From george  Wed Mar  1 12:56:24 2006
From: george (George R.)
Date: Wed, 01 Mar 2006 12:56:24 -0500
Subject: [nycbug-talk] RSVPs for Systrace for Slackers
Message-ID: <4405E048.2020307@sddi.net>

Last minute reminder:

For tonight's meeting, you MUST rsvp by sending email to:

rsvp at lists.nycbug.org

and in the subject line, please put:

RSVP FNAME LNAME

And make sure you bring ID.

And it's 6:30 pm tonight and forever after.

g


From mspitzer  Wed Mar  1 13:05:08 2006
From: mspitzer (Marc Spitzer)
Date: Wed, 1 Mar 2006 13:05:08 -0500
Subject: [nycbug-talk] usb to serial(db9) device, any recomendations
Message-ID: <8c50a3c30603011005n12c91e03ifcf87e0bda8e4b55@mail.gmail.com>

hello all,

I currently have a belkin and it does not do things like pass the
break, aka stop-a, code.  This can be a problem.  Does anyone out
there have any recomendations for a usb to db9 device? I only
need/want 1 port, its to console into sun boxes from my laptop at
work.

marc

--
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD



From lists  Wed Mar  1 13:17:00 2006
From: lists (michael)
Date: Wed, 1 Mar 2006 13:17:00 -0500
Subject: [nycbug-talk] usb to serial(db9) device, any recomendations
In-Reply-To: <8c50a3c30603011005n12c91e03ifcf87e0bda8e4b55@mail.gmail.com>
References: <8c50a3c30603011005n12c91e03ifcf87e0bda8e4b55@mail.gmail.com>
Message-ID: <20060301131700.5996727d.lists@genoverly.net>

On Wed, 1 Mar 2006 13:05:08 -0500
"Marc Spitzer" <mspitzer at gmail.com> wrote:

> hello all,
> 
> I currently have a belkin and it does not do things like pass the
> break, aka stop-a, code.  This can be a problem.  Does anyone out
> there have any recomendations for a usb to db9 device? I only
> need/want 1 port, its to console into sun boxes from my laptop at
> work.
> 
> marc
> 

I got a multiport, so I can't recommend a single port.  I bought my USB-to-Serial from USBGear.com  (http://usbgear.com/USB-Serial.html)  They have lots of choices



- 
michael



From ike  Wed Mar  1 13:23:40 2006
From: ike (Isaac Levy)
Date: Wed, 1 Mar 2006 13:23:40 -0500
Subject: [nycbug-talk] usb to serial(db9) device, any recomendations
In-Reply-To: <20060301131700.5996727d.lists@genoverly.net>
References: <8c50a3c30603011005n12c91e03ifcf87e0bda8e4b55@mail.gmail.com>
	<20060301131700.5996727d.lists@genoverly.net>
Message-ID: <51EB734B-FA6A-48D9-AD69-B5715B075BF7@lesmuug.org>

Hi All,

On Mar 1, 2006, at 1:17 PM, michael wrote:

> On Wed, 1 Mar 2006 13:05:08 -0500
> "Marc Spitzer" <mspitzer at gmail.com> wrote:
>
>> hello all,
>>
>> I currently have a belkin and it does not do things like pass the
>> break, aka stop-a, code.  This can be a problem.  Does anyone out
>> there have any recomendations for a usb to db9 device? I only
>> need/want 1 port, its to console into sun boxes from my laptop at
>> work.
>>
>> marc
>>
>
> I got a multiport, so I can't recommend a single port.  I bought my  
> USB-to-Serial from USBGear.com  (http://usbgear.com/USB- 
> Serial.html)  They have lots of choices

Not sure if these are good for your laptop, but to ensure  
compatability when using Apple/Mac gear (along with other platforms),  
I can recommend these:

Keyspan USA-19HS
http://www.keyspan.com/products/usb/USA19HS/

Works for me.

Rocket-
.ike




From anthony.elizondo  Wed Mar  1 13:56:05 2006
From: anthony.elizondo (Anthony Elizondo)
Date: Wed, 1 Mar 2006 13:56:05 -0500
Subject: [nycbug-talk] usb to serial(db9) device, any recomendations
In-Reply-To: <51EB734B-FA6A-48D9-AD69-B5715B075BF7@lesmuug.org>
References: <8c50a3c30603011005n12c91e03ifcf87e0bda8e4b55@mail.gmail.com>
	<20060301131700.5996727d.lists@genoverly.net>
	<51EB734B-FA6A-48D9-AD69-B5715B075BF7@lesmuug.org>
Message-ID: <a49e62c80603011056m341d6874hca93ec341d3a4225@mail.gmail.com>

On 3/1/06, Isaac Levy <ike at lesmuug.org> wrote:
> Keyspan USA-19HS
> http://www.keyspan.com/products/usb/USA19HS/

Seconding the Keyspan. I have a slightly different model, but it has
worked great for me on an iBook, a Thinkpad, a desktop, and with
various things on the other end, including a Cisco serial cable and a
Palm cradle.

> Works for me.
>
> Rocket-
> .ike

Anthony



From lists  Wed Mar  1 13:56:54 2006
From: lists (michael)
Date: Wed, 1 Mar 2006 13:56:54 -0500
Subject: [nycbug-talk] usb to serial(db9) device, any recomendations
In-Reply-To: <20060301131700.5996727d.lists@genoverly.net>
References: <8c50a3c30603011005n12c91e03ifcf87e0bda8e4b55@mail.gmail.com>
	<20060301131700.5996727d.lists@genoverly.net>
Message-ID: <20060301135654.7c4bb9d8.lists@genoverly.net>

On Wed, 1 Mar 2006 13:17:00 -0500
michael <lists at genoverly.net> wrote:

> On Wed, 1 Mar 2006 13:05:08 -0500
> "Marc Spitzer" <mspitzer at gmail.com> wrote:
> 
> > hello all,
> > 
> > I currently have a belkin and it does not do things like pass the
> > break, aka stop-a, code.  This can be a problem.  Does anyone out
> > there have any recomendations for a usb to db9 device? I only
> > need/want 1 port, its to console into sun boxes from my laptop at
> > work.
> > 
> > marc
> > 
> 
> I got a multiport, so I can't recommend a single port.  I bought my USB-to-Serial from USBGear.com  (http://usbgear.com/USB-Serial.html)  They have lots of choices
> 

oh.. Most USB/Serial adapters are for straight thru..  you will probably need a female/female db9 null coupler.  You can make one or, as I did, find them on the web for only a couple of bucks (http://www.deepsurplus.com/s.nl/sc.2/category.7/it.A/id.831/.f)

-- 
michael



From nomadlogic  Wed Mar  1 13:57:09 2006
From: nomadlogic (pete wright)
Date: Wed, 1 Mar 2006 10:57:09 -0800
Subject: [nycbug-talk] usb to serial(db9) device, any recomendations
In-Reply-To: <51EB734B-FA6A-48D9-AD69-B5715B075BF7@lesmuug.org>
References: <8c50a3c30603011005n12c91e03ifcf87e0bda8e4b55@mail.gmail.com>
	<20060301131700.5996727d.lists@genoverly.net>
	<51EB734B-FA6A-48D9-AD69-B5715B075BF7@lesmuug.org>
Message-ID: <57d710000603011057l20f83ef0vfb2daa5269dde51b@mail.gmail.com>

On 3/1/06, Isaac Levy <ike at lesmuug.org> wrote:
> Hi All,
>
> On Mar 1, 2006, at 1:17 PM, michael wrote:
>
> > On Wed, 1 Mar 2006 13:05:08 -0500
> > "Marc Spitzer" <mspitzer at gmail.com> wrote:
> >
> >> hello all,
> >>
> >> I currently have a belkin and it does not do things like pass the
> >> break, aka stop-a, code.  This can be a problem.  Does anyone out
> >> there have any recomendations for a usb to db9 device? I only
> >> need/want 1 port, its to console into sun boxes from my laptop at
> >> work.
> >>
> >> marc
> >>
> >
> > I got a multiport, so I can't recommend a single port.  I bought my
> > USB-to-Serial from USBGear.com  (http://usbgear.com/USB-
> > Serial.html)  They have lots of choices
>
> Not sure if these are good for your laptop, but to ensure
> compatability when using Apple/Mac gear (along with other platforms),
> I can recommend these:
>
> Keyspan USA-19HS
> http://www.keyspan.com/products/usb/USA19HS/
>

Yea those are great for sure, now if I only could get it to come up as
the same /dev/ during reboot's/reconnect's I'd be all set ;)

-p



--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From tux  Wed Mar  1 22:09:08 2006
From: tux (Kevin Reiter)
Date: Wed, 01 Mar 2006 22:09:08 -0500
Subject: [nycbug-talk] CLI mailing from FreeBSD 6.0 Release Question
Message-ID: <440661D4.5020007@penguinnetwerx.net>

Hey all,

I'm trying to script an automagic e-mail alert thingy, and it works 
except when actually sending the e-mail.  Here's the part of the script 
that kicks off the e-mail:

mutt -s "Home IP Update" alerts at unixfun.net < temp_ip.log

I then check my e-mail, and nada.  When I check the current procs, I see 
this (and it runs until I kill it):

kevin at chronos$ ps wax | grep unixfun.net
78000  ??  Ss     0:00.00 sendmail: ./k2228Lt9077998 mx.unixfun.net.: 
user open (sendmail)

When I check /var/log/maillog, I see this:

Mar  1 22:01:29 chronos sm-mta[78102]: k221Q93t043799: 
to=<alerts at unixfun.net>, ctladdr=<kevin at chronos.unixfun.net> 
(1001/1001), delay=01:35:20, xdelay=00:00:00, mailer=esmtp, pri=390508, 
relay=mx.unixfun.net., dsn=4.0.0, stat=Deferred: Operation timed out 
with mx.unixfun.net.
Mar  1 22:01:29 chronos sm-mta[78102]: k221LZJc043754: 
to=<alerts at unixfun.net>, ctladdr=<kevin at chronos.unixfun.net> 
(1001/1001), delay=01:39:54, xdelay=00:00:00, mailer=esmtp, pri=390508, 
relay=mx.unixfun.net., dsn=4.0.0, stat=Deferred: Operation timed out 
with mx.unixfun.net.

I was originally using the built-in "mail" command:

cat temp_ip.log | mail -v -s "Home IP Update" alerts at unixfun.net

but that wasn't working either.

This box is only running the standard (non-configured) sendmail.

Is there a setting I need to configure somewhere for the outgoing mail 
server (using either mutt or mail)?

Thanks,
Kev




From nikolai.fetissov  Thu Mar  2 00:33:10 2006
From: nikolai.fetissov (Nikolai N. Fetissov)
Date: Thu, 2 Mar 2006 00:33:10 -0500 (EST)
Subject: [nycbug-talk] March 06 meeting audio
Message-ID: <1134.69.119.149.0.1141277590.squirrel@www.geekisp.com>

mp3 of Ray's presentation is at
http://www.peachisland.com/nycbug/
-- 
 nikolai



From nycbug  Thu Mar  2 00:43:44 2006
From: nycbug (Ray Lai)
Date: Thu, 2 Mar 2006 00:42:44 -0501
Subject: [nycbug-talk] March 06 meeting audio
In-Reply-To: <1134.69.119.149.0.1141277590.squirrel@www.geekisp.com>
References: <1134.69.119.149.0.1141277590.squirrel@www.geekisp.com>
Message-ID: <20060302054307.GA24200@syntax.cyth.net>

On Thu, Mar 02, 2006 at 12:33:10AM -0500, Nikolai N. Fetissov wrote:
> mp3 of Ray's presentation is at
> http://www.peachisland.com/nycbug/

Thanks Nikolai, and everyone who came.  For those who didn't come
(or those who didn't write down the URL) the slides are available
at:

	http://cyth.net/~ray/systrace-talk/

-Ray-


From nikolai.fetissov  Thu Mar  2 00:53:41 2006
From: nikolai.fetissov (Nikolai N. Fetissov)
Date: Thu, 2 Mar 2006 00:53:41 -0500 (EST)
Subject: [nycbug-talk] CLI mailing from FreeBSD 6.0 Release Question
In-Reply-To: <440661D4.5020007@penguinnetwerx.net>
References: <440661D4.5020007@penguinnetwerx.net>
Message-ID: <1157.69.119.149.0.1141278821.squirrel@www.geekisp.com>


On Wed, March 1, 2006 10:09 pm, Kevin Reiter wrote:
> Hey all,
>
> I'm trying to script an automagic e-mail alert thingy, and it works
> except when actually sending the e-mail.  Here's the part of the script
> that kicks off the e-mail:
>
> mutt -s "Home IP Update" alerts at unixfun.net < temp_ip.log
>
> I then check my e-mail, and nada.  When I check the current procs, I see
> this (and it runs until I kill it):
>
> kevin at chronos$ ps wax | grep unixfun.net
> 78000  ??  Ss     0:00.00 sendmail: ./k2228Lt9077998 mx.unixfun.net.:
> user open (sendmail)
>
> When I check /var/log/maillog, I see this:
>
> Mar  1 22:01:29 chronos sm-mta[78102]: k221Q93t043799:
> to=<alerts at unixfun.net>, ctladdr=<kevin at chronos.unixfun.net>
> (1001/1001), delay=01:35:20, xdelay=00:00:00, mailer=esmtp, pri=390508,
> relay=mx.unixfun.net., dsn=4.0.0, stat=Deferred: Operation timed out
> with mx.unixfun.net.
> Mar  1 22:01:29 chronos sm-mta[78102]: k221LZJc043754:
> to=<alerts at unixfun.net>, ctladdr=<kevin at chronos.unixfun.net>
> (1001/1001), delay=01:39:54, xdelay=00:00:00, mailer=esmtp, pri=390508,
> relay=mx.unixfun.net., dsn=4.0.0, stat=Deferred: Operation timed out
> with mx.unixfun.net.
>
> I was originally using the built-in "mail" command:
>
> cat temp_ip.log | mail -v -s "Home IP Update" alerts at unixfun.net
>
> but that wasn't working either.
>
> This box is only running the standard (non-configured) sendmail.
>
> Is there a setting I need to configure somewhere for the outgoing mail
> server (using either mutt or mail)?
>
> Thanks,
> Kev
>

might it be that you are on the optonline network
and port 25 out is blocked at the isp?
-- 
 nikolai



From mspitzer  Thu Mar  2 01:09:07 2006
From: mspitzer (Marc Spitzer)
Date: Thu, 2 Mar 2006 01:09:07 -0500
Subject: [nycbug-talk] March 06 meeting audio
In-Reply-To: <20060302054307.GA24200@syntax.cyth.net>
References: <1134.69.119.149.0.1141277590.squirrel@www.geekisp.com>
	<20060302054307.GA24200@syntax.cyth.net>
Message-ID: <8c50a3c30603012209h1429eb33v9452e5899617763e@mail.gmail.com>

Thanks guys I got stuck at work and I wanted to see this one.

On 3/2/06, Ray Lai <nycbug at cyth.net> wrote:
> On Thu, Mar 02, 2006 at 12:33:10AM -0500, Nikolai N. Fetissov wrote:
> > mp3 of Ray's presentation is at
> > http://www.peachisland.com/nycbug/
>
> Thanks Nikolai, and everyone who came.  For those who didn't come
> (or those who didn't write down the URL) the slides are available
> at:
>
>         http://cyth.net/~ray/systrace-talk/
>
> -Ray-
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


--
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD



From tux  Thu Mar  2 01:15:24 2006
From: tux (Kevin Reiter)
Date: Thu, 02 Mar 2006 01:15:24 -0500
Subject: [nycbug-talk] CLI mailing from FreeBSD 6.0 Release Question
In-Reply-To: <1157.69.119.149.0.1141278821.squirrel@www.geekisp.com>
References: <440661D4.5020007@penguinnetwerx.net>
	<1157.69.119.149.0.1141278821.squirrel@www.geekisp.com>
Message-ID: <44068D7C.10807@penguinnetwerx.net>

Nikolai N. Fetissov wrote:
> On Wed, March 1, 2006 10:09 pm, Kevin Reiter wrote:
>> Hey all,
>>
>> I'm trying to script an automagic e-mail alert thingy, and it works
>> except when actually sending the e-mail.  Here's the part of the script
>> that kicks off the e-mail:
>>
>> mutt -s "Home IP Update" alerts at unixfun.net < temp_ip.log
>>
>> I then check my e-mail, and nada.  When I check the current procs, I see
>> this (and it runs until I kill it):
>>
>> kevin at chronos$ ps wax | grep unixfun.net
>> 78000  ??  Ss     0:00.00 sendmail: ./k2228Lt9077998 mx.unixfun.net.:
>> user open (sendmail)
>>
>> When I check /var/log/maillog, I see this:
>>
>> Mar  1 22:01:29 chronos sm-mta[78102]: k221Q93t043799:
>> to=<alerts at unixfun.net>, ctladdr=<kevin at chronos.unixfun.net>
>> (1001/1001), delay=01:35:20, xdelay=00:00:00, mailer=esmtp, pri=390508,
>> relay=mx.unixfun.net., dsn=4.0.0, stat=Deferred: Operation timed out
>> with mx.unixfun.net.
>> Mar  1 22:01:29 chronos sm-mta[78102]: k221LZJc043754:
>> to=<alerts at unixfun.net>, ctladdr=<kevin at chronos.unixfun.net>
>> (1001/1001), delay=01:39:54, xdelay=00:00:00, mailer=esmtp, pri=390508,
>> relay=mx.unixfun.net., dsn=4.0.0, stat=Deferred: Operation timed out
>> with mx.unixfun.net.
>>
>> I was originally using the built-in "mail" command:
>>
>> cat temp_ip.log | mail -v -s "Home IP Update" alerts at unixfun.net
>>
>> but that wasn't working either.
>>
>> This box is only running the standard (non-configured) sendmail.
>>
>> Is there a setting I need to configure somewhere for the outgoing mail
>> server (using either mutt or mail)?
>>
>> Thanks,
>> Kev
>>
> 
> might it be that you are on the optonline network
> and port 25 out is blocked at the isp?

I'm trying to use mail.optonline.net as my SMTP server, which is what 
they (OptOnline) want us to use.

After some digging and a few helpful suggestions from David Lawson, I'm 
hacking my /etc/mail/freebsd.mc file to see if that does the trick.  I 
really don't feel like going through the trouble of installing 
qmail/exim/postfix just to be able to send mail once a day to myself of 
an IP address change..

Kev


From okan  Thu Mar  2 01:27:14 2006
From: okan (Okan Demirmen)
Date: Thu, 2 Mar 2006 01:27:14 -0500
Subject: [nycbug-talk] CLI mailing from FreeBSD 6.0 Release Question
In-Reply-To: <44068D7C.10807@penguinnetwerx.net>
References: <440661D4.5020007@penguinnetwerx.net>
	<1157.69.119.149.0.1141278821.squirrel@www.geekisp.com>
	<44068D7C.10807@penguinnetwerx.net>
Message-ID: <20060302062737.GA6889@clam.khaoz.org>

On Thu 2006.03.02 at 01:15 -0500, Kevin Reiter wrote:
> Nikolai N. Fetissov wrote:
> > On Wed, March 1, 2006 10:09 pm, Kevin Reiter wrote:
> >> Hey all,
> >>
> >> I'm trying to script an automagic e-mail alert thingy, and it works
> >> except when actually sending the e-mail.  Here's the part of the script
> >> that kicks off the e-mail:
> >>
> >> mutt -s "Home IP Update" alerts at unixfun.net < temp_ip.log
> >>
> >> I then check my e-mail, and nada.  When I check the current procs, I see
> >> this (and it runs until I kill it):
> >>
> >> kevin at chronos$ ps wax | grep unixfun.net
> >> 78000  ??  Ss     0:00.00 sendmail: ./k2228Lt9077998 mx.unixfun.net.:
> >> user open (sendmail)
> >>
> >> When I check /var/log/maillog, I see this:
> >>
> >> Mar  1 22:01:29 chronos sm-mta[78102]: k221Q93t043799:
> >> to=<alerts at unixfun.net>, ctladdr=<kevin at chronos.unixfun.net>
> >> (1001/1001), delay=01:35:20, xdelay=00:00:00, mailer=esmtp, pri=390508,
> >> relay=mx.unixfun.net., dsn=4.0.0, stat=Deferred: Operation timed out
> >> with mx.unixfun.net.
> >> Mar  1 22:01:29 chronos sm-mta[78102]: k221LZJc043754:
> >> to=<alerts at unixfun.net>, ctladdr=<kevin at chronos.unixfun.net>
> >> (1001/1001), delay=01:39:54, xdelay=00:00:00, mailer=esmtp, pri=390508,
> >> relay=mx.unixfun.net., dsn=4.0.0, stat=Deferred: Operation timed out
> >> with mx.unixfun.net.
> >>
> >> I was originally using the built-in "mail" command:
> >>
> >> cat temp_ip.log | mail -v -s "Home IP Update" alerts at unixfun.net
> >>
> >> but that wasn't working either.
> >>
> >> This box is only running the standard (non-configured) sendmail.
> >>
> >> Is there a setting I need to configure somewhere for the outgoing mail
> >> server (using either mutt or mail)?
> >>
> >> Thanks,
> >> Kev
> >>
> > 
> > might it be that you are on the optonline network
> > and port 25 out is blocked at the isp?
> 
> I'm trying to use mail.optonline.net as my SMTP server, which is what 
> they (OptOnline) want us to use.

add:
define(`SMART_HOST', `mail.optonline.net')dnl

to your mc and rebuild your cf:
m4 /usr/share/sendmail/m4/cf.m4 your.mc > your.cf

> After some digging and a few helpful suggestions from David Lawson, I'm 
> hacking my /etc/mail/freebsd.mc file to see if that does the trick.  I 
> really don't feel like going through the trouble of installing 
> qmail/exim/postfix just to be able to send mail once a day to myself of 
> an IP address change..
> 
> Kev
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month


From scottro  Thu Mar  2 06:36:11 2006
From: scottro (Scott Robbins)
Date: Thu, 2 Mar 2006 06:36:11 -0500
Subject: [nycbug-talk] CLI mailing from FreeBSD 6.0 Release Question
In-Reply-To: <44068D7C.10807@penguinnetwerx.net>
References: <440661D4.5020007@penguinnetwerx.net>
	<1157.69.119.149.0.1141278821.squirrel@www.geekisp.com>
	<44068D7C.10807@penguinnetwerx.net>
Message-ID: <20060302113611.GB49269@mail.scottro.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Mar 02, 2006 at 01:15:24AM -0500, Kevin Reiter wrote:
> 
> I'm trying to use mail.optonline.net as my SMTP server, which is what 
> they (OptOnline) want us to use.
> 
> After some digging and a few helpful suggestions from David Lawson, I'm 
> hacking my /etc/mail/freebsd.mc file to see if that does the trick.  I 
> really don't feel like going through the trouble of installing 
> qmail/exim/postfix just to be able to send mail once a day to myself of 
> an IP address change..

There is also ssmtp, a dropin for sendmail.   You, can after installing
it, type (while in the port's directory) make replace and it will
rewrite mailer.conf. 

The drawback is that it will send all messages through the smtp
server--that is, system messages, rather than simply being sent from
the system to root (or root's alias) on the machine, will go out through
optonline's server and back to you.  

I have a little page with more about it at 

http://qnd-guides.net/qnd-ssmtp.html


- -- 

Scott Robbins

PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Xander: How could you let her go? 
Giles: As the soon-to-be-purple area on my jaw will attest, 
I did not 'let' her go. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (FreeBSD)

iD8DBQFEBtir+lTVdes0Z9YRAj19AJ4ueAvOz07ry4aJ6CQXOU4xXK+cfACgnoRh
Bb3+HF3Frwthlbzg8u9NwPc=
=3N09
-----END PGP SIGNATURE-----


From mikel.king  Thu Mar  2 11:48:44 2006
From: mikel.king (Mikel King)
Date: Thu, 2 Mar 2006 11:48:44 -0500
Subject: [nycbug-talk] CLI mailing from FreeBSD 6.0 Release Question
In-Reply-To: <440661D4.5020007@penguinnetwerx.net>
References: <440661D4.5020007@penguinnetwerx.net>
Message-ID: <84BC1DA8-6218-463C-BC88-D00F4E5AEB22@ocsny.com>


On Mar 1, 2006, at 10:09 PM, Kevin Reiter wrote:

> Hey all,
>
> I'm trying to script an automagic e-mail alert thingy, and it works
> except when actually sending the e-mail.  Here's the part of the  
> script
> that kicks off the e-mail:
>
> mutt -s "Home IP Update" alerts at unixfun.net < temp_ip.log
>
> I then check my e-mail, and nada.  When I check the current procs,  
> I see
> this (and it runs until I kill it):
>
> kevin at chronos$ ps wax | grep unixfun.net
> 78000  ??  Ss     0:00.00 sendmail: ./k2228Lt9077998 mx.unixfun.net.:
> user open (sendmail)
>
> When I check /var/log/maillog, I see this:
>
> Mar  1 22:01:29 chronos sm-mta[78102]: k221Q93t043799:
> to=<alerts at unixfun.net>, ctladdr=<kevin at chronos.unixfun.net>
> (1001/1001), delay=01:35:20, xdelay=00:00:00, mailer=esmtp,  
> pri=390508,
> relay=mx.unixfun.net., dsn=4.0.0, stat=Deferred: Operation timed out
> with mx.unixfun.net.
> Mar  1 22:01:29 chronos sm-mta[78102]: k221LZJc043754:
> to=<alerts at unixfun.net>, ctladdr=<kevin at chronos.unixfun.net>
> (1001/1001), delay=01:39:54, xdelay=00:00:00, mailer=esmtp,  
> pri=390508,
> relay=mx.unixfun.net., dsn=4.0.0, stat=Deferred: Operation timed out
> with mx.unixfun.net.
>
> I was originally using the built-in "mail" command:
>
> cat temp_ip.log | mail -v -s "Home IP Update" alerts at unixfun.net
>
> but that wasn't working either.
>
> This box is only running the standard (non-configured) sendmail.
>
> Is there a setting I need to configure somewhere for the outgoing mail
> server (using either mutt or mail)?
>
> Thanks,
> Kev

Hi Kevin,

	Here's some old silly shell scripting I used to use to do the same  
kind of thing. Basically automagickally send myself log snaps, config  
files, and just about any other message I needed using the page  
script. I used to keep a stack of canned messages for cetain types of  
events like server reboots or make world type ops that I'd use with  
the alarm script.

	I had planned on doing a bunch of other stuff with it but you know  
how spare time goes...;-) I haven't had the chance to test them under  
6.0 yet. If you do let me know.

ALARM:
#!/bin/bash
#
# $Id: alarm.sh,v 1.1 2000/09/08 20:06:52 mikel Exp $
#
# by: Mikel King  (mikel.king at upan.org)
#
# send a predefined message to someone
#
# This is a good utility to had laying around where you'd like a
# predefined set of circumstances initiate some sort of alarm. For
# instance on our system whenever it reboots it automatically lets
# someone know.
#
# Put the message you wish to send in the src directory and then use
# the following line in you trigger script:
#
# alarm msg 2>1 | /usr/sbin/sendmail mailid
#
#
#
# usage: alarm { msg file }
#
# There is a companion utility for use with alarm called: page
#

SRC="/usr/local/etc/msgs"
NOTE="Warning"

usage () {
     echo "usage: $0 <msgfile>" 1>&2
     exit 1
}

if [ $# -lt 1 ] ; then
     usage
fi

if [ $# -eq 2 ] ; then
     SRC=$2

fi

if [ ! -f $SRC/$1 ] ; then
         echo "$1; file specified does not exist in default." 1>&2
         exit 1
else
         MSGFILE="$SRC/$1"

fi

if [ $# -eq 2 ] ; then
     NOTE=$MSGFILE

fi


host=`hostname`
echo "Subject: $NOTE from $HOSTNAME"
cat $MSGFILE


PAGE:
#!/bin/bash
#
# $Id: page.sh,v 1.1 2000/09/08 20:06:52 mikel Exp $
#
# by: Mikel King  (mikel.king at upan.org)
#
# This is companion front end utility for alarm. It can be used
# to circumvent the default behavior of alarm which is to send canned
# predefined system messages to a mailid.  This is the pinnacle of the
# reboot alarm pager messaging system.
#
# This implimentation let's you send a different text file
# to a mail id.
#
#       usage:          page mailid messagefile
#         OR
# circumvent mode:      page mailid filename [file path]
#
# The canned messagefiles reside in /usr/local/etc/msgs
#

SENDCMD=/usr/local/sbin/sendmail
FROM=Charlie.Root at ocsinternet.com
alarm $2 $3 2>&1 | ${SENDCMD} -F ${FROM} $1



Cheers,
Mikel King
Optimized Computer Solutions, INC
Tech Alliance, INC
39 West Fourteenth Street
Second Floor
New York, NY 10011
http://www.ocsny.com
http://www.techally.com
t: 212.727.2100x132
+------------------------------------------+
How do you spell cooperation? Pessimists use
each other, but optimists help each other.
Collaboration feeds your spirit, while
competition only stokes your ego. You'll
find the best way to get along.
+------------------------------------------+





From ike  Thu Mar  2 13:04:56 2006
From: ike (Isaac Levy)
Date: Thu, 2 Mar 2006 13:04:56 -0500
Subject: [nycbug-talk] Apple Intel Servers?
Message-ID: <80D39B12-5427-400D-8B2D-8E7B8ABA7370@lesmuug.org>

Hey Okan, All,

An officially relevant cross-post, (are they outlawed alltogether?)

Last night at NYCBUG Okan was asking me about Intel Apple stuff, and  
weather or not it uses Open Firmware.

--
I checked today to try to answer your question about Open Firmware on  
upcoming Intel Apple Servers, and there is no such thing as an Intel  
Apple Server (yet?).

With that,

http://appleintelfaq.com/#17

"Shipping Intel-based Macintosh computers use Intel's new Extensible  
Firmware Interface (EFI)[17.1]."

Suck.  Or mabye not- it's just new.
I'll miss Open Firmware, it's easy and well documented, it's Cisco- 
admin-friendly (it came from Sun back in the day), it's all FORTH  
syntax based.

:(

Rocket-
.ike




From ike  Thu Mar  2 13:34:00 2006
From: ike (Isaac Levy)
Date: Thu, 2 Mar 2006 13:34:00 -0500
Subject: [nycbug-talk] Apple Intel Servers?
Message-ID: <7538F32F-B2BF-43E9-9340-79121EECA79E@lesmuug.org>

Hey Okan, All,

An officially relevant cross-post, ([posted to macosx-unix/lesmmuug  
list too] is that outlawed alltogether?)

Last night at NYCBUG Okan was asking me about Intel Apple stuff, and  
weather or not it uses Open Firmware.

--
I checked today to try to answer your question about Open Firmware on  
upcoming Intel Apple Servers, and there is no such thing as an Intel  
Apple Server (yet?).

With that,

http://appleintelfaq.com/#17

"Shipping Intel-based Macintosh computers use Intel's new Extensible  
Firmware Interface (EFI)[17.1]."

Suck.  Or mabye not- it's just new.
I'll miss Open Firmware, it's easy and well documented, it's Cisco- 
admin-friendly (it came from Sun back in the day), it's all FORTH  
syntax based.

:(

Rocket-
.ike




From nycbug-list  Thu Mar  2 15:08:03 2006
From: nycbug-list (Jonathan Vanasco)
Date: Thu, 2 Mar 2006 15:08:03 -0500
Subject: [nycbug-talk] Apple Intel Servers?
In-Reply-To: <80D39B12-5427-400D-8B2D-8E7B8ABA7370@lesmuug.org>
References: <80D39B12-5427-400D-8B2D-8E7B8ABA7370@lesmuug.org>
Message-ID: <905B7A14-91DA-4562-96B3-722805760E96@2xlp.com>


I'd wait to see what happens on r2 and r3 models

The intel apple stuff scares me -- whenever apple launches something  
new, all of the r1 products have a host of hardware issues that  
really should have been caught in QA

By r2/r3, most of the issues should be resolved, and they often have  
a shift in their ideology in terms of what hardware/software will be  
free , and what gets tossed into open source

its a real common pattern with them



On Mar 2, 2006, at 1:04 PM, Isaac Levy wrote:

> Hey Okan, All,
>
> An officially relevant cross-post, (are they outlawed alltogether?)
>
> Last night at NYCBUG Okan was asking me about Intel Apple stuff, and
> weather or not it uses Open Firmware.
>
> --
> I checked today to try to answer your question about Open Firmware on
> upcoming Intel Apple Servers, and there is no such thing as an Intel
> Apple Server (yet?).
>
> With that,
>
> http://appleintelfaq.com/#17
>
> "Shipping Intel-based Macintosh computers use Intel's new Extensible
> Firmware Interface (EFI)[17.1]."
>
> Suck.  Or mabye not- it's just new.
> I'll miss Open Firmware, it's easy and well documented, it's Cisco-
> admin-friendly (it came from Sun back in the day), it's all FORTH
> syntax based.



From mikel.king  Thu Mar  2 16:31:09 2006
From: mikel.king (Mikel King)
Date: Thu, 2 Mar 2006 16:31:09 -0500
Subject: [nycbug-talk] mysql ssh & fBSD
Message-ID: <167A3391-0E86-43C0-BF31-A5DA3C5A073B@ocsny.com>

I have two mysql dbs running on different fBSD boxes on different  
nodes of the net. I figured out the ssh tunnel part but for some  
reason when I try to connect like so:

# establish the background tunnel
ssh -N -f -L 4406:127.0.0.1:3306 some.other-box.com

#attempt to connect from the local mysql client to the remote server
mysql -P 4406 -u joe_user -p

All I end up with is a connection to the local db and not the remote  
one. Any ideas why this doesn't work even though the docs I'm  
following are claim it should.

cheers,
mikel



From nomadlogic  Thu Mar  2 16:57:05 2006
From: nomadlogic (pete wright)
Date: Thu, 2 Mar 2006 13:57:05 -0800
Subject: [nycbug-talk] Apple Intel Servers?
In-Reply-To: <905B7A14-91DA-4562-96B3-722805760E96@2xlp.com>
References: <80D39B12-5427-400D-8B2D-8E7B8ABA7370@lesmuug.org>
	<905B7A14-91DA-4562-96B3-722805760E96@2xlp.com>
Message-ID: <57d710000603021357if8a71ap352ca68772a05824@mail.gmail.com>

On 3/2/06, Jonathan Vanasco <nycbug-list at 2xlp.com> wrote:
>
> I'd wait to see what happens on r2 and r3 models
>
> The intel apple stuff scares me -- whenever apple launches something
> new, all of the r1 products have a host of hardware issues that
> really should have been caught in QA
>
> By r2/r3, most of the issues should be resolved, and they often have
> a shift in their ideology in terms of what hardware/software will be
> free , and what gets tossed into open source
>
> its a real common pattern with them
>
>

really?  I've had good luck with v1 xserv's and G5 powermac's.  There
where some issues with G4 powerbook's, but those problems where due to
Samsung LCD defects.  Maybe someone who has gotten thier hands on some
of the intel/mac gear can confirm the hardware problems.  I'd hate to
spread more FUD regarding this crossover ;)

-pete

>
> On Mar 2, 2006, at 1:04 PM, Isaac Levy wrote:
>
> > Hey Okan, All,
> >
> > An officially relevant cross-post, (are they outlawed alltogether?)
> >
> > Last night at NYCBUG Okan was asking me about Intel Apple stuff, and
> > weather or not it uses Open Firmware.
> >
> > --
> > I checked today to try to answer your question about Open Firmware on
> > upcoming Intel Apple Servers, and there is no such thing as an Intel
> > Apple Server (yet?).
> >
> > With that,
> >
> > http://appleintelfaq.com/#17
> >
> > "Shipping Intel-based Macintosh computers use Intel's new Extensible
> > Firmware Interface (EFI)[17.1]."
> >
> > Suck.  Or mabye not- it's just new.
> > I'll miss Open Firmware, it's easy and well documented, it's Cisco-
> > admin-friendly (it came from Sun back in the day), it's all FORTH
> > syntax based.
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From ike  Thu Mar  2 16:58:02 2006
From: ike (Isaac Levy)
Date: Thu, 2 Mar 2006 16:58:02 -0500
Subject: [nycbug-talk] Python, UNIX, Design- From the Horses Mouth
Message-ID: <EE87D82D-824E-4F00-8DFD-FB7C3635D682@lesmuug.org>

Hey All,

I and MW got to attend a great lecture hosted at Google NY HQ-  
(thanks Google for the food and drinks!)

--
With that, I pulled some relevant clips out of the first part of his  
talk, 'The History of Python'

Ike-selected Highlights:

- UNIX heavily influenced Python Design
- Python is not designed to exclude any other enviornment or tool,  
but integrate nicely
- Originally designed to replace the UNIX shell, but went another  
direction (bourne is OK with Guido)
- Open Source under MIT License
- Why Object Oriented?  What is OO besides being a buzzword?
- Why was Python designed to hide all the silly limits inside a  
computer from the users?
- Why RegEx was not added as a syntactical element of the base, (it's  
a Library module for a reason!)

--
My 6 minute 'Guido Python Highlights for NYC*BUG/UNIX People' movie  
is posted here:

http://dotike.net/PythonUNIX.mpg


The full lecture is posted here: "The History of Python"
http://video.google.com/videoplay?docid=-7758421725489622662&q=guido 
+van+rossum&pr=goog-sl

Part II, "The State of the Python Universe"
(more interesting if you actually use Python regularly)
http://video.google.com/videoplay?docid=60331183357868340&q=guido+van 
+rossum&pr=goog-sl

--
Rocket-
.ike




From mikel.king  Thu Mar  2 17:19:00 2006
From: mikel.king (Mikel King)
Date: Thu, 02 Mar 2006 17:19 -0500
Subject: [nycbug-talk] Apple Intel Servers?
In-Reply-To: <57d710000603021357if8a71ap352ca68772a05824@mail.gmail.com>
References: <80D39B12-5427-400D-8B2D-8E7B8ABA7370@lesmuug.org>
	<905B7A14-91DA-4562-96B3-722805760E96@2xlp.com>
	<57d710000603021357if8a71ap352ca68772a05824@mail.gmail.com>
Message-ID: <7784-SnapperMsgFC8D8BD2C02D206F@68.246.183.140>

I have a client that has a few intel Macs, so far so good. But on the 
flipside I have experienced some rather unusual out of the box failures 
during the last 6 months. Seemed like Apple was rushing equipment out the 
door relying on post support to pickup the slack.
___
Mikel King
Optimized Computer Solutions, INC.
39 West Fourteenth Street
Second Floor
New York, NY 10011
www.ocsny.com
t: 212.727.2100x132
f: 212.463.8402
***sorry for the top posting but my phone just won't coop...
...... Original Message .......
On Thu, 2 Mar 2006 13:57:05 -0800 "pete wright" <nomadlogic at gmail.com> 
wrote:
>On 3/2/06, Jonathan Vanasco <nycbug-list at 2xlp.com> wrote:
>>
>> I'd wait to see what happens on r2 and r3 models
>>
>> The intel apple stuff scares me -- whenever apple launches something
>> new, all of the r1 products have a host of hardware issues that
>> really should have been caught in QA
>>
>> By r2/r3, most of the issues should be resolved, and they often have
>> a shift in their ideology in terms of what hardware/software will be
>> free , and what gets tossed into open source
>>
>> its a real common pattern with them
>>
>>
>
>really?  I've had good luck with v1 xserv's and G5 powermac's.  There
>where some issues with G4 powerbook's, but those problems where due to
>Samsung LCD defects.  Maybe someone who has gotten thier hands on some
>of the intel/mac gear can confirm the hardware problems.  I'd hate to
>spread more FUD regarding this crossover ;)
>
>-pete
>
>>
>> On Mar 2, 2006, at 1:04 PM, Isaac Levy wrote:
>>
>> > Hey Okan, All,
>> >
>> > An officially relevant cross-post, (are they outlawed alltogether?)
>> >
>> > Last night at NYCBUG Okan was asking me about Intel Apple stuff, and
>> > weather or not it uses Open Firmware.
>> >
>> > --
>> > I checked today to try to answer your question about Open Firmware on
>> > upcoming Intel Apple Servers, and there is no such thing as an Intel
>> > Apple Server (yet?).
>> >
>> > With that,
>> >
>> > http://appleintelfaq.com/#17
>> >
>> > "Shipping Intel-based Macintosh computers use Intel's new Extensible
>> > Firmware Interface (EFI)[17.1]."
>> >
>> > Suck.  Or mabye not- it's just new.
>> > I'll miss Open Firmware, it's easy and well documented, it's Cisco-
>> > admin-friendly (it came from Sun back in the day), it's all FORTH
>> > syntax based.
>>
>> _______________________________________________
>> % NYC*BUG talk mailing list
>> http://lists.nycbug.org/mailman/listinfo/talk
>> %Be sure to check out our Jobs and NYCBUG-announce lists
>> %We meet the first Wednesday of the month
>>
>
>
>--
>~~o0OO0o~~
>Pete Wright
>www.nycbug.org
>NYC's *BSD User Group
>
>_______________________________________________
>% NYC*BUG talk mailing list
>http://lists.nycbug.org/mailman/listinfo/talk
>%Be sure to check out our Jobs and NYCBUG-announce lists
>%We meet the first Wednesday of the month



From okan  Thu Mar  2 20:00:12 2006
From: okan (Okan Demirmen)
Date: Thu, 2 Mar 2006 20:00:12 -0500
Subject: [nycbug-talk] [macosx-unix] Apple Intel Servers?
In-Reply-To: <20060302181323.GA20140@snax.spimageworks.com>
References: <80D39B12-5427-400D-8B2D-8E7B8ABA7370@lesmuug.org>
	<20060302181323.GA20140@snax.spimageworks.com>
Message-ID: <20060303010035.GC12257@clam.khaoz.org>

On Thu 2006.03.02 at 10:13 -0800, Pete Wright wrote:
> On Thu, Mar 02, 2006 at 01:04:56PM -0500, Isaac Levy wrote:
> > Hey Okan, All,
> > 
> > An officially relevant cross-post, (are they outlawed alltogether?)
> > 
> > Last night at NYCBUG Okan was asking me about Intel Apple stuff, and  
> > weather or not it uses Open Firmware.
> > 
> > --
> > I checked today to try to answer your question about Open Firmware on  
> > upcoming Intel Apple Servers, and there is no such thing as an Intel  
> > Apple Server (yet?).
> > 
> > With that,
> > 
> > http://appleintelfaq.com/#17
> > 
> > "Shipping Intel-based Macintosh computers use Intel's new Extensible  
> > Firmware Interface (EFI)[17.1]."
> > 
> > Suck.  Or mabye not- it's just new.
> > I'll miss Open Firmware, it's easy and well documented, it's Cisco- 
> > admin-friendly (it came from Sun back in the day), it's all FORTH  
> > syntax based.
> > 
> 
> i vaugly remember reading about how the mac/intel firmware may be coming
> from the itanium family.  i've never used itanium, or an intel based mac
> for that matter, but that was the impression i got from a freebsd dev a
> while back....

we'll have to wait and see i guess, for the server end of it. i'm going
to try an track down my neighbor who just got an intel-based powerbook -
see if i can convince him to let me in for a few minutes ;)

cheers,
okan


From okan  Thu Mar  2 20:08:32 2006
From: okan (Okan Demirmen)
Date: Thu, 2 Mar 2006 20:08:32 -0500
Subject: [nycbug-talk] mysql ssh & fBSD
In-Reply-To: <167A3391-0E86-43C0-BF31-A5DA3C5A073B@ocsny.com>
References: <167A3391-0E86-43C0-BF31-A5DA3C5A073B@ocsny.com>
Message-ID: <20060303010855.GD12257@clam.khaoz.org>

On Thu 2006.03.02 at 16:31 -0500, Mikel King wrote:
> I have two mysql dbs running on different fBSD boxes on different  
> nodes of the net. I figured out the ssh tunnel part but for some  
> reason when I try to connect like so:
> 
> # establish the background tunnel
> ssh -N -f -L 4406:127.0.0.1:3306 some.other-box.com
> 
> #attempt to connect from the local mysql client to the remote server
> mysql -P 4406 -u joe_user -p
> 
> All I end up with is a connection to the local db and not the remote  
> one. Any ideas why this doesn't work even though the docs I'm  
> following are claim it should.

anything in ~/.my.cnf ? i bet mysql client is using the local socket
instead. try adding "-h localhost".


From scottro  Thu Mar  2 20:16:56 2006
From: scottro (Scott Robbins)
Date: Thu, 2 Mar 2006 20:16:56 -0500
Subject: [nycbug-talk] mplayer problem with real audio file
Message-ID: <20060303011656.GA55448@mail.scottro.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I asked this on FreeBSD forums with no luck, so figured I'd give it a
shot here.  (As you'll see, it's a useless bug report, but hopefully,
someone has experienced it and can give me a pointer.)

I have two machines with mplayer, one running CURRENT, the other
6.1-PRERELEASE.  

I have a few (legitimately obtained) realplayer music files, with an rmj
suffix.  I used to be able to play them with mplayer. 

Now, though they still work on the CURRENT machine, on the
6.1-PRERELEASE, I get the error

REAL file format detected.
Stream description: Audio Stream
Stream mimetype: audio/x-pn-realaudio
Stream mimetype: logical-fileinfo
==========================================================================
Opening audio decoder: [realaud] RealAudio decoder
opening shared obj '/usr/local/lib/win32/atrc.so.6.0'
/libexec/ld-elf.so.1: /usr/local/lib/win32/atrc.so.6.0: Undefined symbol
"__lxstat"

Googling found one mention of it, and the OP got an answer that perhaps
he should update his linux_base port.  The OP never answered whether
that helped or not.  

Both machines have the same version of mplayer, win-32-codecs and
linux_base-8.  As I seldom play music on the PRERELEASE box (it's at
work) I'm not sure when this happened--it might have happened back when
the machine was at 6.0 for all I know (which is why this is a worthless
bug report.)

It's more annoying than anything else--I can use realplayer if I'm in X,
or convert them to oggs on the machine that can play them.  At any rate,
I'm wondering if anyone has ever run into this and could tell me what
I'm missing.

Thanks for any help, and yes, I realize it's pretty much a
non-reproducible problem and I have no idea when it began, so if no one
has any answers, I won't be surprised--as I said in the beginning, it's
my hope that someone ran into this and might have a hint for me. 


- -- 

Scott Robbins

PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Xander: And this...is called a snack food.
Ampata: Snack food?
Xander: Yeah. It's a delicious, spongy, golden cake stuffed with a
delightful,
creamy white substance of goodness.


Xander: And the exciting part is that they have no ingredients that a
human
can pronounce, so it doesn't leave you with that heavy food feeling in
your
stomach.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (FreeBSD)

iD8DBQFEB5kI+lTVdes0Z9YRAkHxAJsHJXZeIhMPklbVRSilCQ1Ef+pRFACeP2zE
64LXA/a2V1mHxJsIDWEZx+I=
=KQ9E
-----END PGP SIGNATURE-----


From ike  Thu Mar  2 20:36:55 2006
From: ike (Isaac Levy)
Date: Thu, 2 Mar 2006 20:36:55 -0500
Subject: [nycbug-talk] Python, UNIX, Design- From the Horses Mouth
In-Reply-To: <EE87D82D-824E-4F00-8DFD-FB7C3635D682@lesmuug.org>
References: <EE87D82D-824E-4F00-8DFD-FB7C3635D682@lesmuug.org>
Message-ID: <0EAD6146-2CF3-4D46-8B02-54AA974A4AC8@lesmuug.org>

Hey All,

> http://dotike.net/PythonUNIX.mpg
>
>
> The full lecture is posted here: "The History of Python"
> http://video.google.com/videoplay?docid=-7758421725489622662&q=guido
> +van+rossum&pr=goog-sl
>
> Part II, "The State of the Python Universe"
> (more interesting if you actually use Python regularly)
> http://video.google.com/videoplay?docid=60331183357868340&q=guido+van
> +rossum&pr=goog-sl

I noted that my link above does not work for some folks- that's what  
I get for posting lazily...

try:
http://dotike.net/PythonUNIX.mp4

instead.  Sorry for any confusion.

Rocket-
.ike




From mikel.king  Thu Mar  2 20:44:36 2006
From: mikel.king (Mikel King)
Date: Thu, 02 Mar 2006 20:44:36 -0500
Subject: [nycbug-talk] mysql ssh & fBSD
In-Reply-To: <20060303010855.GD12257@clam.khaoz.org>
References: <167A3391-0E86-43C0-BF31-A5DA3C5A073B@ocsny.com>
	<20060303010855.GD12257@clam.khaoz.org>
Message-ID: <F0B59A36-1552-47E3-AA91-2773233C7563@ocsny.com>


On Mar 2, 2006, at 8:08 PM, Okan Demirmen wrote:

> On Thu 2006.03.02 at 16:31 -0500, Mikel King wrote:
>> I have two mysql dbs running on different fBSD boxes on different
>> nodes of the net. I figured out the ssh tunnel part but for some
>> reason when I try to connect like so:
>>
>> # establish the background tunnel
>> ssh -N -f -L 4406:127.0.0.1:3306 some.other-box.com
>>
>> #attempt to connect from the local mysql client to the remote server
>> mysql -P 4406 -u joe_user -p
>>
>> All I end up with is a connection to the local db and not the remote
>> one. Any ideas why this doesn't work even though the docs I'm
>> following are claim it should.
>
> anything in ~/.my.cnf ? i bet mysql client is using the local socket
> instead. try adding "-h localhost".

Adding -h 127.0.0.1 worked, but localhost did not. Thanks for  
pointing me onto the right path. 


From bob  Thu Mar  2 20:45:47 2006
From: bob (Bob Ippolito)
Date: Thu, 2 Mar 2006 17:45:47 -0800
Subject: [nycbug-talk] Python, UNIX, Design- From the Horses Mouth
In-Reply-To: <0EAD6146-2CF3-4D46-8B02-54AA974A4AC8@lesmuug.org>
References: <EE87D82D-824E-4F00-8DFD-FB7C3635D682@lesmuug.org>
	<0EAD6146-2CF3-4D46-8B02-54AA974A4AC8@lesmuug.org>
Message-ID: <99BAAFA7-2634-4432-9A88-7D72B8E06A52@redivi.com>


On Mar 2, 2006, at 5:36 PM, Isaac Levy wrote:

> Hey All,
>
>> http://dotike.net/PythonUNIX.mpg
>>
>>
>> The full lecture is posted here: "The History of Python"
>> http://video.google.com/videoplay?docid=-7758421725489622662&q=guido
>> +van+rossum&pr=goog-sl
>>
>> Part II, "The State of the Python Universe"
>> (more interesting if you actually use Python regularly)
>> http://video.google.com/videoplay?docid=60331183357868340&q=guido+van
>> +rossum&pr=goog-sl
>
> I noted that my link above does not work for some folks- that's what
> I get for posting lazily...
>
> try:
> http://dotike.net/PythonUNIX.mp4
>
> instead.  Sorry for any confusion.

Guido gave these lectures at PyCon 2006 also, but I'm not sure if or  
when recordings of that will be available.

-bob



From bschonhorst  Fri Mar  3 09:48:28 2006
From: bschonhorst (Brad Schonhorst)
Date: Fri, 3 Mar 2006 09:48:28 -0500
Subject: [nycbug-talk] Apple Intel Servers?
In-Reply-To: <7784-SnapperMsgFC8D8BD2C02D206F@68.246.183.140>
References: <80D39B12-5427-400D-8B2D-8E7B8ABA7370@lesmuug.org>
	<905B7A14-91DA-4562-96B3-722805760E96@2xlp.com>
	<57d710000603021357if8a71ap352ca68772a05824@mail.gmail.com>
	<7784-SnapperMsgFC8D8BD2C02D206F@68.246.183.140>
Message-ID: <7708fd680603030648t1888b917yb7c8f0e60a7bd04b@mail.gmail.com>

On Thu, 02 Mar 2006 17:19 -0500, Mikel King <mikel.king at ocsny.com> wrote:
> I have a client that has a few intel Macs, so far so good. But on the
> flipside I have experienced some rather unusual out of the box failures
> during the last 6 months. Seemed like Apple was rushing equipment out the
> door relying on post support to pickup the slack.

It seems their hardware issues are not limited only to gen 1 products.
 I just had to have logic boards replaced on 5 eMacs, all purchased in
August 2004.  I was lucky  enough to convince the engineers they
shipped faulty hardware and get the repairs covered w/out warranty
though, so cheers to apple for clean up their mess.

I suppose its not just apple, I recently had a dell server hard drive
go bad after a month of use.

So my question is, if I am planning to purchase an xserve or two in
the near future, do I get a g5 model or wait for the intels, which
will probably mean waiting for the 2nd version of the intels...



From mikel.king  Fri Mar  3 10:20:25 2006
From: mikel.king (Mikel King)
Date: Fri, 3 Mar 2006 10:20:25 -0500
Subject: [nycbug-talk] Apple Intel Servers?
In-Reply-To: <7708fd680603030648t1888b917yb7c8f0e60a7bd04b@mail.gmail.com>
References: <80D39B12-5427-400D-8B2D-8E7B8ABA7370@lesmuug.org>
	<905B7A14-91DA-4562-96B3-722805760E96@2xlp.com>
	<57d710000603021357if8a71ap352ca68772a05824@mail.gmail.com>
	<7784-SnapperMsgFC8D8BD2C02D206F@68.246.183.140>
	<7708fd680603030648t1888b917yb7c8f0e60a7bd04b@mail.gmail.com>
Message-ID: <1D71C076-EDBE-4EFF-BD8C-A4849692B78A@ocsny.com>


On Mar 3, 2006, at 9:48 AM, Brad Schonhorst wrote:

> On Thu, 02 Mar 2006 17:19 -0500, Mikel King <mikel.king at ocsny.com>  
> wrote:
>> I have a client that has a few intel Macs, so far so good. But on the
>> flipside I have experienced some rather unusual out of the box  
>> failures
>> during the last 6 months. Seemed like Apple was rushing equipment  
>> out the
>> door relying on post support to pickup the slack.
>
> It seems their hardware issues are not limited only to gen 1 products.
>  I just had to have logic boards replaced on 5 eMacs, all purchased in
> August 2004.  I was lucky  enough to convince the engineers they
> shipped faulty hardware and get the repairs covered w/out warranty
> though, so cheers to apple for clean up their mess.
>
> I suppose its not just apple, I recently had a dell server hard drive
> go bad after a month of use.
>
> So my question is, if I am planning to purchase an xserve or two in
> the near future, do I get a g5 model or wait for the intels, which
> will probably mean waiting for the 2nd version of the intels...

Brad you raise a concern we've had in my office over the last year  
regarding DELL and HP. Seems that the major manufacturers are rushing  
product out the door skipping the Q/A process. Or at the very least  
running the equipment through a shorter Q/A procedure. Maybe they've  
all subcontracted the same Q/A firm to do this work for them. It just  
seems to me that equipment failures are more common during the first  
3-6 months than they were several years ago.

Has anyone else experienced this trend?


Cheers,
Mikel King
CIO, Director of Network Operations
Optimized Computer Solutions, INC
Tech Alliance, INC
39 West Fourteenth Street
Second Floor
New York, NY 10011
http://www.ocsny.com
http://www.techally.com
t: 212.727.2100x132
+------------------------------------------+
How do you spell cooperation? Pessimists use
each other, but optimists help each other.
Collaboration feeds your spirit, while
competition only stokes your ego. You'll
find the best way to get along.
+------------------------------------------+






From nomadlogic  Fri Mar  3 11:18:19 2006
From: nomadlogic (pete wright)
Date: Fri, 3 Mar 2006 08:18:19 -0800
Subject: [nycbug-talk] Apple Intel Servers?
In-Reply-To: <7708fd680603030648t1888b917yb7c8f0e60a7bd04b@mail.gmail.com>
References: <80D39B12-5427-400D-8B2D-8E7B8ABA7370@lesmuug.org>
	<905B7A14-91DA-4562-96B3-722805760E96@2xlp.com>
	<57d710000603021357if8a71ap352ca68772a05824@mail.gmail.com>
	<7784-SnapperMsgFC8D8BD2C02D206F@68.246.183.140>
	<7708fd680603030648t1888b917yb7c8f0e60a7bd04b@mail.gmail.com>
Message-ID: <57d710000603030818o55c3bb4bs6d0363660a861f4@mail.gmail.com>

On 3/3/06, Brad Schonhorst <bschonhorst at gmail.com> wrote:
> On Thu, 02 Mar 2006 17:19 -0500, Mikel King <mikel.king at ocsny.com> wrote:
> > I have a client that has a few intel Macs, so far so good. But on the
> > flipside I have experienced some rather unusual out of the box failures
> > during the last 6 months. Seemed like Apple was rushing equipment out the
> > door relying on post support to pickup the slack.
>
> It seems their hardware issues are not limited only to gen 1 products.
>  I just had to have logic boards replaced on 5 eMacs, all purchased in
> August 2004.  I was lucky  enough to convince the engineers they
> shipped faulty hardware and get the repairs covered w/out warranty
> though, so cheers to apple for clean up their mess.
>
> I suppose its not just apple, I recently had a dell server hard drive
> go bad after a month of use.
>
> So my question is, if I am planning to purchase an xserve or two in
> the near future, do I get a g5 model or wait for the intels, which
> will probably mean waiting for the 2nd version of the intels...
>


well i guess the question for this would be, would your application
benefit from a 64bit proc like the PPC, or will running it on a 32 bit
Intel be better for you.  The G5 xServe's are pretty nice, and do a
very good job at video encoding when compared to our linux x86 procs.

-p

--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From nycbug-list  Fri Mar  3 11:21:10 2006
From: nycbug-list (Jonathan Vanasco)
Date: Fri, 3 Mar 2006 11:21:10 -0500
Subject: [nycbug-talk] Apple Intel Servers?
In-Reply-To: <1D71C076-EDBE-4EFF-BD8C-A4849692B78A@ocsny.com>
References: <80D39B12-5427-400D-8B2D-8E7B8ABA7370@lesmuug.org>
	<905B7A14-91DA-4562-96B3-722805760E96@2xlp.com>
	<57d710000603021357if8a71ap352ca68772a05824@mail.gmail.com>
	<7784-SnapperMsgFC8D8BD2C02D206F@68.246.183.140>
	<7708fd680603030648t1888b917yb7c8f0e60a7bd04b@mail.gmail.com>
	<1D71C076-EDBE-4EFF-BD8C-A4849692B78A@ocsny.com>
Message-ID: <7EB3BD95-AFA5-479F-A12F-6CCB965FB187@2xlp.com>


On Mar 3, 2006, at 10:20 AM, Mikel King wrote:

>> So my question is, if I am planning to purchase an xserve or two in
>> the near future, do I get a g5 model or wait for the intels, which
>> will probably mean waiting for the 2nd version of the intels...
>
> Brad you raise a concern we've had in my office over the last year
> regarding DELL and HP. Seems that the major manufacturers are rushing
> product out the door skipping the Q/A process. Or at the very least
> running the equipment through a shorter Q/A procedure. Maybe they've
> all subcontracted the same Q/A firm to do this work for them. It just
> seems to me that equipment failures are more common during the first
> 3-6 months than they were several years ago.
>
> Has anyone else experienced this trend?

If you can wait 6months, I'd get an r2.  aside from design flaws /  
q&a issues, they tend to come out with enhancements that make the  
system work better overall -- a little more cache here, some better  
airflow there, etc.

People are definitely rushing through the QA procedure.

Off the top of my head, in the last few mac models
	Powerbooks keep having major issues with optical drives.  they  
weren't anchored in there right, so would often break.   80% of  
people i knew had a failure.  everyone else sent it in to get  
replaced on their time, instead of waiting for a failure.
	 ibooks get faulty logic boards
	1st few months of g5 had fans that would die out ( bad bearings on  
the model ).  The machines would sound like a jet, then turn off from  
overheating.

all of these issues seem to come out after 1 month in the field.

i think apple gets an unfair blame in this, because they get 1M  
people complaining on 10 products, while Dell/HP get 1M people  
complaining on 100 products/configurations.  But across the board,  
people are skimping on QA, and the rev1 versions of the products have  
issues, and tend to be outperformed by rev2 verisons which offer  
slight improvements over performance bottlenecks.

i love using macs.  i've got 3.  but i've learned not to be an 'early  
adopter' of their new hardware, cos it always results in shipping  
something off for a day after it dies in some critical moment.


From nomadlogic  Fri Mar  3 11:22:02 2006
From: nomadlogic (pete wright)
Date: Fri, 3 Mar 2006 08:22:02 -0800
Subject: [nycbug-talk] Apple Intel Servers?
In-Reply-To: <1D71C076-EDBE-4EFF-BD8C-A4849692B78A@ocsny.com>
References: <80D39B12-5427-400D-8B2D-8E7B8ABA7370@lesmuug.org>
	<905B7A14-91DA-4562-96B3-722805760E96@2xlp.com>
	<57d710000603021357if8a71ap352ca68772a05824@mail.gmail.com>
	<7784-SnapperMsgFC8D8BD2C02D206F@68.246.183.140>
	<7708fd680603030648t1888b917yb7c8f0e60a7bd04b@mail.gmail.com>
	<1D71C076-EDBE-4EFF-BD8C-A4849692B78A@ocsny.com>
Message-ID: <57d710000603030822p51ed88e0x26703ecafb136064@mail.gmail.com>

On 3/3/06, Mikel King <mikel.king at ocsny.com> wrote:
>
> On Mar 3, 2006, at 9:48 AM, Brad Schonhorst wrote:
>
> > On Thu, 02 Mar 2006 17:19 -0500, Mikel King <mikel.king at ocsny.com>
> > wrote:
> >> I have a client that has a few intel Macs, so far so good. But on the
> >> flipside I have experienced some rather unusual out of the box
> >> failures
> >> during the last 6 months. Seemed like Apple was rushing equipment
> >> out the
> >> door relying on post support to pickup the slack.
> >
> > It seems their hardware issues are not limited only to gen 1 products.
> >  I just had to have logic boards replaced on 5 eMacs, all purchased in
> > August 2004.  I was lucky  enough to convince the engineers they
> > shipped faulty hardware and get the repairs covered w/out warranty
> > though, so cheers to apple for clean up their mess.
> >
> > I suppose its not just apple, I recently had a dell server hard drive
> > go bad after a month of use.
> >
> > So my question is, if I am planning to purchase an xserve or two in
> > the near future, do I get a g5 model or wait for the intels, which
> > will probably mean waiting for the 2nd version of the intels...
>
> Brad you raise a concern we've had in my office over the last year
> regarding DELL and HP. Seems that the major manufacturers are rushing
> product out the door skipping the Q/A process. Or at the very least
> running the equipment through a shorter Q/A procedure. Maybe they've
> all subcontracted the same Q/A firm to do this work for them. It just
> seems to me that equipment failures are more common during the first
> 3-6 months than they were several years ago.
>
> Has anyone else experienced this trend?
>


oh god, don't get me started on HP :)  We have had serious QC problems
with thier xw8200 workstations.  These things are not cheap either
(and we purchase them by the palate).  First we had ~150 with a bad
cap. on the system board, then the BIOS has an ACPI/USB bug that still
has not been addressed by HP, and the SCSI controllers seem to fry
pretty quickly if you do find one that is stable.  So yea, I think
between all the layoff's and the merger with compaq, Carly really did
a number on HP's quality controll.  Can't really speak for Dell, as I
have never really been a fan of industrial design.

-p

>
> Cheers,
> Mikel King
> CIO, Director of Network Operations
> Optimized Computer Solutions, INC
> Tech Alliance, INC
> 39 West Fourteenth Street
> Second Floor
> New York, NY 10011
> http://www.ocsny.com
> http://www.techally.com
> t: 212.727.2100x132
> +------------------------------------------+
> How do you spell cooperation? Pessimists use
> each other, but optimists help each other.
> Collaboration feeds your spirit, while
> competition only stokes your ego. You'll
> find the best way to get along.
> +------------------------------------------+
>
>
>
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From bschonhorst  Fri Mar  3 15:43:12 2006
From: bschonhorst (Brad Schonhorst)
Date: Fri, 3 Mar 2006 15:43:12 -0500
Subject: [nycbug-talk] Soekris net 4801 - power failure
Message-ID: <7708fd680603031243g486324bh89d80e74cee84c05@mail.gmail.com>

I came home yesterday to find my network down :(

Seems my soekris net 4801 was not working properly.  It appears to not
be getting power.....well the blinky lights were all off.  It will not
power back on.  Has anyone else seen this?  I was hoping it might just
be the power adapter. Emailed the company but haven't heard back....

-Brad



From ike  Fri Mar  3 17:30:43 2006
From: ike (Isaac Levy)
Date: Fri, 3 Mar 2006 17:30:43 -0500
Subject: [nycbug-talk] Soekris net 4801 - power failure
In-Reply-To: <7708fd680603031243g486324bh89d80e74cee84c05@mail.gmail.com>
References: <7708fd680603031243g486324bh89d80e74cee84c05@mail.gmail.com>
Message-ID: <503842A6-CB7C-4D7F-8E0D-A7622A73FE1B@lesmuug.org>

Hi Brad,

On Mar 3, 2006, at 3:43 PM, Brad Schonhorst wrote:

> I came home yesterday to find my network down :(
>
> Seems my soekris net 4801 was not working properly.  It appears to not
> be getting power.....well the blinky lights were all off.  It will not
> power back on.  Has anyone else seen this?  I was hoping it might just
> be the power adapter. Emailed the company but haven't heard back....
>
> -Brad

Well damn, I believe your in luck.

With Soekris boxes, I like to purchase extra power adapters- and have  
one sitting in my bag right now.
Add to that I'm your neighbor in Brooklyn, and I really think your in  
luck.

Give me a call after 7pm if you want to meet up tonight.

Rocket-
.ike




From nycbug-list  Fri Mar  3 17:41:39 2006
From: nycbug-list (Jonathan Vanasco)
Date: Fri, 3 Mar 2006 17:41:39 -0500
Subject: [nycbug-talk] Soekris net 4801 - power failure
In-Reply-To: <503842A6-CB7C-4D7F-8E0D-A7622A73FE1B@lesmuug.org>
References: <7708fd680603031243g486324bh89d80e74cee84c05@mail.gmail.com>
	<503842A6-CB7C-4D7F-8E0D-A7622A73FE1B@lesmuug.org>
Message-ID: <60CAF7D2-5BE4-4E51-8ECD-E0914F6C788F@2xlp.com>


For ~ $10 at most drugstores, kmart, radioshack you can pick up a  
configrable power adapter

it has a 2 switches - one for polarity, one for voltage, and comes  
with a bunch of connectors

they're not designed for longterm use, but they're really good to  
troubleshoot stuff like this.   all power adapters have their  
polarity and voltage on the convertor.  usually its on a sticker, but  
sometimes they're bastards and have it as part f the mold.  i usually  
just do a pencil rubbing with a piece of paper on the box to pull the  
voltage.

anyways, if things don't pan out w/ike, they're a good thing to have  
around.

On Mar 3, 2006, at 5:30 PM, Isaac Levy wrote:

> Hi Brad,
>
> On Mar 3, 2006, at 3:43 PM, Brad Schonhorst wrote:
>
>> I came home yesterday to find my network down :(
>>
>> Seems my soekris net 4801 was not working properly.  It appears to  
>> not
>> be getting power.....well the blinky lights were all off.  It will  
>> not
>> power back on.  Has anyone else seen this?  I was hoping it might  
>> just
>> be the power adapter. Emailed the company but haven't heard back....
>>
>> -Brad
>
> Well damn, I believe your in luck.
>
> With Soekris boxes, I like to purchase extra power adapters- and have
> one sitting in my bag right now.
> Add to that I'm your neighbor in Brooklyn, and I really think your in
> luck.
>
> Give me a call after 7pm if you want to meet up tonight.
>
> Rocket-
> .ike
>
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>

| - - - - - - - - - - - - - - - - - - - -
| RoadSound.com / Indie-Rock.net
| Collaborative Online Management And Syndication Tools
| Launching March 2006
| - - - - - - - - - - - - - - - - - - - -






From bschonhorst  Fri Mar  3 19:55:43 2006
From: bschonhorst (Brad Schonhorst)
Date: Fri, 3 Mar 2006 19:55:43 -0500
Subject: [nycbug-talk] Soekris net 4801 - power failure
In-Reply-To: <503842A6-CB7C-4D7F-8E0D-A7622A73FE1B@lesmuug.org>
References: <7708fd680603031243g486324bh89d80e74cee84c05@mail.gmail.com>
	<503842A6-CB7C-4D7F-8E0D-A7622A73FE1B@lesmuug.org>
Message-ID: <7708fd680603031655m5cb7e23jca31ceb891aa03ef@mail.gmail.com>

On 3/3/06, Isaac Levy <ike at lesmuug.org> wrote:
> Hi Brad,
>
> On Mar 3, 2006, at 3:43 PM, Brad Schonhorst wrote:
>
> > I came home yesterday to find my network down :(
> >
> > Seems my soekris net 4801 was not working properly.  It appears to not
> > be getting power.....well the blinky lights were all off.  It will not
> > power back on.  Has anyone else seen this?  I was hoping it might just
> > be the power adapter. Emailed the company but haven't heard back....
> >
> > -Brad
>
> Well damn, I believe your in luck.
>
> With Soekris boxes, I like to purchase extra power adapters- and have
> one sitting in my bag right now.
> Add to that I'm your neighbor in Brooklyn, and I really think your in
> luck.
>
> Give me a call after 7pm if you want to meet up tonight.
>

This group never ceases to amaze me.  Ask and you shall receive...



From spork  Fri Mar  3 21:54:09 2006
From: spork (Charles Sprickman)
Date: Fri, 3 Mar 2006 21:54:09 -0500 (EST)
Subject: [nycbug-talk] Zero to IPSEC in 4 minutes... (OpenBSD)
Message-ID: <Pine.OSX.4.61.0603032152540.12165@gee5.local>

I found this linked off of undeadly:

http://www.securityfocus.com/infocus/1859

Very cool, I'd not been keeping up with their new "ipsecctl" stuff.  It 
looks incredibly easy to get going.

Charles


From dave  Sat Mar  4 02:01:40 2006
From: dave (David Lawson)
Date: Sat, 4 Mar 2006 02:01:40 -0500
Subject: [nycbug-talk] Multiple CARP addresses on Free
Message-ID: <7E9E0962-8D98-40AE-BC8D-8CC0221E982E@donnerjack.com>

Hey,
I'm trying to set up a pair of FreeBSD boxes as a NATing gateway/ 
firewall with CARP and pf, and I'm running into a few problems with  
the rc.conf incantation to get things working correctly, I'm hoping  
someone here might be able to point me in the right direction.  I'm  
trying to set up two CARP addresses, one for the external interfaces  
and one for the internal ones.  The external one (carp0) works fine  
on boot, but the internal one (carp1) does not.  The interface is  
created, but it's not assigned to a vhid nor does it acquire the IP  
address I've assigned it in rc.conf.  The FreeBSD way seems to  
diverge significantly from the OpenBSD way on this matter and the  
documentation (what I've found at least) isn't as comprehensive as  
I'd like, so I'm hoping someone can shed some light on the matter.   
I'm excerpting the relevant portions of my rc.conf below with the IP  
addresses elided.

cloned_interfaces="carp0 carp1"
ifconfig_carp0="vhid 1 pass foo 1.2.3.4/24"
ifconfig carp1="vhid 2 pass bar 192.168.23.221/24"

On boot, carp0 comes up fine, but carp1 comes up like this:
carp1: flags=0<> mtu 1500

Interestingly enough, if I run /etc/rc.d/netif restart, it does throw  
an error:
ifconfig: interface carp1=vhid 2 pas does not exist

I've no idea what to make of that, personally.  I can bring the  
interface up manually with:
ifconfig carp1 vhid 2 pass bar 192.168.23.221/24

Any suggestions?  I appreciate any comments anyone might have.

--Dave


From ike  Sat Mar  4 13:08:36 2006
From: ike (Isaac Levy)
Date: Sat, 4 Mar 2006 13:08:36 -0500
Subject: [nycbug-talk] Multiple CARP addresses on Free
In-Reply-To: <7E9E0962-8D98-40AE-BC8D-8CC0221E982E@donnerjack.com>
References: <7E9E0962-8D98-40AE-BC8D-8CC0221E982E@donnerjack.com>
Message-ID: <2860EB76-C3EE-4CCD-8768-C0740895C144@lesmuug.org>

Hi David,

On Mar 4, 2006, at 2:01 AM, David Lawson wrote:

> Hey,
> I'm trying to set up a pair of FreeBSD boxes as a NATing gateway/
> firewall with CARP and pf, and I'm running into a few problems with
> the rc.conf incantation to get things working correctly, I'm hoping
> someone here might be able to point me in the right direction.  I'm
> trying to set up two CARP addresses, one for the external interfaces
> and one for the internal ones.  The external one (carp0) works fine
> on boot, but the internal one (carp1) does not.  The interface is
> created, but it's not assigned to a vhid nor does it acquire the IP
> address I've assigned it in rc.conf.

Hrm.  Something smells like a bug (but in my neighborhood, if you  
haven't seen the cockroaches yet, don't put out the traps- they  
attract the cockroaches...) so I'll bite my tounge.

> The FreeBSD way seems to
> diverge significantly from the OpenBSD way on this matter and the
> documentation (what I've found at least) isn't as comprehensive as
> I'd like, so I'm hoping someone can shed some light on the matter.

For the long-term, can you point to these resources?  I'd like to  
read them and try to resolve these differences- (again, thinking long- 
term).

> I'm excerpting the relevant portions of my rc.conf below with the IP
> addresses elided.
>
> cloned_interfaces="carp0 carp1"
> ifconfig_carp0="vhid 1 pass foo 1.2.3.4/24"
> ifconfig carp1="vhid 2 pass bar 192.168.23.221/24"
>
> On boot, carp0 comes up fine, but carp1 comes up like this:
> carp1: flags=0<> mtu 1500
>
> Interestingly enough, if I run /etc/rc.d/netif restart, it does throw
> an error:
> ifconfig: interface carp1=vhid 2 pas does not exist

For the short-term, could you try putting that ifconfig command into  
rc.local and report back to see what happens? (Of course, commenting  
out the carp1 line in your rc.conf).

Here's my logic on trying that- I have a feeling, based on some other  
experiences with rc scripts barfing for 'more esoteric' features,  
<cough>jail</cough> that the rc script may be doing something  
improperly with ifconfig specific to the carp interfaces.  (I.E. it  
may be something where the carp parts were tacked into the netif rc  
stuff as an afterthought- this stuff is only 2 years old in the  
FreeBSD world...).

If the rc.local hack works, then it seems to me it would be worth  
finding the bug in the rc.d/netif shell script, and submitting a PR.   
(I'd get in on that btw).

>
> I've no idea what to make of that, personally.  I can bring the
> interface up manually with:
> ifconfig carp1 vhid 2 pass bar 192.168.23.221/24
>
> Any suggestions?  I appreciate any comments anyone might have.

I hope this suggestion is sane for you- I hate suggesting band-aids,  
but if it works towards a proper fix long-term it's worth trying?

Rocket-
.ike




From o_sleep  Sat Mar  4 14:52:36 2006
From: o_sleep (Bjorn Nelson)
Date: Sat, 4 Mar 2006 14:52:36 -0500
Subject: [nycbug-talk] Multiple CARP addresses on Free
In-Reply-To: <7E9E0962-8D98-40AE-BC8D-8CC0221E982E@donnerjack.com>
References: <7E9E0962-8D98-40AE-BC8D-8CC0221E982E@donnerjack.com>
Message-ID: <F81DDEAB-3495-4234-BE1E-1A64242BB04A@belovedarctos.com>

Hey David,

On Mar 4, 2006, at 2:01 AM, David Lawson wrote:


> ifconfig_carp0="vhid 1 pass foo 1.2.3.4/24"
> ifconfig carp1="vhid 2 pass bar 192.168.23.221/24"

It looks like you have a space between ifconfig and carp1, it should  
be an underline.

-Bjorn


From ike  Sat Mar  4 15:08:28 2006
From: ike (Isaac Levy)
Date: Sat, 4 Mar 2006 15:08:28 -0500
Subject: [nycbug-talk] Multiple CARP addresses on Free
In-Reply-To: <F81DDEAB-3495-4234-BE1E-1A64242BB04A@belovedarctos.com>
References: <7E9E0962-8D98-40AE-BC8D-8CC0221E982E@donnerjack.com>
	<F81DDEAB-3495-4234-BE1E-1A64242BB04A@belovedarctos.com>
Message-ID: <C874E463-CC00-4C38-B0D0-D1D7B118CE14@lesmuug.org>

On Mar 4, 2006, at 2:52 PM, Bjorn Nelson wrote:

>> ifconfig_carp0="vhid 1 pass foo 1.2.3.4/24"
>> ifconfig carp1="vhid 2 pass bar 192.168.23.221/24"
>
> It looks like you have a space between ifconfig and carp1, it should
> be an underline.

I'm pleasantly humbled by missing that.

Rocket-
.ike




From dave  Sat Mar  4 15:54:24 2006
From: dave (David Lawson)
Date: Sat, 4 Mar 2006 15:54:24 -0500
Subject: [nycbug-talk] Multiple CARP addresses on Free
In-Reply-To: <F81DDEAB-3495-4234-BE1E-1A64242BB04A@belovedarctos.com>
References: <7E9E0962-8D98-40AE-BC8D-8CC0221E982E@donnerjack.com>
	<F81DDEAB-3495-4234-BE1E-1A64242BB04A@belovedarctos.com>
Message-ID: <A63E71C4-F131-4190-B953-461E6163715B@donnerjack.com>

....Son of a bitch.  So I do.  Thus I learn, once again, the dangers  
of cutting and pasting configs between machines.  Man, thanks for  
catching that, sorry to spam with such a bonehead error.

--Dave
On Mar 4, 2006, at 2:52 PM, Bjorn Nelson wrote:

> Hey David,
>
> On Mar 4, 2006, at 2:01 AM, David Lawson wrote:
>
>
>> ifconfig_carp0="vhid 1 pass foo 1.2.3.4/24"
>> ifconfig carp1="vhid 2 pass bar 192.168.23.221/24"
>
> It looks like you have a space between ifconfig and carp1, it  
> should be an underline.
>
> -Bjorn
>



From tux  Sat Mar  4 22:14:27 2006
From: tux (Kevin Reiter)
Date: Sat, 04 Mar 2006 22:14:27 -0500
Subject: [nycbug-talk] CLI mailing from FreeBSD 6.0 Release Question
In-Reply-To: <20060302113611.GB49269@mail.scottro.net>
References: <440661D4.5020007@penguinnetwerx.net>	<1157.69.119.149.0.1141278821.squirrel@www.geekisp.com>	<44068D7C.10807@penguinnetwerx.net>
	<20060302113611.GB49269@mail.scottro.net>
Message-ID: <440A5793.1030805@penguinnetwerx.net>

Scott Robbins wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thu, Mar 02, 2006 at 01:15:24AM -0500, Kevin Reiter wrote:
>> I'm trying to use mail.optonline.net as my SMTP server, which is what 
>> they (OptOnline) want us to use.
>>
>> After some digging and a few helpful suggestions from David Lawson, I'm 
>> hacking my /etc/mail/freebsd.mc file to see if that does the trick.  I 
>> really don't feel like going through the trouble of installing 
>> qmail/exim/postfix just to be able to send mail once a day to myself of 
>> an IP address change..
> 
> There is also ssmtp, a dropin for sendmail.   You, can after installing
> it, type (while in the port's directory) make replace and it will
> rewrite mailer.conf. 
> 
> The drawback is that it will send all messages through the smtp
> server--that is, system messages, rather than simply being sent from
> the system to root (or root's alias) on the machine, will go out through
> optonline's server and back to you.  
> 
> I have a little page with more about it at 
> 
> http://qnd-guides.net/qnd-ssmtp.html

Installed and configured in about a minute - that did the trick!

I have no idea what the problem was with sendmail (nor do I care, since 
I have no real desire to learn sendmail) but replacing it with ssmtp was 
flawless.  I tested it with a few scripts, and now have e-mail going out.

Thanks, Scott!

Kev


From lists  Sun Mar  5 10:16:55 2006
From: lists (michael)
Date: Sun, 5 Mar 2006 10:16:55 -0500
Subject: [nycbug-talk] Fw: March 2006 User Group Newsletter from
 Addison-Wesley/Prentice Hall
Message-ID: <20060305101655.31b058f5@wit.genoverly.home>

FYI

==========================
Begin forwarded message:

NEWSFLASH!  
 
Be sure your members are receiving 35% off list price when they purchase
books directly from the Addison-Wesley/ Prentice Hall websites!  

Visit: www.awprofessional.com or www.prenhallprofessional.com      

Select the book(s) of your choice and enter COUPON CODE:  "USERGROUP"
(case-sensitive!) at Checkout Step #3 (Payment Method)

REVIEWS, REVIEWS !!!! 
 
Please encourage your members to support their favorite books by
submitting reviews for any of our books directly online at:
www.awprofessional.com/review OR www.prenhallprofessional.com/review   

And/or, if your group hosts reviews on its own site or includes reviews
in its listserv/newsletter, please send me the links! :} 
 
Addison-Wesley/Prentice Hall is glad to be working with your User Group!
 
Heather Fox
Senior Publicist & User Group Liaison

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.nycbug.org/pipermail/talk/attachments/20060305/f7323647/attachment-0001.html 


From dave  Sun Mar  5 20:01:11 2006
From: dave (David Lawson)
Date: Sun, 5 Mar 2006 20:01:11 -0500
Subject: [nycbug-talk] Open/Free CARP implementation differences
Message-ID: <C63903DE-096E-4216-BACA-4BF93502A832@donnerjack.com>

I'm posting this here per Ike's request, it was originally a private  
answer to his question about the variation in CARP implementation  
between Open and Free.

The primary difference I've found is that, at least in the OpenBSD  
docs I've looked at, CARP interfaces are tied to a physical  
interface, a.l.a. aliases.  This doesn't appear to be the case in  
Free, they appear to be pure virtual interfaces.  I have a feeling  
there's some underlying code there that ties a CARP interface to a  
physical interfaces with an address on the same subnet, but I've no  
proof of it and I'm not entirely sure that's a safe assumption.  For  
example, look at the OpenBSD man page for CARP:
http://www.openbsd.org/faq/pf/carp.html

Note that there's a tip in there, down at the bottom, saying that pf  
will interpret packets coming in over the CARP virtual interface as  
actually coming through the physical interface that it's tied to.   
Since no such relationship exists in Free, I'm a little puzzled as to  
how to compose my rulesets.  That's the biggest difference I've found  
so far, that Free doesn't have a carpdev option to ifconfig when  
you're invoking a CARP interface, and that you can create one in the  
same command you use to configure it, rather than creating it, then  
doing IP configuration and vhid assignments and the like.

--Dave



From spork  Sun Mar  5 22:25:53 2006
From: spork (Charles Sprickman)
Date: Sun, 5 Mar 2006 22:25:53 -0500 (EST)
Subject: [nycbug-talk] OpenBSD, kernel debugger
Message-ID: <Pine.OSX.4.61.0603042142120.289@gee5.local>

Hi all,

Looking for a little help in resurrecting my OpenBSD firewall.  I sort of 
gave up on it when I couldn't upgrade past 3.3 since everything after that 
either locks up or panics on boot from CD or the hard drive.  So right now 
I've got PFSense running on what was a desktop workstation, but it does so 
many complex things with just a "point-n-click" that I'm not properly 
learning queueing/shaping, tags, anchors and all that other newish stuff.

So the gist of my problem is this...  Something has changed post OpenBSD 
3.3 that has made it not work on the hardware I want to use.  I don't 
think that I can provide any useful info to the OBSD folks without getting 
a core dump and taking a look at where the panic originates.  But I'm 
totally lost as to how to force a dump to disk when the kernel is still 
booting.  Ignoring the rest of the possible problems here (I did give the 
hardware a good once-over, including a 24+ hour memtest86+ run), how do I 
accomplish getting it to dump to disk when it panics with a 3.4 or newer 
kernel booted either off of CD or hard drive?

I've asked this a few times on -misc, but haven't really pulled a good 
answer out of anyone there...  So any clever OBSD lurkers - delurk!

Thanks,

Charles


From nycbug  Mon Mar  6 00:51:39 2006
From: nycbug (Ray Lai)
Date: Mon, 6 Mar 2006 00:50:39 -0501
Subject: [nycbug-talk] OpenBSD, kernel debugger
In-Reply-To: <Pine.OSX.4.61.0603042142120.289@gee5.local>
References: <Pine.OSX.4.61.0603042142120.289@gee5.local>
Message-ID: <20060306055102.GD16527@syntax.cyth.net>

On Sun, Mar 05, 2006 at 10:25:53PM -0500, Charles Sprickman wrote:
> Looking for a little help in resurrecting my OpenBSD firewall.  I sort of 
> gave up on it when I couldn't upgrade past 3.3 since everything after that 
> either locks up or panics on boot from CD or the hard drive.  So right now 
> I've got PFSense running on what was a desktop workstation, but it does so 
> many complex things with just a "point-n-click" that I'm not properly 
> learning queueing/shaping, tags, anchors and all that other newish stuff.
> 
> So the gist of my problem is this...  Something has changed post OpenBSD 
> 3.3 that has made it not work on the hardware I want to use.  I don't 
> think that I can provide any useful info to the OBSD folks without getting 
> a core dump and taking a look at where the panic originates.  But I'm 
> totally lost as to how to force a dump to disk when the kernel is still 
> booting.  Ignoring the rest of the possible problems here (I did give the 
> hardware a good once-over, including a 24+ hour memtest86+ run), how do I 
> accomplish getting it to dump to disk when it panics with a 3.4 or newer 
> kernel booted either off of CD or hard drive?
> 
> I've asked this a few times on -misc, but haven't really pulled a good 
> answer out of anyone there...  So any clever OBSD lurkers - delurk!

Try booting a CD image of the latest OpenBSD snapshot and try to
record the dmesg and backtrace, if you haven't done so already.
Send it in.

If you insist on trying to get a core dump, ensure the swap partition
on the same disk as your root partition is larger than the amount
of RAM you have, preferably double that amount.  So if your root
partition is sd1a and you have 512 megs RAM, make sure you have at
least a 512 meg partition in sd1a, preferably 1 gig RAM.  Also make
sure your /var/crash directory can hold that much as well!

Stick a copy of the latest OpenBSD snapshot's kernel in your root
directory and name it nbsd or something so you don't overwrite your
existing kernel.

You probably won't be able to boot that directly using your existing
boot manager thing, so you'll have to boot using a floppy or
something.  So burn a CD image or dd a floppy disk, boot it, and
when it gets to the "boot> " prompt, tell it to load the hard drive
kernel ("boot> boot hd1a:/nbsd" in this example).

You should be booting your new kernel now.  Once it panics and drops
into ddb, type "boot dump".  This saves the core dump into the swap
partition.  Upon reboot the system should see the core dump in the
swap and save it to /var/crash.  You now have a core dump.

I hope these instructions work.  You may need some improvisation,
street smarts, and frosted lucky charms.

-Ray-


From george  Tue Mar  7 12:34:02 2006
From: george (George Georgalis)
Date: Tue, 7 Mar 2006 12:34:02 -0500
Subject: [nycbug-talk] hardware compatability Re: Linux emulation,
	binary software, cluster/grid and SMP
In-Reply-To: <20060118025622.GF31436@sta.duo>
References: <20060118025622.GF31436@sta.duo>
Message-ID: <20060307173402.GC6702@sta.duo>


On Tue, Jan 17, 2006 at 09:56:22PM -0500, George Georgalis wrote:
>
>What about SMP? All of our systems are AMD 2x CPU. How does Linux
>emulation perform with SMP?
>
>As might be apparent from my questions, we are presently running
>Linux; I anticipate few runtime problems with most software, if
>any; but, any comments along these lines are welcome. Feel free to
>respond directly or on-list.
>

For those of you who recall my inquiry a little while back...  I
did get the green light for netbsd. :) and now I have a set of
dual Opteron blades, with some driver problems.

Want to do netboot later, but as a first pass, I tried to install
on the local sata disk. The installer was not able to detect the
sata controller, but I was able to have it emulate pata (IDE) in
bios and the install went fine.

However, the installer (usb cdrom 3.0) does not detect any network
interfaces and on bootup, the ps2 keyboard no longer functions.

The blade system integrates a kvm device with a button on each
blade for vga, a pair of usb and 2 ps2 ports on the back. On
the front of each blade are two more USB ports and a serial
port. There is also a management and a console jack on the back,
but not sure of their operation. A rear module provides two nics
for each blade.

I tried booting the netbsd install with an apple usb keyboard on
the front, still no response to either keyboard. I didn't know
what boot options to try.

...so as soon as I can get the keyboard and network going...

I have no idea what's up with the keyboard but the nic is a
Broadcom bcm5700 which I don't see in 3-0 source. The blades came
with RedHat, the dmesg is below. Is there any hope?

The chassis/blades are called BladeRunner from PenguinComputing.com,
we have a lot of other hardware from them, which uses well
supported devices (such as LSI Logic MegaRAID, or Intel network
interfaces).  We choose these units for their high density, low
power consumption and a replacement warranty; all important, the
vendor didn't promise netbsd support, but if we cannot get a
netbsd network driver (or possibly a new network module that is
supported), we will be looking for a new vendor; and return these
(if that is a viable option).

So, in addition to comments on the keyboard and network.
Recommendations and/or solicitation for a new vendor are
welcome (on or offline).

Thanks,
// George


Bootdata ok (command line is ro root=LABEL=/  rhgb quiet)
Linux version 2.6.12-1.1447_FC4smp (bhcompile at dolly.build.redhat.com) (gcc version 4.0.1 20050727 (Red Hat 4.0.1-5)) #1 SMP Fri Aug 26 21:03:12 EDT 2005
BIOS-provided physical RAM map:
 BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
 BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
 BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
 BIOS-e820: 0000000000100000 - 000000007fff0000 (usable)
 BIOS-e820: 000000007fff0000 - 000000007fffe000 (ACPI data)
 BIOS-e820: 000000007fffe000 - 0000000080000000 (ACPI NVS)
 BIOS-e820: 00000000fec00000 - 00000000fec03000 (reserved)
 BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
 BIOS-e820: 00000000ff700000 - 0000000100000000 (reserved)
ACPI: RSDP (v000 ACPIAM                                ) @ 0x00000000000f74f0
ACPI: RSDT (v001 A M I  OEMRSDT  0x11000503 MSFT 0x00000097) @ 0x000000007fff0000
ACPI: FADT (v002 A M I  OEMFACP  0x11000503 MSFT 0x00000097) @ 0x000000007fff0200
ACPI: MADT (v001 A M I  OEMAPIC  0x11000503 MSFT 0x00000097) @ 0x000000007fff0390
ACPI: SPCR (v001 A M I  OEMSPCR  0x11000503 MSFT 0x00000097) @ 0x000000007fff0430
ACPI: MCFG (v001 A M I  OEMMCFG  0x11000503 MSFT 0x00000097) @ 0x000000007fff0480
ACPI: OEMB (v001 A M I  AMI_OEM  0x11000503 MSFT 0x00000097) @ 0x000000007fffe040
ACPI: DSDT (v001  Bega_ Bega_102 0x00000102 INTL 0x02002026) @ 0x0000000000000000
Scanning NUMA topology in Northbridge 24
Number of nodes 2
Node 0 MemBase 0000000000000000 Limit 000000007fff0000
Skipping disabled node 1
Using node hash shift of 24
Bootmem setup node 0 0000000000000000-000000007fff0000
On node 0 totalpages: 524272
  DMA zone: 4096 pages, LIFO batch:1
  Normal zone: 520176 pages, LIFO batch:31
  HighMem zone: 0 pages, LIFO batch:1
ACPI: PM-Timer IO Port: 0x508
ACPI: Local APIC address 0xfee00000
ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] enabled)
Processor #0 15:5 APIC version 16
ACPI: LAPIC (acpi_id[0x02] lapic_id[0x01] enabled)
Processor #1 15:5 APIC version 16
ACPI: LAPIC (acpi_id[0x03] lapic_id[0x82] disabled)
ACPI: LAPIC (acpi_id[0x04] lapic_id[0x83] disabled)
ACPI: LAPIC_NMI (acpi_id[0x01] high edge lint[0x1])
ACPI: LAPIC_NMI (acpi_id[0x02] high edge lint[0x1])
ACPI: LAPIC_NMI (acpi_id[0x03] high edge lint[0x1])
ACPI: LAPIC_NMI (acpi_id[0x04] high edge lint[0x1])
ACPI: IOAPIC (id[0x02] address[0xfec00000] gsi_base[0])
IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-15
ACPI: IOAPIC (id[0x03] address[0xfec01000] gsi_base[16])
IOAPIC[1]: apic_id 3, version 17, address 0xfec01000, GSI 16-31
ACPI: IOAPIC (id[0x04] address[0xfec02000] gsi_base[32])
IOAPIC[2]: apic_id 4, version 17, address 0xfec02000, GSI 32-47
ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
ACPI: IRQ0 used by override.
ACPI: IRQ2 used by override.
ACPI: IRQ9 used by override.
Setting APIC routing to flat
ACPI: MMCONFIG not in low 4GB of memory
Using ACPI (MADT) for SMP configuration information
Allocating PCI resources starting at 80000000 (gap: 80000000:7ec00000)
Checking aperture...
CPU 0: aperture @ c0000000 size 256 MB
CPU 1: aperture @ c0000000 size 256 MB
Built 1 zonelists
Kernel command line: ro root=LABEL=/  rhgb quiet
Initializing CPU#0
PID hash table entries: 4096 (order: 12, 131072 bytes)
time.c: Using 3.579545 MHz PM timer.
time.c: Detected 1995.059 MHz processor.
Console: colour VGA+ 80x25
Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes)
Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes)
Memory: 2054504k/2097088k available (2241k kernel code, 0k reserved, 1321k data, 224k init)
Calibrating delay loop... 3932.16 BogoMIPS (lpj=1966080)
Security Framework v1.0.0 initialized
SELinux:  Initializing.
SELinux:  Starting in permissive mode
selinux_register_security:  Registering secondary module capability
Capability LSM initialized as secondary
Mount-cache hash table entries: 256
CPU: L1 I Cache: 64K (64 bytes/line), D cache 64K (64 bytes/line)
CPU: L2 Cache: 1024K (64 bytes/line)
CPU 0(1) -> Node 0 -> Core 0
Using local APIC timer interrupts.
Detected 12.469 MHz APIC timer.
Booting processor 1/1 rip 6000 rsp ffff810003351f58
Initializing CPU#1
Calibrating delay loop... 3989.50 BogoMIPS (lpj=1994752)
CPU: L1 I Cache: 64K (64 bytes/line), D cache 64K (64 bytes/line)
CPU: L2 Cache: 1024K (64 bytes/line)
CPU 1(1) -> Node 0 -> Core 0
AMD Opteron(tm) Processor 246 HE stepping 01
CPU 1: Syncing TSC to CPU 0.
CPU 1: synchronized TSC with CPU 0 (last diff -118 cycles, maxerr 1007 cycles)
Brought up 2 CPUs
Disabling vsyscall due to use of PM timer
time.c: Using PM based timekeeping.
testing NMI watchdog ... OK.
CPU0 attaching sched-domain:
 domain 0: span 00000001
  groups: 00000001
  domain 1: span 00000003
   groups: 00000001 00000002
   domain 2: span 00000003
    groups: 00000003
CPU1 attaching sched-domain:
 domain 0: span 00000002
  groups: 00000002
  domain 1: span 00000003
   groups: 00000002 00000001
   domain 2: span 00000003
    groups: 00000003
checking if image is initramfs... it is
NET: Registered protocol family 16
ACPI: bus type pci registered
PCI: Using configuration type 1
mtrr: v2.0 (20020519)
ACPI: Subsystem revision 20050729
ACPI: Interpreter enabled
ACPI: Using IOAPIC for interrupt routing
ACPI: PCI Root Bridge [PCI0] (0000:00)
PCI: Probing PCI hardware (bus 00)
ACPI: Assume root bridge [\_SB_.PCI0] segment is 0
PCI: Ignoring BAR0-3 of IDE controller 0000:00:02.1
Boot video device is 0000:00:05.0
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.BR1E._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.BR28._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.BR3C._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.BR46._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.P0P1._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.P0P1.P1P2._PRT]
ACPI: PCI Interrupt Link [LN00] (IRQs 3 4 5 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN01] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN02] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN03] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN04] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN05] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN06] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN07] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN08] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN09] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN10] (IRQs 1 3 4 *5 6 7 9 11 12 14 15)
ACPI: PCI Interrupt Link [LN11] (IRQs 1 3 4 5 6 7 *9 11 12 14 15)
ACPI: PCI Interrupt Link [LN12] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN13] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN14] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN15] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN16] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN17] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN18] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN19] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN20] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN21] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN22] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN23] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN24] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN25] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN26] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN27] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN28] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN29] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LN30] (IRQs 1 3 4 5 6 7 9 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNUS] (IRQs *10)
ACPI: PCI Interrupt Link [LNSA] (IRQs *11)
Linux Plug and Play Support v0.97 (c) Adam Belay
pnp: PnP ACPI init
pnp: PnP ACPI: found 11 devices
usbcore: registered new driver usbfs
usbcore: registered new driver hub
PCI: Using ACPI for IRQ routing
PCI: If a device doesn't work, try "pci=routeirq".  If it helps, post a report
PCI-DMA: Disabling IOMMU.
pnp: 00:06: ioport range 0x600-0x61f has been reserved
pnp: 00:06: ioport range 0x520-0x53f has been reserved
pnp: 00:06: ioport range 0x540-0x54f could not be reserved
pnp: 00:06: ioport range 0x640-0x65f has been reserved
IA32 emulation $Id: sys_ia32.c,v 1.32 2002/03/24 13:02:28 ak Exp $
audit: initializing netlink socket (disabled)
audit(1141400812.606:1): initialized
Total HugeTLB memory allocated, 0
VFS: Disk quotas dquot_6.5.1
Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
SELinux:  Registering netfilter hooks
Initializing Cryptographic API
ksign: Installing public key data
Loading keyring
- Added public key 8FF118C6F93E8ADF
- User ID: Red Hat, Inc. (Kernel Module GPG key)
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
PCI: Setting latency timer of device 0000:00:08.0 to 64
pcie_portdrv_probe->Dev[0132:1166] has invalid IRQ. Check vendor BIOS
PCI: Setting latency timer of device 0000:00:09.0 to 64
pcie_portdrv_probe->Dev[0132:1166] has invalid IRQ. Check vendor BIOS
PCI: Setting latency timer of device 0000:00:0a.0 to 64
pcie_portdrv_probe->Dev[0132:1166] has invalid IRQ. Check vendor BIOS
PCI: Setting latency timer of device 0000:00:0b.0 to 64
pcie_portdrv_probe->Dev[0132:1166] has invalid IRQ. Check vendor BIOS
ACPI: CPU0 (power states: C1[C1])
ACPI: CPU1 (power states: C1[C1])
Real Time Clock Driver v1.12
Linux agpgart interface v0.101 (c) Dave Jones
PNP: No PS/2 controller found. Probing ports directly.
serio: i8042 AUX port at 0x60,0x64 irq 12
serio: i8042 KBD port at 0x60,0x64 irq 1
Serial: 8250/16550 driver $Revision: 1.90 $ 76 ports, IRQ sharing enabled
ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered
RAMDISK driver initialized: 16 RAM disks of 16384K size 1024 blocksize
Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
Probing IDE interface ide0...
Probing IDE interface ide1...
ide-floppy driver 0.99.newide
usbcore: registered new driver hiddev
usbcore: registered new driver usbhid
drivers/usb/input/hid-core.c: v2.01:USB HID core driver
mice: PS/2 mouse device common for all mice
md: md driver 0.90.1 MAX_MD_DEVS=256, MD_SB_DISKS=27
NET: Registered protocol family 2
IP: routing cache hash table of 8192 buckets, 128Kbytes
TCP established hash table entries: 262144 (order: 10, 4194304 bytes)
TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
TCP: Hash tables configured (established 262144 bind 65536)
Initializing IPsec netlink socket
NET: Registered protocol family 1
NET: Registered protocol family 17
powernow-k8: Found 2 AMD Athlon 64 / Opteron processors (version 1.50.3)
powernow-k8:    0 : fid 0xc (2000 MHz), vid 0x8 (1350 mV)
powernow-k8:    1 : fid 0xa (1800 MHz), vid 0x8 (1350 mV)
powernow-k8:    2 : fid 0x2 (1000 MHz), vid 0x12 (1100 mV)
cpu_init done, current fid 0xc, vid 0x8
powernow-k8:    0 : fid 0xc (2000 MHz), vid 0x8 (1350 mV)
powernow-k8:    1 : fid 0xa (1800 MHz), vid 0x8 (1350 mV)
powernow-k8:    2 : fid 0x2 (1000 MHz), vid 0x12 (1100 mV)
cpu_init done, current fid 0xc, vid 0x8
ACPI wakeup devices: 
USB0 USB1 USB2 BR14 BR1E BR28 BR32 BR3C BR46 P0P1 PWRB 
ACPI: (supports S0 S1 S4 S5)
Freeing unused kernel memory: 224k freed
SCSI subsystem initialized
libata version 1.11 loaded.
sata_svw version 1.05
ACPI: PCI Interrupt 0000:01:0e.0[A] -> GSI 11 (level, low) -> IRQ 11
ata1: SATA max UDMA/133 cmd 0xFFFFC20000004000 ctl 0xFFFFC20000004020 bmdma 0xFFFFC20000004030 irq 11
ata2: SATA max UDMA/133 cmd 0xFFFFC20000004100 ctl 0xFFFFC20000004120 bmdma 0xFFFFC20000004130 irq 11
ata3: SATA max UDMA/133 cmd 0xFFFFC20000004200 ctl 0xFFFFC20000004220 bmdma 0xFFFFC20000004230 irq 11
ata4: SATA max UDMA/133 cmd 0xFFFFC20000004300 ctl 0xFFFFC20000004320 bmdma 0xFFFFC20000004330 irq 11
ata1: dev 0 cfg 49:2f00 82:346b 83:7f09 84:6063 85:3469 86:3e09 87:6063 88:203f
ata1: dev 0 ATA, max UDMA/100, 78140160 sectors: lba48
ata1: dev 0 configured for UDMA/100
scsi0 : sata_svw
ata2: no device found (phy stat 00000004)
scsi1 : sata_svw
ata3: no device found (phy stat 00000004)
scsi2 : sata_svw
ata4: no device found (phy stat 00000004)
scsi3 : sata_svw
  Vendor: ATA       Model: FUJITSU MHT2040B  Rev: 0000
  Type:   Direct-Access                      ANSI SCSI revision: 05
SCSI device sda: 78140160 512-byte hdwr sectors (40008 MB)
SCSI device sda: drive cache: write back
SCSI device sda: 78140160 512-byte hdwr sectors (40008 MB)
SCSI device sda: drive cache: write back
 sda: sda1 sda2 sda3
Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
kjournald starting.  Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
SELinux:  Disabled at runtime.
SELinux:  Unregistering netfilter hooks
floppy0: no floppy controllers found
Broadcom Gigabit Ethernet Driver bcm5700 with Broadcom NIC Extension (NICE) ver. 8.2.18 (08/01/05)
ACPI: PCI Interrupt 0000:04:04.0[A] -> GSI 26 (level, low) -> IRQ 169
eth0: Broadcom BCM5780S 1000Base-SX  found at mem f72d0000, IRQ 169, node addr 00a0d1e2b242
eth0: Broadcom BCM5714S Integrated Serdes transceiver found
eth0: Scatter-gather ON, 64-bit DMA ON, Tx Checksum ON, Rx Checksum ON, 802.1Q VLAN ON, TSO ON
ACPI: PCI Interrupt 0000:04:04.1[B] -> GSI 27 (level, low) -> IRQ 177
eth1: Broadcom BCM5780S 1000Base-SX  found at mem f72f0000, IRQ 177, node addr 00a0d1e2b243
eth1: Broadcom BCM5714S Integrated Serdes transceiver found
eth1: Scatter-gather ON, 64-bit DMA ON, Tx Checksum ON, Rx Checksum ON, 802.1Q VLAN ON, TSO ON
shpchp: shpc_init : shpc_cap_offset == 0
shpchp: shpc_init : shpc_cap_offset == 0
shpchp: shpc_init : shpc_cap_offset == 0
shpchp: shpc_init : shpc_cap_offset == 0
shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
ACPI: PCI Interrupt 0000:00:03.2[A] -> GSI 10 (level, low) -> IRQ 10
ehci_hcd 0000:00:03.2: EHCI Host Controller
ehci_hcd 0000:00:03.2: new USB bus registered, assigned bus number 1
ehci_hcd 0000:00:03.2: irq 10, io mem 0xfebfd000
ehci_hcd 0000:00:03.2: USB 2.0 initialized, EHCI 1.00, driver 10 Dec 2004
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 4 ports detected
ohci_hcd: 2004 Nov 08 USB 1.1 'Open' Host Controller (OHCI) Driver (PCI)
ACPI: PCI Interrupt 0000:00:03.0[A] -> GSI 10 (level, low) -> IRQ 10
ohci_hcd 0000:00:03.0: OHCI Host Controller
ohci_hcd 0000:00:03.0: new USB bus registered, assigned bus number 2
ohci_hcd 0000:00:03.0: irq 10, io mem 0xfebfb000
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 2 ports detected
ACPI: PCI Interrupt 0000:00:03.1[A] -> GSI 10 (level, low) -> IRQ 10
ohci_hcd 0000:00:03.1: OHCI Host Controller
ohci_hcd 0000:00:03.1: new USB bus registered, assigned bus number 3
ohci_hcd 0000:00:03.1: irq 10, io mem 0xfebfc000
hub 3-0:1.0: USB hub found
hub 3-0:1.0: 2 ports detected
Using generic hotkey driver
ACPI: Power Button (FF) [PWRF]
ACPI: Power Button (CM) [PWRB]
ibm_acpi: Using generic hotkey driver
toshiba_acpi: Using generic hotkey driver
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
device-mapper: 4.4.0-ioctl (2005-01-12) initialised: dm-devel at redhat.com
EXT3 FS on sda2, internal journal
kjournald starting.  Commit interval 5 seconds
EXT3 FS on sda1, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
Adding 2048276k swap on /dev/sda3.  Priority:-1 extents:1
Linux Kernel Card Services
  options:  [pci] [cardbus] [pm]
 The MSI support in this system is not functional.
eth0: Using PCI INTX interrupt 
 The MSI support in this system is not functional.
eth1: Using PCI INTX interrupt 
bcm5700: eth1 NIC Link is UP, 1000 Mbps full duplex, receive & transmit flow control ON
Bluetooth: Core ver 2.7
NET: Registered protocol family 31
Bluetooth: HCI device and connection manager initialized
Bluetooth: HCI socket layer initialized
Bluetooth: L2CAP ver 2.7
Bluetooth: L2CAP socket layer initialized
Bluetooth: RFCOMM ver 1.5
Bluetooth: RFCOMM socket layer initialized
Bluetooth: RFCOMM TTY layer initialized
i2c /dev entries driver
bcm5700: eth0 NIC Link is DOWN
lp: driver loaded but no devices found
NET: Registered protocol family 10
Disabled Privacy Extensions on device ffffffff8042dfa0(lo)
IPv6 over IPv4 tunneling driver
eth1: no IPv6 routers present
eth0: no IPv6 routers present
usb 3-1: new full speed USB device using ohci_hcd and address 2
hub 3-1:1.0: USB hub found
hub 3-1:1.0: 4 ports detected
usb 3-1.1: new low speed USB device using ohci_hcd and address 3
input: USB HID v1.00 Keyboard [USBPS2] on usb-0000:00:03.1-1.1
input: USB HID v1.00 Mouse [USBPS2] on usb-0000:00:03.1-1.1
usb 3-1: USB disconnect, address 2
usb 3-1.1: USB disconnect, address 3




-- 
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george at galis.org



From nomadlogic  Tue Mar  7 13:17:42 2006
From: nomadlogic (pete wright)
Date: Tue, 7 Mar 2006 10:17:42 -0800
Subject: [nycbug-talk] NetBSD Opteron SMP support
Message-ID: <57d710000603071017p6f5b28ees9bc1c1eee5567524@mail.gmail.com>

Hey All,
Quick question regarding Opteron SMP support on netbsd 3.x.  I am
currently working with some IBM blades (IBM LS20's) and am hoping to
have several running Xen.  I'd ideally like to have Net run as the
dom0 instance, then spawn our custom linux build's from this guy.  I
have not run Net on any SMP machines lately, so how has the
support/performance been for you all?  I'd ideally like each domain to
be isolated to one core/cpu on the blade - so I don't think I need the
fine grain locking ala Free's SMPng.

thanks,
pete

--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From spork  Tue Mar  7 15:33:50 2006
From: spork (Charles Sprickman)
Date: Tue, 7 Mar 2006 15:33:50 -0500 (EST)
Subject: [nycbug-talk] NVidia Drivers/PC-BSD
Message-ID: <Pine.OSX.4.61.0603071527330.289@gee5.local>

Hi all,

Just a plug here...

I was asked to setup a handful of *BSD workstations for someone and PC-BSD 
kind of grabbed my interest.  These are fairly generic workstations that 
really just need a desktop environment, browser, xterms, etc.  PC-BSD 
looked to be less maintenance than a full-blown FreeBSD install, and it 
also allowed for things to be installed via ports outside of the PC-BSD 
PBI system.

They've been running a few of these for months, and it's worked out well. 
I got the workstations from our friend Lee at GCS, of course. :)  The 
onboard video on his cheap machines is pretty crappy (S3 "chrome" 
integrated graphics) and there's no accelerated support for it in x.org. 
So we opted for cheap-o NVidia cards after seeing that:

-Nvidia has native drivers
-PC-BSD has point-n-drool PBIs for said drivers

Just wanted to share...  Anything I build that needs a video card from now 
on is going to get an NVidia card.  I really want to reward NVidia for 
taking the resources to make these drivers, and would suggest others that 
use FreeBSD do the same.  They even have useful docs, including some Linux 
ABI tips:

http://download.nvidia.com/freebsd/1.0-8178/README/index.html

Just wanted to make a little sales pitch for PC-BSD and NVidia... :)

Charles



From joshmccormack  Tue Mar  7 22:13:49 2006
From: joshmccormack (Josh McCormack)
Date: Tue, 7 Mar 2006 22:13:49 -0500
Subject: [nycbug-talk] My OpenBSD blog - afterboot.com ... and some free
	hardware
Message-ID: <e22ad7830603071913v50c318adyb3697779d5a15f53@mail.gmail.com>

Hey all,

I wanted to ask you all to take a look at my new OpenBSD blog,
http://www.afterboot.com
It's certainly OpenBSD from the non-expert perspective. Some talk of
things like licenses and such, some thinking aloud trying to figure
things out, and a fair amount me trying to use OpenBSD as a 'desktop'
operating system.

Please share comments, suggestions, and if you have any interest in
putting anything on there, let me know.

Also, I have some hardware I'm giving away (could this make the
comments kinder? kidding...).
-A dell GX110 in a GX1 desktop case. No HD, has a CD burner. Can't
remember the amount of RAM, but it's not a lot.
-usrobotics 56k modem pcmcia card
-gigafast 802.11b pcmcia card WF721-AEX (unfortunately doesn't work
with OpenBSD)
-100MB Zip drive used with a Mac
-an external removeable (cartridge drawer thing) firewire drive with
an empty slot, where I suppose you could put a HD or CD drive or
something
-I also have a Netgear wireless router, MR814. If I could get a PCMCIA
802.11 card that works with OpenBSD I suppose I could use it, but as
it's doing nothing for me, if you need it, let me know.

Thanks,

Josh



From freebsd-listen  Wed Mar  8 10:04:57 2006
From: freebsd-listen (Fabian Keil)
Date: Wed, 8 Mar 2006 16:04:57 +0100
Subject: [nycbug-talk] NYCBUG dmesg database partly broken
Message-ID: <20060308160457.36012b12@localhost>

I failed several times to guess the contact form's pass phrase right,
therefore I'm trying my luck here.

About a month ago I submitted FreeBSD's dmesg output on a
ThinkPad R51, a few weeks ago Anonym.OS's dmesg output
on the same system.

When I tried to get the first dmesg output to copy the
ThinkPad version string (UN0K6GE) I noticed that dmesgd
displays the wrong dmesg output:
 
http://www.nycbug.org/?NAV=dmesgd;f_dmesg=;f_bsd=;f_nick=;f_descr=;dmesgid=1012#1012

The dmesg output begins with:
"Copyright (c) 1992-2005 The FreeBSD Project.where dmesgid=1026;"

Interestingly dmesgid 1026 doesn't appear on the dmesg list at all,
there is a gap between dmesgid 1027 and dmesgid 1024.

I didn't verify it, but it looks as if all queries for dmesgids
below 1028 get the same result.

Another problem is that the website injects broken HTML
into the dmesg output:

ACPI APIC Table: <a m="" i="" oemapic="">
ioapic0 <version 1.1=""> irqs 0-23 on motherboard
npx0: [FAST]
npx0: <math processor=""> on motherboard
npx0: INT 16 interface
acpi0: </math></version></a><a m="" i="" oemxsdt=""> on motherboard
acpi0: Power Button (fixed)

"<" characters often aren't escaped and even if valid HTML doesn't seem
to be of any concern
(http://validator.w3.org/check?uri=http%3A%2F%2Fwww.nycbug.org%2F),
this leads to missing information as the browser treats parts of
the output as unknown HTML tags which aren't displayed.

Fabian
-- 
http://www.fabiankeil.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.nycbug.org/pipermail/talk/attachments/20060308/d44e3b30/attachment-0001.bin 


From joshmccormack  Wed Mar  8 13:03:20 2006
From: joshmccormack (Josh McCormack)
Date: Wed, 8 Mar 2006 13:03:20 -0500
Subject: [nycbug-talk] transparent clustering
Message-ID: <e22ad7830603081003k2b81ba2dtca6491fa8440997c@mail.gmail.com>

I'm listening to the Interview with Matthew Dillon from DragonFly BSD
on http://bsdtalk.blogspot.com/
With my limited understanding, I'm intrigued by the idea of
transparent clustering.
I've often thought that a way of putting machines together to share
work (like if you had a laptop and you could have it work along with a
desktop, without tons of special configurations) would be incredible.

This sounds somewhat like that... am I completely off?

Josh



From nomadlogic  Wed Mar  8 13:21:50 2006
From: nomadlogic (pete wright)
Date: Wed, 8 Mar 2006 10:21:50 -0800
Subject: [nycbug-talk] transparent clustering
In-Reply-To: <e22ad7830603081003k2b81ba2dtca6491fa8440997c@mail.gmail.com>
References: <e22ad7830603081003k2b81ba2dtca6491fa8440997c@mail.gmail.com>
Message-ID: <57d710000603081021x2163f7d0sdbf6261ccd196d55@mail.gmail.com>

On 3/8/06, Josh McCormack <joshmccormack at travelersdiary.com> wrote:
> I'm listening to the Interview with Matthew Dillon from DragonFly BSD
> on http://bsdtalk.blogspot.com/
> With my limited understanding, I'm intrigued by the idea of
> transparent clustering.
> I've often thought that a way of putting machines together to share
> work (like if you had a laptop and you could have it work along with a
> desktop, without tons of special configurations) would be incredible.
>
> This sounds somewhat like that... am I completely off?

hmm...this is a kinda a really broad topic.  You can achieve
"transparent clustering" via something simple like a load balancer/SLB
(good for web/application server farms for example).  If you are doing
computation, you could approach it from a cue based perspective. 
That's sorta transparent as the end user submits a job and it goes to
the farm for processing.  Or you could go the openMosix/SGI-NUMA route
where you have a cluster of machines, sharing memory and working on
data set's together.

I belive Matt's looking at it from the latter perspective, which is
great but does have it's limitations.  More often than not, you need
to make sure your program is going to behave well in such an
environment (i.e. trying to render a Maya file in such an environment
will not work as it does not play nice with shared memory).  In the
end of the day I guess it depends on what you are trying to
accomplish.

-pete



--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From george  Wed Mar  8 15:22:11 2006
From: george (George R.)
Date: Wed, 08 Mar 2006 15:22:11 -0500
Subject: [nycbug-talk] April NYC*BUG meeting
Message-ID: <440F3CF3.4050502@sddi.net>

Some of you may have noticed that we don't have a meeting listed for April.

On admin we are discussing the idea of having an open type meeting, one
in which a few people off talk can propose a topic that they can discuss
in 5 minutes or so that is relevant to the their work with or on the BSDs.

In other words, if you've had a repeated problem figuring out how to get
spamd working, or you have a great solution for dealing with those
repeated zombie attacks on sshd, this is the time.

If you look on our homepage, you can see that we've had many brilliant
meetings since our first public meeting at the Linux Expo bof in January
2004.  And I think everyone would agree that the previous meetings have
strongly reflected the day-to-day lives of BSD sysadmins and developers.

This time, let's open things up further, and maybe have some
contributions from some who may not have a topic to give a meeting on.

I'll chair the meeting (as usual), so contact me offlist if you have a
problem to discuss and illustrate, or maybe a solution.

g


From lists  Wed Mar  8 18:30:11 2006
From: lists (michael)
Date: Wed, 8 Mar 2006 18:30:11 -0500
Subject: [nycbug-talk] NYCBUG dmesg database partly broken
In-Reply-To: <20060308160457.36012b12@localhost>
References: <20060308160457.36012b12@localhost>
Message-ID: <20060308183011.56350ba9@wit.genoverly.home>

Thanks for catching that, the dmesg app had a problem.  
It has been fixed.


-- 

Michael


From lists  Wed Mar  8 20:17:45 2006
From: lists (michael)
Date: Wed, 8 Mar 2006 20:17:45 -0500
Subject: [nycbug-talk] soho firewall
Message-ID: <20060308201745.2a3ad45a@wit.genoverly.home>

I'm looking for a new firewall/network device.  While I like soekris, I
want to look at other choices before I buy another one. Besides, I have
read that for ipsec they may not have enough umph.

While I could probably make one out of an empty cigarette carton or
something, I'd like it be manufactured.  I don't have any old pc's
around to convert either. 

I've read this
http://shopping.hacom.net/catalog/product_info.php?cPath=22_34&products_id=85
http://routerboard.com/rb500.html
http://caseoutlet.com/shopexd.asp?id=208
http://store.orbitmicro.com/commerce/ccc1168-network-appliances.htm
http://usa.asus.com/products4.aspx?l1=1&l2=3&l3=0&model=85&modelmenu=1

I'm looking for desktop, compact, quiet, but not too pricey.  While I
generally prefer via, I may have to look at P4 celeron mini-itx based.
I'd prefer cf over hard drive. I have a dual nic so, I'll need a pci
slot.. unless three nics come onboard.  One serial is required.

Any suggestions?

-- 

Michael



From nycbug-list  Thu Mar  9 00:25:58 2006
From: nycbug-list (Jonathan Vanasco)
Date: Thu, 9 Mar 2006 00:25:58 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <20060308201745.2a3ad45a@wit.genoverly.home>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
Message-ID: <95771CC9-3C77-43A8-93CB-18DF2A5684E6@2xlp.com>


have you seen the via m1000 series?

about 1.5 yrs ago you could get a 'cube' that has a power supply etc  
for about $240

the cube configs have room and either 1-2 slot for cards

@todays prices, you should be able to have a via cube for about $250  
including the costs of  a cf drive

do a search on EPIA on froogle or pricewatch

there is A LOT of support for gentoo on them ( the community adopted  
them ).

if i recall, there was decent bsd support.  there was no debian  
support when i used them, but i  managed to get stuff compilied  
without too much nightmare.

here' s a link off google for the board itself
	http://www.logicsupply.com/product_info.php/cPath/78_76/products_id/32

i *saw* tons of configs about a year ago where they had those in mini/ 
micro itx cubes for 250-350 , along with hd/cf and a multi nic card  
in there so it would be a firewall device ready to go.  I haven't  
come across any looking just now.

anways my point is this:
	the epia m1000 should have more umph than the soekris
	there might still be mfg devices out there using it
	if worse comes to worse, a m1000 barebones + a few bucks in parts  
will do most anything you want

i hope that helps.


On Mar 8, 2006, at 8:17 PM, michael wrote:

> I'm looking for a new firewall/network device.  While I like  
> soekris, I
> want to look at other choices before I buy another one. Besides, I  
> have
> read that for ipsec they may not have enough umph.
>
> While I could probably make one out of an empty cigarette carton or
> something, I'd like it be manufactured.  I don't have any old pc's
> around to convert either.
>
> I've read this
> http://shopping.hacom.net/catalog/product_info.php? 
> cPath=22_34&products_id=85
> http://routerboard.com/rb500.html
> http://caseoutlet.com/shopexd.asp?id=208
> http://store.orbitmicro.com/commerce/ccc1168-network-appliances.htm
> http://usa.asus.com/products4.aspx?l1=1&l2=3&l3=0&model=85&modelmenu=1
>
> I'm looking for desktop, compact, quiet, but not too pricey.  While I
> generally prefer via, I may have to look at P4 celeron mini-itx based.
> I'd prefer cf over hard drive. I have a dual nic so, I'll need a pci
> slot.. unless three nics come onboard.  One serial is required.
>
> Any suggestions?
>
> -- 
>
> Michael
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month



From marco  Thu Mar  9 00:30:45 2006
From: marco (Marco Scoffier)
Date: Thu, 9 Mar 2006 00:30:45 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <20060308201745.2a3ad45a@wit.genoverly.home>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
Message-ID: <20060309053045.GC19901@ns.metm.org>

On Wed, Mar 08, 2006 at 08:17:45PM -0500, michael wrote:
>I'm looking for a new firewall/network device.  While I like soekris, I
>want to look at other choices before I buy another one. Besides, I have
>read that for ipsec they may not have enough umph.
>
>While I could probably make one out of an empty cigarette carton or
>something, I'd like it be manufactured.  I don't have any old pc's
>around to convert either. 
>
>I've read this
>http://shopping.hacom.net/catalog/product_info.php?cPath=22_34&products_id=85
>http://routerboard.com/rb500.html
>http://caseoutlet.com/shopexd.asp?id=208
>http://store.orbitmicro.com/commerce/ccc1168-network-appliances.htm
>http://usa.asus.com/products4.aspx?l1=1&l2=3&l3=0&model=85&modelmenu=1
>
>I'm looking for desktop, compact, quiet, but not too pricey.  While I
>generally prefer via, I may have to look at P4 celeron mini-itx based.
>I'd prefer cf over hard drive. I have a dual nic so, I'll need a pci
>slot.. unless three nics come onboard.  One serial is required.
>
>Any suggestions?

Hi Michael, 

I saw an ad for these mini-cubes from Aopen at GCS the other day:
http://tinyurl.com/rw3cu

-- 
Marco


From okan  Thu Mar  9 00:56:39 2006
From: okan (Okan Demirmen)
Date: Thu, 9 Mar 2006 00:56:39 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <20060308201745.2a3ad45a@wit.genoverly.home>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
Message-ID: <20060309055638.GA8699@clam.khaoz.org>

On Wed 2006.03.08 at 20:17 -0500, michael wrote:
> I'm looking for a new firewall/network device.  While I like soekris, I
> want to look at other choices before I buy another one. Besides, I have
> read that for ipsec they may not have enough umph.
> 
> While I could probably make one out of an empty cigarette carton or
> something, I'd like it be manufactured.  I don't have any old pc's
> around to convert either. 
> 
> I've read this
> http://shopping.hacom.net/catalog/product_info.php?cPath=22_34&products_id=85
> http://routerboard.com/rb500.html
> http://caseoutlet.com/shopexd.asp?id=208
> http://store.orbitmicro.com/commerce/ccc1168-network-appliances.htm
> http://usa.asus.com/products4.aspx?l1=1&l2=3&l3=0&model=85&modelmenu=1
> 
> I'm looking for desktop, compact, quiet, but not too pricey.  While I
> generally prefer via, I may have to look at P4 celeron mini-itx based.
> I'd prefer cf over hard drive. I have a dual nic so, I'll need a pci
> slot.. unless three nics come onboard.  One serial is required.
> 
> Any suggestions?

Michael,

I'm sure you'll take any advice from me with a grain of salt, rather a
pile of it ;) However, I'd like you to re-consider the Soekris solution.

You are looking for a home (or soho) network device to do this or that.
The other PC's may do the job just as well, and have better performance
when it comes to only certain things, but they are lacking a serial
console, imho crucial to being a "set it and forget it -type device".
(Note I use "device" vs "just another PC") Do you really want to lug
around a clunky monitor and keyboard just to see what that stupid little
BIOS is thinking about, or how you may have mucked up your firewall, or
to simply watch it boot? (I know you like those bsd.rd upgrades :)
(someone please tell me if Apple has gotten this clue...unfortunately,
Sun hasn't really with their i386/amd64 devices)

While this mail can easily turn into a rant, I'll leave you with a
better taste in your mouth.  What sort of "umph" are you looking for out
of IPSEC? I have 9 IPSEC endpoints on my home 4801 and the thing doesn't
really care. Note that I, my clients that I connect to, nor the
neighbors that I provide access to, have high bandwidth requirements, so
the difference is negligible.  Besides, I only have a 1.5mb/s DSL line
at home.

Good luck!

Cheers,
Okan


From george  Thu Mar  9 09:15:33 2006
From: george (George Georgalis)
Date: Thu, 9 Mar 2006 09:15:33 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <20060308201745.2a3ad45a@wit.genoverly.home>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
Message-ID: <20060309141533.GA18749@sta.duo>

On Wed, Mar 08, 2006 at 08:17:45PM -0500, michael wrote:
>I'm looking for a new firewall/network device.  While I like soekris, I
>want to look at other choices before I buy another one. Besides, I have
>read that for ipsec they may not have enough umph.
>
>While I could probably make one out of an empty cigarette carton or
>something, I'd like it be manufactured.  I don't have any old pc's
>around to convert either. 
>
>I've read this
>http://shopping.hacom.net/catalog/product_info.php?cPath=22_34&products_id=85
>http://routerboard.com/rb500.html
>http://caseoutlet.com/shopexd.asp?id=208
>http://store.orbitmicro.com/commerce/ccc1168-network-appliances.htm
>http://usa.asus.com/products4.aspx?l1=1&l2=3&l3=0&model=85&modelmenu=1
>
>I'm looking for desktop, compact, quiet, but not too pricey.  While I
>generally prefer via, I may have to look at P4 celeron mini-itx based.
>I'd prefer cf over hard drive. I have a dual nic so, I'll need a pci
>slot.. unless three nics come onboard.  One serial is required.
>
>Any suggestions?


$395.00
Triple NIC 1U

Rack mount 1U case, Rack Ears, Intel 1Ghz Fanless Motherboard, 512
RAM, Dual NIC PCI card, 512cf, ide-cf, PCI Riser, Power Supply,
AC/DC Brick


http://205.147.44.194/catalog/product_info.php?products_id=153
http://solarpc.com/

the dual nic is is intel Gb, can't recall if the onboard is
too, but it's intel. well made. no serial but maybe you can do
something with usb?

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george at galis.org


From nomadlogic at gmail.com  Thu Mar  9 12:07:22 2006
From: nomadlogic at gmail.com (pete wright)
Date: Thu, 9 Mar 2006 09:07:22 -0800
Subject: [nycbug-talk] baemonnews
Message-ID: <57d710000603090907p48301b8eo96d3e01d3b47dfa4@mail.gmail.com>

so this is kinda cool...i've got one of these newer Nokia mobile
phones that comes bundled with Opera.  The browser is actually
surprisingly usable and the data transfers are pretty decent as well. 
what i found pretty interesting though, is i was going through opera's
new's portal which allows you to choose RSS feed's you want on your
portal's homepage.  i'm scrolling through and I notice that Daemon
news was an available feed...right next to Wired/CNet and other pretty
popular news sources.  So what's up, has Daemon news sold out?  :-) 
Either way, I can now read the latest BSD headlines while I'm sitting
in the wonderful LA traffic.  excellent.

-pete

--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From mikel.king at ocsny.com  Thu Mar  9 12:35:15 2006
From: mikel.king at ocsny.com (Mikel King)
Date: Thu, 9 Mar 2006 12:35:15 -0500
Subject: [nycbug-talk] baemonnews
In-Reply-To: <57d710000603090907p48301b8eo96d3e01d3b47dfa4@mail.gmail.com>
References: <57d710000603090907p48301b8eo96d3e01d3b47dfa4@mail.gmail.com>
Message-ID: <3932F1A0-440A-4FD9-8A9D-82F08A1E8B76@ocsny.com>


On Mar 9, 2006, at 12:07 PM, pete wright wrote:

> so this is kinda cool...i've got one of these newer Nokia mobile
> phones that comes bundled with Opera.  The browser is actually
> surprisingly usable and the data transfers are pretty decent as well.
> what i found pretty interesting though, is i was going through opera's
> new's portal which allows you to choose RSS feed's you want on your
> portal's homepage.  i'm scrolling through and I notice that Daemon
> news was an available feed...right next to Wired/CNet and other pretty
> popular news sources.  So what's up, has Daemon news sold out?  :-)
> Either way, I can now read the latest BSD headlines while I'm sitting
> in the wonderful LA traffic.  excellent.
>
> -pete
>
> --

Sold out, hehe. I wish. Alas but no. Chris has just been working like  
a dawg, on making it easier to access the content. Of course what we  
need now is more of it to access. We have a team of editors now, so  
you can submit a rough draft and we can spruce it up to make it ready  
for publication. I'd really like to establish a team of authors to  
write articles, especially anything that demonstrates how useful the  
*BSDs are in business.

We are also interested in adding some new functionality to the  
management console for dn. Namely an author bio and and article/ 
publication display ordering system. Anyone who's handy with php,  
perl, and mysql we need to talk.


Cheers,
Mikel King
CIO, Director of Network Operations
Optimized Computer Solutions, INC
Tech Alliance, INC
39 West Fourteenth Street
Second Floor
New York, NY 10011
http://www.ocsny.com
http://www.techally.com
t: 212.727.2100x132
+------------------------------------------+
How do you spell cooperation? Pessimists use
each other, but optimists help each other.
Collaboration feeds your spirit, while
competition only stokes your ego. You'll
find the best way to get along.
+------------------------------------------+






From nycbug at cyth.net  Thu Mar  9 13:44:38 2006
From: nycbug at cyth.net (Ray Lai)
Date: Thu, 9 Mar 2006 13:43:38 -0501
Subject: [nycbug-talk] OpenBSD 3.9 Pre-Orders
Message-ID: <20060309184401.GR1265@syntax.cyth.net>

OpenBSD 3.9 pre-orders are up!  Now is a good time to buy the CDs
and support the project.  CD sales have been weak recently, please
help out!  Attached are two letters of encouragement sent to misc@
earlier.

-Ray-

Subject:    pre-orders
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2006-03-08 3:23:17

We have activated the pre-orders for OpenBSD 3.9...
More information can be found at

http://www.openbsd.org/39.html

There's a T-shirt and a poster too...

(The whole subject of the artwork will become more clear in a while,
as we make more of it available.... :)



Subject:    Pre-orders for our releases.
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2006-03-08 21:55:33

I would like to remind our community that our project lives and
breathes because of the sale of CDs and the receipt of donations.  In
the last few years a few very large donations have allowed our
hackathons to happen, but other than that we are always digging
ourself a bigger and bigger hole.

Most of our user community increases their use of the FTP servers,
while we naturally sell fewer CDs.  For instance, I would approximate
that the sale of every T-shirt we make probably does not pay for the
electricity used in the machine room.  It's about $5000 a year.

This is placing a severe strain on our ability to toss money at
projects.  For instance, we want to hold more mini-hackathons, since
they are so incredibly productive.  And we would like to pay for more
travel expenses for developers to these events, since there are always
developers who are less fortunate.

Yet almost all of our donations really do come from individuals, and
almost none from companies using our software.  Even though there are
many many companies doing so.  Some companies are small, but there are
also quite large ones.  And banks.  Government institutions.  Ones you
see in the news every day.  And operating system vendors who reuse our
code.

But financially we are under strain, and it is not letting us grow any
of our bigger plans.  If anyone has any real clout to make changes
within institutions that could help us in the long term, please do.
Like universities, or even companies that want to sponsor an entire
hackathon.

(But please do not send suggestions, because unfortunately we think we
have heard every single one of them before, and people never listen
when we say that it is not viable for us to play non-profit games, nor
selling special merchandise, nor will it help to hire people to write
special books.  We've heard all these ideas before.  Having us impliment
more ideas does not help.  It's time for outsiders to impliment things
which just let us continue what we do).


From george at sddi.net  Thu Mar  9 13:53:23 2006
From: george at sddi.net (George R.)
Date: Thu, 09 Mar 2006 13:53:23 -0500
Subject: [nycbug-talk] OpenBSD 3.9 Pre-Orders
In-Reply-To: <20060309184401.GR1265@syntax.cyth.net>
References: <20060309184401.GR1265@syntax.cyth.net>
Message-ID: <441079A3.2070405@sddi.net>

Ray Lai wrote:
> OpenBSD 3.9 pre-orders are up!  Now is a good time to buy the CDs
> and support the project.  CD sales have been weak recently, please
> help out!  Attached are two letters of encouragement sent to misc@
> earlier.
> 
> -Ray-
> 
> Subject:    pre-orders
> From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
> Date:       2006-03-08 3:23:17
> 
> We have activated the pre-orders for OpenBSD 3.9...
> More information can be found at
> 
> http://www.openbsd.org/39.html
> 
> There's a T-shirt and a poster too...
> 
> (The whole subject of the artwork will become more clear in a while,
> as we make more of it available.... :)
> 
> 
> 
> Subject:    Pre-orders for our releases.
> From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
> Date:       2006-03-08 21:55:33
> 
> I would like to remind our community that our project lives and
> breathes because of the sale of CDs and the receipt of donations.  In
> the last few years a few very large donations have allowed our
> hackathons to happen, but other than that we are always digging
> ourself a bigger and bigger hole.
> 
> Most of our user community increases their use of the FTP servers,
> while we naturally sell fewer CDs.  For instance, I would approximate
> that the sale of every T-shirt we make probably does not pay for the
> electricity used in the machine room.  It's about $5000 a year.
> 
> This is placing a severe strain on our ability to toss money at
> projects.  For instance, we want to hold more mini-hackathons, since
> they are so incredibly productive.  And we would like to pay for more
> travel expenses for developers to these events, since there are always
> developers who are less fortunate.
> 
> Yet almost all of our donations really do come from individuals, and
> almost none from companies using our software.  Even though there are
> many many companies doing so.  Some companies are small, but there are
> also quite large ones.  And banks.  Government institutions.  Ones you
> see in the news every day.  And operating system vendors who reuse our
> code.
> 
> But financially we are under strain, and it is not letting us grow any
> of our bigger plans.  If anyone has any real clout to make changes
> within institutions that could help us in the long term, please do.
> Like universities, or even companies that want to sponsor an entire
> hackathon.
> 
> (But please do not send suggestions, because unfortunately we think we
> have heard every single one of them before, and people never listen
> when we say that it is not viable for us to play non-profit games, nor
> selling special merchandise, nor will it help to hire people to write
> special books.  We've heard all these ideas before.  Having us impliment
> more ideas does not help.  It's time for outsiders to impliment things
> which just let us continue what we do).
> _______________________________________________
> % NYC*BUG talk mailing list

Thanks Ray.

I think the track record of NYC*BUG has been clear on this stuff:

we have worked hard to raise money and solicite money for all the
projects.  our community needs our support.

Last year, we raised $600 or so for the OBSD hackathon. And we're going
to do something for this year, probably around the May meeting.

NYCBUG members also heavily contributed to the NBSD and FBSD fund
raising which took place over the past year or so.  Not to mention
numerous hardware donations, the colo and more.  And not to forget Dan
Langille's laptop which was stolen on the hard urban blocks of Ottawa,
Ontario.  (and you think bk is rough . . ).

At some point I hope we can figure out a better way to raise funds, in a
more methodical manner so we can spread the wealth more evenly.

So keep an ear open for what we're going to do for the Hackathon this
year, besides getting your software subscription and buying the gear.

g


From nomadlogic at gmail.com  Thu Mar  9 14:00:57 2006
From: nomadlogic at gmail.com (pete wright)
Date: Thu, 9 Mar 2006 11:00:57 -0800
Subject: [nycbug-talk] OpenBSD 3.9 Pre-Orders
In-Reply-To: <441079A3.2070405@sddi.net>
References: <20060309184401.GR1265@syntax.cyth.net> <441079A3.2070405@sddi.net>
Message-ID: <57d710000603091100i58ff4e06lf8f6573d6892e619@mail.gmail.com>

On 3/9/06, George R. <george at sddi.net> wrote:
>  ...Not to mention
> numerous hardware donations, the colo and more.  And not to forget Dan
> Langille's laptop which was stolen on the hard urban blocks of Ottawa,
> Ontario.  (and you think bk is rough . . ).
>


seriously, you never know when someone like jesse is going to swing by
and steal your girlfriend :)

--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From george at sddi.net  Thu Mar  9 14:02:01 2006
From: george at sddi.net (George R.)
Date: Thu, 09 Mar 2006 14:02:01 -0500
Subject: [nycbug-talk] OpenBSD 3.9 Pre-Orders
In-Reply-To: <57d710000603091100i58ff4e06lf8f6573d6892e619@mail.gmail.com>
References: <20060309184401.GR1265@syntax.cyth.net> <441079A3.2070405@sddi.net>
	<57d710000603091100i58ff4e06lf8f6573d6892e619@mail.gmail.com>
Message-ID: <44107BA9.3040502@sddi.net>

pete wright wrote:
> On 3/9/06, George R. <george at sddi.net> wrote:
>>  ...Not to mention
>> numerous hardware donations, the colo and more.  And not to forget Dan
>> Langille's laptop which was stolen on the hard urban blocks of Ottawa,
>> Ontario.  (and you think bk is rough . . ).
>>
> 
> 
> seriously, you never know when someone like jesse is going to swing by
> and steal your girlfriend :)
> 

Come on..  that only happens in queens county, not bk.

g


From nomadlogic at gmail.com  Thu Mar  9 14:06:25 2006
From: nomadlogic at gmail.com (pete wright)
Date: Thu, 9 Mar 2006 11:06:25 -0800
Subject: [nycbug-talk] OpenBSD 3.9 Pre-Orders
In-Reply-To: <44107BA9.3040502@sddi.net>
References: <20060309184401.GR1265@syntax.cyth.net> <441079A3.2070405@sddi.net>
	<57d710000603091100i58ff4e06lf8f6573d6892e619@mail.gmail.com>
	<44107BA9.3040502@sddi.net>
Message-ID: <57d710000603091106v38718c3fg78f422f16d046690@mail.gmail.com>

On 3/9/06, George R. <george at sddi.net> wrote:
> pete wright wrote:
> > On 3/9/06, George R. <george at sddi.net> wrote:
> >>  ...Not to mention
> >> numerous hardware donations, the colo and more.  And not to forget Dan
> >> Langille's laptop which was stolen on the hard urban blocks of Ottawa,
> >> Ontario.  (and you think bk is rough . . ).
> >>
> >
> >
> > seriously, you never know when someone like jesse is going to swing by
> > and steal your girlfriend :)
> >
>
> Come on..  that only happens in queens county, not bk.
>
> g
>
heh...and ottowa ;-)  how soon we forget bsdcan stories....
-pete

--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From george at sddi.net  Thu Mar  9 14:15:35 2006
From: george at sddi.net (George R.)
Date: Thu, 09 Mar 2006 14:15:35 -0500
Subject: [nycbug-talk] OpenBSD 3.9 Pre-Orders
In-Reply-To: <57d710000603091106v38718c3fg78f422f16d046690@mail.gmail.com>
References: <20060309184401.GR1265@syntax.cyth.net>
	<441079A3.2070405@sddi.net>	
	<57d710000603091100i58ff4e06lf8f6573d6892e619@mail.gmail.com>	
	<44107BA9.3040502@sddi.net>
	<57d710000603091106v38718c3fg78f422f16d046690@mail.gmail.com>
Message-ID: <44107ED7.5070405@sddi.net>

pete wright wrote:
> On 3/9/06, George R. <george at sddi.net> wrote:
>> pete wright wrote:
>>> On 3/9/06, George R. <george at sddi.net> wrote:
>>>>  ...Not to mention
>>>> numerous hardware donations, the colo and more.  And not to forget Dan
>>>> Langille's laptop which was stolen on the hard urban blocks of Ottawa,
>>>> Ontario.  (and you think bk is rough . . ).
>>>>
>>>
>>> seriously, you never know when someone like jesse is going to swing by
>>> and steal your girlfriend :)
>>>
>> Come on..  that only happens in queens county, not bk.
>>
>> g
>>
> heh...and ottowa ;-)  how soon we forget bsdcan stories....
> -pete
> 

what happens in ottawa, stays in ottawa.  i mean vegas. . . whatever.

g


From bschonhorst at gmail.com  Thu Mar  9 14:28:38 2006
From: bschonhorst at gmail.com (Brad Schonhorst)
Date: Thu, 9 Mar 2006 14:28:38 -0500
Subject: [nycbug-talk] Support for BSD Projects (was OpenBSD 3.9 Pre-Orders)
Message-ID: <7708fd680603091128t2befd812k9f745a8c3f12fcc2@mail.gmail.com>

All the projects can use our support.  Open source is free, but there
are still costs involved. While time, talent, and old hardware may
help some, the real need is cash donations to cover expenses and to
allow the developers and volunteers to continue to do their job.

Below are links to various BSD projects that would be great places
to consider contributing to:

DragonFlyBSD - DragonFly is not yet incorporated as a non-profit,
meaning no tax benefit is available for donating time or goods to the
project. However, developers can still use your contributed hardware.
http://www.dragonflybsd.org/docs/donations.cgi

FreeBSD - FreeBSD strongly relies upon user donations to accomplish
our goals.  If you don't know what you want to give, take a look at
our list of needs. We would appreciate any items on this list.
http://www.freebsd.org/donations/

NetBSD -  NetBSD is a free, secure, and highly portable Unix-like Open
Source  operating system available for many platforms.  As a
non-profit organization, The NetBSD Project is an organization which
relies on the valuable contributions of both individuals and other
organizations.
http://www.netbsd.org/contrib/

OpenBSD - Naturally, the OpenBSD project requires funds to operate, due
to Internet line costs and the same hardware upgrade issues everyone
experiences. For this reason, the project sells CDROMs and T-shirts.
It is also possible to donate funds or hardware, in which case your name
ends up on our Donations page.
http://www.openbsd.org/donations.html

NYCBUG - You can start locally by contributing to your BSD user
group!  NYCBUG is a band of volunteers donating their time, energy,
money, and resources to better the community.  They, with the help from
a generous contribution from New York Internet, already provides
services by way of mirrors and hosting.  But NYCBUG would like to do more.
They are looking to expand their mirroring to more projects and need to
purchase hardware.  Individual and corporate sponsorships are welcome.
http://www.nycbug.org

BSDCertification.org - The BSD Certification Group Inc. is a
non-profit organization committed to creating and maintaining a global
certification standard for system administration on BSD based
operating systems.  Test development costs are substantial (more
than $30,000 USD) and can only be completed with generous donations
from sponsors and many interested individuals.



From dan at langille.org  Thu Mar  9 14:50:38 2006
From: dan at langille.org (Dan Langille)
Date: Thu, 09 Mar 2006 14:50:38 -0500
Subject: [nycbug-talk] OpenBSD 3.9 Pre-Orders
In-Reply-To: <44107ED7.5070405@sddi.net>
References: <57d710000603091106v38718c3fg78f422f16d046690@mail.gmail.com>
Message-ID: <441040BE.22890.72FD203C@dan.langille.org>

On 9 Mar 2006 at 14:15, George R. wrote:

> pete wright wrote:
> > On 3/9/06, George R. <george at sddi.net> wrote:
> >> pete wright wrote:
> >>> On 3/9/06, George R. <george at sddi.net> wrote:
> >>>>  ...Not to mention
> >>>> numerous hardware donations, the colo and more.  And not to forget Dan
> >>>> Langille's laptop which was stolen on the hard urban blocks of Ottawa,
> >>>> Ontario.  (and you think bk is rough . . ).
> >>>>
> >>>
> >>> seriously, you never know when someone like jesse is going to swing by
> >>> and steal your girlfriend :)
> >>>
> >> Come on..  that only happens in queens county, not bk.
> >>
> >> g
> >>
> > heh...and ottowa ;-)  how soon we forget bsdcan stories....
> > -pete
> > 
> 
> what happens in ottawa, stays in ottawa.  i mean vegas. . . whatever.

I have a photographic record of what happened in Ottawa.  This record 
provides me free room and board in 27 states and 8 provinces.  ;)

[he said, typing on that laptop replacement mentioned above]

FWIW, BSDCan indirectly contributes to the OpenBSD hackathon by 
flying speakers here from Europe to speak at BSDCan.  While here, 
they attend the hackathon.

p.s. registration opened today

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php




From kacanski_s at yahoo.com  Thu Mar  9 15:01:39 2006
From: kacanski_s at yahoo.com (Aleksandar Kacanski)
Date: Thu, 9 Mar 2006 12:01:39 -0800 (PST)
Subject: [nycbug-talk] IP multicast ...
Message-ID: <20060309200139.23632.qmail@web53603.mail.yahoo.com>

I am working with the multicast chat (white board)
home grown client.
I honestly don't know how to setup a multicast support
in FreeBSD.
I though that IP Multicast is supported by default,
but app is complaining.
I did search and found some docs on enabling IP
multicast and some docs on the mbone and mroute, still
I'll be honest I am not sure what do I need to do to
get it to work on my laptop.
Thanks in advance ...
Sasha

Aleksandar (Sasha) Kacanski

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


From jpb at sixshooter.v6.thrupoint.net  Thu Mar  9 20:20:38 2006
From: jpb at sixshooter.v6.thrupoint.net (Jim Brown)
Date: Thu, 9 Mar 2006 20:20:38 -0500
Subject: [nycbug-talk] Zeeking Zope aZZiZtanZe
Message-ID: <20060310012038.GA81907@sixshooter.v6.thrupoint.net>


Greetings,

I'm getting started on a small project and would like
to do it in Zope+Python.  I'm looking for anyone
who can help me struggle through the first few hurdles
and give me some guidance.

Replies welcome- probably best off list.

Thanks and Best Rgards,
Jim B.




From omar at westside.urbanblight.com  Fri Mar 10 11:13:59 2006
From: omar at westside.urbanblight.com (Omar Thameen)
Date: Fri, 10 Mar 2006 11:13:59 -0500
Subject: [nycbug-talk] Where are all the Philly BSDers?
Message-ID: <20060310161359.GA34271@biglist.com>

Hi Folks,

I've recently moved to the Philadelphia area after 10 years in 
New York, and I just can't find where the BSD folks are hanging
out.  Specifically, I'm looking to hire a (Free)BSD systems
administrator, but am getting very little response from local
resources like Craigslist, the Philadelphia Linux Users Group 
(couldn't find a Philly-BUG), and area schools.  Sadly, if
you search for "philadelphia freebsd," the first five results
are my job posts (the company is BIGLIST).

So, my questions are these:

- Can anyone suggest any other Philadelphia-area resources to
  advertise this position?

- Any other suggestions for finding candidates?  Dice has been
  recommended, while Hotjobs and Monster have been mentioned to
  have a high ratio of unqualified responses.  Any similar or
  contrary experiences?  Where do you look for openings?

Omar



From anthony.elizondo at gmail.com  Fri Mar 10 11:47:16 2006
From: anthony.elizondo at gmail.com (Anthony Elizondo)
Date: Fri, 10 Mar 2006 11:47:16 -0500
Subject: [nycbug-talk] Where are all the Philly BSDers?
In-Reply-To: <20060310161359.GA34271@biglist.com>
References: <20060310161359.GA34271@biglist.com>
Message-ID: <a49e62c80603100847l4e36e4bdh330d88be386220f9@mail.gmail.com>

On 3/10/06, Omar Thameen <omar at westside.urbanblight.com> wrote:
> Hi Folks,
>
> I've recently moved to the Philadelphia area after 10 years in
> New York, and I just can't find where the BSD folks are hanging
> out.  Specifically, I'm looking to hire a (Free)BSD systems
> administrator, but am getting very little response from local
> resources like Craigslist, the Philadelphia Linux Users Group
> (couldn't find a Philly-BUG), and area schools.  Sadly, if
> you search for "philadelphia freebsd," the first five results
> are my job posts (the company is BIGLIST).
>
> So, my questions are these:
>
> - Can anyone suggest any other Philadelphia-area resources to
>   advertise this position?
>
> - Any other suggestions for finding candidates?  Dice has been
>   recommended, while Hotjobs and Monster have been mentioned to
>   have a high ratio of unqualified responses.  Any similar or
>   contrary experiences?  Where do you look for openings?

freebsd-jobs? http://marc.theaimsgroup.com/?l=freebsd-jobs&r=1&w=2
Perhaps you could use the Delaware Craigslist. Both of those look
pretty low traffic, though. Sorry.

You could post the job description here. The network might be larger
than you think... You could also post it on Linked In or something
similar.

I'll forward this to a few people I know in the Philly area.

> Omar

Anthony



From nomadlogic at gmail.com  Fri Mar 10 11:51:11 2006
From: nomadlogic at gmail.com (pete wright)
Date: Fri, 10 Mar 2006 08:51:11 -0800
Subject: [nycbug-talk] Where are all the Philly BSDers?
In-Reply-To: <a49e62c80603100847l4e36e4bdh330d88be386220f9@mail.gmail.com>
References: <20060310161359.GA34271@biglist.com>
	<a49e62c80603100847l4e36e4bdh330d88be386220f9@mail.gmail.com>
Message-ID: <57d710000603100851q4c28befcyd2476466a66a314e@mail.gmail.com>

On 3/10/06, Anthony Elizondo <anthony.elizondo at gmail.com> wrote:
> On 3/10/06, Omar Thameen <omar at westside.urbanblight.com> wrote:
> > Hi Folks,
> >
> > I've recently moved to the Philadelphia area after 10 years in
> > New York, and I just can't find where the BSD folks are hanging
> > out.  Specifically, I'm looking to hire a (Free)BSD systems
> > administrator, but am getting very little response from local
> > resources like Craigslist, the Philadelphia Linux Users Group
> > (couldn't find a Philly-BUG), and area schools.  Sadly, if
> > you search for "philadelphia freebsd," the first five results
> > are my job posts (the company is BIGLIST).
> >
> > So, my questions are these:
> >
> > - Can anyone suggest any other Philadelphia-area resources to
> >   advertise this position?
> >
> > - Any other suggestions for finding candidates?  Dice has been
> >   recommended, while Hotjobs and Monster have been mentioned to
> >   have a high ratio of unqualified responses.  Any similar or
> >   contrary experiences?  Where do you look for openings?
>
> freebsd-jobs? http://marc.theaimsgroup.com/?l=freebsd-jobs&r=1&w=2
> Perhaps you could use the Delaware Craigslist. Both of those look
> pretty low traffic, though. Sorry.
>
> You could post the job description here. The network might be larger
> than you think... You could also post it on Linked In or something
> similar.

please do not post job openings to talk@, use our jobs@ list for that:
http://lists.nycbug.org/mailman/listinfo/jobs

-pete


--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From njt at ayvali.org  Fri Mar 10 11:56:55 2006
From: njt at ayvali.org (N.J. Thomas)
Date: Fri, 10 Mar 2006 11:56:55 -0500
Subject: [nycbug-talk] Zeeking Zope aZZiZtanZe
In-Reply-To: <20060310012038.GA81907@sixshooter.v6.thrupoint.net>
References: <20060310012038.GA81907@sixshooter.v6.thrupoint.net>
Message-ID: <20060310165655.GH18323@ayvali.org>

* Jim Brown <jpb at sixshooter.v6.thrupoint.net> [2006-03-09 20:20:38 -0500]:
> I'm getting started on a small project and would like to do it in
> Zope+Python.  I'm looking for anyone who can help me struggle through
> the first few hurdles and give me some guidance.

This is not so much advice on how to clear hurdles as it is a plea to
not run in that particular race altogether.

Zope is one of those things that sound great in theory, and because it
is sold as a two for one with Python, people are eager to try it out. I
love Python, I use it every single day, and it never ceases to amaze me
how simple, elegant, and powerful it is.

I can't say the same for Zope though. About 4 years ago, the place I was
working for at the time had me setup up a Zope/Plone site. It took us
roughly 2-4 months to set up the site, integrate it with our
applications, debug, etc. (Even at the end of that period, we weren't
really finished, we just decided to roll it out anyway.) I wasn't
terribly pleased with Zope, since I could have done what I wanted to
with Apache, mod_python, and custom code in a quarter of the time.

Perhaps we were not using Zope/Plone to its full extent, or perhaps Zope
was not what we needed, but I heard similar stories from other Python
users. One would think that a fairly complete understanding of Python
and CGI, and HTML, and how web technologies work in general would be
sufficient to be somewhat proficient in Zope, sadly that was not the
case for us.

Perhaps Zope will work out better for you, but chalk me up as a vote
against it.

Thomas

-- 
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo


From nomadlogic at gmail.com  Fri Mar 10 12:12:07 2006
From: nomadlogic at gmail.com (pete wright)
Date: Fri, 10 Mar 2006 09:12:07 -0800
Subject: [nycbug-talk] Zeeking Zope aZZiZtanZe
In-Reply-To: <20060310165655.GH18323@ayvali.org>
References: <20060310012038.GA81907@sixshooter.v6.thrupoint.net>
	<20060310165655.GH18323@ayvali.org>
Message-ID: <57d710000603100912i234f135fn572f16330c9fa715@mail.gmail.com>

On 3/10/06, N.J. Thomas <njt at ayvali.org> wrote:
> * Jim Brown <jpb at sixshooter.v6.thrupoint.net> [2006-03-09 20:20:38 -0500]:
> > I'm getting started on a small project and would like to do it in
> > Zope+Python.  I'm looking for anyone who can help me struggle through
> > the first few hurdles and give me some guidance.
>
> This is not so much advice on how to clear hurdles as it is a plea to
> not run in that particular race altogether.
>
> Zope is one of those things that sound great in theory, and because it
> is sold as a two for one with Python, people are eager to try it out. I
> love Python, I use it every single day, and it never ceases to amaze me
> how simple, elegant, and powerful it is.
>
> I can't say the same for Zope though. About 4 years ago, the place I was
> working for at the time had me setup up a Zope/Plone site. It took us
> roughly 2-4 months to set up the site, integrate it with our
> applications, debug, etc. (Even at the end of that period, we weren't
> really finished, we just decided to roll it out anyway.) I wasn't
> terribly pleased with Zope, since I could have done what I wanted to
> with Apache, mod_python, and custom code in a quarter of the time.
>
> Perhaps we were not using Zope/Plone to its full extent, or perhaps Zope
> was not what we needed, but I heard similar stories from other Python
> users. One would think that a fairly complete understanding of Python
> and CGI, and HTML, and how web technologies work in general would be
> sufficient to be somewhat proficient in Zope, sadly that was not the
> case for us.
>
> Perhaps Zope will work out better for you, but chalk me up as a vote
> against it.

uh oh...here comes the flame fest ;-)

heh, just kidding, although I've heard some very good things about
zope/plone; and I know there are some some hackers on this list as
well that have done some pretty awesome things with.  although granted
i'm not much of a web dev, at the end of the day i'm more of an
admin...


-p


--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From nycbug-list at 2xlp.com  Fri Mar 10 13:18:00 2006
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Fri, 10 Mar 2006 13:18:00 -0500
Subject: [nycbug-talk] Zeeking Zope aZZiZtanZe
In-Reply-To: <20060310165655.GH18323@ayvali.org>
References: <20060310012038.GA81907@sixshooter.v6.thrupoint.net>
	<20060310165655.GH18323@ayvali.org>
Message-ID: <BA6F0F54-6138-413B-8FC8-349BB7392C17@2xlp.com>


whenever you use any framework, remember that you're using a framework .

people forget that, and they run into its limits on what it was  
designed for.

there are a TON of webapp frameworks now.  even in python you now  
have turbogears, django, and a few others.

i'd suggest looking at all the frameworks, see what they're designed  
to build, and go from there.



On Mar 10, 2006, at 11:56 AM, N.J. Thomas wrote:

> I can't say the same for Zope though. About 4 years ago, the place  
> I was
> working for at the time had me setup up a Zope/Plone site. It took us
> roughly 2-4 months to set up the site, integrate it with our
> applications, debug, etc. (Even at the end of that period, we weren't
> really finished, we just decided to roll it out anyway.) I wasn't
> terribly pleased with Zope, since I could have done what I wanted to
> with Apache, mod_python, and custom code in a quarter of the time.





From lists at genoverly.net  Fri Mar 10 15:33:58 2006
From: lists at genoverly.net (michael)
Date: Fri, 10 Mar 2006 15:33:58 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <20060308201745.2a3ad45a@wit.genoverly.home>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
Message-ID: <20060310153358.320cf7a6.lists@genoverly.net>

On Wed, 8 Mar 2006 20:17:45 -0500
michael <lists at genoverly.net> wrote:

> I'm looking for a new firewall/network device.  While I like soekris..

Thanks for the suggestions, everyone.  I only left out one question:

Does anyone have a soekris 4801 for sale? 

-- 
michael



From mspitzer at gmail.com  Fri Mar 10 16:27:17 2006
From: mspitzer at gmail.com (Marc Spitzer)
Date: Fri, 10 Mar 2006 16:27:17 -0500
Subject: [nycbug-talk] saw something interesting at oracle
Message-ID: <8c50a3c30603101327i531ff9c7kb4bb040fba8a0a34@mail.gmail.com>

Well I was filling out a service ticket and in the drop down for OS
ther was 'freebsd x86' plain as day.

marc

--
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD



From g at bin-arts.com  Fri Mar 10 17:20:22 2006
From: g at bin-arts.com (Gordon Smith)
Date: Fri, 10 Mar 2006 17:20:22 -0500
Subject: [nycbug-talk] Recommendations For Data Closet Hardware
Message-ID: <0IVX003R7NDZH4I1@mta3.srv.hcvlny.cv.net>

I've been asked to spec out the hardware to be installed in the data closet
of a new small office space.  
Ultimately, we'll be implementing FreeBSD and Windows server machines in the
closet (among other things).
 
If this is an appropriate place to ask the question, I'll reply with a list
of the things I need to do with the data closet.  I wanted to see whether
any of you might have any preferences or recommendations for me to keep in
mind when outfitting the room.
 
If any other mailing lists might be more appropriate, I'd welcome your
(equally appropriate) suggestions.  Even though this is a "BSD Users Group",
I do see a lot of infrastructure-related topics coming up, so I thought,
"why not ask?"
 
Please let me know, and thanks for your help.
 
Cheers,
Gordon Smith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20060310/8454af6f/attachment.htm>

From george at sddi.net  Fri Mar 10 17:27:28 2006
From: george at sddi.net (George R.)
Date: Fri, 10 Mar 2006 17:27:28 -0500
Subject: [nycbug-talk] Recommendations For Data Closet Hardware
In-Reply-To: <0IVX003R7NDZH4I1@mta3.srv.hcvlny.cv.net>
References: <0IVX003R7NDZH4I1@mta3.srv.hcvlny.cv.net>
Message-ID: <4411FD50.9080608@sddi.net>

Gordon Smith wrote:
> I've been asked to spec out the hardware to be installed in the data
> closet of a new small office space. 
> Ultimately, we'll be implementing FreeBSD and Windows server machines in
> the closet (among other things).
>  
> If this is an appropriate place to ask the question, I'll reply with a
> list of the things I need to do with the data closet.  I wanted to see
> whether any of you might have any preferences or recommendations for me
> to keep in mind when outfitting the room.
>  
> If any other mailing lists might be more appropriate, I'd welcome your
> (equally appropriate) suggestions.  Even though this is a "BSD Users
> Group", I do see a lot of infrastructure-related topics coming up, so I
> thought, "why not ask?"
>  
> Please let me know, and thanks for your help.
>  
> Cheers,
> Gordon Smith

Greetings Gordon.

This is certainly an appropriate list for your query.  But please fill
us in as to the function of the boxes you are looking for.

Are we talking servers?  other network devices?  routers?  mail servers?

And what loads are we talking about?

Fill us in on the details. . .

George


From g at bin-arts.com  Fri Mar 10 18:05:55 2006
From: g at bin-arts.com (Gordon Smith)
Date: Fri, 10 Mar 2006 18:05:55 -0500
Subject: [nycbug-talk] Recommendations For Data Closet Hardware
In-Reply-To: <4411FD50.9080608@sddi.net>
Message-ID: <0IVX004PTPHWSRZ5@mta8.srv.hcvlny.cv.net>

Thanks, George.  I appreciate your interest.

I've been asked to spec out the hardware to be installed in the data closet
of a new small office space.  If this is an appropriate place to ask the
question, I wanted to see whether anyone might have any preferences or
recommendations for me to keep in mind when outfitting the data closet.

The network will be used for fairly generic office automation and software
development.  No more than a dozen people should be on the network at a
given time.  One fact that you might want to know about network loads:
several staff members use Groove for peer-to-peer file sharing (business
related stuff only!).

- The room will be used as a demarc for: 
    - POTS service 
    - Business cable modem service
    - Down the road, possibly one or two T1s; for now, I want to make
certain that anything that needs to be built into the premises is there to
facilitate that future direction
    - Down the road, possibly Verizon FIOS (fiber optic) service when it is
available in NJ
- For future use, the room will be outfitted with CAT5e home runs going out
to each desktop
- I need to select termination panels ("patch panels") through which we can:

    - Bring in the POTS service
    - Bring in 75 ohm coax for the business cable modem
    - Down the road, bring in T1 and/or FIOS service
    - Hook up a small business phone system and distribute phone service to
the "station" at each desktop
    - Bring an RJ45 network connection out of the cable modem and, through
the patch panel, connect it to a wireless router/access point located in the
middle of the office for optimal distribution of the signal
    - Down the road, install a hard-wired router and switch to connect to
server machines in the room, as well as hard-wired desktop machines
throughout the office.

Other info about the room:
- The room is 5' x 5' and has a door that locks with a button lock.
- The door has a ventilation grate on the lower half of the door.  I've
requested that the room be outfitted with a covered HVAC grate fed by
ductwork with a 90 degree bend close behind the grate (to keep any foreign
matter from falling through the duct into the room!).
- So far as we know, there are no water pipes over or near the room.

I've already seen several members of the group recommend vendors in the NY
Metro area who know how to configure server machines for FreeBSD 6 with RAID
1+0, and that's going to be very helpful to us; if anyone knows of such
vendors in central New Joisey, that would be even more helpful.  Any
recommendations for the patch panel, phone system or other hardware
would be appreciated, as well as any tips that might save some agony down
the road.  

Thank you for your anticipated help on this!

Cheers,
Gordon Smith 

-----Original Message-----
Greetings Gordon.

This is certainly an appropriate list for your query.  But please fill
us in as to the function of the boxes you are looking for.

Are we talking servers?  other network devices?  routers?  mail servers?

And what loads are we talking about?

Fill us in on the details. . .

George
_______________________________________________
% NYC*BUG talk mailing list
http://lists.nycbug.org/mailman/listinfo/talk
%Be sure to check out our Jobs and NYCBUG-announce lists
%We meet the first Wednesday of the month



From alex at pilosoft.com  Fri Mar 10 19:20:09 2006
From: alex at pilosoft.com (alex at pilosoft.com)
Date: Fri, 10 Mar 2006 19:20:09 -0500 (EST)
Subject: [nycbug-talk] Recommendations For Data Closet Hardware
In-Reply-To: <0IVX004PTPHWSRZ5@mta8.srv.hcvlny.cv.net>
Message-ID: <Pine.LNX.4.44.0603101913200.12894-100000@bawx.pilosoft.com>

On Fri, 10 Mar 2006, Gordon Smith wrote:

> - The room will be used as a demarc for: 
>     - POTS service 
>     - Business cable modem service
>     - Down the road, possibly one or two T1s; for now, I want to make
> certain that anything that needs to be built into the premises is there to
> facilitate that future direction
>     - Down the road, possibly Verizon FIOS (fiber optic) service when it is
> available in NJ
> - For future use, the room will be outfitted with CAT5e home runs going out
> to each desktop
The normal way for this is to have a wooden board where vendors (vz, etc)  
terminate their connections (demarc), and then you wire everything to your
rack, where you connect to your equipment. 

> - I need to select termination panels ("patch panels") through which we can:
> 
>     - Bring in the POTS service
Verizon will accept "110 block" or "66 block" for POTS dropoff. They won't 
terminate it on anything else. Get a "110 block" with a prewired 25-pair 
connector (amp rj-21x) and an AMP 25-pair patch panel (one jack=one pair) 
for distribution in a proper 19" rack.

>     - Bring in 75 ohm coax for the business cable modem
You generally don't get a choice where cableco drops off your coax or puts 
cable modem, but you can try.

>     - Down the road, bring in T1 and/or FIOS service
>     - Hook up a small business phone system and distribute phone service to
> the "station" at each desktop
Generally, small business phone systems mount directly on that wooden
board, most of them are not rackmountable.

>     - Bring an RJ45 network connection out of the cable modem and, through
> the patch panel, connect it to a wireless router/access point located in the
> middle of the office for optimal distribution of the signal
>     - Down the road, install a hard-wired router and switch to connect to
> server machines in the room, as well as hard-wired desktop machines
> throughout the office.
> 
> Other info about the room:
> - The room is 5' x 5' and has a door that locks with a button lock.
> - The door has a ventilation grate on the lower half of the door.  I've
> requested that the room be outfitted with a covered HVAC grate fed by
> ductwork with a 90 degree bend close behind the grate (to keep any foreign
> matter from falling through the duct into the room!).
> - So far as we know, there are no water pipes over or near the room.
How many servers you going to have there? If its a large number, 
overheating can be a problem.
> 
> I've already seen several members of the group recommend vendors in the
> NY Metro area who know how to configure server machines for FreeBSD 6
> with RAID 1+0, and that's going to be very helpful to us; if anyone
> knows of such vendors in central New Joisey, that would be even more
> helpful.  Any recommendations for the patch panel, phone system or other
> hardware would be appreciated, as well as any tips that might save some
> agony down the road.
everything depends on how much money you want to spend on it.

you can get decent analog phone systems on ebay now for 500-1000$. If you
want pimp new IP phones, you might consider something else.

patch panels are 50-100$ a piece at most.

your biggest expense will be to clued people putting it all together. :)

-alex




From george at sddi.net  Fri Mar 10 19:13:25 2006
From: george at sddi.net (George R.)
Date: Fri, 10 Mar 2006 19:13:25 -0500
Subject: [nycbug-talk] Recommendations For Data Closet Hardware
In-Reply-To: <Pine.LNX.4.44.0603101913200.12894-100000@bawx.pilosoft.com>
References: <Pine.LNX.4.44.0603101913200.12894-100000@bawx.pilosoft.com>
Message-ID: <44121625.5030006@sddi.net>

alex at pilosoft.com wrote:
> On Fri, 10 Mar 2006, Gordon Smith wrote:
> 
>> - The room will be used as a demarc for: 
>>     - POTS service 
>>     - Business cable modem service
>>     - Down the road, possibly one or two T1s; for now, I want to make
>> certain that anything that needs to be built into the premises is there to
>> facilitate that future direction
>>     - Down the road, possibly Verizon FIOS (fiber optic) service when it is
>> available in NJ
>> - For future use, the room will be outfitted with CAT5e home runs going out
>> to each desktop
> The normal way for this is to have a wooden board where vendors (vz, etc)  
> terminate their connections (demarc), and then you wire everything to your
> rack, where you connect to your equipment. 
> 
>> - I need to select termination panels ("patch panels") through which we can:
>>
>>     - Bring in the POTS service
> Verizon will accept "110 block" or "66 block" for POTS dropoff. They won't 
> terminate it on anything else. Get a "110 block" with a prewired 25-pair 
> connector (amp rj-21x) and an AMP 25-pair patch panel (one jack=one pair) 
> for distribution in a proper 19" rack.

see my comment below about phone system.

> 
>>     - Bring in 75 ohm coax for the business cable modem
> You generally don't get a choice where cableco drops off your coax or puts 
> cable modem, but you can try.
> 
>>     - Down the road, bring in T1 and/or FIOS service
>>     - Hook up a small business phone system and distribute phone service to
>> the "station" at each desktop
> Generally, small business phone systems mount directly on that wooden
> board, most of them are not rackmountable.
> 
>>     - Bring an RJ45 network connection out of the cable modem and, through
>> the patch panel, connect it to a wireless router/access point located in the
>> middle of the office for optimal distribution of the signal
>>     - Down the road, install a hard-wired router and switch to connect to
>> server machines in the room, as well as hard-wired desktop machines
>> throughout the office.
>>
>> Other info about the room:
>> - The room is 5' x 5' and has a door that locks with a button lock.
>> - The door has a ventilation grate on the lower half of the door.  I've
>> requested that the room be outfitted with a covered HVAC grate fed by
>> ductwork with a 90 degree bend close behind the grate (to keep any foreign
>> matter from falling through the duct into the room!).
>> - So far as we know, there are no water pipes over or near the room.
> How many servers you going to have there? If its a large number, 
> overheating can be a problem.

absolutely on the heating thing. . . sometimes management sees some type
of hvac as an 'extra', but this is completely foolish.

better to spend a few grand on this today and save the cost of labor and
equipment replacement tomorrow.

>> I've already seen several members of the group recommend vendors in the
>> NY Metro area who know how to configure server machines for FreeBSD 6
>> with RAID 1+0, and that's going to be very helpful to us; if anyone
>> knows of such vendors in central New Joisey, that would be even more
>> helpful.  Any recommendations for the patch panel, phone system or other
>> hardware would be appreciated, as well as any tips that might save some
>> agony down the road.
> everything depends on how much money you want to spend on it.
> 
> you can get decent analog phone systems on ebay now for 500-1000$. If you
> want pimp new IP phones, you might consider something else.
> 

That's one direction to go.  But with moves/adds/changes, it's another
thing to worry about onsite either by having someone who knows what they
are doing, or paying >$110 an hour for someone to deal with a key system.

But the better option, IMHO, if you are not going to go with VOIP, which
is one good option but depends strongly on your bandwidth (t1: yes, dsl:
no way, cable: maybe), is to use old-fashioned Centrex.  Old? yes,
useful for a small offices not looking to pay for regular phone support.

I assume Bell still offers that. . .

> patch panels are 50-100$ a piece at most.
> 
> your biggest expense will be to clued people putting it all together. :)
> 
> -alex

That's the truth.  And this applies to not just the technical people,
but also to the phone system people, electrical contractors, etc.

g


From lists at stringsutils.com  Sat Mar 11 11:39:10 2006
From: lists at stringsutils.com (Francisco Reyes)
Date: Sat, 11 Mar 2006 11:39:10 -0500
Subject: [nycbug-talk] Zeeking Zope aZZiZtanZe
References: <20060310012038.GA81907@sixshooter.v6.thrupoint.net>
Message-ID: <cone.1142095150.978852.42740.1000@zoraida.natserv.net>

Jim Brown writes:

> I'm getting started on a small project and would like
> to do it in Zope+Python.


What is the project?
Have you seen Django?
http://www.djangoproject.com/

Since you did not mention what the project is, hard to tell if this will be 
usefull.

I was planning to start looking at Django this weekend, but a failing server 
has other plans for me. :-(


From lists at genoverly.net  Sat Mar 11 11:54:08 2006
From: lists at genoverly.net (michael)
Date: Sat, 11 Mar 2006 11:54:08 -0500
Subject: [nycbug-talk] New Library Articles
Message-ID: <20060311115408.6a38330e@wit.genoverly.home>

There have been 3 new additions to the NYCBUG Library that some may
find interesting:

20060311 - Installing Xen and NetBSD
20060220 - Upgrading OpenBSD to latest snapshot
20060220 - OpenBSD in a virtual machine on WinXP

http://nycbug.org/index.php?NAV=Library

-- 

Michael





From kacanski_s at yahoo.com  Sat Mar 11 18:29:10 2006
From: kacanski_s at yahoo.com (Aleksandar Kacanski)
Date: Sat, 11 Mar 2006 15:29:10 -0800 (PST)
Subject: [nycbug-talk] home grown firewall solutions ...
Message-ID: <20060311232910.82506.qmail@web53602.mail.yahoo.com>

I am interested in putting together a fw solution with
following specs:

1. Multiple GiGigabitthernet (copper) interface ports
2. Any offload PCI based card for firewall or TCP
connection handling
3. Over 1 Gbps firewall throughput
4. Over 30,000 new TCP sessions per second

I need to manage HTTP traffic...
I would like to put together two or three boxes with
FreeBSD and PF, but don't know of many hardware
vendors that have some offload PCI based solutions for
FREEBSD
Anybody had experience with putting together something
like this ?
   

Aleksandar (Sasha) Kacanski

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


From bob at redivi.com  Sat Mar 11 18:29:18 2006
From: bob at redivi.com (Bob Ippolito)
Date: Sat, 11 Mar 2006 15:29:18 -0800
Subject: [nycbug-talk] Zeeking Zope aZZiZtanZe
In-Reply-To: <cone.1142095150.978852.42740.1000@zoraida.natserv.net>
References: <20060310012038.GA81907@sixshooter.v6.thrupoint.net>
	<cone.1142095150.978852.42740.1000@zoraida.natserv.net>
Message-ID: <3BD3263C-B9E5-4BA6-9245-D051C98482CC@redivi.com>


On Mar 11, 2006, at 8:39 AM, Francisco Reyes wrote:

> Jim Brown writes:
>
>> I'm getting started on a small project and would like
>> to do it in Zope+Python.
>
>
> What is the project?
> Have you seen Django?
> http://www.djangoproject.com/
>
> Since you did not mention what the project is, hard to tell if this  
> will be
> usefull.

There are a lot of ways to do a web app.  It's probably not a good  
idea to do a simple web app in Zope+Python if you don't already know  
what you're doing, because you probably won't be able to figure it  
out without help.  Something more like Django or TurboGears would  
absolutely be easier to pick up, but also aren't appropriate for all  
apps.

Something lower level like WSGI or Twisted or mod_python are  
technically appropriate for most apps, but they don't really do much  
for you beyond taking care of TCP and HTTP.

-bob



From alex at pilosoft.com  Sat Mar 11 19:47:22 2006
From: alex at pilosoft.com (alex at pilosoft.com)
Date: Sat, 11 Mar 2006 19:47:22 -0500 (EST)
Subject: [nycbug-talk] home grown firewall solutions ...
In-Reply-To: <20060311232910.82506.qmail@web53602.mail.yahoo.com>
Message-ID: <Pine.LNX.4.44.0603111937491.12894-100000@bawx.pilosoft.com>

On Sat, 11 Mar 2006, Aleksandar Kacanski wrote:

> I am interested in putting together a fw solution with
> following specs:
> 
> 1. Multiple GiGigabitthernet (copper) interface ports
> 2. Any offload PCI based card for firewall or TCP
> connection handling
> 3. Over 1 Gbps firewall throughput
> 4. Over 30,000 new TCP sessions per second
> 
> I need to manage HTTP traffic... I would like to put together two or
> three boxes with FreeBSD and PF, but don't know of many hardware vendors
> that have some offload PCI based solutions for FREEBSD Anybody had
> experience with putting together something like this ?
The answer is: you don't want to do that.

a) firewall, for filtering, does not need to have full tcp establishment
stack, or need to offload it processing. 

b) it is not rocket science to forward 1gbps of non-ddos traffic, in fact,
freebsd will work just fine out of the box on say p4/3.0. And, it'll work
just fine with a reasonable set of pf rules (say, up to 100).

c) it is, however, nontrivial to do this with pf 'keep state', if that's
what you want. if you want to keep state, you need lots of CPU power
and/or memory and/or hackery. 30000 new flows/second doesn't sound all
that bad but you will be pushing the limits. No, any kind of tcp offload
will not help.

-alex



From kacanski_s at yahoo.com  Sat Mar 11 22:04:11 2006
From: kacanski_s at yahoo.com (Aleksandar Kacanski)
Date: Sat, 11 Mar 2006 19:04:11 -0800 (PST)
Subject: [nycbug-talk] home grown firewall solutions ...
In-Reply-To: <Pine.LNX.4.44.0603111937491.12894-100000@bawx.pilosoft.com>
Message-ID: <20060312030411.87265.qmail@web53612.mail.yahoo.com>


Thank you for your response.
I happened to worry about DDOS so I am looking for
something to offload. Still I like when someone
comfirm that FBSD+PF is not rocket science to setup...
/s

--- alex at pilosoft.com wrote:

> On Sat, 11 Mar 2006, Aleksandar Kacanski wrote:
> 
> > I am interested in putting together a fw solution
> with
> > following specs:
> > 
> > 1. Multiple GiGigabitthernet (copper) interface
> ports
> > 2. Any offload PCI based card for firewall or TCP
> > connection handling
> > 3. Over 1 Gbps firewall throughput
> > 4. Over 30,000 new TCP sessions per second
> > 
> > I need to manage HTTP traffic... I would like to
> put together two or
> > three boxes with FreeBSD and PF, but don't know of
> many hardware vendors
> > that have some offload PCI based solutions for
> FREEBSD Anybody had
> > experience with putting together something like
> this ?
> The answer is: you don't want to do that.
> 
> a) firewall, for filtering, does not need to have
> full tcp establishment
> stack, or need to offload it processing. 
> 
> b) it is not rocket science to forward 1gbps of
> non-ddos traffic, in fact,
> freebsd will work just fine out of the box on say
> p4/3.0. And, it'll work
> just fine with a reasonable set of pf rules (say, up
> to 100).
> 
> c) it is, however, nontrivial to do this with pf
> 'keep state', if that's
> what you want. if you want to keep state, you need
> lots of CPU power
> and/or memory and/or hackery. 30000 new flows/second
> doesn't sound all
> that bad but you will be pushing the limits. No, any
> kind of tcp offload
> will not help.
> 
> -alex
> 
> 


Aleksandar (Sasha) Kacanski

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


From alex at pilosoft.com  Sun Mar 12 01:55:08 2006
From: alex at pilosoft.com (alex at pilosoft.com)
Date: Sun, 12 Mar 2006 01:55:08 -0500 (EST)
Subject: [nycbug-talk] home grown firewall solutions ...
In-Reply-To: <20060312030411.87265.qmail@web53612.mail.yahoo.com>
Message-ID: <Pine.LNX.4.44.0603120153180.17891-100000@bawx.pilosoft.com>

On Sat, 11 Mar 2006, Aleksandar Kacanski wrote:

> Thank you for your response. I happened to worry about DDOS so I am
> looking for something to offload. Still I like when someone comfirm that
> FBSD+PF is not rocket science to setup... /s
if you worry about ddos, do not use freebsd or linux - both use 
route-cache-like-things for packet forwarding. That means, performance in 
best case (no ddos) is good, performance in worst case (ddos, lots of 
small flows) is horrid.

-alex



From freebsd-listen at fabiankeil.de  Sun Mar 12 07:54:27 2006
From: freebsd-listen at fabiankeil.de (Fabian Keil)
Date: Sun, 12 Mar 2006 13:54:27 +0100
Subject: [nycbug-talk] home grown firewall solutions ...
In-Reply-To: <Pine.LNX.4.44.0603111937491.12894-100000@bawx.pilosoft.com>
References: <20060311232910.82506.qmail@web53602.mail.yahoo.com>
	<Pine.LNX.4.44.0603111937491.12894-100000@bawx.pilosoft.com>
Message-ID: <20060312135427.02a1debc@localhost>

alex at pilosoft.com wrote:

> c) it is, however, nontrivial to do this with pf 'keep state', if
> that's what you want. if you want to keep state, you need lots of CPU
> power and/or memory and/or hackery.

Are you sure this is true for PF?

Quote from http://kerneltrap.org/node/477:

|JA: How does pf performance compare to other stateful packet filters?
|
|Daniel Hartmeier: In the benchmarks I did and based on the feedback
|from people who compared pf with other filters on production machines,
|very well, often significantly better. In particular, we found that
|keeping state on all connections scales well and is faster than
|stateless rule evaluation.

Fabian
-- 
http://www.fabiankeil.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20060312/b2687361/attachment.bin>

From joshmccormack at travelersdiary.com  Sun Mar 12 09:27:46 2006
From: joshmccormack at travelersdiary.com (Josh McCormack)
Date: Sun, 12 Mar 2006 09:27:46 -0500
Subject: [nycbug-talk] home grown firewall solutions ...
In-Reply-To: <Pine.LNX.4.44.0603120153180.17891-100000@bawx.pilosoft.com>
References: <20060312030411.87265.qmail@web53612.mail.yahoo.com>
	<Pine.LNX.4.44.0603120153180.17891-100000@bawx.pilosoft.com>
Message-ID: <e22ad7830603120627x3de0e8a8gb1871342a339e05e@mail.gmail.com>

On 3/12/06, alex at pilosoft.com <alex at pilosoft.com> wrote:
<snip>
> if you worry about ddos, do not use freebsd or linux - both use
> route-cache-like-things for packet forwarding. That means, performance in
> best case (no ddos) is good, performance in worst case (ddos, lots of
> small flows) is horrid.
>
> -alex

Alex - could you point me in the direction of anything that explains
this further. I couldn't find anything when I searched for it, so I
think I'm leaving something critical out.

Thanks,

Josh



From alex at pilosoft.com  Sun Mar 12 12:53:12 2006
From: alex at pilosoft.com (alex at pilosoft.com)
Date: Sun, 12 Mar 2006 12:53:12 -0500 (EST)
Subject: [nycbug-talk] home grown firewall solutions ...
In-Reply-To: <20060312135427.02a1debc@localhost>
Message-ID: <Pine.LNX.4.44.0603121150560.17891-100000@bawx.pilosoft.com>

On Sun, 12 Mar 2006, Fabian Keil wrote:

> alex at pilosoft.com wrote:
> 
> > c) it is, however, nontrivial to do this with pf 'keep state', if
> > that's what you want. if you want to keep state, you need lots of CPU
> > power and/or memory and/or hackery.
> 
> Are you sure this is true for PF?
> 
> Quote from http://kerneltrap.org/node/477:
> 
> |JA: How does pf performance compare to other stateful packet filters? |
> |Daniel Hartmeier: In the benchmarks I did and based on the feedback
> |from people who compared pf with other filters on production machines,
> |very well, often significantly better. In particular, we found that
> |keeping state on all connections scales well and is faster than
> |stateless rule evaluation.
This is probably the case for non-ddos traffic. 

Here's some basic math for you. Line-rate GE traffic is 1.4mpps. In case
of ddos, this is potentially 1.4M different src/dst pairs per second. To
be able to statefully filter it, you need to at least keep in memory 30
seconds worth of traffic - that's 50M flow records. You probably need to
keep at least 50 bytes of data per flow - that's 2.5G memory requirement
right there. Now, for each packet coming in, you need to match it with a
previous flow record. That will take at least 100 comparisons. Each random
memory access is (say) 2ns. 100 comparisons = 200ns. That means, you can
match ~5M new flows per second best case. (which is more than you have to,
but you have to realize you need lots more things to do in than just
memory lookup to match flow).

Now, you need to expire flows every 30 seconds. (at least this means
reading through 2.5G every 30 seconds).

Basically...This is hard. Proper solutions would use TCAM to keep the flow
info.

-alex





From trish at bsdunix.net  Mon Mar 13 11:23:16 2006
From: trish at bsdunix.net (Trish Lynch)
Date: Mon, 13 Mar 2006 11:23:16 -0500 (EST)
Subject: [nycbug-talk] home grown firewall solutions ...
In-Reply-To: <Pine.LNX.4.44.0603111937491.12894-100000@bawx.pilosoft.com>
References: <Pine.LNX.4.44.0603111937491.12894-100000@bawx.pilosoft.com>
Message-ID: <20060313112105.C78711@daemon.bsdunix.net>

On Sat, 11 Mar 2006 alex at pilosoft.com wrote:

> On Sat, 11 Mar 2006, Aleksandar Kacanski wrote:
>
>> I am interested in putting together a fw solution with
>> following specs:
>>
>> 1. Multiple GiGigabitthernet (copper) interface ports
>> 2. Any offload PCI based card for firewall or TCP
>> connection handling
>> 3. Over 1 Gbps firewall throughput
>> 4. Over 30,000 new TCP sessions per second
>>
>> I need to manage HTTP traffic... I would like to put together two or
>> three boxes with FreeBSD and PF, but don't know of many hardware vendors
>> that have some offload PCI based solutions for FREEBSD Anybody had
>> experience with putting together something like this ?
> The answer is: you don't want to do that.
>
> a) firewall, for filtering, does not need to have full tcp establishment
> stack, or need to offload it processing.
>
> b) it is not rocket science to forward 1gbps of non-ddos traffic, in fact,
> freebsd will work just fine out of the box on say p4/3.0. And, it'll work
> just fine with a reasonable set of pf rules (say, up to 100).
>
> c) it is, however, nontrivial to do this with pf 'keep state', if that's
> what you want. if you want to keep state, you need lots of CPU power
> and/or memory and/or hackery. 30000 new flows/second doesn't sound all
> that bad but you will be pushing the limits. No, any kind of tcp offload
> will not help.
>
> -alex
>

Exactly.

The people who manage to do this within a manageable cost will become 
billionaires, in my opinion (I have some ideas on how to do this, along 
with a current work-mate, but we need funding, and until we get it, we're 
keeping our ideas under wraps, until the patents go through, as we'd like 
to keep our money.

Lets just say, it *is* non-trivial to keep track of this amount of flows 
and state of each, but it can be simplified, and the hackery is nothing 
short of magic :)

-Trish



-- 
Trish Lynch					   trish at bsdunix.net
Ecartis Core Team 			      trish at listmistress.org
Key fingerprint = 781D 2B47 AA4B FC88 B919  0CD6 26B2 1D62 6FC1 FF16


From trish at bsdunix.net  Mon Mar 13 11:27:44 2006
From: trish at bsdunix.net (Trish Lynch)
Date: Mon, 13 Mar 2006 11:27:44 -0500 (EST)
Subject: [nycbug-talk] home grown firewall solutions ...
In-Reply-To: <Pine.LNX.4.44.0603121150560.17891-100000@bawx.pilosoft.com>
References: <Pine.LNX.4.44.0603121150560.17891-100000@bawx.pilosoft.com>
Message-ID: <20060313112418.M78711@daemon.bsdunix.net>

On Sun, 12 Mar 2006 alex at pilosoft.com wrote:

> On Sun, 12 Mar 2006, Fabian Keil wrote:
>
>> alex at pilosoft.com wrote:
>>
>>> c) it is, however, nontrivial to do this with pf 'keep state', if
>>> that's what you want. if you want to keep state, you need lots of CPU
>>> power and/or memory and/or hackery.
>>
>> Are you sure this is true for PF?
>>
>> Quote from http://kerneltrap.org/node/477:
>>
>> |JA: How does pf performance compare to other stateful packet filters? |
>> |Daniel Hartmeier: In the benchmarks I did and based on the feedback
>> |from people who compared pf with other filters on production machines,
>> |very well, often significantly better. In particular, we found that
>> |keeping state on all connections scales well and is faster than
>> |stateless rule evaluation.
> This is probably the case for non-ddos traffic.
>
> Here's some basic math for you. Line-rate GE traffic is 1.4mpps. In case
> of ddos, this is potentially 1.4M different src/dst pairs per second. To
> be able to statefully filter it, you need to at least keep in memory 30
> seconds worth of traffic - that's 50M flow records. You probably need to
> keep at least 50 bytes of data per flow - that's 2.5G memory requirement
> right there. Now, for each packet coming in, you need to match it with a
> previous flow record. That will take at least 100 comparisons. Each random
> memory access is (say) 2ns. 100 comparisons = 200ns. That means, you can
> match ~5M new flows per second best case. (which is more than you have to,
> but you have to realize you need lots more things to do in than just
> memory lookup to match flow).
>
> Now, you need to expire flows every 30 seconds. (at least this means
> reading through 2.5G every 30 seconds).
>
> Basically...This is hard. Proper solutions would use TCAM to keep the flow
> info.
>
> -alex
>

Or you could start to group flow info as well, instead of keeping state of 
individual connections, you could keep state of groups of connections 
through certain flows. You can ignore other flows as well, and just simply 
drop others on the floor.... or not do anthing at all with them. the trick 
is to know what to do with what.... something we deal with on a day to day 
basis at one of the largest voice and video chat providers in the world...

If only the device was intelligent enough to decide what to do with these 
things :)

-Trish



-- 
Trish Lynch					   trish at bsdunix.net
Ecartis Core Team 			      trish at listmistress.org
Key fingerprint = 781D 2B47 AA4B FC88 B919  0CD6 26B2 1D62 6FC1 FF16


From alex at pilosoft.com  Mon Mar 13 12:38:19 2006
From: alex at pilosoft.com (alex at pilosoft.com)
Date: Mon, 13 Mar 2006 12:38:19 -0500 (EST)
Subject: [nycbug-talk] home grown firewall solutions ...
In-Reply-To: <20060313112105.C78711@daemon.bsdunix.net>
Message-ID: <Pine.LNX.4.44.0603131233250.12894-100000@bawx.pilosoft.com>

On Mon, 13 Mar 2006, Trish Lynch wrote:

> The people who manage to do this within a manageable cost will become
> billionaires, in my opinion (I have some ideas on how to do this, along
> with a current work-mate, but we need funding, and until we get it,
> we're keeping our ideas under wraps, until the patents go through, as
> we'd like to keep our money.
> 
> Lets just say, it *is* non-trivial to keep track of this amount of flows
> and state of each, but it can be simplified, and the hackery is nothing
> short of magic :)
I'll put it this way. It is non-trivial, but it ain't rocket science
either. Anyone with CS degree should be able to figure out algorithms that
work. My personal opinion is that it is impractical to do this on
general-purpose hardware (without some sort of parallelization schemes).

Then again, look at what Mazu are doing with Click...

-alex



From nycbug-list at 2xlp.com  Tue Mar 14 12:54:53 2006
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Tue, 14 Mar 2006 12:54:53 -0500
Subject: [nycbug-talk] (OT) Postgres Migration
Message-ID: <06D1696B-04B1-493C-8BD6-BA6B17661489@2xlp.com>

I'm migrating from MySQL to Postgres, which I know a bunch of people  
here use

My schema has 161 tables, and heavy use of foreign key constraints.   
the perl script migration utilities out there do an okay job, and I  
can get by with editing the schema dump from there...

but i've run into this one issue - postgres doesn't like it when i  
add a table w/a constraint check that doesn't exist yet.

right now, i'm recursing backwards, and entering the least dependant  
tables first.

just wondering if anyone knows a way to defer constraint checks  
during a transaction - the only docs i could find let one do that on  
a per table basis in the definition - so it would seem that I'd  
create the table with a defferred check, then edit it to not have the  
constraint.  not fun.

if anyone has a pointer, i'd be grateful.


From bob at redivi.com  Tue Mar 14 14:08:56 2006
From: bob at redivi.com (Bob Ippolito)
Date: Tue, 14 Mar 2006 11:08:56 -0800
Subject: [nycbug-talk] (OT) Postgres Migration
In-Reply-To: <06D1696B-04B1-493C-8BD6-BA6B17661489@2xlp.com>
References: <06D1696B-04B1-493C-8BD6-BA6B17661489@2xlp.com>
Message-ID: <C3647018-8D7D-4280-B99C-AD854F4DA715@redivi.com>


On Mar 14, 2006, at 9:54 AM, Jonathan Vanasco wrote:

> I'm migrating from MySQL to Postgres, which I know a bunch of people
> here use
>
> My schema has 161 tables, and heavy use of foreign key constraints.
> the perl script migration utilities out there do an okay job, and I
> can get by with editing the schema dump from there...
>
> but i've run into this one issue - postgres doesn't like it when i
> add a table w/a constraint check that doesn't exist yet.
>
> right now, i'm recursing backwards, and entering the least dependant
> tables first.

CREATE all of the tables first then add the foreign key constraints  
with ALTER TABLE.

http://www.postgresql.org/docs/8.1/interactive/sql-altertable.html
http://www.postgresql.org/docs/8.1/interactive/sql-createtable.html

> just wondering if anyone knows a way to defer constraint checks
> during a transaction - the only docs i could find let one do that on
> a per table basis in the definition - so it would seem that I'd
> create the table with a defferred check, then edit it to not have the
> constraint.  not fun.

You can only do it on a per constraint basis, and only for foreign  
keys.  Either the docs you found were wrong or you read them  
incorrectly.

You can specify whether they're deferred or not by default when you  
create them, but you can change that at runtime with SET CONSTRAINTS.

http://www.postgresql.org/docs/8.1/interactive/sql-set-constraints.html

-bob



From lists at stringsutils.com  Tue Mar 14 18:43:19 2006
From: lists at stringsutils.com (Francisco Reyes)
Date: Tue, 14 Mar 2006 18:43:19 -0500
Subject: [nycbug-talk] soho firewall
References: <20060308201745.2a3ad45a@wit.genoverly.home>
	<20060309141533.GA18749@sta.duo>
Message-ID: <cone.1142379799.406554.32490.5001@35st-server.simplicato.com>

George Georgalis writes:

> http://solarpc.com/

That looks interesting.. Can it run FreeBSD... or any BSD?



From huyslogic at gmail.com  Tue Mar 14 19:58:57 2006
From: huyslogic at gmail.com (Huy Ton That)
Date: Tue, 14 Mar 2006 19:58:57 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <cone.1142379799.406554.32490.5001@35st-server.simplicato.com>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
	<20060309141533.GA18749@sta.duo>
	<cone.1142379799.406554.32490.5001@35st-server.simplicato.com>
Message-ID: <1cac28080603141658n28179809ia791a9306ee3f4e5@mail.gmail.com>

That looks awesome, let me know if you find anything out in regards to it
please :)

On 3/14/06, Francisco Reyes <lists at stringsutils.com> wrote:
>
> George Georgalis writes:
>
> > http://solarpc.com/
>
> That looks interesting.. Can it run FreeBSD... or any BSD?
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20060314/d44d9b6b/attachment.htm>

From jpb at sixshooter.v6.thrupoint.net  Thu Mar 16 08:55:41 2006
From: jpb at sixshooter.v6.thrupoint.net (Jim Brown)
Date: Thu, 16 Mar 2006 08:55:41 -0500
Subject: [nycbug-talk] Network Performance Testing
Message-ID: <20060316135541.GA24751@sixshooter.v6.thrupoint.net>

Hi All,

A friend is trying to stress a gig-E interface.
He doesn't have a SmartBits box, and is trying to use
BSD to generate lots of traffic.

How would you generate a traffic flood?

fping? chargen?  We need the best flodding possible.

And how would you set it up with the least latency?

If other FOSS  solutions are available, let me know.

Thanks,
Jim B.

PS- Yes this is a lab.  No we are not flooding the Net.





From scottro at nyc.rr.com  Thu Mar 16 12:04:19 2006
From: scottro at nyc.rr.com (Scott Robbins)
Date: Thu, 16 Mar 2006 12:04:19 -0500
Subject: [nycbug-talk] Problem with Mac OS X
Message-ID: <20060316170419.GA28413@uws1.starlofashions.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I know this isn't a Mac list, but I know there are some Mac gurus here,
and I feel more at home here.  :)

Anyway, one of our graphic designers recently developed a problem with
her machine.  She's running Tiger, and a day or so before that, we
upgraded her Adobe Creative Suite to CSII.  However, a day passed before
this issue arose. 

Now, when she starts Safari, or some other programs, including Disk
Utilities, Activity monitor, iPod (yes, it's allowed, the designers get
what they want), top will show (the terminal isn't one of the apps that
causes this) 0.0% CPU idle time and the application will simply hang
with that revolving colored ball.  If I log on the same machine as
another user, this doesn't occur, even if I open up Illustrator and
Photoshop as well as several other applications.  

I tried the suggestions that I found while googling, repairing file
permissions, booting from the install CD and repairing disk, forcing
periodic, and running update_prebinding.

I don't know enough about Macs to know if I'm missing something obvious,
and I'm not quite sure what other information will help here.  If anyone
could give me suggestions, I'd be grateful.

Thanks
 



- -- 

Scott Robbins

GPG KeyID EB3467D6
( 1B848 077D 66F6 9DB0 FDC2  A409 FA54 D575 EB34 67D6)
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Drusilla: Your face is a poem. I can read it. 
Xander: It doesn't say 'spare me' by any chance? 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFEGZqT+lTVdes0Z9YRAmJyAJ4y7eJxTQ6lEVWuKpLr1+UjZuRJHQCcCO9p
iM5klbFST3+zfq3m0EYSoT8=
=v2Hi
-----END PGP SIGNATURE-----


From kit at kithalsted.com  Thu Mar 16 12:28:11 2006
From: kit at kithalsted.com (Kit Halsted)
Date: Thu, 16 Mar 2006 12:28:11 -0500
Subject: [nycbug-talk] Problem with Mac OS X
In-Reply-To: <20060316170419.GA28413@uws1.starlofashions.com>
References: <20060316170419.GA28413@uws1.starlofashions.com>
Message-ID: <p06002022c03f4f49f130@[10.0.1.119]>

Log in as root, or maybe just an admin user, then run all the Adobe 
apps. (Just open 'em, then quit.) Log out. Log back in as designer & 
see if it works. Also try updating all of the Adobe apps w/ the Adobe 
updater app. After updating, run them as admin/root again. (Any time 
you update Adobe apps on OS X, run them as root first.)

Not sure if that will solve your problems, it could be a corrupted 
account, but it's a start & it fixes a lot of glitchy stuff with 
Adobe products.

HTH,
-Kit

At 12:04 PM -0500 3/16/06, Scott Robbins wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I know this isn't a Mac list, but I know there are some Mac gurus here,
>and I feel more at home here.  :)
>
>Anyway, one of our graphic designers recently developed a problem with
>her machine.  She's running Tiger, and a day or so before that, we
>upgraded her Adobe Creative Suite to CSII.  However, a day passed before
>this issue arose.
>
>Now, when she starts Safari, or some other programs, including Disk
>Utilities, Activity monitor, iPod (yes, it's allowed, the designers get
>what they want), top will show (the terminal isn't one of the apps that
>causes this) 0.0% CPU idle time and the application will simply hang
>with that revolving colored ball.  If I log on the same machine as
>another user, this doesn't occur, even if I open up Illustrator and
>Photoshop as well as several other applications. 
>
>I tried the suggestions that I found while googling, repairing file
>permissions, booting from the install CD and repairing disk, forcing
>periodic, and running update_prebinding.
>
>I don't know enough about Macs to know if I'm missing something obvious,
>and I'm not quite sure what other information will help here.  If anyone
>could give me suggestions, I'd be grateful.
>
>Thanks



From bschonhorst at gmail.com  Thu Mar 16 12:58:08 2006
From: bschonhorst at gmail.com (Brad Schonhorst)
Date: Thu, 16 Mar 2006 12:58:08 -0500
Subject: [nycbug-talk] Problem with Mac OS X
In-Reply-To: <20060316170419.GA28413@uws1.starlofashions.com>
References: <20060316170419.GA28413@uws1.starlofashions.com>
Message-ID: <7708fd680603160958u773f7dd3te9f58adf940e65f9@mail.gmail.com>

On 3/16/06, Scott Robbins <scottro at nyc.rr.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I know this isn't a Mac list, but I know there are some Mac gurus here,
> and I feel more at home here.  :)
>
> Anyway, one of our graphic designers recently developed a problem with
> her machine.  She's running Tiger, and a day or so before that, we
> upgraded her Adobe Creative Suite to CSII.  However, a day passed before
> this issue arose.
>
> Now, when she starts Safari, or some other programs, including Disk
> Utilities, Activity monitor, iPod (yes, it's allowed, the designers get
> what they want), top will show (the terminal isn't one of the apps that
> causes this) 0.0% CPU idle time and the application will simply hang
> with that revolving colored ball.  If I log on the same machine as
> another user, this doesn't occur, even if I open up Illustrator and
> Photoshop as well as several other applications.
>
> I tried the suggestions that I found while googling, repairing file
> permissions, booting from the install CD and repairing disk, forcing
> periodic, and running update_prebinding.
>
> I don't know enough about Macs to know if I'm missing something obvious,
> and I'm not quite sure what other information will help here.  If anyone
> could give me suggestions, I'd be grateful.
>

My first guess would be corrupted preference files for the app. 
Especially if the same app works for other users on the same computer.
 Preferences are stored in a few places, for an individual user check
here first:

/Users/<username>/Library/Preferences/
/Users/<username>/Library/Application\ Support/<name_of_program

I would first quit the app (or stop it from trying to start), then
move the preferences or folders you find to a temporary folder, and
try to launch the app again.

If you use managed accounts you should also check the  local copy of
the user's prefs that gets copied at login time.   These get recopied
when the user logs back in so just trash the users folder here:

/Library/Managed\ Preferences/<usernaem>

I see this alot with Micorsoft and Macromedia products, usually not so
much with Adobe but you never know.

-Brad



From scottro at nyc.rr.com  Thu Mar 16 13:22:47 2006
From: scottro at nyc.rr.com (Scott Robbins)
Date: Thu, 16 Mar 2006 13:22:47 -0500
Subject: [nycbug-talk] Problem with Mac OS X
In-Reply-To: <p06002022c03f4f49f130@[10.0.1.119]>
References: <20060316170419.GA28413@uws1.starlofashions.com>
	<p06002022c03f4f49f130@[10.0.1.119]>
Message-ID: <20060316182247.GA47270@uws1.starlofashions.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Mar 16, 2006 at 12:28:11PM -0500, Kit Halsted wrote:
> Log in as root, or maybe just an admin user, then run all the Adobe apps. (Just 
> open 'em, then quit.) Log out. Log back in as designer & see if it works. Also 
> try updating all of the Adobe apps w/ the Adobe updater app. After updating, 
> run them as admin/root again. (Any time you update Adobe apps on OS X, run them 
> as root first.)
> 
> Not sure if that will solve your problems, it could be a corrupted account, but 
> it's a start & it fixes a lot of glitchy stuff with Adobe products.


Bless you Kit, doing that fixed it.  Firstly, I logged in as
Administrator, then, I ran the Adobe Updater.  After that, I opened and
closed the various CSII apps.

I then logged in as the user and everything was fine. 

I had Brad's suggestion next in line but this time, it wasn't necessary.
However, Brad, I'm sure, knowing our users, that it will be handy sooner
or later, and will make me look good.

Once again, this list has made me look good at work, and I thank both of
you. 



- -- 

Scott

GPG KeyID EB3467D6
( 1B848 077D 66F6 9DB0 FDC2  A409 FA54 D575 EB34 67D6)
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Willow: You're thinking too much. Maybe you need to be
impulsive.
Buffy: Impulsive? Do you remember my ex-boyfriend? The vampire? I
slept
with him, he lost his soul, and now my boyfriend's gone forever and
the demon
that wears his face is killing my friends. The next impulsive decision
I make will
be my choice of dentures.
Willow: Okay. The Angel thing went badly. I'm on board with that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFEGaz3+lTVdes0Z9YRAia7AJ4nYINxGT6xcIx3UFZt8tlb+3jI8wCgmDV0
Ir8fq+kPxW28BO/K3mI2Tr8=
=dXkt
-----END PGP SIGNATURE-----


From mikel.king at ocsny.com  Thu Mar 16 13:44:40 2006
From: mikel.king at ocsny.com (Mikel King)
Date: Thu, 16 Mar 2006 13:44:40 -0500
Subject: [nycbug-talk] Not Quite Dead Yet
Message-ID: <2998250C-D2D5-4F2C-BAFE-BBD42F4702C5@ocsny.com>

A short editorial about Daemon News itself.

Cheers,
Mikel King
CIO, Director of Network Operations
Optimized Computer Solutions, INC
Tech Alliance, INC
39 West Fourteenth Street
Second Floor
New York, NY 10011
http://www.ocsny.com
http://www.techally.com
t: 212.727.2100x132
+------------------------------------------+
How do you spell cooperation? Pessimists use
each other, but optimists help each other.
Collaboration feeds your spirit, while
competition only stokes your ego. You'll
find the best way to get along.
+------------------------------------------+






From george at sddi.net  Thu Mar 16 13:55:27 2006
From: george at sddi.net (George R.)
Date: Thu, 16 Mar 2006 13:55:27 -0500
Subject: [nycbug-talk] Not Quite Dead Yet
In-Reply-To: <2998250C-D2D5-4F2C-BAFE-BBD42F4702C5@ocsny.com>
References: <2998250C-D2D5-4F2C-BAFE-BBD42F4702C5@ocsny.com>
Message-ID: <4419B49F.9020604@sddi.net>

Mikel King wrote:
> A short editorial about Daemon News itself.
> 

Assume this is the link you meant to provide:

http://ezine.daemonnews.org/200603/editorial.html

g


From riegersteve at gmail.com  Thu Mar 16 15:34:35 2006
From: riegersteve at gmail.com (Steve Rieger)
Date: Thu, 16 Mar 2006 12:34:35 -0800
Subject: [nycbug-talk] postfix question
Message-ID: <4419CBDB.1060106@gmail.com>

am trying to setup postfix to relay all mail through gmail (yes it not 
right) below are the error logs, and postconf -n.

Mar 16 12:30:11 tiger postfix/postfix-script: refreshing the Postfix 
mail system
Mar 16 12:30:11 tiger postfix/master[55]: reload configuration
Mar 16 12:30:32 tiger postfix/pickup[26986]: 4AD6016D0F8: uid=0 from=<root>
Mar 16 12:30:32 tiger postfix/cleanup[26994]: 4AD6016D0F8: 
message-id=<20060316203032.4AD6016D0F8 at tiger.up-south.com>
Mar 16 12:30:32 tiger postfix/qmgr[26987]: 4AD6016D0F8: 
from=<root at tiger.up-south.com>, size=28425, nrcpt=1 (queue active)
Mar 16 12:30:32 tiger postfix/smtp[26996]: warning: Only sdbm: type 
allowed for btree:/var/run/smtp_tls_session_cache
Mar 16 12:30:32 tiger postfix/smtp[26996]: warning: Could not open 
session cache btree:/var/run/smtp_tls_session_cache
Mar 16 12:30:32 tiger postfix/smtp[26996]: verify error:num=20:unable to 
get local issuer certificate
Mar 16 12:30:32 tiger postfix/smtp[26996]: verify 
error:num=27:certificate not trusted
Mar 16 12:30:32 tiger postfix/smtp[26996]: verify error:num=21:unable to 
verify the first certificate
Mar 16 12:30:33 tiger postfix/qmgr[26987]: warning: premature 
end-of-input on private/smtp socket while reading input attribute name
Mar 16 12:30:33 tiger postfix/master[55]: warning: process 
/usr/libexec/postfix/smtp pid 26996 killed by signal 10
Mar 16 12:30:33 tiger postfix/qmgr[26987]: warning: private/smtp socket: 
malformed response
Mar 16 12:30:33 tiger postfix/master[55]: warning: 
/usr/libexec/postfix/smtp: bad command startup -- throttling
Mar 16 12:30:33 tiger postfix/qmgr[26987]: warning: transport smtp 
failure -- see a previous warning/fatal/panic logfile record for the 
problem description
Mar 16 12:31:12 tiger postfix/pickup[26986]: 4130616D105: uid=0 from=<root>
Mar 16 12:31:12 tiger postfix/cleanup[26994]: 4130616D105: 
message-id=<20060316203112.4130616D105 at tiger.up-south.com>
Mar 16 12:31:12 tiger postfix/qmgr[26987]: 4130616D105: 
from=<root at tiger.up-south.com>, size=28417, nrcpt=1 (queue active)
Mar 16 12:31:33 tiger postfix/smtp[27019]: warning: Only sdbm: type 
allowed for btree:/var/run/smtp_tls_session_cache
Mar 16 12:31:33 tiger postfix/smtp[27019]: warning: Could not open 
session cache btree:/var/run/smtp_tls_session_cache
Mar 16 12:31:33 tiger postfix/smtp[27019]: verify error:num=20:unable to 
get local issuer certificate
Mar 16 12:31:33 tiger postfix/smtp[27019]: verify 
error:num=27:certificate not trusted
Mar 16 12:31:34 tiger postfix/smtp[27019]: verify error:num=21:unable to 
verify the first certificate
Mar 16 12:31:35 tiger postfix/qmgr[26987]: warning: premature 
end-of-input on private/smtp socket while reading input attribute name
Mar 16 12:31:35 tiger postfix/master[55]: warning: process 
/usr/libexec/postfix/smtp pid 27019 killed by signal 10
Mar 16 12:31:35 tiger postfix/qmgr[26987]: warning: private/smtp socket: 
malformed response
Mar 16 12:31:35 tiger postfix/master[55]: warning: 
/usr/libexec/postfix/smtp: bad command startup -- throttling
Mar 16 12:31:35 tiger postfix/qmgr[26987]: warning: transport smtp 
failure -- see a previous warning/fatal/panic logfile record for the 
problem description


tiger:/etc/postfix root# postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_dns_lookups = yes
enable_server_options = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydomain_fallback = localhost
myhostname = tiger.up-south.com
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = [smtp.gmail.com]
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
smtp_tls_key_file = /etc/postfix/FOO-key.pem
smtp_tls_loglevel = 1
smtp_tls_per_site = hash:/etc/postfix/tls_per_site
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_auth_enable = no
smtpd_sasl_local_domain = $myhostname
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
smtpd_tls_key_file = /etc/postfix/FOO-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550

-- 
--
Steve Rieger
310-339-4355      (cell)
3394355 at gmail.com (pager)


From quigon at hacktek.com  Thu Mar 16 19:41:33 2006
From: quigon at hacktek.com (QuiGon)
Date: Thu, 16 Mar 2006 19:41:33 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <1cac28080603141658n28179809ia791a9306ee3f4e5@mail.gmail.com>
References: <20060308201745.2a3ad45a@wit.genoverly.home>	<20060309141533.GA18749@sta.duo>	<cone.1142379799.406554.32490.5001@35st-server.simplicato.com>
	<1cac28080603141658n28179809ia791a9306ee3f4e5@mail.gmail.com>
Message-ID: <441A05BD.2040503@hacktek.com>

I have one of the boards that runs that box.  Windows XP and Linux both
run great on it, so I fail to see why any x86 based BSD (with the
exception of OSX86) wouldn't run on it.



Huy Ton That wrote:

> That looks awesome, let me know if you find anything out in regards to
> it please :)
>
> On 3/14/06, *Francisco Reyes* < lists at stringsutils.com
> <mailto:lists at stringsutils.com>> wrote:
>
>     George Georgalis writes:
>
>     > http://solarpc.com/
>
>     That looks interesting.. Can it run FreeBSD... or any BSD?
>
>     _______________________________________________
>     % NYC*BUG talk mailing list
>     http://lists.nycbug.org/mailman/listinfo/talk
>     %Be sure to check out our Jobs and NYCBUG-announce lists
>     %We meet the first Wednesday of the month
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>% NYC*BUG talk mailing list
>http://lists.nycbug.org/mailman/listinfo/talk
>%Be sure to check out our Jobs and NYCBUG-announce lists
>%We meet the first Wednesday of the month
>  
>



From kit at kithalsted.com  Thu Mar 16 19:59:27 2006
From: kit at kithalsted.com (Kit Halsted)
Date: Thu, 16 Mar 2006 19:59:27 -0500
Subject: [nycbug-talk] Problem with Mac OS X
In-Reply-To: <20060316182247.GA47270@uws1.starlofashions.com>
References: <20060316170419.GA28413@uws1.starlofashions.com>
	<p06002022c03f4f49f130@[10.0.1.119]>
	<20060316182247.GA47270@uws1.starlofashions.com>
Message-ID: <p0600202ac03fba2dfea2@[10.0.1.119]>

Glad to help. Now, if you know anybody who's looking to hire a Mac geek... ;)

Cheers,
-Kit

At 1:22 PM -0500 3/16/06, Scott Robbins wrote:
<...>
>Bless you Kit, doing that fixed it.
<...>



From max at neuropunks.org  Thu Mar 16 21:41:27 2006
From: max at neuropunks.org (Max Gribov)
Date: Thu, 16 Mar 2006 21:41:27 -0500
Subject: [nycbug-talk] postfix question
In-Reply-To: <4419CBDB.1060106@gmail.com>
References: <4419CBDB.1060106@gmail.com>
Message-ID: <441A21D7.2050100@neuropunks.org>

a shot in the dark..
heres my config, i know my ssl works for sure..
---

alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
empty_address_recipient = MAILER-DAEMON
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 38.117.144.218, 127.0.0.1, 69.31.43.10
local_recipient_maps = $alias_maps, unix:passwd.byname,
$virtual_mailbox_maps, $virtual_mailbox_domains, $virtual_alias_maps
local_transport = local
mail_owner = postfix
mailbox_command = /usr/local/bin/procmail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 2w
mydestination = $myhostname, $mydomain, mailman.$mydomain
mydomain = neuropunks.org
myhostname = finn.neuropunks.org
mynetworks = 38.117.144.218/32, 69.31.43.10/32, 127.0.0.1/32
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/readme
recipient_delimiter = +
relay_domains = /etc/postfix/relay-domains
sample_directory = /etc/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = hash:/etc/postfix/access, permit_mynetworks,
permit_sasl_authenticated,  reject_rbl_client relays.ordb.org,
reject_rbl_client
opm.blitzed.org,reject_invalid_hostname,reject_unknown_sender_domain,
reject_non_fqdn_sender
smtpd_helo_required = yes
smtpd_helo_restrictions = hash:/etc/postfix/access, permit_mynetworks,
permit_sasl_authenticated, reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org
smtpd_recipient_restrictions = hash:/etc/postfix/access,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,
reject_invalid_hostname, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unlisted_recipient,
reject_unverified_recipient, reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = hash:/etc/postfix/access, permit_mynetworks,
permit_sasl_authenticated, reject_unlisted_sender,
reject_invalid_hostname, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org
smtpd_tls_CAfile = $smtpd_tls_cert_file
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/postfix/certs/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550




Steve Rieger wrote:

>am trying to setup postfix to relay all mail through gmail (yes it not 
>right) below are the error logs, and postconf -n.
>
>Mar 16 12:30:11 tiger postfix/postfix-script: refreshing the Postfix 
>mail system
>Mar 16 12:30:11 tiger postfix/master[55]: reload configuration
>Mar 16 12:30:32 tiger postfix/pickup[26986]: 4AD6016D0F8: uid=0 from=<root>
>Mar 16 12:30:32 tiger postfix/cleanup[26994]: 4AD6016D0F8: 
>message-id=<20060316203032.4AD6016D0F8 at tiger.up-south.com>
>Mar 16 12:30:32 tiger postfix/qmgr[26987]: 4AD6016D0F8: 
>from=<root at tiger.up-south.com>, size=28425, nrcpt=1 (queue active)
>Mar 16 12:30:32 tiger postfix/smtp[26996]: warning: Only sdbm: type 
>allowed for btree:/var/run/smtp_tls_session_cache
>Mar 16 12:30:32 tiger postfix/smtp[26996]: warning: Could not open 
>session cache btree:/var/run/smtp_tls_session_cache
>Mar 16 12:30:32 tiger postfix/smtp[26996]: verify error:num=20:unable to 
>get local issuer certificate
>Mar 16 12:30:32 tiger postfix/smtp[26996]: verify 
>error:num=27:certificate not trusted
>Mar 16 12:30:32 tiger postfix/smtp[26996]: verify error:num=21:unable to 
>verify the first certificate
>Mar 16 12:30:33 tiger postfix/qmgr[26987]: warning: premature 
>end-of-input on private/smtp socket while reading input attribute name
>Mar 16 12:30:33 tiger postfix/master[55]: warning: process 
>/usr/libexec/postfix/smtp pid 26996 killed by signal 10
>Mar 16 12:30:33 tiger postfix/qmgr[26987]: warning: private/smtp socket: 
>malformed response
>Mar 16 12:30:33 tiger postfix/master[55]: warning: 
>/usr/libexec/postfix/smtp: bad command startup -- throttling
>Mar 16 12:30:33 tiger postfix/qmgr[26987]: warning: transport smtp 
>failure -- see a previous warning/fatal/panic logfile record for the 
>problem description
>Mar 16 12:31:12 tiger postfix/pickup[26986]: 4130616D105: uid=0 from=<root>
>Mar 16 12:31:12 tiger postfix/cleanup[26994]: 4130616D105: 
>message-id=<20060316203112.4130616D105 at tiger.up-south.com>
>Mar 16 12:31:12 tiger postfix/qmgr[26987]: 4130616D105: 
>from=<root at tiger.up-south.com>, size=28417, nrcpt=1 (queue active)
>Mar 16 12:31:33 tiger postfix/smtp[27019]: warning: Only sdbm: type 
>allowed for btree:/var/run/smtp_tls_session_cache
>Mar 16 12:31:33 tiger postfix/smtp[27019]: warning: Could not open 
>session cache btree:/var/run/smtp_tls_session_cache
>Mar 16 12:31:33 tiger postfix/smtp[27019]: verify error:num=20:unable to 
>get local issuer certificate
>Mar 16 12:31:33 tiger postfix/smtp[27019]: verify 
>error:num=27:certificate not trusted
>Mar 16 12:31:34 tiger postfix/smtp[27019]: verify error:num=21:unable to 
>verify the first certificate
>Mar 16 12:31:35 tiger postfix/qmgr[26987]: warning: premature 
>end-of-input on private/smtp socket while reading input attribute name
>Mar 16 12:31:35 tiger postfix/master[55]: warning: process 
>/usr/libexec/postfix/smtp pid 27019 killed by signal 10
>Mar 16 12:31:35 tiger postfix/qmgr[26987]: warning: private/smtp socket: 
>malformed response
>Mar 16 12:31:35 tiger postfix/master[55]: warning: 
>/usr/libexec/postfix/smtp: bad command startup -- throttling
>Mar 16 12:31:35 tiger postfix/qmgr[26987]: warning: transport smtp 
>failure -- see a previous warning/fatal/panic logfile record for the 
>problem description
>
>
>tiger:/etc/postfix root# postconf -n
>command_directory = /usr/sbin
>config_directory = /etc/postfix
>daemon_directory = /usr/libexec/postfix
>debug_peer_level = 2
>disable_dns_lookups = yes
>enable_server_options = yes
>html_directory = no
>inet_interfaces = all
>mail_owner = postfix
>mailbox_size_limit = 0
>mailbox_transport = cyrus
>mailq_path = /usr/bin/mailq
>manpage_directory = /usr/share/man
>mydomain_fallback = localhost
>myhostname = tiger.up-south.com
>mynetworks_style = host
>newaliases_path = /usr/bin/newaliases
>queue_directory = /private/var/spool/postfix
>readme_directory = /usr/share/doc/postfix
>relayhost = [smtp.gmail.com]
>sample_directory = /usr/share/doc/postfix/examples
>sendmail_path = /usr/sbin/sendmail
>setgid_group = postdrop
>smtp_sasl_auth_enable = yes
>smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>smtp_sasl_security_options = noanonymous
>smtp_sasl_tls_security_options = noanonymous
>smtp_tls_CAfile = /etc/postfix/cacert.pem
>smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
>smtp_tls_key_file = /etc/postfix/FOO-key.pem
>smtp_tls_loglevel = 1
>smtp_tls_per_site = hash:/etc/postfix/tls_per_site
>smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
>smtp_use_tls = yes
>smtpd_sasl_application_name = smtpd
>smtpd_sasl_auth_enable = no
>smtpd_sasl_local_domain = $myhostname
>smtpd_tls_CAfile = /etc/postfix/cacert.pem
>smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
>smtpd_tls_key_file = /etc/postfix/FOO-key.pem
>smtpd_tls_received_header = yes
>smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
>smtpd_use_tls = yes
>tls_random_source = dev:/dev/urandom
>transport_maps = hash:/etc/postfix/transport
>unknown_local_recipient_reject_code = 550
>
>  
>



From max at neuropunks.org  Thu Mar 16 21:49:20 2006
From: max at neuropunks.org (Max Gribov)
Date: Thu, 16 Mar 2006 21:49:20 -0500
Subject: [nycbug-talk] postfix question
In-Reply-To: <441A21D7.2050100@neuropunks.org>
References: <4419CBDB.1060106@gmail.com> <441A21D7.2050100@neuropunks.org>
Message-ID: <441A23B0.9000802@neuropunks.org>

aand it seems i left out an important part, about the cert.

the cert is self signed generated with the following perl script:

----
#!/usr/bin/perl

$openssl = "/usr/bin/openssl";
$openssl_opt = " req -new -x509 -days 365 -nodes -out $ARGV[1] -keyout
$ARGV[1] ";
$openssl_conf = " -config $ARGV[0] ";

$cmd_ssl = $openssl . $openssl_opt . $openssl_conf;
$cmd_dh = $openssl . " gendh 512 >> $ARGV[1]";


$argc = @ARGV;

if ($argc < 2) {
        print "Usage: $0 <ssl.cnf> <keyout.pem>\n";
        exit 0;
}

print "Running $cmd_ssl\n";
system($cmd_ssl);
print "Running $cmd_dh\n";
system($cmd_dh);


and this is the .cnf file:
----
RANDFILE = /etc/postfix/certs/rand.file

        [ req ]
        default_bits = 1024
        encrypt_key = yes
        distinguished_name = req_dn
        x509_extensions = cert_type
        prompt = no

        [ req_dn ]
        C=US
        ST=New York
        L=New York
        O=Neuropunks
        OU=SMTP
        CN=mail.neuropunks.org
        emailAddress=postmaster at neuropunks.org

        [ cert_type ]
        nsCertType = server






Max Gribov wrote:

>a shot in the dark..
>heres my config, i know my ssl works for sure..
>---
>
>alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
>broken_sasl_auth_clients = yes
>command_directory = /usr/sbin
>config_directory = /etc/postfix
>content_filter = smtp-amavis:[127.0.0.1]:10024
>daemon_directory = /usr/libexec/postfix
>debug_peer_level = 2
>disable_vrfy_command = yes
>empty_address_recipient = MAILER-DAEMON
>home_mailbox = Maildir/
>html_directory = no
>inet_interfaces = 38.117.144.218, 127.0.0.1, 69.31.43.10
>local_recipient_maps = $alias_maps, unix:passwd.byname,
>$virtual_mailbox_maps, $virtual_mailbox_domains, $virtual_alias_maps
>local_transport = local
>mail_owner = postfix
>mailbox_command = /usr/local/bin/procmail
>mailq_path = /usr/bin/mailq
>manpage_directory = /usr/local/man
>maximal_queue_lifetime = 2w
>mydestination = $myhostname, $mydomain, mailman.$mydomain
>mydomain = neuropunks.org
>myhostname = finn.neuropunks.org
>mynetworks = 38.117.144.218/32, 69.31.43.10/32, 127.0.0.1/32
>myorigin = $mydomain
>newaliases_path = /usr/bin/newaliases
>owner_request_special = no
>queue_directory = /var/spool/postfix
>readme_directory = /etc/postfix/readme
>recipient_delimiter = +
>relay_domains = /etc/postfix/relay-domains
>sample_directory = /etc/postfix/samples
>sendmail_path = /usr/sbin/sendmail
>setgid_group = postdrop
>smtpd_banner = $myhostname ESMTP
>smtpd_client_restrictions = hash:/etc/postfix/access, permit_mynetworks,
>permit_sasl_authenticated,  reject_rbl_client relays.ordb.org,
>reject_rbl_client
>opm.blitzed.org,reject_invalid_hostname,reject_unknown_sender_domain,
>reject_non_fqdn_sender
>smtpd_helo_required = yes
>smtpd_helo_restrictions = hash:/etc/postfix/access, permit_mynetworks,
>permit_sasl_authenticated, reject_rbl_client relays.ordb.org,
>reject_rbl_client opm.blitzed.org
>smtpd_recipient_restrictions = hash:/etc/postfix/access,
>permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,
>reject_invalid_hostname, reject_non_fqdn_sender,
>reject_unknown_sender_domain, reject_unlisted_recipient,
>reject_unverified_recipient, reject_rbl_client relays.ordb.org,
>reject_rbl_client opm.blitzed.org
>smtpd_reject_unlisted_sender = yes
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_security_options = noanonymous
>smtpd_sender_restrictions = hash:/etc/postfix/access, permit_mynetworks,
>permit_sasl_authenticated, reject_unlisted_sender,
>reject_invalid_hostname, reject_non_fqdn_sender,
>reject_unknown_sender_domain, reject_rbl_client relays.ordb.org,
>reject_rbl_client opm.blitzed.org
>smtpd_tls_CAfile = $smtpd_tls_cert_file
>smtpd_tls_ask_ccert = yes
>smtpd_tls_cert_file = /etc/postfix/certs/postfix.pem
>smtpd_tls_key_file = $smtpd_tls_cert_file
>smtpd_tls_loglevel = 1
>smtpd_use_tls = yes
>transport_maps = hash:/etc/postfix/transport
>unknown_local_recipient_reject_code = 550
>
>
>
>
>Steve Rieger wrote:
>
>  
>
>>am trying to setup postfix to relay all mail through gmail (yes it not 
>>right) below are the error logs, and postconf -n.
>>
>>Mar 16 12:30:11 tiger postfix/postfix-script: refreshing the Postfix 
>>mail system
>>Mar 16 12:30:11 tiger postfix/master[55]: reload configuration
>>Mar 16 12:30:32 tiger postfix/pickup[26986]: 4AD6016D0F8: uid=0 from=<root>
>>Mar 16 12:30:32 tiger postfix/cleanup[26994]: 4AD6016D0F8: 
>>message-id=<20060316203032.4AD6016D0F8 at tiger.up-south.com>
>>Mar 16 12:30:32 tiger postfix/qmgr[26987]: 4AD6016D0F8: 
>>from=<root at tiger.up-south.com>, size=28425, nrcpt=1 (queue active)
>>Mar 16 12:30:32 tiger postfix/smtp[26996]: warning: Only sdbm: type 
>>allowed for btree:/var/run/smtp_tls_session_cache
>>Mar 16 12:30:32 tiger postfix/smtp[26996]: warning: Could not open 
>>session cache btree:/var/run/smtp_tls_session_cache
>>Mar 16 12:30:32 tiger postfix/smtp[26996]: verify error:num=20:unable to 
>>get local issuer certificate
>>Mar 16 12:30:32 tiger postfix/smtp[26996]: verify 
>>error:num=27:certificate not trusted
>>Mar 16 12:30:32 tiger postfix/smtp[26996]: verify error:num=21:unable to 
>>verify the first certificate
>>Mar 16 12:30:33 tiger postfix/qmgr[26987]: warning: premature 
>>end-of-input on private/smtp socket while reading input attribute name
>>Mar 16 12:30:33 tiger postfix/master[55]: warning: process 
>>/usr/libexec/postfix/smtp pid 26996 killed by signal 10
>>Mar 16 12:30:33 tiger postfix/qmgr[26987]: warning: private/smtp socket: 
>>malformed response
>>Mar 16 12:30:33 tiger postfix/master[55]: warning: 
>>/usr/libexec/postfix/smtp: bad command startup -- throttling
>>Mar 16 12:30:33 tiger postfix/qmgr[26987]: warning: transport smtp 
>>failure -- see a previous warning/fatal/panic logfile record for the 
>>problem description
>>Mar 16 12:31:12 tiger postfix/pickup[26986]: 4130616D105: uid=0 from=<root>
>>Mar 16 12:31:12 tiger postfix/cleanup[26994]: 4130616D105: 
>>message-id=<20060316203112.4130616D105 at tiger.up-south.com>
>>Mar 16 12:31:12 tiger postfix/qmgr[26987]: 4130616D105: 
>>from=<root at tiger.up-south.com>, size=28417, nrcpt=1 (queue active)
>>Mar 16 12:31:33 tiger postfix/smtp[27019]: warning: Only sdbm: type 
>>allowed for btree:/var/run/smtp_tls_session_cache
>>Mar 16 12:31:33 tiger postfix/smtp[27019]: warning: Could not open 
>>session cache btree:/var/run/smtp_tls_session_cache
>>Mar 16 12:31:33 tiger postfix/smtp[27019]: verify error:num=20:unable to 
>>get local issuer certificate
>>Mar 16 12:31:33 tiger postfix/smtp[27019]: verify 
>>error:num=27:certificate not trusted
>>Mar 16 12:31:34 tiger postfix/smtp[27019]: verify error:num=21:unable to 
>>verify the first certificate
>>Mar 16 12:31:35 tiger postfix/qmgr[26987]: warning: premature 
>>end-of-input on private/smtp socket while reading input attribute name
>>Mar 16 12:31:35 tiger postfix/master[55]: warning: process 
>>/usr/libexec/postfix/smtp pid 27019 killed by signal 10
>>Mar 16 12:31:35 tiger postfix/qmgr[26987]: warning: private/smtp socket: 
>>malformed response
>>Mar 16 12:31:35 tiger postfix/master[55]: warning: 
>>/usr/libexec/postfix/smtp: bad command startup -- throttling
>>Mar 16 12:31:35 tiger postfix/qmgr[26987]: warning: transport smtp 
>>failure -- see a previous warning/fatal/panic logfile record for the 
>>problem description
>>
>>
>>tiger:/etc/postfix root# postconf -n
>>command_directory = /usr/sbin
>>config_directory = /etc/postfix
>>daemon_directory = /usr/libexec/postfix
>>debug_peer_level = 2
>>disable_dns_lookups = yes
>>enable_server_options = yes
>>html_directory = no
>>inet_interfaces = all
>>mail_owner = postfix
>>mailbox_size_limit = 0
>>mailbox_transport = cyrus
>>mailq_path = /usr/bin/mailq
>>manpage_directory = /usr/share/man
>>mydomain_fallback = localhost
>>myhostname = tiger.up-south.com
>>mynetworks_style = host
>>newaliases_path = /usr/bin/newaliases
>>queue_directory = /private/var/spool/postfix
>>readme_directory = /usr/share/doc/postfix
>>relayhost = [smtp.gmail.com]
>>sample_directory = /usr/share/doc/postfix/examples
>>sendmail_path = /usr/sbin/sendmail
>>setgid_group = postdrop
>>smtp_sasl_auth_enable = yes
>>smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>>smtp_sasl_security_options = noanonymous
>>smtp_sasl_tls_security_options = noanonymous
>>smtp_tls_CAfile = /etc/postfix/cacert.pem
>>smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
>>smtp_tls_key_file = /etc/postfix/FOO-key.pem
>>smtp_tls_loglevel = 1
>>smtp_tls_per_site = hash:/etc/postfix/tls_per_site
>>smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
>>smtp_use_tls = yes
>>smtpd_sasl_application_name = smtpd
>>smtpd_sasl_auth_enable = no
>>smtpd_sasl_local_domain = $myhostname
>>smtpd_tls_CAfile = /etc/postfix/cacert.pem
>>smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
>>smtpd_tls_key_file = /etc/postfix/FOO-key.pem
>>smtpd_tls_received_header = yes
>>smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
>>smtpd_use_tls = yes
>>tls_random_source = dev:/dev/urandom
>>transport_maps = hash:/etc/postfix/transport
>>unknown_local_recipient_reject_code = 550
>>
>> 
>>
>>    
>>
>
>_______________________________________________
>% NYC*BUG talk mailing list
>http://lists.nycbug.org/mailman/listinfo/talk
>%Be sure to check out our Jobs and NYCBUG-announce lists
>%We meet the first Wednesday of the month
>
>  
>



From george at galis.org  Fri Mar 17 00:57:26 2006
From: george at galis.org (George Georgalis)
Date: Fri, 17 Mar 2006 00:57:26 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <441A05BD.2040503@hacktek.com>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
	<20060309141533.GA18749@sta.duo>
	<cone.1142379799.406554.32490.5001@35st-server.simplicato.com>
	<1cac28080603141658n28179809ia791a9306ee3f4e5@mail.gmail.com>
	<441A05BD.2040503@hacktek.com>
Message-ID: <20060317055726.GD4713@sta.duo>

On Thu, Mar 16, 2006 at 07:41:33PM -0500, QuiGon wrote:
>I have one of the boards that runs that box.  Windows XP and Linux both
>run great on it, so I fail to see why any x86 based BSD (with the
>exception of OSX86) wouldn't run on it.

I have a stack of network cards that work great under linux but
have no BSD drivers... also working on a set of dual opteron
blades from Penguin Computing which run linux but the keyboard,
serial ports and network interface don't work with BSD.
Here's the details... http://galis.org/blade-penguincomputing/notes.html

So no, just because it runs Linux doesn't mean it runs bsd.

However the cflash/ide; 1Ghz fanless celeron; with 100mbps fxp0
on board and 1gbps wm0 + wm1 on the low profile pci card all work
great. wmX interfaces do not PXE boot but the fxp0 interface does.

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george at galis.org


From nycbug-list at 2xlp.com  Fri Mar 17 01:51:20 2006
From: nycbug-list at 2xlp.com (Jonathan)
Date: Fri, 17 Mar 2006 01:51:20 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <20060317055726.GD4713@sta.duo>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
	<20060309141533.GA18749@sta.duo>
	<cone.1142379799.406554.32490.5001@35st-server.simplicato.com>
	<1cac28080603141658n28179809ia791a9306ee3f4e5@mail.gmail.com>
	<441A05BD.2040503@hacktek.com> <20060317055726.GD4713@sta.duo>
Message-ID: <65288804-5150-476E-BDC4-359077C4FECA@2xlp.com>


On Mar 17, 2006, at 12:57 AM, George Georgalis wrote:

> On Thu, Mar 16, 2006 at 07:41:33PM -0500, QuiGon wrote:
>> I have one of the boards that runs that box.  Windows XP and Linux  
>> both
>> run great on it, so I fail to see why any x86 based BSD (with the
>> exception of OSX86) wouldn't run on it.
>
> I have a stack of network cards that work great under linux but
> have no BSD drivers... also working on a set of dual opteron
> blades from Penguin Computing which run linux but the keyboard,
> serial ports and network interface don't work with BSD.
> Here's the details... http://galis.org/blade-penguincomputing/ 
> notes.html
>
> So no, just because it runs Linux doesn't mean it runs bsd.
>
> However the cflash/ide; 1Ghz fanless celeron; with 100mbps fxp0
> on board and 1gbps wm0 + wm1 on the low profile pci card all work
> great. wmX interfaces do not PXE boot but the fxp0 interface does.
>
> // George

Just in reference to the VIA EPIA board in that box:

	1.5 ago, they had an issue w/USB 2.0 in the linux kernel.  1.0 was  
fine, 2.0 had some sort of conflict with the driver for USB keyboard  
support.  Dunno if it was fixed or if that applies to you.

	there's a bunch of outdated info here ( in regards to linux ) 	 
http://epiawiki.org/wiki/tiki-index.php

	via was keeping info on those boards here : 	http://www.viaarena.com
	they had some support in terms of drivers and patches, but licensing  
issues weren't the hottest.

	if you end up with an EPIA board you most likely will need a custom  
kernel for anything that uses graphics / video.

	the kernel driver that it uses under linux is VIA_RHINE


	


From lists at intricatesoftware.com  Fri Mar 17 09:42:58 2006
From: lists at intricatesoftware.com (Kurt Miller)
Date: Fri, 17 Mar 2006 09:42:58 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <20060308201745.2a3ad45a@wit.genoverly.home>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
Message-ID: <200603170942.58451.lists@intricatesoftware.com>

On Wednesday 08 March 2006 8:17 pm, michael wrote:
> I'm looking for a new firewall/network device.  While I like soekris, I
> want to look at other choices before I buy another one. Besides, I have
> read that for ipsec they may not have enough umph.

Regarding Soekris 4801's: I've been happily using one for my
home network for a year or two. Recently I upgraded my cable
modem with Optimum Online's Boost option. Boost gives 30 Mbps
down and 2 Mbps up. The 4801 couldn't route more then 18 Mbps
down (21 with the interrupt hold off patch set to 1000us).
Those sis NIC's are horrible.

I'm now using a PII 266 Mhz with a dual port fxp with both
ports using the same interrupt. It can route the full 30 Mbps
at about 50% cpu (all interrupt servicing).

If your going to buy a low power system, make sure it has
good NIC's.

-Kurt


From ike at lesmuug.org  Fri Mar 17 12:48:05 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Fri, 17 Mar 2006 12:48:05 -0500
Subject: [nycbug-talk] some free hardware
Message-ID: <7F3976ED-9784-4050-915A-1ECD09DEC0D9@lesmuug.org>

Hey All,

I have this monster dell box I'm jettisoning, I'm moving again to a  
tiny place...

It's a big dell quad-cpu machine, PIII 500mhz procs.  I think it has  
a gig of ram, it's been some time since I've booted the box.  It has  
triple hot-swap power supplies,

It's not a rackmount, it's kindof a 'hog-shaped' box, long form  
factor and heavy.  3 of the 7 harddrive bays have drives, 2x 36gb and  
1x 18gb scsi.

The box has more than 1 ethernet nic, (again, I forgot how many it  
has total).

Lived a good life with me as a cvs and compile-farm server, tftp,  
etc... (running FreeBSD, it ran OpenBSD for a while with me too).

--
If anyone wants it, you just have to contact me and come pick it up  
in Brooklyn- a short jaunt off the WB bridge.

Email me offlist if you want it.

Rocket-
.ike




From njt at ayvali.org  Fri Mar 17 16:42:18 2006
From: njt at ayvali.org (N.J. Thomas)
Date: Fri, 17 Mar 2006 16:42:18 -0500
Subject: [nycbug-talk] freebsd jails: running nfs client?
Message-ID: <20060317214218.GG30902@ayvali.org>

I know there are some people on the list whose jail-fu is quite strong.
I have a question for you guys: Is it possible to mount an NFS
filesystem from inside a jail?

jail(1) seems to imply that it is, but Googling gives me mixed results
(some people say yes, other people say no).

I tried it and 
I can run "mount_nfs machine:/dir /foo" from a normal host just fine,
but inside a jail it doesn't seem to work, I get:

    mount_nfs: /foo: Operation not permitted

On a similar note, if NFS inside a jail is doable, I would presume that
running amd would work as well?

thanks,
Thomas

-- 
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo


From ike at lesmuug.org  Fri Mar 17 17:09:54 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Fri, 17 Mar 2006 17:09:54 -0500
Subject: [nycbug-talk] freebsd jails: running nfs client?
In-Reply-To: <20060317214218.GG30902@ayvali.org>
References: <20060317214218.GG30902@ayvali.org>
Message-ID: <819E8FFA-B404-4442-97C3-1748C57D6CC6@lesmuug.org>

Hi N.J.,

On Mar 17, 2006, at 4:42 PM, N.J. Thomas wrote:

> I know there are some people on the list whose jail-fu is quite  
> strong.
> I have a question for you guys: Is it possible to mount an NFS
> filesystem from inside a jail?

There's 2 ways to approach this:

1) Outside the jail (host system)
+ you are able to mount the nfs volume from the host, at a mount  
point within the jail instance userland.
It should be noted, however, that there are security implications  
doing anything from the host system, that is visible to the jailed  
systems, and this strategy throws in a lot of complexity and variables.

2) Inside the jail
- if you are using FreeBSD 4.x, no way jose (at least not in any  
supported fashion).
- if you are using FreeBSD 5.x, you should be able to- but I'll not  
comment on FreeBSD 5.x
+ if you are using FreeBSD 6.x, you should be able to.  It is  
noteworthy that you may want to adjust 'security.jail.enforce_statfs'  
with sysctl, to make certain applications within the jail can  
actually see the mount point! (like mount itself, or umount)


>
> jail(1) seems to imply that it is, but Googling gives me mixed results
> (some people say yes, other people say no).

I'd think some people would have troubles if the jail can't 'see' the  
mount point, with the statfs(2) syscall.

The jail(8) man page says it better than I can:

      security.jail.enforce_statfs
           This MIB entry determines which information processes in a  
jail are
           able to get about mount-points.  It affects the behaviour  
of the
           following syscalls: statfs(2), fstatfs(2), getfsstat(2) and
           fhstatfs(2) (as well as similar compatibility syscalls).   
When set
           to 0, all mount-points are available without any  
restrictions.  When
           set to 1, only mount-points below the jail's chroot  
directory are
           visible.  In addition to that, the path to the jail's  
chroot direc-
           tory is removed from the front of their pathnames.  When  
set to 2
           (default), above syscalls can operate only on a mount- 
point where
           the jail's chroot directory is located.


>
> I tried it and
> I can run "mount_nfs machine:/dir /foo" from a normal host just fine,
> but inside a jail it doesn't seem to work, I get:
>
>     mount_nfs: /foo: Operation not permitted

 From your host machine, try:

# sysctl security.jail.enforce_statfs=1

And then try the mount again inside the jail?

Also, I'm not sure, but NFS may require raw sockets?  The jail  
manpage explains this command:

# sysctl security.jail.allow_raw_sockets=1


>
> On a similar note, if NFS inside a jail is doable, I would presume  
> that
> running amd would work as well?

I would think so, but I've not done or seen it.  Give it a shot?

Good luck- report back!

Best,
.ike


>
> thanks,
> Thomas
>
> -- 
> N.J. Thomas
> njt at ayvali.org
> Etiamsi occiderit me, in ipso sperabo
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>



From george at galis.org  Sat Mar 18 02:25:28 2006
From: george at galis.org (George Georgalis)
Date: Sat, 18 Mar 2006 02:25:28 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <65288804-5150-476E-BDC4-359077C4FECA@2xlp.com>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
	<20060309141533.GA18749@sta.duo>
	<cone.1142379799.406554.32490.5001@35st-server.simplicato.com>
	<1cac28080603141658n28179809ia791a9306ee3f4e5@mail.gmail.com>
	<441A05BD.2040503@hacktek.com> <20060317055726.GD4713@sta.duo>
	<65288804-5150-476E-BDC4-359077C4FECA@2xlp.com>
Message-ID: <20060318072528.GG4713@sta.duo>

On Fri, Mar 17, 2006 at 01:51:20AM -0500, Jonathan wrote:
>
>On Mar 17, 2006, at 12:57 AM, George Georgalis wrote:
>
>>
>> However the cflash/ide; 1Ghz fanless celeron; with 100mbps fxp0
>> on board and 1gbps wm0 + wm1 on the low profile pci card all work
>> great. wmX interfaces do not PXE boot but the fxp0 interface does.
>>
>> // George
>
>Just in reference to the VIA EPIA board in that box:

there is no EPIA in that box, it's an Intel mainboard with fanless
1Ghz Celeron sodered on, onboard intel 100Mbps fxp0 and an intel
wm0 and wm1 dual Gb pci nic interface. the single slot accommodates
up to 512Mb RAM.

When it rains it pours. Good luck.

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george at galis.org


From nycbug-list at 2xlp.com  Sat Mar 18 11:13:56 2006
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Sat, 18 Mar 2006 11:13:56 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <20060318072528.GG4713@sta.duo>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
	<20060309141533.GA18749@sta.duo>
	<cone.1142379799.406554.32490.5001@35st-server.simplicato.com>
	<1cac28080603141658n28179809ia791a9306ee3f4e5@mail.gmail.com>
	<441A05BD.2040503@hacktek.com> <20060317055726.GD4713@sta.duo>
	<65288804-5150-476E-BDC4-359077C4FECA@2xlp.com>
	<20060318072528.GG4713@sta.duo>
Message-ID: <BE0E616B-B96E-4BFA-B9FE-69AE9D0AF6CC@2xlp.com>


On Mar 18, 2006, at 2:25 AM, George Georgalis wrote:
> there is no EPIA in that box, it's an Intel mainboard with fanless
> 1Ghz Celeron sodered on, onboard intel 100Mbps fxp0 and an intel
> wm0 and wm1 dual Gb pci nic interface. the single slot accommodates
> up to 512Mb RAM.

yeah, i misquoted the message.

"
On Mar 17, 2006, at 12:57 AM, George Georgalis wrote:
> On Thu, Mar 16, 2006 at 07:41:33PM -0500, QuiGon wrote:
>> I have one of the boards that runs that box.  Windows XP and Linux  
>> both
>> run great on it, so I fail to see why any x86 based BSD (with the
>> exception of OSX86) wouldn't run on it.
"

which referred to the solarpc box 3 messages before has a epia 800

sorry for the confusion.


From ike at lesmuug.org  Sat Mar 18 11:32:46 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Sat, 18 Mar 2006 11:32:46 -0500
Subject: [nycbug-talk] some free hardware
In-Reply-To: <cone.1142696638.748644.89447.1000@zoraida.natserv.net>
References: <7F3976ED-9784-4050-915A-1ECD09DEC0D9@lesmuug.org>
	<cone.1142696638.748644.89447.1000@zoraida.natserv.net>
Message-ID: <E23A51FF-EB85-498B-B67C-7BF6FFBB2894@lesmuug.org>

Hi Francisco, All,

On Mar 18, 2006, at 10:43 AM, Francisco Reyes wrote:

> Isaac Levy writes:
>
>> in Brooklyn- a short jaunt off the WB bridge.
>
> Still available?

Sorry to all who emailed, but the machine has been taken.

Thanks yall!  (I wish I had one to give every-body).

Rocket-
.ike




From branto at branto.com  Sun Mar 19 12:36:58 2006
From: branto at branto.com (Brant I. Stevens)
Date: Sun, 19 Mar 2006 12:36:58 -0500
Subject: [nycbug-talk] Network Performance Testing
In-Reply-To: <20060316135541.GA24751@sixshooter.v6.thrupoint.net>
Message-ID: <C04300EA.DC57E%branto@branto.com>

ping -f will send packets out as fast as the box can.  Additionally, check
out http://www.net100.org (seems to be down for me at the moment).  TTCP may
also be of use.

-Brant




On 3/16/06 8:55 AM, "Jim Brown" <jpb at sixshooter.v6.thrupoint.net> wrote:

> Hi All,
> 
> A friend is trying to stress a gig-E interface.
> He doesn't have a SmartBits box, and is trying to use
> BSD to generate lots of traffic.
> 
> How would you generate a traffic flood?
> 
> fping? chargen?  We need the best flodding possible.
> 
> And how would you set it up with the least latency?
> 
> If other FOSS  solutions are available, let me know.
> 
> Thanks,
> Jim B.
> 
> PS- Yes this is a lab.  No we are not flooding the Net.
> 
> 
> 
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month




From alex at pilosoft.com  Sun Mar 19 13:31:07 2006
From: alex at pilosoft.com (alex at pilosoft.com)
Date: Sun, 19 Mar 2006 13:31:07 -0500 (EST)
Subject: [nycbug-talk] Network Performance Testing
In-Reply-To: <C04300EA.DC57E%branto@branto.com>
Message-ID: <Pine.LNX.4.44.0603191330280.28434-100000@bawx.pilosoft.com>

On Sun, 19 Mar 2006, Brant I. Stevens wrote:

> ping -f will send packets out as fast as the box can.  Additionally,
> check out http://www.net100.org (seems to be down for me at the moment).  
> TTCP may also be of use.
Use linux and pktgen.
No, ping -f will not send packets at any reasonable speed.




From af.dingo at gmail.com  Mon Mar 20 08:59:22 2006
From: af.dingo at gmail.com (Jeff Quast)
Date: Mon, 20 Mar 2006 08:59:22 -0500
Subject: [nycbug-talk] Network Performance Testing
In-Reply-To: <20060316135541.GA24751@sixshooter.v6.thrupoint.net>
References: <20060316135541.GA24751@sixshooter.v6.thrupoint.net>
Message-ID: <c1feb8190603200559j711535b8uaa51f420631570de@mail.gmail.com>

netperf can be found in most BSD ports trees

On 3/16/06, Jim Brown <jpb at sixshooter.v6.thrupoint.net> wrote:
> Hi All,
>
> A friend is trying to stress a gig-E interface.
> He doesn't have a SmartBits box, and is trying to use
> BSD to generate lots of traffic.
>
> How would you generate a traffic flood?
>
> fping? chargen?  We need the best flodding possible.
>
> And how would you set it up with the least latency?
>
> If other FOSS  solutions are available, let me know.
>
> Thanks,
> Jim B.
>
> PS- Yes this is a lab.  No we are not flooding the Net.
>
>
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>



From af.dingo at gmail.com  Mon Mar 20 09:32:50 2006
From: af.dingo at gmail.com (Jeff Quast)
Date: Mon, 20 Mar 2006 09:32:50 -0500
Subject: [nycbug-talk] soho firewall
In-Reply-To: <20060308201745.2a3ad45a@wit.genoverly.home>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
Message-ID: <c1feb8190603200632l77a65751t9526bde0e4fb5c61@mail.gmail.com>

nobody has yet recommended wrap http://www.pcengines.ch/wrap.htm

It cost me just under $200 for a WRAP.1C-1, 2 LAN with DC adapter,
alluminum casing, and 128MB CF card after S&H (to US). from
http://www.mini-box.com/

a 3-LAN version is only a few more dollars.

I found it more cost effective than soekris, probobly more suited for
you, as the cheaper costs is likely due to no 2.5" IDE adapter, and
only one serial port. Like the soekris, it has a 266Mhz Geode onboard.
It seems to be supported just as well as the soekris in BSD and
gnu/Linux.

I've seen threads on openbsd-misc and Soekris-tech that even adding a
PCI crypto card to the soekris does not significantly improve crypt
for vpn. Though it is supported (at least on openbsd), there is
something to say about the bus and cpu speed of the soekris and high
interrupts of the onboard NIC's being at fault. In which case a via
may be more suitable (though more expensive?)

Does anybody know if there such a thing as a cost effective miniPCI crypto card?

On 3/8/06, michael <lists at genoverly.net> wrote:
> I'm looking for a new firewall/network device.  While I like soekris, I
> want to look at other choices before I buy another one. Besides, I have
> read that for ipsec they may not have enough umph.
>
> While I could probably make one out of an empty cigarette carton or
> something, I'd like it be manufactured.  I don't have any old pc's
> around to convert either.
>
> I've read this
> http://shopping.hacom.net/catalog/product_info.php?cPath=22_34&products_id=85
> http://routerboard.com/rb500.html
> http://caseoutlet.com/shopexd.asp?id=208
> http://store.orbitmicro.com/commerce/ccc1168-network-appliances.htm
> http://usa.asus.com/products4.aspx?l1=1&l2=3&l3=0&model=85&modelmenu=1
>
> I'm looking for desktop, compact, quiet, but not too pricey.  While I
> generally prefer via, I may have to look at P4 celeron mini-itx based.
> I'd prefer cf over hard drive. I have a dual nic so, I'll need a pci
> slot.. unless three nics come onboard.  One serial is required.
>
> Any suggestions?
>
> --
>
> Michael
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>



From nycbug-list at 2xlp.com  Mon Mar 20 12:05:06 2006
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Mon, 20 Mar 2006 12:05:06 -0500
Subject: [nycbug-talk] OT - SMS gateway services?
Message-ID: <13E86458-FB2D-437F-879C-398630BA4F3A@2xlp.com>


Off Topic - but with all the networking/telephony knowledge here, I  
bet someone can point me in the right direction

I'm looking for a SMS gateway service that can handle send / receive  
( i've found lots of sends, no receives )

this is just a beta test , so cheaper is better than reliable for  
now, but If anyone can suggest:
	a- who to use if price is  a concern
	b- who to use if reliablility is #1



From nomadlogic at gmail.com  Mon Mar 20 12:07:05 2006
From: nomadlogic at gmail.com (pete wright)
Date: Mon, 20 Mar 2006 09:07:05 -0800
Subject: [nycbug-talk] Mailing List Etiquette
Message-ID: <57d710000603200907p7185f25et5b2401bf8a98376@mail.gmail.com>

Hey All,
Just a quick note to remind everyone of our mailing list etiquette. 
Nycbug has tried to stay as close to the established *BSD mailing list
guidelines as possible.  Because so much of our discussions happen via
email, I think it is important that we are all playing by the sames
rules.  For those of you who have been around for a long time, sorry
for the repeat email ;-)

Here is a quick summary of what we feel proper mailing list etiquette
is (cribbed from FreeBSD):
http://tinyurl.com/ghlyy

"
What are the special etiquette consideration when replying to an
existing posting on the mailing lists?

- Please include relevant text from the original message. Trim it to
the minimum, but do not overdo it. It should still be possible for
somebody who did not read the original message to understand what you
are talking about.
This is especially important for postings of the type "yes, I see this
too", where the initial posting was dozens or hundreds of lines.

- Use some technique to identify which text came from the original
message, and which text you add. A common convention is to prepend ">
" to the original message. Leaving white space after the "> " and
leaving empty lines between your text and the original text both make
the result more readable.

- Please ensure that the attributions of the text you are quoting is
correct. People can become offended if you attribute words to them
that they themselves did not write

- Please do not top post. By this, we mean that if you are replying to
a message, please put your replies after the text that you copy in
your reply.
"


I would suggest checking out the whole FAQ on the FreeBSD site
regarding etiquette if you have not already, it's worth reading.  I am
hoping that by following these guidelines we will make our list and
archives a useful and easy to use resource for the entire community.

Thanks,
    Pete


--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From george at sddi.net  Mon Mar 20 14:13:21 2006
From: george at sddi.net (George R.)
Date: Mon, 20 Mar 2006 14:13:21 -0500
Subject: [nycbug-talk] Mailing List Etiquette
In-Reply-To: <57d710000603200907p7185f25et5b2401bf8a98376@mail.gmail.com>
References: <57d710000603200907p7185f25et5b2401bf8a98376@mail.gmail.com>
Message-ID: <441EFED1.1040103@sddi.net>

pete wright wrote:
> Hey All,
> Just a quick note to remind everyone of our mailing list etiquette. 
> Nycbug has tried to stay as close to the established *BSD mailing list
> guidelines as possible.  Because so much of our discussions happen via
> email, I think it is important that we are all playing by the sames
> rules.  For those of you who have been around for a long time, sorry
> for the repeat email ;-)
> 
> Here is a quick summary of what we feel proper mailing list etiquette
> is (cribbed from FreeBSD):
> http://tinyurl.com/ghlyy
> 
> "
> What are the special etiquette consideration when replying to an
> existing posting on the mailing lists?
> 
> - Please include relevant text from the original message. Trim it to
> the minimum, but do not overdo it. It should still be possible for
> somebody who did not read the original message to understand what you
> are talking about.
> This is especially important for postings of the type "yes, I see this
> too", where the initial posting was dozens or hundreds of lines.
> 
> - Use some technique to identify which text came from the original
> message, and which text you add. A common convention is to prepend ">
> " to the original message. Leaving white space after the "> " and
> leaving empty lines between your text and the original text both make
> the result more readable.
> 
> - Please ensure that the attributions of the text you are quoting is
> correct. People can become offended if you attribute words to them
> that they themselves did not write
> 
> - Please do not top post. By this, we mean that if you are replying to
> a message, please put your replies after the text that you copy in
> your reply.
> "
> 
> 
> I would suggest checking out the whole FAQ on the FreeBSD site
> regarding etiquette if you have not already, it's worth reading.  I am
> hoping that by following these guidelines we will make our list and
> archives a useful and easy to use resource for the entire community.
> 
> Thanks,
>     Pete
> 
> 
> --
> ~~o0OO0o~~
> Pete Wright
> www.nycbug.org
> NYC's *BSD User Group
> 

Thanks petee. . .

And as Pete knows, we even have our own friendly guide on this stuff.

http://nycbug.org/index.php?NAV=MailingLists

Unfortunately, long sigs are an evil too. <g>

Yes, top posting is bad.

g


From nomadlogic at gmail.com  Mon Mar 20 14:25:32 2006
From: nomadlogic at gmail.com (pete wright)
Date: Mon, 20 Mar 2006 11:25:32 -0800
Subject: [nycbug-talk] usenix?
Message-ID: <57d710000603201125j6de41f16ic7ed0eccfe6ce895@mail.gmail.com>

so...any nycbuggers going to boston for Usenix this year?  i'm
thinking of following the three day technical track.  looks pretty
interesting/relevant for my current work (esp. the pixar talk).  it'd
be great if i could meet up with some of you all up there...

-p


--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From mikel.king at ocsny.com  Mon Mar 20 14:43:50 2006
From: mikel.king at ocsny.com (Mikel King)
Date: Mon, 20 Mar 2006 14:43:50 -0500
Subject: [nycbug-talk] Mailing List Etiquette
In-Reply-To: <441EFED1.1040103@sddi.net>
References: <57d710000603200907p7185f25et5b2401bf8a98376@mail.gmail.com>
	<441EFED1.1040103@sddi.net>
Message-ID: <0B5461F3-D7B9-4E7E-90BB-7C4DD3EE4299@ocsny.com>


On Mar 20, 2006, at 2:13 PM, George R. wrote:

> pete wright wrote:
>>
{SNIP}
>> Here is a quick summary of what we feel proper mailing list etiquette
>> is (cribbed from FreeBSD):
>> http://tinyurl.com/ghlyy
{SNIP}
>
> And as Pete knows, we even have our own friendly guide on this stuff.
>
> http://nycbug.org/index.php?NAV=MailingLists
>
> Unfortunately, long sigs are an evil too. <g>
>
> Yes, top posting is bad.
>
> g

What about "snip" failures, isn't that evil too?

Cheers,
m!



From af.dingo at gmail.com  Mon Mar 20 20:29:55 2006
From: af.dingo at gmail.com (Jeff Quast)
Date: Mon, 20 Mar 2006 20:29:55 -0500
Subject: [nycbug-talk] alt (meta) key on console?
In-Reply-To: <20060217000647.61997.10769.yusuke@grape.cs.nyu.edu>
References: <20060217000647.61997.10769.yusuke@grape.cs.nyu.edu>
Message-ID: <c1feb8190603201729o38cddf3fw83a464ec29314bb6@mail.gmail.com>

On 2/16/06, Yusuke Shinyama <yusuke at cs.nyu.edu> wrote:
> Hi, could anyone tell me how to make
> the Alt (or Meta) key work on the FreeBSD console?
> My bash key bindings work on xterm,
> but they ignore all Alt- keys on the console.
>
> Thank you,
> Yusuke

What you need is "Meta sends escape" on the console.

You can enable this in xterm by holding meta_L (left alt key) and
pressing the left mouse button on an xterm.

On OpenBSD, I was able to produce the behavior you may desire on the
console with the command:
$ wsconsctl keyboard.map+="keycode 56=Cmd2 Escape"

Though it doesn't behave very well.

Since you are using FreeBSD, you'll need to use kbdmap or kbdcontrol.

Be warned! The left alt key is already binded to a very important function!

You might also try binding it to Meta_L. I tried here, but it didn't
work. I suspect some stty magic needs to be involved as well.

Some people bind the _right_ alt key as meta/escape instead. I suspect
you may be an ex-DOS user and you wouldn't feel comfortable with that.

I could rant for pages about how using the escape as a modifier is a
gross idea, but here is only half of one:

Anybody who has programmed interactive keyboard input with ansi escape
sequences has probably gone grumpy more than once escape sequences.
Using select() on stdin after an escape is found with a timeout of
~250ms to see if a 'sequence' comes or not is horrish. The result is
the actual escape key can sometimes take half a second to actually
escape a menu, or pressing an arrow key can escape you all the way out
of a series of menus.
Escape modifiers drive me absolutely nuts as both a programmer and a
user. It drives me even more nuts when alternate input keys are not
provided (hjkl anyone??)
Escape has been misused in the terminal world for so long now that
most people just press escape and type in the sequence manually,
especially since most programs don't use select() at all and are very
forgiving about an escape sequence taking more than a quarter of a
second.


You will see most new programs now use a <CTRL> sequence as a
modifier.  CTRL+a always sends 0x01 going back probably as far as
teletypes (I am not old enough to say for sure).

In short: If you are vi handy, I recommend you try to learn vi input
mode instead of mapping new keys to do things vi input mode most
likely already does.

If you are not vi hand (shame on you), try to re-map your keys to use
<CTRL> only.

You will thank yourself for using <CTRL> instead of <META> when you
login from another terminal and none of your bindings work and you
play the "enable meta sends escape" game on the terminal you're on all
over again.

By the way, how are you mapping the keys? .inputrc ?



From nomadlogic at gmail.com  Tue Mar 21 11:30:07 2006
From: nomadlogic at gmail.com (pete wright)
Date: Tue, 21 Mar 2006 08:30:07 -0800
Subject: [nycbug-talk] dummynet question
Message-ID: <57d710000603210830h3abc3bd1q1d5b15af7d2606f@mail.gmail.com>

hey all,
i've been hacking up a dummynet config for my mail sever which is in a
colo facility.  i'm trying to limit my bandwidth to around 60kB/s on
ingress and egress flows.  now i think i'm running into a problem with
dummynet restricting the bandwidth on my lo0 device, which is having a
negative effect on performance for squirellmail instance connecting to
a local imapd.  from reading the docs i have not found an easy way to
apply pipe's to only external devices, and not the loopback device. 
any idea's...hopefully missing something basic ;)

-p



--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From lars at gmx.at  Tue Mar 21 16:06:20 2006
From: lars at gmx.at (lars at gmx.at)
Date: Tue, 21 Mar 2006 22:06:20 +0100
Subject: [nycbug-talk] AllBSD greets NYCBUG and requests your comments
Message-ID: <44206ACC.2010907@gmx.at>

Hi all

We're a group of German speaking BSD users that came together
to promote the use of BSDs in professional settings.

Our website can be found here:
http://www.allbsd.de/en/



We've been to FOSDEM, Linuxtag Chemnitz and Cebit already
and we'll visit Linuxtag Wiesbaden, Linuxwochen Vienna,
FrosCon Sankt Augustin, Systems Munich and and all other conferences, 
conventions, fares and gatherings we can.

At all of these we promote all BSDs for which we can find
at least on representative who knows his/her stuff.

We show machines with BSD solutions like Xen on BSD, we do 
presentations, talk to everyone who has questions and also
distribute information material like these:
http://www.allbsd.de/src/Flyer/FreeBSD/PDF/



We would be grateful for any feedback on our English
flyers or if you have any material you think we should
include and also distribute, please let us know.

We're in dire need for material on DragonFlyBSD, NetBSD and OpenBSD.

And we also need translators for Spanish, French, Italian and other 
languages.
If you are interested please contact me at Lars.Cleary at allbsd.de
or Daniel.Seuffert at allbsd.de



We're also very interested in building up a relationship
with other BUGs who are active in promoting the BSDs.



That's all, thanks for your time reading this.

I'm looking forward to your replies
Lars


From tillman at seekingfire.com  Tue Mar 21 18:38:41 2006
From: tillman at seekingfire.com (Tillman Hodgson)
Date: Tue, 21 Mar 2006 17:38:41 -0600
Subject: [nycbug-talk] dummynet question
In-Reply-To: <57d710000603210830h3abc3bd1q1d5b15af7d2606f@mail.gmail.com>
References: <57d710000603210830h3abc3bd1q1d5b15af7d2606f@mail.gmail.com>
Message-ID: <20060321233841.GB63720@seekingfire.com>

On Tue, Mar 21, 2006 at 08:30:07AM -0800, pete wright wrote:
> hey all,
> i've been hacking up a dummynet config for my mail sever which is in a
> colo facility.  i'm trying to limit my bandwidth to around 60kB/s on
> ingress and egress flows.  now i think i'm running into a problem with
> dummynet restricting the bandwidth on my lo0 device, which is having a
> negative effect on performance for squirellmail instance connecting to
> a local imapd.  from reading the docs i have not found an easy way to
> apply pipe's to only external devices, and not the loopback device. 
> any idea's...hopefully missing something basic ;)

I did that via ipfw commands a while back ... let me see if I can dig
up that old script.

Ah, here we go:

#!/bin/sh
#
# NOTE: It might seem obvious, but just in case ...
#       YOU CAN ONLY THROTTLE OUTGOING TRAFFIC
#
# NOTE: For the tunnels, I only shape TCP - this means that NFS runs at
#       full speed, which may not be what you want!
#
# To show that ipfw is redirecting traffic through dummynet, use 'ipfw show'
# To show the dummynet pipes, use 'ipfw pipe show' (use a wide terminal)
#
# Config script variables
IPFW='/sbin/ipfw'

case "$1" in
start)
	# Do we have the kernel module loaded?
	if ! kldstat -n dummynet > /dev/null 2>&1 ; then kldload dummynet; fi
	# Do we have an allow rule over-riding the default deny?
	$IPFW add 65000 pass all from any to any
	# Flush out the queues and pipes
	$IPFW -f queue flush
	$IPFW -f pipe flush
	# Redirect real traffic to the dummynet "restricted bandwidth lane"
	#  Web serving to the Internet - turned off because it slows down too much
	#$IPFW add 100 pipe 1 tcp from 24.72.123.45 80 to any out via hme1
	#  OpenVPN tunnel to Smitty
	$IPFW add 110 pipe 2 tcp from 192.168.23.0/24 to 192.168.8.0/24 out
	#  OpenVPN tunnels to Scott
	$IPFW add 120 pipe 3 tcp from 192.168.23.0/24 to 10.42.1.0/24 out
	$IPFW add 121 pipe 3 tcp from 192.168.23.0/24 to 10.42.10.0/24 out
	#  OpenVPN tunnel to Lonny
	$IPFW add 130 pipe 3 tcp from 192.168.23.0/24 to 192.168.31.0/24 out
	#
	# Create the restrictive outgoing bandwidth "traffic lane" pipes
	$IPFW pipe 1 config bw 96KBytes/s queue 25
	$IPFW pipe 2 config bw 64KBytes/s queue 10
	$IPFW pipe 3 config bw 32KBytes/s queue 10
	$IPFW pipe 4 config bw 16KBytes/s queue 10
	$IPFW pipe 5 config bw 8KBytes/s  queue 10
	;;
stop)
	# Flush out the IPFW lists
	$IPFW -f queue flush
	$IPFW -f pipe flush
# Delete the rules we added
	#$IPFW delete 100
	$IPFW delete 110
	$IPFW delete 120
	$IPFW delete 121
	$IPFW delete 130
	;;
*)
	echo "Usage: `basename $0` {start|stop}" >&2
	;;
esac

exit 0


-- 
Semiology has taught us that myth has the task of giving an historical
intention a natural justification, and making contingency appear eternal.
    -- Roland Barthes, _Mythologies_


From nomadlogic at gmail.com  Tue Mar 21 18:57:20 2006
From: nomadlogic at gmail.com (pete wright)
Date: Tue, 21 Mar 2006 15:57:20 -0800
Subject: [nycbug-talk] dummynet question
In-Reply-To: <20060321233841.GB63720@seekingfire.com>
References: <57d710000603210830h3abc3bd1q1d5b15af7d2606f@mail.gmail.com>
	<20060321233841.GB63720@seekingfire.com>
Message-ID: <57d710000603211557m4f851a34pa1aa8f3079c3427@mail.gmail.com>

On 3/21/06, Tillman Hodgson <tillman at seekingfire.com> wrote:
> On Tue, Mar 21, 2006 at 08:30:07AM -0800, pete wright wrote:
> > hey all,
> > i've been hacking up a dummynet config for my mail sever which is in a
> > colo facility.  i'm trying to limit my bandwidth to around 60kB/s on
> > ingress and egress flows.  now i think i'm running into a problem with
> > dummynet restricting the bandwidth on my lo0 device, which is having a
> > negative effect on performance for squirellmail instance connecting to
> > a local imapd.  from reading the docs i have not found an easy way to
> > apply pipe's to only external devices, and not the loopback device.
> > any idea's...hopefully missing something basic ;)
>
> I did that via ipfw commands a while back ... let me see if I can dig
> up that old script.
>

thanks tillman!  i've quickly checked out your script, and it looks
pretty much inline with what i'm doing (although your script is much
more elegant than mine ;).  ahh i think i got it now....i was setting
up blanket rules ala:


ipfw pipe 1 config bw 300Kbit/s

which now that i think about it will obviously throttle all
interfaces....execellent.....gonna give this a try tonight i hope!

-p


--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From dlavigne6 at sympatico.ca  Wed Mar 22 06:29:44 2006
From: dlavigne6 at sympatico.ca (dlavigne6 at sympatico.ca)
Date: Wed, 22 Mar 2006 6:29:44 -0500
Subject: [nycbug-talk] usenix?
Message-ID: <20060322112944.CLAL10262.tomts22-srv.bellnexxia.net@smtp1.sympatico.ca>


> so...any nycbuggers going to boston for Usenix this year?  i'm
> thinking of following the three day technical track.  looks pretty
> interesting/relevant for my current work (esp. the pixar talk).  it'd
> be great if i could meet up with some of you all up there...


Those of you who go, don't forget to drop by the BSD booth in the Exhibition hall to say hi :-)

Dru



From nomadlogic at gmail.com  Wed Mar 22 11:29:38 2006
From: nomadlogic at gmail.com (pete wright)
Date: Wed, 22 Mar 2006 08:29:38 -0800
Subject: [nycbug-talk] usenix?
In-Reply-To: <20060322112944.CLAL10262.tomts22-srv.bellnexxia.net@smtp1.sympatico.ca>
References: <20060322112944.CLAL10262.tomts22-srv.bellnexxia.net@smtp1.sympatico.ca>
Message-ID: <57d710000603220829r10c5f545q6071b8b206eb7fdf@mail.gmail.com>

On 3/22/06, dlavigne6 at sympatico.ca <dlavigne6 at sympatico.ca> wrote:
>
> > so...any nycbuggers going to boston for Usenix this year?  i'm
> > thinking of following the three day technical track.  looks pretty
> > interesting/relevant for my current work (esp. the pixar talk).  it'd
> > be great if i could meet up with some of you all up there...
>
>
> Those of you who go, don't forget to drop by the BSD booth in the Exhibition hall to say hi :-)
>

ahh execellent!  i'll see you there i hope!
-pete

--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From ike at lesmuug.org  Wed Mar 22 16:42:51 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Wed, 22 Mar 2006 16:42:51 -0500
Subject: [nycbug-talk] blowfish FreeBSD passwords
Message-ID: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>

Hey All,

QUESTION:
--
Just on my mind today- has anyone seen any talk of blowfish password  
hashes being set as default in FreeBSD?  It's standard on OpenBSD  
right, but I'm annoyed today as I setup a bunch of new boxes and have  
to manage one more thing...


HOW:
--
For the record, for people on list who don't know how to do this,  
here's a simple comprehensive how-to, to make blowfish default for  
password hashes instead of md5:

http://filter.rackeasy.com/articles/2005/11/30/setup-freebsd-to-use- 
blowfish

WHY:
--
Perhaps some of the crypto hardcores on list can expound on this  
issue, but here's my basic description of the issue- md5 hashes,  
aside from being cracked (collisions), are not salted.  Blowfish, is  
salted.  Therefore, it's significantly more difficult to brute-force  
passwords based on blowfish hashes.

In essence, based on most threat models, if an untrusted user can  
read your /etc/master.passwd file, you have other problems to worry  
about- but this is a simple change that can mitigate small migrane  
headaches.

Rocket-
.ike




From nycbug at cyth.net  Wed Mar 22 16:52:24 2006
From: nycbug at cyth.net (Ray Lai)
Date: Wed, 22 Mar 2006 16:52:24 -0500
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
Message-ID: <20060322215247.GS29963@syntax.cyth.net>

On Wed, Mar 22, 2006 at 04:42:51PM -0500, Isaac Levy wrote:
> Hey All,
> 
> QUESTION:
> --
> Just on my mind today- has anyone seen any talk of blowfish password  
> hashes being set as default in FreeBSD?  It's standard on OpenBSD  
> right, but I'm annoyed today as I setup a bunch of new boxes and have  
> to manage one more thing...
> 
> 
> HOW:
> --
> For the record, for people on list who don't know how to do this,  
> here's a simple comprehensive how-to, to make blowfish default for  
> password hashes instead of md5:
> 
> http://filter.rackeasy.com/articles/2005/11/30/setup-freebsd-to-use- 
> blowfish
> 
> WHY:
> --
> Perhaps some of the crypto hardcores on list can expound on this  
> issue, but here's my basic description of the issue- md5 hashes,  
> aside from being cracked (collisions), are not salted.  Blowfish, is  
> salted.  Therefore, it's significantly more difficult to brute-force  
> passwords based on blowfish hashes.
> 
> In essence, based on most threat models, if an untrusted user can  
> read your /etc/master.passwd file, you have other problems to worry  
> about- but this is a simple change that can mitigate small migrane  
> headaches.

Paper: http://openbsd.rt.fm/papers/bcrypt-paper.ps
Slides: http://openbsd.rt.fm/papers/bcrypt-slides.ps

-Ray-


From mikel.king at ocsny.com  Wed Mar 22 17:03:03 2006
From: mikel.king at ocsny.com (Mikel King)
Date: Wed, 22 Mar 2006 17:03:03 -0500
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
Message-ID: <D6BCAABD-D0F6-4388-9DCF-75382F83EF22@ocsny.com>


On Mar 22, 2006, at 4:42 PM, Isaac Levy wrote:

> Hey All,
>
> QUESTION:
> --
> Just on my mind today- has anyone seen any talk of blowfish password
> hashes being set as default in FreeBSD?  It's standard on OpenBSD
> right, but I'm annoyed today as I setup a bunch of new boxes and have
> to manage one more thing...
>
>
> HOW:
> --
> For the record, for people on list who don't know how to do this,
> here's a simple comprehensive how-to, to make blowfish default for
> password hashes instead of md5:
>
> http://filter.rackeasy.com/articles/2005/11/30/setup-freebsd-to-use-
> blowfish
>
> WHY:
> --
> Perhaps some of the crypto hardcores on list can expound on this
> issue, but here's my basic description of the issue- md5 hashes,
> aside from being cracked (collisions), are not salted.  Blowfish, is
> salted.  Therefore, it's significantly more difficult to brute-force
> passwords based on blowfish hashes.
>
> In essence, based on most threat models, if an untrusted user can
> read your /etc/master.passwd file, you have other problems to worry
> about- but this is a simple change that can mitigate small migrane
> headaches.
>
> Rocket-
> .ike

Ike,

Dru did a nice set of articles on O'Reilly, and isn't there a chapter  
in BSD Hacks on this as well?

Cheers,
m


From ike at lesmuug.org  Wed Mar 22 17:27:12 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Wed, 22 Mar 2006 17:27:12 -0500
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <20060322215247.GS29963@syntax.cyth.net>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
	<20060322215247.GS29963@syntax.cyth.net>
Message-ID: <3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>

Hi Ray, Mikel,

On Mar 22, 2006, Isaac Levy asked:

>> Hey All,
>>
>> QUESTION:
>> --
>> Just on my mind today- has anyone seen any talk of blowfish password
>> hashes being set as default in FreeBSD?  It's standard on OpenBSD
>> right, but I'm annoyed today as I setup a bunch of new boxes and have
>> to manage one more thing...
>>

On Mar 22, 2006, at 4:52 PM, Ray Lai wrote:
> Paper: http://openbsd.rt.fm/papers/bcrypt-paper.ps
> Slides: http://openbsd.rt.fm/papers/bcrypt-slides.ps
>
> -Ray-

On Mar 22, 2006, at 5:03 PM, Mikel King wrote:
> Ike,
>
> Dru did a nice set of articles on O'Reilly, and isn't there a chapter
> in BSD Hacks on this as well?
>
> Cheers,
> m

--
Thx. for the resources guys, much appreciated- but that's not my  
original question.

My original question is: has anyone heard anything about FreeBSD  
changing to blf as a default instead of md5?

Rocket-
.ike




From ike at lesmuug.org  Wed Mar 22 17:38:38 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Wed, 22 Mar 2006 17:38:38 -0500
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
	<20060322215247.GS29963@syntax.cyth.net>
	<3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
Message-ID: <48C1B588-B849-41EC-8630-CFB1CC85D408@lesmuug.org>

BTW,

On Mar 22, 2006, at 5:27 PM, Isaac Levy wrote:

> My original question is: has anyone heard anything about FreeBSD
> changing to blf as a default instead of md5?

If this is a stupid question, can someone please set me straight and  
explain to me why?

/me sitting poised to get slapped by a flying fish

Rocket-
.ike




From nomadlogic at gmail.com  Wed Mar 22 17:44:06 2006
From: nomadlogic at gmail.com (pete wright)
Date: Wed, 22 Mar 2006 14:44:06 -0800
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
	<20060322215247.GS29963@syntax.cyth.net>
	<3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
Message-ID: <57d710000603221444o356a7dcfv6c685a276b3e2d2b@mail.gmail.com>

On 3/22/06, Isaac Levy <ike at lesmuug.org> wrote:
> Hi Ray, Mikel,
>
> On Mar 22, 2006, Isaac Levy asked:
>
> >> Hey All,
> >>
> >> QUESTION:
> >> --
> >> Just on my mind today- has anyone seen any talk of blowfish password
> >> hashes being set as default in FreeBSD?  It's standard on OpenBSD
> >> right, but I'm annoyed today as I setup a bunch of new boxes and have
> >> to manage one more thing...
> >>
>
> On Mar 22, 2006, at 4:52 PM, Ray Lai wrote:
> > Paper: http://openbsd.rt.fm/papers/bcrypt-paper.ps
> > Slides: http://openbsd.rt.fm/papers/bcrypt-slides.ps
> >
> > -Ray-
>
> On Mar 22, 2006, at 5:03 PM, Mikel King wrote:
> > Ike,
> >
> > Dru did a nice set of articles on O'Reilly, and isn't there a chapter
> > in BSD Hacks on this as well?
> >
> > Cheers,
> > m
>
> --
> Thx. for the resources guys, much appreciated- but that's not my
> original question.
>
> My original question is: has anyone heard anything about FreeBSD
> changing to blf as a default instead of md5?
>

Ike, i have not heard anything yet...although I'm sure patches to
sysinstall would be welcome ;)

on an easier note, would it be possible to supply the blowfish
password stuff in script that you can pass to sysinstall....check out
sysinstall(8).  now i've never tried to extend it in such a way so
take it FWIW.

-p

--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From ike at lesmuug.org  Wed Mar 22 17:50:59 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Wed, 22 Mar 2006 17:50:59 -0500
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <57d710000603221444o356a7dcfv6c685a276b3e2d2b@mail.gmail.com>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
	<20060322215247.GS29963@syntax.cyth.net>
	<3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
	<57d710000603221444o356a7dcfv6c685a276b3e2d2b@mail.gmail.com>
Message-ID: <1387AC42-FD60-4A96-A464-7882F0BC48C8@lesmuug.org>

Hi Pete,

On Mar 22, 2006, at 5:44 PM, pete wright wrote:

> On 3/22/06, Isaac Levy <ike at lesmuug.org> wrote:
>>
>> --
>> Thx. for the resources guys, much appreciated- but that's not my
>> original question.
>>
>> My original question is: has anyone heard anything about FreeBSD
>> changing to blf as a default instead of md5?
>>
>
> Ike, i have not heard anything yet...although I'm sure patches to
> sysinstall would be welcome ;)

Hrm.  Ok, well, if I'm scripting this for myself, I may as well save  
the rest of the world the extra 2 min. per box...

:P

Where do you think I should submit such a patch?

>
> on an easier note, would it be possible to supply the blowfish
> password stuff in script that you can pass to sysinstall....check out
> sysinstall(8).  now i've never tried to extend it in such a way so
> take it FWIW.

Noted- thx.  Just learned something new here about sysinstall- I'll  
check this out.

I was basically just thinking of applying a patch based on a diff of  
the 2 files involved.  (it's a really trivial change, in the end).

>
> -p

Best,
.ike




From nomadlogic at gmail.com  Wed Mar 22 18:08:14 2006
From: nomadlogic at gmail.com (pete wright)
Date: Wed, 22 Mar 2006 15:08:14 -0800
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <1387AC42-FD60-4A96-A464-7882F0BC48C8@lesmuug.org>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
	<20060322215247.GS29963@syntax.cyth.net>
	<3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
	<57d710000603221444o356a7dcfv6c685a276b3e2d2b@mail.gmail.com>
	<1387AC42-FD60-4A96-A464-7882F0BC48C8@lesmuug.org>
Message-ID: <57d710000603221508k63eb7d76u21d046e2b8e09b4f@mail.gmail.com>

On 3/22/06, Isaac Levy <ike at lesmuug.org> wrote:
> Hi Pete,
>
> On Mar 22, 2006, at 5:44 PM, pete wright wrote:
>
> > On 3/22/06, Isaac Levy <ike at lesmuug.org> wrote:
> >>
> >> --
> >> Thx. for the resources guys, much appreciated- but that's not my
> >> original question.
> >>
> >> My original question is: has anyone heard anything about FreeBSD
> >> changing to blf as a default instead of md5?
> >>
> >
> > Ike, i have not heard anything yet...although I'm sure patches to
> > sysinstall would be welcome ;)
>
> Hrm.  Ok, well, if I'm scripting this for myself, I may as well save
> the rest of the world the extra 2 min. per box...
>
> :P
>
> Where do you think I should submit such a patch?

good question....maybe release-eng?  although they are probably very
busy ATM...i sorta remeber an annoucement regarding possible projects
that need devs....

http://www.freebsd.org/projects/ideas/#p-sysinstall

have not heard much since this page went up though..


>
> >
> > on an easier note, would it be possible to supply the blowfish
> > password stuff in script that you can pass to sysinstall....check out
> > sysinstall(8).  now i've never tried to extend it in such a way so
> > take it FWIW.
>
> Noted- thx.  Just learned something new here about sysinstall- I'll
> check this out.
>
> I was basically just thinking of applying a patch based on a diff of
> the 2 files involved.  (it's a really trivial change, in the end).
>

really?  sweet, i'd be interested in checking those out....
-p

--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From stucchi at willystudios.com  Wed Mar 22 20:08:50 2006
From: stucchi at willystudios.com (Massimiliano Stucchi)
Date: Thu, 23 Mar 2006 02:08:50 +0100
Subject: [nycbug-talk] OT - SMS gateway services?
In-Reply-To: <13E86458-FB2D-437F-879C-398630BA4F3A@2xlp.com>
References: <13E86458-FB2D-437F-879C-398630BA4F3A@2xlp.com>
Message-ID: <20060323010850.GJ266@willystudios.com>

On 200306, 12:05, Jonathan Vanasco wrote:
> 
> Off Topic - but with all the networking/telephony knowledge here, I  
> bet someone can point me in the right direction
> 
> I'm looking for a SMS gateway service that can handle send / receive  
> ( i've found lots of sends, no receives )

The send and receive functions are _always_ considered separately.

I'm not really 100% into this market, but being from a country with more
cellphones than people (Italy), I think I can have a word on this :)

Seriously, I worked for some time for Vodafone, and I now offer this
kind of services to my customers, but simply as a reseller.

Sending is easy, and the service can be really cheap even at great
quality.  I use a provider where I get very good quality at very good
prices.

Receiving can be very expensive.  There are two ways of doing this:

- Via a shared number
	
	Every time you have to receive a message, the sender has to put a sort
	of prefix number at the beginning of the message.  This identifies the
	destination part, but leaves you with this mandatory action to take on
	every message that has to be sent to you.

- Via a dedicated number

	You get all the messages your number gets.

Let me list some prices for the two, just to give you an idea.  I could
recommend you this service, but since the provider is located in Italy,
I don't think it could come handy to you...

Shared number: 100euros setup, 70 euros/year
Dedicated number: 600 euros setup, 150 euros/month.

Last time I asked, it took them 2 months for the setup of a dedicated
number, since the government had run out of available numbering...

FWIW, this comes with an unlimited number of incoming messages.  They
get delivered to you via a simple http query.

> this is just a beta test , so cheaper is better than reliable for  
> now, but If anyone can suggest:
> 	a- who to use if price is  a concern
> 	b- who to use if reliablility is #1

As I said above, I don't have a good idea of the market in the US, nor I
can have any experience.  I know that T-Mobile has coverage there, since
I got it last time I came, so I would try to ask them.

If you have any other question, just let me know.

Ciao !
-- 

Massimiliano Stucchi
WillyStudios.com
stucchi at willystudios.com
Http://www.willystudios.com/max/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20060323/26300b14/attachment.bin>

From stucchi at willystudios.com  Wed Mar 22 20:21:21 2006
From: stucchi at willystudios.com (Massimiliano Stucchi)
Date: Thu, 23 Mar 2006 02:21:21 +0100
Subject: [nycbug-talk] soho firewall
In-Reply-To: <c1feb8190603200632l77a65751t9526bde0e4fb5c61@mail.gmail.com>
References: <20060308201745.2a3ad45a@wit.genoverly.home>
	<c1feb8190603200632l77a65751t9526bde0e4fb5c61@mail.gmail.com>
Message-ID: <20060323012121.GK266@willystudios.com>

On 200306, 09:32, Jeff Quast wrote:
> nobody has yet recommended wrap http://www.pcengines.ch/wrap.htm
> 
> It cost me just under $200 for a WRAP.1C-1, 2 LAN with DC adapter,
> alluminum casing, and 128MB CF card after S&H (to US). from
> http://www.mini-box.com/
> 
> a 3-LAN version is only a few more dollars.
> 
> I found it more cost effective than soekris, probobly more suited for
> you, as the cheaper costs is likely due to no 2.5" IDE adapter, and
> only one serial port. Like the soekris, it has a 266Mhz Geode onboard.
> It seems to be supported just as well as the soekris in BSD and
> gnu/Linux.

Yep, it's very well supported.  pfSense has images ready for it, and
nearly all of the official developers have one of them for testing and
development.  You can buy a Wrap and have it at work in around 30
minutes with pfSense.

There's only one problem we are experiencing with one of my customers
down here.  FreeBSD 4 will not boot on Wraps, since the bios doesn't
emulate a keyboard at startup (soekris' bios does).

<spam>

I sell them via EuroBSDMall:

http://www.eurobsdmall.com/catalog/product_info.php/products_id/77

Yes, this is gratuitous spam, but EuroBSDMall was born with the
intention of collecting money to give to developers, mainly FreeSBIE
ones.  We also resell products from FreeBSDMall

I'm likely to come to BSDCan with some of the gear on the site, and we
will probably have a t-shirt and official FreeSBIE CD to celebrate
FreeSBIE 2.0.  Preorders will be available soon, and I will probably
bring some of the stuff to Ottawa.

</spam>

> I've seen threads on openbsd-misc and Soekris-tech that even adding a
> PCI crypto card to the soekris does not significantly improve crypt
> for vpn. Though it is supported (at least on openbsd), there is
> something to say about the bus and cpu speed of the soekris and high
> interrupts of the onboard NIC's being at fault. In which case a via
> may be more suitable (though more expensive?)
> 
> Does anybody know if there such a thing as a cost effective miniPCI crypto card?

Yep:
http://store.orbitmicro.com/ccp4785-mini-pci-vpn-accelerator-card-with-cavium-cn-1005-av-cvb400-113285.htm

I don't know how effective it can be, but I found it.

Ciao !
-- 

Massimiliano Stucchi
WillyStudios.com
stucchi at willystudios.com
Http://www.willystudios.com/max/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20060323/33d91ee1/attachment.bin>

From nycbug-list at 2xlp.com  Wed Mar 22 20:27:05 2006
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Wed, 22 Mar 2006 20:27:05 -0500
Subject: [nycbug-talk] OT - SMS gateway services?
In-Reply-To: <20060323010850.GJ266@willystudios.com>
References: <13E86458-FB2D-437F-879C-398630BA4F3A@2xlp.com>
	<20060323010850.GJ266@willystudios.com>
Message-ID: <BF69E422-3D57-4A80-A5BE-CCF6120D57C0@2xlp.com>


On Mar 22, 2006, at 8:08 PM, Massimiliano Stucchi wrote:

> I'm not really 100% into this market, but being from a country with  
> more
> cellphones than people (Italy), I think I can have a word on this :)

Thanks.  It is helpful.

I've found so many outgoing services, all cheap, but few for  
incoming.  every outgoing service said "just use at&t or mci" -  
except i don't want to deal with 2 accounts.  the big bells are  
prohibitively expensive for outgoing service and not really geared  
price-wise for incoming and what i want to do.  i figure there's  
always some upstart offering both and a nice api.





From bob at redivi.com  Wed Mar 22 21:12:30 2006
From: bob at redivi.com (Bob Ippolito)
Date: Wed, 22 Mar 2006 18:12:30 -0800
Subject: [nycbug-talk] OT - SMS gateway services?
In-Reply-To: <BF69E422-3D57-4A80-A5BE-CCF6120D57C0@2xlp.com>
References: <13E86458-FB2D-437F-879C-398630BA4F3A@2xlp.com>
	<20060323010850.GJ266@willystudios.com>
	<BF69E422-3D57-4A80-A5BE-CCF6120D57C0@2xlp.com>
Message-ID: <AF4D69E7-A91D-4DD5-8E74-B1D7E5AC05B3@redivi.com>


On Mar 22, 2006, at 5:27 PM, Jonathan Vanasco wrote:

>
> On Mar 22, 2006, at 8:08 PM, Massimiliano Stucchi wrote:
>
>> I'm not really 100% into this market, but being from a country with
>> more
>> cellphones than people (Italy), I think I can have a word on this :)
>
> Thanks.  It is helpful.
>
> I've found so many outgoing services, all cheap, but few for
> incoming.  every outgoing service said "just use at&t or mci" -
> except i don't want to deal with 2 accounts.  the big bells are
> prohibitively expensive for outgoing service and not really geared
> price-wise for incoming and what i want to do.  i figure there's
> always some upstart offering both and a nice api.

Maybe you should try shooting an email to the dodgeball guys?

http://www.dodgeball.com/about_bios

-bob



From ike at lesmuug.org  Thu Mar 23 10:30:13 2006
From: ike at lesmuug.org (Isaac Levy)
Date: Thu, 23 Mar 2006 10:30:13 -0500
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <57d710000603221508k63eb7d76u21d046e2b8e09b4f@mail.gmail.com>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
	<20060322215247.GS29963@syntax.cyth.net>
	<3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
	<57d710000603221444o356a7dcfv6c685a276b3e2d2b@mail.gmail.com>
	<1387AC42-FD60-4A96-A464-7882F0BC48C8@lesmuug.org>
	<57d710000603221508k63eb7d76u21d046e2b8e09b4f@mail.gmail.com>
Message-ID: <D3BBF03D-2B46-426F-9BB8-412765CE102D@lesmuug.org>

Hi Pete, All,

On Mar 22, 2006, at 6:08 PM, pete wright wrote:

> good question....maybe release-eng?  although they are probably very
> busy ATM...i sorta remeber an annoucement regarding possible projects
> that need devs....
>
> http://www.freebsd.org/projects/ideas/#p-sysinstall

I think I decided I'm going to go the PR route with this one, and see  
how that goes:

A usual suspect, Michael Lucas, Rocks hard explaining it all:
http://www.onlamp.com/pub/a/bsd/2001/03/08/Big_Scary_Daemons.html

--
Re. sysinstall: I read up, and it's not really relevant to the config  
file changes- (unless there's some sneaky ASCII menu thing to change  
system default pw hash!)

Thx for this idea though, I've never read the sysinstall man page, it  
was enlightening :)

Rocket-
.ike




From nomadlogic at gmail.com  Thu Mar 23 15:14:51 2006
From: nomadlogic at gmail.com (pete wright)
Date: Thu, 23 Mar 2006 12:14:51 -0800
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <D3BBF03D-2B46-426F-9BB8-412765CE102D@lesmuug.org>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
	<20060322215247.GS29963@syntax.cyth.net>
	<3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
	<57d710000603221444o356a7dcfv6c685a276b3e2d2b@mail.gmail.com>
	<1387AC42-FD60-4A96-A464-7882F0BC48C8@lesmuug.org>
	<57d710000603221508k63eb7d76u21d046e2b8e09b4f@mail.gmail.com>
	<D3BBF03D-2B46-426F-9BB8-412765CE102D@lesmuug.org>
Message-ID: <57d710000603231214x7525b9fcxd40a5b6005eaec2b@mail.gmail.com>

On 3/23/06, Isaac Levy <ike at lesmuug.org> wrote:
> Hi Pete, All,
>
> On Mar 22, 2006, at 6:08 PM, pete wright wrote:
>
> > good question....maybe release-eng?  although they are probably very
> > busy ATM...i sorta remeber an annoucement regarding possible projects
> > that need devs....
> >
> > http://www.freebsd.org/projects/ideas/#p-sysinstall
>
> I think I decided I'm going to go the PR route with this one, and see
> how that goes:
>
> A usual suspect, Michael Lucas, Rocks hard explaining it all:
> http://www.onlamp.com/pub/a/bsd/2001/03/08/Big_Scary_Daemons.html
>
> --
> Re. sysinstall: I read up, and it's not really relevant to the config
> file changes- (unless there's some sneaky ASCII menu thing to change
> system default pw hash!)

ahh...yea you are right.  i was hoping there was something in there
where you could provide a user defined string to create users....



-p
--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From nomadlogic at gmail.com  Thu Mar 23 15:14:51 2006
From: nomadlogic at gmail.com (pete wright)
Date: Thu, 23 Mar 2006 12:14:51 -0800
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <D3BBF03D-2B46-426F-9BB8-412765CE102D@lesmuug.org>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
	<20060322215247.GS29963@syntax.cyth.net>
	<3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
	<57d710000603221444o356a7dcfv6c685a276b3e2d2b@mail.gmail.com>
	<1387AC42-FD60-4A96-A464-7882F0BC48C8@lesmuug.org>
	<57d710000603221508k63eb7d76u21d046e2b8e09b4f@mail.gmail.com>
	<D3BBF03D-2B46-426F-9BB8-412765CE102D@lesmuug.org>
Message-ID: <57d710000603231214x7525b9fcxd40a5b6005eaec2b@mail.gmail.com>

On 3/23/06, Isaac Levy <ike at lesmuug.org> wrote:
> Hi Pete, All,
>
> On Mar 22, 2006, at 6:08 PM, pete wright wrote:
>
> > good question....maybe release-eng?  although they are probably very
> > busy ATM...i sorta remeber an annoucement regarding possible projects
> > that need devs....
> >
> > http://www.freebsd.org/projects/ideas/#p-sysinstall
>
> I think I decided I'm going to go the PR route with this one, and see
> how that goes:
>
> A usual suspect, Michael Lucas, Rocks hard explaining it all:
> http://www.onlamp.com/pub/a/bsd/2001/03/08/Big_Scary_Daemons.html
>
> --
> Re. sysinstall: I read up, and it's not really relevant to the config
> file changes- (unless there's some sneaky ASCII menu thing to change
> system default pw hash!)

ahh...yea you are right.  i was hoping there was something in there
where you could provide a user defined string to create users....



-p
--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From okan at demirmen.com  Thu Mar 23 15:34:19 2006
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 23 Mar 2006 15:34:19 -0500
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
	<20060322215247.GS29963@syntax.cyth.net>
	<3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
Message-ID: <20060323203419.GA21266@clam.khaoz.org>

On Wed 2006.03.22 at 17:27 -0500, Isaac Levy wrote:
> My original question is: has anyone heard anything about FreeBSD  
> changing to blf as a default instead of md5?

question for you? does freebsd install have a post-install script, or
extra package, it can use during install/upgrade? (ala openbsd's
siteXX.tgz - install.site/upgrade.site scripts)

okan


From nycbug-list at 2xlp.com  Thu Mar 23 15:48:17 2006
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Thu, 23 Mar 2006 15:48:17 -0500
Subject: [nycbug-talk] pthreads?
Message-ID: <5C19B7EB-905E-4B6A-97BE-F90FAB2057A9@2xlp.com>


I'm running FreeBSD 6.0

/etc/make.conf didn't have pthreads enabled

probably a good thing, because my box primarily does mod_perl/Apache2  
and postgres, all of which have had issues w/ pthreads in the past

i just ran into a slight issue though

i'd like to run exim-sqlite as my mta (currently its exim-postgres,  
but the machine is going into production mode, so i don't want to  
have a webapp and mta competing for db resources)

exim-sqlite seems to require sqlite3 built w/pthreads
building sqlite w/pthreads seems to require a bunch of other things  
being built with pthreads too (though  i haven't figured out what yet)

which presents me with this question-

are pthreads safe that i could/should have had -pthreads in my /etc/ 
make.conf ?

apache/mp isn't thread safe, but its easy to not build them against it

i'm more wondering why it wasn't in make.conf as i keep running into  
apps that  need them 


From njt at ayvali.org  Thu Mar 23 18:17:08 2006
From: njt at ayvali.org (N.J. Thomas)
Date: Thu, 23 Mar 2006 18:17:08 -0500
Subject: [nycbug-talk] jails: manipulating interface? (was Re: running nfs
	client?)
In-Reply-To: <819E8FFA-B404-4442-97C3-1748C57D6CC6@lesmuug.org>
References: <20060317214218.GG30902@ayvali.org>
	<819E8FFA-B404-4442-97C3-1748C57D6CC6@lesmuug.org>
Message-ID: <20060323231708.GW30902@ayvali.org>

* Isaac Levy <ike at lesmuug.org> [2006-03-17 17:09:54 -0500]:
> > Is it possible to mount an NFS filesystem from inside a jail?
> 
> Outside the jail (host system) + you are able to mount the nfs volume
> from the host, at a mount point within the jail instance userland.

This is what I ended up doing. Thanks for the info!

> > if NFS inside a jail is doable, I would presume that running amd
> > would work as well?
> 
> I would think so, but I've not done or seen it.  Give it a shot?

We were running this on a 5.4 system, and for whatever reason, mounting
from inside the jail wouldn't work , regardless of what I set (sysctl)
security.jail.getfsstatroot_only to. No biggie though. However...


I've run into another problem when I was done setting up this particular
jail. The program that I am trying to get installed inside this jail
works by directly manipulating the network interfaces. Is it possible
to run "ifconfig [if] inet [ip] netmask [netmask]" inside a jail?

thanks,
Thomas

-- 
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo


From spork at bway.net  Thu Mar 23 20:37:37 2006
From: spork at bway.net (Charles Sprickman)
Date: Thu, 23 Mar 2006 20:37:37 -0500 (EST)
Subject: [nycbug-talk] Kolab Server on *BSD?
Message-ID: <Pine.OSX.4.61.0603232033390.684@spork-book.local>

Hi all,

I've got someone wanting to fiddle with Kolab, mainly for the contact 
management stuff and the KDE client.  Looking at it, it seems very 
"Linuxy".  Since I just wanted to play with it, I was hoping for binaries, 
but the whole thing is a bit icky in that regard with no official builds 
for *BSD.  It looks like you have to install openpkg, which is itself 
quite a messy little thing.

Anyone have this running?  It's essentially a bunch of common OSS stuff 
wrapped into a big package (OpenLDAP, Postfix, etc.).

Alternately, all my buddy wants is something that will let him do contact 
management and calendering under FreeBSD/KDE, OS-X, Windows and be able to 
sync off to a Palm and a Zaurus.  It sounds like a simple request, but...

Any pointers in this area are welcome.

Thanks,

Charles



From nomadlogic at gmail.com  Thu Mar 23 20:59:46 2006
From: nomadlogic at gmail.com (pete wright)
Date: Thu, 23 Mar 2006 17:59:46 -0800
Subject: [nycbug-talk] Kolab Server on *BSD?
In-Reply-To: <Pine.OSX.4.61.0603232033390.684@spork-book.local>
References: <Pine.OSX.4.61.0603232033390.684@spork-book.local>
Message-ID: <57d710000603231759t58a3fb28t2db764e22011d209@mail.gmail.com>

On 3/23/06, Charles Sprickman <spork at bway.net> wrote:
> Hi all,
>
> I've got someone wanting to fiddle with Kolab, mainly for the contact
> management stuff and the KDE client.  Looking at it, it seems very
> "Linuxy".  Since I just wanted to play with it, I was hoping for binaries,
> but the whole thing is a bit icky in that regard with no official builds
> for *BSD.  It looks like you have to install openpkg, which is itself
> quite a messy little thing.
>
> Anyone have this running?  It's essentially a bunch of common OSS stuff
> wrapped into a big package (OpenLDAP, Postfix, etc.).
>
> Alternately, all my buddy wants is something that will let him do contact
> management and calendering under FreeBSD/KDE, OS-X, Windows and be able to
> sync off to a Palm and a Zaurus.  It sounds like a simple request, but...

hmm...i think korganizer should support most of those features...and i
*belive* you can do shared calanders via webdav.  their is also an
exchange 2000 plugin, although I can not report it that works or not. 
i'm actually pretty happy with korganizer, as it's been a decent
replacement for iCal and integrates with KDE quite well.

-p



--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



From nycbug-list at 2xlp.com  Thu Mar 23 21:26:18 2006
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Thu, 23 Mar 2006 21:26:18 -0500
Subject: [nycbug-talk] Kolab Server on *BSD?
In-Reply-To: <57d710000603231759t58a3fb28t2db764e22011d209@mail.gmail.com>
References: <Pine.OSX.4.61.0603232033390.684@spork-book.local>
	<57d710000603231759t58a3fb28t2db764e22011d209@mail.gmail.com>
Message-ID: <2386E607-3E51-4CC5-A6EB-B8D391227F22@2xlp.com>


On Mar 23, 2006, at 8:59 PM, pete wright wrote:

> On 3/23/06, Charles Sprickman <spork at bway.net> wrote:
>>
>> Alternately, all my buddy wants is something that will let him do  
>> contact
>> management and calendering under FreeBSD/KDE, OS-X, Windows and be  
>> able to
>> sync off to a Palm and a Zaurus.  It sounds like a simple request,  
>> but...
>
> hmm...i think korganizer should support most of those features...and i
> *belive* you can do shared calanders via webdav.  their is also an
> exchange 2000 plugin, although I can not report it that works or not.
> i'm actually pretty happy with korganizer, as it's been a decent
> replacement for iCal and integrates with KDE quite well.

There are a few php calendar scripts out that that essentially do  
what ical + a .mac account does, but for free.

I can't remember their names, but I'm sure google will point you to  
2-3 projects minimum that will run fine under a jailed lighttpd or  
something similar ( i've had my fill of hacked boxes from exploits on  
open source php projects )


From njt at ayvali.org  Fri Mar 24 10:58:45 2006
From: njt at ayvali.org (N.J. Thomas)
Date: Fri, 24 Mar 2006 10:58:45 -0500
Subject: [nycbug-talk] jails: manipulating interface? (was Re: running
	nfs client?)
In-Reply-To: <20060323231708.GW30902@ayvali.org>
References: <20060317214218.GG30902@ayvali.org>
	<819E8FFA-B404-4442-97C3-1748C57D6CC6@lesmuug.org>
	<20060323231708.GW30902@ayvali.org>
Message-ID: <20060324155844.GA30902@ayvali.org>

* N.J. Thomas <njt at ayvali.org> [2006-03-23 18:17:08 -0500]:
> The program that I am trying to get installed inside this jail works
> by directly manipulating the network interfaces. Is it possible to run
> "ifconfig [if] inet [ip] netmask [netmask]" inside a jail?

I dug up a little more information on this, and to answer my own
question, no, it is not possible to manipulate network interfaces from
inside a jail.

Thomas

-- 
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo


From dlavigne6 at sympatico.ca  Fri Mar 24 14:28:49 2006
From: dlavigne6 at sympatico.ca (dlavigne6 at sympatico.ca)
Date: Fri, 24 Mar 2006 14:28:49 -0500
Subject: [nycbug-talk] UKUUG Spring Conference
Message-ID: <20060324192849.ZMGN28586.tomts25-srv.bellnexxia.net@smtp1.sympatico.ca>

I've updated my blog from notes on the technical talks. Very good talks, lots of good links on the blog. Also met lots of interesting contacts at the conference. No pics of the conference but should have links of the city tomorrow.

blogs.ittoolbox.com/unix/bsd

Dru



From njt at ayvali.org  Fri Mar 24 15:33:47 2006
From: njt at ayvali.org (N.J. Thomas)
Date: Fri, 24 Mar 2006 15:33:47 -0500
Subject: [nycbug-talk] jails: manipulating interface?
In-Reply-To: <DF8016DD-1065-49D2-B7D3-D0DAB8250721@lesmuug.org>
References: <20060317214218.GG30902@ayvali.org>
	<819E8FFA-B404-4442-97C3-1748C57D6CC6@lesmuug.org>
	<20060323231708.GW30902@ayvali.org>
	<DF8016DD-1065-49D2-B7D3-D0DAB8250721@lesmuug.org>
Message-ID: <20060324203347.GA32291@ayvali.org>

* Isaac Levy <ike at lesmuug.org> [2006-03-24 11:53:38 -0500]:
> IP interfaces cannot be manipulated from inside a jail.
>
> There's a few gotchas like this, which in the end, are pretty logical
> in the context of what a jail is- another example is setting the
> date, another would be managing firewall tables, etc...

