wonder if other comp.* newsgroups are active and if the spam can be effectively filtered out. As far as I can tell (disclaimer: this is based on only a few minutes of web searching), if you are not looking for binaries, you can set up your own nntp server and pull down only the stuff you want fairly easily. For the folks looking for binaries, there's a number of providers and the metric that everyone judges these places by seem to be the monthly cost and number of days they are retaining posts. Thomas From Assafr at protonmail.com Wed Jan 31 01:24:08 2018 From: Assafr at protonmail.com (assaf) Date: Wed, 31 Jan 2018 01:24:08 -0500 Subject: [talk] usenet In-Reply-To: <20180131062127.GI77454@ayvali.org> References: <20180131062127.GI77454@ayvali.org> Message-ID: Thank you all for your input here. I will dip my toes in the usenet world and give it a try. Assaf Sent from ProtonMail mobile -------- Original Message -------- On Jan 31, 2018, 1:21 AM, N.J. Thomas wrote: > * assaf [2018-01-30 18:38:54-0500]: >> Any thoughts on usenet providers (which to use or avoid) and services? >> Do any of you pay for the service? is it even possible to access >> usenet groups/servers for free? I am happy to pay for a if necessary. > > Fascinating stuff. I abandoned netnews in the early 2000s, mostly due to > spam, and also because everyone else had moved onto web-based forums. > But I found out recently that comp.lang.awk is alive and well, which > makes me wonder if other comp.* newsgroups are active and if the spam > can be effectively filtered out. > > As far as I can tell (disclaimer: this is based on only a few minutes of > web searching), if you are not looking for binaries, you can set up your > own nntp server and pull down only the stuff you want fairly easily. > > For the folks looking for binaries, there's a number of providers and > the metric that everyone judges these places by seem to be the monthly > cost and number of days they are retaining posts. > > Thomas > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk @protonmail.com> -------------- next part -------------- An HTML attachment was scrubbed... URL: From jose at polancodesign.net Wed Jan 31 16:58:50 2018 From: jose at polancodesign.net (Mr. Jose Polanco) Date: Wed, 31 Jan 2018 16:58:50 -0500 Subject: [talk] usenet In-Reply-To: References: Message-ID: <5BD23661-8251-4778-BA7C-D33E010E08A2@polancodesign.net> I used usenetserver.com. As for pricing. Look here https://accounts.usenetserver.com/register/chooseplan.php?rate=74 :P } Jose Polanco > On Jan 30, 2018, at 6:38 PM, assaf wrote: > > Folks, > Any thoughts on usenet providers (which to use or avoid) and services? Do any of you pay for the service? is it even possible to access usenet groups/servers for free? I am happy to pay for a if necessary. Thanks. > > > Sent with ProtonMail Secure Email. > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: