From spork at bway.net  Sat Jul  1 15:38:57 2006
From: spork at bway.net (Charles Sprickman)
Date: Sat, 1 Jul 2006 15:38:57 -0400 (EDT)
Subject: [nycbug-talk] 4.11 and Clearsilver?
Message-ID: <Pine.OSX.4.61.0607011535180.437@white.nat.fasttrackmonkey.com>

Hi all,

Was looking at getting Trac running while playing with subversion, and 
found that it depends on Clearsilver (templating system - 
http://www.clearsilver.net/).  Sadly, the port is broken on 4.x.

I know we've got a few python gurus here, and clearsilver seems to be a 
popular choice w/python.  Google leads me to believe I'm one of the few 
people trying to build this on 4.11. :)

Looks like a thread issue, so I'm way out of my league:

cc -O -pipe -march=pentiumpro -fPIC -Wall -I..  -fPIC -o static.o -c 
static.c
cc -o static.cgi static.o -L../libs/ -lneo_cgi -lneo_cs -lneo_utl  -lz
../libs//libneo_utl.a(ulocks.o): In function `mCreate':
ulocks.o(.text+0x2ac): undefined reference to `pthread_mutex_init'
../libs//libneo_utl.a(ulocks.o): In function `mDestroy':
ulocks.o(.text+0x316): undefined reference to `pthread_mutex_destroy'
../libs//libneo_utl.a(ulocks.o): In function `mLock':
ulocks.o(.text+0x342): undefined reference to `pthread_mutex_lock'
../libs//libneo_utl.a(ulocks.o): In function `mUnlock':
ulocks.o(.text+0x3ae): undefined reference to `pthread_mutex_unlock'
../libs//libneo_utl.a(ulocks.o): In function `cCreate':
ulocks.o(.text+0x41c): undefined reference to `pthread_cond_init'
../libs//libneo_utl.a(ulocks.o): In function `cDestroy':
ulocks.o(.text+0x486): undefined reference to `pthread_cond_destroy'
../libs//libneo_utl.a(ulocks.o): In function `cWait':
ulocks.o(.text+0x4b6): undefined reference to `pthread_cond_wait'
../libs//libneo_utl.a(ulocks.o): In function `cBroadcast':
ulocks.o(.text+0x522): undefined reference to `pthread_cond_broadcast'
../libs//libneo_utl.a(ulocks.o): In function `cSignal':
ulocks.o(.text+0x58e): undefined reference to `pthread_cond_signal'
gmake[1]: *** [static.cgi] Error 1
gmake[1]: Leaving directory 
`/bak/usr.ports/www/clearsilver/work/clearsilver-0.10.3/cgi'
gmake: *** [cs] Error 2
*** Error code 2

Thanks,

Charles


From max at neuropunks.org  Mon Jul  3 15:42:56 2006
From: max at neuropunks.org (Max Gribov)
Date: Mon, 03 Jul 2006 14:42:56 -0500
Subject: [nycbug-talk] A Cisco/pf/unix book
Message-ID: <44A97340.8080200@neuropunks.org>

Hi all,
just something random..
Caught my eye while doing some research, from table of contents looks
like a very solid guide to integrating *nix with Cisco on networking level..
Haven't read it yet, its the next on the list.
Any one read this, have any comments?

"Integrated Cisco and UNIX Network Architectures" Cisco Press

	

http://search.barnesandnoble.com/booksearch/isbninquiry.asp?EAN=9781587051210&x=2015307


From branto at branto.com  Tue Jul  4 13:03:16 2006
From: branto at branto.com (Brant I. Stevens)
Date: Tue, 04 Jul 2006 13:03:16 -0400
Subject: [nycbug-talk] A Cisco/pf/unix book
In-Reply-To: <44A97340.8080200@neuropunks.org>
Message-ID: <C0D01794.EE5D9%branto@branto.com>

On 7/3/06 3:42 PM, "Max Gribov" <max at neuropunks.org> wrote:

> Hi all,
> just something random..
> Caught my eye while doing some research, from table of contents looks
> like a very solid guide to integrating *nix with Cisco on networking level..
> Haven't read it yet, its the next on the list.
> Any one read this, have any comments?

I've read it, and I would say that if you have an afternoon where you are
hanging out in $yourfavoritebookstore, then it is worth reading through, but
I don't know if I'd buy it again.

I'd say that it is a decent reference if you need to use *nix boxes as
routers, and it covers some of the routing daemons, and a bit of their
interaction in the kernel, but I didn't find it all that useful.

YMMV.

> 
> "Integrated Cisco and UNIX Network Architectures" Cisco Press
> 
> 
> 
> http://search.barnesandnoble.com/booksearch/isbninquiry.asp?EAN=9781587051210&
> x=2015307
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month




From scottro at nyc.rr.com  Tue Jul  4 13:41:37 2006
From: scottro at nyc.rr.com (Scott Robbins)
Date: Tue, 4 Jul 2006 13:41:37 -0400
Subject: [nycbug-talk] fluxbox-devel-1.0-rc2 on CURRENT
Message-ID: <20060704174137.GA42418@mail.scottro.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm wondering if anyone has upgraded to the latest and greatest
fluxbox-devel on CURRENT.

On bsdforums.org which is down for the moment, someone had mentioned
that after upgrading, they got a coredump when they tried to start
fluxbox. I had the same result, but only on a CURRENT box, not on a
STABLE box.  I sent the maintainer a note, he asked for a backtrace
which I gave him.  As this is really lowend hardware, and I haven't the
knowledge to understand the backtrace, I'm waiting to hear back from him
before filing a PR--it might simply be my hardware or simply affect
people named Scott (the other fellow on forums with the problem is also
named Scott.)

So, I was wondering if anyone here, running FreeBSD-CURRENT had
upgraded, and if they had success.  

Thanks.

(If anyone wants the package, I put it up at

http://www.scottro.net/fluxbox-devel-1.0rc2.tbz

If you have upgraded and had the same problem the package for the old
one is 

http://www.scottro.net/fluxbox-devel-1.0rc.tbz


- -- 
Scott Robbins

PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Xander: I wish dating was like slaying. You know, simple, direct,
stake through the heart, no muss, no fuss. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)

iD8DBQFEqqhR+lTVdes0Z9YRAgykAKCmTxtmwxjuQ0K6XUkEfK9ahn5jKwCfUFkY
94gLkUpxvEP43sQEB85H4oo=
=mZ3J
-----END PGP SIGNATURE-----


From scottro at nyc.rr.com  Tue Jul  4 21:37:07 2006
From: scottro at nyc.rr.com (Scott Robbins)
Date: Tue, 4 Jul 2006 21:37:07 -0400
Subject: [nycbug-talk] Follow up on my earlier fluxbox post
Message-ID: <20060705013707.GA78975@mail.scottro.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It turns out that there was a bug--after some correspondence with the
maintainer, I submitted it to the fluxbox people on sourceforge and they
came back with a patch, that works, in a few hours. 

The maintainer should get the patch in pretty quickly, but if anyone HAS
to upgrade their fluxbox right now, the patch is available at
sourceforge at

https://sourceforge.net/tracker/?func=detail&atid=413960&aid=1517203&group_id=35398



- -- 

Scott Robbins

PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Anya: Listen, I have this little project I'm working on, and I 
heard you were the person to ask if...
Willow: Yeah, that's me. Reliable dog-geyser-person.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)

iD8DBQFEqxfD+lTVdes0Z9YRAtqFAJ4ubh8lpdblLhMGJNNevY67p1HvgACeK7FR
x9mvwmWiSZnZMEwPGL6HmEU=
=SIX2
-----END PGP SIGNATURE-----


From quigon at hacktek.com  Wed Jul  5 00:29:19 2006
From: quigon at hacktek.com (QuiGon)
Date: Wed, 05 Jul 2006 00:29:19 -0400
Subject: [nycbug-talk] Anyone going to HOPE?
In-Reply-To: <20060705013707.GA78975@mail.scottro.net>
References: <20060705013707.GA78975@mail.scottro.net>
Message-ID: <44AB401F.8070400@hacktek.com>

Just thought I'd ask, as it it is in NYC...:-)

http://www.hopenumbersix.net/


From spork at bway.net  Wed Jul  5 16:55:55 2006
From: spork at bway.net (Charles Sprickman)
Date: Wed, 5 Jul 2006 16:55:55 -0400 (EDT)
Subject: [nycbug-talk] tonight's meeting - proxy question
Message-ID: <Pine.OSX.4.61.0607051645430.703@white.nat.fasttrackmonkey.com>

Hi all,

As usual I can't make it tonight since I have much more exciting things to 
do like prepping for a colonoscopy. :)

I was reading Alfred's resume and see that he's done some work with Apple 
and hacks on Darwin in his spare time.  One question I've always had for 
anyone that is "inside" the core of Apple is this:

Do you use OS-X regularly, and if so, what utilities, tools, etc. do you 
use to feel more at home with OS-X?  Some examples:

-term programs (iTerm, Terminal, *term + X11, ?)
-"ports" solutions (darwin ports, fink, etc.)
-expose' or virtual desktop software (and if so, which, and any hints as 
to Apple will ever address this in OS-X or if expose' is their answer)
-any other creature comforts...
-any "os-x for *nix users" mailing lists/forums? (there are so many 
places to ask general mac questions, but most of them lead to voodoo 
answers)

If someone attending the meeting could perhaps ask some questions on my 
behalf, I'd be really thankful.  I keep waiting for JKH to come up with an 
article for DN or similar detailing his OS-X goodies, but no joy so far.

TIA,

Charles


From schmonz at schmonz.com  Wed Jul  5 17:37:41 2006
From: schmonz at schmonz.com (Amitai Schlair)
Date: Wed, 05 Jul 2006 17:37:41 -0400
Subject: [nycbug-talk] tonight's meeting - proxy question
In-Reply-To: <Pine.OSX.4.61.0607051645430.703@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.61.0607051645430.703@white.nat.fasttrackmonkey.com>
Message-ID: <44AC3125.7080501@schmonz.com>

Charles Sprickman wrote:

> -"ports" solutions (darwin ports, fink, etc.)

I'm no Apple insider, but as someone who works with a variety of 
Unix-alikes, I find pkgsrc convenient. (I'm a pkgsrc developer, but 
whether that's the cause or the effect of my bias is unclear. :-)

I've given a few talks about pkgsrc on OS X before. Notes and slides:

http://acm.case.edu/pipermail/sigmac-talk/2004-February/001005.html

http://mac.cwru.edu/~ays/20041110-sigmac-unix-software.pdf

http://www.pkgsrccon.org/2005/slides/schmonz/20050506-pkgsrc-macosx.html


From nikolai at fetissov.org  Thu Jul  6 12:18:15 2006
From: nikolai at fetissov.org (nikolai)
Date: Thu, 6 Jul 2006 12:18:15 -0400 (EDT)
Subject: [nycbug-talk] Audio record of July 2006 meeting
Message-ID: <29266.63.66.6.15.1152202695.squirrel@www.geekisp.com>

Folks,
mp3 of Alfred's presentation is available at
http://www.fetissov.org/public/nycbug/
or from the link on www.nycbug.org
--
 nikolai


From anthony.elizondo at gmail.com  Thu Jul  6 14:38:28 2006
From: anthony.elizondo at gmail.com (Anthony Elizondo)
Date: Thu, 6 Jul 2006 14:38:28 -0400
Subject: [nycbug-talk] Audio record of July 2006 meeting
In-Reply-To: <29266.63.66.6.15.1152202695.squirrel@www.geekisp.com>
References: <29266.63.66.6.15.1152202695.squirrel@www.geekisp.com>
Message-ID: <a49e62c80607061138h15a70a6apaaa824d7a9a08a70@mail.gmail.com>

On 7/6/06, nikolai <nikolai at fetissov.org> wrote:
> Folks,
> mp3 of Alfred's presentation is available at
> http://www.fetissov.org/public/nycbug/
> or from the link on www.nycbug.org

Audio quality was even better than usual! Thanks, Nikolai.

>  nikolai

Anthony


From nikolai at fetissov.org  Thu Jul  6 14:43:15 2006
From: nikolai at fetissov.org (nikolai)
Date: Thu, 6 Jul 2006 14:43:15 -0400 (EDT)
Subject: [nycbug-talk] Audio record of July 2006 meeting
In-Reply-To: <a49e62c80607061138h15a70a6apaaa824d7a9a08a70@mail.gmail.com>
References: <29266.63.66.6.15.1152202695.squirrel@www.geekisp.com>
	<a49e62c80607061138h15a70a6apaaa824d7a9a08a70@mail.gmail.com>
Message-ID: <39325.63.66.6.15.1152211395.squirrel@www.geekisp.com>

> On 7/6/06, nikolai <nikolai at fetissov.org> wrote:
>> Folks,
>> mp3 of Alfred's presentation is available at
>> http://www.fetissov.org/public/nycbug/
>> or from the link on www.nycbug.org
>
> Audio quality was even better than usual! Thanks, Nikolai.
>
I wasn't pleased with the noise/signal thing
for the first version, so I finally read the
lame help page :)
--
 nikolai



From spork at bway.net  Thu Jul  6 23:39:28 2006
From: spork at bway.net (Charles Sprickman)
Date: Thu, 6 Jul 2006 23:39:28 -0400 (EDT)
Subject: [nycbug-talk] tonight's meeting - proxy question
In-Reply-To: <44AC3125.7080501@schmonz.com>
References: <Pine.OSX.4.61.0607051645430.703@white.nat.fasttrackmonkey.com>
	<44AC3125.7080501@schmonz.com>
Message-ID: <Pine.OSX.4.61.0607062337540.703@white.nat.fasttrackmonkey.com>

On Wed, 5 Jul 2006, Amitai Schlair wrote:

> Charles Sprickman wrote:
>
>> -"ports" solutions (darwin ports, fink, etc.)
>
> I'm no Apple insider, but as someone who works with a variety of
> Unix-alikes, I find pkgsrc convenient. (I'm a pkgsrc developer, but
> whether that's the cause or the effect of my bias is unclear. :-)

Thanks for the links...  I didn't even know that pkgsrc had OS-X support. 
I'll surely give this a spin.  I'm not real fond of fink or DarwinPorts.

Charles

> I've given a few talks about pkgsrc on OS X before. Notes and slides:
>
> http://acm.case.edu/pipermail/sigmac-talk/2004-February/001005.html
>
> http://mac.cwru.edu/~ays/20041110-sigmac-unix-software.pdf
>
> http://www.pkgsrccon.org/2005/slides/schmonz/20050506-pkgsrc-macosx.html
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


From md at mailq.de  Fri Jul  7 04:19:27 2006
From: md at mailq.de (Mischa Diehm)
Date: Fri, 7 Jul 2006 10:19:27 +0200
Subject: [nycbug-talk] brechstange (ssh key-db)
In-Reply-To: <60086.160.33.20.11.1149610486.squirrel@webmail.nomadlogic.org>
References: <60086.160.33.20.11.1149610486.squirrel@webmail.nomadlogic.org>
Message-ID: <20060707081927.GB3912@mailq.de>

Hi,

On Tue, Jun 06, 2006 at 09:14:46AM -0700, Peter Wright wrote:
> I have a question, has this project made it to the 'net yet?  if so is
> there a link i might check out?

now there is a version made public at:

    https://www.saukopf.de/d/brechstange

if there are problems/ideas/critisism ... please give feedback to those
guys (or to me and i'll forward...) so things can be improved. 

    Mischa



From pete at nomadlogic.org  Fri Jul  7 13:23:58 2006
From: pete at nomadlogic.org (Pete Wright)
Date: Fri, 7 Jul 2006 13:23:58 -0400
Subject: [nycbug-talk] brechstange (ssh key-db)
In-Reply-To: <20060707081927.GB3912@mailq.de>
References: <60086.160.33.20.11.1149610486.squirrel@webmail.nomadlogic.org>
	<20060707081927.GB3912@mailq.de>
Message-ID: <20060707172355.GA51569@sunset.nomadlogic.org>

On Fri, Jul 07, 2006 at 10:19:27AM +0200, Mischa Diehm wrote:
> Hi,
> 
> On Tue, Jun 06, 2006 at 09:14:46AM -0700, Peter Wright wrote:
> > I have a question, has this project made it to the 'net yet?  if so is
> > there a link i might check out?
> 
> now there is a version made public at:
> 
>     https://www.saukopf.de/d/brechstange
> 
> if there are problems/ideas/critisism ... please give feedback to those
> guys (or to me and i'll forward...) so things can be improved. 
> 
>     Mischa
> 


Mischa thanks!  I'm going to look into this today and hopefully will
have some feedback for you soon.

-pete

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From spork at bway.net  Fri Jul  7 14:33:52 2006
From: spork at bway.net (Charles Sprickman)
Date: Fri, 7 Jul 2006 14:33:52 -0400 (EDT)
Subject: [nycbug-talk] radrails on FreeBSD?
Message-ID: <Pine.OSX.4.61.0607071426110.777@gee5.nat.fasttrackmonkey.com>

Hi all,

I know nothing of Java other than it's a pain in the ass. :)

I see there's a port of radrails, and I wanted to give it a spin.  Running 
the port-installed radrails simply gives me this:

spork at allen$ radrails
Fatal: Stack size too small. Use 'java -Xss' to increase default stack 
size.

Setting the stack size larger using the suggested command results in the 
same error message.

I've also downloaded the radrails zip for linux and it goes much further 
(I get an X error box) and then logs this:

java.lang.UnsatisfiedLinkError: 
/usr/home/spork/bin/radrails/configuration/org.eclipse.osgi/bundles/49/1/.cp/libswt-pi-gtk-3229.so: 
Shared object "libgtk-x11-2.0.so.0" not found, required by 
"libswt-pi-gtk-3229.so"

Now the radrails port has installed linux_base and libgtk for linux, and 
that library exists in /usr/compat/linux/usr/lib/.  How can I tell java to 
look there?  I'm very much lost in java/linux land...

C


From pete at nomadlogic.org  Fri Jul  7 14:42:06 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Fri, 7 Jul 2006 11:42:06 -0700 (PDT)
Subject: [nycbug-talk] radrails on FreeBSD?
In-Reply-To: <Pine.OSX.4.61.0607071426110.777@gee5.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.61.0607071426110.777@gee5.nat.fasttrackmonkey.com>
Message-ID: <53923.160.33.20.11.1152297726.squirrel@webmail.nomadlogic.org>


> Hi all,
>
> I know nothing of Java other than it's a pain in the ass. :)
>
> I see there's a port of radrails, and I wanted to give it a spin.  Running
> the port-installed radrails simply gives me this:
>
> spork at allen$ radrails
> Fatal: Stack size too small. Use 'java -Xss' to increase default stack
> size.
>
> Setting the stack size larger using the suggested command results in the
> same error message.
>
> I've also downloaded the radrails zip for linux and it goes much further
> (I get an X error box) and then logs this:
>
> java.lang.UnsatisfiedLinkError:
> /usr/home/spork/bin/radrails/configuration/org.eclipse.osgi/bundles/49/1/.cp/libswt-pi-gtk-3229.so:
> Shared object "libgtk-x11-2.0.so.0" not found, required by
> "libswt-pi-gtk-3229.so"
>
> Now the radrails port has installed linux_base and libgtk for linux, and
> that library exists in /usr/compat/linux/usr/lib/.  How can I tell java to
> look there?  I'm very much lost in java/linux land...

not familiar with radrails, but have your installed linux-java?  if not
i'm guessing the freebsd java binary is not looking in your /compat tree
for the .so's.

-pete



-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From spork at bway.net  Fri Jul  7 15:00:47 2006
From: spork at bway.net (Charles Sprickman)
Date: Fri, 7 Jul 2006 15:00:47 -0400 (EDT)
Subject: [nycbug-talk] radrails on FreeBSD?
In-Reply-To: <53923.160.33.20.11.1152297726.squirrel@webmail.nomadlogic.org>
References: <Pine.OSX.4.61.0607071426110.777@gee5.nat.fasttrackmonkey.com>
	<53923.160.33.20.11.1152297726.squirrel@webmail.nomadlogic.org>
Message-ID: <Pine.OSX.4.61.0607071457230.777@gee5.nat.fasttrackmonkey.com>

On Fri, 7 Jul 2006, Peter Wright wrote:

>> Hi all,
>>
>> I know nothing of Java other than it's a pain in the ass. :)
>>
>> I see there's a port of radrails, and I wanted to give it a spin.  Running
>> the port-installed radrails simply gives me this:
>>
>> spork at allen$ radrails
>> Fatal: Stack size too small. Use 'java -Xss' to increase default stack
>> size.
>>
>> Setting the stack size larger using the suggested command results in the
>> same error message.
>>
>> I've also downloaded the radrails zip for linux and it goes much further
>> (I get an X error box) and then logs this:
>>
>> java.lang.UnsatisfiedLinkError:
>> /usr/home/spork/bin/radrails/configuration/org.eclipse.osgi/bundles/49/1/.cp/libswt-pi-gtk-3229.so:
>> Shared object "libgtk-x11-2.0.so.0" not found, required by
>> "libswt-pi-gtk-3229.so"
>>
>> Now the radrails port has installed linux_base and libgtk for linux, and
>> that library exists in /usr/compat/linux/usr/lib/.  How can I tell java to
>> look there?  I'm very much lost in java/linux land...
>
> not familiar with radrails, but have your installed linux-java?  if not
> i'm guessing the freebsd java binary is not looking in your /compat tree
> for the .so's.

Yeah, it's using "linux-sun-jdk1.4.2" which the radrails port installed.

Thanks,

Charles

> -pete
>
>
>
> -- 
> ~~oO00Oo~~
> Peter Wright
> pete at nomadlogic.org
> www.nomadlogic.org/~pete
> 310.869.9459
>


From anthony.elizondo at gmail.com  Fri Jul  7 15:46:57 2006
From: anthony.elizondo at gmail.com (Anthony Elizondo)
Date: Fri, 7 Jul 2006 15:46:57 -0400
Subject: [nycbug-talk] radrails on FreeBSD?
In-Reply-To: <Pine.OSX.4.61.0607071426110.777@gee5.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.61.0607071426110.777@gee5.nat.fasttrackmonkey.com>
Message-ID: <a49e62c80607071246o3ec788bbq7a97e67072fb0c36@mail.gmail.com>

On 7/7/06, Charles Sprickman <spork at bway.net> wrote:
> Hi all,
>
> I know nothing of Java other than it's a pain in the ass. :)
>
> I see there's a port of radrails, and I wanted to give it a spin.  Running
> the port-installed radrails simply gives me this:
>
> spork at allen$ radrails
> Fatal: Stack size too small. Use 'java -Xss' to increase default stack
> size.
>
> Setting the stack size larger using the suggested command results in the
> same error message.
>
> I've also downloaded the radrails zip for linux and it goes much further
> (I get an X error box) and then logs this:
>
> java.lang.UnsatisfiedLinkError:
> /usr/home/spork/bin/radrails/configuration/org.eclipse.osgi/bundles/49/1/.cp/libswt-pi-gtk-3229.so:
> Shared object "libgtk-x11-2.0.so.0" not found, required by
> "libswt-pi-gtk-3229.so"
>
> Now the radrails port has installed linux_base and libgtk for linux, and
> that library exists in /usr/compat/linux/usr/lib/.  How can I tell java to
> look there?  I'm very much lost in java/linux land...

Do you perhaps have some other Java installed? What is the output of
"java -version"?

I have 1.5.0, and use it for most everything, but I do keep
linux-sun-jdk1.4.2 around for situations like this. I grabbed the
Linux zip and ran it, first resetting my JAVA_HOME:

[aelizondo at neckface ~/radrails/radrails]$ export
JAVA_HOME=/usr/local/linux-sun-jdk1.4.2
[aelizondo at neckface ~/radrails/radrails]$ ./radrails

and it worked out of the box for me.

Here is my setup and what I have installed:

neckface# uname -a ; portversion -v
FreeBSD neckface.company.net 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri
Nov  5 04:19:18 UTC 2004
root at harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
BitchX-1.1                  =  up-to-date with port
ImageMagick-6.2.7.7_1       =  up-to-date with port
ORBit2-2.14.0_1             =  up-to-date with port
OpenEXR-1.2.2_1             =  up-to-date with port
Xaw3d-1.5E_1                =  up-to-date with port
acroread7-7.0.1_2,1         =  up-to-date with port
acroreadwrapper-0.0.20060221  =  up-to-date with port
adns-1.2_1                  =  up-to-date with port
apache-1.3.36               =  up-to-date with port
apr-gdbm-db42-1.2.7_1       =  up-to-date with port
arts-1.5.2,1                <  needs updating (port has 1.5.3_1,1)
aspell-0.60.4_3             =  up-to-date with port
atk-1.11.4_1                =  up-to-date with port
autoconf-2.13.000227_5      =  up-to-date with port
autoconf-2.53_3             =  up-to-date with port
autoconf-2.59_2             =  up-to-date with port
automake-1.4.6_2            =  up-to-date with port
automake-1.9.6              =  up-to-date with port
avahi-0.6.10_3              =  up-to-date with port
bash-3.1.17                 =  up-to-date with port
bison-1.75_2,1              =  up-to-date with port
bitstream-vera-1.10_2       =  up-to-date with port
boxtools-0.70.0             =  up-to-date with port
bsdiff-4.3                  =  up-to-date with port
bsdsar-1.10_2               =  up-to-date with port
cacti-0.8.6h_42             =  up-to-date with port
cairo-1.0.4_1               =  up-to-date with port
cups-base-1.1.23.0_9        <  needs updating (port has 1.2.0_2)
curl-7.15.3                 =  up-to-date with port
cvsup-without-gui-16.1h_2   =  up-to-date with port
cyrus-sasl-2.1.21_2         <  needs updating (port has 2.1.22)
db42-4.2.52_4               =  up-to-date with port
dbus-0.61_3                 <  needs updating (port has 0.62)
desktop-file-utils-0.11     =  up-to-date with port
djbfft-0.76_2               =  up-to-date with port
docbook-sk-4.1.2_3          =  up-to-date with port
docbook-xml-4.2_1           =  up-to-date with port
docbook-xml-4.3             =  up-to-date with port
docbook-xml-4.4             =  up-to-date with port
docbook-xsl-1.69.1_1        <  needs updating (port has 1.70.1)
dri-6.4.1,2                 =  up-to-date with port
easytag-1.1_1               =  up-to-date with port
esound-0.2.36_1             =  up-to-date with port
ethereal-0.99.0_2           =  up-to-date with port
expat-2.0.0_1               =  up-to-date with port
expect-5.43.0               =  up-to-date with port
ezm3-1.2_1                  =  up-to-date with port
festival-1.95_1             =  up-to-date with port
festlex-cmu-1.95            =  up-to-date with port
festlex-poslex-1.4.1_2      =  up-to-date with port
festvox-kal8-1.4.0_1        =  up-to-date with port
figlet-2.2.1                =  up-to-date with port
filelight-0.6.4_4           =  up-to-date with port
firefox-1.5.0.4,1           =  up-to-date with port
flac-1.1.2_1                =  up-to-date with port
fluxbox-0.1.14_2            =  up-to-date with port
fontconfig-2.3.2_5,1        =  up-to-date with port
fpkg-0.2                    =  up-to-date with port
freebsd-sha256-20050310     =  up-to-date with port
freetype2-2.1.10_3          =  up-to-date with port
fsv-0.9_2                   =  up-to-date with port
gail-1.8.11_1               =  up-to-date with port
gaim-1.5.0_4                =  up-to-date with port
gamin-0.1.7_2               =  up-to-date with port
gconf2-2.14.0_2             =  up-to-date with port
gd-2.0.33_4,1               =  up-to-date with port
gdbm-1.8.3_2                =  up-to-date with port
gettext-0.14.5_2            =  up-to-date with port
ghostscript-gnu-7.07_15     =  up-to-date with port
glib-1.2.10_12              =  up-to-date with port
glib-2.10.3                 =  up-to-date with port
gmake-3.81_1                =  up-to-date with port
gnome-desktop-2.14.2_1      =  up-to-date with port
gnome-doc-utils-0.6.1       =  up-to-date with port
gnome-icon-theme-2.14.2     =  up-to-date with port
gnome-menu-editor-0.6       =  up-to-date with port
gnome-menus-2.14.0          =  up-to-date with port
gnome-panel-2.14.2_2        =  up-to-date with port
gnome-vfs-2.14.2_3          =  up-to-date with port
gnomehier-2.1_2             =  up-to-date with port
gnomekeyring-0.4.9          =  up-to-date with port
gnomemimedata-2.4.2         =  up-to-date with port
gnuplot-4.0.0_4             =  up-to-date with port
gnutls-1.2.11               =  up-to-date with port
gsfonts-8.11_2              =  up-to-date with port
gstreamer-0.10.8            =  up-to-date with port
gstreamer-ffmpeg80-0.8.7_3  =  up-to-date with port
gstreamer-plugins-0.10.8,1  =  up-to-date with port
gstreamer-plugins-a52dec80-0.8.12_2  =  up-to-date with port
gstreamer-plugins-core80-0.8.11_7  =  up-to-date with port
gstreamer-plugins-dts80-0.8.12_1  =  up-to-date with port
gstreamer-plugins-dvd80-0.8.12_2  =  up-to-date with port
gstreamer-plugins-libpng80-0.8.12_4  <  needs updating (port has 0.8.12_5)
gstreamer-plugins-mad80-0.8.12_3  =  up-to-date with port
gstreamer-plugins-ogg-0.10.8_1,1  =  up-to-date with port
gstreamer-plugins-pango80-0.8.12_2  =  up-to-date with port
gstreamer-plugins-vorbis80-0.8.12_2  =  up-to-date with port
gstreamer-plugins-xvid80-0.8.12_1  =  up-to-date with port
gstreamer-plugins80-0.8.12_2  =  up-to-date with port
gstreamer80-0.8.12_1        =  up-to-date with port
gtk-1.2.10_15               =  up-to-date with port
gtk-2.8.18_1                <  needs updating (port has 2.8.19)
gtk-engines2-2.6.8          <  needs updating (port has 2.6.9)
gtkglarea-1.2.3_1           =  up-to-date with port
gtkglext-1.0.6_5            <  needs updating (port has 1.2.0)
gtksourceview-1.6.1_1       =  up-to-date with port
gtkspell2-2.0.11_3          =  up-to-date with port
gv-3.6.1                    =  up-to-date with port
heimdal-0.6.6               =  up-to-date with port
help2man-1.36.4_1           =  up-to-date with port
hicolor-icon-theme-0.5      =  up-to-date with port
id3lib-3.8.3_2              <  needs updating (port has 3.8.3_3)
imake-6.9.0                 =  up-to-date with port
instiki-0.11.0_1            =  up-to-date with port
intltool-0.35.0             =  up-to-date with port
jackit-0.100.0_2            <  needs updating (port has 0.101.1_1)
jasper-1.701.0_1            =  up-to-date with port
javavmwrapper-2.3           =  up-to-date with port
jbigkit-1.6                 =  up-to-date with port
jdk-1.5.0p3                 <  needs updating (port has 1.5.0p3_1)
jpeg-6b_4                   =  up-to-date with port
kdehier-1.0_9               =  up-to-date with port
kdelibs-3.5.2_1             <  needs updating (port has 3.5.3)
lame-3.96.1                 =  up-to-date with port
lcms-1.14_1,1               =  up-to-date with port
ldconfig_compat-1.0_8       =  up-to-date with port
lftp-3.4.7                  =  up-to-date with port
libIDL-0.8.6_2              =  up-to-date with port
libXft-2.1.7_1              =  up-to-date with port
liba52-0.7.4_1              =  up-to-date with port
libao-esound-0.8.5_2        =  up-to-date with port
libart_lgpl2-2.3.17_1       =  up-to-date with port
libaudiofile-0.2.6          =  up-to-date with port
libbonobo-2.14.0_2          =  up-to-date with port
libbonoboui-2.14.0_1        =  up-to-date with port
libcroco-0.6.1              =  up-to-date with port
libdaemon-0.10_1            =  up-to-date with port
libdrm-2.0.2                =  up-to-date with port
libdts-0.0.2                =  up-to-date with port
libdvdcss-1.2.9_2           =  up-to-date with port
libdvdnav-0.1.10_1          =  up-to-date with port
libdvdread-0.9.4_1          =  up-to-date with port
libfpx-1.2.0.12             =  up-to-date with port
libgcrypt-1.2.2_1           =  up-to-date with port
libglade2-2.5.1_5           =  up-to-date with port
libglut-6.4.2               =  up-to-date with port
libgnome-2.14.1_1           =  up-to-date with port
libgnomecanvas-2.14.0_1     =  up-to-date with port
libgnomecups-0.2.2_1,1      =  up-to-date with port
libgnomeprint-2.12.1_1      <  needs updating (port has 2.12.1_2)
libgnomeprintui-2.12.1_1    =  up-to-date with port
libgnomeui-2.14.1_1         =  up-to-date with port
libgpg-error-1.3            =  up-to-date with port
libgsf-1.14.1               =  up-to-date with port
libgtkhtml-2.11.0_1         =  up-to-date with port
libiconv-1.9.2_2            =  up-to-date with port
libid3tag-0.15.1b           =  up-to-date with port
libidn-0.6.3                =  up-to-date with port
libltdl-1.5.22              =  up-to-date with port
libmad-0.15.1b_2            =  up-to-date with port
libmng-1.0.9                =  up-to-date with port
libogg-1.1.3,3              =  up-to-date with port
liboil-0.3.8                <  needs updating (port has 0.3.9)
libopendaap-0.4.0_1         =  up-to-date with port
librsvg2-2.14.4             =  up-to-date with port
libsndfile-1.0.16           =  up-to-date with port
libtasn1-0.3.4              =  up-to-date with port
libtool-1.5.22_2            =  up-to-date with port
libvorbis-1.1.2,3           =  up-to-date with port
libwnck-2.14.1_1            <  needs updating (port has 2.14.2_1)
libxml2-2.6.26              =  up-to-date with port
libxslt-1.1.16_2            <  needs updating (port has 1.1.17)
linc-1.0.3_6                =  up-to-date with port
links-2.1.p21,1             =  up-to-date with port
linux-XFree86-libs-4.3.99.902_7  =  up-to-date with port
linux-atk-1.8.0_2           =  up-to-date with port
linux-expat-1.95.7_1        =  up-to-date with port
linux-fontconfig-2.2.3_4    =  up-to-date with port
linux-glib2-2.4.8_2         =  up-to-date with port
linux-gtk2-2.4.14_4         =  up-to-date with port
linux-jpeg-6b.33_1          =  up-to-date with port
linux-pango-1.6.0_2         =  up-to-date with port
linux-png-1.2.8_1           =  up-to-date with port
linux-sun-jdk-1.4.2.11      <  needs updating (port has 1.4.2.12)
linux-tiff-3.6.1_6          =  up-to-date with port
linux_base-8-8.0_15         <  needs updating (port has 8.0_16)
lsof-4.77                   =  up-to-date with port
lua-5.0.2_1                 =  up-to-date with port
m4-1.4.4                    =  up-to-date with port
mDNSResponder-107.5         =  up-to-date with port
mkfile-1.1                  =  up-to-date with port
mozilla-1.7.13,2            =  up-to-date with port
mpeg2codec-1.2_1            =  up-to-date with port
mplayer-gtk-esound-0.99.7_14  <  needs updating (port has 0.99.7_15)
mplayer-skins-1.1.2_1       =  up-to-date with port
mysql-client-4.1.18_1       <  needs updating (port has 4.1.20)
mysql-server-4.1.18_2       <  needs updating (port has 4.1.20)
nano-1.2.5                  =  up-to-date with port
nas-1.7c                    <  needs updating (port has 1.8)
nasm-0.98.39,1              =  up-to-date with port
neon-0.25.5                 =  up-to-date with port
net-snmp-5.2.2_2            =  up-to-date with port
nload-0.6.0                 =  up-to-date with port
nmap-4.10                   =  up-to-date with port
nspr-4.6.1                  =  up-to-date with port
nss-3.11.1                  =  up-to-date with port
ntp-4.2.0_1                 <  needs updating (port has 4.2.2)
open-motif-2.2.3_2          =  up-to-date with port
openldap-client-2.2.30      =  up-to-date with port
p5-Algorithm-Annotate-0.10  =  up-to-date with port
p5-Algorithm-Diff-1.1901    =  up-to-date with port
p5-BFD-0.31                 =  up-to-date with port
p5-Class-Accessor-0.25      =  up-to-date with port
p5-Class-Autouse-1.26       =  up-to-date with port
p5-Clone-0.20               =  up-to-date with port
p5-Compress-Zlib-1.41       =  up-to-date with port
p5-Data-Hierarchy-0.22      =  up-to-date with port
p5-Data-UUID-0.14           =  up-to-date with port
p5-Digest-1.15              =  up-to-date with port
p5-Digest-MD5-2.36          =  up-to-date with port
p5-File-Type-0.22           =  up-to-date with port
p5-File-chdir-0.06          =  up-to-date with port
p5-Font-AFM-1.19            =  up-to-date with port
p5-FreezeThaw-0.43          =  up-to-date with port
p5-HTML-Format-2.04         =  up-to-date with port
p5-HTML-Parser-3.54         =  up-to-date with port
p5-HTML-Tagset-3.10         =  up-to-date with port
p5-HTML-Tree-3.19.01        <  needs updating (port has 3.20)
p5-I18N-LangTags-0.35       =  up-to-date with port
p5-IO-Digest-0.10           =  up-to-date with port
p5-IO-Pager-0.06            =  up-to-date with port
p5-IPC-Run3-0.034           =  up-to-date with port
p5-Locale-Maketext-1.09_1   <  needs updating (port has 1.10)
p5-Locale-Maketext-Lexicon-0.61  <  needs updating (port has 0.62)
p5-Locale-Maketext-Simple-0.16  =  up-to-date with port
p5-MIME-Base64-3.07         =  up-to-date with port
p5-PathTools-3.18           =  up-to-date with port
p5-PerlIO-eol-0.13          =  up-to-date with port
p5-PerlIO-via-dynamic-0.12  =  up-to-date with port
p5-PerlIO-via-symlink-0.05  =  up-to-date with port
p5-Pod-Escapes-1.04         =  up-to-date with port
p5-Pod-Parser-1.34          =  up-to-date with port
p5-Pod-Simple-3.04          =  up-to-date with port
p5-PodToHTML-0.05_1         =  up-to-date with port
p5-Regexp-Common-2.120      =  up-to-date with port
p5-Regexp-Shellish-0.93     =  up-to-date with port
p5-SVN-Mirror-0.68          =  up-to-date with port
p5-SVN-Simple-0.27          =  up-to-date with port
p5-Scalar-List-Utils-1.18,1  =  up-to-date with port
p5-Spiffy-0.30              =  up-to-date with port
p5-Storable-2.15            =  up-to-date with port
p5-Term-ReadKey-2.30        =  up-to-date with port
p5-Test-Base-0.50           <  needs updating (port has 0.51)
p5-Test-Harness-2.60        <  needs updating (port has 2.62)
p5-Test-Simple-0.62         =  up-to-date with port
p5-Text-Aligner-0.03        =  up-to-date with port
p5-Text-Diff-0.35           =  up-to-date with port
p5-Text-Table-1.107         =  up-to-date with port
p5-Text-Tabs+Wrap-2001.0929  <  needs updating (port has 2005.0824)
p5-Time-HiRes-1.87,1        =  up-to-date with port
p5-TimeDate-1.16,1          =  up-to-date with port
p5-URI-1.35                 =  up-to-date with port
p5-VCP-autrijus-0.9.20050110  =  up-to-date with port
p5-XML-AutoWriter-0.39      =  up-to-date with port
p5-XML-Parser-2.34_2        =  up-to-date with port
p5-YAML-0.58                =  up-to-date with port
p5-gettext-1.05_1           =  up-to-date with port
p5-prefork-1.00             =  up-to-date with port
p7zip-4.42                  =  up-to-date with port
pango-1.12.3                =  up-to-date with port
pcre-6.6_1                  =  up-to-date with port
pdflib-6.0.3                =  up-to-date with port
perl-5.8.8                  =  up-to-date with port
php4-4.4.2_2                =  up-to-date with port
php4-mysql-4.4.2_2          =  up-to-date with port
php4-pcre-4.4.2_2           =  up-to-date with port
php4-session-4.4.2_2        =  up-to-date with port
php4-xml-4.4.2_2            =  up-to-date with port
pkgconfig-0.20_2            =  up-to-date with port
png-1.2.8_3                 =  up-to-date with port
popt-1.7_1                  =  up-to-date with port
portaudio-18.1_2            =  up-to-date with port
portsnap-1.1                =  up-to-date with port
portupgrade-2.1.3.1,2       =  up-to-date with port
postgresql-client-8.1.4     =  up-to-date with port
postgresql-server-8.1.4     <  needs updating (port has 8.1.4_1)
py24-imaging-1.1.5_2        =  up-to-date with port
py24-libxml2-2.6.26         =  up-to-date with port
py24-tkinter-2.4.3_1        =  up-to-date with port
python-2.4.3                =  up-to-date with port
qmake-3.3.6                 =  up-to-date with port
qt-3.3.6_2                  =  up-to-date with port
rapidsvn-0.9.0_1            =  up-to-date with port
rdesktop-1.4.1              =  up-to-date with port
rename-1.3                  =  up-to-date with port
rpm-3.0.6_13                =  up-to-date with port
rrdtool-1.2.12_1            =  up-to-date with port
ruby-1.8.4_8,1              =  up-to-date with port
ruby18-atk-0.14.1           =  up-to-date with port
ruby18-bdb1-0.2.2           =  up-to-date with port
ruby18-cairo-1.0.0          =  up-to-date with port
ruby18-gconf2-0.14.1        =  up-to-date with port
ruby18-gdk_pixbuf2-0.14.1   =  up-to-date with port
ruby18-gems-0.8.11          =  up-to-date with port
ruby18-glib2-0.14.1         =  up-to-date with port
ruby18-gnome2-0.14.1        =  up-to-date with port
ruby18-gnome2-all-0.14.1_1  =  up-to-date with port
ruby18-gnomecanvas2-0.14.1  =  up-to-date with port
ruby18-gnomeprint-0.14.1    =  up-to-date with port
ruby18-gnomeprintui-0.14.1  =  up-to-date with port
ruby18-gnomevfs-0.14.1      =  up-to-date with port
ruby18-gst-0.14.1           =  up-to-date with port
ruby18-gtk2-0.14.1          =  up-to-date with port
ruby18-gtkglext-0.14.1_1    =  up-to-date with port
ruby18-gtkhtml2-0.14.1      =  up-to-date with port
ruby18-gtkmozembed-0.14.1   =  up-to-date with port
ruby18-gtksourceview-0.14.1  =  up-to-date with port
ruby18-iconv-1.8.4,1        =  up-to-date with port
ruby18-libart2-0.14.1       =  up-to-date with port
ruby18-libglade2-0.14.1     =  up-to-date with port
ruby18-opengl-0.32b_2       =  up-to-date with port
ruby18-panelapplet-0.14.1   =  up-to-date with port
ruby18-pango-0.14.1         =  up-to-date with port
ruby18-rsvg2-0.14.1         =  up-to-date with port
ruby18-sqlite3-0.9.0        =  up-to-date with port
rubygem-bluecloth-1.0.0     =  up-to-date with port
rubygem-rake-0.7.1          =  up-to-date with port
samba-3.0.22,1              =  up-to-date with port
samba-libsmbclient-3.0.22   =  up-to-date with port
screen-4.0.2_4              =  up-to-date with port
scrollkeeper-0.3.14_4,1     =  up-to-date with port
sdocbook-xml-4.1.2.5_2      =  up-to-date with port
shared-mime-info-0.17_1     =  up-to-date with port
shishi-0.0.22_2             =  up-to-date with port
sqlite-3.3.6                =  up-to-date with port
startup-notification-0.8_2  =  up-to-date with port
subversion-perl-1.3.2       =  up-to-date with port
svk-1.07                    =  up-to-date with port
swig-1.3.29_2               =  up-to-date with port
tcl-8.4.13,1                <  needs updating (port has 8.4.13_1,1)
texinfo-4.8_3               =  up-to-date with port
tiff-3.8.2                  =  up-to-date with port
tk-8.4.13,2                 =  up-to-date with port
unix2dos-1.3                =  up-to-date with port
unrar-3.60.b4,3             =  up-to-date with port
unzip-5.52_2                =  up-to-date with port
vim-6.4.9                   <  needs updating (port has 7.0.35)
wavplay-1.4_2               =  up-to-date with port
wget-1.10.2                 =  up-to-date with port
win32-codecs-3.1.0.p7_2,1   =  up-to-date with port
wxgtk2-2.4.2_10             =  up-to-date with port
xlockmore-5.22              =  up-to-date with port
xmlcatmgr-2.2               =  up-to-date with port
xorg-6.9.0                  =  up-to-date with port
xorg-clients-6.9.0_3        =  up-to-date with port
xorg-documents-6.9.0        =  up-to-date with port
xorg-fonts-100dpi-6.9.0_1   =  up-to-date with port
xorg-fonts-75dpi-6.9.0_1    =  up-to-date with port
xorg-fonts-cyrillic-6.9.0_1  =  up-to-date with port
xorg-fonts-encodings-6.9.0_1  =  up-to-date with port
xorg-fonts-miscbitmaps-6.9.0_1  =  up-to-date with port
xorg-fonts-truetype-6.9.0   =  up-to-date with port
xorg-fonts-type1-6.9.0      =  up-to-date with port
xorg-fontserver-6.9.0_1     =  up-to-date with port
xorg-libraries-6.9.0        =  up-to-date with port
xorg-manpages-6.9.0         =  up-to-date with port
xorg-nestserver-6.9.0       =  up-to-date with port
xorg-printserver-6.9.0_1    =  up-to-date with port
xorg-server-6.9.0_4         =  up-to-date with port
xorg-vfbserver-6.9.0_1      =  up-to-date with port
xterm-213                   <  needs updating (port has 215)
xv-3.10a_5                  =  up-to-date with port
xvid-1.1.0,1                =  up-to-date with port
zip-2.31                    =  up-to-date with port


From trish at bsdunix.net  Fri Jul  7 22:54:44 2006
From: trish at bsdunix.net (Trish Lynch)
Date: Fri, 7 Jul 2006 22:54:44 -0400 (EDT)
Subject: [nycbug-talk] radrails on FreeBSD?
In-Reply-To: <a49e62c80607071246o3ec788bbq7a97e67072fb0c36@mail.gmail.com>
References: <Pine.OSX.4.61.0607071426110.777@gee5.nat.fasttrackmonkey.com>
	<a49e62c80607071246o3ec788bbq7a97e67072fb0c36@mail.gmail.com>
Message-ID: <20060707225136.V656@daemon.bsdunix.net>






On Fri, 7 Jul 2006, Anthony Elizondo wrote:

> On 7/7/06, Charles Sprickman <spork at bway.net> wrote:
>> Hi all,
>>
>> I know nothing of Java other than it's a pain in the ass. :)
>>

I've been native java versions on FreeBSD for a while now, and I use them 
in production (not for java app servers (like tomcat) but for actual java 
applications that serve the backbone of paltalk (http://www.paltalk.com), 
especially on 6.x I have had very little issue with java and the only 
issues I've had with recent builds on 5.x is that it runs a little hot.

You have to build the package yourself but after that you can mvoe it 
between boxes as long as you also install the dependencies...

For more info see my Java on FreeBSD talk that is recorded up on the 
NYCBUG site.

-Trish


-- 
Trish Lynch					   trish at bsdunix.net
Ecartis Core Team 			      trish at listmistress.org
Key fingerprint = 781D 2B47 AA4B FC88 B919  0CD6 26B2 1D62 6FC1 FF16


From ike at lesmuug.org  Sat Jul  8 06:55:05 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sat, 8 Jul 2006 06:55:05 -0400
Subject: [nycbug-talk] Your Own Personal Internet
Message-ID: <02209418-4D4E-4F15-85A2-756591BF43C4@lesmuug.org>

Hi All,

 From my desk, I'm not sure how much of the net neutrality issues  
have really touched our world directly here, but it seems to be  
largely ignored by us tech folks because the debate seems pretty  
severely misguided, on both sides of the debate.

With regard to the ongoing US net neutrality debates in the Senate,  
there's some fairly hysterical stuff going on in DC, this audio is  
worth listening to for a real laugh:

--
'Senator Stevens Speaks on Net Neutrality'
(chairman of the net neutrality commerce committee)
http://www.publicknowledge.org/node/497

'Senator Ted Stevens (R-Alaska) explained why he voted against the  
amendment and gave an amazing primer on how the internet works.:

"I just the other day got, an internet was sent by my staff at 10  
o'clock in the morning on Friday and I just got it yesterday. Why?
Because it got tangled up with all these things going on the internet  
commercially."


--
'Senator Stevens Internet Forensics'
http://blog.wired.com/27BStroke6/?entry_id=1512499


Enlightening stuff folks, truly.

Rocket-
.ike




From ike at lesmuug.org  Sat Jul  8 07:11:22 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sat, 8 Jul 2006 07:11:22 -0400
Subject: [nycbug-talk] To ping or not to ping, that is the question...
Message-ID: <3D433700-DE67-47CE-9367-959DD8798948@lesmuug.org>

Hey All,

I'm trying to ping. :)

Ok, so the situation is this- I'm attempting to determine weather or  
not a box is 'live', using some kind of external network probe  
(ping), hopefully determining if the box is up within 10 seconds or  
so- so my program can decide to do other things.

With that, the ping utility was not really designed to accommodate  
this need, on several counts:

Inside the box:
- to my knowledge, (and digging through the man pages), ping cannot  
bind itself to a particular network interface, which is a problem on  
boxes with multiple interfaces, with IP's all on the same subnet.   
(ping just finds the first IP route, and pings out on that interface.

Outside the box:
- to my knowledge, (and digging through the man pages), ping does not  
have any options which let the utility return some sort of boolean  
value for weather or not a packet was returned.

If I'm wrong on either of these points, I'd love for someone to tell  
me different- it would get me out of some tedious work here...

(sidenote- I know the implications of my question are a bit heavy,  
insomuch as there's *so much* that can happen to make a given ping  
fail, network latency, tons of factors... so using ping to determine  
weather a box is 'up' is more of an ontological debate than a simple  
yes or no answer...)

--
What I'm planning on doing, to solve my problem(s), is to write a  
small utility into my application which creates a network socket on a  
specified network interface, and pings from an IP assigned to it-  
returning boolean values to my program, so it can decide what to do  
(a fail-over type application).  This can be done pretty simply in  
Python (or similar), I'd just rather use a core system utility and  
keep it all in nice portable shell scripts...

Is this a sane idea, or are there some other ping type utilities out  
there that people know and love to do the same thing?  (Note- I'm not  
looking for some kind of Nagios/etc... type solution, I'm looking for  
a small stable widget to incorporate into my program).

Any thoughts, urls, chiding, anything- much appreciated...
(Arp related tools would also be a fine solution here, since I'm  
really focused on layer 2 [or perhps 3, IP], not services on the  
upper layers...)

Best,
.ike




From nycbug at cyth.net  Sat Jul  8 07:33:39 2006
From: nycbug at cyth.net (Ray Lai)
Date: Sat, 8 Jul 2006 07:32:39 -0401
Subject: [nycbug-talk] To ping or not to ping, that is the question...
In-Reply-To: <20060708113132.GM14327@cybertron.cyth.net>
References: <3D433700-DE67-47CE-9367-959DD8798948@lesmuug.org>
	<20060708113132.GM14327@cybertron.cyth.net>
Message-ID: <20060708113302.GN14327@cybertron.cyth.net>

On Sat, Jul 08, 2006 at 07:11:22AM -0400, Isaac Levy wrote:
> Hey All,
> 
> I'm trying to ping. :)
> 
> Ok, so the situation is this- I'm attempting to determine weather or  
> not a box is 'live', using some kind of external network probe  
> (ping), hopefully determining if the box is up within 10 seconds or  
> so- so my program can decide to do other things.
> 
> With that, the ping utility was not really designed to accommodate  
> this need, on several counts:
> 
> Inside the box:
> - to my knowledge, (and digging through the man pages), ping cannot  
> bind itself to a particular network interface, which is a problem on  
> boxes with multiple interfaces, with IP's all on the same subnet.   
> (ping just finds the first IP route, and pings out on that interface.

NetBSD and OpenBSD's ping allows this with the -I flag.  FreeBSD's
allows it with the -S flag.

> Outside the box:
> - to my knowledge, (and digging through the man pages), ping does not  
> have any options which let the utility return some sort of boolean  
> value for weather or not a packet was returned.

It returns 0 if a packet was received and other values otherwise,
depending on the operating system.  You'll probably want to use the
-c flag.

-Ray-

> If I'm wrong on either of these points, I'd love for someone to tell  
> me different- it would get me out of some tedious work here...
> 
> (sidenote- I know the implications of my question are a bit heavy,  
> insomuch as there's *so much* that can happen to make a given ping  
> fail, network latency, tons of factors... so using ping to determine  
> weather a box is 'up' is more of an ontological debate than a simple  
> yes or no answer...)
> 
> --
> What I'm planning on doing, to solve my problem(s), is to write a  
> small utility into my application which creates a network socket on a  
> specified network interface, and pings from an IP assigned to it-  
> returning boolean values to my program, so it can decide what to do  
> (a fail-over type application).  This can be done pretty simply in  
> Python (or similar), I'd just rather use a core system utility and  
> keep it all in nice portable shell scripts...
> 
> Is this a sane idea, or are there some other ping type utilities out  
> there that people know and love to do the same thing?  (Note- I'm not  
> looking for some kind of Nagios/etc... type solution, I'm looking for  
> a small stable widget to incorporate into my program).
> 
> Any thoughts, urls, chiding, anything- much appreciated...
> (Arp related tools would also be a fine solution here, since I'm  
> really focused on layer 2 [or perhps 3, IP], not services on the  
> upper layers...)


From ike at lesmuug.org  Sat Jul  8 07:41:36 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sat, 8 Jul 2006 07:41:36 -0400
Subject: [nycbug-talk] To ping or not to ping, that is the question...
In-Reply-To: <20060708113132.GM14327@cybertron.cyth.net>
References: <3D433700-DE67-47CE-9367-959DD8798948@lesmuug.org>
	<20060708113132.GM14327@cybertron.cyth.net>
Message-ID: <1B4FEA9D-3F0B-4B73-974D-D95992E45446@lesmuug.org>

Hi Ray,

On Jul 8, 2006, at 7:31 AM, Ray Lai wrote:

>> Inside the box:
>> - to my knowledge, (and digging through the man pages), ping cannot
>> bind itself to a particular network interface, which is a problem on
>> boxes with multiple interfaces, with IP's all on the same subnet.
>> (ping just finds the first IP route, and pings out on that interface.
>
> NetBSD and OpenBSD's ping allows this with the -I flag.  FreeBSD's
> allows it with the -S flag.

Well I stand corrected, happily :)

>
>> Outside the box:
>> - to my knowledge, (and digging through the man pages), ping does not
>> have any options which let the utility return some sort of boolean
>> value for weather or not a packet was returned.
>
> It returns 0 if a packet was received and other values otherwise,
> depending on the operating system.  You'll probably want to use the
> -c flag.
>
> -Ray-

Ok- so now here's my new question, how can I get ping to return less  
verbose stuff, a simple integer returned would be way nicer to  
programatically deal with (vs. having to parse the text)- which in  
the context of my app, is all just verbose garbage for me to deal  
with...

Additionally, I'd like to be able to set some kind of response  
timeout, (under 1 second)?

Rocket-
.ike





From nycbug at cyth.net  Sat Jul  8 08:02:02 2006
From: nycbug at cyth.net (Ray Lai)
Date: Sat, 8 Jul 2006 08:02:02 -0400
Subject: [nycbug-talk] To ping or not to ping, that is the question...
In-Reply-To: <1B4FEA9D-3F0B-4B73-974D-D95992E45446@lesmuug.org>
References: <3D433700-DE67-47CE-9367-959DD8798948@lesmuug.org>
	<20060708113132.GM14327@cybertron.cyth.net>
	<1B4FEA9D-3F0B-4B73-974D-D95992E45446@lesmuug.org>
Message-ID: <20060708120225.GO14327@cybertron.cyth.net>

On Sat, Jul 08, 2006 at 07:41:36AM -0400, Isaac Levy wrote:
> Hi Ray,
> 
> On Jul 8, 2006, at 7:31 AM, Ray Lai wrote:
> 
> >> Inside the box:
> >> - to my knowledge, (and digging through the man pages), ping cannot
> >> bind itself to a particular network interface, which is a problem on
> >> boxes with multiple interfaces, with IP's all on the same subnet.
> >> (ping just finds the first IP route, and pings out on that interface.
> >
> > NetBSD and OpenBSD's ping allows this with the -I flag.  FreeBSD's
> > allows it with the -S flag.
> 
> Well I stand corrected, happily :)
> 
> >
> >> Outside the box:
> >> - to my knowledge, (and digging through the man pages), ping does not
> >> have any options which let the utility return some sort of boolean
> >> value for weather or not a packet was returned.
> >
> > It returns 0 if a packet was received and other values otherwise,
> > depending on the operating system.  You'll probably want to use the
> > -c flag.
> >
> > -Ray-
> 
> Ok- so now here's my new question, how can I get ping to return less  
> verbose stuff, a simple integer returned would be way nicer to  
> programatically deal with (vs. having to parse the text)- which in  
> the context of my app, is all just verbose garbage for me to deal  
> with...
>
> Additionally, I'd like to be able to set some kind of response  
> timeout, (under 1 second)?

Just do:

ray at x[~] COUNT=1; WAIT=1; ping -c "$COUNT" -w "$WAIT" google.com >/dev/null && echo success || echo fail
success
ray at x[~] COUNT=1; WAIT=1; ping -c "$COUNT" -w "$WAIT" 10.0.1.9 >/dev/null && echo success || echo fail
fail

Unfortunately the -w flag only accepts integers, so the lowest
timeout you can set is one second.

-Ray-


From ike at lesmuug.org  Sat Jul  8 08:46:51 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sat, 8 Jul 2006 08:46:51 -0400
Subject: [nycbug-talk] To ping or not to ping, that is the question...
In-Reply-To: <20060708120225.GO14327@cybertron.cyth.net>
References: <3D433700-DE67-47CE-9367-959DD8798948@lesmuug.org>
	<20060708113132.GM14327@cybertron.cyth.net>
	<1B4FEA9D-3F0B-4B73-974D-D95992E45446@lesmuug.org>
	<20060708120225.GO14327@cybertron.cyth.net>
Message-ID: <2E945489-2D14-4169-BDD6-D89101940422@lesmuug.org>

Hi Ray,

On Jul 8, 2006, at 8:02 AM, Ray Lai wrote:

> Just do:
>
> ray at x[~] COUNT=1; WAIT=1; ping -c "$COUNT" -w "$WAIT" google.com >/ 
> dev/null && echo success || echo fail
> success
> ray at x[~] COUNT=1; WAIT=1; ping -c "$COUNT" -w "$WAIT" 10.0.1.9 >/ 
> dev/null && echo success || echo fail
> fail
>
> Unfortunately the -w flag only accepts integers, so the lowest
> timeout you can set is one second.
>
> -Ray-

Thanks, I can now say that Ray Lai taught me to ping.

Problem: the wait function seems to not have much affect, if I ping  
an address I know doesn't exist, it still takes an indeterminate  
amount of time to return the failure...

Hrm.  I think I can hack this nicely now though.  Thanks!

Rocket-
.ike




From alex at pilosoft.com  Sat Jul  8 10:00:59 2006
From: alex at pilosoft.com (alex at pilosoft.com)
Date: Sat, 8 Jul 2006 10:00:59 -0400 (EDT)
Subject: [nycbug-talk] To ping or not to ping, that is the question...
In-Reply-To: <3D433700-DE67-47CE-9367-959DD8798948@lesmuug.org>
Message-ID: <Pine.LNX.4.44.0607081000031.28290-100000@bawx.pilosoft.com>

> Is this a sane idea, or are there some other ping type utilities out
> there that people know and love to do the same thing?  (Note- I'm not
> looking for some kind of Nagios/etc... type solution, I'm looking for a
> small stable widget to incorporate into my program).
www.fping.com

done and done

-alex



From jpb at sixshooter.v6.thrupoint.net  Sat Jul  8 10:18:52 2006
From: jpb at sixshooter.v6.thrupoint.net (Jim Brown)
Date: Sat, 8 Jul 2006 10:18:52 -0400
Subject: [nycbug-talk] To ping or not to ping, that is the question...
In-Reply-To: <3D433700-DE67-47CE-9367-959DD8798948@lesmuug.org>
References: <3D433700-DE67-47CE-9367-959DD8798948@lesmuug.org>
Message-ID: <20060708141852.GC41349@sixshooter.v6.thrupoint.net>

* Isaac Levy <ike at lesmuug.org> [2006-07-08 07:13]:
> Hey All,
> 
> I'm trying to ping. :)
> 
[snip]

Hi Ike,

You should also have a look at hping (#6 on Fyodors tools list this year).
www.hping.org - check out the wiki at wiki.hping.org

or just save yourself a lot of time and build it from ports:

/usr/ports/net/hping

The man page is quite informative.

Many timing, output, and protocol options are available.
Easily scriptable, you can also use the underlying API in programs
(as Fyodor did with Nmap).

Best,
Jim B.



From jonathan at kc8onw.net  Sat Jul  8 17:52:05 2006
From: jonathan at kc8onw.net (Jonathan Stewart)
Date: Sat, 08 Jul 2006 21:52:05 +0000
Subject: [nycbug-talk] To ping or not to ping, that is the question...
In-Reply-To: <2E945489-2D14-4169-BDD6-D89101940422@lesmuug.org>
References: <3D433700-DE67-47CE-9367-959DD8798948@lesmuug.org>	<20060708113132.GM14327@cybertron.cyth.net>	<1B4FEA9D-3F0B-4B73-974D-D95992E45446@lesmuug.org>	<20060708120225.GO14327@cybertron.cyth.net>
	<2E945489-2D14-4169-BDD6-D89101940422@lesmuug.org>
Message-ID: <44B02905.2010901@kc8onw.net>

Isaac Levy wrote:
> Hi Ray,
>
> On Jul 8, 2006, at 8:02 AM, Ray Lai wrote:
>
>> Just do:
>>
>> ray at x[~] COUNT=1; WAIT=1; ping -c "$COUNT" -w "$WAIT" google.com >/
>> dev/null && echo success || echo fail
>> success
>> ray at x[~] COUNT=1; WAIT=1; ping -c "$COUNT" -w "$WAIT" 10.0.1.9 >/
>> dev/null && echo success || echo fail
>> fail
>>
>> Unfortunately the -w flag only accepts integers, so the lowest
>> timeout you can set is one second.
>>
>> -Ray-
>
> Thanks, I can now say that Ray Lai taught me to ping.
>
> Problem: the wait function seems to not have much affect, if I ping
> an address I know doesn't exist, it still takes an indeterminate
> amount of time to return the failure...

I think you want -t instead of -w.  -t specifies the timeout for an
individual ping -w is the interval between pings when count is more than 1.

Jonathan


From ike at lesmuug.org  Sun Jul  9 14:11:50 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sun, 9 Jul 2006 14:11:50 -0400
Subject: [nycbug-talk] To ping or not to ping, that is the question...
In-Reply-To: <Pine.LNX.4.44.0607081000031.28290-100000@bawx.pilosoft.com>
References: <Pine.LNX.4.44.0607081000031.28290-100000@bawx.pilosoft.com>
Message-ID: <8CCACF66-02D2-4B5A-B4F8-DF6B2C1D9C6D@lesmuug.org>

On Jul 8, 2006, at 10:00 AM, alex at pilosoft.com wrote:

> www.fping.com
>

Thanks alex!  Very cool.

Best,
.ike




From ike at lesmuug.org  Sun Jul  9 14:12:27 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sun, 9 Jul 2006 14:12:27 -0400
Subject: [nycbug-talk] To ping or not to ping, that is the question...
In-Reply-To: <20060708141852.GC41349@sixshooter.v6.thrupoint.net>
References: <3D433700-DE67-47CE-9367-959DD8798948@lesmuug.org>
	<20060708141852.GC41349@sixshooter.v6.thrupoint.net>
Message-ID: <E4279BE9-14D1-4CCB-9D92-BE7F1E313A59@lesmuug.org>

On Jul 8, 2006, at 10:18 AM, Jim Brown wrote:

> www.hping.org

And thanks Jim!

Best,
.ike




From george at galis.org  Mon Jul 10 00:08:59 2006
From: george at galis.org (George Georgalis)
Date: Mon, 10 Jul 2006 00:08:59 -0400
Subject: [nycbug-talk] apache auth allow,deny with condition...
Message-ID: <20060710040859.GA13171@run.galis.org>

I'm trying to setup a domain that uses Basic Auth for everything
but a few items, and no auth for them.  I'd like the mod_dir
DirectoryIndex to work for DocumentRoot, but any other page to
require a valid-user.

The goal is to return instructions at the DocumentRoot, but
require auth for any guessed url, existing or not.  So people
cannot determine if a url exists by checking for 401 vs 404
errors, even if they cannot access the content. In addition to the
index.html (not auto indexing of course), there are a few other
directories that I need unprotected.

My most recent attempt to config...

<Directory />
	Options -Indexes
	Order allow,deny
	Allow from all
	  AuthType Basic
	  AuthName "files"
	  Require valid-user
</Directory>
<Location /account1>
	AuthUserFile /usr/local/etc/apache2/ht/account1
<Location>

But that has problems; AuthUserFile does not exists for
DocumentRoot and I cannot figure out how to selectively add back
Allow to a component, DocumentRoot or a location container (there
are many).

I need something that will error 401 for anything (existing or
not), with a few exceptions like /template/, /errordoc/ and /,
which should all serve without auth, or error. And, of course,
allow for location containers with unique AuthUserFiles. Is that
possible?

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><


From josh at freek.com  Mon Jul 10 15:45:25 2006
From: josh at freek.com (Josh Rivel)
Date: Mon, 10 Jul 2006 15:45:25 -0400
Subject: [nycbug-talk] Open Source Timesheet app w/LDAP integration?
Message-ID: <20060710194525.GA3279@freek.com>

Hi.  So I'm looking for an open source timesheet application that
can talk nicely to LDAP (for authentication)  I tried "Timesheet.php"
but as soon as I enable the LDAP authentication, it breaks :/

I've googles, checked freshmeat, etc, but can't find anything
that's open source and will use LDAP for authentication.  I'm sure
I'm just missing something.

Thanks in advance...

-- 
josh
	There are 10 types of people.  Those that understand binary, 
	and those that don't.


From riegersteve at gmail.com  Mon Jul 10 17:42:39 2006
From: riegersteve at gmail.com (Steve Rieger)
Date: Mon, 10 Jul 2006 14:42:39 -0700
Subject: [nycbug-talk] Open Source Timesheet app w/LDAP integration?
In-Reply-To: <20060710194525.GA3279@freek.com>
References: <20060710194525.GA3279@freek.com>
Message-ID: <44B2C9CF.5010705@gmail.com>

Josh Rivel wrote:
> Hi.  So I'm looking for an open source timesheet application that
> can talk nicely to LDAP (for authentication)  I tried "Timesheet.php"
> but as soon as I enable the LDAP authentication, it breaks :/
>
> I've googles, checked freshmeat, etc, but can't find anything
> that's open source and will use LDAP for authentication.  I'm sure
> I'm just missing something.
>
>   
get any timesheet software that relies on htaccess,



-- 
--
eats the blues for breakfast,
does unix for rent,
plays harp for food,
will play the flute for kicks
rides for the freedom
scrapes for thechallenge



From jonathan at kc8onw.net  Tue Jul 11 05:36:59 2006
From: jonathan at kc8onw.net (Jonathan Stewart)
Date: Tue, 11 Jul 2006 09:36:59 +0000
Subject: [nycbug-talk] Banner type command
Message-ID: <44B3713B.8050207@kc8onw.net>

I've googled for a while with no luck, does anyone know what command
creates a horizontal ascii banner instead vertical like the "banner"
command does?  I seem to remember there being a built-in command that
would do it for FreeBSD.

Thanks,
Jonathan


From tux at penguinnetwerx.net  Tue Jul 11 03:05:21 2006
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Tue, 11 Jul 2006 03:05:21 -0400
Subject: [nycbug-talk] Banner type command
In-Reply-To: <44B3713B.8050207@kc8onw.net>
References: <44B3713B.8050207@kc8onw.net>
Message-ID: <44B34DB1.8070005@penguinnetwerx.net>

Jonathan Stewart wrote:
> I've googled for a while with no luck, does anyone know what command
> creates a horizontal ascii banner instead vertical like the "banner"
> command does?  I seem to remember there being a built-in command that
> would do it for FreeBSD.

/usr/ports/misc/figlet

kevin at chronos [~]$ figlet testing
  _            _   _
| |_ ___  ___| |_(_)_ __   __ _
| __/ _ \/ __| __| | '_ \ / _` |
| ||  __/\__ \ |_| | | | | (_| |
  \__\___||___/\__|_|_| |_|\__, |
                           |___/


From george at galis.org  Tue Jul 11 09:08:23 2006
From: george at galis.org (George Georgalis)
Date: Tue, 11 Jul 2006 09:08:23 -0400
Subject: [nycbug-talk] apache auth allow,deny with condition...
In-Reply-To: <20060710040859.GA13171@run.galis.org>
References: <20060710040859.GA13171@run.galis.org>
Message-ID: <20060711130823.GA16360@run.galis.org>

On Mon, Jul 10, 2006 at 07:41:02AM -0400, wrote:
>George Georgalis wrote...
>> I'm trying to setup a domain that uses Basic Auth for everything
>> but a few items, and no auth for them.  I'd like the mod_dir
>> DirectoryIndex to work for DocumentRoot, but any other page to
>> require a valid-user.
>
>[snip] I trid to do the same things once, have auth required for
>all parts of a website except one directory, I played with
>httpd.conf until my eyes bled, but still could'nt figure it out.
>I don't have anything useful to contribute, but if you get an answer,
>I'd love to hear what it is.

After posting to several lists, including
apache-users, that was the only response I got.

basically apache combines all the access rules in
the path of a given url; where a parameter is set
multiple times, last setting wins and there is no
way to remove access requirements.


So I fixed it by making /errordocs, /templates and
pretty much everything under / available without
restriction. Then I added an /accounts location
container and require valid-user for access with an
AuthUserFile of /dev/null, beneath that each account
specifies it's own AuthUserFile.

So the DocumentRoot presents some instructions,
anybody descending /accounts will need to auth
against /dev/null or a client auth file, in other
words, get the auth required error page unless they
get a proper url _and_ password.

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><


From lists at genoverly.net  Tue Jul 11 09:31:31 2006
From: lists at genoverly.net (michael)
Date: Tue, 11 Jul 2006 09:31:31 -0400
Subject: [nycbug-talk] apache auth allow,deny with condition...
In-Reply-To: <20060711130823.GA16360@run.galis.org>
References: <20060710040859.GA13171@run.galis.org>
	<20060711130823.GA16360@run.galis.org>
Message-ID: <20060711093131.4b826485@wit.genoverly.com>

On Tue, 11 Jul 2006 09:08:23 -0400
"George Georgalis" <george at galis.org> wrote:

> On Mon, Jul 10, 2006 at 07:41:02AM -0400, wrote:
> >George Georgalis wrote...
> >> I'm trying to setup a domain that uses Basic Auth for everything
> >> but a few items, and no auth for them.  I'd like the mod_dir
> >> DirectoryIndex to work for DocumentRoot, but any other page to
> >> require a valid-user.
> >
> >[snip] I trid to do the same things once, have auth required for
> >all parts of a website except one directory, I played with
> >httpd.conf until my eyes bled, but still could'nt figure it out.
> >I don't have anything useful to contribute, but if you get an answer,
> >I'd love to hear what it is.
> 
> After posting to several lists, including
> apache-users, that was the only response I got.
> 
> basically apache combines all the access rules in
> the path of a given url; where a parameter is set
> multiple times, last setting wins and there is no
> way to remove access requirements.
> 
> 
> So I fixed it by making /errordocs, /templates and
> pretty much everything under / available without
> restriction. Then I added an /accounts location
> container and require valid-user for access with an
> AuthUserFile of /dev/null, beneath that each account
> specifies it's own AuthUserFile.
> 
> So the DocumentRoot presents some instructions,
> anybody descending /accounts will need to auth
> against /dev/null or a client auth file, in other
> words, get the auth required error page unless they
> get a proper url _and_ password.
> 
> // George
> 
> 

As you found, use different trees for different perms.  This is the
physical (on disk) structure, your web can appear seemless to the uer.

`-- conf
`-- htdocs                        <= open
     |-- www1.domain.tld          <= open
     |    `-- htpass_pages
     |         `-- other directory
     |         `-- other directory
     |    `-- open_pages
     |         `-- other_directory
     |         `-- other directory
     |    `-- other_htpass_pages
     |         `-- other directory
     |         `-- other directory
     |-- www2.domain.tld          <= open
     |    `-- htpass_pages
     |         `-- other directory
     |         `-- other directory
     |    `-- open_pages
     |         `-- other_directory
     |         `-- other directory
     |    `-- other_htpass_pages
     |         `-- other directory
     |         `-- other directory
`-- logs

-- 

Michael


-- 

Michael


From pete at nomadlogic.org  Tue Jul 11 11:45:12 2006
From: pete at nomadlogic.org (Pete Wright)
Date: Tue, 11 Jul 2006 11:45:12 -0400
Subject: [nycbug-talk] FreeBSD 'n CIFS
Message-ID: <20060711154508.GA71434@sunset.nomadlogic.org>

hey all!

so i've had the pleasant experience of trying to build a stable linux box
acting as an NFS->CIFS gateway (don't ask why - trust me we need a
gateway machine dedicated to moving data from NFS volumes to CIFS
volumes).  in any event, we are using the cifs.ko in linux which
interacts with the VFS to provide cifs support.  let's just say that
this is less than reliable under load (can't say i've ever seen a glibc
null pointer error when trying to mount a filesystem before - atleast on
a "stable" release ;).

question to the list is, has anyone done any work using FreeBSD to mount
and write to CIFS volumes (we can assume CIFS volumes are hosted on
Win2003 server)?  I am assuming I will have to do this in userland via
samba.  if this is the case how has performance been?  We are pretty
happy with the cifs.ko performance under linux - it is just *very*
unstable.

thanks!
-pete

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From njt at ayvali.org  Tue Jul 11 12:01:07 2006
From: njt at ayvali.org (N.J. Thomas)
Date: Tue, 11 Jul 2006 12:01:07 -0400
Subject: [nycbug-talk] FreeBSD 'n CIFS
In-Reply-To: <20060711154508.GA71434@sunset.nomadlogic.org>
References: <20060711154508.GA71434@sunset.nomadlogic.org>
Message-ID: <20060711160107.GW13229@ayvali.org>

* Pete Wright <pete at nomadlogic.org> [2006-07-11 11:45:12 -0400]:
> has anyone done any work using FreeBSD to mount and write to CIFS
> volumes (we can assume CIFS volumes are hosted on Win2003 server)? I
> am assuming I will have to do this in userland via samba.

Yup, we do this. FreeBSD 5.4 box running on a Dell PowerEdge SC 1425
machine. It runs samba-3.0.20b, which was built from ports.

It took us a while to tweak the options in Samba's config to get it to
where we wanted it exactly (or more specifically, to mimic the old
buggy, virus/spyware infested Windows 2000 server that the FreeBSD box
replaced), but once that was done, we've had zero problems with this
machine. It currently has an uptime of 137 days and is pounded quite
heavily by 30+ users during business hours.

The only thing I should note is that our volumes are running off a NetApp
filer, and not a Windows 2003 server, as would be the case with your
setup. We actually mount the NetApp volumes via NFS, and then re-export
using CIFS/Samba -- we don't have a CIFS license for the NetApp box.

Thomas

-- 
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo


From pete at nomadlogic.org  Tue Jul 11 12:09:23 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Tue, 11 Jul 2006 09:09:23 -0700 (PDT)
Subject: [nycbug-talk] FreeBSD 'n CIFS
In-Reply-To: <20060711160107.GW13229@ayvali.org>
References: <20060711154508.GA71434@sunset.nomadlogic.org>
	<20060711160107.GW13229@ayvali.org>
Message-ID: <46141.160.33.20.11.1152634163.squirrel@webmail.nomadlogic.org>


> * Pete Wright <pete at nomadlogic.org> [2006-07-11 11:45:12 -0400]:
>> has anyone done any work using FreeBSD to mount and write to CIFS
>> volumes (we can assume CIFS volumes are hosted on Win2003 server)? I
>> am assuming I will have to do this in userland via samba.
>
> Yup, we do this. FreeBSD 5.4 box running on a Dell PowerEdge SC 1425
> machine. It runs samba-3.0.20b, which was built from ports.
>
> It took us a while to tweak the options in Samba's config to get it to
> where we wanted it exactly (or more specifically, to mimic the old
> buggy, virus/spyware infested Windows 2000 server that the FreeBSD box
> replaced), but once that was done, we've had zero problems with this
> machine. It currently has an uptime of 137 days and is pounded quite
> heavily by 30+ users during business hours.
>
> The only thing I should note is that our volumes are running off a NetApp
> filer, and not a Windows 2003 server, as would be the case with your
> setup. We actually mount the NetApp volumes via NFS, and then re-export
> using CIFS/Samba -- we don't have a CIFS license for the NetApp box.

ok, sounds pretty similar to what we will be doing (we are a netapp shop
too).  i think what has been giving us greif is writting to the CIFS
volumes.  are people doing lot's a streaming I/O on your FreeBSD box, or
is it mostly small read's and writes?  we will be moving a lot of large
files through this guy (on average 500-1000 500meg files) via gig-e.


i guess this rasises and interesting point....maybe kernemode CIFS is just
not the way to go regardless of platform....

thanks!

-pete

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From njt at ayvali.org  Tue Jul 11 12:25:32 2006
From: njt at ayvali.org (N.J. Thomas)
Date: Tue, 11 Jul 2006 12:25:32 -0400
Subject: [nycbug-talk] FreeBSD 'n CIFS
In-Reply-To: <46141.160.33.20.11.1152634163.squirrel@webmail.nomadlogic.org>
References: <20060711154508.GA71434@sunset.nomadlogic.org>
	<20060711160107.GW13229@ayvali.org>
	<46141.160.33.20.11.1152634163.squirrel@webmail.nomadlogic.org>
Message-ID: <20060711162532.GA10530@ayvali.org>

* Peter Wright <pete at nomadlogic.org> [2006-07-11 09:09:23 -0700]:
> are people doing lot's a streaming I/O on your FreeBSD box, or is it
> mostly small read's and writes?  we will be moving a lot of large
> files through this guy (on average 500-1000 500meg files) via gig-e.

AFAIK, it is mostly smaller reads and writes, although some of the devs
use the setup at night to store database repository dumps (~500MiB).

But...I do seem to recall from lurking on the Samba lists that 500MiB,
even a 1000 of them, were not really a problem. In fact, those guys were
writing large files (>2GiB), many of them, and their complaints were
more centered on large file support in Samba than in any performance
degradation from writing several large files. But that was a long time
ago and its a bit fuzzy, but the Samba archives should help.

Thomas

-- 
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo


From daggerquill at gmail.com  Tue Jul 11 12:37:29 2006
From: daggerquill at gmail.com (Jay Savage)
Date: Tue, 11 Jul 2006 12:37:29 -0400
Subject: [nycbug-talk] To ping or not to ping, that is the question...
In-Reply-To: <1B4FEA9D-3F0B-4B73-974D-D95992E45446@lesmuug.org>
References: <3D433700-DE67-47CE-9367-959DD8798948@lesmuug.org>
	<20060708113132.GM14327@cybertron.cyth.net>
	<1B4FEA9D-3F0B-4B73-974D-D95992E45446@lesmuug.org>
Message-ID: <4ce365ec0607110937h370274d8v355f076bb3f87264@mail.gmail.com>

On 7/8/06, Isaac Levy <ike at lesmuug.org> wrote:
> Hi Ray,
>

>
> >
> >> Outside the box:
> >> - to my knowledge, (and digging through the man pages), ping does not
> >> have any options which let the utility return some sort of boolean
> >> value for weather or not a packet was returned.
> >
> > It returns 0 if a packet was received and other values otherwise,
> > depending on the operating system.  You'll probably want to use the
> > -c flag.
> >
> > -Ray-
>
> Ok- so now here's my new question, how can I get ping to return less
> verbose stuff, a simple integer returned would be way nicer to
> programatically deal with (vs. having to parse the text)- which in
> the context of my app, is all just verbose garbage for me to deal
> with...
>
> Additionally, I'd like to be able to set some kind of response
> timeout, (under 1 second)?
>
> Rocket-
> .ike

Ike,

If you're at all familiar with Perl, the Net::Ping Perl module is the
way to go (http://search.cpan.org/~bbb/Net-Ping-2.31/lib/Net/Ping.pm).
And if you're not familiar with Perl, you should be. ;)

HTH,

-- jay
--------------------------------------------------
This email and attachment(s): [  ] blogable; [ x ] ask first; [  ]
private and confidential

daggerquill [at] gmail [dot] com
http://www.tuaw.com  http://www.dpguru.com  http://www.engatiki.org

values of ? will give rise to dom!



From dlavigne6 at sympatico.ca  Thu Jul 13 12:10:45 2006
From: dlavigne6 at sympatico.ca (Dru)
Date: Thu, 13 Jul 2006 12:10:45 -0400 (EDT)
Subject: [nycbug-talk] I wonder...
Message-ID: <20060713120529.A620@dru.domain.org>


...how hard it would be to drum up sponsorship to get the BSD version of 
this:

http://free.thelinuxstore.ca/

Wouldn't it be nice to instead see separate squares for FreeBSD, NetBSD, 
OpenBSD, DragonflyBSD, PC-BSD, and DesktopBSD, each with the project 
homepage? Hmmm, I think I will write the advocacy lists.

I have the time to burn and send on an as-needed basis but can only wish 
that I was independently wealthy and could afford mailing costs...

The domain whybsd.org is already purchased by a member of this group and 
this could be a good way to use it.

Thoughts?

Dru


From dlavigne6 at sympatico.ca  Thu Jul 13 13:18:40 2006
From: dlavigne6 at sympatico.ca (Dru)
Date: Thu, 13 Jul 2006 13:18:40 -0400 (EDT)
Subject: [nycbug-talk] fwbuilder
Message-ID: <20060713131433.I620@dru.domain.org>


Has anyone played with fwbuilder and pf yet? Anyone who has ever used 
Checkpoint will be right at home with the fwbuilder GUI. I'll be poking 
about the interface hunting for limitations before I start showing this to 
customers. Any known limitations I should be aware of?

Dru


From lists at stringsutils.com  Thu Jul 13 18:04:23 2006
From: lists at stringsutils.com (Francisco Reyes)
Date: Thu, 13 Jul 2006 18:04:23 -0400
Subject: [nycbug-talk] I wonder...
References: <20060713120529.A620@dru.domain.org>
Message-ID: <cone.1152828263.462833.90317.5001@35st-server.simplicato.com>

Dru writes:

> ...how hard it would be to drum up sponsorship to get the BSD version of 
> this:
> http://free.thelinuxstore.ca/

I think the question would be who would run it.
bsdmall?
 
> Wouldn't it be nice to instead see separate squares for FreeBSD, NetBSD, 
> OpenBSD, DragonflyBSD, PC-BSD, and DesktopBSD, each with the project 
> homepage? Hmmm, I think I will write the advocacy lists.

bsd.org has the text version of that.. links to the different BSDs.
 
> The domain whybsd.org is already purchased by a member of this group and 
> this could be a good way to use it.

Wouldn't bsd.org be better for this?


From ike at lesmuug.org  Fri Jul 14 13:01:37 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Fri, 14 Jul 2006 13:01:37 -0400
Subject: [nycbug-talk] Summer Security Conferences
Message-ID: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>

Hey All,

Summer's moving fast, I've been quietly buried in work, and just  
doing a headcount trying to make sure I catch up with everyone at  
conferences...

I'm wondering:

--
1) HOPE Who's planning to go to Hope NYC, it's local...?
http://www.hopenumbersix.net/speakers.html

I was thinking of going to see Stallman's keynote, just so I could  
wear devil horns or a snag that beastie costume that was up in Ottawa  
at BSDCan<g> (but I have been talked out of such a childish idea).

--
2) DEFCON Who's going to DefCon?
http://defcon.org/

I'm speaking (my last lecture ever on jails), and I'll be meeting up  
with a bunch of old west-coast friends there.  It's a big conference,  
I don't want to miss hanging out with anyone :)

--
3) USENIX Security Symposium, anyone going?
http://usenix.org/events/sec06/

Anyone doing *any* of the USENIX stuff upcoming?
http://usenix.org/events/

--
Other upcoming events I'm missing?

Rocket-
.ike




From pete at nomadlogic.org  Fri Jul 14 13:22:12 2006
From: pete at nomadlogic.org (Pete Wright)
Date: Fri, 14 Jul 2006 13:22:12 -0400
Subject: [nycbug-talk] Summer Security Conferences
In-Reply-To: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
Message-ID: <20060714172207.GA91198@sunset.nomadlogic.org>

On Fri, Jul 14, 2006 at 01:01:37PM -0400, Isaac Levy wrote:
> Hey All,
> 
> Summer's moving fast, I've been quietly buried in work, and just  
> doing a headcount trying to make sure I catch up with everyone at  
> conferences...
> 
> I'm wondering:
> 
> --
> 1) HOPE Who's planning to go to Hope NYC, it's local...?
> http://www.hopenumbersix.net/speakers.html
> 
> I was thinking of going to see Stallman's keynote, just so I could  
> wear devil horns or a snag that beastie costume that was up in Ottawa  
> at BSDCan<g> (but I have been talked out of such a childish idea).
> 
> --
> 2) DEFCON Who's going to DefCon?
> http://defcon.org/
> 
> I'm speaking (my last lecture ever on jails), and I'll be meeting up  
> with a bunch of old west-coast friends there.  It's a big conference,  
> I don't want to miss hanging out with anyone :)
> 

ike, when are you heading out to vegas for defcon...i may make a trip
out there....

-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From bschonhorst at gmail.com  Fri Jul 14 13:27:04 2006
From: bschonhorst at gmail.com (Brad Schonhorst)
Date: Fri, 14 Jul 2006 13:27:04 -0400
Subject: [nycbug-talk] Summer Security Conferences
In-Reply-To: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
Message-ID: <7708fd680607141027n5214a62dub100c4899d605cd1@mail.gmail.com>

On 7/14/06, Isaac Levy <ike at lesmuug.org> wrote:
> Hey All,
>
> Summer's moving fast, I've been quietly buried in work, and just
> doing a headcount trying to make sure I catch up with everyone at
> conferences...
>
> I'm wondering:
>
> --
> 1) HOPE Who's planning to go to Hope NYC, it's local...?
> http://www.hopenumbersix.net/speakers.html
>
> I was thinking of going to see Stallman's keynote, just so I could
> wear devil horns or a snag that beastie costume that was up in Ottawa
> at BSDCan<g> (but I have been talked out of such a childish idea).
>

Nice!  I was thinking of dropping by since its here in the city.  Wish
I could make the others this summer...

-Brad


From mspitzer at gmail.com  Fri Jul 14 15:09:20 2006
From: mspitzer at gmail.com (Marc Spitzer)
Date: Fri, 14 Jul 2006 15:09:20 -0400
Subject: [nycbug-talk] Summer Security Conferences
In-Reply-To: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
Message-ID: <8c50a3c30607141209v2b4ef40fv9bfdbab32fd8020b@mail.gmail.com>

On 7/14/06, Isaac Levy <ike at lesmuug.org> wrote:
> Hey All,
>
> --
> 2) DEFCON Who's going to DefCon?
> http://defcon.org/
>
> I'm speaking (my last lecture ever on jails), and I'll be meeting up
> with a bunch of old west-coast friends there.  It's a big conference,
> I don't want to miss hanging out with anyone :)

See you there, you made the big time.

marc

>
> --
> 3) USENIX Security Symposium, anyone going?
> http://usenix.org/events/sec06/
>
> Anyone doing *any* of the USENIX stuff upcoming?
> http://usenix.org/events/
>
> --
> Other upcoming events I'm missing?
>
> Rocket-
> .ike
>
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


-- 
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD


From njt at ayvali.org  Fri Jul 14 15:43:31 2006
From: njt at ayvali.org (N.J. Thomas)
Date: Fri, 14 Jul 2006 15:43:31 -0400
Subject: [nycbug-talk] no more jails
In-Reply-To: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
Message-ID: <20060714194331.GA9958@ayvali.org>

* Isaac Levy <ike at lesmuug.org> [2006-07-14 13:01:37 -0400]:
> 2) DEFCON Who's going to DefCon?
> http://defcon.org/
> 
> I'm speaking (my last lecture ever on jails)

May I ask why?

Thomas

-- 
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo


From nycbug-list at 2xlp.com  Fri Jul 14 16:49:09 2006
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Fri, 14 Jul 2006 16:49:09 -0400
Subject: [nycbug-talk] Summer Security Conferences
In-Reply-To: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
Message-ID: <E018F5F3-D531-4C25-A818-00A88945F422@2xlp.com>


On Jul 14, 2006, at 1:01 PM, Isaac Levy wrote a lot of links about  
conferences without giving anyone dates, so we all have to click,  
thats silly.


> 1) HOPE Who's planning to go to Hope NYC, it's local...?
> http://www.hopenumbersix.net/speakers.html

New York City, July 21st-23rd, 2006


> 2) DEFCON Who's going to DefCon?
> http://defcon.org/

August 4-6 , Riviera Hotel and Casino, Las Vegas, NV



> 3) USENIX Security Symposium, anyone going?
> http://usenix.org/events/sec06/

Vancouver, B.C., Canada, July 31?August 4, 2006





From bschonhorst at gmail.com  Fri Jul 14 18:35:47 2006
From: bschonhorst at gmail.com (Brad Schonhorst)
Date: Fri, 14 Jul 2006 18:35:47 -0400
Subject: [nycbug-talk] no more jails
In-Reply-To: <20060714194331.GA9958@ayvali.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714194331.GA9958@ayvali.org>
Message-ID: <7708fd680607141535j50435a9fy34f5c7f60088e49e@mail.gmail.com>

On 7/14/06, N.J. Thomas <njt at ayvali.org> wrote:
> * Isaac Levy <ike at lesmuug.org> [2006-07-14 13:01:37 -0400]:
> > 2) DEFCON Who's going to DefCon?
> > http://defcon.org/
> >
> > I'm speaking (my last lecture ever on jails)
>
> May I ask why?
>
> Thomas
>

So are you switching to Xen then?

Just kidding.  I've seen your talk at least twice and really enjoyed
it both times.  Maybe you will bring it out of retirement one day...


From george at sddi.net  Fri Jul 14 19:36:34 2006
From: george at sddi.net (George R.)
Date: Fri, 14 Jul 2006 19:36:34 -0400
Subject: [nycbug-talk] no more jails
In-Reply-To: <20060714194331.GA9958@ayvali.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714194331.GA9958@ayvali.org>
Message-ID: <44B82A82.5040607@sddi.net>

N.J. Thomas wrote:
> * Isaac Levy <ike at lesmuug.org> [2006-07-14 13:01:37 -0400]:
>> 2) DEFCON Who's going to DefCon?
>> http://defcon.org/
>>
>> I'm speaking (my last lecture ever on jails)
> 
> May I ask why?

Why is he going to defcon?

why is he speaking?

why is he speaking on jails?

his talk was accepted, and it's certainly defcon related.

And the whole capture-the-flags game last year was based on jails.

g


From bob at redivi.com  Fri Jul 14 19:46:02 2006
From: bob at redivi.com (Bob Ippolito)
Date: Fri, 14 Jul 2006 16:46:02 -0700
Subject: [nycbug-talk] no more jails
In-Reply-To: <44B82A82.5040607@sddi.net>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714194331.GA9958@ayvali.org> <44B82A82.5040607@sddi.net>
Message-ID: <E391A6FD-AD15-482E-8323-487993E21F90@redivi.com>


On Jul 14, 2006, at 4:36 PM, George R. wrote:

> N.J. Thomas wrote:
>> * Isaac Levy <ike at lesmuug.org> [2006-07-14 13:01:37 -0400]:
>>> 2) DEFCON Who's going to DefCon?
>>> http://defcon.org/
>>>
>>> I'm speaking (my last lecture ever on jails)
>>
>> May I ask why?
>
> Why is he going to defcon?
>
> why is he speaking?
>
> why is he speaking on jails?
>
> his talk was accepted, and it's certainly defcon related.
>
> And the whole capture-the-flags game last year was based on jails.

He was probably asking why this is the last time Ike plans to give a  
talk on jails...

-bob



From george at sddi.net  Fri Jul 14 19:48:20 2006
From: george at sddi.net (George R.)
Date: Fri, 14 Jul 2006 19:48:20 -0400
Subject: [nycbug-talk] no more jails
In-Reply-To: <E391A6FD-AD15-482E-8323-487993E21F90@redivi.com>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714194331.GA9958@ayvali.org> <44B82A82.5040607@sddi.net>
	<E391A6FD-AD15-482E-8323-487993E21F90@redivi.com>
Message-ID: <44B82D44.8060902@sddi.net>

Bob Ippolito wrote:
> 
> On Jul 14, 2006, at 4:36 PM, George R. wrote:
> 
>> N.J. Thomas wrote:
>>> * Isaac Levy <ike at lesmuug.org> [2006-07-14 13:01:37 -0400]:
>>>> 2) DEFCON Who's going to DefCon?
>>>> http://defcon.org/
>>>>
>>>> I'm speaking (my last lecture ever on jails)
>>>
>>> May I ask why?
>>
>> Why is he going to defcon?
>>
>> why is he speaking?
>>
>> why is he speaking on jails?
>>
>> his talk was accepted, and it's certainly defcon related.
>>
>> And the whole capture-the-flags game last year was based on jails.
> 
> He was probably asking why this is the last time Ike plans to give a
> talk on jails...

Ahh. . . I figured people would offer money at this point *not* to hear
any variants of Ike's jail talk at this point. . . ;-)

Although I never miss one if I'm around, of course.

g



From njt at ayvali.org  Sat Jul 15 01:31:51 2006
From: njt at ayvali.org (N.J. Thomas)
Date: Sat, 15 Jul 2006 01:31:51 -0400
Subject: [nycbug-talk] no more jails
In-Reply-To: <E391A6FD-AD15-482E-8323-487993E21F90@redivi.com>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714194331.GA9958@ayvali.org> <44B82A82.5040607@sddi.net>
	<E391A6FD-AD15-482E-8323-487993E21F90@redivi.com>
Message-ID: <20060715053151.GA8213@ayvali.org>

* Bob Ippolito <bob at redivi.com> [2006-07-14 16:46:02 -0700]:
> > > > I'm speaking (my last lecture ever on jails)
> >
> > > May I ask why?
> >
> > Why is he going to defcon?
> > why is he speaking?
> > why is he speaking on jails?
>
> He was probably asking why this is the last time Ike plans to give a
> talk on jails...

Yes, I wanted to know why Ike was going to stop lecturing on jails.

Thomas

-- 
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo


From ike at lesmuug.org  Sat Jul 15 15:41:07 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sat, 15 Jul 2006 15:41:07 -0400
Subject: [nycbug-talk] Summer Security Conferences
In-Reply-To: <20060714172207.GA91198@sunset.nomadlogic.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714172207.GA91198@sunset.nomadlogic.org>
Message-ID: <94F8C35C-60B7-4419-BC97-2AC2C05F75EE@lesmuug.org>

Wordemup Pete,

On Jul 14, 2006, at 1:22 PM, Pete Wright wrote:

> ike, when are you heading out to vegas for defcon...i may make a trip
> out there....

I'll show up for registration, Thursday August 3- and leave in the  
afternoon Monday August 7, (not planning to wake up early on that  
Monday after... <g>)

http://defcon.org/html/defcon-14/dc-14-schedule.html

Would be great to finally catch up with you when I'm not droopy and  
tired from work!

Rocket-
.ike




From ike at lesmuug.org  Sat Jul 15 16:06:08 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sat, 15 Jul 2006 16:06:08 -0400
Subject: [nycbug-talk] no more jails
In-Reply-To: <20060715053151.GA8213@ayvali.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714194331.GA9958@ayvali.org> <44B82A82.5040607@sddi.net>
	<E391A6FD-AD15-482E-8323-487993E21F90@redivi.com>
	<20060715053151.GA8213@ayvali.org>
Message-ID: <7AFBE173-8311-4E9F-B8F7-1A0AFC67710A@lesmuug.org>

Hi N.J., All,

On Jul 15, 2006, at 1:31 AM, N.J. Thomas wrote:

>>>>> I'm speaking (my last lecture ever on jails)
>>>
>>>> May I ask why?
>>>
>>> Why is he going to defcon?

Because I desperately want a vacation this summer, and geeking out  
while drinking with friends Vegas will do quite nicely.

>>> why is he speaking?

Because I submitted a paper.

>>> why is he speaking on jails?

Well, the infamous Capture The Flag competition was run from FreeBSD  
jails last year, with great success, and some interesting perks for  
running the competition in such a manner.  The strongest idea for me  
here, is that in this viscous competition between some of the best  
hackers in the world, nobody broke out of their jail(8).  With that,  
jail(8) generated a good deal of interest in the security community,  
which is why I gave a basic 'building jails' lecture at Shmoocon this  
last spring.

At Shmoocon, I had the great luck of meeting a guy named Invisigoth,  
of the Kenshoto group, who have been the administrators for CTF for  
some time.  He spoke of how they/he designed the jailed systems for  
competition, and how they were delighted to be able to maintain a god- 
like view of all the systems in real time- (in previous competitions,  
all the scoring and etc. for the game have been done over the  
network, naturally.)  That stated, they could monitor, manipulate,  
and control the competitors systems directly at a process level, and  
monitor the disk data directly- which made for quite an exiting game.

URLS for Capture The Flag stuff:
http://forum.defcon.org/showthread.php?t=7321
https://www.kenshoto.com/
http://midnightresearch.com/hacking-contest-scoreboard/

Cool stuff....  I'm not sure that jail(8) will be used this year,  
likely not- every year they strive to do something completely  
different for the competitors.  Regardless, last time I was at  
Defcon, I learned more just walking around and watching the  
competitors- than I did watching many of the lectures...  It's a  
really exiting competition...


>>
>> He was probably asking why this is the last time Ike plans to give a
>> talk on jails...
>
> Yes, I wanted to know why Ike was going to stop lecturing on jails.
>
> Thomas

2 reasons why I think this will be my last jail(8) lecture:

1) I'm afraid I may be shamed by the international community of  
hackers after Defcon, as I fear folks there will take my presentation  
and root every jailed box I have ever touched...  After that, who  
wants to hear me talk about secure virtual machines? ;)

2) I figure everyone is getting sick to death of the jail(8) topic,  
(at least until some committers for OpenBSD and NetBSD get exited  
enough about the idea to write the code which implements jail(8) for  
those respective systems :)

Rocket-
.ike




From jschauma at netmeister.org  Sat Jul 15 16:15:06 2006
From: jschauma at netmeister.org (Jan Schaumann)
Date: Sat, 15 Jul 2006 16:15:06 -0400
Subject: [nycbug-talk] no more jails
In-Reply-To: <7AFBE173-8311-4E9F-B8F7-1A0AFC67710A@lesmuug.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714194331.GA9958@ayvali.org> <44B82A82.5040607@sddi.net>
	<E391A6FD-AD15-482E-8323-487993E21F90@redivi.com>
	<20060715053151.GA8213@ayvali.org>
	<7AFBE173-8311-4E9F-B8F7-1A0AFC67710A@lesmuug.org>
Message-ID: <20060715201506.GA1480@netmeister.org>

Isaac Levy <ike at lesmuug.org> wrote:
 
> (at least until some committers for OpenBSD and NetBSD get exited  
> enough about the idea to write the code which implements jail(8) for  
> those respective systems :)

It doesn't need a commiter to _write_ the code, just to _commit_ it.  So
nothing prevents you (or anybody else) from writing the code and
submitting the patches. :-)

-Jan

-- 
``Deepest mind in the galaxy, apparently, and you still express yourself
like a day-tripper with a dog-eared phrase book. 'I hope right you are.'
Break me a fucking give.'' -- Anthony Lane on Yoda in Star Wars III
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20060715/6080513c/attachment.bin>

From dlavigne6 at sympatico.ca  Sat Jul 15 16:22:39 2006
From: dlavigne6 at sympatico.ca (Dru)
Date: Sat, 15 Jul 2006 16:22:39 -0400 (EDT)
Subject: [nycbug-talk] no more jails
In-Reply-To: <7AFBE173-8311-4E9F-B8F7-1A0AFC67710A@lesmuug.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714194331.GA9958@ayvali.org> <44B82A82.5040607@sddi.net>
	<E391A6FD-AD15-482E-8323-487993E21F90@redivi.com>
	<20060715053151.GA8213@ayvali.org>
	<7AFBE173-8311-4E9F-B8F7-1A0AFC67710A@lesmuug.org>
Message-ID: <20060715162211.V620@dru.domain.org>



On Sat, 15 Jul 2006, Isaac Levy wrote:

> 2) I figure everyone is getting sick to death of the jail(8) topic,


Never. And certainly not the way Ike presents it.

Dru



From george at sddi.net  Sat Jul 15 16:19:28 2006
From: george at sddi.net (George R.)
Date: Sat, 15 Jul 2006 16:19:28 -0400
Subject: [nycbug-talk] no more jails
In-Reply-To: <20060715162211.V620@dru.domain.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>	<20060714194331.GA9958@ayvali.org>
	<44B82A82.5040607@sddi.net>	<E391A6FD-AD15-482E-8323-487993E21F90@redivi.com>	<20060715053151.GA8213@ayvali.org>	<7AFBE173-8311-4E9F-B8F7-1A0AFC67710A@lesmuug.org>
	<20060715162211.V620@dru.domain.org>
Message-ID: <44B94DD0.3050603@sddi.net>

Dru wrote:
> 
> On Sat, 15 Jul 2006, Isaac Levy wrote:
> 
>> 2) I figure everyone is getting sick to death of the jail(8) topic,
> 
> 
> Never. And certainly not the way Ike presents it.
> 
> Dru

ditto. . . it's a fun meeting. . . as we discussed last night (at bar),
it's done in Ike-style which has the artsy overtones melded with a
strong salute to the grand unix tradition.  and the first 5 minutes
keeps you guessing as to what he might be talking about.

g


From ike at lesmuug.org  Sat Jul 15 16:40:29 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sat, 15 Jul 2006 16:40:29 -0400
Subject: [nycbug-talk] no more jails
In-Reply-To: <20060715201506.GA1480@netmeister.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714194331.GA9958@ayvali.org> <44B82A82.5040607@sddi.net>
	<E391A6FD-AD15-482E-8323-487993E21F90@redivi.com>
	<20060715053151.GA8213@ayvali.org>
	<7AFBE173-8311-4E9F-B8F7-1A0AFC67710A@lesmuug.org>
	<20060715201506.GA1480@netmeister.org>
Message-ID: <5813DFED-6BF0-4A58-871F-757EF938F375@lesmuug.org>

Hi Jan,

On Jul 15, 2006, at 4:15 PM, Jan Schaumann wrote:

> Isaac Levy <ike at lesmuug.org> wrote:
>
>> (at least until some committers for OpenBSD and NetBSD get exited
>> enough about the idea to write the code which implements jail(8) for
>> those respective systems :)
>
> It doesn't need a commiter to _write_ the code, just to _commit_  
> it.  So
> nothing prevents you (or anybody else) from writing the code and
> submitting the patches. :-)
>
> -Jan

Well, quite seriously, I'd love to- and have considered/tried to hack  
this, excepting:
I'm not even close to a compitent C coder at this point in my life-  
(another personal project taking my time, in Python) so I'm not  
directly the appropriate candidate for the job.

However, I'd gladly help implement jail(8) for either OpenBSD or  
NetBSD on a design/research/organizing level, if someone who *is*  
competent can write the C code.

Rocket-
.ike




From ike at lesmuug.org  Sat Jul 15 16:41:07 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sat, 15 Jul 2006 16:41:07 -0400
Subject: [nycbug-talk] Summer Security Conferences
In-Reply-To: <7708fd680607141027n5214a62dub100c4899d605cd1@mail.gmail.com>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<7708fd680607141027n5214a62dub100c4899d605cd1@mail.gmail.com>
Message-ID: <0D0D93DC-843A-4781-A830-C0EBA38DA592@lesmuug.org>

On Jul 14, 2006, at 1:27 PM, Brad Schonhorst wrote:

> Nice!  I was thinking of dropping by since its here in the city.  Wish
> I could make the others this summer...

So Brad, I heard Bruno, and perhaps me are going to hit Hope?

Rocket-
.ike




From ike at lesmuug.org  Sat Jul 15 16:41:28 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sat, 15 Jul 2006 16:41:28 -0400
Subject: [nycbug-talk] Summer Security Conferences
In-Reply-To: <8c50a3c30607141209v2b4ef40fv9bfdbab32fd8020b@mail.gmail.com>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<8c50a3c30607141209v2b4ef40fv9bfdbab32fd8020b@mail.gmail.com>
Message-ID: <9C4809C7-C478-42C1-A29B-7A761A02D2F5@lesmuug.org>

Wordemup Marc,

On Jul 14, 2006, at 3:09 PM, Marc Spitzer wrote:

> See you there

SWEEEET.

Rocket-
.ike




From ike at lesmuug.org  Sat Jul 15 16:47:30 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sat, 15 Jul 2006 16:47:30 -0400
Subject: [nycbug-talk] no more jails
In-Reply-To: <7708fd680607141535j50435a9fy34f5c7f60088e49e@mail.gmail.com>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714194331.GA9958@ayvali.org>
	<7708fd680607141535j50435a9fy34f5c7f60088e49e@mail.gmail.com>
Message-ID: <6983936E-0C02-4431-9A6E-8F014ED67B78@lesmuug.org>

On Jul 14, 2006, at 6:35 PM, Brad Schonhorst wrote:

>> > I'm speaking (my last lecture ever on jails)
>>
>
> So are you switching to Xen then?

Ha!  Yes.

<smartass>
As I migrate to Xen from jail(8), I have removed approximately 14gb  
of memory from each of my jail server hardware boxen, so that I can  
run the hypervisor (max 2gb physical memory cap, with no fix in  
sight- and no fix being comitted by IBM, Intel, or AMD- [who  
incedentially, are all injecting various hardware-specific tweaks  
into the Xen sourcecode... nothing that really improves the basic  
system, yet all the hardware hacks suddenly open up the hardwares as  
vectors for attack?!])
</smartass>

/me now sits back and waits for Johnny Lam to ddos my entire life to  
smithereens...

Rocket-
.ike




From 0dnsa0 at gmail.com  Sat Jul 15 22:29:50 2006
From: 0dnsa0 at gmail.com (DNSA)
Date: Sat, 15 Jul 2006 22:29:50 -0400
Subject: [nycbug-talk] Summer Security Conferences
Message-ID: <259f84990607151929m5c8e42c9t10bcfc8db69633f8@mail.gmail.com>

> Hey All,
>
> Summer's moving fast, I've been quietly buried in work, and just
> doing a headcount trying to make sure I catch up with everyone at
> conferences...
>
> I'm wondering:
>
> [...]

Hi Everyone,
For fellows going to Hope, can anyone get me a presentation DVD, if it's <= $50?


From mspitzer at gmail.com  Sun Jul 16 03:04:05 2006
From: mspitzer at gmail.com (Marc Spitzer)
Date: Sun, 16 Jul 2006 03:04:05 -0400
Subject: [nycbug-talk] Summer Security Conferences
In-Reply-To: <0D0D93DC-843A-4781-A830-C0EBA38DA592@lesmuug.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<7708fd680607141027n5214a62dub100c4899d605cd1@mail.gmail.com>
	<0D0D93DC-843A-4781-A830-C0EBA38DA592@lesmuug.org>
Message-ID: <8c50a3c30607160004m6e28218dwcd6535079c967807@mail.gmail.com>

On 7/15/06, Isaac Levy <ike at lesmuug.org> wrote:
> On Jul 14, 2006, at 1:27 PM, Brad Schonhorst wrote:
>
> > Nice!  I was thinking of dropping by since its here in the city.  Wish
> > I could make the others this summer...
>
> So Brad, I heard Bruno, and perhaps me are going to hit Hope?

I went to hope last time, got the arm band and everything.  And it
pains me to say that last time convinced me to not bother this time.
poor technical content and a lot of talk on how to attempt to
implement bad politics in a remarkably stupid manner.

marc

>
> Rocket-
> .ike
>
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


-- 
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD


From pete at nomadlogic.org  Sun Jul 16 17:42:10 2006
From: pete at nomadlogic.org (Pete Wright)
Date: Sun, 16 Jul 2006 17:42:10 -0400
Subject: [nycbug-talk] Summer Security Conferences
In-Reply-To: <94F8C35C-60B7-4419-BC97-2AC2C05F75EE@lesmuug.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>
	<20060714172207.GA91198@sunset.nomadlogic.org>
	<94F8C35C-60B7-4419-BC97-2AC2C05F75EE@lesmuug.org>
Message-ID: <20060716214206.GA2480@sunset.nomadlogic.org>

On Sat, Jul 15, 2006 at 03:41:07PM -0400, Isaac Levy wrote:
> Wordemup Pete,
> 
> On Jul 14, 2006, at 1:22 PM, Pete Wright wrote:
> 
> >ike, when are you heading out to vegas for defcon...i may make a trip
> >out there....
> 
> I'll show up for registration, Thursday August 3- and leave in the  
> afternoon Monday August 7, (not planning to wake up early on that  
> Monday after... <g>)
> 
> http://defcon.org/html/defcon-14/dc-14-schedule.html
> 
> Would be great to finally catch up with you when I'm not droopy and  
> tired from work!
> 


dude, i'm thinking of getting a room and coming out for a night or so.
if i can swing it i'll let you know!


-pete
-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From quigon at hacktek.com  Mon Jul 17 19:47:35 2006
From: quigon at hacktek.com (QuiGon)
Date: Mon, 17 Jul 2006 19:47:35 -0400
Subject: [nycbug-talk] Summer Security Conferences
In-Reply-To: <0D0D93DC-843A-4781-A830-C0EBA38DA592@lesmuug.org>
References: <4B96866A-9C94-4D13-8D7E-15D223A11108@lesmuug.org>	<7708fd680607141027n5214a62dub100c4899d605cd1@mail.gmail.com>
	<0D0D93DC-843A-4781-A830-C0EBA38DA592@lesmuug.org>
Message-ID: <44BC2197.3000707@hacktek.com>

Isaac Levy wrote:
> On Jul 14, 2006, at 1:27 PM, Brad Schonhorst wrote:
>
>   
>> Nice!  I was thinking of dropping by since its here in the city.  Wish
>> I could make the others this summer...
>>     
>
> So Brad, I heard Bruno, and perhaps me are going to hit Hope?
>
> Rocket-
> .ike
>
>   

Myself and several others from Florida will be in attendance for both.


From okan at demirmen.com  Tue Jul 18 10:13:31 2006
From: okan at demirmen.com (Okan Demirmen)
Date: Tue, 18 Jul 2006 10:13:31 -0400
Subject: [nycbug-talk] NYCBSDCon 2006 Call For Presentations
Message-ID: <20060718141331.GN6279@clam.khaoz.org>

NYCBSDCon 2006 Call For Presentations

Continuing on the success of last year, New York City BSD Conference
(NYCBSDCon) is the main technical conference on the East Coast for the
BSD community to get together to share and gain knowledge, to network
with like-minded people, and to have fun. This event is organized by
members of the New York City *BSD Users Group (NYC*BUG).

The NYCBSDCon program committee is accepting submissions for
imaginative, embryonic and energizing presentations surrounding the BSD
operating systems. We are looking to attract a wide range of speakers
and attendees; therefore, topics of interest range from the esoteric to
development to practical, everyday sysadmin life.

Topics of interest for the NYCBSDCon 2006 include, but are not limited
to:

	* Using the Andrew File System (AFS) in production
	* Large data management (large RAID, NAS, SAN, etc...)
	* Hands on Kerberos in enterprise environments
	* Network, server, and application security best practices
	* Network, server, and application monitoring
	* Patch management in large installations

For a recent discussion of topics, see our mailing list thread:
http://thread.gmane.org/gmane.org.user-groups.bsd.nycbug/3738/focus=3749

Each talk is expected to be 45-50 minutes. Presenters will have
audio/visual and network connectivity.

Abstracts for presentations are due August 15, 2006.

Authors of accepted submissions should be able to provide the full
presentation for publication on the NYCBSDCon website. Further
instructions will follow the review process.  Submissions accompanied by
a non-disclosure agreement or a product advertisement will be rejected.

Abstract submissions should be emailed to cfp at nycbsdcon.org in either
text, ps, pdf or like format, accompanied with a clear abstract.

Conference Location: Columbia University, New York, NY
Conference Dates: October 28-29, 2006

Important Dates:
August 15 	Call For Presentation abstracts deadline
September 1 	Accepted Presentations Notification
September 1 	Registration Open
October 7 	Presentations Due

Do not let travel and accommodation concerns get in the way of your
submissions; we may have some opportunities to subsidize.

For questions, concerns or comments, please contact us here:
info at nycbsdcon.org.


From george at sddi.net  Tue Jul 18 10:49:38 2006
From: george at sddi.net (George R.)
Date: Tue, 18 Jul 2006 10:49:38 -0400
Subject: [nycbug-talk] NYCBSDCon 2006 Call For Presentations
In-Reply-To: <20060718141331.GN6279@clam.khaoz.org>
References: <20060718141331.GN6279@clam.khaoz.org>
Message-ID: <44BCF502.9060404@sddi.net>

Okan Demirmen wrote:
> NYCBSDCon 2006 Call For Presentations
> 
> Continuing on the success of last year, New York City BSD Conference
> (NYCBSDCon) is the main technical conference on the East Coast for the
> BSD community to get together to share and gain knowledge, to network
> with like-minded people, and to have fun. This event is organized by
> members of the New York City *BSD Users Group (NYC*BUG).

<snip>

As should be clear, we just moved the next stage forward here on NYCBSDCon.

This is really a great opportunity for more NYC area speakers.  If you
want to discuss any possible papers, please feel free to open a
discussion with anyone offlist about it.

The response has already been strong.  A good number of vendors already
have expressed strong interest, and certainly the success of last year
shows it can be done.

This will certainly continue to be a topic in our meetings and on our
lists, but we really want to encourage every individual in NYCBUG to get
the word out. . . in your blog, to prospective sponsors, etc.

g


From trish at bsdunix.net  Tue Jul 18 11:25:15 2006
From: trish at bsdunix.net (Trish Lynch)
Date: Tue, 18 Jul 2006 11:25:15 -0400 (EDT)
Subject: [nycbug-talk] NYCBSDCon 2006 Call For Presentations
In-Reply-To: <44BCF502.9060404@sddi.net>
References: <20060718141331.GN6279@clam.khaoz.org> <44BCF502.9060404@sddi.net>
Message-ID: <20060718112058.H656@daemon.bsdunix.net>

On Tue, 18 Jul 2006, George R. wrote:

> Okan Demirmen wrote:
>> NYCBSDCon 2006 Call For Presentations
>>
>> Continuing on the success of last year, New York City BSD Conference
>> (NYCBSDCon) is the main technical conference on the East Coast for the
>> BSD community to get together to share and gain knowledge, to network
>> with like-minded people, and to have fun. This event is organized by
>> members of the New York City *BSD Users Group (NYC*BUG).
>
> <snip>
>
> As should be clear, we just moved the next stage forward here on NYCBSDCon.
>
> This is really a great opportunity for more NYC area speakers.  If you
> want to discuss any possible papers, please feel free to open a
> discussion with anyone offlist about it.
>


I might actually present this year if I actually am able to find the time 
to do it, what was the actual date? I have several conference 
presentations of another type in October and December (I am a member of 
the BDSM and Disability communities as well, and I have presentations to 
do in both those communities, and one presentation that crosses over them 
both.... )

> The response has already been strong.  A good number of vendors already
> have expressed strong interest, and certainly the success of last year
> shows it can be done.
>

Definitely, last year was amazing.



> This will certainly continue to be a topic in our meetings and on our
> lists, but we really want to encourage every individual in NYCBUG to get
> the word out. . . in your blog, to prospective sponsors, etc.
>

I will. We'll talk later on this week.

-Trish (and for those who know me in person it is now officially "she" and 
not "he", I am transitioning from male to female publically now)



-- 
Trish Lynch					   trish at bsdunix.net
Ecartis Core Team 			      trish at listmistress.org
Key fingerprint = 781D 2B47 AA4B FC88 B919  0CD6 26B2 1D62 6FC1 FF16


From george at sddi.net  Tue Jul 18 11:39:53 2006
From: george at sddi.net (George R.)
Date: Tue, 18 Jul 2006 11:39:53 -0400
Subject: [nycbug-talk] NYCBSDCon 2006 Call For Presentations
In-Reply-To: <20060718112058.H656@daemon.bsdunix.net>
References: <20060718141331.GN6279@clam.khaoz.org> <44BCF502.9060404@sddi.net>
	<20060718112058.H656@daemon.bsdunix.net>
Message-ID: <44BD00C9.4070408@sddi.net>

Trish Lynch wrote:
> On Tue, 18 Jul 2006, George R. wrote:
> 
>> Okan Demirmen wrote:
>>> NYCBSDCon 2006 Call For Presentations
>>>
>>> Continuing on the success of last year, New York City BSD Conference
>>> (NYCBSDCon) is the main technical conference on the East Coast for the
>>> BSD community to get together to share and gain knowledge, to network
>>> with like-minded people, and to have fun. This event is organized by
>>> members of the New York City *BSD Users Group (NYC*BUG).
>>
>> <snip>
>>
>> As should be clear, we just moved the next stage forward here on
>> NYCBSDCon.
>>
>> This is really a great opportunity for more NYC area speakers.  If you
>> want to discuss any possible papers, please feel free to open a
>> discussion with anyone offlist about it.
>>
> 
> 
> I might actually present this year if I actually am able to find the
> time to do it, what was the actual date? I have several conference
> presentations of another type in October and December (I am a member of
> the BDSM and Disability communities as well, and I have presentations to
> do in both those communities, and one presentation that crosses over
> them both.... )

on the site. . . nycbsdcon.org

oct 28-29

g


From lists at zaunere.com  Tue Jul 18 12:57:38 2006
From: lists at zaunere.com (Hans Zaunere)
Date: Tue, 18 Jul 2006 12:57:38 -0400
Subject: [nycbug-talk] Summer Security Conferences
In-Reply-To: <E018F5F3-D531-4C25-A818-00A88945F422@2xlp.com>
Message-ID: <002b01c6aa8b$471c9770$4970cb92@MobileZ>


> > 1) HOPE Who's planning to go to Hope NYC, it's local...?
> > http://www.hopenumbersix.net/speakers.html
> 
> New York City, July 21st-23rd, 2006

I'm HOPEing to go for at least one day, probably Saturday, or late Friday
afternoon, or both.

H



From okan at demirmen.com  Tue Jul 18 14:35:56 2006
From: okan at demirmen.com (Okan Demirmen)
Date: Tue, 18 Jul 2006 14:35:56 -0400
Subject: [nycbug-talk] NYCBSDCon 2006 Call For Presentations
In-Reply-To: <20060718112058.H656@daemon.bsdunix.net>
References: <20060718141331.GN6279@clam.khaoz.org> <44BCF502.9060404@sddi.net>
	<20060718112058.H656@daemon.bsdunix.net>
Message-ID: <20060718183556.GM15371@clam.khaoz.org>

On Tue 2006.07.18 at 11:25 -0400, Trish Lynch wrote:

> I might actually present this year if I actually am able to find the time 
> to do it, what was the actual date?

oct 28-29. feel free to check out the cfp. everyone is encouraged to
submit abstracts.


From marco at metm.org  Thu Jul 20 19:42:13 2006
From: marco at metm.org (Marco Scoffier)
Date: Thu, 20 Jul 2006 19:42:13 -0400
Subject: [nycbug-talk] Noob networking question
Message-ID: <20060720234213.GB26660@ns.metm.org>

Hello all,

I have a FreeBSD 6.0 atalk (networking for Macintosh) server in a small
office, and I am getting radically different speeds, from different
machines (all 100T ethernet connections) even at night when I know I am
the only one doing anything on the network.  

The slowness seems more obvious using appletalk, because to copy a 500MB
file from one machine to the shared disk took a minute, to copy it from
the server, behind the switch the copy was asking for several hours.
And copying it from the server to another machine took 24mins.

Question 1) are there any tools I can use to tune the speed of different
services (like appletalk) through the network ?

Question 2) I have a few machines off a switch (linksys 100 baseT) which
is connected through the uplink port and a crossover to the main
router/firewall/gateway netgear.  Machines connected to this switch
(which is new) seem much much slower than the rest.  Is there anything
I can do about this ?

A little bit lost here, things just ain't workin' like they should,

Thanks for any pointers,

-- 
Marco


From pete at nomadlogic.org  Thu Jul 20 20:03:29 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Thu, 20 Jul 2006 17:03:29 -0700 (PDT)
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <20060720234213.GB26660@ns.metm.org>
References: <20060720234213.GB26660@ns.metm.org>
Message-ID: <64143.160.33.20.11.1153440209.squirrel@webmail.nomadlogic.org>


> Hello all,
>
> I have a FreeBSD 6.0 atalk (networking for Macintosh) server in a small
> office, and I am getting radically different speeds, from different
> machines (all 100T ethernet connections) even at night when I know I am
> the only one doing anything on the network.
>
> The slowness seems more obvious using appletalk, because to copy a 500MB
> file from one machine to the shared disk took a minute, to copy it from
> the server, behind the switch the copy was asking for several hours.
> And copying it from the server to another machine took 24mins.
>
> Question 1) are there any tools I can use to tune the speed of different
> services (like appletalk) through the network ?

netperf is a usefull tool to measure throughput of network devices:
http://www.netperf.org/netperf/NetperfPage.html
this will not help with atalk though...

on *BSD systat may be helpfull to monitor host specific load
(-vmstat/-ifstat can be helpfull in some situations)

I've used ntop in the past when tying to monitor NFS and atalk usage on
LAN's:

http://www.ntop.org/overview.html

I'm sure there are all sorts of other tool's I'm forgetting...

>
> Question 2) I have a few machines off a switch (linksys 100 baseT) which
> is connected through the uplink port and a crossover to the main
> router/firewall/gateway netgear.  Machines connected to this switch
> (which is new) seem much much slower than the rest.  Is there anything
> I can do about this ?
>

have you checked link state (AutoNeg is bad) and that you are full duplex.
 i dunno, i usually find the basic stuff is a good starting point (check
physical links first etc..).


-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From spork at bway.net  Fri Jul 21 00:06:23 2006
From: spork at bway.net (Charles Sprickman)
Date: Fri, 21 Jul 2006 00:06:23 -0400 (EDT)
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <20060720234213.GB26660@ns.metm.org>
References: <20060720234213.GB26660@ns.metm.org>
Message-ID: <Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>

On Thu, 20 Jul 2006, Marco Scoffier wrote:

> Hello all,
>
> I have a FreeBSD 6.0 atalk (networking for Macintosh) server in a small
> office, and I am getting radically different speeds, from different
> machines (all 100T ethernet connections) even at night when I know I am
> the only one doing anything on the network.

As Pete said, the first thing to check is duplex mismatches - in short it 
causes packet loss, and packet loss slows down TCP bigtime - it never gets 
a chance to "ramp up" to full speed.

> The slowness seems more obvious using appletalk, because to copy a 500MB
> file from one machine to the shared disk took a minute, to copy it from
> the server, behind the switch the copy was asking for several hours.
> And copying it from the server to another machine took 24mins.

Are the machines with differing speeds all Macs?  Different models of 
Macs?  Different versions of OS-X?

> Question 2) I have a few machines off a switch (linksys 100 baseT) which
> is connected through the uplink port and a crossover to the main
> router/firewall/gateway netgear.  Machines connected to this switch
> (which is new) seem much much slower than the rest.  Is there anything
> I can do about this ?

Perhaps that's your problem right there, you might have a duplex mismatch 
between the switches, or just a bum cable connecting them.

I also have PR open on OS-X<->FreeBSD tcp slowness, but IIRC it's just in 
4.x and only with a handful of the cheapy network cards...

Charles

> A little bit lost here, things just ain't workin' like they should,
>
> Thanks for any pointers,
>
> -- 
> Marco
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


From marco at metm.org  Fri Jul 21 07:40:04 2006
From: marco at metm.org (Marco Scoffier)
Date: Fri, 21 Jul 2006 07:40:04 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <64143.160.33.20.11.1153440209.squirrel@webmail.nomadlogic.org>
References: <20060720234213.GB26660@ns.metm.org>
	<64143.160.33.20.11.1153440209.squirrel@webmail.nomadlogic.org>
Message-ID: <20060721114004.GA19873@ns.metm.org>

On Thu, Jul 20, 2006 at 05:03:29PM -0700, Peter Wright wrote:
<snip>
Thanks for the network performance analysis tools Pete.

>> Question 2) I have a few machines off a switch (linksys 100 baseT) which
>> is connected through the uplink port and a crossover to the main
>> router/firewall/gateway netgear.  Machines connected to this switch
>> (which is new) seem much much slower than the rest.  Is there anything
>> I can do about this ?
>>
>
>have you checked link state (AutoNeg is bad) and that you are full duplex.
> i dunno, i usually find the basic stuff is a good starting point (check
>physical links first etc..).
>

Super noob question #3. (let me know if this is getting off topic)

How do I turn off auto negotiation?  The main router and switch in
question  are both new-ish (like a year old) off the shelf consumer
networking equipment, (netgear and linksys).  All the client machines
are Macs running OS 10.4.  Server is FreeBSD with single networking card
which is aliased to two IPs, one for the base system which is only
accessible from the inside, a jail hosts some some services available to
the outside world through port forwarding on the netgear router.  

All the link state lights seem pinned to a bright green 100x.
Does that mean that auto negociation is not a problem?  Or is there
something else I should be checking?

Thanks, 

-- 
Marco


From marco at metm.org  Fri Jul 21 07:47:13 2006
From: marco at metm.org (Marco Scoffier)
Date: Fri, 21 Jul 2006 07:47:13 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
Message-ID: <20060721114713.GB19873@ns.metm.org>

On Fri, Jul 21, 2006 at 12:06:23AM -0400, Charles Sprickman wrote:
<snip auto negotiation stuff moved to email reply to Pete>
>>The slowness seems more obvious using appletalk, because to copy a 500MB
>>file from one machine to the shared disk took a minute, to copy it from
>>the server, behind the switch the copy was asking for several hours.
>>And copying it from the server to another machine took 24mins.
>
>Are the machines with differing speeds all Macs?  Different models of 
>Macs?  Different versions of OS-X?

All the clients are Macs.  Different models, but all finally at OS 10.4.
>
>>Question 2) I have a few machines off a switch (linksys 100 baseT) which
>>is connected through the uplink port and a crossover to the main
>>router/firewall/gateway netgear.  Machines connected to this switch
>>(which is new) seem much much slower than the rest.  Is there anything
>>I can do about this ?
>
>Perhaps that's your problem right there, you might have a duplex mismatch 
>between the switches, or just a bum cable connecting them.
>
still a bit stumped on solving the auto-negotiation and duplex mismatch
problems...  Bum cables I can handle :)

Thanks,

-- 
Marco


From bschonhorst at gmail.com  Fri Jul 21 09:59:06 2006
From: bschonhorst at gmail.com (Brad Schonhorst)
Date: Fri, 21 Jul 2006 09:59:06 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <20060721114713.GB19873@ns.metm.org>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
Message-ID: <7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>

On 7/21/06, Marco Scoffier <marco at metm.org> wrote:
> On Fri, Jul 21, 2006 at 12:06:23AM -0400, Charles Sprickman wrote:
> <snip auto negotiation stuff moved to email reply to Pete>
> >>The slowness seems more obvious using appletalk, because to copy a 500MB
> >>file from one machine to the shared disk took a minute, to copy it from
> >>the server, behind the switch the copy was asking for several hours.
> >>And copying it from the server to another machine took 24mins.
> >
> >Are the machines with differing speeds all Macs?  Different models of
> >Macs?  Different versions of OS-X?
>
> All the clients are Macs.  Different models, but all finally at OS 10.4.

If your macs are running 10.4 there is no reason to use appletalk.  i
would suggest you disable it.  Bonjour is apple's 'replacement' for
apple talk for zeroconf networking (finding that lost network
printer.)  Both Bonjour and AFP are using TCP/IP at this point making
appletalk severely outdated.

Also, if you must use appletalk, (OS 9 clients maybe) it doesn't like
spanning tree protocol so you may want to turn that off on your
switch.


hope this helps!

-Brad




> >
> >>Question 2) I have a few machines off a switch (linksys 100 baseT) which
> >>is connected through the uplink port and a crossover to the main
> >>router/firewall/gateway netgear.  Machines connected to this switch
> >>(which is new) seem much much slower than the rest.  Is there anything
> >>I can do about this ?
> >
> >Perhaps that's your problem right there, you might have a duplex mismatch
> >between the switches, or just a bum cable connecting them.
> >
> still a bit stumped on solving the auto-negotiation and duplex mismatch
> problems...  Bum cables I can handle :)
>
> Thanks,
>
> --
> Marco
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


From marco at metm.org  Fri Jul 21 10:40:08 2006
From: marco at metm.org (Marco Scoffier)
Date: Fri, 21 Jul 2006 10:40:08 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
Message-ID: <20060721144008.GA27787@ns.metm.org>

On Fri, Jul 21, 2006 at 09:59:06AM -0400, Brad Schonhorst wrote:
>On 7/21/06, Marco Scoffier <marco at metm.org> wrote:
>>On Fri, Jul 21, 2006 at 12:06:23AM -0400, Charles Sprickman wrote:
>><snip auto negotiation stuff moved to email reply to Pete>
>>>>The slowness seems more obvious using appletalk, because to copy a 500MB
>>>>file from one machine to the shared disk took a minute, to copy it from
>>>>the server, behind the switch the copy was asking for several hours.
>>>>And copying it from the server to another machine took 24mins.
>>>
>>>Are the machines with differing speeds all Macs?  Different models of
>>>Macs?  Different versions of OS-X?
>>
>>All the clients are Macs.  Different models, but all finally at OS 10.4.
>
>If your macs are running 10.4 there is no reason to use appletalk.  i
>would suggest you disable it.  Bonjour is apple's 'replacement' for
>apple talk for zeroconf networking (finding that lost network
>printer.)  Both Bonjour and AFP are using TCP/IP at this point making
>appletalk severely outdated.
>
Hi Brad,

Are you suggesting nfs on the FreeBSD shared server and Bonjour on the
clients ?  Not having looked at Bonjour at all, lets just say the name
doesn't inspire much confidence ... :)

>Also, if you must use appletalk, (OS 9 clients maybe) it doesn't like
>spanning tree protocol so you may want to turn that off on your
>switch.
>
Yes there used to be OS9 clients in the network, but thankfully and
recently I only have to deal with OS 10.4.  

-- 
Marco


From pete at nomadlogic.org  Fri Jul 21 11:38:08 2006
From: pete at nomadlogic.org (Pete Wright)
Date: Fri, 21 Jul 2006 11:38:08 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <20060721114004.GA19873@ns.metm.org>
References: <20060720234213.GB26660@ns.metm.org>
	<64143.160.33.20.11.1153440209.squirrel@webmail.nomadlogic.org>
	<20060721114004.GA19873@ns.metm.org>
Message-ID: <20060721153805.GA28994@sunset.nomadlogic.org>

On Fri, Jul 21, 2006 at 07:40:04AM -0400, Marco Scoffier wrote:
> On Thu, Jul 20, 2006 at 05:03:29PM -0700, Peter Wright wrote:
> <snip>
> Thanks for the network performance analysis tools Pete.
> 
> >> Question 2) I have a few machines off a switch (linksys 100 baseT) which
> >> is connected through the uplink port and a crossover to the main
> >> router/firewall/gateway netgear.  Machines connected to this switch
> >> (which is new) seem much much slower than the rest.  Is there anything
> >> I can do about this ?
> >>
> >
> >have you checked link state (AutoNeg is bad) and that you are full duplex.
> > i dunno, i usually find the basic stuff is a good starting point (check
> >physical links first etc..).
> >
> 
> Super noob question #3. (let me know if this is getting off topic)
> 
> How do I turn off auto negotiation?  The main router and switch in
> question  are both new-ish (like a year old) off the shelf consumer
> networking equipment, (netgear and linksys).  All the client machines
> are Macs running OS 10.4.  Server is FreeBSD with single networking card
> which is aliased to two IPs, one for the base system which is only
> accessible from the inside, a jail hosts some some services available to
> the outside world through port forwarding on the netgear router.  
> 

on *BSD check man8 ifconfig (then look for mediaopt).  This will have
you check the man page for your nic...so on an em card you could force
these settings using mediaopt "1000baseTX  full-duplex" which would
force the NIC to be set to gig-e in full-duplex mode.  These settings
can be specified in /etc/rc.conf.

> All the link state lights seem pinned to a bright green 100x.
> Does that mean that auto negociation is not a problem?  Or is there
> something else I should be checking?
>
ifconfig should tell you the status of the NIC's for example:

bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        inet6 fe80::206:5bff:fef6:d294%bge0 prefixlen 64 scopeid 0x1
        inet xxx.xxx.xxx.xxx netmask 0xffffffe0 broadcast xxx.xxx.xxx.xxx
        ether 00:00:00:00:00:00
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active



so on the media line we see that I'm actually using autoselect to bring
up the interface in 100baseTX full-duplex mode.  bad form...i should fix
that ;)

you can obviously use ifconfig to figure out your link status on the OSX
hosts, although I don't remember off the top of my head how force link
modes.




-pete

 

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From bschonhorst at gmail.com  Fri Jul 21 11:44:16 2006
From: bschonhorst at gmail.com (Brad Schonhorst)
Date: Fri, 21 Jul 2006 11:44:16 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <20060721144008.GA27787@ns.metm.org>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
Message-ID: <7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>

On 7/21/06, Marco Scoffier <marco at metm.org> wrote:
> On Fri, Jul 21, 2006 at 09:59:06AM -0400, Brad Schonhorst wrote:
> >On 7/21/06, Marco Scoffier <marco at metm.org> wrote:
> >>On Fri, Jul 21, 2006 at 12:06:23AM -0400, Charles Sprickman wrote:
> >><snip auto negotiation stuff moved to email reply to Pete>
> >>>>The slowness seems more obvious using appletalk, because to copy a 500MB
> >>>>file from one machine to the shared disk took a minute, to copy it from
> >>>>the server, behind the switch the copy was asking for several hours.
> >>>>And copying it from the server to another machine took 24mins.
> >>>
> >>>Are the machines with differing speeds all Macs?  Different models of
> >>>Macs?  Different versions of OS-X?
> >>
> >>All the clients are Macs.  Different models, but all finally at OS 10.4.
> >
> >If your macs are running 10.4 there is no reason to use appletalk.  i
> >would suggest you disable it.  Bonjour is apple's 'replacement' for
> >apple talk for zeroconf networking (finding that lost network
> >printer.)  Both Bonjour and AFP are using TCP/IP at this point making
> >appletalk severely outdated.
> >
> Hi Brad,
>
> Are you suggesting nfs on the FreeBSD shared server and Bonjour on the
> clients ?  Not having looked at Bonjour at all, lets just say the name
> doesn't inspire much confidence ... :)
>

I just re-read your original post and it looks like you are using
atalk for file sharing right?  Your right, Bonjour probably isn't the
best solution for that situation.  Have you tried just using NFS.  So
NFS on server, NFS on client?  These days, mac's can almost be thought
of as unix boxes. You wouldn't use atalk to connect 2 freebsd machines
right?

Connecting to an NFS server on 10.4 should be as easy as Clicking Go
-> Connect to Server and entering the NFS share:
nfs://myserver.com/home/brad

Guess this doesn't answer your original question but I think you may
be happier in the long run to get appletalk of your network.

-Brad




> >Also, if you must use appletalk, (OS 9 clients maybe) it doesn't like
> >spanning tree protocol so you may want to turn that off on your
> >switch.
> >
> Yes there used to be OS9 clients in the network, but thankfully and
> recently I only have to deal with OS 10.4.
>
> --
> Marco
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


From spork at bway.net  Fri Jul 21 11:56:51 2006
From: spork at bway.net (Charles Sprickman)
Date: Fri, 21 Jul 2006 11:56:51 -0400 (EDT)
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
	<7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
Message-ID: <Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>

On Fri, 21 Jul 2006, Brad Schonhorst wrote:

>>> If your macs are running 10.4 there is no reason to use appletalk.  i
>>> would suggest you disable it.  Bonjour is apple's 'replacement' for
>>> apple talk for zeroconf networking (finding that lost network
>>> printer.)  Both Bonjour and AFP are using TCP/IP at this point making
>>> appletalk severely outdated.
>>>
>> Hi Brad,
>>
>> Are you suggesting nfs on the FreeBSD shared server and Bonjour on the
>> clients ?  Not having looked at Bonjour at all, lets just say the name
>> doesn't inspire much confidence ... :)
>>
>
> I just re-read your original post and it looks like you are using
> atalk for file sharing right?  Your right, Bonjour probably isn't the
> best solution for that situation.  Have you tried just using NFS.  So
> NFS on server, NFS on client?  These days, mac's can almost be thought
> of as unix boxes. You wouldn't use atalk to connect 2 freebsd machines
> right?

Just to be clear, Bonjour/Rendezvous is simply for autodiscovering hosts 
and the services on them.  Some of those services may include file sharing 
services...

AppleTalk file sharing is really the preferred way to be working here. 
Keep in mind that this does not mean using AFP over AppleTalk.  AFP also 
runs over TCP, and that's what current OS-X uses by default.

AppleTalk File Sharing != AppleTalk network protocol.

A good site that deals with this sort of thing is http://afp548.com/

Just wanted to be clear on that...

Charles


From pete at nomadlogic.org  Fri Jul 21 12:09:08 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Fri, 21 Jul 2006 09:09:08 -0700 (PDT)
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
	<7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
	<Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
Message-ID: <50017.160.33.20.11.1153498148.squirrel@webmail.nomadlogic.org>


> On Fri, 21 Jul 2006, Brad Schonhorst wrote:
>
>>>> If your macs are running 10.4 there is no reason to use appletalk.  i
>>>> would suggest you disable it.  Bonjour is apple's 'replacement' for
>>>> apple talk for zeroconf networking (finding that lost network
>>>> printer.)  Both Bonjour and AFP are using TCP/IP at this point making
>>>> appletalk severely outdated.
>>>>
>>> Hi Brad,
>>>
>>> Are you suggesting nfs on the FreeBSD shared server and Bonjour on the
>>> clients ?  Not having looked at Bonjour at all, lets just say the name
>>> doesn't inspire much confidence ... :)
>>>
>>
>> I just re-read your original post and it looks like you are using
>> atalk for file sharing right?  Your right, Bonjour probably isn't the
>> best solution for that situation.  Have you tried just using NFS.  So
>> NFS on server, NFS on client?  These days, mac's can almost be thought
>> of as unix boxes. You wouldn't use atalk to connect 2 freebsd machines
>> right?
>
> Just to be clear, Bonjour/Rendezvous is simply for autodiscovering hosts
> and the services on them.  Some of those services may include file sharing
> services...
>
> AppleTalk file sharing is really the preferred way to be working here.
> Keep in mind that this does not mean using AFP over AppleTalk.  AFP also
> runs over TCP, and that's what current OS-X uses by default.
>
> AppleTalk File Sharing != AppleTalk network protocol.


yea i tend to agree here, especially for smaller shops that have been Mac
houses for a while.  You most likely already have all your mac auth stuff
setup and the users are used to it.  FreeBSD can be set up to share
AppleTalk volumes with decent performance - so I'd stick with it IMO.

-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From bschonhorst at gmail.com  Fri Jul 21 12:13:43 2006
From: bschonhorst at gmail.com (Brad Schonhorst)
Date: Fri, 21 Jul 2006 12:13:43 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
	<7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
	<Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
Message-ID: <7708fd680607210913y3023a96ev6e80315e7cfd3bd3@mail.gmail.com>

On 7/21/06, Charles Sprickman <spork at bway.net> wrote:
> On Fri, 21 Jul 2006, Brad Schonhorst wrote:
>
> >>> If your macs are running 10.4 there is no reason to use appletalk.  i
> >>> would suggest you disable it.  Bonjour is apple's 'replacement' for
> >>> apple talk for zeroconf networking (finding that lost network
> >>> printer.)  Both Bonjour and AFP are using TCP/IP at this point making
> >>> appletalk severely outdated.
> >>>
> >> Hi Brad,
> >>
> >> Are you suggesting nfs on the FreeBSD shared server and Bonjour on the
> >> clients ?  Not having looked at Bonjour at all, lets just say the name
> >> doesn't inspire much confidence ... :)
> >>
> >
> > I just re-read your original post and it looks like you are using
> > atalk for file sharing right?  Your right, Bonjour probably isn't the
> > best solution for that situation.  Have you tried just using NFS.  So
> > NFS on server, NFS on client?  These days, mac's can almost be thought
> > of as unix boxes. You wouldn't use atalk to connect 2 freebsd machines
> > right?
>
> Just to be clear, Bonjour/Rendezvous is simply for autodiscovering hosts
> and the services on them.  Some of those services may include file sharing
> services...
>
> AppleTalk file sharing is really the preferred way to be working here.
> Keep in mind that this does not mean using AFP over AppleTalk.  AFP also
> runs over TCP, and that's what current OS-X uses by default.
>
> AppleTalk File Sharing != AppleTalk network protocol.
>

Hey Charles, could you clarify this a bit?  What protocol does
AppleTalk File Sharing use?


> A good site that deals with this sort of thing is http://afp548.com/
>
> Just wanted to be clear on that...
>
> Charles
>


From bob at redivi.com  Fri Jul 21 12:28:55 2006
From: bob at redivi.com (Bob Ippolito)
Date: Fri, 21 Jul 2006 09:28:55 -0700
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <7708fd680607210913y3023a96ev6e80315e7cfd3bd3@mail.gmail.com>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
	<7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
	<Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
	<7708fd680607210913y3023a96ev6e80315e7cfd3bd3@mail.gmail.com>
Message-ID: <9976FAA1-8AA9-429B-9793-E407EB6B338D@redivi.com>


On Jul 21, 2006, at 9:13 AM, Brad Schonhorst wrote:

> On 7/21/06, Charles Sprickman <spork at bway.net> wrote:
>> On Fri, 21 Jul 2006, Brad Schonhorst wrote:
>>
>>>>> If your macs are running 10.4 there is no reason to use  
>>>>> appletalk.  i
>>>>> would suggest you disable it.  Bonjour is apple's 'replacement'  
>>>>> for
>>>>> apple talk for zeroconf networking (finding that lost network
>>>>> printer.)  Both Bonjour and AFP are using TCP/IP at this point  
>>>>> making
>>>>> appletalk severely outdated.
>>>>>
>>>> Hi Brad,
>>>>
>>>> Are you suggesting nfs on the FreeBSD shared server and Bonjour  
>>>> on the
>>>> clients ?  Not having looked at Bonjour at all, lets just say  
>>>> the name
>>>> doesn't inspire much confidence ... :)
>>>>
>>>
>>> I just re-read your original post and it looks like you are using
>>> atalk for file sharing right?  Your right, Bonjour probably isn't  
>>> the
>>> best solution for that situation.  Have you tried just using  
>>> NFS.  So
>>> NFS on server, NFS on client?  These days, mac's can almost be  
>>> thought
>>> of as unix boxes. You wouldn't use atalk to connect 2 freebsd  
>>> machines
>>> right?
>>
>> Just to be clear, Bonjour/Rendezvous is simply for autodiscovering  
>> hosts
>> and the services on them.  Some of those services may include file  
>> sharing
>> services...
>>
>> AppleTalk file sharing is really the preferred way to be working  
>> here.
>> Keep in mind that this does not mean using AFP over AppleTalk.   
>> AFP also
>> runs over TCP, and that's what current OS-X uses by default.
>>
>> AppleTalk File Sharing != AppleTalk network protocol.
>>
>
> Hey Charles, could you clarify this a bit?  What protocol does
> AppleTalk File Sharing use?

AFP, Apple Filing Protocol, is the protocol that Macs prefer to use  
for file sharing. Has very little to do with AppleTalk these days  
other than it's one of the few protocols that actually works over  
AppleTalk. TCP is the way to go.

As said before, you definitely want to use bonjour/mDNS for  
announcing the service. Even if you did have some old Mac OS 9  
machines on the network, you'd still want to be using mDNS for the  
sake of the newer boxes.

-bob



From bschonhorst at gmail.com  Fri Jul 21 12:37:49 2006
From: bschonhorst at gmail.com (Brad Schonhorst)
Date: Fri, 21 Jul 2006 12:37:49 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <9976FAA1-8AA9-429B-9793-E407EB6B338D@redivi.com>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
	<7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
	<Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
	<7708fd680607210913y3023a96ev6e80315e7cfd3bd3@mail.gmail.com>
	<9976FAA1-8AA9-429B-9793-E407EB6B338D@redivi.com>
Message-ID: <7708fd680607210937g45815148s2ac50d05091b7cc@mail.gmail.com>

On 7/21/06, Bob Ippolito <bob at redivi.com> wrote:
>
> On Jul 21, 2006, at 9:13 AM, Brad Schonhorst wrote:
>
> > On 7/21/06, Charles Sprickman <spork at bway.net> wrote:
> >> On Fri, 21 Jul 2006, Brad Schonhorst wrote:
> >>
> >>>>> If your macs are running 10.4 there is no reason to use
> >>>>> appletalk.  i
> >>>>> would suggest you disable it.  Bonjour is apple's 'replacement'
> >>>>> for
> >>>>> apple talk for zeroconf networking (finding that lost network
> >>>>> printer.)  Both Bonjour and AFP are using TCP/IP at this point
> >>>>> making
> >>>>> appletalk severely outdated.
> >>>>>
> >>>> Hi Brad,
> >>>>
> >>>> Are you suggesting nfs on the FreeBSD shared server and Bonjour
> >>>> on the
> >>>> clients ?  Not having looked at Bonjour at all, lets just say
> >>>> the name
> >>>> doesn't inspire much confidence ... :)
> >>>>
> >>>
> >>> I just re-read your original post and it looks like you are using
> >>> atalk for file sharing right?  Your right, Bonjour probably isn't
> >>> the
> >>> best solution for that situation.  Have you tried just using
> >>> NFS.  So
> >>> NFS on server, NFS on client?  These days, mac's can almost be
> >>> thought
> >>> of as unix boxes. You wouldn't use atalk to connect 2 freebsd
> >>> machines
> >>> right?
> >>
> >> Just to be clear, Bonjour/Rendezvous is simply for autodiscovering
> >> hosts
> >> and the services on them.  Some of those services may include file
> >> sharing
> >> services...
> >>
> >> AppleTalk file sharing is really the preferred way to be working
> >> here.
> >> Keep in mind that this does not mean using AFP over AppleTalk.
> >> AFP also
> >> runs over TCP, and that's what current OS-X uses by default.
> >>
> >> AppleTalk File Sharing != AppleTalk network protocol.
> >>
> >
> > Hey Charles, could you clarify this a bit?  What protocol does
> > AppleTalk File Sharing use?
>
> AFP, Apple Filing Protocol, is the protocol that Macs prefer to use
> for file sharing. Has very little to do with AppleTalk these days
> other than it's one of the few protocols that actually works over
> AppleTalk. TCP is the way to go.
>

I guess that was my question.  When referring to 'AppleTalk File
Sharing' are you speaking of AFP?  My understanding was that AFP used
to use Appletalk net protocol but now uses TCP port 548.

So does the atalk service provide appletalk service (like netatalk) or
AFP over TCP/IP or something else altogether?

> As said before, you definitely want to use bonjour/mDNS for
> announcing the service. Even if you did have some old Mac OS 9
> machines on the network, you'd still want to be using mDNS for the
> sake of the newer boxes.
>
> -bob
>
>


From marco at metm.org  Fri Jul 21 14:51:52 2006
From: marco at metm.org (Marco Scoffier)
Date: Fri, 21 Jul 2006 14:51:52 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <7708fd680607210937g45815148s2ac50d05091b7cc@mail.gmail.com>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
	<7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
	<Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
	<7708fd680607210913y3023a96ev6e80315e7cfd3bd3@mail.gmail.com>
	<9976FAA1-8AA9-429B-9793-E407EB6B338D@redivi.com>
	<7708fd680607210937g45815148s2ac50d05091b7cc@mail.gmail.com>
Message-ID: <20060721185152.GB27787@ns.metm.org>

On Fri, Jul 21, 2006 at 12:37:49PM -0400, Brad Schonhorst wrote:
>> AFP, Apple Filing Protocol, is the protocol that Macs prefer to use
>> for file sharing. Has very little to do with AppleTalk these days
>> other than it's one of the few protocols that actually works over
>> AppleTalk. TCP is the way to go.
>>
>
>I guess that was my question.  When referring to 'AppleTalk File
>Sharing' are you speaking of AFP?  My understanding was that AFP used
>to use Appletalk net protocol but now uses TCP port 548.
>
>So does the atalk service provide appletalk service (like netatalk) or
>AFP over TCP/IP or something else altogether?
>
I think I can answer this one.  I was sloppy with the terms before.
Older OS 9 couldn't do AFP over TCP/IP.  So I had to run atalkd
and afpd, now you can run afp over tcp/ip.  The FreeBSD man pages and
config file were a great source of demystification on this one.  Atalkd
runs the appletalk protocol on Unix, and afpd runs the AppleTalk Filing
Protocol (confusing).  AFP does not require AppleTalk.

>> As said before, you definitely want to use bonjour/mDNS for
>> announcing the service. Even if you did have some old Mac OS 9
>> machines on the network, you'd still want to be using mDNS for the
>> sake of the newer boxes.
>>

I'm looking up mDNS now.  What are the advantages of this on OSX ?
Basically everything is hardwired in this small office.  I'm the only
tech support and I go in like 3 times a year.  They aren't doing
anything on their own, not even plugging in a new printer... :)

-- 
Marco


From dave at donnerjack.com  Fri Jul 21 15:04:26 2006
From: dave at donnerjack.com (David Lawson)
Date: Fri, 21 Jul 2006 15:04:26 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <20060721185152.GB27787@ns.metm.org>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
	<7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
	<Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
	<7708fd680607210913y3023a96ev6e80315e7cfd3bd3@mail.gmail.com>
	<9976FAA1-8AA9-429B-9793-E407EB6B338D@redivi.com>
	<7708fd680607210937g45815148s2ac50d05091b7cc@mail.gmail.com>
	<20060721185152.GB27787@ns.metm.org>
Message-ID: <BC3F2784-FBB4-4743-AB63-6AC7282404AF@donnerjack.com>


On Jul 21, 2006, at 2:51 PM, Marco Scoffier wrote:

> On Fri, Jul 21, 2006 at 12:37:49PM -0400, Brad Schonhorst wrote:
>>> AFP, Apple Filing Protocol, is the protocol that Macs prefer to use
>>> for file sharing. Has very little to do with AppleTalk these days
>>> other than it's one of the few protocols that actually works over
>>> AppleTalk. TCP is the way to go.
>>>
>>
>> I guess that was my question.  When referring to 'AppleTalk File
>> Sharing' are you speaking of AFP?  My understanding was that AFP used
>> to use Appletalk net protocol but now uses TCP port 548.
>>
>> So does the atalk service provide appletalk service (like  
>> netatalk) or
>> AFP over TCP/IP or something else altogether?
>>
> I think I can answer this one.  I was sloppy with the terms before.
> Older OS 9 couldn't do AFP over TCP/IP.  So I had to run atalkd
> and afpd, now you can run afp over tcp/ip.  The FreeBSD man pages and
> config file were a great source of demystification on this one.   
> Atalkd
> runs the appletalk protocol on Unix, and afpd runs the AppleTalk  
> Filing
> Protocol (confusing).  AFP does not require AppleTalk.
>
>>> As said before, you definitely want to use bonjour/mDNS for
>>> announcing the service. Even if you did have some old Mac OS 9
>>> machines on the network, you'd still want to be using mDNS for the
>>> sake of the newer boxes.
>>>
>
> I'm looking up mDNS now.  What are the advantages of this on OSX ?
> Basically everything is hardwired in this small office.  I'm the only
> tech support and I go in like 3 times a year.  They aren't doing
> anything on their own, not even plugging in a new printer... :)

mDNS is essentially the auto-discovery portion of Rendezvous/ 
Bounjour.  It lets devices advertise services they provide and lets  
clients discover servers that provide the services they're looking  
for automatically.

--Dave


From nikolai at fetissov.org  Fri Jul 21 15:19:54 2006
From: nikolai at fetissov.org (nikolai)
Date: Fri, 21 Jul 2006 15:19:54 -0400 (EDT)
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <BC3F2784-FBB4-4743-AB63-6AC7282404AF@donnerjack.com>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
	<7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
	<Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
	<7708fd680607210913y3023a96ev6e80315e7cfd3bd3@mail.gmail.com>
	<9976FAA1-8AA9-429B-9793-E407EB6B338D@redivi.com>
	<7708fd680607210937g45815148s2ac50d05091b7cc@mail.gmail.com>
	<20060721185152.GB27787@ns.metm.org>
	<BC3F2784-FBB4-4743-AB63-6AC7282404AF@donnerjack.com>
Message-ID: <4720.63.66.6.15.1153509594.squirrel@www.geekisp.com>

>
> On Jul 21, 2006, at 2:51 PM, Marco Scoffier wrote:
>
>> On Fri, Jul 21, 2006 at 12:37:49PM -0400, Brad Schonhorst wrote:
>>>> AFP, Apple Filing Protocol, is the protocol that Macs prefer to use
>>>> for file sharing. Has very little to do with AppleTalk these days
>>>> other than it's one of the few protocols that actually works over
>>>> AppleTalk. TCP is the way to go.
>>>>
>>>
>>> I guess that was my question.  When referring to 'AppleTalk File
>>> Sharing' are you speaking of AFP?  My understanding was that AFP used
>>> to use Appletalk net protocol but now uses TCP port 548.
>>>
>>> So does the atalk service provide appletalk service (like
>>> netatalk) or
>>> AFP over TCP/IP or something else altogether?
>>>
>> I think I can answer this one.  I was sloppy with the terms before.
>> Older OS 9 couldn't do AFP over TCP/IP.  So I had to run atalkd
>> and afpd, now you can run afp over tcp/ip.  The FreeBSD man pages and
>> config file were a great source of demystification on this one.
>> Atalkd
>> runs the appletalk protocol on Unix, and afpd runs the AppleTalk
>> Filing
>> Protocol (confusing).  AFP does not require AppleTalk.
>>
>>>> As said before, you definitely want to use bonjour/mDNS for
>>>> announcing the service. Even if you did have some old Mac OS 9
>>>> machines on the network, you'd still want to be using mDNS for the
>>>> sake of the newer boxes.
>>>>
>>
>> I'm looking up mDNS now.  What are the advantages of this on OSX ?
>> Basically everything is hardwired in this small office.  I'm the only
>> tech support and I go in like 3 times a year.  They aren't doing
>> anything on their own, not even plugging in a new printer... :)
>
> mDNS is essentially the auto-discovery portion of Rendezvous/
> Bounjour.  It lets devices advertise services they provide and lets
> clients discover servers that provide the services they're looking
> for automatically.
>
> --Dave

It's multicast DNS. Fine on a single subnet (wired or wireless),
but won't work across a router without extra effort.
--
 nikolai


From bschonhorst at gmail.com  Fri Jul 21 18:50:26 2006
From: bschonhorst at gmail.com (Brad Schonhorst)
Date: Fri, 21 Jul 2006 18:50:26 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <20060721185152.GB27787@ns.metm.org>
References: <20060720234213.GB26660@ns.metm.org>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
	<7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
	<Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
	<7708fd680607210913y3023a96ev6e80315e7cfd3bd3@mail.gmail.com>
	<9976FAA1-8AA9-429B-9793-E407EB6B338D@redivi.com>
	<7708fd680607210937g45815148s2ac50d05091b7cc@mail.gmail.com>
	<20060721185152.GB27787@ns.metm.org>
Message-ID: <7708fd680607211550j7e8f9a2al56a544bc3634a34a@mail.gmail.com>

On 7/21/06, Marco Scoffier <marco at metm.org> wrote:
> On Fri, Jul 21, 2006 at 12:37:49PM -0400, Brad Schonhorst wrote:
> >> AFP, Apple Filing Protocol, is the protocol that Macs prefer to use
> >> for file sharing. Has very little to do with AppleTalk these days
> >> other than it's one of the few protocols that actually works over
> >> AppleTalk. TCP is the way to go.
> >>
> >
> >I guess that was my question.  When referring to 'AppleTalk File
> >Sharing' are you speaking of AFP?  My understanding was that AFP used
> >to use Appletalk net protocol but now uses TCP port 548.
> >
> >So does the atalk service provide appletalk service (like netatalk) or
> >AFP over TCP/IP or something else altogether?
> >
> I think I can answer this one.  I was sloppy with the terms before.
> Older OS 9 couldn't do AFP over TCP/IP.  So I had to run atalkd
> and afpd, now you can run afp over tcp/ip.  The FreeBSD man pages and
> config file were a great source of demystification on this one.  Atalkd
> runs the appletalk protocol on Unix, and afpd runs the AppleTalk Filing
> Protocol (confusing).  AFP does not require AppleTalk.

Thanks for the clarification.  I had never heard AFP refered to as
AppleTalk Filing Protocol usually just Apple File Protocol.  I guess
its the same idea but since its TCP/IP the 'talk' name threw me for a
loop.

>
> >> As said before, you definitely want to use bonjour/mDNS for
> >> announcing the service. Even if you did have some old Mac OS 9
> >> machines on the network, you'd still want to be using mDNS for the
> >> sake of the newer boxes.
> >>
>
> I'm looking up mDNS now.  What are the advantages of this on OSX ?
> Basically everything is hardwired in this small office.  I'm the only
> tech support and I go in like 3 times a year.  They aren't doing
> anything on their own, not even plugging in a new printer... :)
>
> --
> Marco
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


From jhlists at hirschman.net  Fri Jul 21 20:29:17 2006
From: jhlists at hirschman.net (jh)
Date: Fri, 21 Jul 2006 20:29:17 -0400
Subject: [nycbug-talk] [OT] OpenSolaris Resources
Message-ID: <44C1715D.9040508@hirschman.net>

Please don't throw bottles :) I figured that there was some crossover 
for this list - can anyone suggest a good starting point for trying out 
OpenSolaris (or Solaris) with respect to trying it on commodity hardware 
and playing with ZFS? I googled, found nothing that seemed like a gentle 
introduction.

Thanks.

jh


From lists at genoverly.net  Fri Jul 21 21:19:02 2006
From: lists at genoverly.net (michael)
Date: Fri, 21 Jul 2006 21:19:02 -0400
Subject: [nycbug-talk] [OT] OpenSolaris Resources
In-Reply-To: <44C1715D.9040508@hirschman.net>
References: <44C1715D.9040508@hirschman.net>
Message-ID: <20060721211902.3e738c18@wit.genoverly.com>

On Fri, 21 Jul 2006 20:29:17 -0400
jh <jhlists at hirschman.net> wrote:

> Please don't throw bottles :) I figured that there was some crossover 
> for this list - can anyone suggest a good starting point for trying
> out OpenSolaris (or Solaris) with respect to trying it on commodity
> hardware and playing with ZFS? I googled, found nothing that seemed
> like a gentle introduction.
> 

Sun *wants* you to use it.  They try to make it really easy.  

1. Do some reading..
http://www.opensolaris.org/os/about/faq/general_faq/

	What is the difference between the OpenSolaris project and the
	Solaris Operating System?

	Solaris Express: This is a binary release for customers. It's
	Sun's official release of the OpenSolaris bits as well as
	additional technology that has not been released into the
	OpenSolaris source base. Sun offers limited support for this
	release. It's primarily intended for Solaris customers to try
	out the very latest technology that will eventually be
	productized by Sun. Solaris Express is updated monthly and is
	available as a free binary download.

	Hardware Requirements

	The Solaris 10 OS runs on the following platforms:
	* 64-bit Sun UltraSPARC and Fujitsu SPARC64 platforms
	* 64-bit Sun and third-party x64 platforms
	* 32-bit Sun and third-party x86 platforms

http://www.sun.com/software/solaris/soe_features.jsp
	Solaris Enterprise System Highlights

http://www.sun.com/software/solaris/data_management.jsp
	The last few decades of file system research have resulted in a
	great deal of progress in performance and recoverability.
	However, anyone who has ever lost important files, run out of
	space on a partition, or struggled with a volume manager
	understands the need for improvement in the areas of data
	integrity, manageability, and scalability. Solaris ZFS
	(zettabyte file system), coming in a Solaris 10 update,
	incorporates advanced data security and protection features,
	eliminating the need for fsck or other recovery mechanisms. By
	redefining file systems as virtualized storage, Solaris ZFS
	will enable virtually unlimited scalability.

http://www.sun.com/software/solaris/zfs_learning_center.jsp
	ZFS Learning Center

	Get familiar with the world's most advanced file system?Solaris
	ZFS?with easy access to multimedia presentations and demos at
	the ZFS Learning Center.


2. Get it..
http://www.sun.com/software/solaris/solaris-express/get.jsp 
	Solaris Express 6/06 Software: Free

3. Install it..
	(if you have installed any unixy OS before, try it yourself!)

4. Load software not in base..
http://www.sun.com/software/solaris/freeware/

5. Learn and enjoy

-- 

Michael



From jschauma at netmeister.org  Sat Jul 22 01:54:26 2006
From: jschauma at netmeister.org (Jan Schaumann)
Date: Sat, 22 Jul 2006 01:54:26 -0400
Subject: [nycbug-talk] solaris 10 zfs nfs lockd problems
Message-ID: <20060722055425.GA17345@netmeister.org>

Hi,

I just converted our fileserver to solaris, using ZFS.  So now it's
exporting everything via NFS, and all clients can mount it just fine,
however, performance is very bad if the application uses file locking.
For example, reading my inbox with mutt (which has a meager 60 messages
in it) takes 22 seconds!

Anybody have any ideas regarding how to tune this?

TIA,
-Jan

-- 
http://www.eff.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20060722/79de4f06/attachment.bin>

From o_sleep at belovedarctos.com  Sat Jul 22 14:18:36 2006
From: o_sleep at belovedarctos.com (Bjorn Nelson)
Date: Sat, 22 Jul 2006 14:18:36 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <50017.160.33.20.11.1153498148.squirrel@webmail.nomadlogic.org>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
	<7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
	<Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
	<50017.160.33.20.11.1153498148.squirrel@webmail.nomadlogic.org>
Message-ID: <963227F4-26B5-48DA-8583-77D2E14005AC@belovedarctos.com>

Pete,

On Jul 21, 2006, at 12:09 PM, Peter Wright wrote:

>
>> On Fri, 21 Jul 2006, Brad Schonhorst wrote:
>>
>>>>> If your macs are running 10.4 there is no reason to use  
>>>>> appletalk.  i
>>>>> would suggest you disable it.  Bonjour is apple's 'replacement'  
>>>>> for
>>>>> apple talk for zeroconf networking (finding that lost network
>>>>> printer.)  Both Bonjour and AFP are using TCP/IP at this point  
>>>>> making
>>>>> appletalk severely outdated.
>>>>>
>>>> Hi Brad,
>>>>
>>>> Are you suggesting nfs on the FreeBSD shared server and Bonjour  
>>>> on the
>>>> clients ?  Not having looked at Bonjour at all, lets just say  
>>>> the name
>>>> doesn't inspire much confidence ... :)
>>>>
>>>
>>> I just re-read your original post and it looks like you are using
>>> atalk for file sharing right?  Your right, Bonjour probably isn't  
>>> the
>>> best solution for that situation.  Have you tried just using  
>>> NFS.  So
>>> NFS on server, NFS on client?  These days, mac's can almost be  
>>> thought
>>> of as unix boxes. You wouldn't use atalk to connect 2 freebsd  
>>> machines
>>> right?
>>
>> Just to be clear, Bonjour/Rendezvous is simply for autodiscovering  
>> hosts
>> and the services on them.  Some of those services may include file  
>> sharing
>> services...
>>
>> AppleTalk file sharing is really the preferred way to be working  
>> here.
>> Keep in mind that this does not mean using AFP over AppleTalk.   
>> AFP also
>> runs over TCP, and that's what current OS-X uses by default.
>>
>> AppleTalk File Sharing != AppleTalk network protocol.
>
>
> yea i tend to agree here, especially for smaller shops that have  
> been Mac
> houses for a while.  You most likely already have all your mac auth  
> stuff
> setup and the users are used to it.  FreeBSD can be set up to share
> AppleTalk volumes with decent performance - so I'd stick with it IMO.

Just wanted to add a caveat to this.  If you use afp, it's going to  
store resource forks on the server.  Unless you use server side  
utilities that respect this, these won't be kept for server side  
backups or when accessed using other protocols (ever want to smb  
share?).  With nfs, the resource fork will be kept in separate dot  
file that can be backed up and recovered safely.  I know that ufs2 is  
supposed to support meta data like resource forks, has there been any  
effort for netatalk to use this instead of the flat db files it keeps?

This also means that if you want to switch to nfs from afp, you will  
need to copy client side all the files to the new nfs exports.

-Bjorn




From pete at nomadlogic.org  Sat Jul 22 23:42:11 2006
From: pete at nomadlogic.org (Pete Wright)
Date: Sat, 22 Jul 2006 23:42:11 -0400
Subject: [nycbug-talk] [OT] OpenSolaris Resources
In-Reply-To: <44C1715D.9040508@hirschman.net>
References: <44C1715D.9040508@hirschman.net>
Message-ID: <20060723034145.GA37784@sunset.nomadlogic.org>

On Fri, Jul 21, 2006 at 08:29:17PM -0400, jh wrote:
> Please don't throw bottles :) I figured that there was some crossover 
> for this list - can anyone suggest a good starting point for trying out 
> OpenSolaris (or Solaris) with respect to trying it on commodity hardware 
> and playing with ZFS? I googled, found nothing that seemed like a gentle 
> introduction.
> 

lol, i'm actually pretty impressed with open solaris...and with DTRACE
support coming to a FreeBSD RELEASE soon i'd say it's a great time to
start hacking the OS.  my fav. is this liveCD:

http://www.genunix.org/distributions/belenix_site/belenix_home.html

i was so impressed in fact that i tried to get it installed on my
laptop's HD.  could never get to be as stable as the live CD though...

-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From ike at lesmuug.org  Mon Jul 24 12:34:34 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Mon, 24 Jul 2006 12:34:34 -0400
Subject: [nycbug-talk] Noob networking question
In-Reply-To: <963227F4-26B5-48DA-8583-77D2E14005AC@belovedarctos.com>
References: <20060720234213.GB26660@ns.metm.org>
	<Pine.OSX.4.61.0607210001340.3261@white.nat.fasttrackmonkey.com>
	<20060721114713.GB19873@ns.metm.org>
	<7708fd680607210659o70cc7854xf417d3b1a2e6f106@mail.gmail.com>
	<20060721144008.GA27787@ns.metm.org>
	<7708fd680607210844s146a2e9bhc684a146c70c1e9b@mail.gmail.com>
	<Pine.OSX.4.61.0607211152380.3261@white.nat.fasttrackmonkey.com>
	<50017.160.33.20.11.1153498148.squirrel@webmail.nomadlogic.org>
	<963227F4-26B5-48DA-8583-77D2E14005AC@belovedarctos.com>
Message-ID: <3D2A6EEE-DCC8-4D96-BE23-DA35B5EEAB76@lesmuug.org>

Hey Marco, All,

On Jul 22, 2006, at 2:18 PM, Bjorn Nelson wrote:
<snip>
> Just wanted to add a caveat to this.  If you use afp, it's going to
> store resource forks on the server.  Unless you use server side
> utilities that respect this, these won't be kept for server side
> backups or when accessed using other protocols (ever want to smb
> share?).  With nfs, the resource fork will be kept in separate dot
> file that can be backed up and recovered safely.
<snip>

Sorry to drop in late to this thread, but I just wanted to shout out  
that I've had great success deploying Samba/SMB in several offices  
which are mixed, but mac-heavy enviornments.  Performance has rocked,  
and various pains in one's tail have not been an issue, (long  
filenames, volume size issues with > 2TB volumes, speed, etc...).   
It's also GREATLY simplified administering a diverse network by  
running just one file protocol, since there's only one access-control  
system to manage, etc...  Leaves time to manage the myriad of  
machines, which on one network, span from Win95 up through current  
Win. flavors, to Macs of various OSX builds, to various *NIX  
machines...  (The only sane parts of that network are all the *BSD  
systems that run core services, routers, etc...).

The OSX machines all handle SMB really excellently, Apple worked hard  
to get their rigs working really seamlessly in windows networks.

Just my .02?, I know SMB is not a 'standard' solution for everything;  
but working to strip the network down to just SMB has yielded  
delightful results.

Rocket-
.ike





From ike at lesmuug.org  Mon Jul 24 14:37:10 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Mon, 24 Jul 2006 14:37:10 -0400
Subject: [nycbug-talk] Defcon 14 EFF Dunk Tank, NYC*BUG represented!
Message-ID: <6BA7B30E-D872-4DFC-B393-82B75F5D3D87@lesmuug.org>

Hey All,

The EFF is putting on a Dunk-Tank fundraiser at Defcon 14, and I've  
been coerced to represent NYC*BUG in the wet-seat, all for a fine  
cause, the EFF.

http://taosecurity.blogspot.com/2006/07/call-for-def-con-dunk-tank- 
volunteers.html

Anyone who's been itching to get in a potshot with me will have a  
clear shot in Vegas, check the dunk-booth for the schedule, and pass  
the word.

Rocket-
.ike




From josh at freek.com  Wed Jul 26 17:28:40 2006
From: josh at freek.com (Josh Rivel)
Date: Wed, 26 Jul 2006 17:28:40 -0400
Subject: [nycbug-talk] Anyone using a Dell Inspiron 710m?
Message-ID: <20060726212840.GF23815@freek.com>

So I'm looking for a laptop for work.  They got me a Dell Latitude
D620, which is nice - 1440x900 display, built in Intel 802.11b/g card,
but it's too heavy to lug home on a daily basis.

Some friends recommended the Inspiron 710m - I'm looking for something
small, light, and *NIX friendly. (and preferably under $1k, not sure
how much my company will spend on me).  

I've tried for a 13" Macbook, but my boss keep waffling back and forth
on it, also, I'm not sure if it's much lighter than my dell (but it is 
smaller)

If anyone in the NYC area has one of these and would let me check it
out for a few minutes one day during lunch or something, that would be
great (I work in lower NYC)

Thanks!
Josh


From pete at nomadlogic.org  Thu Jul 27 11:31:12 2006
From: pete at nomadlogic.org (Pete Wright)
Date: Thu, 27 Jul 2006 11:31:12 -0400
Subject: [nycbug-talk] Postfix filter for Exchange
Message-ID: <20060727153112.GB64375@sunset.nomadlogic.org>

Hi All,
	So for some reason we run exchange as our mail store, and
frankly I'd rather not start another fight as to how we should probably move
to more robust mail solution.  we do have an issue where runaway scripts
start generating *ton's* of email in a very short period of time.  We
have been trying our best to resolve this issue by bludgening those who
write the offending code, but it still happens from time to time.

	So, to help us out with this I am going to propose putting a
Postfix filter infront of the exchange server to kill these mail bombs
before they take down exchange.  The exchange admin's promise there is
nothing they can do to properlly rate limit, or kill these mail bombs
before spooling them.  I am not so sure about that, but do not have the
time to learn exchange.

	Has anyone implemented such a solution for a highvolume
mailserver, if so any caveat's i should be looking out for?  Or is there
a sendmail milter that does this already that i don't know about?

thanks!
-pete




  
-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From george at sddi.net  Thu Jul 27 11:53:11 2006
From: george at sddi.net (George R.)
Date: Thu, 27 Jul 2006 11:53:11 -0400
Subject: [nycbug-talk] Postfix filter for Exchange
In-Reply-To: <20060727153112.GB64375@sunset.nomadlogic.org>
References: <20060727153112.GB64375@sunset.nomadlogic.org>
Message-ID: <44C8E167.4030101@sddi.net>

Pete Wright wrote:
> Hi All,
> 	So for some reason we run exchange as our mail store, and
> frankly I'd rather not start another fight as to how we should probably move
> to more robust mail solution.  we do have an issue where runaway scripts
> start generating *ton's* of email in a very short period of time.  We
> have been trying our best to resolve this issue by bludgening those who
> write the offending code, but it still happens from time to time.
> 
> 	So, to help us out with this I am going to propose putting a
> Postfix filter infront of the exchange server to kill these mail bombs
> before they take down exchange.  The exchange admin's promise there is
> nothing they can do to properlly rate limit, or kill these mail bombs
> before spooling them.  I am not so sure about that, but do not have the
> time to learn exchange.
> 
> 	Has anyone implemented such a solution for a highvolume
> mailserver, if so any caveat's i should be looking out for?  Or is there
> a sendmail milter that does this already that i don't know about?
> 

There's a good number of regex-based header, body and mime checks out
and about. . . but we don't use/have anything that deals specifically
with mail bombs.

Here's one thought:

http://tinyurl.com/rlxzj

There's also a reference here about mail bombs:

http://tinyurl.com/rfzxp

# The following is the normal cleanup daemon. No header or body checks here,
# because these have already been taken care of by the pre-cleanup service
# before the content filter.  The normal cleanup instance does all
# the virtual alias and canonical address mapping that was disabled
# in the pre-cleanup instance before the content filter.
#
cleanup	unix	n	-	n	-	0	cleanup
    -o mime_header_checks=
    -o nested_header_checks=
    -o body_checks=
    -o header_checks=
# or use second-stage header checks, to be able to place mail bombs on HOLD
#   -o header_checks=pcre:/etc/postfix/header_checks2
# consider also:
#   -o always_bcc=snooping at example.com

I'll send you our body, header and mime checks offlist, which deal with
many of the apps that actually do the bombing. . .

Hope that helps a bit.

g


From trish at bsdunix.net  Thu Jul 27 11:56:23 2006
From: trish at bsdunix.net (Trish Lynch)
Date: Thu, 27 Jul 2006 11:56:23 -0400 (EDT)
Subject: [nycbug-talk] Postfix filter for Exchange
In-Reply-To: <20060727153112.GB64375@sunset.nomadlogic.org>
References: <20060727153112.GB64375@sunset.nomadlogic.org>
Message-ID: <20060727114540.T59794@daemon.bsdunix.net>

On Thu, 27 Jul 2006, Pete Wright wrote:

> Hi All,
> 	So for some reason we run exchange as our mail store, and
> frankly I'd rather not start another fight as to how we should probably move
> to more robust mail solution.  we do have an issue where runaway scripts
> start generating *ton's* of email in a very short period of time.  We
> have been trying our best to resolve this issue by bludgening those who
> write the offending code, but it still happens from time to time.
>
> 	So, to help us out with this I am going to propose putting a
> Postfix filter infront of the exchange server to kill these mail bombs
> before they take down exchange.  The exchange admin's promise there is
> nothing they can do to properlly rate limit, or kill these mail bombs
> before spooling them.  I am not so sure about that, but do not have the
> time to learn exchange.
>
> 	Has anyone implemented such a solution for a highvolume
> mailserver, if so any caveat's i should be looking out for?  Or is there
> a sendmail milter that does this already that i don't know about?
>
> thanks!
> -pete
>
>

I actually use sendmail to ratelimit this kind of stuff fairly easily 
actually. There are a couple settings in sendmail.cf that throttle 
connection frequency, one is

# maximum number of new connections per second
O ConnectionRateThrottle=8


Also, you can do things like this:

# load average at which we just queue messages
#O QueueLA=8

# load average at which we refuse connections
#O RefuseLA=12

# log interval when refusing connections for this long
#O RejectLogInterval=3h

# load average at which we delay connections; 0 means no limit
#O DelayLA=0

# maximum number of children we allow at one time
#O MaxDaemonChildren=0


and tune those so that it doesn't get so out of hand as well, no need for 
milters, this is all sendmail.cf settings itself.

I mean theoertically you can also write something in .cf itself to filter 
the keywords from the offending scripts.... *laugh*

Hope that helps.


-Trish

-- 
Trish Lynch					   trish at bsdunix.net
Ecartis Core Team 			      trish at listmistress.org
Key fingerprint = 781D 2B47 AA4B FC88 B919  0CD6 26B2 1D62 6FC1 FF16


From pete at nomadlogic.org  Thu Jul 27 11:59:02 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Thu, 27 Jul 2006 08:59:02 -0700 (PDT)
Subject: [nycbug-talk] Postfix filter for Exchange
In-Reply-To: <44C8E167.4030101@sddi.net>
References: <20060727153112.GB64375@sunset.nomadlogic.org>
	<44C8E167.4030101@sddi.net>
Message-ID: <33437.160.33.20.11.1154015942.squirrel@webmail.nomadlogic.org>


> Pete Wright wrote:
>> Hi All,
>> 	So for some reason we run exchange as our mail store, and
>> frankly I'd rather not start another fight as to how we should probably
>> move
>> to more robust mail solution.  we do have an issue where runaway scripts
>> start generating *ton's* of email in a very short period of time.  We
>> have been trying our best to resolve this issue by bludgening those who
>> write the offending code, but it still happens from time to time.
>>
>> 	So, to help us out with this I am going to propose putting a
>> Postfix filter infront of the exchange server to kill these mail bombs
>> before they take down exchange.  The exchange admin's promise there is
>> nothing they can do to properlly rate limit, or kill these mail bombs
>> before spooling them.  I am not so sure about that, but do not have the
>> time to learn exchange.
>>
>> 	Has anyone implemented such a solution for a highvolume
>> mailserver, if so any caveat's i should be looking out for?  Or is there
>> a sendmail milter that does this already that i don't know about?
>>
>
> There's a good number of regex-based header, body and mime checks out
> and about. . . but we don't use/have anything that deals specifically
> with mail bombs.
>
> Here's one thought:
>
> http://tinyurl.com/rlxzj
>
> There's also a reference here about mail bombs:
>
> http://tinyurl.com/rfzxp
>
> # The following is the normal cleanup daemon. No header or body checks
> here,
> # because these have already been taken care of by the pre-cleanup service
> # before the content filter.  The normal cleanup instance does all
> # the virtual alias and canonical address mapping that was disabled
> # in the pre-cleanup instance before the content filter.
> #
> cleanup	unix	n	-	n	-	0	cleanup
>     -o mime_header_checks=
>     -o nested_header_checks=
>     -o body_checks=
>     -o header_checks=
> # or use second-stage header checks, to be able to place mail bombs on
> HOLD
> #   -o header_checks=pcre:/etc/postfix/header_checks2
> # consider also:
> #   -o always_bcc=snooping at example.com
>
> I'll send you our body, header and mime checks offlist, which deal with
> many of the apps that actually do the bombing. . .
>
> Hope that helps a bit.
>

yea this is execellent!  thanks Gman!

-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From mikel.king at techally.com  Thu Jul 27 11:59:22 2006
From: mikel.king at techally.com (Mikel King)
Date: Thu, 27 Jul 2006 11:59:22 -0400
Subject: [nycbug-talk] Postfix filter for Exchange
In-Reply-To: <20060727153112.GB64375@sunset.nomadlogic.org>
References: <20060727153112.GB64375@sunset.nomadlogic.org>
Message-ID: <8080E0AF-EA62-4465-AABA-4D7F18A74F9E@techally.com>


On Jul 27, 2006, at 11:31 AM, Pete Wright wrote:

> Hi All,
> 	So for some reason we run exchange as our mail store, and
> frankly I'd rather not start another fight as to how we should  
> probably move
> to more robust mail solution.  we do have an issue where runaway  
> scripts
> start generating *ton's* of email in a very short period of time.  We
> have been trying our best to resolve this issue by bludgening those  
> who
> write the offending code, but it still happens from time to time.
>
> 	So, to help us out with this I am going to propose putting a
> Postfix filter infront of the exchange server to kill these mail bombs
> before they take down exchange.  The exchange admin's promise there is
> nothing they can do to properlly rate limit, or kill these mail bombs
> before spooling them.  I am not so sure about that, but do not have  
> the
> time to learn exchange.
>
> 	Has anyone implemented such a solution for a highvolume
> mailserver, if so any caveat's i should be looking out for?  Or is  
> there
> a sendmail milter that does this already that i don't know about?
>
> thanks!
> -pete
>



Hey Pete,

	We currently run a brightmail solution in front of ours, but I've  
done the same thing in the past with spam assassin and even tied  
procmail in for my personal mailbox. The easiest way to pull this off  
is to monkey with your mx preferences and firewall rules. Setup your  
new postfix server with all of your rules as a higher mx pref than  
your exchange server. Then you can controll access to your exchange  
server via your firewall. I am of course assuming that you are using  
three distinct pieces of equipment for this. Anyway, doing this  
allows you to toggle access by the general public to your exchange  
server directly. Just remember to always allow access to it from the  
postfix box.

Cheers,
Mikel


From pete at nomadlogic.org  Thu Jul 27 12:10:29 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Thu, 27 Jul 2006 09:10:29 -0700 (PDT)
Subject: [nycbug-talk] Postfix filter for Exchange
In-Reply-To: <20060727114540.T59794@daemon.bsdunix.net>
References: <20060727153112.GB64375@sunset.nomadlogic.org>
	<20060727114540.T59794@daemon.bsdunix.net>
Message-ID: <46851.160.33.20.11.1154016629.squirrel@webmail.nomadlogic.org>


> On Thu, 27 Jul 2006, Pete Wright wrote:
>
>> Hi All,
>> 	So for some reason we run exchange as our mail store, and
>> frankly I'd rather not start another fight as to how we should probably
>> move
>> to more robust mail solution.  we do have an issue where runaway scripts
>> start generating *ton's* of email in a very short period of time.  We
>> have been trying our best to resolve this issue by bludgening those who
>> write the offending code, but it still happens from time to time.
>>
>> 	So, to help us out with this I am going to propose putting a
>> Postfix filter infront of the exchange server to kill these mail bombs
>> before they take down exchange.  The exchange admin's promise there is
>> nothing they can do to properlly rate limit, or kill these mail bombs
>> before spooling them.  I am not so sure about that, but do not have the
>> time to learn exchange.
>>
>> 	Has anyone implemented such a solution for a highvolume
>> mailserver, if so any caveat's i should be looking out for?  Or is there
>> a sendmail milter that does this already that i don't know about?
>>
>> thanks!
>> -pete
>>
>>
>
> I actually use sendmail to ratelimit this kind of stuff fairly easily
> actually. There are a couple settings in sendmail.cf that throttle
> connection frequency, one is
>
> # maximum number of new connections per second
> O ConnectionRateThrottle=8
>
>
> Also, you can do things like this:
>
> # load average at which we just queue messages
> #O QueueLA=8
>
> # load average at which we refuse connections
> #O RefuseLA=12
>
> # log interval when refusing connections for this long
> #O RejectLogInterval=3h
>
> # load average at which we delay connections; 0 means no limit
> #O DelayLA=0
>
> # maximum number of children we allow at one time
> #O MaxDaemonChildren=0
>
>
> and tune those so that it doesn't get so out of hand as well, no need for
> milters, this is all sendmail.cf settings itself.
>
> I mean theoertically you can also write something in .cf itself to filter
> the keywords from the offending scripts.... *laugh*
>
> Hope that helps.
>

hey thanks trish!

i thought about sendmail rate limiting for a bit, but frankly we just want
these mail's to goto /dev/null.  9 times outta 10 we have a user write a
script that will email 100 people when a render job is finished - yet the
script has no logic so get's caught in a loop and starts flooding the
exchange box.  at this point - we don't even want these email's to get to
exchange.  sadly, i'm a little shy to start hacking sendmail to do this as
i am already pretty fleuent in postfix....maybe it's time to stop slacking
and get my sendmail.cf foo up to par ;)

-pete



-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From pete at nomadlogic.org  Thu Jul 27 12:17:50 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Thu, 27 Jul 2006 09:17:50 -0700 (PDT)
Subject: [nycbug-talk] Postfix filter for Exchange
In-Reply-To: <8080E0AF-EA62-4465-AABA-4D7F18A74F9E@techally.com>
References: <20060727153112.GB64375@sunset.nomadlogic.org>
	<8080E0AF-EA62-4465-AABA-4D7F18A74F9E@techally.com>
Message-ID: <57283.160.33.20.11.1154017070.squirrel@webmail.nomadlogic.org>


>
> On Jul 27, 2006, at 11:31 AM, Pete Wright wrote:
>
>> Hi All,
>> 	So for some reason we run exchange as our mail store, and
>> frankly I'd rather not start another fight as to how we should
>> probably move
>> to more robust mail solution.  we do have an issue where runaway
>> scripts
>> start generating *ton's* of email in a very short period of time.  We
>> have been trying our best to resolve this issue by bludgening those
>> who
>> write the offending code, but it still happens from time to time.
>>
>> 	So, to help us out with this I am going to propose putting a
>> Postfix filter infront of the exchange server to kill these mail bombs
>> before they take down exchange.  The exchange admin's promise there is
>> nothing they can do to properlly rate limit, or kill these mail bombs
>> before spooling them.  I am not so sure about that, but do not have
>> the
>> time to learn exchange.
>>
>> 	Has anyone implemented such a solution for a highvolume
>> mailserver, if so any caveat's i should be looking out for?  Or is
>> there
>> a sendmail milter that does this already that i don't know about?
>>
>> thanks!
>> -pete
>>
>
>
>
> Hey Pete,
>
> 	We currently run a brightmail solution in front of ours, but I've
> done the same thing in the past with spam assassin and even tied
> procmail in for my personal mailbox. The easiest way to pull this off
> is to monkey with your mx preferences and firewall rules. Setup your
> new postfix server with all of your rules as a higher mx pref than
> your exchange server. Then you can controll access to your exchange
> server via your firewall. I am of course assuming that you are using
> three distinct pieces of equipment for this. Anyway, doing this
> allows you to toggle access by the general public to your exchange
> server directly. Just remember to always allow access to it from the
> postfix box.
>
> Cheers,
> Mikel
>


one of the things that makes this easier for us is that this is a private
mail server.  we already have solutions in place to protect our exchange
box from the wild (thank god!), and we do limit who can connect to the
machine locally - but we do not have bastion SMTP servers internally yet. 
so at this point for us we just have to project ourselves from ourselves
;)

-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From trish at bsdunix.net  Thu Jul 27 12:25:28 2006
From: trish at bsdunix.net (Trish Lynch)
Date: Thu, 27 Jul 2006 16:25:28 +0000 GMT
Subject: [nycbug-talk] Postfix filter for Exchange
In-Reply-To: <46851.160.33.20.11.1154016629.squirrel@webmail.nomadlogic.org>
References: <20060727153112.GB64375@sunset.nomadlogic.org>
	<20060727114540.T59794@daemon.bsdunix.net>
	<46851.160.33.20.11.1154016629.squirrel@webmail.nomadlogic.org>
Message-ID: <76301204-1154017534-cardhu_blackberry.rim.net-2036718018-@bxe005-cell01.bisx.prod.on.blackberry>

*laugh* yeah, I'm one of those who doesn't think twice about hacking sendmail.cf rulesets if I need to, and saving it as a local ruleset in an mc file for later m4 macros later. 

At some point around 1997 I couldn't sleep because of a sendmail problem I was having, and I was beating my head over the bat book, fell asleep and was dreaming in .cf, and I woke up practically screaming "I got it!", my girlfriend at the time was annoyed, but I was excited as sendmail.cf finally clicked for me.

I went, wrote the ruleset (which at the time was a dnsbl rule before dnsbl rules were written already), tested it on a phony dnsbl on my own nameserver, and fell right to sleep, feeling accomplished, learning something, and becoming one of the few people in the world who knows sendmail.cf like instinct now.

-Trish
-- 
Trish Lynch
M: 646-401-1405
H: 201-378-0434    

-----Original Message-----
From: "Peter Wright" <pete at nomadlogic.org>
Date: Thu, 27 Jul 2006 09:10:29 
To:"Trish Lynch" <trish at bsdunix.net>
Cc:"Pete Wright" <pete at nomadlogic.org>, talk at lists.nycbug.org
Subject: Re: [nycbug-talk] Postfix filter for Exchange


> On Thu, 27 Jul 2006, Pete Wright wrote:
>
>> Hi All,
>> 	So for some reason we run exchange as our mail store, and
>> frankly I'd rather not start another fight as to how we should probably
>> move
>> to more robust mail solution.  we do have an issue where runaway scripts
>> start generating *ton's* of email in a very short period of time.  We
>> have been trying our best to resolve this issue by bludgening those who
>> write the offending code, but it still happens from time to time.
>>
>> 	So, to help us out with this I am going to propose putting a
>> Postfix filter infront of the exchange server to kill these mail bombs
>> before they take down exchange.  The exchange admin's promise there is
>> nothing they can do to properlly rate limit, or kill these mail bombs
>> before spooling them.  I am not so sure about that, but do not have the
>> time to learn exchange.
>>
>> 	Has anyone implemented such a solution for a highvolume
>> mailserver, if so any caveat's i should be looking out for?  Or is there
>> a sendmail milter that does this already that i don't know about?
>>
>> thanks!
>> -pete
>>
>>
>
> I actually use sendmail to ratelimit this kind of stuff fairly easily
> actually. There are a couple settings in sendmail.cf that throttle
> connection frequency, one is
>
> # maximum number of new connections per second
> O ConnectionRateThrottle=8
>
>
> Also, you can do things like this:
>
> # load average at which we just queue messages
> #O QueueLA=8
>
> # load average at which we refuse connections
> #O RefuseLA=12
>
> # log interval when refusing connections for this long
> #O RejectLogInterval=3h
>
> # load average at which we delay connections; 0 means no limit
> #O DelayLA=0
>
> # maximum number of children we allow at one time
> #O MaxDaemonChildren=0
>
>
> and tune those so that it doesn't get so out of hand as well, no need for
> milters, this is all sendmail.cf settings itself.
>
> I mean theoertically you can also write something in .cf itself to filter
> the keywords from the offending scripts.... *laugh*
>
> Hope that helps.
>

hey thanks trish!

i thought about sendmail rate limiting for a bit, but frankly we just want
these mail's to goto /dev/null.  9 times outta 10 we have a user write a
script that will email 100 people when a render job is finished - yet the
script has no logic so get's caught in a loop and starts flooding the
exchange box.  at this point - we don't even want these email's to get to
exchange.  sadly, i'm a little shy to start hacking sendmail to do this as
i am already pretty fleuent in postfix....maybe it's time to stop slacking
and get my sendmail.cf foo up to par ;)

-pete



-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From njt at ayvali.org  Thu Jul 27 12:25:53 2006
From: njt at ayvali.org (N.J. Thomas)
Date: Thu, 27 Jul 2006 12:25:53 -0400
Subject: [nycbug-talk] Postfix filter for Exchange
In-Reply-To: <20060727153112.GB64375@sunset.nomadlogic.org>
References: <20060727153112.GB64375@sunset.nomadlogic.org>
Message-ID: <20060727162553.GU9627@ayvali.org>

* Pete Wright <pete at nomadlogic.org> [2006-07-27 11:31:12 -0400]:
> So, to help us out with this I am going to propose putting a Postfix
> filter infront of the exchange server to kill these mail bombs before
> they take down exchange.

We do this exact thing. We were hit with a virus/worm back in December
(W32/Sober.AA at m). We weren't sending anything out, but someone spoofed
our domain and we got hundreds of thousands of bounces.

Since the worm mailed out using standardized headers, the solution was
to put some simple Postfix header checks in of the form:

    /^Subject:.*Fw: DSC-00465.jpg/ DISCARD
    /^Subject:.*Fw: Funny :)/      DISCARD
    /^Subject:.*Fw: Picturs/       DISCARD

This worked, it was extremely fast and we never had any problems with
the worm after putting it in. I seriously believe that had Postfix not
been there to throw this garbage away, our corporate mail infrastructure
would not have been left standing with Exchange alone (one of the most
braindead pieces of software I have had the misfortune to admin in my
short life -- if you ever want to amuse yourself, search the web and see
how so called "Windows Experts" recommend taking backups for Exchange
mailboxes).

The Postfix after-queue and before-queue content filters are also very
useful -- they give you full control over filtering, albeit at the cost
of some performance.

> Has anyone implemented such a solution for a highvolume mailserver, if
> so any caveat's i should be looking out for?

Drop me a note if you run into any problems, it is fairly straight
forward though. We set up virtual users whose mail forward to the actual
Exchange mailboxes. Exchange is set up to recognize and receive mail for
them. It is a little kludgy, but it works.

Thomas

-- 
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo


From trish at bsdunix.net  Thu Jul 27 12:29:34 2006
From: trish at bsdunix.net (Trish Lynch)
Date: Thu, 27 Jul 2006 16:29:34 +0000 GMT
Subject: [nycbug-talk] Fw:  Postfix filter for Exchange
Message-ID: <1792662566-1154017781-cardhu_blackberry.rim.net-2085962789-@bxe041-cell01.bisx.prod.on.blackberry>

This got sent from wrong address on blackberry :)
------Original Message------
From: Trish Lynch
To: Peter Wright
To: Trish Lynch
Cc: talk at lists.nycbug.org
ReplyTo: trish at bsdunix.net
Sent: Jul 27, 2006 12:25 PM
Subject: Re: [nycbug-talk] Postfix filter for Exchange

*laugh* yeah, I'm one of those who doesn't think twice about hacking sendmail.cf rulesets if I need to, and saving it as a local ruleset in an mc file for later m4 macros later. 

At some point around 1997 I couldn't sleep because of a sendmail problem I was having, and I was beating my head over the bat book, fell asleep and was dreaming in .cf, and I woke up practically screaming "I got it!", my girlfriend at the time was annoyed, but I was excited as sendmail.cf finally clicked for me.

I went, wrote the ruleset (which at the time was a dnsbl rule before dnsbl rules were written already), tested it on a phony dnsbl on my own nameserver, and fell right to sleep, feeling accomplished, learning something, and becoming one of the few people in the world who knows sendmail.cf like instinct now.

-Trish
-- 
Trish Lynch
M: 646-401-1405
H: 201-378-0434    

-----Original Message-----
From: "Peter Wright" <pete at nomadlogic.org>
Date: Thu, 27 Jul 2006 09:10:29 
To:"Trish Lynch" <trish at bsdunix.net>
Cc:"Pete Wright" <pete at nomadlogic.org>, talk at lists.nycbug.org
Subject: Re: [nycbug-talk] Postfix filter for Exchange


> On Thu, 27 Jul 2006, Pete Wright wrote:
>
>> Hi All,
>> 	So for some reason we run exchange as our mail store, and
>> frankly I'd rather not start another fight as to how we should probably
>> move
>> to more robust mail solution.  we do have an issue where runaway scripts
>> start generating *ton's* of email in a very short period of time.  We

-- 
Trish Lynch  



From george at sddi.net  Thu Jul 27 12:40:05 2006
From: george at sddi.net (George R.)
Date: Thu, 27 Jul 2006 12:40:05 -0400
Subject: [nycbug-talk] Postfix filter for Exchange
In-Reply-To: <20060727162553.GU9627@ayvali.org>
References: <20060727153112.GB64375@sunset.nomadlogic.org>
	<20060727162553.GU9627@ayvali.org>
Message-ID: <44C8EC65.9060402@sddi.net>

N.J. Thomas wrote:
> * Pete Wright <pete at nomadlogic.org> [2006-07-27 11:31:12 -0400]:
>> So, to help us out with this I am going to propose putting a Postfix
>> filter infront of the exchange server to kill these mail bombs before
>> they take down exchange.
> 
> We do this exact thing. We were hit with a virus/worm back in December
> (W32/Sober.AA at m). We weren't sending anything out, but someone spoofed
> our domain and we got hundreds of thousands of bounces.
> 
> Since the worm mailed out using standardized headers, the solution was
> to put some simple Postfix header checks in of the form:
> 
>     /^Subject:.*Fw: DSC-00465.jpg/ DISCARD
>     /^Subject:.*Fw: Funny :)/      DISCARD
>     /^Subject:.*Fw: Picturs/       DISCARD

And this is for nimda.. .

#anti nimda and friends
/^Content-Type:
multipart\/related;.*type=\"multipart\/alternative\";.*boundary=\"====_ABC1234567890DEF_====\".*$/
REJECT (and then our dumb notes. . .)

> 
> This worked, it was extremely fast and we never had any problems with
> the worm after putting it in. I seriously believe that had Postfix not
> been there to throw this garbage away, our corporate mail infrastructure
> would not have been left standing with Exchange alone (one of the most
> braindead pieces of software I have had the misfortune to admin in my
> short life -- if you ever want to amuse yourself, search the web and see
> how so called "Windows Experts" recommend taking backups for Exchange
> mailboxes).
> 
> The Postfix after-queue and before-queue content filters are also very
> useful -- they give you full control over filtering, albeit at the cost
> of some performance.
> 
>> Has anyone implemented such a solution for a highvolume mailserver, if
>> so any caveat's i should be looking out for?
> 
> Drop me a note if you run into any problems, it is fairly straight
> forward though. We set up virtual users whose mail forward to the actual
> Exchange mailboxes. Exchange is set up to recognize and receive mail for
> them. It is a little kludgy, but it works.

The one thing I'd add though, is that it's certainly better to start big
picture. . .

1.  Most mail bombers come from IPs without pretty mx reverse lookups,
and very unlikely PTRs. .. So definitely start with that.

2.  The MUA's they use are relatively predictable

Starting with the subject and such is really last resort for specific
outbreaks to me. . .

Especially if it's a mail gateway, take care of the sloppy stuff first.
 Not that MS Exchange is going to deal well with anything at all. ..

g


From jschauma at netmeister.org  Thu Jul 27 12:51:41 2006
From: jschauma at netmeister.org (Jan Schaumann)
Date: Thu, 27 Jul 2006 12:51:41 -0400
Subject: [nycbug-talk] solaris 10 zfs nfs lockd problems
In-Reply-To: <20060722055425.GA17345@netmeister.org>
References: <20060722055425.GA17345@netmeister.org>
Message-ID: <20060727165141.GA5310@netmeister.org>

Jan Schaumann <jschauma at netmeister.org> wrote:
 
> I just converted our fileserver to solaris, using ZFS.  So now it's
> exporting everything via NFS, and all clients can mount it just fine,
> however, performance is very bad if the application uses file locking.
> For example, reading my inbox with mutt (which has a meager 60 messages
> in it) takes 22 seconds!

For anybody who's interested, the problem does appear to be an odd
combination of running ZFS over an Apple XRaid.  My details are here:

http://www.netmeister.org/blog/index.php?entry=entry060725-230500

and

http://www.netmeister.org/blog/index.php?entry=entry060726-190745

No, it doesn't really have to do with BSD.  ;-)

-Jan

-- 
If you are undertaking anything substantial, C is the only reasonable choice
of programming language.
	-- UNIX User's Supplementary Documents
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20060727/dc8ec79d/attachment.bin>

From ike at lesmuug.org  Thu Jul 27 16:27:25 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Thu, 27 Jul 2006 16:27:25 -0400
Subject: [nycbug-talk] U.S surrenders ICANN control
Message-ID: <04564591-514D-40D4-B4DC-E4BA170A0103@lesmuug.org>

Hey All,

There's reports in the news that the U.S. Govt. is surrendering ICANN  
to a 'non-profit' international body.

http://www.theregister.co.uk/2006/07/27/ntia_icann_meeting/

That article got slashdotted too.

--
Does anyone have any opinions/thoughts on the ramifications of this  
action?  My brain is churning on it from a lot of angles...

Best,
.ike




From mspitzer at gmail.com  Thu Jul 27 18:26:48 2006
From: mspitzer at gmail.com (Marc Spitzer)
Date: Thu, 27 Jul 2006 18:26:48 -0400
Subject: [nycbug-talk] U.S surrenders ICANN control
In-Reply-To: <04564591-514D-40D4-B4DC-E4BA170A0103@lesmuug.org>
References: <04564591-514D-40D4-B4DC-E4BA170A0103@lesmuug.org>
Message-ID: <8c50a3c30607271526i51b02fb9mc4d9856b1fa7a186@mail.gmail.com>

On 7/27/06, Isaac Levy <ike at lesmuug.org> wrote:
> Hey All,
>
> There's reports in the news that the U.S. Govt. is surrendering ICANN
> to a 'non-profit' international body.
>
> http://www.theregister.co.uk/2006/07/27/ntia_icann_meeting/
>
> That article got slashdotted too.
>
> --
> Does anyone have any opinions/thoughts on the ramifications of this
> action?  My brain is churning on it from a lot of angles...

I think it is an action that will result in bad things happening, at
least we still have the root DNS servers and that should definitly be
a from my cold dead hand issue.  Keep in mind that in much of the
world free speach is a crime.  Think PRC and teniman square.  or the
fact that nazi stuff is illegal in france and france filed criminal
charges against the asshole selling it from yahoo or ebay.  now give
those same people more power to delist yahoo or ebay for doing
something that is perfictly legal here.  The US designed it,
researched it, built it, watched over it and was kind enought to let
everyone else use it.  If the rest of the world does not like it why
cangt they just build their own.

it might just fracture the internet and I am not sure this is a bad
thing in the long run,

marc
-- 
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD


From nycbug-list at 2xlp.com  Thu Jul 27 21:16:36 2006
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Thu, 27 Jul 2006 21:16:36 -0400
Subject: [nycbug-talk] U.S surrenders ICANN control
In-Reply-To: <8c50a3c30607271526i51b02fb9mc4d9856b1fa7a186@mail.gmail.com>
References: <04564591-514D-40D4-B4DC-E4BA170A0103@lesmuug.org>
	<8c50a3c30607271526i51b02fb9mc4d9856b1fa7a186@mail.gmail.com>
Message-ID: <130F0C40-08CC-4137-8C2A-8DE5D7B9D869@2xlp.com>


On Jul 27, 2006, at 6:26 PM, Marc Spitzer wrote:

> I think it is an action that will result in bad things happening, at
> least we still have the root DNS servers and that should definitly be
> a from my cold dead hand issue.  Keep in mind that in much of the
> world free speach is a crime.  Think PRC and teniman square.  or the
> fact that nazi stuff is illegal in france and france filed criminal
> charges against the asshole selling it from yahoo or ebay.  now give
> those same people more power to delist yahoo or ebay for doing
> something that is perfictly legal here.  The US designed it,
> researched it, built it, watched over it and was kind enought to let
> everyone else use it.  If the rest of the world does not like it why
> cangt they just build their own.
>
> it might just fracture the internet and I am not sure this is a bad
> thing in the long run,

i'd argue that the us doesn't have free speech anymore either.  the  
difference between other countries and the us is that overseas speech  
is censored / illegal from the outself, while in america speech is  
'free' in theory and the price of a good lawyer in practice.

i'm pretty sure that there's never been an actually effective  
international body.  at best the new group can be as functional as  
the UN-- which means at best, they'll accomplish absolutely nothing.


From mspitzer at gmail.com  Thu Jul 27 21:41:58 2006
From: mspitzer at gmail.com (Marc Spitzer)
Date: Thu, 27 Jul 2006 21:41:58 -0400
Subject: [nycbug-talk] U.S surrenders ICANN control
In-Reply-To: <130F0C40-08CC-4137-8C2A-8DE5D7B9D869@2xlp.com>
References: <04564591-514D-40D4-B4DC-E4BA170A0103@lesmuug.org>
	<8c50a3c30607271526i51b02fb9mc4d9856b1fa7a186@mail.gmail.com>
	<130F0C40-08CC-4137-8C2A-8DE5D7B9D869@2xlp.com>
Message-ID: <8c50a3c30607271841s18a292e5ibf3037d1f6b15969@mail.gmail.com>

On 7/27/06, Jonathan Vanasco <nycbug-list at 2xlp.com> wrote:
>
> i'd argue that the us doesn't have free speech anymore either.  the
> difference between other countries and the us is that overseas speech
> is censored / illegal from the outself, while in america speech is
> 'free' in theory and the price of a good lawyer in practice.

It has always been that way, the social restraints are what are
comming undone.  People did not want their names assocated with a
court case.  Also vilonece was also more common to settle the mater.

>
> i'm pretty sure that there's never been an actually effective
> international body.  at best the new group can be as functional as
> the UN-- which means at best, they'll accomplish absolutely nothing.

The UN(spit) has never had the good grace to do nothing, it would be a
major improvement over what they do.  They are not stupid they are
fucking evil.

marc
-- 
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD


From dan at langille.org  Fri Jul 28 09:04:46 2006
From: dan at langille.org (Dan Langille)
Date: Fri, 28 Jul 2006 09:04:46 -0400
Subject: [nycbug-talk] U.S surrenders ICANN control
In-Reply-To: <8c50a3c30607271526i51b02fb9mc4d9856b1fa7a186@mail.gmail.com>
References: <04564591-514D-40D4-B4DC-E4BA170A0103@lesmuug.org>
Message-ID: <44C9D32E.30129.F5FE8B6@dan.langille.org>

On 27 Jul 2006 at 18:26, Marc Spitzer wrote:

> On 7/27/06, Isaac Levy <ike at lesmuug.org> wrote:
> > Hey All,
> >
> > There's reports in the news that the U.S. Govt. is surrendering ICANN
> > to a 'non-profit' international body.
> >
> > http://www.theregister.co.uk/2006/07/27/ntia_icann_meeting/
> >
> > That article got slashdotted too.
> >
> > --
> > Does anyone have any opinions/thoughts on the ramifications of this
> > action?  My brain is churning on it from a lot of angles...
> 
> I think it is an action that will result in bad things happening, at
> least we still have the root DNS servers and that should definitly be
> a from my cold dead hand issue.

Not all root servers are in USA.

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php




From pete at nomadlogic.org  Fri Jul 28 11:59:30 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Fri, 28 Jul 2006 08:59:30 -0700 (PDT)
Subject: [nycbug-talk] NYCBUG cvsup server
Message-ID: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>

Hi All,
     I'm very pleased to annouce the availability of NycBUG's very own
cvsup server for FreeBSD is available for use by our members!  It is
our hope that this machine will eventually become an official FreeBSD
mirror, yet before I make any annoucements to hubs@ I'd like to give
our members a first crack at this box.  So, feel free to do your
nightly /usr/src and /usr/ports sync's off of:

freebsd.nycbug.org

Once again I'd like to thank New York Internet <www.nyi.net> for donating
bandwidth and rackspace to our BUG - and the community in large.  And our
very own Gman for donating the gear.  Thanks guys, I couldn't have slacked
off at work for hours setting this up if it wasn't for you ;^)

Have Fun!

-pete

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From trish at bsdunix.net  Fri Jul 28 13:21:47 2006
From: trish at bsdunix.net (Trish Lynch)
Date: Fri, 28 Jul 2006 17:21:47 +0000 GMT
Subject: [nycbug-talk] NYCBUG cvsup server
Message-ID: <1480978180-1154107314-cardhu_blackberry.rim.net-607550343-@bxe044-cell01.bisx.prod.on.blackberry>

Awesome, this is so cool! , I've been hoping to do this for a while, but being so busy at paltalk, and being sick, I haven't had time to get involved.

Now that I'm leaving full time employment here (I'm consulting to them indefinitely), I'll be able to get more involved, singing the "more free time" Mantra, but first, I'll cvsup off the NYCBUG mirror before my next buildworld :)

-Trish
------Original Message------
From: Peter Wright
Sender: talk-bounces at lists.nycbug.org
To: talk at lists.nycbug.org
Sent: Jul 28, 2006 11:59 AM
Subject: [nycbug-talk] NYCBUG cvsup server

Hi All,
     I'm very pleased to annouce the availability of NycBUG's very own
cvsup server for FreeBSD is available for use by our members!  It is
our hope that this machine will eventually become an official FreeBSD
mirror, yet before I make any annoucements to hubs@ I'd like to give
our members a first crack at this box.  So, feel free to do your
nightly /usr/src and /usr/ports sync's off of:

freebsd.nycbug.org

Once again I'd like to thank New York Internet <www.nyi.net> for donating
bandwidth and rackspace to our BUG - and the community in large.  And our
very own Gman for donating the gear.  Thanks guys, I couldn't have slacked
off at work for hours setting this up if it wasn't for you ;^)

Have Fun!

-pete

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459
_______________________________________________
% NYC*BUG talk mailing list
http://lists.nycbug.org/mailman/listinfo/talk
%Be sure to check out our Jobs and NYCBUG-announce lists
%We meet the first Wednesday of the month


-- 
Trish Lynch  



From pete at nomadlogic.org  Fri Jul 28 13:25:54 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Fri, 28 Jul 2006 10:25:54 -0700 (PDT)
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <1480978180-1154107314-cardhu_blackberry.rim.net-607550343-@bxe044-cel
	l01.bisx.prod.on.blackberry>
References: <1480978180-1154107314-cardhu_blackberry.rim.net-607550343-@bxe044-cell01.bisx.prod.on.blackberry>
Message-ID: <21216.160.33.20.11.1154107554.squirrel@webmail.nomadlogic.org>


> Awesome, this is so cool! , I've been hoping to do this for a while, but
> being so busy at paltalk, and being sick, I haven't had time to get
> involved.
>
> Now that I'm leaving full time employment here (I'm consulting to them
> indefinitely), I'll be able to get more involved, singing the "more free
> time" Mantra, but first, I'll cvsup off the NYCBUG mirror before my next
> buildworld :)

cool execellent!  let me know if you spot any issues.  we are going to
roll out an anon ftp mirror in a bit.

lata,
-pete

>
> -Trish
> ------Original Message------
> From: Peter Wright
> Sender: talk-bounces at lists.nycbug.org
> To: talk at lists.nycbug.org
> Sent: Jul 28, 2006 11:59 AM
> Subject: [nycbug-talk] NYCBUG cvsup server
>
> Hi All,
>      I'm very pleased to annouce the availability of NycBUG's very own
> cvsup server for FreeBSD is available for use by our members!  It is
> our hope that this machine will eventually become an official FreeBSD
> mirror, yet before I make any annoucements to hubs@ I'd like to give
> our members a first crack at this box.  So, feel free to do your
> nightly /usr/src and /usr/ports sync's off of:
>
> freebsd.nycbug.org
>
> Once again I'd like to thank New York Internet <www.nyi.net> for donating
> bandwidth and rackspace to our BUG - and the community in large.  And our
> very own Gman for donating the gear.  Thanks guys, I couldn't have
> slacked
> off at work for hours setting this up if it wasn't for you ;^)
>
> Have Fun!
>
> -pete
>
> --
> ~~oO00Oo~~
> Peter Wright
> pete at nomadlogic.org
> www.nomadlogic.org/~pete
> 310.869.9459
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>
>
> --
> Trish Lynch


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From ike at lesmuug.org  Fri Jul 28 15:31:19 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Fri, 28 Jul 2006 15:31:19 -0400
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
References: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
Message-ID: <4727B852-3F59-4272-8DE9-E71D218015EB@lesmuug.org>

Hi Pete, All,

On Jul 28, 2006, at 11:59 AM, Peter Wright wrote:

>      I'm very pleased to annouce the availability of NycBUG's very own
> cvsup server for FreeBSD is available for use by our members!
<snip>
>
> freebsd.nycbug.org

Yay!  Thanks for putting in the work Pete!

I've tried the box, works as it should- and it's fast for NY area  
users :)

Rocket-
.ike




From george at sddi.net  Sat Jul 29 00:45:58 2006
From: george at sddi.net (George R.)
Date: Sat, 29 Jul 2006 00:45:58 -0400
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <4727B852-3F59-4272-8DE9-E71D218015EB@lesmuug.org>
References: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
	<4727B852-3F59-4272-8DE9-E71D218015EB@lesmuug.org>
Message-ID: <44CAE806.6070202@sddi.net>

Isaac Levy wrote:
> Hi Pete, All,
> 
> On Jul 28, 2006, at 11:59 AM, Peter Wright wrote:
> 
>>      I'm very pleased to annouce the availability of NycBUG's very own
>> cvsup server for FreeBSD is available for use by our members!
> <snip>
>> freebsd.nycbug.org
> 
> Yay!  Thanks for putting in the work Pete!
> 
> I've tried the box, works as it should- and it's fast for NY area  
> users :)
> 

Wow. . . boomingly fast.

Thanks again Pete. . . It's things like this that show the role BUGs can
play.

g


From george at sddi.net  Sat Jul 29 00:52:00 2006
From: george at sddi.net (George R.)
Date: Sat, 29 Jul 2006 00:52:00 -0400
Subject: [nycbug-talk] U.S surrenders ICANN control
In-Reply-To: <8c50a3c30607271841s18a292e5ibf3037d1f6b15969@mail.gmail.com>
References: <04564591-514D-40D4-B4DC-E4BA170A0103@lesmuug.org>	<8c50a3c30607271526i51b02fb9mc4d9856b1fa7a186@mail.gmail.com>	<130F0C40-08CC-4137-8C2A-8DE5D7B9D869@2xlp.com>
	<8c50a3c30607271841s18a292e5ibf3037d1f6b15969@mail.gmail.com>
Message-ID: <44CAE970.4020901@sddi.net>

Marc Spitzer wrote:
> On 7/27/06, Jonathan Vanasco <nycbug-list at 2xlp.com> wrote:
>> i'd argue that the us doesn't have free speech anymore either.  the
>> difference between other countries and the us is that overseas speech
>> is censored / illegal from the outself, while in america speech is
>> 'free' in theory and the price of a good lawyer in practice.
> 
> It has always been that way, the social restraints are what are
> comming undone.  People did not want their names assocated with a
> court case.  Also vilonece was also more common to settle the mater.
> 
>> i'm pretty sure that there's never been an actually effective
>> international body.  at best the new group can be as functional as
>> the UN-- which means at best, they'll accomplish absolutely nothing.
> 
> The UN(spit) has never had the good grace to do nothing, it would be a
> major improvement over what they do.  They are not stupid they are
> fucking evil.

Woah tiger. . . keep that tone on your Slashdot posts. .. not here.

The ultimate problem is who is neutral.  Certainly not the US government
or private industry.  I dred the day when the root servers that are in
the US blacklist TLDs based on executive orders.  Even our
intellectually numb president is aware of the internet and the role it
plays.

Is the UN in a better, more neutral position?  That is highly doubtful.
 The UN has always been a battleground of super and regional powers. . .
But that's another OT discussion.

It would be wonderful if there was some truly neutral, non governmental,
vendor-neutral solution to this. . . But the reality of the IETF just
makes that laughable.

shrug. . .

Maybe NYCBUG could volunteer. . . ;-)

g


From dan at langille.org  Sat Jul 29 08:16:31 2006
From: dan at langille.org (Dan Langille)
Date: Sat, 29 Jul 2006 08:16:31 -0400
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
Message-ID: <44CB195F.30143.145A1177@dan.langille.org>

On 28 Jul 2006 at 8:59, Peter Wright wrote:

> Hi All,
>      I'm very pleased to annouce the availability of NycBUG's very own
> cvsup server for FreeBSD is available for use by our members!  It is
> our hope that this machine will eventually become an official FreeBSD
> mirror, yet before I make any annoucements to hubs@ I'd like to give
> our members a first crack at this box.  So, feel free to do your
> nightly /usr/src and /usr/ports sync's off of:
> 
> freebsd.nycbug.org
> 
> Once again I'd like to thank New York Internet <www.nyi.net> for donating
> bandwidth and rackspace to our BUG - and the community in large.  And our
> very own Gman for donating the gear.  Thanks guys, I couldn't have slacked
> off at work for hours setting this up if it wasn't for you ;^)

NYI offerred to help me out when I thought I was losing the hosting 
for FreshPorts/FreeBSD Diary/etc.  Good place.

Peter: What is your upstream for the cvsup server?

FWIW, the NYCBUG server is faster for me than cvsup.ca.freebsd.org 
here in Ottawa.  Both servers are 13 hops away.

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php




From scottro at nyc.rr.com  Sat Jul 29 09:04:32 2006
From: scottro at nyc.rr.com (Scott Robbins)
Date: Sat, 29 Jul 2006 09:04:32 -0400
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <44CB195F.30143.145A1177@dan.langille.org>
References: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
	<44CB195F.30143.145A1177@dan.langille.org>
Message-ID: <20060729130432.GA99917@mail.scottro.net>

On Sat, Jul 29, 2006 at 08:16:31AM -0400, Dan Langille wrote:
> On 28 Jul 2006 at 8:59, Peter Wright wrote:
> 
> > Hi All,
> >      I'm very pleased to annouce the availability of NycBUG's very own
> > cvsup server for FreeBSD is available for use by our members!  It is
> > our hope that this machine will eventually become an official FreeBSD
> > mirror, yet before I make any annoucements to hubs@ I'd like to give
> > our members a first crack at this box.  So, feel free to do your
> > nightly /usr/src and /usr/ports sync's off of:
> > 
> > freebsd.nycbug.org


Very very fast for me.  Thank you for providing this. 


-- 

Scott Robbins

PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6


Principal Snyder: A lot of educators tell students, 'Think of 
your principal as your pal' I say, 'Think of me as your judge, 
jury, and executioner.


From o_sleep at belovedarctos.com  Sat Jul 29 11:05:17 2006
From: o_sleep at belovedarctos.com (Bjorn Nelson)
Date: Sat, 29 Jul 2006 11:05:17 -0400
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
References: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
Message-ID: <A7AEB432-ED14-4529-A367-2C666C31F762@belovedarctos.com>

Pete,

Good job on setting this up.  So far my times from cvsup6.freebsd.org  
have been (300 EST):
7/29      720.17 real        21.64 user         6.56 sys
7/28      708.69 real        21.64 user         6.42 sys
7/27      643.29 real        21.41 user         6.40 sys
7/26      645.94 real        21.06 user         6.54 sys
7/25      580.25 real        21.41 user         6.66 sys
7/24      787.54 real        21.11 user         6.77 sys
7/23      775.39 real        21.40 user         6.48 sys
7/22      730.21 real        20.87 user         6.75 sys
7/21      634.55 real        20.99 user         6.36 sys

I just switched for freebsd.nycbug.org and ran it today for the  
following times:
       110.05 real        21.11 user         6.88 sys

Which looks great and encouraging, but keep in mind this is only 7  
hours since my last run instead of 24 and it's a saturday (does more  
dev work happen on the weekends or during the week?).  I will try to  
submit a weeks worth of cvsup times next week to see a comparison.

-Bjorn

On Jul 28, 2006, at 11:59 AM, Peter Wright wrote:

> Hi All,
>      I'm very pleased to annouce the availability of NycBUG's very own
> cvsup server for FreeBSD is available for use by our members!  It is
> our hope that this machine will eventually become an official FreeBSD
> mirror, yet before I make any annoucements to hubs@ I'd like to give
> our members a first crack at this box.  So, feel free to do your
> nightly /usr/src and /usr/ports sync's off of:
>
> freebsd.nycbug.org
>
> Once again I'd like to thank New York Internet <www.nyi.net> for  
> donating
> bandwidth and rackspace to our BUG - and the community in large.   
> And our
> very own Gman for donating the gear.  Thanks guys, I couldn't have  
> slacked
> off at work for hours setting this up if it wasn't for you ;^)
>
> Have Fun!
>
> -pete
>
> -- 
> ~~oO00Oo~~
> Peter Wright
> pete at nomadlogic.org
> www.nomadlogic.org/~pete
> 310.869.9459
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month



From o_sleep at belovedarctos.com  Sat Jul 29 11:10:47 2006
From: o_sleep at belovedarctos.com (Bjorn Nelson)
Date: Sat, 29 Jul 2006 11:10:47 -0400
Subject: [nycbug-talk] U.S surrenders ICANN control
In-Reply-To: <44CAE970.4020901@sddi.net>
References: <04564591-514D-40D4-B4DC-E4BA170A0103@lesmuug.org>	<8c50a3c30607271526i51b02fb9mc4d9856b1fa7a186@mail.gmail.com>	<130F0C40-08CC-4137-8C2A-8DE5D7B9D869@2xlp.com>
	<8c50a3c30607271841s18a292e5ibf3037d1f6b15969@mail.gmail.com>
	<44CAE970.4020901@sddi.net>
Message-ID: <E5D281E3-F95C-4FFC-8513-65F347061562@belovedarctos.com>


On Jul 29, 2006, at 12:52 AM, George R. wrote:

>
> Maybe NYCBUG could volunteer. . . ;-)

Do any of the root servers run on bsd?

-Bjorn


From okan at demirmen.com  Sat Jul 29 14:23:45 2006
From: okan at demirmen.com (Okan Demirmen)
Date: Sat, 29 Jul 2006 14:23:45 -0400
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <44CB195F.30143.145A1177@dan.langille.org>
References: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
	<44CB195F.30143.145A1177@dan.langille.org>
Message-ID: <20060729182345.GZ20358@clam.khaoz.org>

On Sat 2006.07.29 at 08:16 -0400, Dan Langille wrote:
> Peter: What is your upstream for the cvsup server?

i'm not peter, but...:)
we've allocated 3mb/s from our 10mb/s drop.


From dan at langille.org  Sat Jul 29 15:20:18 2006
From: dan at langille.org (Dan Langille)
Date: Sat, 29 Jul 2006 15:20:18 -0400
Subject: [nycbug-talk] U.S surrenders ICANN control
In-Reply-To: <E5D281E3-F95C-4FFC-8513-65F347061562@belovedarctos.com>
References: <44CAE970.4020901@sddi.net>
Message-ID: <44CB7CB2.31075.15DE0C28@dan.langille.org>

On 29 Jul 2006 at 11:10, Bjorn Nelson wrote:

> 
> On Jul 29, 2006, at 12:52 AM, George R. wrote:
> 
> >
> > Maybe NYCBUG could volunteer. . . ;-)
> 
> Do any of the root servers run on bsd?

Many do AFAIK.  Joe Abley, a guy I knew from my time in NZ, but never 
meet until I moved back to Ottawa, used to work for ISC.  The root 
servers they install run FreeBSD.

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php




From mspitzer at gmail.com  Sat Jul 29 15:58:07 2006
From: mspitzer at gmail.com (Marc Spitzer)
Date: Sat, 29 Jul 2006 15:58:07 -0400
Subject: [nycbug-talk] U.S surrenders ICANN control
In-Reply-To: <44CAE970.4020901@sddi.net>
References: <04564591-514D-40D4-B4DC-E4BA170A0103@lesmuug.org>
	<8c50a3c30607271526i51b02fb9mc4d9856b1fa7a186@mail.gmail.com>
	<130F0C40-08CC-4137-8C2A-8DE5D7B9D869@2xlp.com>
	<8c50a3c30607271841s18a292e5ibf3037d1f6b15969@mail.gmail.com>
	<44CAE970.4020901@sddi.net>
Message-ID: <8c50a3c30607291258x1bb518e2t25d81544dbfe6fcc@mail.gmail.com>

On 7/29/06, George R. <george at sddi.net> wrote:
> Marc Spitzer wrote:
> > On 7/27/06, Jonathan Vanasco <nycbug-list at 2xlp.com> wrote:
> >> i'd argue that the us doesn't have free speech anymore either.  the
> >> difference between other countries and the us is that overseas speech
> >> is censored / illegal from the outself, while in america speech is
> >> 'free' in theory and the price of a good lawyer in practice.
> >
> > It has always been that way, the social restraints are what are
> > comming undone.  People did not want their names assocated with a
> > court case.  Also vilonece was also more common to settle the mater.
> >
> >> i'm pretty sure that there's never been an actually effective
> >> international body.  at best the new group can be as functional as
> >> the UN-- which means at best, they'll accomplish absolutely nothing.
> >
> > The UN(spit) has never had the good grace to do nothing, it would be a
> > major improvement over what they do.  They are not stupid they are
> > fucking evil.
>
> Woah tiger. . . keep that tone on your Slashdot posts. .. not here.

I was being restrained, turtle bay is a curse upon the earth.

If people in blue helmets show up to protect you, run for your life.
UN peace keepers have the dubious honer of being responsible for
collecting oppressed minorities so they can be killed easier.
Engaging in child prostitution and pornography rings.  And in two
cases the need to be medically evacuated for damage to there members
after trying to have oral sex with a goat.  How stupid do you have to
be not to realize there are teeth on that end and the goat is not gona
be happy with the situation.

I could go on and on on the subject, oil for food, the tysume a few
years ago, China, Cuba Syria on the high commission of human rights.


>
> The ultimate problem is who is neutral.  Certainly not the US government
> or private industry.  I dred the day when the root servers that are in
> the US blacklist TLDs based on executive orders.  Even our
> intellectually numb president is aware of the internet and the role it
> plays.

While George Bush was and is not my first choice for the job either,
he was much better the the other choice.  I do not remember, in 20
years of voting, voting *for* a candadate for federal office.  I
generally vote against the other guy.

>
> Is the UN in a better, more neutral position?  That is highly doubtful.
>  The UN has always been a battleground of super and regional powers. . .
> But that's another OT discussion.

No the issue is that the US paid for the internet and if you do not
like it go build your own.

>
> It would be wonderful if there was some truly neutral, non governmental,
> vendor-neutral solution to this. . . But the reality of the IETF just
> makes that laughable.

we can agree to disagree on that.

>
> shrug. . .
>
> Maybe NYCBUG could volunteer. . . ;-)

always be careful of what you ask as soneone may give it to you.

marc
----
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD


From spork at bway.net  Sat Jul 29 16:58:26 2006
From: spork at bway.net (Charles Sprickman)
Date: Sat, 29 Jul 2006 16:58:26 -0400 (EDT)
Subject: [nycbug-talk] U.S surrenders ICANN control
In-Reply-To: <8c50a3c30607291258x1bb518e2t25d81544dbfe6fcc@mail.gmail.com>
References: <04564591-514D-40D4-B4DC-E4BA170A0103@lesmuug.org>
	<8c50a3c30607271526i51b02fb9mc4d9856b1fa7a186@mail.gmail.com>
	<130F0C40-08CC-4137-8C2A-8DE5D7B9D869@2xlp.com>
	<8c50a3c30607271841s18a292e5ibf3037d1f6b15969@mail.gmail.com>
	<44CAE970.4020901@sddi.net>
	<8c50a3c30607291258x1bb518e2t25d81544dbfe6fcc@mail.gmail.com>
Message-ID: <Pine.OSX.4.61.0607291649400.10025@white.nat.fasttrackmonkey.com>


On Sat, 29 Jul 2006, Marc Spitzer wrote:

> No the issue is that the US paid for the internet and if you do not
> like it go build your own.

US-based corporations, not the US government.  There was an "internet" but 
nothing like what we see today, and there was this restriction on 
commercial content.  I wouldn't mind having that internet back again, but 
that's another topic.

Not until private money (and I'd bet even some foreign money) came around 
did the internet become what we have today.  And I think CERN gets quite 
some credit for coming up with the idea of the "WWW".  Where would we be 
without that?

Why the US (or China, or Japan or Germany) should say whether we can have 
a ".xxx" TLD is beyond me.  Give 'em all votes and see what happens.  This 
country was too prudish and/or dumb to allow a TLD just for porn.

(George R.)
>> It would be wonderful if there was some truly neutral, non governmental,
>> vendor-neutral solution to this. . . But the reality of the IETF just
>> makes that laughable.
>
> we can agree to disagree on that.

I think they actually have a detailed, vendor-sponsored, vendor-biased, 
patented protocol on how to insert your genitals into a goat's mouth 
without being bit.  You'll have to sign an NDA to look at it though. :)

C


From pete at nomadlogic.org  Sun Jul 30 00:04:11 2006
From: pete at nomadlogic.org (Pete Wright)
Date: Sun, 30 Jul 2006 00:04:11 -0400
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <44CB195F.30143.145A1177@dan.langille.org>
References: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
	<44CB195F.30143.145A1177@dan.langille.org>
Message-ID: <20060730040407.GA2014@sunset.nomadlogic.org>

On Sat, Jul 29, 2006 at 08:16:31AM -0400, Dan Langille wrote:
> On 28 Jul 2006 at 8:59, Peter Wright wrote:
> 
> > Hi All,
> >      I'm very pleased to annouce the availability of NycBUG's very own
> > cvsup server for FreeBSD is available for use by our members!  It is
> > our hope that this machine will eventually become an official FreeBSD
> > mirror, yet before I make any annoucements to hubs@ I'd like to give
> > our members a first crack at this box.  So, feel free to do your
> > nightly /usr/src and /usr/ports sync's off of:
> > 
> > freebsd.nycbug.org
> > 
> > Once again I'd like to thank New York Internet <www.nyi.net> for donating
> > bandwidth and rackspace to our BUG - and the community in large.  And our
> > very own Gman for donating the gear.  Thanks guys, I couldn't have slacked
> > off at work for hours setting this up if it wasn't for you ;^)
> 
> NYI offerred to help me out when I thought I was losing the hosting 
> for FreshPorts/FreeBSD Diary/etc.  Good place.
> 
> Peter: What is your upstream for the cvsup server?
> 
okan touched on the bandwidth.  we are mirroring off of cvsup8.us now,
hoping to get official access soon.

> FWIW, the NYCBUG server is faster for me than cvsup.ca.freebsd.org 
> here in Ottawa.  Both servers are 13 hops away.
> 

yea, nyi rocks huh?

-p

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From pete at nomadlogic.org  Sun Jul 30 00:06:02 2006
From: pete at nomadlogic.org (Pete Wright)
Date: Sun, 30 Jul 2006 00:06:02 -0400
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <A7AEB432-ED14-4529-A367-2C666C31F762@belovedarctos.com>
References: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
	<A7AEB432-ED14-4529-A367-2C666C31F762@belovedarctos.com>
Message-ID: <20060730040601.GB2014@sunset.nomadlogic.org>

On Sat, Jul 29, 2006 at 11:05:17AM -0400, Bjorn Nelson wrote:
> Pete,
> 
> Good job on setting this up.  So far my times from cvsup6.freebsd.org  
> have been (300 EST):
> 7/29      720.17 real        21.64 user         6.56 sys
> 7/28      708.69 real        21.64 user         6.42 sys
> 7/27      643.29 real        21.41 user         6.40 sys
> 7/26      645.94 real        21.06 user         6.54 sys
> 7/25      580.25 real        21.41 user         6.66 sys
> 7/24      787.54 real        21.11 user         6.77 sys
> 7/23      775.39 real        21.40 user         6.48 sys
> 7/22      730.21 real        20.87 user         6.75 sys
> 7/21      634.55 real        20.99 user         6.36 sys
> 
> I just switched for freebsd.nycbug.org and ran it today for the  
> following times:
>       110.05 real        21.11 user         6.88 sys
> 
> Which looks great and encouraging, but keep in mind this is only 7  
> hours since my last run instead of 24 and it's a saturday (does more  
> dev work happen on the weekends or during the week?).  I will try to  
> submit a weeks worth of cvsup times next week to see a comparison.
> 

hey thanks for the stat's.  being out on the west coast this guy isn't
too quick (at least compared to ISC's boxen up north :)- so stat's like 
this are helpfull.

cheers,
-pete



> -Bjorn
> 
> On Jul 28, 2006, at 11:59 AM, Peter Wright wrote:
> 
> >Hi All,
> >     I'm very pleased to annouce the availability of NycBUG's very own
> >cvsup server for FreeBSD is available for use by our members!  It is
> >our hope that this machine will eventually become an official FreeBSD
> >mirror, yet before I make any annoucements to hubs@ I'd like to give
> >our members a first crack at this box.  So, feel free to do your
> >nightly /usr/src and /usr/ports sync's off of:
> >
> >freebsd.nycbug.org
> >
> >Once again I'd like to thank New York Internet <www.nyi.net> for  
> >donating
> >bandwidth and rackspace to our BUG - and the community in large.   
> >And our
> >very own Gman for donating the gear.  Thanks guys, I couldn't have  
> >slacked
> >off at work for hours setting this up if it wasn't for you ;^)
> >
> >Have Fun!
> >
> >-pete
> >
> >-- 
> >~~oO00Oo~~
> >Peter Wright
> >pete at nomadlogic.org
> >www.nomadlogic.org/~pete
> >310.869.9459
> >_______________________________________________
> >% NYC*BUG talk mailing list
> >http://lists.nycbug.org/mailman/listinfo/talk
> >%Be sure to check out our Jobs and NYCBUG-announce lists
> >%We meet the first Wednesday of the month
> 

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From george at sddi.net  Sun Jul 30 00:17:00 2006
From: george at sddi.net (George R.)
Date: Sun, 30 Jul 2006 00:17:00 -0400
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <20060730040407.GA2014@sunset.nomadlogic.org>
References: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>	<44CB195F.30143.145A1177@dan.langille.org>
	<20060730040407.GA2014@sunset.nomadlogic.org>
Message-ID: <44CC32BC.70104@sddi.net>

Pete Wright wrote:
> On Sat, Jul 29, 2006 at 08:16:31AM -0400, Dan Langille wrote:
>> On 28 Jul 2006 at 8:59, Peter Wright wrote:
>>
>>> Hi All,
>>>      I'm very pleased to annouce the availability of NycBUG's very own
>>> cvsup server for FreeBSD is available for use by our members!  It is
>>> our hope that this machine will eventually become an official FreeBSD
>>> mirror, yet before I make any annoucements to hubs@ I'd like to give
>>> our members a first crack at this box.  So, feel free to do your
>>> nightly /usr/src and /usr/ports sync's off of:
>>>
>>> freebsd.nycbug.org
>>>
>>> Once again I'd like to thank New York Internet <www.nyi.net> for donating
>>> bandwidth and rackspace to our BUG - and the community in large.  And our
>>> very own Gman for donating the gear.  Thanks guys, I couldn't have slacked
>>> off at work for hours setting this up if it wasn't for you ;^)
>> NYI offerred to help me out when I thought I was losing the hosting 
>> for FreshPorts/FreeBSD Diary/etc.  Good place.
>>
>> Peter: What is your upstream for the cvsup server?
>>
> okan touched on the bandwidth.  we are mirroring off of cvsup8.us now,
> hoping to get official access soon.
> 
>> FWIW, the NYCBUG server is faster for me than cvsup.ca.freebsd.org 
>> here in Ottawa.  Both servers are 13 hops away.
>>
> 
> yea, nyi rocks huh?

Well, what is interesting is that there are rumors that lots of
canadians are using ftp2.usa for OpenBSD in our colo.

We have been trying to get a NetBSD mirror up and running for a long
while. . . maybe we'll be successful soon.  No, it's a question of
hardware, not technical prowess. . .

I would like to see this FBSD mirror do some archiving. . . I mean,
something like ftp-archive.. . . it's got plenty of space, right Petee?

g


From mspitzer at gmail.com  Sun Jul 30 02:16:54 2006
From: mspitzer at gmail.com (Marc Spitzer)
Date: Sun, 30 Jul 2006 02:16:54 -0400
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <44CAE806.6070202@sddi.net>
References: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
	<4727B852-3F59-4272-8DE9-E71D218015EB@lesmuug.org>
	<44CAE806.6070202@sddi.net>
Message-ID: <8c50a3c30607292316t1a38e3f0g947b74a6cbd9d8cb@mail.gmail.com>

On 7/29/06, George R. <george at sddi.net> wrote:
> Isaac Levy wrote:
> > Hi Pete, All,
> >
> > On Jul 28, 2006, at 11:59 AM, Peter Wright wrote:
> >
> >>      I'm very pleased to annouce the availability of NycBUG's very own
> >> cvsup server for FreeBSD is available for use by our members!
> > <snip>
> >> freebsd.nycbug.org
> >
> > Yay!  Thanks for putting in the work Pete!
> >
> > I've tried the box, works as it should- and it's fast for NY area
> > users :)
> >
>
> Wow. . . boomingly fast.
>
> Thanks again Pete. . . It's things like this that show the role BUGs can
> play.
>
> g

It flys, If you make it to defcon I owe you a drink or 3

Damm good job

marc

-- 
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD


From jbaltz at 3phasecomputing.com  Sun Jul 30 11:08:21 2006
From: jbaltz at 3phasecomputing.com (Jerry B. Altzman)
Date: Sun, 30 Jul 2006 11:08:21 -0400
Subject: [nycbug-talk] NYCBUG cvsup server
In-Reply-To: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
References: <62565.160.33.20.11.1154102370.squirrel@webmail.nomadlogic.org>
Message-ID: <44CCCB65.5090309@3phasecomputing.com>

On 7/28/2006 11:59 AM, Peter Wright wrote:
> Hi All,
>      I'm very pleased to annouce the availability of NycBUG's very own
> cvsup server for FreeBSD is available for use by our members!  It is
> our hope that this machine will eventually become an official FreeBSD
> mirror, yet before I make any annoucements to hubs@ I'd like to give
> our members a first crack at this box.  So, feel free to do your
> nightly /usr/src and /usr/ports sync's off of:
> freebsd.nycbug.org

Yow! That's speedy! thanks pete.

> -pete

//jbaltz
-- 
jerry b. altzman  jbaltz at 3phasecomputing.com  +1 718 763 7405


From dlavigne6 at sympatico.ca  Sun Jul 30 15:52:10 2006
From: dlavigne6 at sympatico.ca (Dru)
Date: Sun, 30 Jul 2006 15:52:10 -0400 (EDT)
Subject: [nycbug-talk] pf tables
Message-ID: <20060730154156.I633@dru.domain.org>


Does anyone have a reference to or quick trick on how to have the 
information in their pf tables survive a reboot? I'm wondering if I'm 
missing something obvious, but I just lost a few months worth of bad_hosts 
after rebooting a box during an upgrade.

Also, is there an easy way to suck in the contents of a file to a table? I 
do have a backup of the persist file?

Dru



From nycbug at cyth.net  Sun Jul 30 15:51:59 2006
From: nycbug at cyth.net (Ray Lai)
Date: Sun, 30 Jul 2006 15:50:59 -0401
Subject: [nycbug-talk] pf tables
In-Reply-To: <20060730154156.I633@dru.domain.org>
References: <20060730154156.I633@dru.domain.org>
Message-ID: <20060730195122.GJ15105@cybertron.cyth.net>

On Sun, Jul 30, 2006 at 03:52:10PM -0400, Dru wrote:
> Does anyone have a reference to or quick trick on how to have the 
> information in their pf tables survive a reboot? I'm wondering if I'm 
> missing something obvious, but I just lost a few months worth of bad_hosts 
> after rebooting a box during an upgrade.
> 
> Also, is there an easy way to suck in the contents of a file to a table? I 
> do have a backup of the persist file?

man pf.conf:

     A table can also be initialized with an address list specified in one or
     more external files, using the following syntax:

           table <spam> persist file "/etc/spammers" file "/etc/openrelays"
           block on fxp0 from <spam> to any

     The files /etc/spammers and /etc/openrelays list IP addresses, one per
     line.  Any lines beginning with a # are treated as comments and ignored.
     In addition to being specified by IP address, hosts may also be specified
     by their hostname.  When the resolver is called to add a hostname to a
     table, all resulting IPv4 and IPv6 addresses are placed into the table.
     IP addresses can also be entered in a table by specifying a valid inter-
     face name, a valid interface group or the self keyword, in which case all
     addresses assigned to the interface(s) will be added to the table.

-Ray-


From md+nycbug at mailq.de  Sun Jul 30 15:54:28 2006
From: md+nycbug at mailq.de (Mischa Diehm)
Date: Sun, 30 Jul 2006 21:54:28 +0200
Subject: [nycbug-talk] pf tables
In-Reply-To: <20060730154156.I633@dru.domain.org>
References: <20060730154156.I633@dru.domain.org>
Message-ID: <20060730195428.GB21600@mailq.de>

Hi,

On Sun, Jul 30, 2006 at 03:52:10PM -0400, Dru wrote:
> Does anyone have a reference to or quick trick on how to have the 
> information in their pf tables survive a reboot? I'm wondering if I'm 

man pf.conf

> missing something obvious, but I just lost a few months worth of bad_hosts 
> after rebooting a box during an upgrade.
> 
> Also, is there an easy way to suck in the contents of a file to a table? I 
> do have a backup of the persist file?

exactly. quoting the manpage:

A table can also be initialized with an address list specified in
one or more external files, using the following syntax:

    table <spam> persist file "/etc/spammers" file "/etc/openrelays"
    block on fxp0 from <spam> to any

Mischa


From dlavigne6 at sympatico.ca  Sun Jul 30 16:20:16 2006
From: dlavigne6 at sympatico.ca (Dru)
Date: Sun, 30 Jul 2006 16:20:16 -0400 (EDT)
Subject: [nycbug-talk] pf tables
In-Reply-To: <20060730195428.GB21600@mailq.de>
References: <20060730154156.I633@dru.domain.org>
	<20060730195428.GB21600@mailq.de>
Message-ID: <20060730161431.O633@dru.domain.org>



On Sun, 30 Jul 2006, Mischa Diehm wrote:

> A table can also be initialized with an address list specified in
> one or more external files, using the following syntax:
>
>    table <spam> persist file "/etc/spammers" file "/etc/openrelays"
>    block on fxp0 from <spam> to any


I'm still missing something as my persist file (which contained many 1000 
IPs accumulated over the past few months) was somehow flushed when the 
system rebooted. My /etc/pf.conf contains these relevant lines:

# grep bad /etc/pf.conf

table <bad_hosts> persist file "/var/log/bad_hosts"

block quick from <bad_hosts>

pass proto tcp to any port $tcp_services flags S/SA keep state 
(max-src-conn 50, max-src-conn-rate 15/5 overload, <bad_hosts> flush global)

Dru


From mspitzer at gmail.com  Sun Jul 30 16:33:20 2006
From: mspitzer at gmail.com (Marc Spitzer)
Date: Sun, 30 Jul 2006 16:33:20 -0400
Subject: [nycbug-talk] pf tables
In-Reply-To: <20060730161431.O633@dru.domain.org>
References: <20060730154156.I633@dru.domain.org>
	<20060730195428.GB21600@mailq.de> <20060730161431.O633@dru.domain.org>
Message-ID: <8c50a3c30607301333w59fd73aeua83b9b4833300f4d@mail.gmail.com>

On 7/30/06, Dru <dlavigne6 at sympatico.ca> wrote:
>
>
> On Sun, 30 Jul 2006, Mischa Diehm wrote:
>
> > A table can also be initialized with an address list specified in
> > one or more external files, using the following syntax:
> >
> >    table <spam> persist file "/etc/spammers" file "/etc/openrelays"
> >    block on fxp0 from <spam> to any
>
>
> I'm still missing something as my persist file (which contained many 1000
> IPs accumulated over the past few months) was somehow flushed when the
> system rebooted. My /etc/pf.conf contains these relevant lines:
>
> # grep bad /etc/pf.conf
>
> table <bad_hosts> persist file "/var/log/bad_hosts"

Could it be something weird with log rotation, perhaps newsyslog did
something odd?
fishing but it is the only hook I have.  Also did the file exist in
the file system before the
boot, the old open file descriptor trick on a deleted file?

marc
-- 
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD


From okan at demirmen.com  Sun Jul 30 16:57:28 2006
From: okan at demirmen.com (Okan Demirmen)
Date: Sun, 30 Jul 2006 16:57:28 -0400
Subject: [nycbug-talk] pf tables
In-Reply-To: <20060730161431.O633@dru.domain.org>
References: <20060730154156.I633@dru.domain.org>
	<20060730195428.GB21600@mailq.de>
	<20060730161431.O633@dru.domain.org>
Message-ID: <20060730205728.GC20358@clam.khaoz.org>

On Sun 2006.07.30 at 16:20 -0400, Dru wrote:
> 
> 
> On Sun, 30 Jul 2006, Mischa Diehm wrote:
> 
> > A table can also be initialized with an address list specified in
> > one or more external files, using the following syntax:
> >
> >    table <spam> persist file "/etc/spammers" file "/etc/openrelays"
> >    block on fxp0 from <spam> to any
> 
> 
> I'm still missing something as my persist file (which contained many 1000 
> IPs accumulated over the past few months) was somehow flushed when the 
> system rebooted. My /etc/pf.conf contains these relevant lines:
> 
> # grep bad /etc/pf.conf
> 
> table <bad_hosts> persist file "/var/log/bad_hosts"
> 
> block quick from <bad_hosts>
> 
> pass proto tcp to any port $tcp_services flags S/SA keep state 
> (max-src-conn 50, max-src-conn-rate 15/5 overload, <bad_hosts> flush global)

pfctl(8) will *populate from* a file; it doesn't mean it (what is "it"?
- there is none) also sync's back to the file. you need to dump your
table in rc.shutdown(8) or in a cron(8) job - which ever fits the bill.


From dlavigne6 at sympatico.ca  Sun Jul 30 17:24:32 2006
From: dlavigne6 at sympatico.ca (Dru)
Date: Sun, 30 Jul 2006 17:24:32 -0400 (EDT)
Subject: [nycbug-talk] pf tables
In-Reply-To: <20060730205728.GC20358@clam.khaoz.org>
References: <20060730154156.I633@dru.domain.org>
	<20060730195428.GB21600@mailq.de>
	<20060730161431.O633@dru.domain.org>
	<20060730205728.GC20358@clam.khaoz.org>
Message-ID: <20060730172410.B633@dru.domain.org>



On Sun, 30 Jul 2006, Okan Demirmen wrote:

> pfctl(8) will *populate from* a file; it doesn't mean it (what is "it"?
> - there is none) also sync's back to the file. you need to dump your
> table in rc.shutdown(8) or in a cron(8) job - which ever fits the bill.


Thanks, rc.shutdown should fit the bill.

Dru


From dave at donnerjack.com  Sun Jul 30 20:05:15 2006
From: dave at donnerjack.com (David Lawson)
Date: Sun, 30 Jul 2006 20:05:15 -0400
Subject: [nycbug-talk] pf tables
In-Reply-To: <20060730172410.B633@dru.domain.org>
References: <20060730154156.I633@dru.domain.org>
	<20060730195428.GB21600@mailq.de>
	<20060730161431.O633@dru.domain.org>
	<20060730205728.GC20358@clam.khaoz.org>
	<20060730172410.B633@dru.domain.org>
Message-ID: <E252F24F-CEAC-4677-88B2-FC3DF14F154E@donnerjack.com>


On Jul 30, 2006, at 5:24 PM, Dru wrote:

>
>
> On Sun, 30 Jul 2006, Okan Demirmen wrote:
>
>> pfctl(8) will *populate from* a file; it doesn't mean it (what is  
>> "it"?
>> - there is none) also sync's back to the file. you need to dump your
>> table in rc.shutdown(8) or in a cron(8) job - which ever fits the  
>> bill.
>
>
> Thanks, rc.shutdown should fit the bill.
>
> Dru

I've actually found it simpler and cleaner to add an IP to the  
persist file and reload pf, since that ensures your currently running  
ruleset is exactly what you have on disk, thus avoiding situations  
like this one.  Or, alternatively, you could use a couple line script  
to append an IP to the end of the file and insert it into the table  
in pf at the same time.

--Dave


From okan at demirmen.com  Sun Jul 30 20:22:12 2006
From: okan at demirmen.com (Okan Demirmen)
Date: Sun, 30 Jul 2006 20:22:12 -0400
Subject: [nycbug-talk] pf tables
In-Reply-To: <E252F24F-CEAC-4677-88B2-FC3DF14F154E@donnerjack.com>
References: <20060730154156.I633@dru.domain.org>
	<20060730195428.GB21600@mailq.de>
	<20060730161431.O633@dru.domain.org>
	<20060730205728.GC20358@clam.khaoz.org>
	<20060730172410.B633@dru.domain.org>
	<E252F24F-CEAC-4677-88B2-FC3DF14F154E@donnerjack.com>
Message-ID: <20060731002212.GD20358@clam.khaoz.org>

On Sun 2006.07.30 at 20:05 -0400, David Lawson wrote:
> I've actually found it simpler and cleaner to add an IP to the  
> persist file and reload pf, since that ensures your currently running  
> ruleset is exactly what you have on disk, thus avoiding situations  
> like this one.  Or, alternatively, you could use a couple line script  
> to append an IP to the end of the file and insert it into the table  
> in pf at the same time.

look at how dru, rather pf(4), is populating the table...(her rules are
somewhere in the thread.) overloading is done in the kernel. so...the ip
will always hit the table first. sure, you can dump the table and reload
it, hence the reason why i mentioned cron(8) (or of course to take
snapshots of the table every once in a while, maybe in daily.local, just
in case.)

this is not saying it can't be done your way for this particular
scenario; you just have to write it, or find someone who will/has.


From attroppa at yahoo.com  Mon Jul 31 08:05:10 2006
From: attroppa at yahoo.com (Evgueni Tzvetanov)
Date: Mon, 31 Jul 2006 05:05:10 -0700 (PDT)
Subject: [nycbug-talk] U.S surrenders ICANN control
In-Reply-To: <8c50a3c30607291258x1bb518e2t25d81544dbfe6fcc@mail.gmail.com>
Message-ID: <20060731120510.47808.qmail@web38101.mail.mud.yahoo.com>

Dude! Stick to BSD. You suck in politics!
I don't know how good you are in BSD either!

--- Marc Spitzer <mspitzer at gmail.com> wrote:

> On 7/29/06, George R. <george at sddi.net> wrote:
> > Marc Spitzer wrote:
> > > On 7/27/06, Jonathan Vanasco
> <nycbug-list at 2xlp.com> wrote:
> > >> i'd argue that the us doesn't have free speech
> anymore either.  the
> > >> difference between other countries and the us
> is that overseas speech
> > >> is censored / illegal from the outself, while
> in america speech is
> > >> 'free' in theory and the price of a good lawyer
> in practice.
> > >
> > > It has always been that way, the social
> restraints are what are
> > > comming undone.  People did not want their names
> assocated with a
> > > court case.  Also vilonece was also more common
> to settle the mater.
> > >
> > >> i'm pretty sure that there's never been an
> actually effective
> > >> international body.  at best the new group can
> be as functional as
> > >> the UN-- which means at best, they'll
> accomplish absolutely nothing.
> > >
> > > The UN(spit) has never had the good grace to do
> nothing, it would be a
> > > major improvement over what they do.  They are
> not stupid they are
> > > fucking evil.
> >
> > Woah tiger. . . keep that tone on your Slashdot
> posts. .. not here.
> 
> I was being restrained, turtle bay is a curse upon
> the earth.
> 
> If people in blue helmets show up to protect you,
> run for your life.
> UN peace keepers have the dubious honer of being
> responsible for
> collecting oppressed minorities so they can be
> killed easier.
> Engaging in child prostitution and pornography
> rings.  And in two
> cases the need to be medically evacuated for damage
> to there members
> after trying to have oral sex with a goat.  How
> stupid do you have to
> be not to realize there are teeth on that end and
> the goat is not gona
> be happy with the situation.
> 
> I could go on and on on the subject, oil for food,
> the tysume a few
> years ago, China, Cuba Syria on the high commission
> of human rights.
> 
> 
> >
> > The ultimate problem is who is neutral.  Certainly
> not the US government
> > or private industry.  I dred the day when the root
> servers that are in
> > the US blacklist TLDs based on executive orders. 
> Even our
> > intellectually numb president is aware of the
> internet and the role it
> > plays.
> 
> While George Bush was and is not my first choice for
> the job either,
> he was much better the the other choice.  I do not
> remember, in 20
> years of voting, voting *for* a candadate for
> federal office.  I
> generally vote against the other guy.
> 
> >
> > Is the UN in a better, more neutral position? 
> That is highly doubtful.
> >  The UN has always been a battleground of super
> and regional powers. . .
> > But that's another OT discussion.
> 
> No the issue is that the US paid for the internet
> and if you do not
> like it go build your own.
> 
> >
> > It would be wonderful if there was some truly
> neutral, non governmental,
> > vendor-neutral solution to this. . . But the
> reality of the IETF just
> > makes that laughable.
> 
> we can agree to disagree on that.
> 
> >
> > shrug. . .
> >
> > Maybe NYCBUG could volunteer. . . ;-)
> 
> always be careful of what you ask as soneone may
> give it to you.
> 
> marc
> ----
> "We trained very hard, but it seemed that every time
> we were beginning to
> form into teams we would be reorganized. I was to
> learn later in life that
> we tend to meet any new situation by reorganizing,
> and a wonderful method it
> can be for creating the illusion of progress, while
> producing confusion,
> inefficiency and demoralization."
> -Gaius Petronius, 1st Century AD
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce
> lists
> %We meet the first Wednesday of the month
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


From bschonhorst at gmail.com  Mon Jul 31 10:28:22 2006
From: bschonhorst at gmail.com (Brad Schonhorst)
Date: Mon, 31 Jul 2006 10:28:22 -0400
Subject: [nycbug-talk] U.S surrenders ICANN control
In-Reply-To: <20060731120510.47808.qmail@web38101.mail.mud.yahoo.com>
References: <8c50a3c30607291258x1bb518e2t25d81544dbfe6fcc@mail.gmail.com>
	<20060731120510.47808.qmail@web38101.mail.mud.yahoo.com>
Message-ID: <7708fd680607310728i58da152fxf6c5c24ada76d6c9@mail.gmail.com>

This thread has gotten way off topic.  If you would like to continue
the conversation please take it off the talk list.

NYCBUG Email List Guidelines:
http://nycbug.org/index.php?NAV=MailingLists

Thanks!

On 7/31/06, Evgueni Tzvetanov <attroppa at yahoo.com> wrote:
> Dude! Stick to BSD. You suck in politics!
> I don't know how good you are in BSD either!
>
> --- Marc Spitzer <mspitzer at gmail.com> wrote:
>
> > On 7/29/06, George R. <george at sddi.net> wrote:
> > > Marc Spitzer wrote:
> > > > On 7/27/06, Jonathan Vanasco
> > <nycbug-list at 2xlp.com> wrote:
> > > >> i'd argue that the us doesn't have free speech
> > anymore either.  the
> > > >> difference between other countries and the us
> > is that overseas speech
> > > >> is censored / illegal from the outself, while
> > in america speech is
> > > >> 'free' in theory and the price of a good lawyer
> > in practice.
> > > >
> > > > It has always been that way, the social
> > restraints are what are
> > > > comming undone.  People did not want their names
> > assocated with a
> > > > court case.  Also vilonece was also more common
> > to settle the mater.
> > > >
> > > >> i'm pretty sure that there's never been an
> > actually effective
> > > >> international body.  at best the new group can
> > be as functional as
> > > >> the UN-- which means at best, they'll
> > accomplish absolutely nothing.
> > > >
> > > > The UN(spit) has never had the good grace to do
> > nothing, it would be a
> > > > major improvement over what they do.  They are
> > not stupid they are
> > > > fucking evil.
> > >
> > > Woah tiger. . . keep that tone on your Slashdot
> > posts. .. not here.
> >
> > I was being restrained, turtle bay is a curse upon
> > the earth.
> >
> > If people in blue helmets show up to protect you,
> > run for your life.
> > UN peace keepers have the dubious honer of being
> > responsible for
> > collecting oppressed minorities so they can be
> > killed easier.
> > Engaging in child prostitution and pornography
> > rings.  And in two
> > cases the need to be medically evacuated for damage
> > to there members
> > after trying to have oral sex with a goat.  How
> > stupid do you have to
> > be not to realize there are teeth on that end and
> > the goat is not gona
> > be happy with the situation.
> >
> > I could go on and on on the subject, oil for food,
> > the tysume a few
> > years ago, China, Cuba Syria on the high commission
> > of human rights.
> >
> >
> > >
> > > The ultimate problem is who is neutral.  Certainly
> > not the US government
> > > or private industry.  I dred the day when the root
> > servers that are in
> > > the US blacklist TLDs based on executive orders.
> > Even our
> > > intellectually numb president is aware of the
> > internet and the role it
> > > plays.
> >
> > While George Bush was and is not my first choice for
> > the job either,
> > he was much better the the other choice.  I do not
> > remember, in 20
> > years of voting, voting *for* a candadate for
> > federal office.  I
> > generally vote against the other guy.
> >
> > >
> > > Is the UN in a better, more neutral position?
> > That is highly doubtful.
> > >  The UN has always been a battleground of super
> > and regional powers. . .
> > > But that's another OT discussion.
> >
> > No the issue is that the US paid for the internet
> > and if you do not
> > like it go build your own.
> >
> > >
> > > It would be wonderful if there was some truly
> > neutral, non governmental,
> > > vendor-neutral solution to this. . . But the
> > reality of the IETF just
> > > makes that laughable.
> >
> > we can agree to disagree on that.
> >
> > >
> > > shrug. . .
> > >
> > > Maybe NYCBUG could volunteer. . . ;-)
> >
> > always be careful of what you ask as soneone may
> > give it to you.
> >
> > marc
> > ----
> > "We trained very hard, but it seemed that every time
> > we were beginning to
> > form into teams we would be reorganized. I was to
> > learn later in life that
> > we tend to meet any new situation by reorganizing,
> > and a wonderful method it
> > can be for creating the illusion of progress, while
> > producing confusion,
> > inefficiency and demoralization."
> > -Gaius Petronius, 1st Century AD
> > _______________________________________________
> > % NYC*BUG talk mailing list
> > http://lists.nycbug.org/mailman/listinfo/talk
> > %Be sure to check out our Jobs and NYCBUG-announce
> > lists
> > %We meet the first Wednesday of the month
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


From lists at stringsutils.com  Mon Jul 31 12:03:34 2006
From: lists at stringsutils.com (Francisco Reyes)
Date: Mon, 31 Jul 2006 12:03:34 -0400
Subject: [nycbug-talk] Postfix filter for Exchange
References: <20060727153112.GB64375@sunset.nomadlogic.org>
	<20060727162553.GU9627@ayvali.org> <44C8EC65.9060402@sddi.net>
Message-ID: <cone.1154361814.961344.64736.1000@zoraida.natserv.net>

If I understood the original request.. it was about limiting mail bombs.

Mail bombs in theory could come from even the internal network.. caused by a 
rogue program (ie a bug in an alert).

One good program I once research, but have not implemented, is policyd for 
postfix. It seems like it may do what the original poster requested.

One can set limits so no more than X number of emails are received by 
conditions like sender, IP, and more.    


From pete at nomadlogic.org  Mon Jul 31 12:32:34 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Mon, 31 Jul 2006 09:32:34 -0700 (PDT)
Subject: [nycbug-talk] Postfix filter for Exchange
In-Reply-To: <cone.1154361814.961344.64736.1000@zoraida.natserv.net>
References: <20060727153112.GB64375@sunset.nomadlogic.org>
	<20060727162553.GU9627@ayvali.org> <44C8EC65.9060402@sddi.net>
	<cone.1154361814.961344.64736.1000@zoraida.natserv.net>
Message-ID: <61431.160.33.20.11.1154363554.squirrel@webmail.nomadlogic.org>


> If I understood the original request.. it was about limiting mail bombs.
>
yes, internal mail bomb's generated by overzealous end users scripts.

> Mail bombs in theory could come from even the internal network.. caused by
> a
> rogue program (ie a bug in an alert).
>

exactly, we do not have to worry about external mail in this scenario as
we have that under controll.

> One good program I once research, but have not implemented, is policyd for
> postfix. It seems like it may do what the original poster requested.
>
> One can set limits so no more than X number of emails are received by
> conditions like sender, IP, and more.

execellent, this is exactly what i am going to implement in one way or
another.   policyd is is part of postfix itself correct?

-pete

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From lists at stringsutils.com  Mon Jul 31 15:16:04 2006
From: lists at stringsutils.com (Francisco Reyes)
Date: Mon, 31 Jul 2006 15:16:04 -0400
Subject: [nycbug-talk] Postfix filter for Exchange
References: <20060727153112.GB64375@sunset.nomadlogic.org>
	<20060727162553.GU9627@ayvali.org> <44C8EC65.9060402@sddi.net>
	<cone.1154361814.961344.64736.1000@zoraida.natserv.net>
	<61431.160.33.20.11.1154363554.squirrel@webmail.nomadlogic.org>
Message-ID: <cone.1154373364.661079.69955.5001@35st-server.simplicato.com>

Peter Wright writes:

> execellent, this is exactly what i am going to implement in one way or
> another.   policyd is is part of postfix itself correct?


No. It's an external program.
Postfix does have some rate limiting, but it is not as configurable as 
policyd (http://policyd.sourceforge.net)
 


From pete at nomadlogic.org  Mon Jul 31 15:40:58 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Mon, 31 Jul 2006 12:40:58 -0700 (PDT)
Subject: [nycbug-talk] Postfix filter for Exchange
In-Reply-To: <cone.1154373364.661079.69955.5001@35st-server.simplicato.com>
References: <20060727153112.GB64375@sunset.nomadlogic.org>
	<20060727162553.GU9627@ayvali.org> <44C8EC65.9060402@sddi.net>
	<cone.1154361814.961344.64736.1000@zoraida.natserv.net>
	<61431.160.33.20.11.1154363554.squirrel@webmail.nomadlogic.org>
	<cone.1154373364.661079.69955.5001@35st-server.simplicato.com>
Message-ID: <53448.160.33.20.11.1154374858.squirrel@webmail.nomadlogic.org>


> Peter Wright writes:
>
>> execellent, this is exactly what i am going to implement in one way or
>> another.   policyd is is part of postfix itself correct?
>
>
> No. It's an external program.
> Postfix does have some rate limiting, but it is not as configurable as
> policyd (http://policyd.sourceforge.net)
>
>

thanks for the URL.
-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459