Understood. While this sort of makes using a jail a showstopper for this
particular application I was working on, the entire setup process was an
extremely educational one and now I'm brimming with ideas on the
potential applications of jails (i.e. as sandbox environments for our
dev team).

Thanks for all the help!

Thomas

-- 
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo


From george at sddi.net  Sat Mar 25 23:14:52 2006
From: george at sddi.net (George R.)
Date: Sat, 25 Mar 2006 23:14:52 -0500
Subject: [nycbug-talk] A role in BSDCertification.org
Message-ID: <4426153C.4040507@sddi.net>

I know there are many people on this list looking for a concrete role in
the BSD Community.

One effort a number of people in NYCBUG are involved in is the BSD
Certification effort.

Like most BSD projects, the effort is methodically moving along with
seriousness and organization.  This is not a fly-by-night effort.

On that note, the current secretary is resigning after a good long
tenure, and we're looking for a replacement.

This a job description from the by-laws:

"The Secretary shall keep accurate records of the acts and proceedings
of all meetings of the Members and Directors. The Secretary shall give
all notices required by law and by these Bylaws. In addition, the
Secretary shall have general charge of the corporate books and records
and of the corporate seal, and he or she shall affix, or attest the
affixing of, the corporate seal to any lawfully executed instrument
requiring it. The Secretary shall have general charge of the membership
records of the BSDCG and shall keep, at the registered or principal
office of the BSDCG, a record of the Members of the BSDCG showing the
name, address, telephone number, and electronic mail address of each
Member. The Secretary shall sign such instruments as may require his or
her signature and, in general, shall perform all duties as may be
assigned to him or her from time to time by the Chairman, the President
or the Board of Directors. The Assistant Secretary, if one is appointed,
shall render assistance to the Secretary in all the responsibilities
described above. Until the first Board of Directors of the BSDCG is
elected, Jonathan Drews will be acting Secretary of the BSDCG."

If you're up for this role, please contact me off-list or grab Dru.
Ultimately, it will be the newly forming Board of Directors that
appoints the position.

g


From dlavigne6 at sympatico.ca  Mon Mar 27 11:51:07 2006
From: dlavigne6 at sympatico.ca (Dru)
Date: Mon, 27 Mar 2006 11:51:07 -0500 (EST)
Subject: [nycbug-talk] postgres 10th anniversary
Message-ID: <20060327114804.C594@dru.domain.org>


For those of you into Postgres and looking for an excuse to visit Toronto, 
registration has opened for the 10th Anniversary of Postgres conference:

http://conference.postgresql.org

Early registration is $60 US and accomodation is available on campus. Most 
of core will be there and speaking.

I've already registered and hope to see some of you there :-)

Dru


From dlavigne6 at sympatico.ca  Mon Mar 27 14:07:20 2006
From: dlavigne6 at sympatico.ca (Dru)
Date: Mon, 27 Mar 2006 14:07:20 -0500 (EST)
Subject: [nycbug-talk] blowfish FreeBSD passwords
In-Reply-To: <20060327182920.GA2981@clam.khaoz.org>
References: <27D12AA7-F5BB-4372-8E03-6D8C9D9B6BC7@lesmuug.org>
	<20060322215247.GS29963@syntax.cyth.net>
	<3E956B96-C90E-41D1-946D-8D9C047D3598@lesmuug.org>
	<20060323203419.GA21266@clam.khaoz.org>
	<20060327130056.O594@dru.domain.org>
	<20060327182920.GA2981@clam.khaoz.org>
Message-ID: <20060327140516.M594@dru.domain.org>



On Mon, 27 Mar 2006, Okan Demirmen wrote:

> On Mon 2006.03.27 at 13:01 -0500, Dru wrote:
>>
>> Hi Okan,
>>
>> On Thu, 23 Mar 2006, Okan Demirmen wrote:
>>
>>> On Wed 2006.03.22 at 17:27 -0500, Isaac Levy wrote:
>>>> My original question is: has anyone heard anything about FreeBSD
>>>> changing to blf as a default instead of md5?
>>>
>>> question for you? does freebsd install have a post-install script, or
>>> extra package, it can use during install/upgrade? (ala openbsd's
>>> siteXX.tgz - install.site/upgrade.site scripts)


For those of you that have a copy of BSD Hacks, take a look at #77, 
specifically the path at the bottom of p. 330 and the note on p. 331.

For those that don't, take a look at 
/usr/doc/en_US.ISO8859-1/articles/pxe/post

I had to wait til I was back home to check my own copy as I was sure I had 
a mention of this somewhere in the book :-)

Dru


From riegersteve at gmail.com  Wed Mar 29 00:00:41 2006
From: riegersteve at gmail.com (Steve Rieger)
Date: Tue, 28 Mar 2006 21:00:41 -0800
Subject: [nycbug-talk] fatal: SASL library initialization (postifix)
Message-ID: <442A1479.3080103@gmail.com>

sorry for asking a dumb question, looked around a bit but nothing found 
that matches my problem.

postfix was built as follows

make makefiles CCARGS="-DUSE_TLS -DUSE_SASL_AUTH 
-I/usr/local/include/sasl" AUXLIBS="-L/usr/local/ssl/lib -lssl -lcrypto 
-lsasl2"

make
make install

sasl2 was installed as a package from sunfreeware.

in /var/log/mail.log
Mar 28 20:19:46 solaris.up-south.com postfix/smtp[2248]: [ID 947731 
mail.crit] fatal: SASL library initialization

ldd /usr/sbin/postfix
        libssl.so.0.9.8 =>       /opt/csw/lib/libssl.so.0.9.8
        libcrypto.so.0.9.8 =>    /opt/csw/lib/libcrypto.so.0.9.8
        libsasl2.so.2 =>         /usr/local/lib/libsasl2.so.2
        libpcre.so.0 =>  /usr/local/lib/libpcre.so.0
        libresolv.so.2 =>        /usr/lib/libresolv.so.2
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        libmd5.so.1 =>   /usr/lib/libmd5.so.1
        libscf.so.1 =>   /usr/lib/libscf.so.1
        libdoor.so.1 =>  /usr/lib/libdoor.so.1
        libuutil.so.1 =>         /usr/lib/libuutil.so.1
        libm.so.2 =>     /lib/libm.so.2


postconf -n

2bounce_notice_recipient = postmaster
access_map_reject_code = 554
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map =
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = 3
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = postmaster
address_verify_sender_dependent_relayhost_maps = 
$sender_dependent_relayhost_maps
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = dbm:/etc/mail/aliases
alias_maps = dbm:/etc/mail/aliases, nis:mail.aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories =
always_bcc =
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
append_at_myorigin = yes
append_dot_mydomain = yes
application_event_drain_time = 100s
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = yes
body_checks =
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
bounce_template_file =
broken_sasl_auth_clients = no
canonical_classes = envelope_sender, envelope_recipient, header_sender, 
header_recipient
canonical_maps =
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_execution_directory =
command_expansion_filter = 
1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
connection_cache_protocol_timeout = 5s
connection_cache_service_name = scache
connection_cache_status_update_time = 600s
connection_cache_ttl_limit = 2s
content_filter =
daemon_directory = /usr/libexec/postfix
daemon_timeout = 18000s
debug_peer_level = 2
debug_peer_list =
default_database_type = dbm
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_limit = 20
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class 
[$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 10000
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_logging_resolution_limit = 2
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
disable_dns_lookups = yes
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_verp_bounces = no
disable_vrfy_command = no
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
enable_original_recipient = yes
error_notice_recipient = postmaster
error_service_name = error
execution_directory_expansion_filter = 
1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
expand_owner_alias = no
export_environment = TZ MAIL_CONFIG LANG
fallback_transport =
fallback_transport_maps =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 
1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, 
$home/.forward
frozen_delivered_to = yes
hash_queue_depth = 1
hash_queue_names = deferred, defer
header_address_token_limit = 10240
header_checks =
header_size_limit = 102400
helpful_warnings = yes
home_mailbox =
hopcount_limit = 50
html_directory = no
ignore_mx_lookup_error = no
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY 
DISPLAY LANG=C
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
initial_destination_concurrency = 5
invalid_hostname_reject_code = 501
ipc_idle = 100s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_bind_address =
lmtp_bind_address6 =
lmtp_cname_overrides_servername = no
lmtp_connect_timeout = 0s
lmtp_connection_cache_destinations =
lmtp_connection_cache_on_demand = yes
lmtp_connection_reuse_time_limit = 300s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_defer_if_no_mx_address_found = no
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_discard_lhlo_keyword_address_maps =
lmtp_discard_lhlo_keywords =
lmtp_enforce_tls = no
lmtp_generic_maps =
lmtp_host_lookup = dns
lmtp_lhlo_name = $myhostname
lmtp_lhlo_timeout = 300s
lmtp_line_length_limit = 990
lmtp_mail_timeout = 300s
lmtp_mx_address_limit = 5
lmtp_mx_session_limit = 2
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_threshold_time = 500s
lmtp_quit_timeout = 300s
lmtp_quote_rfc821_envelope = yes
lmtp_randomize_addresses = yes
lmtp_rcpt_timeout = 300s
lmtp_rset_timeout = 20s
lmtp_sasl_auth_enable = no
lmtp_sasl_mechanism_filter =
lmtp_sasl_password_maps =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
lmtp_send_xforward_command = no
lmtp_sender_dependent_authentication = no
lmtp_skip_5xx_greeting = yes
lmtp_starttls_timeout = 300s
lmtp_tcp_port = 24
lmtp_tls_enforce_peername = yes
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_scert_verifydepth = 5
lmtp_use_tls = no
lmtp_xforward_timeout = 300s
local_command_shell =
local_destination_concurrency_limit = 2
local_destination_recipient_limit = 1
local_header_rewrite_clients = permit_inet_interfaces
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
local_transport = local:$myhostname
luser_relay =
mail_name = Postfix
mail_owner = postfix
mail_release_date = 20060325
mail_spool_directory = /var/mail
mail_version = 2.3-20060325
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = fcntl, dotlock
mailbox_size_limit = 51200000
mailbox_transport =
mailbox_transport_maps =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions =
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_reject_characters =
message_size_limit = 10240000
message_strip_characters =
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 1000s
multi_recipient_bounce_reject_code = 550
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = up-south.com
myhostname = solaris.up-south.com
mynetworks = 127.0.0.0/8 192.168.1.0/24
mynetworks_style = subnet
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
notify_classes = resource, software
owner_request_special = yes
parent_domain_matches_subdomains = 
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
plaintext_reject_code = 450
prepend_delivered_header = command, file, forward
process_id_directory = pid
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination 
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps 
$virtual_mailbox_domains $relay_recipient_maps $relay_domains 
$canonical_maps $sender_canonical_maps $recipient_canonical_maps 
$relocated_maps $transport_maps $mynetworks
qmgr_clog_warn_time = 300s
qmgr_fudge_factor = 100
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 1000s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = no
receive_override_options =
recipient_bcc_maps =
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_canonical_maps =
recipient_delimiter =
reject_code = 554
relay_clientcerts =
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_recipient_maps =
relay_transport = relay
relayhost = [smtp.gmail.com]
relocated_maps =
remote_header_rewrite_domain =
require_home_directory = no
resolve_dequoted_address = yes
resolve_null_domain = no
resolve_numeric_domain = no
rewrite_service_name = rewrite
sample_directory = /etc/postfix
sender_bcc_maps =
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =
sender_dependent_relayhost_maps =
sendmail_path = /usr/lib/sendmail
service_throttle_time = 60s
setgid_group = postdrop
show_user_unknown_table_name = yes
showq_service_name = showq
smtp_always_send_ehlo = yes
smtp_bind_address =
smtp_bind_address6 =
smtp_cname_overrides_servername = no
smtp_connect_timeout = 30s
smtp_connection_cache_destinations =
smtp_connection_cache_on_demand = yes
smtp_connection_cache_time_limit = 2s
smtp_connection_cache_time_limit = 2s
smtp_connection_reuse_time_limit = 300s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_discard_ehlo_keyword_address_maps =
smtp_discard_ehlo_keywords =
smtp_enforce_tls = no
smtp_fallback_relay = $fallback_relay
smtp_generic_maps = dbm:/etc/postfix/generic
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_mx_address_limit = 5
smtp_mx_session_limit = 2
smtp_never_send_ehlo = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300s
smtp_rset_timeout = 20s
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps = dbm:/etc/postfix/sasl_passwd
smtp_sasl_path =
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtp_send_xforward_command = no
smtp_sender_dependent_authentication = no
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtp_starttls_timeout = 300s
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_CApath =
smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
smtp_tls_cipherlist =
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_key_file = /etc/postfix/FOO-key.pem
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = no
smtp_tls_per_site = dbm:/etc/postfix/tls_per_site
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = yes
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts =
smtpd_authorized_xforward_hosts =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_event_limit_exceptions = 
${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_client_message_rate_limit = 0
smtpd_client_new_tls_session_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions =
smtpd_data_restrictions =
smtpd_delay_open_until_valid_rcpt = yes
smtpd_delay_reject = yes
smtpd_discard_ehlo_keyword_address_maps =
smtpd_discard_ehlo_keywords =
smtpd_end_of_data_restrictions =
smtpd_enforce_tls = no
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = 
\t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
smtpd_forbidden_commands = CONNECT GET POST
smtpd_hard_error_limit = 20
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = 100
smtpd_noop_commands =
smtpd_null_access_lookup_key = <>
smtpd_peername_lookup = yes
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter =
smtpd_proxy_timeout = 100s
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes =
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtpd_sender_login_maps =
smtpd_sender_restrictions =
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_CApath =
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 5
smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
smtpd_tls_cipherlist =
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_key_file = /etc/postfix/FOO-key.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_tls = yes
soft_bounce = no
stale_lock_time = 500s
strict_7bit_headers = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mime_encoding_domain = no
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = postfix
tls_daemon_random_bytes = 32
tls_random_bytes = 32
tls_random_exchange_name = ${config_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
trace_service_name = trace
transport_maps = dbm:/etc/postfix/transport
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 450
unverified_sender_reject_code = 450
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = $virtual_maps
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_limit = 
$default_destination_concurrency_limit
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps =
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl
virtual_mailbox_maps =
virtual_minimum_uid = 100
virtual_transport = virtual
virtual_uid_maps =







-- 
--
Steve Rieger
310-339-4355      (cell)
3394355 at gmail.com (pager)


From jlam at pkgsrc.org  Wed Mar 29 09:47:25 2006
From: jlam at pkgsrc.org (Johnny Lam)
Date: Wed, 29 Mar 2006 09:47:25 -0500
Subject: [nycbug-talk] fatal: SASL library initialization (postifix)
In-Reply-To: <442A1479.3080103@gmail.com>
References: <442A1479.3080103@gmail.com>
Message-ID: <442A9DFD.9040308@pkgsrc.org>

Steve Rieger wrote:
> sorry for asking a dumb question, looked around a bit but nothing found 
> that matches my problem.
> 
> postfix was built as follows
> 
> make makefiles CCARGS="-DUSE_TLS -DUSE_SASL_AUTH 
> -I/usr/local/include/sasl" AUXLIBS="-L/usr/local/ssl/lib -lssl -lcrypto 
> -lsasl2"
> 
> make
> make install
> 
> sasl2 was installed as a package from sunfreeware.
> 
> in /var/log/mail.log
> Mar 28 20:19:46 solaris.up-south.com postfix/smtp[2248]: [ID 947731 
> mail.crit] fatal: SASL library initialization

Just a guess, but did you create a /usr/local/lib/sasl2/smtpd.conf file?

	http://www.postfix.org/SASL_README.html#server_cyrus

	Cheers,

	-- Johnny Lam <jlam at pkgsrc.org>


From tux at penguinnetwerx.net  Thu Mar 30 17:52:56 2006
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Thu, 30 Mar 2006 17:52:56 -0500
Subject: [nycbug-talk] sed Question
Message-ID: <442C6148.30308@penguinnetwerx.net>

All,

I know there are a few scripting gurus on this list who might be able to 
help me out with this..

I'm trying to write a script that does the following:

1. Runs 'fastest_cvsup -c us' to find the fastest cvsup server
2. Assigns the value of "server.txt" (which is the fastest server) to a 
variable and then searches my "ports-sup" file for the existing server, 
and replaces it with the new one.

Sofar, everything works fine until I get to the replacement part of the 
script.

Here's the script:

#!/bin/sh

echo ""
echo "Finding the fastest cvsup server."
echo ""
fastest_cvsup -c us | grep 1st | cut -d : -f 2 > server.txt
sed 's/^[ \t]*//' server.txt > fast.txt
fastest=`cat fast.txt`
echo ""
echo "The fastest server seems to be: $fastest"
echo ""
echo ""
echo "Here we actually modify the file using sed."
echo ""
sed '2s/cvsup*.FreeBSD.org/$fastest/' ports-sup
echo ""
echo Done.
rm server.txt
rm fast.txt

I've tried replacing '$fastest' with 'BLAH' and I'm still doing 
something wrong, but I don't know what.  I've been hitting Google pretty 
hard for a few days looking for some examples/pointers (which has gotten 
me this far) to no avail.

I'm looking to replace:

*default host=cvsup11.FreeBSD.org

with:

*default host=cvsup##.FreeBSD.org (where ## is the actual number, like 2 
or 14 or whatever.)

Any ideas, or pointers to let me know what I'm doing wrong?

Thanks,
Kev


From scottro at nyc.rr.com  Thu Mar 30 18:09:54 2006
From: scottro at nyc.rr.com (Scott Robbins)
Date: Thu, 30 Mar 2006 18:09:54 -0500
Subject: [nycbug-talk] sed Question
In-Reply-To: <442C6148.30308@penguinnetwerx.net>
References: <442C6148.30308@penguinnetwerx.net>
Message-ID: <20060330230954.GA33005@mail.scottro.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Mar 30, 2006 at 05:52:56PM -0500, Kevin Reiter wrote:
> All,
> 
> I know there are a few scripting gurus on this list who might be able to 
> help me out with this..
> 
> I'm trying to write a script that does the following:
> 
> 1. Runs 'fastest_cvsup -c us' to find the fastest cvsup server
> 2. Assigns the value of "server.txt" (which is the fastest server) to a 
> variable and then searches my "ports-sup" file for the existing server, 
> and replaces it with the new one.

I did it this way.


#!/bin/sh 
FASTEST=$(fastest_cvsup -q -c us) 
sudo csup -h $FASTEST /usr/share/examples/cvsup/current-supfile 



However, before that I used to do (which seems more in line with what
you're doing, although still a bit different)


fastest_cvsup -c us > fcvs.txt
tail -3 fcvs.txt | head -1 | cut -d: -f2 > host
rm fcvs.txt
FASTEST=$(cat host)
sudo csup -h $FASTEST /usr/share/examples/cvsup/current-supfile 

You could of course, modify it for ports.  Rather than replacing the
server, I'm just using -h.


Hope this is of some use, even though it's not really answering your
question.



- -- 

Scott Robbins

PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Buffy: I told you. I said end of the world. And you're like, 
'Pooh-pooh, Southern California, pooh-pooh.' 
Giles: I'm so very sorry. My contrition completely dwarfs the 
impending apocalypse. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFELGVC+lTVdes0Z9YRAtHzAKDCOM8pZVSrZuiTNJHJYNEfkEhSgwCeNC7s
8b9E2GCKCFOTicmXaolYTxc=
=yVGN
-----END PGP SIGNATURE-----


From jschauma at netmeister.org  Thu Mar 30 18:39:32 2006
From: jschauma at netmeister.org (Jan Schaumann)
Date: Thu, 30 Mar 2006 18:39:32 -0500
Subject: [nycbug-talk] sed Question
In-Reply-To: <442C6148.30308@penguinnetwerx.net>
References: <442C6148.30308@penguinnetwerx.net>
Message-ID: <20060330233932.GA21880@netmeister.org>

Kevin Reiter <tux at penguinnetwerx.net> wrote:
 
> #!/bin/sh
> 
> echo ""
> echo "Finding the fastest cvsup server."
> echo ""
> fastest_cvsup -c us | grep 1st | cut -d : -f 2 > server.txt
> sed 's/^[ \t]*//' server.txt > fast.txt
> fastest=`cat fast.txt`

You can do that without any temporary files (and one pipe less):

fastest=`fastest_cvsup -c us | awk '/1st/ {print $3;}'`
sed -e "s/host=cvsup.*FreeBSD\.org/host=$fastest/" ports-sup
      ^^^

Use regular quotes (") instead of ', otherwise the variable '$fastest'
won't be expanded.

-Jan

-- 
"You just come along with me and have a good time. The Galaxy's a
fun place. You'll need to have this fish in your ear."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20060330/bfb7317b/attachment.bin>

From pete at nomadlogic.org  Thu Mar 30 18:34:42 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Thu, 30 Mar 2006 15:34:42 -0800 (PST)
Subject: [nycbug-talk] sed Question
In-Reply-To: <20060330230954.GA33005@mail.scottro.net>
References: <442C6148.30308@penguinnetwerx.net>
	<20060330230954.GA33005@mail.scottro.net>
Message-ID: <62624.160.33.20.11.1143761682.squirrel@webmail.nomadlogic.org>


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, Mar 30, 2006 at 05:52:56PM -0500, Kevin Reiter wrote:
>> All,
>>
>> I know there are a few scripting gurus on this list who might be able to
>> help me out with this..
>>
>> I'm trying to write a script that does the following:
>>
>> 1. Runs 'fastest_cvsup -c us' to find the fastest cvsup server
>> 2. Assigns the value of "server.txt" (which is the fastest server) to a
>> variable and then searches my "ports-sup" file for the existing server,
>> and replaces it with the new one.
>
> I did it this way.
>
>
> #!/bin/sh
> FASTEST=$(fastest_cvsup -q -c us)
> sudo csup -h $FASTEST /usr/share/examples/cvsup/current-supfile
>
>
>
> However, before that I used to do (which seems more in line with what
> you're doing, although still a bit different)
>
>
> fastest_cvsup -c us > fcvs.txt
> tail -3 fcvs.txt | head -1 | cut -d: -f2 > host
> rm fcvs.txt
> FASTEST=$(cat host)
> sudo csup -h $FASTEST /usr/share/examples/cvsup/current-supfile
>
> You could of course, modify it for ports.  Rather than replacing the
> server, I'm just using -h.
>

I like that approach.  you could even do a and not need an intermediate file:
$host = `fastest_cvsup -c us | grep 1st | awk '{print $3}'`
cvsup -h $host /my/sup/file


-pete

ps-> yes i'm finally of gmail...woo hoo! ;p


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From g at bin-arts.com  Thu Mar 30 18:40:40 2006
From: g at bin-arts.com (Gordon Smith)
Date: Thu, 30 Mar 2006 18:40:40 -0500
Subject: [nycbug-talk]  sed Question
Message-ID: <0IWY00JG1SFTXIKP@mta9.srv.hcvlny.cv.net>

Kev,

Instead of attempting to put the shell variable in the midst of the sed
commandline,  you may want to build the complete commandline string within
another variable.  Concatenate the value of $fastest onto the string
representing the complete commandline.  You could then run the commandline
using either eval or exec.  Although it looks like you might want to use
eval, check out the man pages for each to see which is more appropriate to
your case.

For example, in my environment, the env var $VISUAL is set to "vi".  From
the shell prompt, If I wanted to edit the file "newfile" the hard way, I
might execute these commands:

$ commandline="$VISUAL newfile"
$ echo $commandline
vi newfile
$ eval $commandline
~
~
~
newfile: new file: line 1
(vi is displayed in all its spartan glory...)

Hope this helps - please let me know how it works for you.

Cheers,
Gordon

-----Original Message-----
From: talk-bounces at lists.nycbug.org [mailto:talk-bounces at lists.nycbug.org]
On Behalf Of Kevin Reiter
Sent: Thursday, March 30, 2006 5:53 PM
To: NYCBUG Talk
Subject: [nycbug-talk] sed Question

All,

I know there are a few scripting gurus on this list who might be able to 
help me out with this..

I'm trying to write a script that does the following:

1. Runs 'fastest_cvsup -c us' to find the fastest cvsup server
2. Assigns the value of "server.txt" (which is the fastest server) to a 
variable and then searches my "ports-sup" file for the existing server, 
and replaces it with the new one.

Sofar, everything works fine until I get to the replacement part of the 
script.

Here's the script:

#!/bin/sh

echo ""
echo "Finding the fastest cvsup server."
echo ""
fastest_cvsup -c us | grep 1st | cut -d : -f 2 > server.txt
sed 's/^[ \t]*//' server.txt > fast.txt
fastest=`cat fast.txt`
echo ""
echo "The fastest server seems to be: $fastest"
echo ""
echo ""
echo "Here we actually modify the file using sed."
echo ""
sed '2s/cvsup*.FreeBSD.org/$fastest/' ports-sup
echo ""
echo Done.
rm server.txt
rm fast.txt

I've tried replacing '$fastest' with 'BLAH' and I'm still doing 
something wrong, but I don't know what.  I've been hitting Google pretty 
hard for a few days looking for some examples/pointers (which has gotten 
me this far) to no avail.

I'm looking to replace:

*default host=cvsup11.FreeBSD.org

with:

*default host=cvsup##.FreeBSD.org (where ## is the actual number, like 2 
or 14 or whatever.)

Any ideas, or pointers to let me know what I'm doing wrong?

Thanks,
Kev
_______________________________________________
% NYC*BUG talk mailing list
http://lists.nycbug.org/mailman/listinfo/talk
%Be sure to check out our Jobs and NYCBUG-announce lists
%We meet the first Wednesday of the month



From pete at nomadlogic.org  Thu Mar 30 18:44:47 2006
From: pete at nomadlogic.org (Peter Wright)
Date: Thu, 30 Mar 2006 15:44:47 -0800 (PST)
Subject: [nycbug-talk] sed Question
In-Reply-To: <0IWY00JG1SFTXIKP@mta9.srv.hcvlny.cv.net>
References: <0IWY00JG1SFTXIKP@mta9.srv.hcvlny.cv.net>
Message-ID: <29042.160.33.20.11.1143762287.squirrel@webmail.nomadlogic.org>


> Kev,
>
> Instead of attempting to put the shell variable in the midst of the sed
> commandline,  you may want to build the complete commandline string within
> another variable.  Concatenate the value of $fastest onto the string
> representing the complete commandline.  You could then run the commandline
> using either eval or exec.  Although it looks like you might want to use
> eval, check out the man pages for each to see which is more appropriate to
> your case.
>
> For example, in my environment, the env var $VISUAL is set to "vi".  From
> the shell prompt, If I wanted to edit the file "newfile" the hard way, I
> might execute these commands:
>
> $ commandline="$VISUAL newfile"
> $ echo $commandline
> vi newfile
> $ eval $commandline
> ~
> ~
> ~
> newfile: new file: line 1
> (vi is displayed in all its spartan glory...)

interesting, but then you would not be able to have this run as an
automated process, or am i missing some vi trickery here ;)

-p


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From tux at penguinnetwerx.net  Thu Mar 30 18:45:42 2006
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Thu, 30 Mar 2006 18:45:42 -0500
Subject: [nycbug-talk] sed Question
In-Reply-To: <20060330230930.GN18647@syntax.cyth.net>
References: <442C6148.30308@penguinnetwerx.net>
	<20060330230930.GN18647@syntax.cyth.net>
Message-ID: <442C6DA6.2090504@penguinnetwerx.net>

Ray Lai wrote:
> On Thu, Mar 30, 2006 at 05:52:56PM -0500, Kevin Reiter wrote:
>> All,
>>
>> I know there are a few scripting gurus on this list who might be able to 
>> help me out with this..
>>
>> I'm trying to write a script that does the following:
>>
>> 1. Runs 'fastest_cvsup -c us' to find the fastest cvsup server
>> 2. Assigns the value of "server.txt" (which is the fastest server) to a 
>> variable and then searches my "ports-sup" file for the existing server, 
>> and replaces it with the new one.
>>
>> Sofar, everything works fine until I get to the replacement part of the 
>> script.
>>
>> Here's the script:
>>
>> #!/bin/sh
>>
>> echo ""
>> echo "Finding the fastest cvsup server."
>> echo ""
>> fastest_cvsup -c us | grep 1st | cut -d : -f 2 > server.txt
>> sed 's/^[ \t]*//' server.txt > fast.txt
>> fastest=`cat fast.txt`
>> echo ""
>> echo "The fastest server seems to be: $fastest"
>> echo ""
>> echo ""
>> echo "Here we actually modify the file using sed."
>> echo ""
>> sed '2s/cvsup*.FreeBSD.org/$fastest/' ports-sup
>> echo ""
>> echo Done.
>> rm server.txt
>> rm fast.txt
>>
>> I've tried replacing '$fastest' with 'BLAH' and I'm still doing 
>> something wrong, but I don't know what.  I've been hitting Google pretty 
>> hard for a few days looking for some examples/pointers (which has gotten 
>> me this far) to no avail.
>>
>> I'm looking to replace:
>>
>> *default host=cvsup11.FreeBSD.org
>>
>> with:
>>
>> *default host=cvsup##.FreeBSD.org (where ## is the actual number, like 2 
>> or 14 or whatever.)
>>
>> Any ideas, or pointers to let me know what I'm doing wrong?
> 
> What's the output of server.txt?

cvsup3.us.freebsd.org


From tux at penguinnetwerx.net  Thu Mar 30 19:06:32 2006
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Thu, 30 Mar 2006 19:06:32 -0500
Subject: [nycbug-talk] sed Question
In-Reply-To: <20060330233932.GA21880@netmeister.org>
References: <442C6148.30308@penguinnetwerx.net>
	<20060330233932.GA21880@netmeister.org>
Message-ID: <442C7288.2070405@penguinnetwerx.net>

Jan Schaumann wrote:
> Kevin Reiter <tux at penguinnetwerx.net> wrote:
>  
>> #!/bin/sh
>>
>> echo ""
>> echo "Finding the fastest cvsup server."
>> echo ""
>> fastest_cvsup -c us | grep 1st | cut -d : -f 2 > server.txt
>> sed 's/^[ \t]*//' server.txt > fast.txt
>> fastest=`cat fast.txt`
> 
> You can do that without any temporary files (and one pipe less):
> 
> fastest=`fastest_cvsup -c us | awk '/1st/ {print $3;}'`
> sed -e "s/host=cvsup.*FreeBSD\.org/host=$fastest/" ports-sup
>       ^^^
> 
> Use regular quotes (") instead of ', otherwise the variable '$fastest'
> won't be expanded.

Tried that, but it didn't write to the file (ports-sup):

kevin at chronos [~/scripts/practice/sed]$ ./update_ports.sh

Finding the fastest cvsup server and modifying
/root/ports-sup to use that server.

*default tag=.
*default host=cvsup3.us.freebsd.org
*default prefix=/usr
*default base=/usr/local/cvsup
*default release=cvs delete use-rel-suffix compress

ports-all


Done.  Now run cvsup ports-sup from root's directory.

kevin at chronos [~/scripts/practice/sed]$ cat fast.txt
cvsup11.us.freebsd.org
kevin at chronos [~/scripts/practice/sed]$ cat ports-sup
*default tag=.
*default host=cvsup11.FreeBSD.org
*default prefix=/usr
*default base=/usr/local/cvsup
*default release=cvs delete use-rel-suffix compress

ports-all


kevin at chronos [~/scripts/practice/sed]$

(I'm not writing to /root/ports-sup, but a copy of it in that directory)


From jschauma at netmeister.org  Thu Mar 30 19:23:33 2006
From: jschauma at netmeister.org (Jan Schaumann)
Date: Thu, 30 Mar 2006 19:23:33 -0500
Subject: [nycbug-talk] sed Question
In-Reply-To: <442C7288.2070405@penguinnetwerx.net>
References: <442C6148.30308@penguinnetwerx.net>
	<20060330233932.GA21880@netmeister.org>
	<442C7288.2070405@penguinnetwerx.net>
Message-ID: <20060331002333.GB21880@netmeister.org>

Kevin Reiter <tux at penguinnetwerx.net> wrote:
> Jan Schaumann wrote:
> > Kevin Reiter <tux at penguinnetwerx.net> wrote:
> >  
> >> #!/bin/sh
> >>
> >> echo ""
> >> echo "Finding the fastest cvsup server."
> >> echo ""
> >> fastest_cvsup -c us | grep 1st | cut -d : -f 2 > server.txt
> >> sed 's/^[ \t]*//' server.txt > fast.txt
> >> fastest=`cat fast.txt`
> > 
> > You can do that without any temporary files (and one pipe less):
> > 
> > fastest=`fastest_cvsup -c us | awk '/1st/ {print $3;}'`
> > sed -e "s/host=cvsup.*FreeBSD\.org/host=$fastest/" ports-sup
> >       ^^^
> > 
> > Use regular quotes (") instead of ', otherwise the variable '$fastest'
> > won't be expanded.
> 
> Tried that, but it didn't write to the file (ports-sup):

Oh, of course not.  If you want to change the file in place do

fastest=`fastest_cvsup -c us | awk '/1st/ {print $3;}'`
sed -e "s/host=cvsup.*FreeBSD\.org/host=$fastest/" ports-sup \
	> ports-sup.tmp && mv ports-sup.tmp ports-sup

Or generate input for and pipe it right to: ed(1).  (Left as an exercise
for the reader. :-)

-Jan

-- 
The reader is encouraged to add smileys where necessary to increase
positive perception.  Right here might be a good place:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20060330/3ac7027f/attachment.bin>

From tux at penguinnetwerx.net  Thu Mar 30 19:28:32 2006
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Thu, 30 Mar 2006 19:28:32 -0500
Subject: [nycbug-talk] sed Question
In-Reply-To: <442C7288.2070405@penguinnetwerx.net>
References: <442C6148.30308@penguinnetwerx.net>	<20060330233932.GA21880@netmeister.org>
	<442C7288.2070405@penguinnetwerx.net>
Message-ID: <442C77B0.5060108@penguinnetwerx.net>

Kevin Reiter wrote:
> Jan Schaumann wrote:
>> Kevin Reiter <tux at penguinnetwerx.net> wrote:
>>  
>>> #!/bin/sh
>>>
>>> echo ""
>>> echo "Finding the fastest cvsup server."
>>> echo ""
>>> fastest_cvsup -c us | grep 1st | cut -d : -f 2 > server.txt
>>> sed 's/^[ \t]*//' server.txt > fast.txt
>>> fastest=`cat fast.txt`
>> You can do that without any temporary files (and one pipe less):
>>
>> fastest=`fastest_cvsup -c us | awk '/1st/ {print $3;}'`
>> sed -e "s/host=cvsup.*FreeBSD\.org/host=$fastest/" ports-sup
>>       ^^^
>>
>> Use regular quotes (") instead of ', otherwise the variable '$fastest'
>> won't be expanded.
> 
> Tried that, but it didn't write to the file (ports-sup):
> 
> kevin at chronos [~/scripts/practice/sed]$ ./update_ports.sh
> 
> Finding the fastest cvsup server and modifying
> /root/ports-sup to use that server.
> 
> *default tag=.
> *default host=cvsup3.us.freebsd.org
> *default prefix=/usr
> *default base=/usr/local/cvsup
> *default release=cvs delete use-rel-suffix compress
> 
> ports-all
> 
> 
> Done.  Now run cvsup ports-sup from root's directory.
> 
> kevin at chronos [~/scripts/practice/sed]$ cat fast.txt
> cvsup11.us.freebsd.org
> kevin at chronos [~/scripts/practice/sed]$ cat ports-sup
> *default tag=.
> *default host=cvsup11.FreeBSD.org
> *default prefix=/usr
> *default base=/usr/local/cvsup
> *default release=cvs delete use-rel-suffix compress
> 
> ports-all
> 
> 
> kevin at chronos [~/scripts/practice/sed]$
> 
> (I'm not writing to /root/ports-sup, but a copy of it in that directory)

It *appears* to work, but it's not actually writing to the ports-sup 
file, even though it displays what it would write to it:

kevin at chronos [~/scripts/practice/sed]$ ./test1.sh
Checking servers...

The fastest server seems to be cvsup11.us.freebsd.org
*default tag=.
*default host=cvsup11.us.freebsd.org
*default prefix=/usr
*default base=/usr/local/cvsup
*default release=cvs delete use-rel-suffix compress

ports-all


Now, go get some coffee while the tree is updating.

kevin at chronos [~/scripts/practice/sed]$ cat ports-sup
*default tag=.
*default host=cvsup99.FreeBSD.org
*default prefix=/usr
*default base=/usr/local/cvsup
*default release=cvs delete use-rel-suffix compress

ports-all

kevin at chronos [~/scripts/practice/sed]$ ls -l ports-sup
-rw-rw-rw-  1 kevin  wheel  164 Mar 30 19:28 ports-sup

Here's what I have now:

#!/bin/sh

# Find the fastest cvsup server and use that for the ports update.

echo "Checking servers..."
echo ""
fastest=`fastest_cvsup -c us | awk '/1st/ {print $3;}'`
echo "The fastest server seems to be $fastest"
sed -e "s/host=.*/host=$fastest/" ports-sup
echo ""
echo ""
echo "Now, go get some coffee while the tree is updating."
#sudo cvsup ports-sup
echo ""

Is there a reason it isn't actually writing to the file?


From tux at penguinnetwerx.net  Thu Mar 30 20:14:43 2006
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Thu, 30 Mar 2006 20:14:43 -0500
Subject: [nycbug-talk] sed Question
In-Reply-To: <442C77B0.5060108@penguinnetwerx.net>
References: <442C6148.30308@penguinnetwerx.net>	<20060330233932.GA21880@netmeister.org>	<442C7288.2070405@penguinnetwerx.net>
	<442C77B0.5060108@penguinnetwerx.net>
Message-ID: <442C8283.5090500@penguinnetwerx.net>

*Success*

I put 3 and 3 together and came up with 7.  (OK, so I used large values 
of 3..)

Here's what I found to work:

#!/bin/sh

# Find and use the fastest cvsup server for the ports tree update.

echo "Checking servers..."
echo ""
fastest=`fastest_cvsup -c us | awk '/1st/ {print $3;}'`
echo "The fastest server seems to be $fastest"
echo ""
echo ""
echo "Now, go get some coffee while the tree is updating."
sudo cvsup -h $fastest ports-sup


Thanks everyone for your suggestions.  Now I can get back to learning 
sed and awk so I can one day be a BSD Pro :)


From tux at penguinnetwerx.net  Thu Mar 30 20:17:32 2006
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Thu, 30 Mar 2006 20:17:32 -0500
Subject: [nycbug-talk] sed Question
In-Reply-To: <20060331002333.GB21880@netmeister.org>
References: <442C6148.30308@penguinnetwerx.net>
	<20060330233932.GA21880@netmeister.org>
	<442C7288.2070405@penguinnetwerx.net>
	<20060331002333.GB21880@netmeister.org>
Message-ID: <442C832C.4070801@penguinnetwerx.net>

Jan Schaumann wrote:
> Kevin Reiter <tux at penguinnetwerx.net> wrote:
>> Jan Schaumann wrote:
>>> Kevin Reiter <tux at penguinnetwerx.net> wrote:
>>>  
>>>> #!/bin/sh
>>>>
>>>> echo ""
>>>> echo "Finding the fastest cvsup server."
>>>> echo ""
>>>> fastest_cvsup -c us | grep 1st | cut -d : -f 2 > server.txt
>>>> sed 's/^[ \t]*//' server.txt > fast.txt
>>>> fastest=`cat fast.txt`
>>> You can do that without any temporary files (and one pipe less):
>>>
>>> fastest=`fastest_cvsup -c us | awk '/1st/ {print $3;}'`
>>> sed -e "s/host=cvsup.*FreeBSD\.org/host=$fastest/" ports-sup
>>>       ^^^
>>>
>>> Use regular quotes (") instead of ', otherwise the variable '$fastest'
>>> won't be expanded.
>> Tried that, but it didn't write to the file (ports-sup):
> 
> Oh, of course not.  If you want to change the file in place do
> 
> fastest=`fastest_cvsup -c us | awk '/1st/ {print $3;}'`
> sed -e "s/host=cvsup.*FreeBSD\.org/host=$fastest/" ports-sup \
> 	> ports-sup.tmp && mv ports-sup.tmp ports-sup
> 
> Or generate input for and pipe it right to: ed(1).  (Left as an exercise
> for the reader. :-)

Oh sure.  NOW you tell me this :)

I must've had a huge brainfart to forget about that.  That's what I get 
for trying to fix a Windows machine while doing Unix scripting..

Thanks


From spork at bway.net  Fri Mar 31 15:12:20 2006
From: spork at bway.net (Charles Sprickman)
Date: Fri, 31 Mar 2006 15:12:20 -0500 (EST)
Subject: [nycbug-talk] FreeBSD Funding
Message-ID: <Pine.OSX.4.61.0603311510320.564@gee5.local>

Hi all,

I tried submitting this to BSDNews, but the "add story" page is broken, 
and I couldn't find any contact info on the site.  If any BSDNews folks 
are lurking, here's the info...

Colin's request:  http://people.freebsd.org/~cperciva/funding.html
OSNews story: http://www.osnews.com/comment.php?news_id=14177
blurb:

FreeBSD's Security officer Colin Percival seeks sponsorship. This has 
happened before with other FreeBSD contributors. "I'm hoping to raise 
$15000 Canadian (about US$13000) to pay me to work full-time on FreeBSD 
for 16 weeks over the summer. This will allow me to devote more time to my 
role as FreeBSD Security Officer, perform a complete overhaul of FreeBSD 
Update, and make some significant improvements to Portsnap.

Thanks,

Charles


From nycbug-list at 2xlp.com  Fri Mar 31 16:46:53 2006
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Fri, 31 Mar 2006 16:46:53 -0500
Subject: [nycbug-talk] FreeBSD Funding
In-Reply-To: <Pine.OSX.4.61.0603311510320.564@gee5.local>
References: <Pine.OSX.4.61.0603311510320.564@gee5.local>
Message-ID: <FB31DFA4-6F76-43D7-8912-06FE170CDF18@2xlp.com>


On Mar 31, 2006, at 3:12 PM, Charles Sprickman wrote:

> Hi all,
>
> I tried submitting this to BSDNews, but the "add story" page is  
> broken,
> and I couldn't find any contact info on the site.  If any BSDNews  
> folks
> are lurking, here's the info...
>
> Colin's request:  http://people.freebsd.org/~cperciva/funding.html

On the link, there's this:

"""

10. Are donations tax-deductible?

I'm not a tax lawyer, but my basic understanding is as follows:
I'm not a charity, so you can't claim these donations as a charitable  
donation.
Legally speaking, this is contract work, so companies can claim any  
donations they make as business expenses. I will issue invoices upon  
request.
"""

Is there not a facility within FreeBSD where people can donate to a  
specific sponsorship/whatever through a proxy non-profit so that  
donations are charitable?



From mspitzer at gmail.com  Fri Mar 31 19:09:02 2006
From: mspitzer at gmail.com (Marc Spitzer)
Date: Fri, 31 Mar 2006 19:09:02 -0500
Subject: [nycbug-talk] spam conference 2006, its on line also
Message-ID: <8c50a3c30603311609o6159eefcjd9b07109a41d7587@mail.gmail.com>

If you are interested in spam prevention, go here and watch the videos
http://spamconference.org/

marc

--
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD