From spork at bway.net Sun Oct 1 00:04:37 2006 From: spork at bway.net (Charles Sprickman) Date: Sun, 1 Oct 2006 00:04:37 -0400 (EDT) Subject: [nycbug-talk] greylisting proxies? Message-ID: Hi all, I'm currently stuck with my decision to run qmail in many places. :) I really want to give greylisting a try since I'm seeing an average of 80-85% of all mail is spam and the less cpu/disk/network I can spend processing this junk the better. So far none of the qmail implementations (all 2 of them) look very good. Has anyone had any experience with the following smtp proxies? http://assp.sourceforge.net/ http://spey.sourceforge.net/ http://www.network-theory.co.uk/articles/smtpwrap.html I'm not real crazy about any of those really either. Looks like none can deal with SSL+SMTP-AUTH. I wonder how hard it would be to stick Postfix in front of Qmail? http://www.greylisting.org/implementations/postfix.shtml Lots of nice solutions there... Any ideas or opinions on all this? Thanks, Charles From nycbug-list at 2xlp.com Sun Oct 1 02:12:04 2006 From: nycbug-list at 2xlp.com (Jonathan) Date: Sun, 1 Oct 2006 02:12:04 -0400 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: References: Message-ID: <3EE53C9A-B0F8-498F-915A-76A6541A7205@2xlp.com> On Oct 1, 2006, at 12:04 AM, Charles Sprickman wrote: > I'm currently stuck with my decision to run qmail in many places. :) HA HA > So far none of the qmail implementations (all 2 of them) look very > good. What have you looked at? Have you seen this: http://projects.puremagic.com/greylisting/links.html googling it, i found about 5. anyways.... > I'm not real crazy about any of those really either. Looks like > none can > deal with SSL+SMTP-AUTH. > > I wonder how hard it would be to stick Postfix in front of Qmail? I'm not sure about Postfix instead of qmail... but it would be very easy to stick Exim in front of qmail. Googling this, I actually found a few people talking about using Exim in front of Postfix to get greylisting done. There are about 6 greylisting implementations in Exim in various stages of stability. Some are in C, while others make use of the embedded perl/python interpreter options. Some use external DBs (well 'real' dbs like pg, which you can have several boxes connect to in a cluster ) , while others use local dbs ( bdb / dbm / etc ) I came across Exim a few years ago by chance- I knew postfix, Bob knew qmail , he said "lets both try something new". He was my boss, so we did. I love exim. Its a great app: small , fast, and as secure as the rest. It's the most (and easiest) configurable by far, and has plenty of hooks to run c filters, pipe to scripts/daemons , and the option to embed perl/python. It's also ridiculously well maintained, and I can't remember when there was a critical security issue or bug. The main disadvantage to running exim is that it is designed for immediate delivery, not queued mail -- but since you'd be using it as a proxy, you should never run into that. From quigon at hacktek.com Sun Oct 1 12:38:00 2006 From: quigon at hacktek.com (QuiGon) Date: Sun, 01 Oct 2006 12:38:00 -0400 Subject: [nycbug-talk] [Re: greylisting proxies?] Message-ID: <451FEEE8.30005@hacktek.com> Charles Sprickman wrote: > Hi all, > > I'm currently stuck with my decision to run qmail in many places. :) > > I really want to give greylisting a try since I'm seeing an average of > 80-85% of all mail is spam and the less cpu/disk/network I can spend > processing this junk the better. > > So far none of the qmail implementations (all 2 of them) look very good. > > Has anyone had any experience with the following smtp proxies? > > http://assp.sourceforge.net/ > http://spey.sourceforge.net/ > http://www.network-theory.co.uk/articles/smtpwrap.html > > I'm not real crazy about any of those really either. Looks like none can > deal with SSL+SMTP-AUTH. > > I wonder how hard it would be to stick Postfix in front of Qmail? > > http://www.greylisting.org/implementations/postfix.shtml > > Lots of nice solutions there... > > Any ideas or opinions on all this? > > Thanks, > > Charles I've played with ASSP on two different domains and really didn't like it. The users on my company's network just HAVE to have vacation messages when they are out of town, so as soon as the vacation message would auto reply to spam, the spam would get whitelisted. Lots of false positives, too. I switched to Spamassassin and Clamassassin (as procmail filters) haven't looked back. One of the machines I run it on (the one I'm sending this mail through) is an AMD K6-2 500/512MB that also runs LAMP with no issues (no booing here, but it's Slackware, because I've yet to be able to get *BSD running on a Cobalt RaQ series machine). --Gene From okan at demirmen.com Sun Oct 1 12:48:39 2006 From: okan at demirmen.com (Okan Demirmen) Date: Sun, 1 Oct 2006 12:48:39 -0400 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: References: Message-ID: <20061001164839.GQ24150@clam.khaoz.org> On Sun 2006.10.01 at 00:04 -0400, Charles Sprickman wrote: > Hi all, > > I'm currently stuck with my decision to run qmail in many places. :) > > I really want to give greylisting a try since I'm seeing an average of > 80-85% of all mail is spam and the less cpu/disk/network I can spend > processing this junk the better. > > So far none of the qmail implementations (all 2 of them) look very good. [snip] > Any ideas or opinions on all this? you can run spamd(8) in front of any mta; either on the same box or in front. From george at galis.org Sun Oct 1 14:00:34 2006 From: george at galis.org (George Georgalis) Date: Sun, 1 Oct 2006 14:00:34 -0400 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061001164839.GQ24150@clam.khaoz.org> References: <20061001164839.GQ24150@clam.khaoz.org> Message-ID: <20061001180034.GC7339@run.galis.org> On Sun, Oct 01, 2006 at 12:48:39PM -0400, Okan Demirmen wrote: >On Sun 2006.10.01 at 00:04 -0400, Charles Sprickman wrote: >> Hi all, >> >> I'm currently stuck with my decision to run qmail in many places. :) >> >> I really want to give greylisting a try since I'm seeing an average of >> 80-85% of all mail is spam and the less cpu/disk/network I can spend >> processing this junk the better. and greylisting purges 97% of of them, with low (0?) false positives. >you can run spamd(8) in front of any mta; either on the same box or in >front. also known as pfspamd, so as not to confuse with spamassassin's spamd. // George -- George Georgalis, systems architect, administrator < From nycbug at cyth.net Sun Oct 1 14:26:52 2006 From: nycbug at cyth.net (Ray Lai) Date: Sun, 1 Oct 2006 14:25:52 -0401 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061001180034.GC7339@run.galis.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> Message-ID: <20061001182615.GC8070@cybertron.cyth.net> On Sun, Oct 01, 2006 at 02:00:34PM -0400, George Georgalis wrote: > On Sun, Oct 01, 2006 at 12:48:39PM -0400, Okan Demirmen wrote: > >On Sun 2006.10.01 at 00:04 -0400, Charles Sprickman wrote: > >> Hi all, > >> > >> I'm currently stuck with my decision to run qmail in many places. :) > >> > >> I really want to give greylisting a try since I'm seeing an average of > >> 80-85% of all mail is spam and the less cpu/disk/network I can spend > >> processing this junk the better. > > and greylisting purges 97% of of them, with low (0?) false positives. Well, no. There are some badly configured MTAs that either use pools (Google) or give up after one try. -Ray- From george at galis.org Sun Oct 1 14:49:13 2006 From: george at galis.org (George Georgalis) Date: Sun, 1 Oct 2006 14:49:13 -0400 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061001182615.GC8070@cybertron.cyth.net> References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> <20061001182615.GC8070@cybertron.cyth.net> Message-ID: <20061001184913.GE7339@run.galis.org> On Sun, Oct 01, 2006 at 02:25:52PM -0401, Ray Lai wrote: >On Sun, Oct 01, 2006 at 02:00:34PM -0400, George Georgalis wrote: >> On Sun, Oct 01, 2006 at 12:48:39PM -0400, Okan Demirmen wrote: >> >On Sun 2006.10.01 at 00:04 -0400, Charles Sprickman wrote: >> >> Hi all, >> >> >> >> I'm currently stuck with my decision to run qmail in many places. :) >> >> >> >> I really want to give greylisting a try since I'm seeing an average of >> >> 80-85% of all mail is spam and the less cpu/disk/network I can spend >> >> processing this junk the better. >> >> and greylisting purges 97% of of them, with low (0?) false positives. > >Well, no. There are some badly configured MTAs that either use >pools (Google) or give up after one try. It suprises me how bad google does mail.... I just accept everything from their subnets, 'cause their headers are so broke I get false positives with spamassassin, never noticed a 'pool' problem. Don't get spam from them though... What MTA fails on one try? the worse mta is verizon -- hard to deliver to. // George -- George Georgalis, systems architect, administrator < From nycbug-list at 2xlp.com Sun Oct 1 15:08:30 2006 From: nycbug-list at 2xlp.com (Jonathan) Date: Sun, 1 Oct 2006 15:08:30 -0400 Subject: [nycbug-talk] [Re: greylisting proxies?] In-Reply-To: <451FEEE8.30005@hacktek.com> References: <451FEEE8.30005@hacktek.com> Message-ID: On Oct 1, 2006, at 12:38 PM, QuiGon wrote: > I switched to Spamassassin and Clamassassin (as procmail filters) > haven't looked back. One of the machines I run it on (the one I'm > sending this mail through) is an AMD K6-2 500/512MB that also runs > LAMP > with no issues (no booing here, but it's Slackware, because I've > yet to > be able to get *BSD running on a Cobalt RaQ series machine). On Oct 1, 2006, at 12:48 PM, Okan Demirmen wrote: > you can run spamd(8) in front of any mta; either on the same box or in > front. spamd and clamd are both memory and cpu intensive. if you decide to run them, make sure to do preliminary filtering beforehand: 1. use some sort of verified sender policy like spf. it'll cut down about 20% of your spam. its safe to use (no false positives) because it only works with domains that have opted into the system. 2. block obviously malicious attachments. you can't do zip/exe in most corporate settings, but there are a ton that viruses send out ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:inf:ins:isp:js:jse:lnk:m db:mde:msc:msi:msp:mst:pcd:pif:reg:scr :sct:shs:shb:url:vb:vbe:vbs:wsc:wsf:wsh:ADE:ADP:BAS:BAT:CHM:CMD:COM:CPL: CRT:EXE:HLP:HTA:INF:INS:ISP:JS:JSE:LNK:MDB:MDE:MSC:MSI:MSP:MST:PCD:PIF:R EG:SCR:SCT:SHS:SHB:URL:VB:VBE:VBS:WSC:WSF:WSH 3. use some sort of regex hook / facility that can deal with virus signatures within the MTA itself at receipt time. in exim you can do a simple PCRE pattern match. during peak virus days this is a godsend-- i remember one of the sobig variants killing almost every mailsystem a few years back. mine was going strong though, because a quick low-cost regex during rcpt rejected 98% of incoming mail within the MTA itself, before anything hit disk. 4. tweak your system to only allow 2-4 failed addresses per connection. that drastically limits the number of attempts by most spam boxes. also set your system to do a geometically increasing temporary reject based on the number of failed recipients per ip. ie: fail 1x in 1 hr, get a 1minute temp. reject. fail 2x in 1 hr, get a 2 minute temp reject , fail 3x in hr get a 4min... etc. i forget what that method is called, but most MTAs support it built- in... greylisitng was really just an offshoot of that approach. 5. i've had luck with the razor network as a pre-filter to spamassassin. 6. when you run spamd, make sure you set at least 3 score limits: accept , accept-to-spamfolder , reject. I've seen tons of people only use 2 levels, which either makes the spam-probable inbox completely unusable-- or rejects far too many false positives. 7. bayesian filtering in spamassasin kind of sucks. its not very good, its a fucking pain in the ass to set up per-user classifiers, and you can not use a global classifier. i tried and found it worthless as two people on the system I had set up ended up having a rather large internet porn addiction, another was really into mindless stock tips, a fourth had a habit of sending poorly spelled emails in ALLCAPS full of racial epithets and filthier than dirty sex jokes ( often both at once ) , and 3 more had friends in asia that kept sending foreign character set encoded messages . i've heard mixed things on bogofilter , spambayes, and spamprobe. CRM114 and dspam are awesome, but can be a pain for setup ( they're probably the two smartest approaches to filtering and ardent supporters of each other's product ) From okan at demirmen.com Sun Oct 1 15:13:06 2006 From: okan at demirmen.com (Okan Demirmen) Date: Sun, 1 Oct 2006 15:13:06 -0400 Subject: [nycbug-talk] [Re: greylisting proxies?] In-Reply-To: References: <451FEEE8.30005@hacktek.com> Message-ID: <20061001191306.GS24150@clam.khaoz.org> On Sun 2006.10.01 at 15:08 -0400, Jonathan wrote: > > On Oct 1, 2006, at 12:38 PM, QuiGon wrote: > > > I switched to Spamassassin and Clamassassin (as procmail filters) > > haven't looked back. One of the machines I run it on (the one I'm > > sending this mail through) is an AMD K6-2 500/512MB that also runs > > LAMP > > with no issues (no booing here, but it's Slackware, because I've > > yet to > > be able to get *BSD running on a Cobalt RaQ series machine). > > > On Oct 1, 2006, at 12:48 PM, Okan Demirmen wrote: > > > you can run spamd(8) in front of any mta; either on the same box or in > > front. > > spamd and clamd are both memory and cpu intensive. no. i am not talking about spamassassin's spamd. i am talking about openbsd's spamd(8) integration with pf(4). From nycbug-list at 2xlp.com Sun Oct 1 15:46:20 2006 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Sun, 1 Oct 2006 15:46:20 -0400 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061001184913.GE7339@run.galis.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> <20061001182615.GC8070@cybertron.cyth.net> <20061001184913.GE7339@run.galis.org> Message-ID: <92AB0A40-CE90-4A12-89DC-958642CAA1AE@2xlp.com> On Oct 1, 2006, at 2:49 PM, George Georgalis wrote: > What MTA fails on one try? > > the worse mta is verizon -- hard to deliver to. in my experience: verizon's ( at least occasionally ) 90% of microsoft mta installs ( actually has nothing to do with the software, but braindead corporate it staff with a certificate from some technical school they once saw an informercial for ) the biggest issue with verizon in my experience is that they don't do rfc 1413 right. you can usually save yourself a ton of hassle by using a dumbed down ruleset for the verizon mta ip blocks. they also do address verification on incoming mail - which isn't a bad thing. some mta's don't handle that right , and some users will do made up aliases or spoof their own address through a different mta ( ie: user at email.com sends a message through user at altemail.com with the same from ), which can bump up your blacklist rating for the server mail was sent through. // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From okan at demirmen.com Sun Oct 1 15:53:07 2006 From: okan at demirmen.com (Okan Demirmen) Date: Sun, 1 Oct 2006 15:53:07 -0400 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061001184913.GE7339@run.galis.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> <20061001182615.GC8070@cybertron.cyth.net> <20061001184913.GE7339@run.galis.org> Message-ID: <20061001195307.GV24150@clam.khaoz.org> On Sun 2006.10.01 at 14:49 -0400, George Georgalis wrote: > On Sun, Oct 01, 2006 at 02:25:52PM -0401, Ray Lai wrote: > >On Sun, Oct 01, 2006 at 02:00:34PM -0400, George Georgalis wrote: > >> On Sun, Oct 01, 2006 at 12:48:39PM -0400, Okan Demirmen wrote: > >> >On Sun 2006.10.01 at 00:04 -0400, Charles Sprickman wrote: > >> >> Hi all, > >> >> > >> >> I'm currently stuck with my decision to run qmail in many places. :) > >> >> > >> >> I really want to give greylisting a try since I'm seeing an average of > >> >> 80-85% of all mail is spam and the less cpu/disk/network I can spend > >> >> processing this junk the better. > >> > >> and greylisting purges 97% of of them, with low (0?) false positives. > > > >Well, no. There are some badly configured MTAs that either use > >pools (Google) or give up after one try. > > It suprises me how bad google does mail.... I just accept > everything from their subnets, 'cause their headers are so broke > I get false positives with spamassassin, never noticed a 'pool' > problem. Don't get spam from them though... > > What MTA fails on one try? i use this as a starting point: http://greylisting.org/whitelisting.shtml From trish at bsdunix.net Sun Oct 1 17:28:54 2006 From: trish at bsdunix.net (=?UTF-8?B?VHJpc2ggTHluY2g=?=) Date: Sun, 1 Oct 2006 21:28:54 +0000 Subject: [nycbug-talk] [Re: greylisting proxies?] In-Reply-To: References: <451FEEE8.30005@hacktek.com> Message-ID: <449357485-1159738145-cardhu_blackberry.rim.net-1870361285-@bxe020-cell01.bisx.prod.on.blackberry> Actually I find DK and DKIM to be much better as a scheme for authenticated senders than SPF, which in my opinion is a HUGE hack. As far as #s 2 and 3, I use MailScanner for that... It does a pretty good job, but its still not pre-filtering, probably the best way to do it is with a sendmail ruleset that just simply will deny attachments with those "extentions". I have one written here as a .mc insertion for when I'm actually near a computer and not my blackberry. ((As I'm not feeling well, sending this from bed/blackberry, hence the horrid quoting as well) I usually have big machines with lots of firepower doing these kind of proxy-filter connections in front of the real delivery MTA, and I'm not worried about mailscanner, spamassassin, and clamav taking massive resources. -Trish -- Trish Lynch M: 646-401-1405 H: 201-378-0434 -----Original Message----- From: Jonathan Date: Sun, 1 Oct 2006 15:08:30 To:NYCBUG Talk Subject: Re: [nycbug-talk] [Re: greylisting proxies?] On Oct 1, 2006, at 12:38 PM, QuiGon wrote: > I switched to Spamassassin and Clamassassin (as procmail filters) > haven't looked back. One of the machines I run it on (the one I'm > sending this mail through) is an AMD K6-2 500/512MB that also runs > LAMP > with no issues (no booing here, but it's Slackware, because I've > yet to > be able to get *BSD running on a Cobalt RaQ series machine). On Oct 1, 2006, at 12:48 PM, Okan Demirmen wrote: > you can run spamd(8) in front of any mta; either on the same box or in > front. spamd and clamd are both memory and cpu intensive. if you decide to run them, make sure to do preliminary filtering beforehand: 1. use some sort of verified sender policy like spf. it'll cut down about 20% of your spam. its safe to use (no false positives) because it only works with domains that have opted into the system. 2. block obviously malicious attachments. you can't do zip/exe in most corporate settings, but there are a ton that viruses send out ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:inf:ins:isp:js:jse:lnk:m db:mde:msc:msi:msp:mst:pcd:pif:reg:scr :sct:shs:shb:url:vb:vbe:vbs:wsc:wsf:wsh:ADE:ADP:BAS:BAT:CHM:CMD:COM:CPL: CRT:EXE:HLP:HTA:INF:INS:ISP:JS:JSE:LNK:MDB:MDE:MSC:MSI:MSP:MST:PCD:PIF:R EG:SCR:SCT:SHS:SHB:URL:VB:VBE:VBS:WSC:WSF:WSH 3. use some sort of regex hook / facility that can deal with virus signatures within the MTA itself at receipt time. in exim you can do a simple PCRE pattern match. during peak virus days this is a godsend-- i remember one of the sobig variants killing almost every mailsystem a few years back. mine was going strong though, because a quick low-cost regex during rcpt rejected 98% of incoming mail within the MTA itself, before anything hit disk. 4. tweak your system to only allow 2-4 failed addresses per connection. that drastically limits the number of attempts by most spam boxes. also set your system to do a geometically increasing temporary reject based on the number of failed recipients per ip. ie: fail 1x in 1 hr, get a 1minute temp. reject. fail 2x in 1 hr, get a 2 minute temp reject , fail 3x in hr get a 4min... etc. i forget what that method is called, but most MTAs support it built- in... greylisitng was really just an offshoot of that approach. 5. i've had luck with the razor network as a pre-filter to spamassassin. 6. when you run spamd, make sure you set at least 3 score limits: accept , accept-to-spamfolder , reject. I've seen tons of people only use 2 levels, which either makes the spam-probable inbox completely unusable-- or rejects far too many false positives. 7. bayesian filtering in spamassasin kind of sucks. its not very good, its a fucking pain in the ass to set up per-user classifiers, and you can not use a global classifier. i tried and found it worthless as two people on the system I had set up ended up having a rather large internet porn addiction, another was really into mindless stock tips, a fourth had a habit of sending poorly spelled emails in ALLCAPS full of racial epithets and filthier than dirty sex jokes ( often both at once ) , and 3 more had friends in asia that kept sending foreign character set encoded messages . i've heard mixed things on bogofilter , spambayes, and spamprobe. CRM114 and dspam are awesome, but can be a pain for setup ( they're probably the two smartest approaches to filtering and ardent supporters of each other's product ) _______________________________________________ % NYC*BUG talk mailing list http://lists.nycbug.org/mailman/listinfo/talk %Be sure to check out our Jobs and NYCBUG-announce lists %We meet the first Wednesday of the month From spork at bway.net Sun Oct 1 21:26:31 2006 From: spork at bway.net (Charles Sprickman) Date: Sun, 1 Oct 2006 21:26:31 -0400 (EDT) Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <3EE53C9A-B0F8-498F-915A-76A6541A7205@2xlp.com> References: <3EE53C9A-B0F8-498F-915A-76A6541A7205@2xlp.com> Message-ID: On Sun, 1 Oct 2006, Jonathan wrote: > On Oct 1, 2006, at 12:04 AM, Charles Sprickman wrote: > >> I'm currently stuck with my decision to run qmail in many places. :) > HA HA > >> So far none of the qmail implementations (all 2 of them) look very >> good. > What have you looked at? > > Have you seen this: > http://projects.puremagic.com/greylisting/links.html > > googling it, i found about 5. Oops. I was looking at another list that claimed to be "authoritative" and all it had were some nasty perl implementations. This one look promising. It doesn't do the triplet thing, but it is simple and his example shows that it works with qmail+vpopmail, which is a requirement for me. It also does not entail patching qmail: http://oss.albawaba.com/cqgreylist.html This one might be promising as well: http://qgreylist-pgsql.sourceforge.net/ I am looking at moving vpopmail to using pgsql for the backend instead of mysql because mysql keeps biting me in the ass on FreeBSD. Thanks for pointing me to the puremagic site, not sure how I missed it. I'm going to start fiddling with cqgreylist on my personal mailserver this week. > anyways.... > >> I'm not real crazy about any of those really either. Looks like >> none can >> deal with SSL+SMTP-AUTH. >> >> I wonder how hard it would be to stick Postfix in front of Qmail? > > I'm not sure about Postfix instead of qmail... but it would be very > easy to stick Exim in front of qmail. Googling this, I actually > found a few people talking about using Exim in front of Postfix to > get greylisting done. Interesting, but my mind is too full of other junk ("jack of all trades, master of none"). I have trouble right now going back and forth between mysql and pgsql. :) Thanks for the input, it's very much appreciated. Charles > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From spork at bway.net Sun Oct 1 21:30:56 2006 From: spork at bway.net (Charles Sprickman) Date: Sun, 1 Oct 2006 21:30:56 -0400 (EDT) Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061001164839.GQ24150@clam.khaoz.org> References: <20061001164839.GQ24150@clam.khaoz.org> Message-ID: On Sun, 1 Oct 2006, Okan Demirmen wrote: > [snip] > >> Any ideas or opinions on all this? > > you can run spamd(8) in front of any mta; either on the same box or in > front. That was actually my first thought, but all the boxes I'm dealing with are FreeBSD 4.x, so no pf+spamd is available. I run a backup mxer at home however and it's behind a pfsense box, so I may try spamd there since it's available as a pfsense "package". Thanks, Charles > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From nycbug-list at 2xlp.com Mon Oct 2 00:08:15 2006 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Mon, 2 Oct 2006 00:08:15 -0400 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: References: <3EE53C9A-B0F8-498F-915A-76A6541A7205@2xlp.com> Message-ID: <12521A55-405D-4148-9436-A2FB9EA432FC@2xlp.com> On Oct 1, 2006, at 9:26 PM, Charles Sprickman wrote: > I am looking at moving vpopmail to using pgsql for the backend > instead of mysql because mysql keeps biting me in the ass on FreeBSD. mysql will bite you in the ass on anything. its a f(*&#(*$& awful program. use pgsql and don't look back. > Thanks for pointing me to the puremagic site, not sure how I missed > it. I'm going to start fiddling with cqgreylist on my personal > mailserver this week. good luck! please post the results. if you ever want to screw around with exim, i have a half-done howto here: http://dev.2xlp.com/trac/wiki/FreeBsdMailSolution if you end up doing any sort of proxying, i'd suggest looking at dbmail.org -- you wouldn't want to use dbmail, but they've got some great ideas on how to proxy an MTA in front of another for local handoff. From max at neuropunks.org Mon Oct 2 02:34:27 2006 From: max at neuropunks.org (Max Gribov) Date: Mon, 02 Oct 2006 02:34:27 -0400 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: References: Message-ID: <4520B2F3.80200@neuropunks.org> Charles Sprickman wrote: > >I wonder how hard it would be to stick Postfix in front of Qmail? > >http://www.greylisting.org/implementations/postfix.shtml > > > Very easy actually (minus the setting up of the whole new email server part...) You would have to switch the primary mx for the domain naturally, or move front postfix to the ip of the current primary mx. Put this into your main.cf transport_maps = hash:/usr/local/etc/postfix/transport Then, you would have to simply edit: /usr/local/etc/postfix/transport and put something like this in there: domain.com :[ip.of.the.qmail] Run postmap /usr/local/etc/postfix/transport, and you're done. I do this for a couple of exchange machines, with postfix doing antispam/antivirus, and provided the server you are forwarding filtered mail to will accept emails from it, it will work fine. I suppose you can also do all of this on the same host, and set the next hop ip of 127.0.0.1:1025 or wherever qmail is.. From pete at nomadlogic.org Mon Oct 2 12:34:11 2006 From: pete at nomadlogic.org (Pete Wright) Date: Mon, 2 Oct 2006 12:34:11 -0400 Subject: [nycbug-talk] File Backed Disks- Speed Issues In-Reply-To: References: <7891BCF3-6F9E-4B60-8DE3-7C7001DFE48C@lesmuug.org> <20060928200827.GP24150@clam.khaoz.org> <5992C067-73B9-44E9-AB5C-8CA133BCF41D@lesmuug.org> Message-ID: <20061002163407.GA19505@sunset.nomadlogic.org> On Thu, Sep 28, 2006 at 11:30:25PM -0400, David Lawson wrote: > > > > Well, erm- I've found the sata systems to be every bit as snappy at > > this scale- (4 drives per 1u box). > > There shouldn't be much of a noticeable difference, honestly. SATA > bandwidth is 300Mb/s, SCSI is 320Mb/s. I'm inclined to think that > any observed difference in performance would be due to controller > scaling issues or something similar, rather than the actual > throughput on the devices. This changes when you compare SATA and > SAS (Serial Attached SCSI), where there's an order of magnitude > bandwidth difference between the two. I just noticed that Dell has > started selling SAS drives and there appear to be quite a few hitting > the market lately, I've got a pretty large server order in for boxes > with them, so we'll see how they do. > It's not the throughput of the SATA bus that is a limiting factor (atleast with sizeable datasets with streaming I/O patterns...i.e. playing back high rez video in realtime) it's the speed at with SATA drives spin at that can become the bottle neck. For a NAS's and other things you also have to look out for the latency read/write times on SATA disks, which to be honest I have not looked at closely in a while. We have actually done some hardware/partioning hacks to get SATA drives to throughput data close to SCSI speeds...but there are definatly caveat's when going this route. for general purpose serving I think SATA stuff is OK for most uses, although for "enterprise" storage I would not trust it beyond tier-2/desktop purposes. -p -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From scottro at nyc.rr.com Mon Oct 2 15:25:30 2006 From: scottro at nyc.rr.com (Scott Robbins) Date: Mon, 2 Oct 2006 15:25:30 -0400 Subject: [nycbug-talk] win4bsd Message-ID: <20061002192530.GA86020@mail.scottro.net> Dru's mentioned this on her blog, but I don't think she's tried it out yet. There's now a BSD equivalent of Win4Linux called Win4BSD. At present, it only works on FreeBSD and PCBSD, but it's basically an emulator built on qemu. However, it is, at least in my experience, running far better than the port of qemu and kqemu. At present, the price is $50.00, going up to $70 after October. For my needs, at least, (running a Nortel VPN client, FM Pro8 and having a copy of Office to test various things) it's working perfectly. http://win4bsd.com I hope they succeed--it's nice when they aim commercial ventures at the BSDs. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Xander: I'm not worried. If there's something bad out there, we'll find, you'll slay, we'll party. From max at neuropunks.org Mon Oct 2 16:53:18 2006 From: max at neuropunks.org (max) Date: Mon, 2 Oct 2006 15:53:18 -0500 Subject: [nycbug-talk] zenoss monitoring soft Message-ID: <20061002205318.GA78507@finn.neuropunks.org> Hello, Just saw this on osnews: www.zenoss.com - enterprise level open source network/host/equipment monitoring software. Looks really cool.. Prettier than nagios anyway : ) Anyone ever used this? Funny part, theres a jobs section on their site, and they seem like they are prepared to pay alot of money to coders.. Not sure how I feel about that, they are saying up to 100k/yr for 3 different positions.. Almost sounds like the ultimate wet dream - making serious bucks off open source software : P From dave at donnerjack.com Mon Oct 2 17:04:03 2006 From: dave at donnerjack.com (David Lawson) Date: Mon, 2 Oct 2006 17:04:03 -0400 Subject: [nycbug-talk] zenoss monitoring soft In-Reply-To: <20061002205318.GA78507@finn.neuropunks.org> References: <20061002205318.GA78507@finn.neuropunks.org> Message-ID: <59CC9A38-0147-417F-97B2-ABC5A77CC0D3@donnerjack.com> We've tested ZenOSS for a while, hoping to be able to replace Nagios with something that's prettier, a bit more featureful, and written in Python (I think ZenOSS is a Zope app, but I don't remember offhand), but, unfortunately, the conclusion we came to was that it's far too immature to consider in any kind of real production role. Last time I looked, a few months ago, the installation process involved a CVS checkout and took me most of an afternoon to beat all the pieces into building, and most of the traffic on the list is installation/setup problems, probably because very few people are using it heavily enough to be uncovering other issues. I think it's a really cool project, but I've got it on my "Check back in a year" list at the moment. --Dave On Oct 2, 2006, at 4:53 PM, max wrote: > Hello, > Just saw this on osnews: www.zenoss.com - enterprise level open > source network/host/equipment monitoring software. > Looks really cool.. Prettier than nagios anyway : ) > Anyone ever used this? > > > Funny part, theres a jobs section on their site, and they seem like > they are prepared to pay alot of money to coders.. Not sure how I > feel about that, they are saying up to 100k/yr for 3 different > positions.. Almost sounds like the ultimate wet dream - making > serious bucks off open source software : P > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From mspitzer at gmail.com Mon Oct 2 22:50:18 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Mon, 2 Oct 2006 22:50:18 -0400 Subject: [nycbug-talk] zenoss monitoring soft In-Reply-To: <59CC9A38-0147-417F-97B2-ABC5A77CC0D3@donnerjack.com> References: <20061002205318.GA78507@finn.neuropunks.org> <59CC9A38-0147-417F-97B2-ABC5A77CC0D3@donnerjack.com> Message-ID: <8c50a3c30610021950l77258354yceb28cf7978d9801@mail.gmail.com> I am looking at this for work, http://moodss.sourceforge.net/, it speaks the nagios probe protocol so you can use all nagios host monitoring scripts. It has been around for about 8-10 years. marc On 10/2/06, David Lawson wrote: > We've tested ZenOSS for a while, hoping to be able to replace Nagios > with something that's prettier, a bit more featureful, and written in > Python (I think ZenOSS is a Zope app, but I don't remember offhand), > but, unfortunately, the conclusion we came to was that it's far too > immature to consider in any kind of real production role. Last time > I looked, a few months ago, the installation process involved a CVS > checkout and took me most of an afternoon to beat all the pieces into > building, and most of the traffic on the list is installation/setup > problems, probably because very few people are using it heavily > enough to be uncovering other issues. I think it's a really cool > project, but I've got it on my "Check back in a year" list at the > moment. > > --Dave > On Oct 2, 2006, at 4:53 PM, max wrote: > > > Hello, > > Just saw this on osnews: www.zenoss.com - enterprise level open > > source network/host/equipment monitoring software. > > Looks really cool.. Prettier than nagios anyway : ) > > Anyone ever used this? > > > > > > Funny part, theres a jobs section on their site, and they seem like > > they are prepared to pay alot of money to coders.. Not sure how I > > feel about that, they are saying up to 100k/yr for 3 different > > positions.. Almost sounds like the ultimate wet dream - making > > serious bucks off open source software : P > > > > _______________________________________________ > > % NYC*BUG talk mailing list > > http://lists.nycbug.org/mailman/listinfo/talk > > %Be sure to check out our Jobs and NYCBUG-announce lists > > %We meet the first Wednesday of the month > > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From trish at bsdunix.net Wed Oct 4 16:19:28 2006 From: trish at bsdunix.net (=?UTF-8?B?VHJpc2ggTHluY2g=?=) Date: Wed, 4 Oct 2006 20:19:28 +0000 Subject: [nycbug-talk] At Suspenders already..... Message-ID: <1978599636-1159993182-cardhu_blackberry.rim.net-986013794-@bxe026-cell01.bisx.prod.on.blackberry> I'm here already having something to eat with Shana before she picks up my son and the meeting begins at 6:30 I'm in the outdoor cafe on Thames Street if anyone comes early. Shana isn't here yet and both of us don't mind company :) -Trish -- Trish Lynch From lists at stringsutils.com Fri Oct 6 11:45:35 2006 From: lists at stringsutils.com (Francisco Reyes) Date: Fri, 06 Oct 2006 11:45:35 -0400 Subject: [nycbug-talk] greylisting proxies? References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> Message-ID: George Georgalis writes: > and greylisting purges 97% of of them, with low (0?) false positives. Only problem, I know of, with Greylisting is that some (non spammer) companies use special delivery programs. In particular I have seen American Express uses such a system. They will take the initial error as permanent.. This however is the exeption and some greylisting implementations have a list of known companies that have this problem. I am using sqlgrey and they have a list of IPs from companies that their systems will take the temporary failure as permanent and not retry. They also update the list and you can get the latest list from them. From lists at stringsutils.com Fri Oct 6 11:50:24 2006 From: lists at stringsutils.com (Francisco Reyes) Date: Fri, 06 Oct 2006 11:50:24 -0400 Subject: [nycbug-talk] win4bsd References: <20061002192530.GA86020@mail.scottro.net> Message-ID: Scott Robbins writes: > http://win4bsd.com Got it 2 days ago. So far it is working great! I don't do much on windows (real or emulated), but the little I have tried in win4bsd has worked very well. From trish at bsdunix.net Fri Oct 6 13:42:36 2006 From: trish at bsdunix.net (=?UTF-8?B?VHJpc2ggTHluY2g=?=) Date: Fri, 6 Oct 2006 17:42:36 +0000 Subject: [nycbug-talk] win4bsd In-Reply-To: References: <20061002192530.GA86020@mail.scottro.net> Message-ID: <1627391610-1160156570-cardhu_blackberry.rim.net-864764783-@bxe041-cell01.bisx.prod.on.blackberry> Now, the question is, will it run City of Villains? If so, I am so switching my desktops back to FreeBSD :) - Trish -- Trish Lynch M: 646-401-1405 H: 201-378-0434 -----Original Message----- From: Francisco Reyes Date: Fri, 06 Oct 2006 11:50:24 To:Scott Robbins Cc:talk at lists.nycbug.org Subject: Re: [nycbug-talk] win4bsd Scott Robbins writes: > http://win4bsd.com Got it 2 days ago. So far it is working great! I don't do much on windows (real or emulated), but the little I have tried in win4bsd has worked very well. _______________________________________________ % NYC*BUG talk mailing list http://lists.nycbug.org/mailman/listinfo/talk %Be sure to check out our Jobs and NYCBUG-announce lists %We meet the first Wednesday of the month From pete at nomadlogic.org Fri Oct 6 15:34:26 2006 From: pete at nomadlogic.org (Peter Wright) Date: Fri, 6 Oct 2006 12:34:26 -0700 (PDT) Subject: [nycbug-talk] freebsd.nycbug.org Message-ID: <57698.160.33.20.11.1160163266.squirrel@webmail.nomadlogic.org> hi all, just asking for some feedback on the freebsd mirror we are hosting at NYI. the system seems to be pretty stable on my end, and client cvsup's are quick as well (although all my boxes are colo'd a nyi - so that data point is pretty much invalid). as an aside, if anyone would like to try to do a ftp install using freebsd.nycbug.org as your source host that would be execellent. i am unable to test this out at work for various reasons...and i just don't have enough time when i'm home either. anyway, let me know what you all think. hopefully this host will be usefull for nycbug members when 6.2-RELEASE goes out shortly. -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From george at sddi.net Fri Oct 6 23:57:31 2006 From: george at sddi.net (George R.) Date: Fri, 06 Oct 2006 23:57:31 -0400 Subject: [nycbug-talk] freebsd.nycbug.org In-Reply-To: <57698.160.33.20.11.1160163266.squirrel@webmail.nomadlogic.org> References: <57698.160.33.20.11.1160163266.squirrel@webmail.nomadlogic.org> Message-ID: <452725AB.6090307@sddi.net> Peter Wright wrote: > hi all, just asking for some feedback on the freebsd mirror we are hosting > at NYI. the system seems to be pretty stable on my end, and client > cvsup's are quick as well (although all my boxes are colo'd a nyi - so > that data point is pretty much invalid). > > as an aside, if anyone would like to try to do a ftp install using > freebsd.nycbug.org as your source host that would be execellent. i am > unable to test this out at work for various reasons...and i just don't > have enough time when i'm home either. > > anyway, let me know what you all think. hopefully this host will be > usefull for nycbug members when 6.2-RELEASE goes out shortly. it's been fine for me for a few (nonproduction) installs and some cvsup'g for src and ports. . . not sync'd to a tee, but fine. i say let's go. who does the press release? g From pete at nomadlogic.org Sat Oct 7 10:47:23 2006 From: pete at nomadlogic.org (Pete Wright) Date: Sat, 7 Oct 2006 10:47:23 -0400 Subject: [nycbug-talk] freebsd.nycbug.org In-Reply-To: <452725AB.6090307@sddi.net> References: <57698.160.33.20.11.1160163266.squirrel@webmail.nomadlogic.org> <452725AB.6090307@sddi.net> Message-ID: <20061007144720.GA17545@sunset.nomadlogic.org> On Fri, Oct 06, 2006 at 11:57:31PM -0400, George R. wrote: > Peter Wright wrote: > >hi all, just asking for some feedback on the freebsd mirror we are hosting > >at NYI. the system seems to be pretty stable on my end, and client > >cvsup's are quick as well (although all my boxes are colo'd a nyi - so > >that data point is pretty much invalid). > > > >as an aside, if anyone would like to try to do a ftp install using > >freebsd.nycbug.org as your source host that would be execellent. i am > >unable to test this out at work for various reasons...and i just don't > >have enough time when i'm home either. > > > >anyway, let me know what you all think. hopefully this host will be > >usefull for nycbug members when 6.2-RELEASE goes out shortly. > > it's been fine for me for a few (nonproduction) installs and some > cvsup'g for src and ports. . . not sync'd to a tee, but fine. > > i say let's go. > > who does the press release? > > g well, i've posted to hubs@ several times asking to be included as an official mirror with no response. i recon they do not need another official mirror at the moment. as an aside i was going to investigate mirroring FreeNAS as well... -p -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From george at galis.org Sat Oct 7 11:18:20 2006 From: george at galis.org (George Georgalis) Date: Sat, 7 Oct 2006 11:18:20 -0400 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> Message-ID: <20061007151820.GA22719@run.galis.org> On Fri, Oct 06, 2006 at 11:45:35AM -0400, Francisco Reyes wrote: >George Georgalis writes: > >> and greylisting purges 97% of of them, with low (0?) false positives. > >Only problem, I know of, with Greylisting is that some (non spammer) >companies use special delivery programs. In particular I have seen American >Express uses such a system. They will take the initial error as permanent.. I think AOL does some non standard stuff too, but I won't be going through any hoops to support their protocols either. ...That said >I am using sqlgrey and they have a list of IPs from companies that their >systems will take the temporary failure as permanent and not retry. They >also update the list and you can get the latest list from them. if they support a white list of non-complient MTAs, where is it? // George -- George Georgalis, systems architect, administrator < From dan at langille.org Sat Oct 7 11:26:28 2006 From: dan at langille.org (Dan Langille) Date: Sat, 07 Oct 2006 11:26:28 -0400 Subject: [nycbug-talk] freebsd.nycbug.org In-Reply-To: <20061007144720.GA17545@sunset.nomadlogic.org> References: <452725AB.6090307@sddi.net> Message-ID: <45278EE4.22183.DB49572@dan.langille.org> On 7 Oct 2006 at 10:47, Pete Wright wrote: > On Fri, Oct 06, 2006 at 11:57:31PM -0400, George R. wrote: > > Peter Wright wrote: > > >hi all, just asking for some feedback on the freebsd mirror we are hosting > > >at NYI. the system seems to be pretty stable on my end, and client > > >cvsup's are quick as well (although all my boxes are colo'd a nyi - so > > >that data point is pretty much invalid). > > > > > >as an aside, if anyone would like to try to do a ftp install using > > >freebsd.nycbug.org as your source host that would be execellent. i am > > >unable to test this out at work for various reasons...and i just don't > > >have enough time when i'm home either. > > > > > >anyway, let me know what you all think. hopefully this host will be > > >usefull for nycbug members when 6.2-RELEASE goes out shortly. > > > > it's been fine for me for a few (nonproduction) installs and some > > cvsup'g for src and ports. . . not sync'd to a tee, but fine. > > > > i say let's go. > > > > who does the press release? > > > > g > > well, i've posted to hubs@ several times asking to be included as an > official mirror with no response. i recon they do not need another > official mirror at the moment. > > as an aside i was going to investigate mirroring FreeNAS as well... By included as an official mirror, do you man a .freebsd.org hostname? -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php From nycbug-list at 2xlp.com Sat Oct 7 11:31:46 2006 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Sat, 7 Oct 2006 11:31:46 -0400 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061007151820.GA22719@run.galis.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> <20061007151820.GA22719@run.galis.org> Message-ID: <0E1C3430-DF3D-4A4A-B7F6-0F8658ACCE3F@2xlp.com> On Oct 7, 2006, at 11:18 AM, George Georgalis wrote: > if they support a white list of non-complient MTAs, where is it? its for domains, not MTAs ( you can spoof the MTA in a heartbeat... but you can check the domain via spf/domainkey/etc ) its in the source in etc """ README file for sqlgrey updated content Don't touch these files, they are automatically updated when you run update_sqlgrey_config: - clients_fqdn_whitelist: don't greylist these DNS names [*] - clients_ip_whitelist : don't greylist these IP addresses [*] - dyn_fqdn.regexp : used by new 'smart' algorithm [x] - smtp_server.regexp : used by new 'smart' algortihm [x] [*]: in use starting with 1.4.0 [x]: in use since 1.5.1, regexps looking for known fqdns patterns """ From george at galis.org Sat Oct 7 11:47:33 2006 From: george at galis.org (George Georgalis) Date: Sat, 7 Oct 2006 11:47:33 -0400 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <0E1C3430-DF3D-4A4A-B7F6-0F8658ACCE3F@2xlp.com> References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> <20061007151820.GA22719@run.galis.org> <0E1C3430-DF3D-4A4A-B7F6-0F8658ACCE3F@2xlp.com> Message-ID: <20061007154733.GB22719@run.galis.org> On Sat, Oct 07, 2006 at 11:31:46AM -0400, Jonathan Vanasco wrote: > >On Oct 7, 2006, at 11:18 AM, George Georgalis wrote: > >> if they support a white list of non-complient MTAs, where is it? > >its for domains, not MTAs ( you can spoof the MTA in a heartbeat... >but you can check the domain via spf/domainkey/etc ) If they are not providing IPs, I won't use it. I could generate IPs from the stuff, but exactly how many hoops should I go through to support non-complient MTAs? using my dns TTL to maintain spf/domainkey/etc IP accept lists.... nevermind. // George -- George Georgalis, systems architect, administrator < From pete at nomadlogic.org Sat Oct 7 12:03:54 2006 From: pete at nomadlogic.org (Pete Wright) Date: Sat, 7 Oct 2006 12:03:54 -0400 Subject: [nycbug-talk] freebsd.nycbug.org In-Reply-To: <45278EE4.22183.DB49572@dan.langille.org> References: <452725AB.6090307@sddi.net> <45278EE4.22183.DB49572@dan.langille.org> Message-ID: <20061007160351.GA17867@sunset.nomadlogic.org> On Sat, Oct 07, 2006 at 11:26:28AM -0400, Dan Langille wrote: > On 7 Oct 2006 at 10:47, Pete Wright wrote: > > > On Fri, Oct 06, 2006 at 11:57:31PM -0400, George R. wrote: > > > Peter Wright wrote: > > > >hi all, just asking for some feedback on the freebsd mirror we are hosting > > > >at NYI. the system seems to be pretty stable on my end, and client > > > >cvsup's are quick as well (although all my boxes are colo'd a nyi - so > > > >that data point is pretty much invalid). > > > > > > > >as an aside, if anyone would like to try to do a ftp install using > > > >freebsd.nycbug.org as your source host that would be execellent. i am > > > >unable to test this out at work for various reasons...and i just don't > > > >have enough time when i'm home either. > > > > > > > >anyway, let me know what you all think. hopefully this host will be > > > >usefull for nycbug members when 6.2-RELEASE goes out shortly. > > > > > > it's been fine for me for a few (nonproduction) installs and some > > > cvsup'g for src and ports. . . not sync'd to a tee, but fine. > > > > > > i say let's go. > > > > > > who does the press release? > > > > > > g > > > > well, i've posted to hubs@ several times asking to be included as an > > official mirror with no response. i recon they do not need another > > official mirror at the moment. > > > > as an aside i was going to investigate mirroring FreeNAS as well... > > By included as an official mirror, do you man a .freebsd.org > hostname? > yea, i was hoping we could be included in the handbook under the *.us.freebsd.org domain. it's no biggie, as long as nycbug memebers are being hooked up everything else is gravy IMO :) -p -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From lists at stringsutils.com Sat Oct 7 00:55:47 2006 From: lists at stringsutils.com (Francisco Reyes) Date: Sat, 07 Oct 2006 00:55:47 -0400 Subject: [nycbug-talk] win4bsd References: <20061002192530.GA86020@mail.scottro.net> <1627391610-1160156570-cardhu_blackberry.rim.net-864764783-@bxe041-cell01.bisx.prod.on.blackberry> Message-ID: > Now, the question is, will it run City of Villains? If so, I am so switching my desktops back to FreeBSD :) :-) Have not even tried sound.. Have it on my office machine. Will try and see if can at least get sound working.. and will report back. Also need to try printing. They have 15 day eval. You can try it and see if it will run your game. From rambiusparkisanius at gmail.com Sat Oct 7 15:05:58 2006 From: rambiusparkisanius at gmail.com (Ivan "Rambius" Ivanov) Date: Sat, 7 Oct 2006 22:05:58 +0300 Subject: [nycbug-talk] NetBSD on Mac mini Message-ID: <89ce7f740610071205g7eea8665k60d1c7f0761c31c8@mail.gmail.com> Hello, Is it possible to install BSD on a Mac Mini? I googled around and found that NetBSD and OpenBSD has ports for Mac Mini. I want also to have a dual boot system with Mac OS. Has anyone done this? If so, can you share your opinion and advice? Regards Rambius -- Tangra Mega Rock: http://www.radiotangra.com From carton at Ivy.NET Sat Oct 7 18:17:29 2006 From: carton at Ivy.NET (Miles Nordin) Date: Sat, 07 Oct 2006 18:17:29 -0400 Subject: [nycbug-talk] NetBSD on Mac mini In-Reply-To: <89ce7f740610071205g7eea8665k60d1c7f0761c31c8@mail.gmail.com> (Ivan "Rambius" Ivanov's message of "Sat, 7 Oct 2006 22:05:58 +0300") References: <89ce7f740610071205g7eea8665k60d1c7f0761c31c8@mail.gmail.com> Message-ID: >>>>> "ii" == Ivan \"Rambius\" Ivanov writes: ii> BSD on a Mac I have NetBSD running on a Rev. A iMac. The XFree86 driver for mach64 is all broken, so X is unaccelerated, unless I warm-boot from OS X, and then accelerated X works. No one's interested in fixing it, and I don't know how. I would expect the same with other chips. There is a guy on the port-macppc list that has made amazing progress restoring sanity to X11 on macppc. He has all kinds of stuff working on his own mac, like multiple heads, and PeeCee video cards using the int10 8086 emulator, but he doesn't finish it off and commit it, just wraps up binary servers he sends to people for ``testing.'' I got some actual source patches out of him once and applied them to my own tree. I think he eventually committed them. He's not ill-intentioned, just extremely extremely slow to clean things up and commit them compared to how glad he is to talk on the mailing list about what is ``possible''---meaning, possible for him, or possible for someone else who has time to do a ``trivial'' amount of kernel and XFree86 hacking. not meaning for you. The way I ``dual boot'' is by net-booting NetBSD and using an NFS root. This avoids all partitioning problems, and I find is generally very nice since BSD will swap and everything else over NFS without any weird buggy locking daemons or swap livelocks that make it piss all over itself like Linux. There are two problems with this. First, last I checked no one had figured out how to make modern versions of OpenFirmware accept a DHCP reply. I was unable to netboot an iBook G4 because OpenFirmware was too new. It took about a week to get the mailing list to admit they'd all tried it on their Macs and couldn't get it to work either. For any G3 or older Mac, even extremely old ones, as long as it has PCI, netbooting works fine. OpenFirmware bugs are the bane of that whole platform, though, as you've no doubt already seen reading NetBSD's installation guide, and there are as many again workarounds for these stupid bugs inside the kernel. Second, some of the network drivers are sub-standard: on the Rev. A iMac, the PHY is not properly supported, so speed/duplex settings don't work. If it autodetects, fine, but if you want to diagnose some kind of network performance issue and want to check the duplex setting, the driver will just lie to you. If you use 100BaseTX hubs on purpose like I do, it could trash your whole network segment and leave you wondering why. Under OS X the PHY works fine. not sure about drivers other than the 'bm' but I would expect more of that. I don't know about OpenBSD, but NetBSD likes to put BSD labels on Mac disks rather than Mac labels. Some early version of OpenFirmware apparently led them to believe this disruptive, annoying behavior was acceptable. I believe this will prevent you from dual-booting anything unless you can work around this and install BSD onto a Mac-labelled disk. Maybe they've fixed it by now, but you will run into all sorts of OpenFirmware drama no matter what, and disk-labeling drama if you try to use a disk. The port is disused enough that you're likely to be the first one to try whatever specific combination of hardware and booting you want, so good luck. The most important thing I'd say about BSD and Macs is, don't bother with BSD on any non-i386 laptop of any kind (Mac, hpc*, sparcbook, ...) because Suspend-to-RAM won't work, and often other while-you're-using-it power saving features are broken, too, so it eats up battery faster, sometimes like twice as fast to the point of near uselessness. good luck. BTW, I heard FreeBSD also supports some macppc now, though...well at least maybe threads would work better than {Net,Open}BSD, but it's a very new port. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From schmonz at schmonz.com Sat Oct 7 23:23:59 2006 From: schmonz at schmonz.com (Amitai Schlair) Date: Sat, 7 Oct 2006 23:23:59 -0400 Subject: [nycbug-talk] NetBSD on Mac mini In-Reply-To: <89ce7f740610071205g7eea8665k60d1c7f0761c31c8@mail.gmail.com> References: <89ce7f740610071205g7eea8665k60d1c7f0761c31c8@mail.gmail.com> Message-ID: <1975E5E6-3B53-4807-A259-B2BD1338948E@schmonz.com> On Oct 7, 2006, at 3:05 PM, Ivan "Rambius" Ivanov wrote: > Is it possible to install BSD on a Mac Mini? I googled around and > found that NetBSD and OpenBSD has ports for Mac Mini. I want also to > have a dual boot system with Mac OS. Has anyone done this? If so, can > you share your opinion and advice? Is it a PowerPC or Intel mini? I have no firsthand clue with Intel Macs, but would guess they require Boot Camp to run any BSD variant. I run NetBSD on a PowerPC mini (it's a mail/web server for myself and a few friends) and am quite happy with it. I wrote up my install steps here: http://www.schmonz.com/2006/06/29/installing-netbsd-on-powerpc-mac-mini NB: my situation differs from yours in that, since this is my server, it's not dual-booting. NetBSD is the only OS installed. Many people have dual-booted NetBSD and Mac OS X on PowerPC Macs, and a few have probably done the same with Intel Macs. Check out the macppc (or i386) install docs on www.netbsd.org, and ask on port- macppc (or port-i386) if you need help. NetBSD can almost certainly do what you want. Good luck, and let us know how it goes! - Amitai From george at sddi.net Sun Oct 8 13:53:52 2006 From: george at sddi.net (George R.) Date: Sun, 08 Oct 2006 13:53:52 -0400 Subject: [nycbug-talk] NYCBSDCon flier Message-ID: <45293B30.4050605@sddi.net> As discussed this past Wednesday, we have .Ike's wonderful flier up and available for download as a PDF here: http://nycbsdcon.org/downloads/FlyerNYCBSDCON2006exp.pdf It's in color, but prints out fine in b/w. Let me know off-list where you hit with the flier. Campus, tech stores, etc., should be good places to start. g From techneck at goldenpath.org Sun Oct 8 21:09:25 2006 From: techneck at goldenpath.org (Tim Allender) Date: Sun, 08 Oct 2006 21:09:25 -0400 Subject: [nycbug-talk] freebsd.nycbug.org In-Reply-To: <57698.160.33.20.11.1160163266.squirrel@webmail.nomadlogic.org> References: <57698.160.33.20.11.1160163266.squirrel@webmail.nomadlogic.org> Message-ID: <4529A145.4070303@goldenpath.org> Peter Wright wrote: > hi all, just asking for some feedback on the freebsd mirror we are hosting > at NYI. the system seems to be pretty stable on my end, and client > cvsup's are quick as well (although all my boxes are colo'd a nyi - so > that data point is pretty much invalid). > > as an aside, if anyone would like to try to do a ftp install using > freebsd.nycbug.org as your source host that would be execellent. i am > unable to test this out at work for various reasons...and i just don't > have enough time when i'm home either. > > anyway, let me know what you all think. hopefully this host will be > usefull for nycbug members when 6.2-RELEASE goes out shortly. > > -pete > > Works great. I just cvsuped a test box from it and by far the best speed yet. Tim From techneck at goldenpath.org Mon Oct 9 01:32:38 2006 From: techneck at goldenpath.org (Tim Allender) Date: Mon, 09 Oct 2006 01:32:38 -0400 Subject: [nycbug-talk] pfSence and "make" Message-ID: <4529DEF6.6070804@goldenpath.org> I've never had a fbsd system that didn't have make on it. lol, I'm lost. Looking through the ports and I find "make" this and "make" that, but no plain ol' "make" Sure I can pkg_add most things. But I need to build a 6 stable kernel to support my D-Link DGE-530T cards. I've tried the ~other~ *make(s) but they don't seem to work quite the same way. Before I "experience the joy" of doing this: http://wiki.pfsense.com/wikka.php?wakka=BuildingpFSense I thought I'd ask on here for any tips you gents might "make". =D From techneck at goldenpath.org Mon Oct 9 10:59:14 2006 From: techneck at goldenpath.org (Tim Allender) Date: Mon, 09 Oct 2006 10:59:14 -0400 Subject: [nycbug-talk] pfSence and "make" Message-ID: <452A63C2.5020103@goldenpath.org> I've never had a fbsd system that didn't have make on it. lol, I'm lost. Looking through the ports and I find "make" this and "make" that, but no plain ol' "make" Sure I can pkg_add most things. But I need to build a 6 stable kernel to support my D-Link DGE-530T cards. I've tried the ~other~ *make(s) but they don't seem to work quite the same way. Before I "experience the joy" of doing this: http://wiki.pfsense.com/wikka.php?wakka=BuildingpFSense I thought I'd ask on here for any tips you gents might "make". =D From pete at nomadlogic.org Mon Oct 9 11:11:53 2006 From: pete at nomadlogic.org (Pete Wright) Date: Mon, 9 Oct 2006 11:11:53 -0400 Subject: [nycbug-talk] pfSence and "make" In-Reply-To: <4529DEF6.6070804@goldenpath.org> References: <4529DEF6.6070804@goldenpath.org> Message-ID: <20061009151149.GA38110@sunset.nomadlogic.org> On Mon, Oct 09, 2006 at 01:32:38AM -0400, Tim Allender wrote: > I've never had a fbsd system that didn't have make on it. > lol, I'm lost. > Looking through the ports and I find "make" this and "make" that, but no > plain ol' "make" > Sure I can pkg_add most things. > But I need to build a 6 stable kernel to support my D-Link DGE-530T cards. > I've tried the ~other~ *make(s) but they don't seem to work quite the > same way. > Before I "experience the joy" of doing this: > http://wiki.pfsense.com/wikka.php?wakka=BuildingpFSense > I thought I'd ask on here for any tips you gents might "make". > =D rather than cluttering your pfsense install i'd suggest building a new kernel on another box then installing that kernel on the pfsense machine. i've been doing this with FreeNAS with great success... -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From techneck at goldenpath.org Mon Oct 9 14:39:24 2006 From: techneck at goldenpath.org (Tim Allender) Date: Mon, 09 Oct 2006 14:39:24 -0400 Subject: [nycbug-talk] Student Discounts Message-ID: <452A975C.5030800@goldenpath.org> Practically all professional organizations have them. Certainly, a "User Group" organization such as the New York City BSD User's Group should as well. I don't just ~worry~ that the cost is prohibitive for CUNY students. I know. I think the logic is upside down to say that Columbia students should get a discount and other students (particularly CUNY, being by far the largest college student body in NYC) do not. It's not as if a discount would flood us with students. It's more like we're locking them out. I'm very disappointed. I realize the conference is incurring more costs this year and that those need to be recouped but this isn't a killer; this isn't the way. All this assures is that we won't have any other student's except Columbia students. I suggest we reverse ourselves on this and give all New York City students $50 admission at the door. I can only suppose we're specifically gunning for the prestige of holding the conference on the Columbia campus. They're certainly not the only place we can find a sponsored location. For future reference: The Auxiliary Enterprises Corporation of BMCC has previously allocated funds for exactly this type of community activity. And, of course, there's BMCC Association, Inc. and the SGA. BMCC is the home of Tribeca Theatre. The Theatre is actually "free," though the theater crew and security run a couple of grand. That is what the Aux Ent funds offset. Of course, it's too late to take that into consideration this year. Next year, remind me in August and I'll test the waters. I've been a member of the board of directors of each of those corporations. I know exactly how they work and who we would need to talk to. Of course, as with all things, there is no guarantee. All we can do is beat our drums and see if they're up for dancing. That is, if we can live without saying, "...it's at Columbia" And, no, I'm not a student. I'm not gunning for my own discount here. From nycbug-list at 2xlp.com Mon Oct 9 15:20:00 2006 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Mon, 9 Oct 2006 15:20:00 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: <452A975C.5030800@goldenpath.org> References: <452A975C.5030800@goldenpath.org> Message-ID: <4E94F1CB-6ECA-4EAB-A1E8-F1B32E3452D3@2xlp.com> On Oct 9, 2006, at 2:39 PM, Tim Allender wrote: > I suggest we reverse ourselves on this and give all New York City > students $50 admission at the door. +1 that +2 all students in general even the overpriced tech and design conferences have drastically reduced prices for students when you're worried about living on loans, accumulating debt, and working $6hr jobs on campus , the full price is just too much even $50 for a student is high- its an acceptable high- but its still a pricepoint where someone would REALLY want to go in order to check it out. maybe a $25 day rate would be better for students? i wouldn't be eligible for it either-- i just remember living on those budgets vividly. From mspitzer at gmail.com Mon Oct 9 15:48:10 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Mon, 9 Oct 2006 15:48:10 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: <4E94F1CB-6ECA-4EAB-A1E8-F1B32E3452D3@2xlp.com> References: <452A975C.5030800@goldenpath.org> <4E94F1CB-6ECA-4EAB-A1E8-F1B32E3452D3@2xlp.com> Message-ID: <8c50a3c30610091248n3d1122cfp20241f8b343275e2@mail.gmail.com> On 10/9/06, Jonathan Vanasco wrote: > > On Oct 9, 2006, at 2:39 PM, Tim Allender wrote: > > I suggest we reverse ourselves on this and give all New York City > > students $50 admission at the door. I have nothing to do with the con management, but columbia is donating the space as far as I know. I do not think cuny is putting anything in the pot, not a dig on cuny just a statement of facts asI understand them. Also please keep in mind that the con needs to pay for it self. Yes it needs to make money or it never happens again. What might work out as fair is that full time non columbia students get the $100 price at the door if they have a current studnet ID and proof of full time status. Please keep in mind that the cost of the con is already deeply discounted accross the board, $100 for 2 days of talks and, if I remember correctly, food. > > +1 that > +2 all students in general > > even the overpriced tech and design conferences have drastically > reduced prices for students yes they are and students pay more then $50/day for them still. > > when you're worried about living on loans, accumulating debt, and > working $6hr jobs on campus , the full price is just too much > even $50 for a student is high- its an acceptable high- but its still > a pricepoint where someone would REALLY want to go in order to check > it out. maybe a $25 day rate would be better for students? having been a broke student, don't buy it. and why in the name of snoopy would any computer savy person work for 6/hr, Mcdonnalds pays better. Basic office help pays around $10+/hr from what I read in the paper. > > i wouldn't be eligible for it either-- i just remember living on > those budgets vividly. I also remember those days, well some of them. marc ps I work for columbia -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From nycbug at cyth.net Mon Oct 9 15:53:19 2006 From: nycbug at cyth.net (Ray Lai) Date: Mon, 9 Oct 2006 15:53:19 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: <4E94F1CB-6ECA-4EAB-A1E8-F1B32E3452D3@2xlp.com> References: <452A975C.5030800@goldenpath.org> <4E94F1CB-6ECA-4EAB-A1E8-F1B32E3452D3@2xlp.com> Message-ID: <20061009195342.GQ8070@cybertron.cyth.net> On Mon, Oct 09, 2006 at 03:20:00PM -0400, Jonathan Vanasco wrote: > On Oct 9, 2006, at 2:39 PM, Tim Allender wrote: > > I suggest we reverse ourselves on this and give all New York City > > students $50 admission at the door. > > +1 that > +2 all students in general > > even the overpriced tech and design conferences have drastically > reduced prices for students > > when you're worried about living on loans, accumulating debt, and > working $6hr jobs on campus , the full price is just too much > even $50 for a student is high- its an acceptable high- but its still > a pricepoint where someone would REALLY want to go in order to check > it out. maybe a $25 day rate would be better for students? > > i wouldn't be eligible for it either-- i just remember living on > those budgets vividly. We should be paid to go. The cost of living, the commute, and the sacrificed weekend adds up to too much. I am sure there are places that will pay us to hold the conference there. -Ray- From jonathan at kc8onw.net Mon Oct 9 17:25:59 2006 From: jonathan at kc8onw.net (Jonathan Stewart) Date: Mon, 09 Oct 2006 17:25:59 -0400 Subject: [nycbug-talk] [Semi OT] Convention help Message-ID: <452ABE67.4050002@kc8onw.net> If this is bad form yell at me off list please, constructive criticism is appreciated. I would like to make NYCBSDCon but have never been to NYC, or any convention anywhere for that matter, and will be driving down from Fort Drum that Friday evening. I have no idea where I would be able to park or anything, although I suppose if I stayed at a hotel I would be able to leave my car there? Does anyone have any suggestions as far as where to stay? I did see the list linked from the convention site and if anyone would recommend any specific hotels from that list or elsewhere it would be appreciated. A couch to crash on would be cool too if someone doesn't mind ;) Thanks, Jonathan From pete at nomadlogic.org Mon Oct 9 17:30:58 2006 From: pete at nomadlogic.org (Peter Wright) Date: Mon, 9 Oct 2006 14:30:58 -0700 (PDT) Subject: [nycbug-talk] Student Discounts In-Reply-To: <452A975C.5030800@goldenpath.org> References: <452A975C.5030800@goldenpath.org> Message-ID: <3182.160.33.20.11.1160429458.squirrel@webmail.nomadlogic.org> > Practically all professional organizations have them. > Certainly, a "User Group" organization such as the New York City BSD > User's Group should as well. > I don't just ~worry~ that the cost is prohibitive for CUNY students. I > know. > I think the logic is upside down to say that Columbia students should > get a discount and other students (particularly CUNY, being by far the > largest college student body in NYC) do not. Columbia has donated this space to us gratis. > It's not as if a discount would flood us with students. > It's more like we're locking them out. > I'm very disappointed. I'm not sure I understand your logic here....How are we locking them out? > I realize the conference is incurring more costs this year and that > those need to be recouped but this isn't a killer; this isn't the way. OK, what would another option be? > All this assures is that we won't have any other student's except > Columbia students. still...not really following your logic here.... > I suggest we reverse ourselves on this and give all New York City > students $50 admission at the door. > well, if you want to go this track (and assuming that we can find a donor that is willing to help us cover the costs) why limit it to NYC students? How about a general student discount? > I can only suppose we're specifically gunning for the prestige of > holding the conference on the Columbia campus. Sorry bzzt...wrong! Columbia was originally (several years back) the only location we could find that would host our BUG for free. That was for the Kirk talk. We tried CUNY locations, NYU, NY public library, YMCA, etc. None of these locations where free...or appropriate locations for this talk. Columbia was the only place that was willing to host us for free. They have continued to do this for us, and I'd actually have to thank them for that. > They're certainly not the only place we can find a sponsored location. If you can find strong commitments from people please let us know. But as mentioned above we where not able to find anyone to house us in the past. > For future reference: > The Auxiliary Enterprises Corporation of BMCC has previously allocated > funds for exactly this type of community activity. > And, of course, there's BMCC Association, Inc. and the SGA. > BMCC is the home of Tribeca Theatre. The Theatre is actually "free," > though the theater crew and security run a couple of grand. > That is what the Aux Ent funds offset. > If this is the case we will have to look into that to see if it's an appropriate location for us to hold special events and Con's. > Of course, it's too late to take that into consideration this year. > Next year, remind me in August and I'll test the waters. Better yet, let us know when you have a some contacts and solid leeds and we as a orginization will hopefully come up with something good. > I've been a member of the board of directors of each of those > corporations. I know exactly how they work and who we would need to talk > to. Board members of where...BMCC? > Of course, as with all things, there is no guarantee. > All we can do is beat our drums and see if they're up for dancing. > That is, if we can live without saying, "...it's at Columbia" > I really don't understand what you have against Columbia. The real goal of the Con is to create a forum where like minded people can gather and see some execellent lectures and share ideas. As mentioned before Columbia has given us space in the past and continues to do so. It was not the first place we wanted to go (back when kirk came to NYC several years ago) but the did hook us up when we needed it. I happen to like the facilities at Columbia - I know others (including you I assume) do not. In any event, student discounts are a great idea. Yet, the sad truth is we tried to make this econimically viable for everyone involved (how about the 20 year old hacker that can't afford college for example). Including the people volunteering thier time/money/effort to get this thing off the ground. That's right, it's not free. So, no we are not trying to block students from attending (or anyone for that matter) - far from it. Yet at the same time we have to ensure we can continue to throw these con's in the future. -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From okan at demirmen.com Mon Oct 9 17:41:20 2006 From: okan at demirmen.com (Okan Demirmen) Date: Mon, 9 Oct 2006 17:41:20 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: <3182.160.33.20.11.1160429458.squirrel@webmail.nomadlogic.org> References: <452A975C.5030800@goldenpath.org> <3182.160.33.20.11.1160429458.squirrel@webmail.nomadlogic.org> Message-ID: <20061009214120.GD24150@clam.khaoz.org> let me just say one thing; columbia is NOT giving anything to us for free. yes, we are paying for it. From lists at zaunere.com Mon Oct 9 17:41:28 2006 From: lists at zaunere.com (Hans Zaunere) Date: Mon, 9 Oct 2006 17:41:28 -0400 Subject: [nycbug-talk] [Semi OT] Convention help In-Reply-To: <452ABE67.4050002@kc8onw.net> Message-ID: <00fa01c6ebeb$ad744d00$690aa8c0@MobileZ> Hi Johnathan, Jonathan Stewart wrote on Monday, October 09, 2006 5:26 PM: > If this is bad form yell at me off list please, constructive criticism > is appreciated. > > I would like to make NYCBSDCon but have never been to NYC, or any > convention anywhere for that matter, and will be driving down from > Fort Drum that Friday evening. I have no idea where I would be able I've travelled a lot from that area (Potsdam area). Ping me off list and maybe I can help. It might actually make sense for you to drive part of the way, and leave your car at a long term parking facility at a train station like Beacon. H From pete at nomadlogic.org Mon Oct 9 17:50:33 2006 From: pete at nomadlogic.org (Peter Wright) Date: Mon, 9 Oct 2006 14:50:33 -0700 (PDT) Subject: [nycbug-talk] Student Discounts In-Reply-To: <20061009214120.GD24150@clam.khaoz.org> References: <452A975C.5030800@goldenpath.org> <3182.160.33.20.11.1160429458.squirrel@webmail.nomadlogic.org> <20061009214120.GD24150@clam.khaoz.org> Message-ID: <47661.160.33.20.11.1160430633.squirrel@webmail.nomadlogic.org> > let me just say one thing; columbia is NOT giving anything to us for > free. yes, we are paying for it. wow...that sucks. let me honestly appologise. I'm sorry about that. I was under the impression we got the room for free when kirk came. -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From lists at genoverly.net Mon Oct 9 18:01:52 2006 From: lists at genoverly.net (michael) Date: Mon, 9 Oct 2006 18:00:52 -0401 Subject: [nycbug-talk] Student Discounts In-Reply-To: <452A975C.5030800@goldenpath.org> References: <452A975C.5030800@goldenpath.org> Message-ID: <20061009180052.732ab051@dt.genoverly.com> On Mon, 09 Oct 2006 14:39:24 -0400 Tim Allender wrote: While I do not speak for the organization committee, I will reply with my not-so-humble opinion. First.. it is a shame that you decided to publicly post to talk@ rather than post an email to the organization committee... which may have been more appropriate. Second.. the conference pricing is *very-very* reasonable, and I doubt if it is up for such debate at this late stage, anyway. Go ahead, compare it to other BSD conferences. I think it stacks up pretty well. This is not a student event, it is not a professional event, it not anything more than a BSD conference that a few people have devoted time and effort to organize; and have announced to the BSD community. >From what I see, the conference is trying to appeal to the broadest common denominator. And I think they have managed to find a balance to please MOST people. Come if you want; or don't. It is not a public service. Not only is pricing to cover costs of putting on such an event. It is also the value of what is being provided. BSD developers and experts are making the effort to fly from all over this continent and Europe to speak to *you*. There are going to be well over a hundred like-minded people to talk to, network with, learn with, and have fun with; for *you*. The conference is organizing all this into an action packed two day affair. They are even giving you grub. I do not understand why you feel the need to complain. To cut costs, I suppose, they could have: 1. had it in a less-than-nice space 2. not brought in developers and experts from outside NYC 3. not provided food for two days 4. not provided a good atmosphere for learning and fun I sure those 4 things were debated. I know it is true for me, -and I'd bet that most people don't want to cut corners that deeply. Most people are willing to pay a small fee to get such a great value. It must have been really tough to find a balance TO PLEASE EVERYBODY, and it appears to me that the organizers have bent over backwards to make it happen for *you*. Frankly, I think it is inappropriate to publicly complain that pricing does not please you. I am of the opinion that complaining to the organizers (and telling them they should discount the ticket price -because you say so) was probably not the best approach. They are already working really hard for *you*, to put this whole thing together. If you really want to serve your cause, then start a Tickets-for-Students fund and make the first donation. -- michael From spork at bway.net Mon Oct 9 18:02:48 2006 From: spork at bway.net (Charles Sprickman) Date: Mon, 9 Oct 2006 18:02:48 -0400 (EDT) Subject: [nycbug-talk] [Semi OT] Convention help In-Reply-To: <452ABE67.4050002@kc8onw.net> References: <452ABE67.4050002@kc8onw.net> Message-ID: On Mon, 9 Oct 2006, Jonathan Stewart wrote: > Does anyone have any suggestions as far as where to stay? I did see the > list linked from the convention site and if anyone would recommend any > specific hotels from that list or elsewhere it would be appreciated. A > couch to crash on would be cool too if someone doesn't mind ;) Be prepared to pay big $$ if you want a nearby hotel. I live in Jersey and recently got married, so I thought, "what the hell, I'll get a hotel" - idea being that if I'm already in NYC I might make it on-time. In the past I've snagged decent rooms for $100 or less using priceline. I tried that again with the search restricted to Priceline's Upper West Side, then Upper East Side, then Central Park South, then Midtown East. I was trying to avoid the "tourist" area... No dice at $130 in any of those areas. I finally added the financial district and got something here: http://exchangehotel.com/ Seems like a really nice place with excellent reviews on TripAdvisor.com. But that's going to be one hell of a subway ride. :) Still better than driving in two days. I think Priceline is pretty safe, they generally don't put crappy hotels in there unless you dip below 2.5 *'s. And my failure to win a bid for UWS area the other night is NO indication that someone else couldn't win today - inventory fluctuates from day to day. http://www.biddingfortravel.com/ has recent auction results for Priceline, which is handy. As for parking, just assume that's extra. There's a lot under the church that's just NW of the NW corner of the Columbia campus. I think I paid under $30 for a day's parking last year. Charles > Thanks, > Jonathan > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From george at sddi.net Mon Oct 9 18:34:26 2006 From: george at sddi.net (G. Rosamond) Date: Mon, 09 Oct 2006 18:34:26 -0400 Subject: [nycbug-talk] Student Discounts Message-ID: <20061009183426.lt4sfytuxwwc4sko@webhosting.loftmail.com> Quoting Tim Allender : > Practically all professional organizations have them. > Certainly, a "User Group" organization such as the New York City BSD > User's Group should as well. Know any groups, user or other, that charge $95 for a two day conference, including four meals and significant speakers from as far away as Latvia? I somehow doubt it. Name a conference, ANY conference, and you will find nothing close. I don't think it's useful to compare this to last year, if that's what you're doing. > I don't just ~worry~ that the cost is prohibitive for CUNY students. I know. > I think the logic is upside down to say that Columbia students should > get a discount and other students (particularly CUNY, being by far the > largest college student body in NYC) do not. Well, while CU students are unlikely the most desparate in NYC (or the world for that matter), the fact that CU is not charging us an arm and a leg, we had no problem doing this. Do we wish we could charge less for students, especially CUNY? Yes. I happened to have gone to a SUNY, so I'm well aware. And we should add in so many others whose means don't allow them to attend technical conferences. However, I don't know another conference that has the bar so low for entry. Anyone know what it's like getting inexpensive space in NYC, with the gentrification that has gone on since the early 90's, not to mention post-9/11? This is not some small midwestern town with an Arby's and $45000 ranch-style houses. > It's not as if a discount would flood us with students. > It's more like we're locking them out. > I'm very disappointed. Right, and you raised it at the last meeting, and we fully discussed to everyone's satisfaction, including your own, from my memory. We're not worrying about flooding the conference with anyone. This is a BSD conference, afterall. :-) We're cutting it very close in terms of budgeting, which I think we made very clear last week, in an effort to keep costs low for everyone, yet deliver a great conference. Additional variables, beyond the inherent, are not something we seek. > I realize the conference is incurring more costs this year and that > those need to be recouped but this isn't a killer; this isn't the way. > All this assures is that we won't have any other student's except > Columbia students. > I suggest we reverse ourselves on this and give all New York City > students $50 admission at the door. > Tim, glad you have input on this, and I genuinely do appreciate your input last week at the meeting, but we (and certainly you) are not in a position to reverse anything. > I can only suppose we're specifically gunning for the prestige of > holding the conference on the Columbia campus. > They're certainly not the only place we can find a sponsored location. > For future reference: > The Auxiliary Enterprises Corporation of BMCC has previously allocated > funds for exactly this type of community activity. > And, of course, there's BMCC Association, Inc. and the SGA. > BMCC is the home of Tribeca Theatre. The Theatre is actually "free," > though the theater crew and security run a couple of grand. > That is what the Aux Ent funds offset. > > Of course, it's too late to take that into consideration this year. > Next year, remind me in August and I'll test the waters. > I've been a member of the board of directors of each of those > corporations. I know exactly how they work and who we would need to talk to. > Of course, as with all things, there is no guarantee. > All we can do is beat our drums and see if they're up for dancing. > That is, if we can live without saying, "...it's at Columbia" > > And, no, I'm not a student. I'm not gunning for my own discount here. But it may be worse than you gunning for your own discount. . . You basically missed the point of last week's discussion, much of which was focused on your own points. You've just reraised them, adding not much new, other than your offers for space, which would have been relevant six months ago when it was dealt with. I don't think anyone cares about the "ivy league" credentials. But our contacts at Columbia came through on this, again, for the third time now, and we're very appreciative. This conference wasn't put together last week, or even the week before. . . We want input, comments, even criticisms, etc, but you're just reraising something from last week that we addressed, and frankly, something that you really don't know much about. g From carton at Ivy.NET Mon Oct 9 19:06:41 2006 From: carton at Ivy.NET (Miles Nordin) Date: Mon, 09 Oct 2006 19:06:41 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: <20061009180052.732ab051@dt.genoverly.com> (michael's message of "Mon, 9 Oct 2006 18:00:52 -0401") References: <452A975C.5030800@goldenpath.org> <20061009180052.732ab051@dt.genoverly.com> Message-ID: >>>>> "m" == michael writes: m> First.. it is a shame that you decided to publicly post to m> talk@ rather than post an email to the organization m> committee... which may have been more appropriate. I don't think NYCBUG is ripping people off or see the student prices as any kind of problem issue---just thought some people were talking about making some tweaks each from their own reasonable perspectives. but I will say: trying to shame people into non-transparent behavior, and attacking those who make criticisms in public while simultaneously offering to have listened to hypothetical ``discrete'' private criticism, is a behavior I've seen all too many times in various hobbyist users-group-type things, and I fidn it ugly and hope it won't catch on here. I've participated in a conference with multiple secret mailinglists where ``shoulder surfing'' was considered a serious incident, great effort was put into tracking down information leaks and ``unauthorized forwards'' from the secret lists, and people were constantly getting kicked off lists silently or even banned from the conference for embarassing well-connected people. loyalty over competence. trust is discipline. Avoiding shame in front of some imagined peanut gallery can slowly start to take root as a legitimate decision-making factor. I don't really think NYCBUG is going to help me find a job or teach me anything I don't know already---I'm interested in NYCBUG mostly as a way of meeting/doing/seeing while escaping this petty, insecure, wordy-back-stabbing-beaurocrat environment. Based on what very little I know, I think you guys are doing a good job and have no reason to feel insecure or defensive. Nobody's running for congress or needs an airtight answer ready to every objection. I've seen that sort of thing eat these groups up from the inside, and make everyone miserable along the way. IMHO you're always going to get criticized by people with ideas of varying quality and varying levels of personal stake in your enterprise all the way down to zero. Some of them may be right while you're wrong yet your plans go ahead anyway--fine. Others may be spies, sabateurs, or even Linux users, and yet you adopt their broken ideas to hilarious results. fine. From my perspective, the only thing I know to do is to listen and respond cheerfully as time permits. BTW, if you want my completely uninformed speculation on that whole NetBSD thing, I bet it was about the four-clause license. http://mail-index.netbsd.org/netbsd-advocacy/1999/12/08/0027.html It's kind of a scumbag move for me to speculate like this when I haven't even bothered to _ask_ the people involved why they didn't sign. but I'm too scared to write privately these guys who are practically comic book superheroes sounding like a slashdot kiddie, any anyway everyone else is doing it, so... Many developers have BSD license copyrights on NetBSD code in their own name rather than the name of the Regents or of TNF. You can see all these developers mentioned, like a hundred of them, in the Installation Notes. When UC and TNF went from the four-clause license to the three-clause license, removing the ``advertising clause,'' the change did NOT affect all these files with copyrights held by individual authors. while future device drivers should hopefully be all 'cvs add' commits and thus three-clause and GPL-compatible, BSD as a whole probably will never be. The agreement TNF wanted committers to sign may have retroactively transferred authorship rights for those files to TNF. I think committer's agreements are generally transfers of author's rights. Some people, myself included, don't agree yet that removing the advertising clause is a good idea, so some of the people who refused to sign might have felt that an illegitimate political entity was trying to impose a decision about how to best leverage the copyright held by said developers on their work---they simply chose their rather substantial authorship rights over their commit privileges. IMHO, BSD doesn't really have any organization to whom developers feel safe assigning their authorship to the same extent as they do assigning to FSF. Those individual copyrights in the NetBSD tree are a nasty stumbling block in the way of TNF doing anything drastic with the licensing of the BSD codebase, which could be a very good thing or a very bad thing depending on your personal opinions/priorities. At the very least, I can see how this could be important enough to be a valid reason to leave a project you love. It's just a conspiracy theory, but even if it's totally false at least it points out something interesting about BSD's history. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From mspitzer at gmail.com Mon Oct 9 19:10:46 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Mon, 9 Oct 2006 19:10:46 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: <47661.160.33.20.11.1160430633.squirrel@webmail.nomadlogic.org> References: <452A975C.5030800@goldenpath.org> <3182.160.33.20.11.1160429458.squirrel@webmail.nomadlogic.org> <20061009214120.GD24150@clam.khaoz.org> <47661.160.33.20.11.1160430633.squirrel@webmail.nomadlogic.org> Message-ID: <8c50a3c30610091610s49a8c036l78d86aaeec8eb223@mail.gmail.com> On 10/9/06, Peter Wright wrote: > > > let me just say one thing; columbia is NOT giving anything to us for > > free. yes, we are paying for it. > > wow...that sucks. let me honestly appologise. I'm sorry about that. I > was under the impression we got the room for free when kirk came. I did not know we were renting the room this year, oops. I think the Kirk room was free though. marc > > > -- > ~~oO00Oo~~ > Peter Wright > pete at nomadlogic.org > www.nomadlogic.org/~pete > 310.869.9459 > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From okan at demirmen.com Mon Oct 9 19:24:38 2006 From: okan at demirmen.com (Okan Demirmen) Date: Mon, 9 Oct 2006 19:24:38 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: <8c50a3c30610091610s49a8c036l78d86aaeec8eb223@mail.gmail.com> References: <452A975C.5030800@goldenpath.org> <3182.160.33.20.11.1160429458.squirrel@webmail.nomadlogic.org> <20061009214120.GD24150@clam.khaoz.org> <47661.160.33.20.11.1160430633.squirrel@webmail.nomadlogic.org> <8c50a3c30610091610s49a8c036l78d86aaeec8eb223@mail.gmail.com> Message-ID: <20061009232438.GG24150@clam.khaoz.org> On Mon 2006.10.09 at 19:10 -0400, Marc Spitzer wrote: > On 10/9/06, Peter Wright wrote: > > > > > let me just say one thing; columbia is NOT giving anything to us for > > > free. yes, we are paying for it. > > > > wow...that sucks. let me honestly appologise. I'm sorry about that. I > > was under the impression we got the room for free when kirk came. > > I did not know we were renting the room this year, oops. I think the Kirk room > was free though. yes, first the "kirk" room was free in 2004. that was a few hours, on one afternoon in one classroom. we had to pay for our space in 2005, and have to again this year (and yes, the price has gone up). oh, and why columbia? they were, and still are, the only ones to actually come through. attempts at other local (state and community) schools and institutions failed. i will not make any deductions on why; i am just stating fact. From mspitzer at gmail.com Mon Oct 9 19:40:47 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Mon, 9 Oct 2006 19:40:47 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: References: <452A975C.5030800@goldenpath.org> <20061009180052.732ab051@dt.genoverly.com> Message-ID: <8c50a3c30610091640m390957eak322ea1f6e68e90e8@mail.gmail.com> On 10/9/06, Miles Nordin wrote: > >>>>> "m" == michael writes: > > m> First.. it is a shame that you decided to publicly post to > m> talk@ rather than post an email to the organization > m> committee... which may have been more appropriate. > > I don't think NYCBUG is ripping people off or see the student prices > as any kind of problem issue---just thought some people were talking > about making some tweaks each from their own reasonable perspectives. Well just to be accurate it is columbia pricing not student pricing. > > but I will say: trying to shame people into non-transparent behavior, > and attacking those who make criticisms in public while simultaneously > offering to have listened to hypothetical ``discrete'' private > criticism, is a behavior I've seen all too many times in various > hobbyist users-group-type things, and I fidn it ugly and hope it won't > catch on here. the simple fact it shouting things in public, this list is public, at the last minute is just not a good way to effect change. Also I want the orgnizers to have their list for several reasons: 1: their doing it and I am not so I do not want to be bothered 2: their doing it and I am not so they do not want to be bothered by my random comments. 3: It would just make more work for the comittee, bike shed problem 4: it would lessen the chances of the con continuing, bad feelings for being ignored by the committee, anger on the committee members part about having to constantly wast time on email. the list goes on. > > I've participated in a conference with multiple secret mailinglists > where ``shoulder surfing'' was considered a serious incident, great > effort was put into tracking down information leaks and ``unauthorized > forwards'' from the secret lists, and people were constantly getting > kicked off lists silently or even banned from the conference for > embarassing well-connected people. loyalty over competence. trust is > discipline. Avoiding shame in front of some imagined peanut gallery > can slowly start to take root as a legitimate decision-making factor. > I don't really think NYCBUG is going to help me find a job or teach me > anything I don't know already---I'm interested in NYCBUG mostly as a > way of meeting/doing/seeing while escaping this petty, insecure, > wordy-back-stabbing-beaurocrat environment. I would suspect that there was a bit too much openess befor and it caused problems, or the people could just be parionoid and insecure empire builders. > > Based on what very little I know, I think you guys are doing a good > job and have no reason to feel insecure or defensive. Nobody's > running for congress or needs an airtight answer ready to every > objection. The simple fact is that people are more likley to considder things when approached in private and defend things when bothered in public. Especially when it looks like an attempt to get grass root support for the idea. > > I've seen that sort of thing eat these groups up from the inside, and > make everyone miserable along the way. IMHO you're always going to > get criticized by people with ideas of varying quality and varying > levels of personal stake in your enterprise all the way down to zero. > Some of them may be right while you're wrong yet your plans go ahead > anyway--fine. Others may be spies, sabateurs, or even Linux users, > and yet you adopt their broken ideas to hilarious results. fine. > From my perspective, the only thing I know to do is to listen and > respond cheerfully as time permits. people only discuss the "problems" they know about. This thread is a case in point. If you do not respond to their satisfaction you are an unfeeling not transparent brute, you meaniee you. And if you do respond and not do what is requested of you you get draged into an email exchange with the orignal person and everyone who has input and wast a lot of time that could be used for something usefull and eventually you cave and/or go to option 1 and are an asshole. marc -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From techneck at goldenpath.org Mon Oct 9 21:58:16 2006 From: techneck at goldenpath.org (Tim Allender) Date: Mon, 09 Oct 2006 21:58:16 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: References: <452A975C.5030800@goldenpath.org> <20061009180052.732ab051@dt.genoverly.com> Message-ID: <452AFE38.3020207@goldenpath.org> I've read all your replies very carefully. I won't bother to nit-pick. For some questions that were raised, re-read my post. For you uppity chaps, relax: you're taking yourselves way too seriously. Guess I just rub some folks the wrong way. That's O.K. You'll get over it. But, does this mean I'm kicked out of NYCBUG? I hope you don't think that public berating will keep me from speaking my mind where I feel it needs to be spoken. Before you go breaking out the noose, though, did I forget to say thanks for making it happen? ( Screw the students! Everyone else does: http://newyork.craigslist.org/search/ers?query=student ) Better yet, save $200, go screw yourself, and I'll see you at the con, lol. =D NYCBUG ~ A Forum for Discussion and a Bridge for Learning From mspitzer at gmail.com Tue Oct 10 00:48:49 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Tue, 10 Oct 2006 00:48:49 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: <452AFE38.3020207@goldenpath.org> References: <452A975C.5030800@goldenpath.org> <20061009180052.732ab051@dt.genoverly.com> <452AFE38.3020207@goldenpath.org> Message-ID: <8c50a3c30610092148x3229e01fkf5e8af26d30017de@mail.gmail.com> On 10/9/06, Tim Allender wrote: > I've read all your replies very carefully. I won't bother to nit-pick. > For some questions that were raised, re-read my post. > For you uppity chaps, relax: you're taking yourselves way too seriously. > some how I doubt that. > Guess I just rub some folks the wrong way. That's O.K. You'll get over it. > But, does this mean I'm kicked out of NYCBUG? > I hope you don't think that public berating will keep me from speaking > my mind where I feel it needs to be spoken. It amasing how your writting implys that only you have the right to speak your mind. Some how in your world people can not freely disagree with you. Sad really. > > Before you go breaking out the noose, though, did I forget to say thanks > for making it happen? > ( Screw the students! Everyone else does: > http://newyork.craigslist.org/search/ers?query=student ) Look is anyone stoping you from purchasing tickets to the show and giving them to deserving cuny students? Why dont you put your money, instead of other peoples, where your convictions are. you could sponser 10 students at the columbia price for a mere $500.00. In fact you could inspire people to also fund NYU and Pace students as well, fancy that. I just somehow do not think you are willing to lead this charge for social justice, come on and prove me wrong its for the children after all. > > Better yet, save $200, go screw yourself, and I'll see you at the con, > lol. =D I sincerly hope not. marc -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From george at sddi.net Tue Oct 10 14:02:56 2006 From: george at sddi.net (George R.) Date: Tue, 10 Oct 2006 14:02:56 -0400 Subject: [nycbug-talk] [Semi OT] Convention help In-Reply-To: References: <452ABE67.4050002@kc8onw.net> Message-ID: <452BE050.4080903@sddi.net> Charles Sprickman wrote: > On Mon, 9 Oct 2006, Jonathan Stewart wrote: > >> Does anyone have any suggestions as far as where to stay? I did see the >> list linked from the convention site and if anyone would recommend any >> specific hotels from that list or elsewhere it would be appreciated. A >> couch to crash on would be cool too if someone doesn't mind ;) > > Be prepared to pay big $$ if you want a nearby hotel. I live in Jersey > and recently got married, so I thought, "what the hell, I'll get a hotel" > - idea being that if I'm already in NYC I might make it on-time. In the > past I've snagged decent rooms for $100 or less using priceline. > > I tried that again with the search restricted to Priceline's Upper West > Side, then Upper East Side, then Central Park South, then Midtown East. I > was trying to avoid the "tourist" area... No dice at $130 in any of those > areas. I finally added the financial district and got something here: > > http://exchangehotel.com/ > > Seems like a really nice place with excellent reviews on TripAdvisor.com. > > But that's going to be one hell of a subway ride. :) Still better than > driving in two days. > > I think Priceline is pretty safe, they generally don't put crappy hotels > in there unless you dip below 2.5 *'s. And my failure to win a bid for > UWS area the other night is NO indication that someone else couldn't win > today - inventory fluctuates from day to day. > > http://www.biddingfortravel.com/ has recent auction results for Priceline, > which is handy. > > As for parking, just assume that's extra. There's a lot under the church > that's just NW of the NW corner of the Columbia campus. I think I paid > under $30 for a day's parking last year. > > Charles I would think the hostel is the best option for housing . . . We'd have loved to make a deal with Columbia for on campus dorms. . . but of course school is in session then. http://www.columbia.edu/cu/bahai/hotel.html It probably makes sense to drive to an area accessible by public transportation, leave the car, then use the hostel. Although I've never stayed in it. Anyone in NJ or Westchester close to public transportation with free parking near them have any input? g From george at sddi.net Tue Oct 10 22:45:51 2006 From: george at sddi.net (George R.) Date: Tue, 10 Oct 2006 22:45:51 -0400 Subject: [nycbug-talk] NYCBSDCon 2006 list Message-ID: <452C5ADF.6040900@sddi.net> We have a list setup at: http://lists.nycbug.org/mailman/listinfo/nycbsdcon06 This is a great way for people to coordinate carpooling, maybe offer suggestions (or space) for housing, etc. We're not autosub'g anyone to this list. . . but please feel free to utilize to help yourself or to help others. George From pete at nomadlogic.org Wed Oct 11 00:45:47 2006 From: pete at nomadlogic.org (Pete Wright) Date: Wed, 11 Oct 2006 00:45:47 -0400 Subject: [nycbug-talk] google codesearch fun Message-ID: <20061011044527.GA3287@sunset.nomadlogic.org> fun way to waste some time at work...not that anyone here has a chance to do that ;) http://google.com/codesearch?q=+kirk+mckusick (the first hit here is pretty priceless): http://google.com/codesearch?q=%22rocks%21%22&btnG=Search&hl=en&lr= -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From bob at redivi.com Wed Oct 11 00:57:45 2006 From: bob at redivi.com (Bob Ippolito) Date: Tue, 10 Oct 2006 21:57:45 -0700 Subject: [nycbug-talk] google codesearch fun In-Reply-To: <20061011044527.GA3287@sunset.nomadlogic.org> References: <20061011044527.GA3287@sunset.nomadlogic.org> Message-ID: <6a36e7290610102157k35767989l6370000e6b752b22@mail.gmail.com> On 10/10/06, Pete Wright wrote: > fun way to waste some time at work...not that anyone here has a chance > to do that ;) > > http://google.com/codesearch?q=+kirk+mckusick I win ;) http://google.com/codesearch?q=bob+ippolito > (the first hit here is pretty priceless): > http://google.com/codesearch?q=%22rocks%21%22&btnG=Search&hl=en&lr= What did that point to when you searched? I see "triple buffering rocks!" in some DirectX code for VLC... not terribly interesting. -bob From pete at nomadlogic.org Wed Oct 11 12:05:18 2006 From: pete at nomadlogic.org (Pete Wright) Date: Wed, 11 Oct 2006 12:05:18 -0400 Subject: [nycbug-talk] google codesearch fun In-Reply-To: <6a36e7290610102157k35767989l6370000e6b752b22@mail.gmail.com> References: <20061011044527.GA3287@sunset.nomadlogic.org> <6a36e7290610102157k35767989l6370000e6b752b22@mail.gmail.com> Message-ID: <20061011160515.GA7188@sunset.nomadlogic.org> On Tue, Oct 10, 2006 at 09:57:45PM -0700, Bob Ippolito wrote: > On 10/10/06, Pete Wright wrote: > >fun way to waste some time at work...not that anyone here has a chance > >to do that ;) > > > >http://google.com/codesearch?q=+kirk+mckusick > > I win ;) > > http://google.com/codesearch?q=bob+ippolito > LOL...it's the new google vanity search :) > >(the first hit here is pretty priceless): > >http://google.com/codesearch?q=%22rocks%21%22&btnG=Search&hl=en&lr= > > What did that point to when you searched? I see "triple buffering > rocks!" in some DirectX code for VLC... not terribly interesting. > > -bob ahh nothing special...i just know when i've figured something out that was giving me problems i've put comments like "method foo rocks!" guess it's just something i can relate too. -p -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From chris at chrisclymer.com Thu Oct 12 22:04:17 2006 From: chris at chrisclymer.com (Chris Clymer) Date: Thu, 12 Oct 2006 22:04:17 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: <20061009183426.lt4sfytuxwwc4sko@webhosting.loftmail.com> References: <20061009183426.lt4sfytuxwwc4sko@webhosting.loftmail.com> Message-ID: <452EF421.7030802@chrisclymer.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 G. Rosamond wrote: > Quoting Tim Allender : > >> Practically all professional organizations have them. Certainly, >> a "User Group" organization such as the New York City BSD User's >> Group should as well. > > Know any groups, user or other, that charge $95 for a two day > conference, including four meals and significant speakers from as > far away as Latvia? > > I somehow doubt it. > > Name a conference, ANY conference, and you will find nothing close. > I don't think it's useful to compare this to last year, if that's > what you're doing. Disclaimer: I'm an Ohio Linux Fest organizer. Ohio Linux Fest has been free to attend every year, this year being the 4th. We had around 1200 attendees this year, and have increased attendance significantly every year. This year featured names such as Jon Maddog Hall from Linux International, Chris Dibona from Google, and Jeff Waugh from Gnome. Both speakers and attendees came from as far away as Australia. I would strongly argue that a large factor in the event's success has been the decision to make it, and keep it, a free event. Its also been kept to a single day, which means that many can, and do commute there in the morning, and head back home at night. I myself attended the first time 3 years ago only because a group of us could pile into a car and attend so cheaply. I know of numerous college students who came, and still come, for exactly the same reason. How is such a big event free for the attendees? Sponsorship. IBM, Novell, Digium, Red Hat, Astaro, Sybase, and scores of small companies and personal sponsorships. The events cost is tens of thousands of dollars, and with these donations the cost is able to be kept at zero for anyone interested. I offer this up only as proof that it can be done. The low cost has driven attendance, which has made sponsorship more enticing for sponsors, which helps make the event better, which drives more attendance...one big positive feedback loop. This year we were able to provide food, live penguins, and even free beer! I attended NYC BSD Con last year and had a blast. Being unemployed at the time, I made the decision to go largely because myself, and several friends could come for $40 a piece. We drove there and back from Ohio in a single day to avoid paying for a hotel. Can I afford a hotel and the cost of your event this year? Yes. Is what you're charging this year still an insanely reasonable price for all that you are offering? Absolutely yes. But don't underestimate the difference between "fair price" and "dirt cheap". Those students scraping together cash to make the event are going to be your biggest evangelists. They will bring back all of their friends the next year, and may very well end up being valuable future contributors to your event, or BSD projects in general. In my mind, there is a big difference between community-driven events like this, and Ohio Linux Fest, and events like Linux World or LISA. What is your ultimate goal? If it is to evangelize BSD, than keeping it cheap and getting more butts in seats is likely going to serve that goal better. Thats my two cents. Its obviously too late to drastically rearrange how your event is structured this year. Perhaps just keep this in mind for next? I would happy to share what we've learned in putting on Ohio Linux Fest. I'm a huge fan of what you guys are doing, and I'd like to see as many people there as possible :D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFLvQgyAc5jM0nFbgRAtagAJ9gpMwfOB4kmz5rXnv4WGDBWCJ3swCgjgXu KpgnU5ksumhmXKcCZzazJSE= =rUs8 -----END PGP SIGNATURE----- From mspitzer at gmail.com Fri Oct 13 00:30:44 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Fri, 13 Oct 2006 00:30:44 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: <452EF421.7030802@chrisclymer.com> References: <20061009183426.lt4sfytuxwwc4sko@webhosting.loftmail.com> <452EF421.7030802@chrisclymer.com> Message-ID: <8c50a3c30610122130q67ddea3fld4633b699b5e86aa@mail.gmail.com> On 10/12/06, Chris Clymer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I would strongly argue that a large factor in the event's success has > been the decision to make it, and keep it, a free event. Its also > been kept to a single day, which means that many can, and do commute > there in the morning, and head back home at night. I myself attended > the first time 3 years ago only because a group of us could pile into > a car and attend so cheaply. I know of numerous college students who > came, and still come, for exactly the same reason. > > How is such a big event free for the attendees? Sponsorship. IBM, > Novell, Digium, Red Hat, Astaro, Sybase, and scores of small > companies and personal sponsorships. The events cost is tens of > thousands of dollars, and with these donations the cost is able to be > kept at zero for anyone interested. > > I offer this up only as proof that it can be done. The low cost has > driven attendance, which has made sponsorship more enticing for > sponsors, which helps make the event better, which drives more > attendance...one big positive feedback loop. This year we were able > to provide food, live penguins, and even free beer! > Well the key point is that Linux has orders of magnatude more corporate support then the BSDs do. IBM, Redhat, Novell ... and numerious small companies. This means there is much more marketing dollars to spend on things like sponsership and penguins. marc -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From dlavigne6 at sympatico.ca Fri Oct 13 10:26:37 2006 From: dlavigne6 at sympatico.ca (Dru) Date: Fri, 13 Oct 2006 10:26:37 -0400 (EDT) Subject: [nycbug-talk] BSD chapter in HLE Message-ID: <20061013102410.V614@dru.domain.org> I've finished the first draft of the BSD chapter for Hacking Linux Exposed. Anyone who is interested in reviewing it and providing feedback, email me offlist and I'll send the PDF. Comments need to be in by next Tuesday. Cheers, Dru From dan at langille.org Fri Oct 13 11:29:48 2006 From: dan at langille.org (Dan Langille) Date: Fri, 13 Oct 2006 11:29:48 -0400 Subject: [nycbug-talk] Student Discounts In-Reply-To: <452EF421.7030802@chrisclymer.com> References: <20061009183426.lt4sfytuxwwc4sko@webhosting.loftmail.com> Message-ID: <452F78AC.30045.EADAFC@dan.langille.org> On 12 Oct 2006 at 22:04, Chris Clymer wrote: > I offer this up only as proof that it can be done. The low cost has > driven attendance, which has made sponsorship more enticing for > sponsors, which helps make the event better, which drives more > attendance...one big positive feedback loop. This year we were able > to provide food, live penguins, and even free beer! I look forward to your BSD conference. Please let us know the details so that we may attend. -- Dan Langille - BSDCan From lists at zaunere.com Sun Oct 15 17:21:01 2006 From: lists at zaunere.com (Hans Zaunere) Date: Sun, 15 Oct 2006 17:21:01 -0400 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 Message-ID: <00a301c6f09f$d08262b0$640aa8c0@MobileZ> Hello So the age old topic has a new twist from a recent evaluation of MySQL crashes on FreeBSD 6.0. I'm seeing MySQL randomly crash - especially as concurrent connections increases. Anyone with other experiences with FreeBSD 6.0 and MySQL, either good or bad? Looking forward to starting the next version of this discussion, since FreeBSD 4/5 and MySQL is apparently so yesterday's topic... H From lists at zaunere.com Sun Oct 15 20:11:58 2006 From: lists at zaunere.com (Hans Zaunere) Date: Sun, 15 Oct 2006 20:11:58 -0400 Subject: [nycbug-talk] VPN/Integrated Router Appliances Message-ID: <00c301c6f0b7$b2665490$640aa8c0@MobileZ> Hi, We're looking to deploy a [small] office integrated router to provide the following primary functionality: -- remote/field user VPN access without having to install VPN clients on their laptops/desktops; most remote users are Windows XP based -- wireless connectivity for the office space; wireless access can be open, but only authorized users should have the benefit of being in the "internal" network - the rest just have generic internet access -- wireless connectivity, however, could be provided by a separate device (which is already in place) so it's not critical to be an all in one product -- IP NAT for VPN or generic wireless users -- internal authoritative DNS server to provide internal server naming for development servers, etc; company internet facing authoritative DNS is handled elsewhere -- authorized VPN users have access to development servers on local and remote networks -- authorized VPN users have access to SMB/Windows network routing to a remote/local Samba/Windows file Now I realize I could build up a server with the firewall rules, functionality, etc., but I'm really looking towards an out-of-box solution. Some type of pre-configured appliance with HTTPS administration. I've looked at several different options, including: -- wireless integrated routers from vendors such as Linksys, D-Link, etc., such as the Linksys WRVS4400N or RV016, or the D-Link DFL-CPG31 -- alternative firmwares for above routers -- combining a BSD installment with a hardware appliance, such as Soekris with m0n0wall Commercial or free solutions are ok, although from what I've seen above, they all seem to fall short in some way, especially in providing a full DNS server for the VPN users. Any feedback/thoughts/experiences are appreciated. H From carton at Ivy.NET Sun Oct 15 21:51:07 2006 From: carton at Ivy.NET (Miles Nordin) Date: Sun, 15 Oct 2006 21:51:07 -0400 Subject: [nycbug-talk] VPN/Integrated Router Appliances In-Reply-To: <00c301c6f0b7$b2665490$640aa8c0@MobileZ> (Hans Zaunere's message of "Sun, 15 Oct 2006 20:11:58 -0400") References: <00c301c6f0b7$b2665490$640aa8c0@MobileZ> Message-ID: >>>>> "hz" == Hans Zaunere writes: hz> -- internal authoritative DNS server to provide internal hz> server naming for development servers, etc; company internet hz> facing authoritative DNS is handled elsewhere I've been using dhcpd's TSIG dynamic update feature, and it seems to work pretty well. /etc/dhcpd.conf -----8<----- include "/usr/export/named/etc/dhcpd.key"; zone gypsy.th3h.inner.chaos. { primary 10.100.100.10; key dhcpd-key; } zone 100.100.10.in-addr.arpa. { primary 10.100.100.10; key dhcpd-key; } ddns-update-style interim; ignore client-updates; option domain-name "th3h.inner.chaos"; [...] -----8<----- /etc/rc.conf -----8<----- named=YES named_chrootdir="/usr/export/named" dhcpd=YES dhcpd_flags="-q tlp2 tlp3 tlp4" -----8<----- (generate this file with dnssec-keygen -a hmac-md5 -b 512 -n user -r /dev/urandom dhcpd-key then take the key out of Kdhcpd-key.+157+_____.private and put into this format after 'secret') /usr/export/named/etc/dhcpd.key -----8<----- key dhcpd-key { algorithm HMAC-MD5.SIG-ALG.REG.INT; secret ABCdefg1234==; }; -----8<----- make sure the 'dyn' directory is writeable by the named user. /usr/export/named/etc/named.conf -----8<----- acl localhost6 { ::1/128; }; acl fw { 192.168.0.0/16; 69.31.131.32/27; 2001:4830:2150::/48; localhost; localhost6; }; acl chaosvpn { 10.0.0.0/8; }; include "/etc/dhcpd.key"; zone "100.100.10.in-addr.arpa." in { type master; file "dyn/10.100.100.inaddr"; allow-query { fw; chaosvpn; }; allow-update { key dhcpd-key; }; }; zone "gypsy.th3h.inner.chaos." in { type master; file "dyn/gypsy.th3h.inner.chaos.master"; allow-query { fw; chaosvpn; }; allow-update { key dhcpd-key; }; }; -----8<----- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From spork at bway.net Mon Oct 16 15:04:20 2006 From: spork at bway.net (Charles Sprickman) Date: Mon, 16 Oct 2006 15:04:20 -0400 (EDT) Subject: [nycbug-talk] VPN/Integrated Router Appliances In-Reply-To: <00c301c6f0b7$b2665490$640aa8c0@MobileZ> References: <00c301c6f0b7$b2665490$640aa8c0@MobileZ> Message-ID: On Sun, 15 Oct 2006, Hans Zaunere wrote: > Hi, > > We're looking to deploy a [small] office integrated router to provide the > following primary functionality: Hans, I would suggest running this by the PFSense support list: support at pfsense.com. Most of what you want can be done with PFSense (which just had their first non-beta release), but I've never touched any of the VPN stuff. However folks on the list are in an excellent position to let you know whether your wish list fits with their product. Charles > -- remote/field user VPN access without having to install VPN clients on > their laptops/desktops; most remote users are Windows XP based > > -- wireless connectivity for the office space; wireless access can be open, > but only authorized users should have the benefit of being in the "internal" > network - the rest just have generic internet access > > -- wireless connectivity, however, could be provided by a separate device > (which is already in place) so it's not critical to be an all in one product > > -- IP NAT for VPN or generic wireless users > > -- internal authoritative DNS server to provide internal server naming for > development servers, etc; company internet facing authoritative DNS is > handled elsewhere > > -- authorized VPN users have access to development servers on local and > remote networks > > -- authorized VPN users have access to SMB/Windows network routing to a > remote/local Samba/Windows file > > > Now I realize I could build up a server with the firewall rules, > functionality, etc., but I'm really looking towards an out-of-box solution. > Some type of pre-configured appliance with HTTPS administration. I've > looked at several different options, including: > > -- wireless integrated routers from vendors such as Linksys, D-Link, etc., > such as the Linksys WRVS4400N or RV016, or the D-Link DFL-CPG31 > > -- alternative firmwares for above routers > > -- combining a BSD installment with a hardware appliance, such as Soekris > with m0n0wall > > > Commercial or free solutions are ok, although from what I've seen above, > they all seem to fall short in some way, especially in providing a full DNS > server for the VPN users. Any feedback/thoughts/experiences are > appreciated. > > H > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From pete at nomadlogic.org Mon Oct 16 22:50:23 2006 From: pete at nomadlogic.org (Peter Wright) Date: Mon, 16 Oct 2006 19:50:23 -0700 (PDT) Subject: [nycbug-talk] Nvidia Blob Exploit Message-ID: <50166.70.38.30.24.1161053423.squirrel@webmail.nomadlogic.org> http://download2.rapid7.com/r7-0025/ not to say i'm surprised or anything...but this topic is actually pretty interesting to me as i am directly dependent upon nvidia for hardware and driver support for my job. so, my business hat is benefiting from the blob's built by nvidia. infact i would not be too surprised to see NDA tainted bit's in the blob. and Nvidia does provide commercial engineering support for their cards as well, and infact many vfx companies take advantage of this. so in these cases you may say both parties are benefiting from this relationship. now, i belive one of OpenBSD's main issues with binary blobs is that it tends to prevent coders of drivers from getting complete hardware doc? does anyone know if this is the case with the nvidia built drivers? i do feel that people developing open source drivers *should* be given adequate documentation for hardware. it just makes sense, i'm not going to attempt to rehash Theo's arguments on this... -p -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From njt at ayvali.org Tue Oct 17 11:00:50 2006 From: njt at ayvali.org (N.J. Thomas) Date: Tue, 17 Oct 2006 11:00:50 -0400 Subject: [nycbug-talk] OpenBSD and blobs In-Reply-To: <50166.70.38.30.24.1161053423.squirrel@webmail.nomadlogic.org> References: <50166.70.38.30.24.1161053423.squirrel@webmail.nomadlogic.org> Message-ID: <20061017150048.GB10586@ayvali.org> * Peter Wright [2006-10-16 19:50:23 -0700]: > now, i belive one of OpenBSD's main issues with binary blobs is that > it tends to prevent coders of drivers from getting complete hardware > doc? does anyone know if this is the case with the nvidia built > drivers? >From my understanding of what the OpenBSD devs have stated on the issue: they absolutely don't accept binblobs because you are basically running a lump of code for which no source (and usually no documentation either) is available. It's obviously a huge security risk, and their position is only validated by news of the Nvidia exploit. What they do want are these 3 things instead: - binary firmware for the hardware in question (firmware is not a binblob, because it is not executed, it is just copied into hardware) - the rights to freely distribute this firmware - enough documentation to be able to hook the OS into the hardware Contrary to what has been said elsewhere, they do not want the complete docs to write their own firmware, this is a huge waste of time for everyone. All in all, their position is quite reasonable and it's disheartening to see Linux and FreeBSD devs take such a nonchalant attitude towards the problem. They devote a lot of ink to free software issues but don't seem to exercise it when it counts. Thomas -- N.J. Thomas njt at ayvali.org Etiamsi occiderit me, in ipso sperabo From lists at zaunere.com Tue Oct 17 12:14:17 2006 From: lists at zaunere.com (Hans Zaunere) Date: Tue, 17 Oct 2006 12:14:17 -0400 Subject: [nycbug-talk] VPN/Integrated Router Appliances In-Reply-To: Message-ID: <007301c6f207$4bbe3f90$4c70cb92@MobileZ> Charles Sprickman wrote on Monday, October 16, 2006 3:04 PM: > On Sun, 15 Oct 2006, Hans Zaunere wrote: > > > Hi, > > > > We're looking to deploy a [small] office integrated router to > > provide the following primary functionality: > > Hans, > > I would suggest running this by the PFSense support list: > support at pfsense.com. Most of what you want can be done with PFSense > (which just had their first non-beta release), but I've never touched > any of the VPN stuff. However folks on the list are in an excellent > position to let you know whether your wish list fits with their > product. Hi Charles (and others), thanks for this. I'll follow-up. H From ike at lesmuug.org Tue Oct 17 12:42:32 2006 From: ike at lesmuug.org (Isaac Levy) Date: Tue, 17 Oct 2006 12:42:32 -0400 Subject: [nycbug-talk] VPN/Integrated Router Appliances In-Reply-To: <00c301c6f0b7$b2665490$640aa8c0@MobileZ> References: <00c301c6f0b7$b2665490$640aa8c0@MobileZ> Message-ID: Hi Hans, All, In short, after the lecture I gave on PFSense and m0n0wall, I'd SERIOUSLY reccommend you take a look at those packages. Either would would likely fit the bill, feel free to ask any deployment/setup questions offlist. On Oct 15, 2006, at 8:11 PM, Hans Zaunere wrote: > > Hi, > > We're looking to deploy a [small] office integrated router to > provide the > following primary functionality: > > -- remote/field user VPN access without having to install VPN > clients on > their laptops/desktops; most remote users are Windows XP based I can't say precisely, as I have little experience with the WinXP side, but I believe the PPTP is ideal for Windows XP client VPN's. From the m0n0wall handbook: http://doc.m0n0.ch/handbook/pptp-windows.html Hope that helps-? > > -- wireless connectivity for the office space; wireless access can > be open, > but only authorized users should have the benefit of being in the > "internal" > network - the rest just have generic internet access Dude, both m0n0wall and PFSense can be setup to do this in a myriad of ways- If you say, got a soekris or wrap box with dual mini-PCI slots, you could have this setup with a single router. One wireless network could be 'open', with restricted bandwidth throttling, and firewalled off so it doesn't pass packets to the internal network. The other wireless card could then be tied directly into the 'internal' network, and locked down however you see fit. Additionally, both m0n0wall and PFSense have Captive Portal options- which is VERY Cool if you want to go that route- (it's just like logins at the airport or starbucks). > > -- wireless connectivity, however, could be provided by a separate > device > (which is already in place) so it's not critical to be an all in > one product If you say, got a soekris/wrap box with just one mini-PCI slot, (like the ol' faithful net4801), you could simply put the 'internal' access point on that network, and lock it down however you see fit for that device- and then use the onboard wireless to run the 'open' AP. > > -- IP NAT for VPN or generic wireless users m0n0wall and PFSense do that with ease. > > -- internal authoritative DNS server to provide internal server > naming for > development servers, etc; company internet facing authoritative DNS is > handled elsewhere m0n0wall and PFSense also have a VERY easy to configure DNS proxy, you can do really amazing time-saving things with it. > > -- authorized VPN users have access to development servers on local > and > remote networks Ooooh- tricky- just tweak the firewalls once you have the VPN's setup and working. > > -- authorized VPN users have access to SMB/Windows network routing > to a > remote/local Samba/Windows file ? That's all in the setup. If your VPN client machines are stable, I don't see this as a problem once they're authenticated into the network. > > > Now I realize I could build up a server with the firewall rules, > functionality, etc., but I'm really looking towards an out-of-box > solution. > Some type of pre-configured appliance with HTTPS administration. I've > looked at several different options, including: > > -- wireless integrated routers from vendors such as Linksys, D- > Link, etc., > such as the Linksys WRVS4400N or RV016, or the D-Link DFL-CPG31 > > -- alternative firmwares for above routers > > -- combining a BSD installment with a hardware appliance, such as > Soekris > with m0n0wall Did I say m0n0wall and PFSense yet? :) > > > Commercial or free solutions are ok, although from what I've seen > above, > they all seem to fall short in some way, especially in providing a > full DNS > server for the VPN users. Any feedback/thoughts/experiences are > appreciated. > > H m0n0wall and PFSense blow every commercial piece of junk I've touched out of the water, and as an important bonus, they're easy to use- (e.g. you can train any compitent tech to manage them). Rocket- .ike From lists at genoverly.net Tue Oct 17 14:00:02 2006 From: lists at genoverly.net (michael) Date: Tue, 17 Oct 2006 14:00:02 -0400 Subject: [nycbug-talk] VPN/Integrated Router Appliances In-Reply-To: References: <00c301c6f0b7$b2665490$640aa8c0@MobileZ> Message-ID: <20061017140002.5be6a4ba@dt.genoverly.com> On Tue, 17 Oct 2006 12:42:32 -0400 Isaac Levy wrote: > Hi Hans, All, > > In short, after the lecture I gave on PFSense and m0n0wall, I'd > SERIOUSLY reccommend you take a look at those packages. > > Either would would likely fit the bill, feel free to ask any > deployment/setup questions offlist. +1 -- michael From nycbug at chrisbuechler.com Tue Oct 17 16:04:46 2006 From: nycbug at chrisbuechler.com (Chris Buechler) Date: Tue, 17 Oct 2006 16:04:46 -0400 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 In-Reply-To: <00a301c6f09f$d08262b0$640aa8c0@MobileZ> References: <00a301c6f09f$d08262b0$640aa8c0@MobileZ> Message-ID: <4535375E.50405@chrisbuechler.com> Hans Zaunere wrote: > I'm seeing MySQL randomly crash - especially as concurrent connections > increases. Anyone with other experiences with FreeBSD 6.0 and MySQL, either > good or bad? > Not much different from 4.x and 5.x, in my experience. Of about 8 jails I run with MySQL, I see roughly 3-4 crashes a year. The frequency hasn't changed from 4.x to 5.x to 6.x, for me. Doesn't seem to be load related at all (one of those hosts pfsense, which hit the front page of Slashdot, OSNews, and Digg all on the same day, along with a lot of other press over the weekend with the 1.0 release, and stood up to the subsequent heavy beating with no problems). From what I've seen, it's very random, and it happens so infrequently that I haven't bothered to look into it. I've never seen frequent MySQL crashes on FreeBSD. You sure your hardware (RAM, et. al.) are OK? Cheers, -Chris From pete at nomadlogic.org Tue Oct 17 16:42:07 2006 From: pete at nomadlogic.org (Pete Wright) Date: Tue, 17 Oct 2006 16:42:07 -0400 Subject: [nycbug-talk] OpenBSD and blobs In-Reply-To: <20061017150048.GB10586@ayvali.org> References: <50166.70.38.30.24.1161053423.squirrel@webmail.nomadlogic.org> <20061017150048.GB10586@ayvali.org> Message-ID: <20061017204204.GA39261@sunset.nomadlogic.org> On Tue, Oct 17, 2006 at 11:00:50AM -0400, N.J. Thomas wrote: > * Peter Wright [2006-10-16 19:50:23 -0700]: > > now, i belive one of OpenBSD's main issues with binary blobs is that > > it tends to prevent coders of drivers from getting complete hardware > > doc? does anyone know if this is the case with the nvidia built > > drivers? > > >From my understanding of what the OpenBSD devs have stated on the issue: > they absolutely don't accept binblobs because you are basically running > a lump of code for which no source (and usually no documentation either) > is available. It's obviously a huge security risk, and their position is > only validated by news of the Nvidia exploit. > > What they do want are these 3 things instead: > > - binary firmware for the hardware in question (firmware is not a > binblob, because it is not executed, it is just copied into > hardware) > > - the rights to freely distribute this firmware > > - enough documentation to be able to hook the OS into the hardware > > Contrary to what has been said elsewhere, they do not want the complete > docs to write their own firmware, this is a huge waste of time for > everyone. > ahh, thanks for clearing that up for me. so i guess in this case nvidia is not providing the doc. and not allowing distribution of the binary firmware. that's a shame, as i doubt if they allowed these things to happen they would loose too much custom engineering contracts. who knows maybe they would... -p -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From njt at ayvali.org Tue Oct 17 16:46:51 2006 From: njt at ayvali.org (N.J. Thomas) Date: Tue, 17 Oct 2006 16:46:51 -0400 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 In-Reply-To: <00a301c6f09f$d08262b0$640aa8c0@MobileZ> References: <00a301c6f09f$d08262b0$640aa8c0@MobileZ> Message-ID: <20061017204651.GC1958@ayvali.org> * Hans Zaunere [2006-10-15 17:21:01 -0400]: > So the age old topic has a new twist from a recent evaluation of MySQL > crashes on FreeBSD 6.0. > > Looking forward to starting the next version of this discussion, since > FreeBSD 4/5 and MySQL is apparently so yesterday's topic... We moved from FreeBSD on our DB servers to Linux because of MySQL stability issues -- That was a couple of years ago. Recently, we were planning our DB server upgrades and I did a little bit of research to see if MySQL was more viable on FreeBSD 6.1, but finally decided to stick with Linux/MySQL because of reported performance issues as well as problems with the ULE scheduler that people recommended be used for MySQL. All this was not really worth it for us, so we are sticking with Linux. A shame really, I'd like to have moved back because we are a FreeBSD shop it and it makes things easier to have identical boxes. (NB: We never ran any benchmarks ourselves due to lack of project time, but the best thing for you to do would be to set up a sandbox and test with your applications under simulated load to see if problems crop up.) hth, Thomas -- N.J. Thomas njt at ayvali.org Etiamsi occiderit me, in ipso sperabo From nycbug-list at 2xlp.com Tue Oct 17 16:55:38 2006 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Tue, 17 Oct 2006 16:55:38 -0400 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 In-Reply-To: <4535375E.50405@chrisbuechler.com> References: <00a301c6f09f$d08262b0$640aa8c0@MobileZ> <4535375E.50405@chrisbuechler.com> Message-ID: <9A8AF012-4C6B-4B37-8D1D-72C5461C3A3D@2xlp.com> > Hans Zaunere wrote: >> I'm seeing MySQL randomly crash - especially as concurrent >> connections >> increases. Anyone with other experiences with FreeBSD 6.0 and >> MySQL, either >> good or bad? >> several ideas hit me a) MySQL doesn't handle many concurrent connections well. The last 'x connections' report i saw, had x for mysql , 10x for pgsql and 500x for oracle. b) what are you doing with mysql? if you're doing some selects / inserts, thats odd but if you're relying on some of the 'new' features -- triggers, views, referential integrity -- i wouldn't be surprised if you saw tons of crashes. i had super bad luck whenever I tried to use the 'new' features From lists at genoverly.net Tue Oct 17 17:18:52 2006 From: lists at genoverly.net (michael) Date: Tue, 17 Oct 2006 17:17:52 -0401 Subject: [nycbug-talk] OpenBSD and blobs In-Reply-To: <20061017204204.GA39261@sunset.nomadlogic.org> References: <50166.70.38.30.24.1161053423.squirrel@webmail.nomadlogic.org> <20061017150048.GB10586@ayvali.org> <20061017204204.GA39261@sunset.nomadlogic.org> Message-ID: <20061017171752.3194f10f@dt.genoverly.com> On Tue, 17 Oct 2006 16:42:07 -0400 pete at nomadlogic.org (Pete Wright) wrote: > ahh, thanks for clearing that up for me. so i guess in this case > nvidia is not providing the doc. and not allowing distribution of the > binary firmware. that's a shame, as i doubt if they allowed these > things to happen they would loose too much custom engineering > contracts. who knows maybe they would... > > -p Well, video drivers are frequently left up to xorg, not the OS. But these guys make a lot of other parts too. This was interesting: http://www.nvidia.com/object/nv_swlicense.html Here's as little snip... 2. GRANT OF LICENSE 2.1 Rights and Limitations of Grant. NVIDIA hereby grants Customer the following non-exclusive, non-transferable right to use the SOFTWARE, with the following limitations: 2.1.1 Rights. Customer may install and use one copy of the SOFTWARE on a single computer, and except for making one back- up copy of the Software, may not otherwise copy the SOFTWARE. This LICENSE of SOFTWARE may not be shared or used concurrently on different computers. 2.1.2 Linux/FreeBSD Exception. Notwithstanding the foregoing terms of Section 2.1.1, SOFTWARE designed exclusively for use on the Linux or FreeBSD operating systems, or other operating systems derived from the source code to these operating systems, may be copied and redistributed, provided that the binary files thereof are not modified in any way (except for unzipping of compressed files). 2.1.3 Limitations. No Reverse Engineering. Customer may not reverse engineer, decompile, or disassemble the SOFTWARE, nor attempt in any other manner to obtain the source code. No Separation of Components. The SOFTWARE is licensed as a single product. Its component parts may not be separated for use on more than one computer, nor otherwise used separately from the other parts. No Rental. Customer may not rent or lease the SOFTWARE to someone else. -- michael From carton at Ivy.NET Tue Oct 17 21:28:19 2006 From: carton at Ivy.NET (Miles Nordin) Date: Tue, 17 Oct 2006 21:28:19 -0400 Subject: [nycbug-talk] OpenBSD and blobs In-Reply-To: <20061017150048.GB10586@ayvali.org> (N.J. Thomas's message of "Tue, 17 Oct 2006 11:00:50 -0400") References: <50166.70.38.30.24.1161053423.squirrel@webmail.nomadlogic.org> <20061017150048.GB10586@ayvali.org> Message-ID: >>>>> "njt" == N J Thomas writes: njt> All in all, their position is quite reasonable and it's njt> disheartening to see Linux and FreeBSD devs take such a njt> nonchalant attitude towards the problem. The atheros blob is a particular harmful case of this. the ath_hal shipped in FreeBSD, Linux, and NetBSD is built by Sam Leffler who has signed an NDA with Atheros. I suspect that Atheros considers Sam ``tainted'' by the sight of their code and probably insisted in their NDA that he give up his right to work on the OpenBSD driver, which is blob-free. He's therefore glad to build a blob for anything you want if it will convince you to avoid Reyk's open HAL. Unfortunately the builds of the HAL Sam does are quite crappy and prone to regressions. Since there is no way for anyone but Sam to separate bugfix changes to the HAL from experimental-feature changes to the HAL, he has turned the free software community into his playground of captive beta testers. We cannot do our own release engineering---we can only accept whatever piece-of-crap blob he chucks at us and beta-test it for the benefit of his employer. Wireless has become all but unuseable on free operating systems thanks to a couple arcane decisions by a very small number of people. We really need a permanent way out of this disaster. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From george at sddi.net Wed Oct 18 20:07:36 2006 From: george at sddi.net (George R.) Date: Wed, 18 Oct 2006 20:07:36 -0400 Subject: [nycbug-talk] last days to early NYCBSDCon registration. . . Message-ID: <4536C1C8.6040709@sddi.net> . . . and please spread this around. . . Early registration for NYCBSDCon 2006 ends on Saturday October 21st. That's in just a few short days, so we encourage you to move fast! This year's conference features a wide variety of speakers, including Wietse Venema, Bob Beck and Murray Stokely, with topics ranging from network appliances to the problem of package system dependencies. The weekend starts at the Amsterdam Cafe on Friday evening at 8 pm, October 27th, with an informal social gathering. For those in town, we strongly encourage you to join in. The Amsterdam Cafe is on 119th Street and Amsterdam Avenue. The next morning, we are starting bright and early with check-in and registration at 8 am, with the kick-off commencing at 8:45 am. Don't forget that continental breakfast and lunch will be provided for both days. The reduced early registration rate of $95 jumps to $145 on October 22nd, and up to $195 for walk-ins at the conference. Big thanks to our sponsors including Google, New York Internet, Everest Broadband, Addison-Wesley/Prentice Hall, not to mention our small business sponsors. And a huge thanks to Angelos D. Keromytis and Columbia University again. You can register online at http://www.nycbsdcon.org. Registering but not paying means you're not registered. From lists at zaunere.com Wed Oct 18 21:56:26 2006 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 18 Oct 2006 21:56:26 -0400 Subject: [nycbug-talk] VPN/Integrated Router Appliances In-Reply-To: Message-ID: <003501c6f321$c9a3bfa0$640aa8c0@MobileZ> Hey Ike, all - thanks all for the feedback. And thanks Miles for the scripts/configs. I'll keep them on hand. Isaac Levy wrote on Tuesday, October 17, 2006 12:43 PM: > Hi Hans, All, > > In short, after the lecture I gave on PFSense and m0n0wall, I'd > SERIOUSLY reccommend you take a look at those packages. > > Either would would likely fit the bill, feel free to ask any > deployment/setup questions offlist. Thanks Ike - I have my eye on pfsense actually... > On Oct 15, 2006, at 8:11 PM, Hans Zaunere wrote: > > > > > Hi, > > > > We're looking to deploy a [small] office integrated router to > > provide the > > following primary functionality: > > > > -- remote/field user VPN access without having to install VPN > > clients on > > their laptops/desktops; most remote users are Windows XP based > > I can't say precisely, as I have little experience with the WinXP > side, but I believe the PPTP is ideal for Windows XP client VPN's. > > From the m0n0wall handbook: > http://doc.m0n0.ch/handbook/pptp-windows.html > > Hope that helps-? Yeah, that's perfect - would work without mucking with Windows' clients, etc. I have to use an SSL-VPN through IE at times, which uses an ActiveX to intercept traffic. It's creepy, quite frankly. > > -- wireless connectivity for the office space; wireless access can > > be open, > > but only authorized users should have the benefit of being in the > > "internal" network - the rest just have generic internet access > > Dude, both m0n0wall and PFSense can be setup to do this in a myriad > of ways- > > If you say, got a soekris or wrap box with dual mini-PCI slots, you > could have this setup with a single router. One wireless network > could be 'open', with restricted bandwidth throttling, and firewalled > off so it doesn't pass packets to the internal network. The other > wireless card could then be tied directly into the 'internal' > network, and locked down however you see fit. > > Additionally, both m0n0wall and PFSense have Captive Portal options- > which is VERY Cool if you want to go that route- (it's just like > logins at the airport or starbucks). I've been considering the captive portal route... could probably hack some things using PHP too, it seems, to give various levels of wireless access. > > -- wireless connectivity, however, could be provided by a separate > > device (which is already in place) so it's not critical to be an > > all in > > one product > > If you say, got a soekris/wrap box with just one mini-PCI slot, (like > the ol' faithful net4801), you could simply put the 'internal' access > point on that network, and lock it down however you see fit for that > device- and then use the onboard wireless to run the 'open' AP. I'll probably go the souped-up soekris. Which actually brings up another question. I've heard some mumblings around about their stability (heat?). I'm considering a configurations such as: -- 4gb CompactFlash -- wireless card -- attach external switch for local desktops Anyone has positive/negatives for the net4801 or net4826? > > -- IP NAT for VPN or generic wireless users > > m0n0wall and PFSense do that with ease. Nice. We'll have a small number of VPN users (~5) - any need for the hardware encryption options? > > -- internal authoritative DNS server to provide internal server > > naming for development servers, etc; company internet facing > > authoritative DNS is handled elsewhere > > m0n0wall and PFSense also have a VERY easy to configure DNS proxy, > you can do really amazing time-saving things with it. > > > > > -- authorized VPN users have access to development servers on local > > and remote networks > > Ooooh- tricky- just tweak the firewalls once you have the VPN's setup > and working. Ok, seems doable... > > -- authorized VPN users have access to SMB/Windows network routing > > to a > > remote/local Samba/Windows file > > ? That's all in the setup. If your VPN client machines are stable, I > don't see this as a problem once they're authenticated into the > network. Ok, doesn't seem like a problem. But I have heard of problems routing Windows protocols, but they're probably really only a problem on the Linksys products. > > Now I realize I could build up a server with the firewall rules, > > functionality, etc., but I'm really looking towards an out-of-box > > solution. Some type of pre-configured appliance with HTTPS > > administration. I've looked at several different options, > > including: > > > > -- wireless integrated routers from vendors such as Linksys, D- > > Link, etc., > > such as the Linksys WRVS4400N or RV016, or the D-Link DFL-CPG31 > > > > -- alternative firmwares for above routers > > > > -- combining a BSD installment with a hardware appliance, such as > > Soekris with m0n0wall > > Did I say m0n0wall and PFSense yet? :) > > > > > > > Commercial or free solutions are ok, although from what I've seen > > above, they all seem to fall short in some way, especially in > > providing a full DNS server for the VPN users. Any > > feedback/thoughts/experiences are appreciated. > > > > H > > m0n0wall and PFSense blow every commercial piece of junk I've touched > out of the water, and as an important bonus, they're easy to use- > (e.g. you can train any compitent tech to manage them). Yeah, I'm starting to prefer pfsense too. Linksys has some new products out there that are interesting, but I've heard a lot of issues with them and I'd rather have BSD watching my network anyway. Thanks, H From lists at zaunere.com Wed Oct 18 22:03:33 2006 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 18 Oct 2006 22:03:33 -0400 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 In-Reply-To: <4535375E.50405@chrisbuechler.com> Message-ID: <003c01c6f322$c7c4f810$640aa8c0@MobileZ> Hi Chris, Chris Buechler wrote on Tuesday, October 17, 2006 4:05 PM: > Hans Zaunere wrote: > > I'm seeing MySQL randomly crash - especially as concurrent > > connections increases. Anyone with other experiences with FreeBSD > > 6.0 and MySQL, either good or bad? > > > > Not much different from 4.x and 5.x, in my experience. Of about 8 > jails I run with MySQL, I see roughly 3-4 crashes a year. The > frequency hasn't changed from 4.x to 5.x to 6.x, for me. Doesn't > seem to be load related at all (one of those hosts pfsense, which hit > the front page of Slashdot, OSNews, and Digg all on the same day, > along with a lot of other press over the weekend with the 1.0 > release, and stood up to the subsequent heavy beating with no > problems). > > From what I've seen, it's very random, and it happens so infrequently > that I haven't bothered to look into it. I've never seen frequent > MySQL crashes on FreeBSD. You sure your hardware (RAM, et. al.) are > OK? We haven't done a RAM check, but these are three boxes - two new and one older - so it's be strange. Unfortunately I've seen frequent crashes on FreeBSD 4.x without using LinuxThreads, especially under heavy load - MySQL heavy load that is. With LinuxThreads, problem solved. I had hoped that 6.x would resolve these issues with a new threading lib, but apparently there are still some issues. Keep an eye on your concurrent connections to MySQL - when it's highest, it's likely when it crashes. Some more digging to try to resolve this problem reveals some issues - on AMD64 - and other platforms: http://bugs.mysql.com/bug.php?id=19496 http://lists.freebsd.org/pipermail/freebsd-questions/2006-August/127824.html http://bugs.mysql.com/bug.php?id=12251 http://www.freebsd.org/cgi/query-pr.cgi?pr=95127 Hrmm, H From lists at zaunere.com Wed Oct 18 22:07:25 2006 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 18 Oct 2006 22:07:25 -0400 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 In-Reply-To: <9A8AF012-4C6B-4B37-8D1D-72C5461C3A3D@2xlp.com> Message-ID: <003d01c6f323$526f2b20$640aa8c0@MobileZ> Hi Jonathan, thanks, Jonathan Vanasco wrote on Tuesday, October 17, 2006 4:56 PM: > > Hans Zaunere wrote: > > > I'm seeing MySQL randomly crash - especially as concurrent > > > connections increases. Anyone with other experiences with > > > FreeBSD 6.0 and MySQL, either good or bad? > > > > > several ideas hit me > > a) MySQL doesn't handle many concurrent connections well. > > The last 'x connections' report i saw, had x for mysql , 10x for > pgsql and 500x for oracle. It certainly has it's limits, but can handle quite a bit. I've seen several thousand connections on a regular basis without issue, assuming a properly configured server and smart queries, transactions, etc. We've just deployed a server handling 1000+ connections and doing 10K+ queries per second. > b) what are you doing with mysql? > > if you're doing some selects / inserts, thats odd > but if you're relying on some of the 'new' features -- triggers, > views, referential integrity -- i wouldn't be surprised if you saw > tons of crashes. i had super bad luck whenever I tried to use the > 'new' features This is 4.1 so these features aren't in use. I'm afraid we're hitting some threading issues, per previous links. H From lists at zaunere.com Wed Oct 18 22:09:51 2006 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 18 Oct 2006 22:09:51 -0400 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 In-Reply-To: <20061017204651.GC1958@ayvali.org> Message-ID: <003e01c6f323$a92afed0$640aa8c0@MobileZ> Hi, N.J. Thomas wrote on Tuesday, October 17, 2006 4:47 PM: > * Hans Zaunere [2006-10-15 17:21:01 -0400]: > > So the age old topic has a new twist from a recent evaluation of > > MySQL crashes on FreeBSD 6.0. > > > > Looking forward to starting the next version of this discussion, > > since FreeBSD 4/5 and MySQL is apparently so yesterday's topic... > > We moved from FreeBSD on our DB servers to Linux because of MySQL > stability issues -- That was a couple of years ago. Recently, we were > planning our DB server upgrades and I did a little bit of research to > see if MySQL was more viable on FreeBSD 6.1, but finally decided to > stick with Linux/MySQL because of reported performance issues as well > as problems with the ULE scheduler that people recommended be used for > MySQL. So you were still seeing issues on 6.1? Per some links I posted earlier, they say 6.1 should clear up many issues... hrm, not good. > All this was not really worth it for us, so we are sticking with > Linux. A shame really, I'd like to have moved back because we are a > FreeBSD shop it and it makes things easier to have identical boxes. > > (NB: We never ran any benchmarks ourselves due to lack of project > time, but the best thing for you to do would be to set up a sandbox > and test with your applications under simulated load to see if > problems crop up.) Thanks Thomas. I actually always recommend Linux for MySQL, but these servers are coming from a vendor, so it's going to be a political move to get them to change. They are a FreeBSD shop as well, which of course runs everything else flawlessly - except MySQL. H From bschonhorst at gmail.com Wed Oct 18 22:10:54 2006 From: bschonhorst at gmail.com (Brad Schonhorst) Date: Wed, 18 Oct 2006 22:10:54 -0400 Subject: [nycbug-talk] VPN/Integrated Router Appliances In-Reply-To: <003501c6f321$c9a3bfa0$640aa8c0@MobileZ> References: <003501c6f321$c9a3bfa0$640aa8c0@MobileZ> Message-ID: <7708fd680610181910l2d948af3w2326f5320f3f3a2d@mail.gmail.com> > Yeah, I'm starting to prefer pfsense too. Linksys has some new products out > there that are interesting, but I've heard a lot of issues with them and I'd > rather have BSD watching my network anyway. I really like pfsense as well but it still seems to be missing support for proper WAN failover. It appears there is now limited support for WAN loadbalancing failover though. Anyone tried this out? -Brad From jca at sdf.lonestar.org Thu Oct 19 00:23:36 2006 From: jca at sdf.lonestar.org (Jonathan C. Allen) Date: Thu, 19 Oct 2006 00:23:36 -0400 Subject: [nycbug-talk] NYCBSDCon Attendee from NJ Message-ID: <20061019042335.GB5365@SDF.LONESTAR.ORG> I live in Bloomfield, NJ and I'm attending the Con. I'm trying to figure out my options for transportation and/or lodging. I did the commute thing for HOPE (by bus and car), which kind of sucked. Anyone coming from my area that can offer advice? I'm leaning toward getting a bed at the hostel. jca From tux at penguinnetwerx.net Thu Oct 19 00:45:44 2006 From: tux at penguinnetwerx.net (Kevin Reiter) Date: Thu, 19 Oct 2006 00:45:44 -0400 Subject: [nycbug-talk] NYCBSDCon Attendee from NJ In-Reply-To: <20061019042335.GB5365@SDF.LONESTAR.ORG> References: <20061019042335.GB5365@SDF.LONESTAR.ORG> Message-ID: <453702F8.60702@penguinnetwerx.net> Jonathan C. Allen wrote: > I live in Bloomfield, NJ and I'm attending the Con. I'm trying > to figure out my options for transportation and/or lodging. I > did the commute thing for HOPE (by bus and car), which kind of > sucked. Anyone coming from my area that can offer advice? I'm > leaning toward getting a bed at the hostel. I'll be attending. I live in Hawthorne, so we're not too far from each other. I think I did the bus to NY followed by taxi to the Con last year, but it's a bit fuzzy right now.. I need to get back to Trish to see if the offer is still open to crash at her place, since paying for a room x2 night is OOTC right now. --- Hey Trish, is that offer still open? :) -Kev From njt at ayvali.org Thu Oct 19 09:56:48 2006 From: njt at ayvali.org (N.J. Thomas) Date: Thu, 19 Oct 2006 09:56:48 -0400 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 In-Reply-To: <003e01c6f323$a92afed0$640aa8c0@MobileZ> References: <20061017204651.GC1958@ayvali.org> <003e01c6f323$a92afed0$640aa8c0@MobileZ> Message-ID: <20061019135648.GB26568@ayvali.org> * Hans Zaunere [2006-10-18 22:09:51 -0400]: > > but finally decided to stick with Linux/MySQL because of reported > > performance issues as well as problems with the ULE scheduler that > > people recommended be used for MySQL. > > So you were still seeing issues on 6.1? Per some links I posted > earlier, they say 6.1 should clear up many issues... hrm, not good. I should clarify, we never moved to MySQL/FreeBSD because we had heard of these issues. I head also heard good things about MySQL running on 6.1 as well, but overall we got mixed reports, and seeing as how there weren't any similar issues with Linux, we stuck with that. If anything, I was itching to move the DBs to FreeBSD, but in the end the final conclusion that was reached was that because we were on an extremely tight schedule, it was probably not worth the hassle, so we are remaining with Linux -- for now. Thomas -- N.J. Thomas njt at ayvali.org Etiamsi occiderit me, in ipso sperabo From lists at zaunere.com Thu Oct 19 10:48:37 2006 From: lists at zaunere.com (Hans Zaunere) Date: Thu, 19 Oct 2006 10:48:37 -0400 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 In-Reply-To: <20061019135648.GB26568@ayvali.org> Message-ID: <011301c6f38d$a926abe0$640aa8c0@MobileZ> N.J. Thomas wrote on Thursday, October 19, 2006 9:57 AM: > * Hans Zaunere [2006-10-18 22:09:51 -0400]: > > > but finally decided to stick with Linux/MySQL because of reported > > > performance issues as well as problems with the ULE scheduler that > > > people recommended be used for MySQL. > > > > So you were still seeing issues on 6.1? Per some links I posted > > earlier, they say 6.1 should clear up many issues... hrm, not good. > > I should clarify, we never moved to MySQL/FreeBSD because we had heard > of these issues. I head also heard good things about MySQL running on > 6.1 as well, but overall we got mixed reports, and seeing as how there > weren't any similar issues with Linux, we stuck with that. > > If anything, I was itching to move the DBs to FreeBSD, but in the end > the final conclusion that was reached was that because we were on an > extremely tight schedule, it was probably not worth the hassle, so we > are remaining with Linux -- for now. Thanks for the clarification. And I agree - if it ain't broke, don't fix it. Linux and MySQL are stable together - something about the licenses I think... H From trish at bsdunix.net Thu Oct 19 11:04:05 2006 From: trish at bsdunix.net (=?UTF-8?B?VHJpc2ggTHluY2g=?=) Date: Thu, 19 Oct 2006 15:04:05 +0000 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 In-Reply-To: <011301c6f38d$a926abe0$640aa8c0@MobileZ> References: <20061019135648.GB26568@ayvali.org> <011301c6f38d$a926abe0$640aa8c0@MobileZ> Message-ID: <524685907-1161270252-cardhu_blackberry.rim.net-2010635151-@bxe032-cell01.bisx.prod.on.blackberry> I think the main issues with MySQL and FreeBSD are primarily of tuning, even Linux requires OS tuning to run right, but the documentation is all there. Not alway so for FreeBSD. It might be nice for those running bigger sites on FreeBSD to document the back-side OS tunings, though for some of us, translating some of the tunings used for Linux to their comparable FreeBSD values (number of threads available, number of open files, depending on thread model used, etc) could also work. Problem being in FreeBSD 6, much of this has changed because of the introduction of new kernel threading models - the same thing that increases native java performance appreciably (almost 200%) -Trish -- Trish Lynch M: 646-401-1405 H: 201-378-0434 -----Original Message----- From: "Hans Zaunere" Date: Thu, 19 Oct 2006 10:48:37 To:"'N.J. Thomas'" Cc:talk at lists.nycbug.org Subject: Re: [nycbug-talk] MySQL and FreeBSD 6.0 N.J. Thomas wrote on Thursday, October 19, 2006 9:57 AM: > * Hans Zaunere [2006-10-18 22:09:51 -0400]: > > > but finally decided to stick with Linux/MySQL because of reported > > > performance issues as well as problems with the ULE scheduler that > > > people recommended be used for MySQL. > > > > So you were still seeing issues on 6.1? Per some links I posted > > earlier, they say 6.1 should clear up many issues... hrm, not good. > > I should clarify, we never moved to MySQL/FreeBSD because we had heard > of these issues. I head also heard good things about MySQL running on > 6.1 as well, but overall we got mixed reports, and seeing as how there > weren't any similar issues with Linux, we stuck with that. > > If anything, I was itching to move the DBs to FreeBSD, but in the end > the final conclusion that was reached was that because we were on an > extremely tight schedule, it was probably not worth the hassle, so we > are remaining with Linux -- for now. Thanks for the clarification. And I agree - if it ain't broke, don't fix it. Linux and MySQL are stable together - something about the licenses I think... H _______________________________________________ % NYC*BUG talk mailing list http://lists.nycbug.org/mailman/listinfo/talk %Be sure to check out our Jobs and NYCBUG-announce lists %We meet the first Wednesday of the month From lists at genoverly.net Thu Oct 19 14:45:30 2006 From: lists at genoverly.net (michael) Date: Thu, 19 Oct 2006 14:45:30 -0400 Subject: [nycbug-talk] NYCBSDCon - LGA Message-ID: <20061019144530.163c0fe2@dt.genoverly.com> For anyone flying into the conference next weekend, this was sent in by an attendee, as public service announcement, and I'm posting it as such. ========= LaGuardia has a shuttle service which is both economical and secure: http://www.nyairportservice.com/index.html It looks like your best bet is to get off at Penn Station which is a huge indoor transit hub. Once there look for the 34th Street redline 1 which is a subway line: http://www.mta.nyc.ny.us/nyct/service/oneline.htm Signs are pretty good at Penn Station and there are security stations where you can ask for directions if you need them. You'll get off at: 116 Street-Columbia University and directions from the subway stop to the building are here: http://www.nycbsdcon.org/downloads/FlyerNYCBSDCON2006exp.pdf -- michael From dan at langille.org Thu Oct 19 14:57:28 2006 From: dan at langille.org (Dan Langille) Date: Thu, 19 Oct 2006 14:57:28 -0400 Subject: [nycbug-talk] NYCBSDCon - LGA In-Reply-To: <20061019144530.163c0fe2@dt.genoverly.com> Message-ID: <45379258.25732.208EFE8B@dan.langille.org> On 19 Oct 2006 at 14:45, michael wrote: > For anyone flying into the conference next weekend, this was sent in > by an attendee, as public service announcement, and I'm posting it as > such. I was just going to take a cab.... Comments? -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php From okan at demirmen.com Thu Oct 19 15:00:46 2006 From: okan at demirmen.com (Okan Demirmen) Date: Thu, 19 Oct 2006 15:00:46 -0400 Subject: [nycbug-talk] NYCBSDCon - LGA In-Reply-To: <20061019144530.163c0fe2@dt.genoverly.com> References: <20061019144530.163c0fe2@dt.genoverly.com> Message-ID: <20061019190046.GU26167@clam.khaoz.org> On Thu 2006.10.19 at 14:45 -0400, michael wrote: > For anyone flying into the conference next weekend, this was sent in by > an attendee, as public service announcement, and I'm posting it as such. in addition, you can take the M60 bus from LGA directly to CU - get off at 120th and Amsterdam, for Friday (or go a bit further to 116th and Broadway). (about 45min ride) > ========= > LaGuardia has a shuttle service which is both economical and secure: > > http://www.nyairportservice.com/index.html > > It looks like your best bet is to get off at Penn Station which is a > huge indoor transit hub. Once there look for the 34th Street redline 1 > which is a subway line: > > http://www.mta.nyc.ny.us/nyct/service/oneline.htm > > Signs are pretty good at Penn Station and there are security stations > where you can ask for directions if you need them. > > You'll get off at: > > 116 Street-Columbia University > > and directions from the subway stop to the building are here: > > http://www.nycbsdcon.org/downloads/FlyerNYCBSDCON2006exp.pdf > > -- > > michael > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month From nycbug-list at 2xlp.com Thu Oct 19 15:08:34 2006 From: nycbug-list at 2xlp.com (Jonathan) Date: Thu, 19 Oct 2006 15:08:34 -0400 Subject: [nycbug-talk] NYCBSDCon - LGA In-Reply-To: <45379258.25732.208EFE8B@dan.langille.org> References: <45379258.25732.208EFE8B@dan.langille.org> Message-ID: On Oct 19, 2006, at 2:57 PM, Dan Langille wrote: > I was just going to take a cab.... Comments? cab from LGA -> grand central ~ $21 i checked columbia for you all.... ====================================== http://www.columbia.edu/about_columbia/directions.html ====================================== BY NEW YORK CITY PUBLIC TRANSPORTATION Five bus lines (M4, M5, M11, M60, M104) and one subway line (the #1 local) serve the Columbia neighborhood. The M60 bus is a direct link between campus and LaGuardia Airport. The Columbia stop is 116th Street. Do not use express trains #2 and #3, which follow a different route and do not stop at Columbia University; if you do, be certain to transfer at 96th Street to the #1 local. The maps page on the Metropolitan Transportation Authority Web site has PDF versions of all Subway and Bus maps. BY AIR For visitors coming into LaGuardia, Kennedy, or Newark airports, taxi service is available to the campus (about $25 from LaGuardia; from Kennedy a flat rate of $45 plus tolls), and there is bus service to Grand Central Station and the Port Authority Bus Terminal. Bus service directly from LaGuardia airport to Columbia, the M60 city bus, is also available. // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From njt at ayvali.org Thu Oct 19 15:11:30 2006 From: njt at ayvali.org (N.J. Thomas) Date: Thu, 19 Oct 2006 15:11:30 -0400 Subject: [nycbug-talk] NYCBSDCon - LGA In-Reply-To: <20061019144530.163c0fe2@dt.genoverly.com> References: <20061019144530.163c0fe2@dt.genoverly.com> Message-ID: <20061019191130.GG26568@ayvali.org> * michael [2006-10-19 14:45:30 -0400]: > LaGuardia has a shuttle service which is both economical and secure: > > http://www.nyairportservice.com/index.html I've used them a couple of times and second the recommendation -- also it should be noted that they serve JFK as well. Thomas -- N.J. Thomas njt at ayvali.org Etiamsi occiderit me, in ipso sperabo From dan at langille.org Thu Oct 19 15:23:22 2006 From: dan at langille.org (Dan Langille) Date: Thu, 19 Oct 2006 15:23:22 -0400 Subject: [nycbug-talk] NYCBSDCon - LGA In-Reply-To: References: <45379258.25732.208EFE8B@dan.langille.org> Message-ID: <4537986A.15037.20A6B539@dan.langille.org> On 19 Oct 2006 at 15:08, Jonathan wrote: > > On Oct 19, 2006, at 2:57 PM, Dan Langille wrote: > > I was just going to take a cab.... Comments? > > cab from LGA -> grand central ~ $21 Thanks. maps.google.ca tells me that the above is 6.9 mi (about 15 mins) http://tinyurl.com/y2ahx2 Similarly, to Columbia (which is close to where I'm staying) is 7.4 mi (about 15 mins). http://tinyurl.com/y7yect I'm guessing the fare to Columbia *should* be similar. Also, the mentioned at the start of this thread is shuttle is $12 one way or $21 round trip. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php From carton at Ivy.NET Thu Oct 19 17:03:32 2006 From: carton at Ivy.NET (Miles Nordin) Date: Thu, 19 Oct 2006 17:03:32 -0400 Subject: [nycbug-talk] VPN/Integrated Router Appliances In-Reply-To: <003501c6f321$c9a3bfa0$640aa8c0@MobileZ> (Hans Zaunere's message of "Wed, 18 Oct 2006 21:56:26 -0400") References: <003501c6f321$c9a3bfa0$640aa8c0@MobileZ> Message-ID: >>>>> "hz" == Hans Zaunere writes: hz> small number of VPN users (~5) - any need for the hardware hz> encryption options? I'm not sure that the hifn works in any os but OpenBSD. It might, but I would look for a specific direct-experience success story before counting on it---I'm pretty sure hifn does not work in Linux, and would be unsurprised to discover the NetBSD/FreeBSD drivers have bitrotted, too. same thing with, for example, Sangoma boards. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From mspitzer at gmail.com Fri Oct 20 13:17:43 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Fri, 20 Oct 2006 13:17:43 -0400 Subject: [nycbug-talk] interesting fcgi in core of apatche 2.2, perhaps Message-ID: <8c50a3c30610201017n81bf622saf5817dfa8601472@mail.gmail.com> for you web/isp guys this could be handy: http://kasparov.skife.org/blog/src/apache_22_fcgi.html marc -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From skreuzer at f2o.org Fri Oct 20 16:26:47 2006 From: skreuzer at f2o.org (Steven Kreuzer) Date: Fri, 20 Oct 2006 16:26:47 -0400 Subject: [nycbug-talk] FreeBSD Porting Message-ID: <45393107.1080206@f2o.org> In a nutshell, I am hacking the bind9 port so that there is the option to compile in support for GeoDNS. I created an option called GEODNS and a little hook that looks like this: .if defined(WITH_GEODNS) LIB_DEPENDS= GeoIP.5:${PORTSDIR}/net/GeoIP BUILD_DEPENDS= ${LOCALBASE}/include/GeoIP.h:${PORTSDIR}/net/GeoIP RUN_DEPENDS= ${LIB_DEPENDS} CONFIGURE_ENV+= LDFLAGS="-L${LOCALBASE}/lib -lGeoIP" CFLAGS="-I${LOCALBASE}/include" .endif However, I also need to apply 3 patches the the bind source to enable this feature. I created diff's and put them in the files directory. However, those patches get applied regardless of the options selected. Do you know of any way to apply those patches only if WITH_GEODNS is true? According to the porter handbook, it looks like all or nothing? Anyone have any hacks or tricks? Thanks, Steven From jlam at pkgsrc.org Fri Oct 20 17:07:59 2006 From: jlam at pkgsrc.org (Johnny Lam) Date: Fri, 20 Oct 2006 17:07:59 -0400 Subject: [nycbug-talk] FreeBSD Porting In-Reply-To: <45393107.1080206@f2o.org> References: <45393107.1080206@f2o.org> Message-ID: <45393AAF.5000300@pkgsrc.org> Steven Kreuzer wrote: > > .if defined(WITH_GEODNS) > LIB_DEPENDS= GeoIP.5:${PORTSDIR}/net/GeoIP > BUILD_DEPENDS= ${LOCALBASE}/include/GeoIP.h:${PORTSDIR}/net/GeoIP > RUN_DEPENDS= ${LIB_DEPENDS} > CONFIGURE_ENV+= LDFLAGS="-L${LOCALBASE}/lib -lGeoIP" > CFLAGS="-I${LOCALBASE}/include" > .endif > > However, I also need to apply 3 patches the the bind source to enable > this feature. I created diff's and put them in the files directory. > However, those patches get applied regardless of the options selected. > > Do you know of any way to apply those patches only if WITH_GEODNS is > true? According to the porter handbook, it looks like all or nothing? > > Anyone have any hacks or tricks? Make your patches look like: #ifdef GEODNS /* Your changes here. */ #endif And change the above CFLAGS definition to: CFLAGS= -DGEODNS -I${LOCALBASE}/include Cheers, -- Johnny Lam From schmonz at schmonz.com Fri Oct 20 22:00:17 2006 From: schmonz at schmonz.com (Amitai Schlair) Date: Fri, 20 Oct 2006 22:00:17 -0400 Subject: [nycbug-talk] NYCBSDCon - LGA In-Reply-To: <20061019190046.GU26167@clam.khaoz.org> References: <20061019144530.163c0fe2@dt.genoverly.com> <20061019190046.GU26167@clam.khaoz.org> Message-ID: <14739819-78C6-45DB-9099-430C7D6403A2@schmonz.com> On Oct 19, 2006, at 3:00 PM, Okan Demirmen wrote: > On Thu 2006.10.19 at 14:45 -0400, michael wrote: >> For anyone flying into the conference next weekend, this was sent >> in by >> an attendee, as public service announcement, and I'm posting it as >> such. > > in addition, you can take the M60 bus from LGA directly to CU - get > off > at 120th and Amsterdam, for Friday (or go a bit further to 116th and > Broadway). (about 45min ride) I live near campus and have always taken the M60 to and fro LGA. I haven't tried the shuttle service mentioned, but for $2 I've always been happy with the M60. The con will be on the north end of campus, indeed on 120th, but IMO the most straightforward way to enter campus (and the only way which is always open) is through the gates at 116th and Broadway. - Amitai From dan at langille.org Sat Oct 21 07:57:02 2006 From: dan at langille.org (Dan Langille) Date: Sat, 21 Oct 2006 07:57:02 -0400 Subject: [nycbug-talk] NYCBSDCon - LGA In-Reply-To: <14739819-78C6-45DB-9099-430C7D6403A2@schmonz.com> References: <20061019190046.GU26167@clam.khaoz.org> Message-ID: <4539D2CE.3988.295ABFE2@dan.langille.org> On 20 Oct 2006 at 22:00, Amitai Schlair wrote: > On Oct 19, 2006, at 3:00 PM, Okan Demirmen wrote: > > > On Thu 2006.10.19 at 14:45 -0400, michael wrote: > >> For anyone flying into the conference next weekend, this was sent > >> in by > >> an attendee, as public service announcement, and I'm posting it as > >> such. > > > > in addition, you can take the M60 bus from LGA directly to CU - get > > off > > at 120th and Amsterdam, for Friday (or go a bit further to 116th and > > Broadway). (about 45min ride) > > I live near campus and have always taken the M60 to and fro LGA. I > haven't tried the shuttle service mentioned, but for $2 I've always > been happy with the M60. The con will be on the north end of campus, > indeed on 120th, but IMO the most straightforward way to enter campus > (and the only way which is always open) is through the gates at 116th > and Broadway. For those of us staying near 120th, what other entrances would you mention? -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php From okan at demirmen.com Sat Oct 21 08:36:12 2006 From: okan at demirmen.com (Okan Demirmen) Date: Sat, 21 Oct 2006 08:36:12 -0400 Subject: [nycbug-talk] NYCBSDCon - LGA In-Reply-To: <4539D2CE.3988.295ABFE2@dan.langille.org> References: <20061019190046.GU26167@clam.khaoz.org> <4539D2CE.3988.295ABFE2@dan.langille.org> Message-ID: <20061021123612.GI21678@clam.khaoz.org> On Sat 2006.10.21 at 07:57 -0400, Dan Langille wrote: > On 20 Oct 2006 at 22:00, Amitai Schlair wrote: > > > On Oct 19, 2006, at 3:00 PM, Okan Demirmen wrote: > > > > > On Thu 2006.10.19 at 14:45 -0400, michael wrote: > > >> For anyone flying into the conference next weekend, this was sent > > >> in by > > >> an attendee, as public service announcement, and I'm posting it as > > >> such. > > > > > > in addition, you can take the M60 bus from LGA directly to CU - get > > > off > > > at 120th and Amsterdam, for Friday (or go a bit further to 116th and > > > Broadway). (about 45min ride) > > > > I live near campus and have always taken the M60 to and fro LGA. I > > haven't tried the shuttle service mentioned, but for $2 I've always > > been happy with the M60. The con will be on the north end of campus, > > indeed on 120th, but IMO the most straightforward way to enter campus > > (and the only way which is always open) is through the gates at 116th > > and Broadway. > > For those of us staying near 120th, what other entrances would you > mention? 116th and broadway or 116th and amsterdam. those are the only two north entrances open on the weekends. davis auditorium is equidistant from both entrances. From max at neuropunks.org Mon Oct 23 20:33:51 2006 From: max at neuropunks.org (Max Gribov) Date: Mon, 23 Oct 2006 20:33:51 -0400 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 In-Reply-To: <524685907-1161270252-cardhu_blackberry.rim.net-2010635151-@bxe032-cell01.bisx.prod.on.blackberry> References: <20061019135648.GB26568@ayvali.org> <011301c6f38d$a926abe0$640aa8c0@MobileZ> <524685907-1161270252-cardhu_blackberry.rim.net-2010635151-@bxe032-cell01.bisx.prod.on.blackberry> Message-ID: <453D5F6F.5030801@neuropunks.org> Trish Lynch wrote: >I think the main issues with MySQL and FreeBSD are primarily of tuning, even Linux requires OS tuning to run right, but the documentation is all there. Not alway so for FreeBSD. > >It might be nice for those running bigger sites on FreeBSD to document the back-side OS tunings, though for some of us, translating some of the tunings used for Linux to their comparable FreeBSD values (number of threads available, number of open files, depending on thread model used, etc) could also work. > > seems to work well on gentoo linux. dual core amd64 2.2Ghz, 2G ram, softraid, default linux scheduler. kernel was stripped to remove anything not needed of course. several times a day mysql consumes over 120% of cpu for a period of up to 10-20 mins, and load ave jumps up to 20, which is the nature of service machine provides. app uses innodb tables. heres a sysctl.conf paste from the box, so far no issues: # max connections net.core.somaxconn=4096 # Disable ECN net.ipv4.tcp_ecn = 0 # Enables source route verification net.ipv4.conf.default.rp_filter = 1 # Enable reverse path net.ipv4.conf.all.rp_filter = 1 # Enable SYN cookies (yum!) net.ipv4.tcp_syncookies = 1 # Disable source route net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 # Disable redirects net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 # Disable secure redirects net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 # Ignore ICMP broadcasts net.ipv4.icmp_echo_ignore_broadcasts = 1 # Increase TCP net.ipv4.neigh.default.proxy_qlen = 96 net.ipv4.neigh.default.unres_qlen = 6 # Increase size of socket buffers net.ipv4.tcp_rmem="4096 98304 349520" net.ipv4.tcp_wmem="4096 65535 262142" net.ipv4.tcp_mem="98304 262142 393216" # Turn on sack net.ipv4.tcp_dsack = 1 net.ipv4.tcp_reordering = 3 # Turn on sack/fack net.ipv4.tcp_fack = 1 # Bump up TCP socket queuer to help with syn floods net.ipv4.tcp_max_syn_backlog = 2048 # Drop it so lack of FIN times out quicker net.ipv4.tcp_fin_timeout = 30 # Enable a fix for RFC1337 - time-wait assassination hazards in TCP net.ipv4.tcp_rfc1337 = 1 # Drop keep-alive time net.ipv4.tcp_keepalive_time = 1800 # Set number of times to retry a SYN-ACK in a half-open new connections net.ipv4.tcp_synack_retries = 5 # Set number of times to retry SYN in a new connection net.ipv4.tcp_syn_retries = 5 # Turn off sack net.ipv4.tcp_sack = 1 # Enable really big (>65kB) TCP window scaling if we want it. net.ipv4.tcp_window_scaling = 1 # Turn off timestamps net.ipv4.tcp_timestamps = 0 # Enable bad error message Protection net.ipv4.icmp_ignore_bogus_error_responses = 1 # Bump optmem_max up net.core.optmem_max = 20480 # Increase number of incoming connections backlog net.core.netdev_max_backlog = 1024 net.core.dev_weight = 64 # Bump up default r/wmem to max net.core.rmem_default = 262141 net.core.wmem_default = 262141 # Bump up max r/wmem net.core.rmem_max = 262141 net.core.wmem_max = 262141 # Increase size of file handles and inode cache fs.file-max = 209708 # guaranteed raid rebuild/initialization bandwidth 100mb/s dev.raid.speed_limit_min = 100000 >Problem being in FreeBSD 6, much of this has changed because of the introduction of new kernel threading models - the same thing that increases native java performance appreciably (almost 200%) > >-Trish > > From skreuzer at f2o.org Mon Oct 23 22:46:30 2006 From: skreuzer at f2o.org (Steven Kreuzer) Date: Mon, 23 Oct 2006 22:46:30 -0400 Subject: [nycbug-talk] FreeBSD Porting In-Reply-To: <45393AAF.5000300@pkgsrc.org> References: <45393107.1080206@f2o.org> <45393AAF.5000300@pkgsrc.org> Message-ID: <453D7E86.7080206@f2o.org> Johnny Lam wrote: > Steven Kreuzer wrote: >> >> .if defined(WITH_GEODNS) >> LIB_DEPENDS= GeoIP.5:${PORTSDIR}/net/GeoIP >> BUILD_DEPENDS= ${LOCALBASE}/include/GeoIP.h:${PORTSDIR}/net/GeoIP >> RUN_DEPENDS= ${LIB_DEPENDS} >> CONFIGURE_ENV+= LDFLAGS="-L${LOCALBASE}/lib -lGeoIP" >> CFLAGS="-I${LOCALBASE}/include" >> .endif >> >> However, I also need to apply 3 patches the the bind source to enable >> this feature. I created diff's and put them in the files directory. >> However, those patches get applied regardless of the options selected. >> >> Do you know of any way to apply those patches only if WITH_GEODNS is >> true? According to the porter handbook, it looks like all or nothing? >> >> Anyone have any hacks or tricks? > > Make your patches look like: > > #ifdef GEODNS > /* Your changes here. */ > #endif > > And change the above CFLAGS definition to: > > CFLAGS= -DGEODNS -I${LOCALBASE}/include > > Cheers, > > -- Johnny Lam I finally got around to adding those #ifndef's to the patch and it works like a charm. Its funny how such an elegant solution can be so simple. I can't tell you how long I spent trying to think of a complex workaround. Thanks Johnny. SK From pete at nomadlogic.org Tue Oct 24 18:21:49 2006 From: pete at nomadlogic.org (Peter Wright) Date: Tue, 24 Oct 2006 15:21:49 -0700 (PDT) Subject: [nycbug-talk] solaris branded zones Message-ID: <42248.160.33.20.11.1161728509.squirrel@webmail.nomadlogic.org> hi all, i'm reading up on "branded" solaris zones. it seems they have implemented a similiar ABI that is avail in the BSD's to allow gnu-linux binaries to run on a BSD kernel. it's been taken a step further to allow linux distro's to run inside a solaris zone...which to me seems pretty execellent as you import the ability to run all the solaris debugging and performance analysis tools (dtrace etc.) against the linux binaries. two questions: 1) anyone running this on the list? 2) anyone heard anything about *BSD "branded" zones (seems the lx interface is linux specific). thanks! -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From dan at langille.org Wed Oct 25 20:21:17 2006 From: dan at langille.org (Dan Langille) Date: Wed, 25 Oct 2006 20:21:17 -0400 Subject: [nycbug-talk] help wtd: shipping to NYC Message-ID: <453FC73D.23618.409D795E@dan.langille.org> Hi folks, I have a package I need delivered in NYC on Friday. I'm looking for someone that can receive it for me so I know it gets there. e.g. at your office. It's a few drive mounts coming from San Jose. I'll be in town from Friday night for the conference, and can pick them up from you at that time. In exchange, I have swag and beer. Please reply off list and and we'll arrange a shipping address. Thanks and sorry for the intrusion. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php From carton at Ivy.NET Thu Oct 26 15:36:06 2006 From: carton at Ivy.NET (Miles Nordin) Date: Thu, 26 Oct 2006 15:36:06 -0400 Subject: [nycbug-talk] help carrying at conference Message-ID: I plan to be at the NetBSD table for most of the conference with the following hardware: * original iMac (CRT) * Sega Dreamcast * CRT VGA monitor for the Dreamcast * desktop for NFS server * old managed 100Mbit/s hub * keyboards/mice/cables x 3 There will maybe be other NetBSD people with other hardware. Anyway, what I'm bringing is too much for one person to carry. I will unload it from a cab. Next, I need to get it from the curb at 116th and Broadway to Davis Auditorium. george at sddi.net said there should be a dolly or cart around so we don't have to actually carry the stuff, but I wonder if someone is willing to hunt for the cart and bring it out to me waiting on the curb? If I could call a phone number after getting out of the cab, then wait on the sidewalk for a cart and help, that seems like it would be simplest. any takers? -- ``One World, one Web, one Browser.'' -- Microsoft Corporation ``Ein Volk, ein Reich, ein Fuhrer.'' -- Adolf Hitler -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From mspitzer at gmail.com Fri Oct 27 21:50:38 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Fri, 27 Oct 2006 21:50:38 -0400 Subject: [nycbug-talk] just watch, way cool Message-ID: <8c50a3c30610271850u26689a25u49346d6517100ef2@mail.gmail.com> http://www.youtube.com/watch?v=NZNTgglPbUA&eurl= -- "We trained very hard, but it seemed that every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing, and a wonderful method it can be for creating the illusion of progress, while producing confusion, inefficiency and demoralization." -Gaius Petronius, 1st Century AD From o_sleep at belovedarctos.com Fri Oct 27 22:04:32 2006 From: o_sleep at belovedarctos.com (Bjorn Nelson) Date: Fri, 27 Oct 2006 22:04:32 -0400 Subject: [nycbug-talk] just watch, way cool In-Reply-To: <8c50a3c30610271850u26689a25u49346d6517100ef2@mail.gmail.com> References: <8c50a3c30610271850u26689a25u49346d6517100ef2@mail.gmail.com> Message-ID: <099C2277-C9A7-48C0-A00B-6538CD6B8E60@belovedarctos.com> Marc, That's all great until some asshat uses a non-erasable marker. -Bjorn On Oct 27, 2006, at 9:50 PM, Marc Spitzer wrote: > http://www.youtube.com/watch?v=NZNTgglPbUA&eurl= > > -- > "We trained very hard, but it seemed that every time we were > beginning to > form into teams we would be reorganized. I was to learn later in > life that > we tend to meet any new situation by reorganizing, and a wonderful > method it > can be for creating the illusion of progress, while producing > confusion, > inefficiency and demoralization." > -Gaius Petronius, 1st Century AD > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month From jonathan at kc8onw.net Sat Oct 28 12:04:00 2006 From: jonathan at kc8onw.net (Jonathan Stewart) Date: Sat, 28 Oct 2006 12:04:00 -0400 Subject: [nycbug-talk] DSPAM (bayesian version) Message-ID: <45437F70.9080705@kc8onw.net> Anyone at the conference today or tomorrow willing to talk about dspam? http://dspam.nuclearelephant.com/ Jonathan Stewart From dan at langille.org Sat Oct 28 13:49:02 2006 From: dan at langille.org (Dan Langille) Date: Sat, 28 Oct 2006 13:49:02 -0400 Subject: [nycbug-talk] DSPAM (bayesian version) In-Reply-To: <45437F70.9080705@kc8onw.net> Message-ID: <45435FCE.20980.65D77CC@dan.langille.org> On 28 Oct 2006 at 12:04, Jonathan Stewart wrote: > Anyone at the conference today or tomorrow willing to talk about dspam? > http://dspam.nuclearelephant.com/ There is a dspam talk on the schedule for Sunday 1:30pm http://www.nycbsdcon.org/speakers#Beck -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php From spork at bway.net Sat Oct 28 14:15:36 2006 From: spork at bway.net (Charles Sprickman) Date: Sat, 28 Oct 2006 14:15:36 -0400 (EDT) Subject: [nycbug-talk] Companion article to "BSD Build System" Message-ID: Just FYI if you missed anything, the BSD Devcenter article is well-written and includes all the example scripts: http://www.onlamp.com/pub/a/bsd/2006/04/13/freebsd-build-system.html I for one had no idea mergemaster had a config file. That's darn handy. http://www.freebsd.org/cgi/man.cgi?query=mergemaster&apropos=0&sektion=0&manpath=FreeBSD+6.1-RELEASE&format=html (see "FILES" section for what settings can be applied there) Charles From nycbug-list at 2xlp.com Sat Oct 28 15:36:44 2006 From: nycbug-list at 2xlp.com (Jonathan) Date: Sat, 28 Oct 2006 15:36:44 -0400 Subject: [nycbug-talk] DSPAM (bayesian version) In-Reply-To: <45437F70.9080705@kc8onw.net> References: <45437F70.9080705@kc8onw.net> Message-ID: On Oct 28, 2006, at 12:04 PM, Jonathan Stewart wrote: > Anyone at the conference today or tomorrow willing to talk about > dspam? > http://dspam.nuclearelephant.com/ If you're running DSPAM, i'd suggest not using bayesian. You can get similar results with spamasassin. the power of dspam is that it supports the better algorithms. like all the Markovian work from crm-114 // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From nycbug-list at 2xlp.com Sat Oct 28 18:00:35 2006 From: nycbug-list at 2xlp.com (Jonathan) Date: Sat, 28 Oct 2006 18:00:35 -0400 Subject: [nycbug-talk] DSPAM (bayesian version) In-Reply-To: <45435FCE.20980.65D77CC@dan.langille.org> References: <45435FCE.20980.65D77CC@dan.langille.org> Message-ID: <1301C881-C100-4CF3-912A-41159642DCEC@2xlp.com> On Oct 28, 2006, at 1:49 PM, Dan Langille wrote: > There is a dspam talk on the schedule for Sunday 1:30pm > > http://www.nycbsdcon.org/speakers#Beck spamd talk, not dspam these 3 get confused nonstop -- i get 'em confused a lot too. spamd - openbsd anti-spam daedmon http://www.openbsd.org/spamd/ spamd - spamassassin daemonized version of spamassassin http://spamassassin.apache.org/ dspam content based spam filter http://dspam.nuclearelephant.com/ features a lot of neat stuff from CRM114 // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From alex at pilosoft.com Sat Oct 28 20:15:48 2006 From: alex at pilosoft.com (alex at pilosoft.com) Date: Sat, 28 Oct 2006 20:15:48 -0400 (EDT) Subject: [nycbug-talk] afterparty Message-ID: So where is the afterparty at? -alex From carton at Ivy.NET Sat Oct 28 22:09:14 2006 From: carton at Ivy.NET (Miles Nordin) Date: Sat, 28 Oct 2006 22:09:14 -0400 Subject: [nycbug-talk] afterparty In-Reply-To: (alex@pilosoft.com's message of "Sat, 28 Oct 2006 20:15:48 -0400 (EDT)") References: Message-ID: >>>>> "a" == alex writes: a> So where is the afterparty at? hrrhrr! if you seriously want to have one, you're welcome to come to my house. It is 114 Forrest St in Brooklyn (Morgan Ave on L train). We have room for a pretty big party, and I don't mind cleaning up after it. However you may have to bring your own beer and MP3's because our two household party experts are in Philadelphia for the weekend, and I'll be hauling back some of that NetBSD equipment so I don't know if I'd have time to get any booze before people would want to start showing up. Since it's Sunday I'm guessing people would prefer an early party. There is some cheap vodka and OJ here already, which may be enough if you like to drink things like that. Also, it's not exactly a classy place. It is possible to order pizza and chinese here...not with same selection/quality/reliability as most of NYC, but it works. We do have good, working Internet though (from Alex :)). anyway, I don't need much notice, so if you guys want to use this place, just warn me tomorrow. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From stucchi at willystudios.com Mon Oct 30 04:49:34 2006 From: stucchi at willystudios.com (Massimiliano Stucchi) Date: Mon, 30 Oct 2006 10:49:34 +0100 Subject: [nycbug-talk] EuroBSDCon is coming up ! Message-ID: <20061030094934.GU97727@willystudios.com> Hi all, EuroBSDCon, the main European BSD event is coming up in less than two weeks. We would also like to inform that people who want to attend the event should sign up as soon as possible in order to take advantage of the early bird rate, which will be available until November 2. Way more than a 100 people already registered for the event, so go to http://www.eurobsdcon.org/register/ in order to register ! We hope to see you all in Milan ! -- Massimiliano Stucchi From nikolai at fetissov.org Mon Oct 30 09:49:43 2006 From: nikolai at fetissov.org (nikolai) Date: Mon, 30 Oct 2006 09:49:43 -0500 (EST) Subject: [nycbug-talk] NYCBSDCon 2006 Audio Message-ID: <41567.63.66.6.15.1162219783.squirrel@www.geekisp.com> Folks, Audio recordings of the conference talks are all online at http://www.fetissov.org/public/nycbsdcon06/ except for one from Murray Stokely of Google who needs approval from corporate before allowing it to be published. If somebody could forward me links to presentation slides, it would be great to have those on the same page. Thanks to everybody for a very cool conference. -- Nikolai From jca at sdf.lonestar.org Mon Oct 30 10:52:26 2006 From: jca at sdf.lonestar.org (Jonathan C. Allen) Date: Mon, 30 Oct 2006 10:52:26 -0500 Subject: [nycbug-talk] NYCBSDCon 2006 Audio In-Reply-To: <41567.63.66.6.15.1162219783.squirrel@www.geekisp.com> References: <41567.63.66.6.15.1162219783.squirrel@www.geekisp.com> Message-ID: <20061030155226.GA17261@SDF.LONESTAR.ORG> On Mon, Oct 30, 2006 at 09:49:43AM -0500, nikolai wrote: > Audio recordings of the conference talks > are all online at > > http://www.fetissov.org/public/nycbsdcon06/ > Thank you for putting these up - I missed a couple of the morning sessions. > If somebody could forward me links to > presentation slides, it would be great to > have those on the same page. I found these linked from OpenBSD.org. Source: http://www.openbsd.org/events.html Saturday; October 28, 2006 11:00 Bob Beck PF, it is not just for firewalls anymore http://www.ualberta.ca/~beck/nycbug06/pf 3:30 Marco Peereboom Bio & Sensors in OpenBSD http://www.openbsd.org/papers/bio.pdf Sunday; October 29, 2006 9:00 Jason Wright OpenBSD on sparc64 http://www.thought.net/jason/sparc64-nycbsdcon06/ 1:30 Bob Beck spamd - spam deferral daemon http://www.ualberta.ca/~beck/nycbug06/spamd jca From george at sddi.net Mon Oct 30 11:20:04 2006 From: george at sddi.net (George R.) Date: Mon, 30 Oct 2006 11:20:04 -0500 Subject: [nycbug-talk] NYCBSDCon 2006 Audio In-Reply-To: <20061030155226.GA17261@SDF.LONESTAR.ORG> References: <41567.63.66.6.15.1162219783.squirrel@www.geekisp.com> <20061030155226.GA17261@SDF.LONESTAR.ORG> Message-ID: <45462634.8000005@sddi.net> Jonathan C. Allen wrote: > On Mon, Oct 30, 2006 at 09:49:43AM -0500, nikolai wrote: >> Audio recordings of the conference talks are all online at >> >> http://www.fetissov.org/public/nycbsdcon06/ >> > > Thank you for putting these up - I missed a couple of the morning > sessions. Big thumbs up to Nikolai. . . He consistently performs a huge service for so many, including those way beyond the peripheries of NYCBUG. And he travels to NYC from what could be considered a 'five fare zone'. . . > >> If somebody could forward me links to presentation slides, it would >> be great to have those on the same page. > > I found these linked from OpenBSD.org. > > Source: http://www.openbsd.org/events.html > > Saturday; October 28, 2006 > > 11:00 Bob Beck PF, it is not just for firewalls anymore > http://www.ualberta.ca/~beck/nycbug06/pf > > 3:30 Marco Peereboom Bio & Sensors in OpenBSD > http://www.openbsd.org/papers/bio.pdf > > Sunday; October 29, 2006 > > 9:00 Jason Wright OpenBSD on sparc64 > http://www.thought.net/jason/sparc64-nycbsdcon06/ > > 1:30 Bob Beck spamd - spam deferral daemon > http://www.ualberta.ca/~beck/nycbug06/spamd Yes. . . and at some point these will all be up on our end . . . sooner rather than later. g From wes at sagesecure.com Mon Oct 30 10:18:26 2006 From: wes at sagesecure.com (Wes Sonnenreich) Date: Mon, 30 Oct 2006 10:18:26 -0500 Subject: [nycbug-talk] Potentially interesting DOJ job for anyone who's interested... Message-ID: <454617C2.4020002@sagesecure.com> Just got off the phone with a business associate who's looking to fill a job at the Dept. of Justice. It's a senior network security job that sounds pretty flexible (once things are set up they're cool with telecommuting, etc.). They're having a hard time finding people to fill it -- my guess is that plenty of people on this list might be qualified. If anyone is interested, follow the link. http://seeker.dice.com/jobsearch/servlet/JobSearch?op=101&dockey=xml/2/9/29f95394a21dc38437c87dc501e281f2 at endecaindex&source=3 Wes From george at sddi.net Mon Oct 30 11:33:02 2006 From: george at sddi.net (George R.) Date: Mon, 30 Oct 2006 11:33:02 -0500 Subject: [nycbug-talk] Potentially interesting DOJ job for anyone who's interested... In-Reply-To: <454617C2.4020002@sagesecure.com> References: <454617C2.4020002@sagesecure.com> Message-ID: <4546293E.3020406@sddi.net> Wes Sonnenreich wrote: > Just got off the phone with a business associate who's looking to > fill a job at the Dept. of Justice. It's a senior network security > job that sounds pretty flexible (once things are set up they're cool > with telecommuting, etc.). They're having a hard time finding people > to fill it -- my guess is that plenty of people on this list might be > qualified. If anyone is interested, follow the link. > > http://seeker.dice.com/jobsearch/servlet/JobSearch?op=101&dockey=xml/2/9/29f95394a21dc38437c87dc501e281f2 at endecaindex&source=3 > > > Wes Sounds like great material for our jobs list Wes. . . http://lists.nycbug.org Are you sure it's the DoJ. . . I mean, it looks like the head of Cyber Security at DHS has the turnover rate of a live target for missle testing. . . :-) g From ike at lesmuug.org Mon Oct 30 16:10:34 2006 From: ike at lesmuug.org (Isaac Levy) Date: Mon, 30 Oct 2006 16:10:34 -0500 Subject: [nycbug-talk] NYCBSDCon 2006 Audio In-Reply-To: <45462634.8000005@sddi.net> References: <41567.63.66.6.15.1162219783.squirrel@www.geekisp.com> <20061030155226.GA17261@SDF.LONESTAR.ORG> <45462634.8000005@sddi.net> Message-ID: On Oct 30, 2006, at 11:20 AM, George R. wrote: > Big thumbs up to Nikolai. . . He consistently performs a huge service > for so many, including those way beyond the peripheries of NYCBUG. +1, Nikolai, THANKS AGAIN! Rocket- .ike From ike at lesmuug.org Mon Oct 30 16:17:51 2006 From: ike at lesmuug.org (Isaac Levy) Date: Mon, 30 Oct 2006 16:17:51 -0500 Subject: [nycbug-talk] DSPAM (bayesian version) In-Reply-To: <45437F70.9080705@kc8onw.net> References: <45437F70.9080705@kc8onw.net> Message-ID: <4DE53152-1D76-450D-884C-4338B570E55B@lesmuug.org> Hey Jonathan, All, On Oct 28, 2006, at 12:04 PM, Jonathan Stewart wrote: > Anyone at the conference today or tomorrow willing to talk about > dspam? > http://dspam.nuclearelephant.com/ > > Jonathan Stewart Did anyone sort this out? What was the problem Jonathan? I'm interested in Dspam for some personal stuff I'm setting up... Rocket- .ike From okan at demirmen.com Mon Oct 30 17:13:24 2006 From: okan at demirmen.com (Okan Demirmen) Date: Mon, 30 Oct 2006 17:13:24 -0500 Subject: [nycbug-talk] EuroBSDCon is coming up ! Message-ID: <20061030221324.GH28997@clam.khaoz.org> submitted on behalf of Marc Balmer: OpenCON 2006, the OpenBSD conference will be held in Venice, Italy, December 2-3. Massimiliano Stucchi wrote: >EuroBSDCon, the main European BSD event is coming up in less than two >weeks. I do not want to miss this occasion to make you aware of a different event that is also taking in place in Italy at about the same time, but with a slighty different focus: OpenCON 2006. Focused on OpenBSD. And unless in Milan, a lot of OpenBSD developers will be present in Venice. OpenCON 2006, unlike EuroBSDCon, is a conference dedicated to OpenBSD only. The main European OpenBSD event. We already have registrations from more than ten countries and lots of OpenBSD developers from all over the world, Europe, Australia, Canada, USA, Switzerland, Germany, Belgium, Turkey, etc. will attend this ground breaking OpenBSD event and give talks on their recent work in OpenBSD. Check the program on our website, www.opencon.org. >We would also like to inform that people who want to attend the event >should sign up as soon as possible in order to take advantage of the >early bird rate, which will be available until November 2. OpenCON 2006 is totally free to attend. Listen to OpenBSD developers for absolutely no cost. Register whenever you want, there is no strict deadline. You can join the OpenBSD party on Saturday if you want to. Find all the details on http://www.opencon.org/ OpenCON 2006 takes place on December 2-3 in Venice, ideally located at the Marco Polo Airport (VCE). With beste Regards, Marc Balmer, OpenCON 2006 Organizing Comittee & Organizer of the 2005 EuroBSDCon Conference in Basel, Switzerland. From lists at genoverly.net Mon Oct 30 17:24:05 2006 From: lists at genoverly.net (michael) Date: Mon, 30 Oct 2006 17:24:05 -0500 Subject: [nycbug-talk] EuroBSDCon is coming up ! In-Reply-To: <20061030221324.GH28997@clam.khaoz.org> References: <20061030221324.GH28997@clam.khaoz.org> Message-ID: <20061030172405.76446c4a@dt.genoverly.com> oh.. *that* clears up an CONfusion. [grin] -- michael From matt at jobsforge.com Mon Oct 30 20:00:47 2006 From: matt at jobsforge.com (Matthew Terenzio) Date: Mon, 30 Oct 2006 20:00:47 -0500 Subject: [nycbug-talk] php scripts from crontab Message-ID: <2690989fb93ca3e73687341352b25ad3@jobsforge.com> Anyone have any experience running PHP scripts from /etc/crontab The cron log shows it's happening but it seems like it's shooting blanks. The same command works perfectly when I just run it manually from the command line. php /path/to/script/cron.php From george at sddi.net Mon Oct 30 20:05:06 2006 From: george at sddi.net (George R.) Date: Mon, 30 Oct 2006 20:05:06 -0500 Subject: [nycbug-talk] php scripts from crontab In-Reply-To: <2690989fb93ca3e73687341352b25ad3@jobsforge.com> References: <2690989fb93ca3e73687341352b25ad3@jobsforge.com> Message-ID: <4546A142.6050806@sddi.net> Matthew Terenzio wrote: > Anyone have any experience running PHP scripts from /etc/crontab > > The cron log shows it's happening but it seems like it's shooting > blanks. > > The same command works perfectly when I just run it manually from the > command line. > > php /path/to/script/cron.php 1. post cron job 2. use full path for php g From matt at jobsforge.com Mon Oct 30 20:14:58 2006 From: matt at jobsforge.com (Matthew Terenzio) Date: Mon, 30 Oct 2006 20:14:58 -0500 Subject: [nycbug-talk] Fwd: php scripts from crontab Message-ID: <62b4bde5609cf7fc53043e11f08d3b62@jobsforge.com> > except I always forget to reply all. ; ) read below > Whoah! I think I owe you several pints of soda pop geroge. > > I'd just like to get on record that this list has been and continue to > be the best. And so does BSD!\ > > > > > On Oct 30, 2006, at 8:05 PM, George R. wrote: > >> Matthew Terenzio wrote: >>> Anyone have any experience running PHP scripts from /etc/crontab >>> >>> The cron log shows it's happening but it seems like it's shooting >>> blanks. >>> >>> The same command works perfectly when I just run it manually from the >>> command line. >>> >>> php /path/to/script/cron.php >> >> 1. post cron job >> >> 2. use full path for php >> >> g >> > > Matt Terenzio ________________________________________ Two-way, shared, public RSS feeds by SkinnyFarm http://skinnyfarm.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 843 bytes Desc: not available URL: From nycbug-list at 2xlp.com Mon Oct 30 20:23:08 2006 From: nycbug-list at 2xlp.com (Jonathan) Date: Mon, 30 Oct 2006 20:23:08 -0500 Subject: [nycbug-talk] php scripts from crontab In-Reply-To: <2690989fb93ca3e73687341352b25ad3@jobsforge.com> References: <2690989fb93ca3e73687341352b25ad3@jobsforge.com> Message-ID: <68CF241C-53C0-4A0B-8E64-96486A5A79D1@2xlp.com> do you have the php command line installed? there's a cgi, mod_apache and cli port -- they all behave differently On Oct 30, 2006, at 8:00 PM, Matthew Terenzio wrote: > > Anyone have any experience running PHP scripts from /etc/crontab > > The cron log shows it's happening but it seems like it's shooting > blanks. > > The same command works perfectly when I just run it manually from the > command line. > > php /path/to/script/cron.php > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From dan at langille.org Mon Oct 30 22:26:25 2006 From: dan at langille.org (Dan Langille) Date: Mon, 30 Oct 2006 22:26:25 -0500 Subject: [nycbug-talk] php scripts from crontab In-Reply-To: <2690989fb93ca3e73687341352b25ad3@jobsforge.com> Message-ID: <45467C11.6539.12BABEE5@dan.langille.org> On 30 Oct 2006 at 20:00, Matthew Terenzio wrote: > > Anyone have any experience running PHP scripts from /etc/crontab > > The cron log shows it's happening but it seems like it's shooting > blanks. > > The same command works perfectly when I just run it manually from the > command line. > > php /path/to/script/cron.php Make sure you hit enter at the end of the line in your crontab. If you doubt it's running, check /var/log/cron and/or put a && touch /my/file in there/ -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php From matt at jobsforge.com Mon Oct 30 22:30:20 2006 From: matt at jobsforge.com (Matthew Terenzio) Date: Mon, 30 Oct 2006 22:30:20 -0500 Subject: [nycbug-talk] php scripts from crontab In-Reply-To: <45467C11.6539.12BABEE5@dan.langille.org> References: <45467C11.6539.12BABEE5@dan.langille.org> Message-ID: <19e2152eb1687f8637eb08ed7512a142@jobsforge.com> Thanks all. It's working great. On Oct 30, 2006, at 10:26 PM, Dan Langille wrote: > On 30 Oct 2006 at 20:00, Matthew Terenzio wrote: > >> >> Anyone have any experience running PHP scripts from /etc/crontab >> >> The cron log shows it's happening but it seems like it's shooting >> blanks. >> >> The same command works perfectly when I just run it manually from the >> command line. >> >> php /path/to/script/cron.php > > Make sure you hit enter at the end of the line in your crontab. > > If you doubt it's running, check /var/log/cron and/or put a && touch > /my/file in there/ > > -- > Dan Langille : Software Developer looking for work > my resume: http://www.freebsddiary.org/dan_langille.php > > > From dave at donnerjack.com Mon Oct 30 22:32:43 2006 From: dave at donnerjack.com (David Lawson) Date: Mon, 30 Oct 2006 22:32:43 -0500 Subject: [nycbug-talk] php scripts from crontab In-Reply-To: <45467C11.6539.12BABEE5@dan.langille.org> References: <45467C11.6539.12BABEE5@dan.langille.org> Message-ID: On Oct 30, 2006, at 10:26 PM, Dan Langille wrote: > On 30 Oct 2006 at 20:00, Matthew Terenzio wrote: > >> >> Anyone have any experience running PHP scripts from /etc/crontab >> >> The cron log shows it's happening but it seems like it's shooting >> blanks. >> >> The same command works perfectly when I just run it manually from the >> command line. >> >> php /path/to/script/cron.php I'd put in the full path to the php interpreter. Keep in mind that cron runs with a different environment than you as a user do, so unless you've set up a full PATH and the like in your crontab, I'd fully qualify the paths to everything in there. --Dave From dan at langille.org Mon Oct 30 22:37:14 2006 From: dan at langille.org (Dan Langille) Date: Mon, 30 Oct 2006 22:37:14 -0500 Subject: [nycbug-talk] php scripts from crontab In-Reply-To: <19e2152eb1687f8637eb08ed7512a142@jobsforge.com> References: <45467C11.6539.12BABEE5@dan.langille.org> Message-ID: <45467E9A.17534.12C4A59F@dan.langille.org> On 30 Oct 2006 at 22:30, Matthew Terenzio wrote: > Thanks all. It's working great. So... what was the problem? -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php From lists at stringsutils.com Sat Oct 28 00:20:30 2006 From: lists at stringsutils.com (Francisco Reyes) Date: Sat, 28 Oct 2006 00:20:30 -0400 Subject: [nycbug-talk] greylisting proxies? References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> <20061007151820.GA22719@run.galis.org> <0E1C3430-DF3D-4A4A-B7F6-0F8658ACCE3F@2xlp.com> <20061007154733.GB22719@run.galis.org> Message-ID: George Georgalis writes: >>On Oct 7, 2006, at 11:18 AM, George Georgalis wrote: >> >>> if they support a white list of non-complient MTAs, where is it? ... > I could generate IPs from the stuff, but exactly /usr/local/etc/sqlgrey/clients_ip_whitelist.local Format is: #Comment #Comment If you have multiple machines you want to whitelist your own machines.. specially if you have a separation of MX machines and front end machines. From george at sddi.net Tue Oct 31 14:58:14 2006 From: george at sddi.net (George R.) Date: Tue, 31 Oct 2006 14:58:14 -0500 Subject: [nycbug-talk] NYCBSDCon 2006 Blog coverage Message-ID: <4547AAD6.5060601@sddi.net> Dru: http://tinyurl.com/y7qub5 FBSDGirl: http://tinyurl.com/y4nq8z Anyone find anything else? George From chsnyder at gmail.com Tue Oct 31 15:11:47 2006 From: chsnyder at gmail.com (csnyder) Date: Tue, 31 Oct 2006 15:11:47 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061001164839.GQ24150@clam.khaoz.org> References: <20061001164839.GQ24150@clam.khaoz.org> Message-ID: On 10/1/06, Okan Demirmen wrote: > > Any ideas or opinions on all this? > > you can run spamd(8) in front of any mta; either on the same box or in > front. And if you're at all interested in this, take a look at the slides from Bob Beck's presentation on Sunday... http://www.ualberta.ca/~beck/nycbug06/spamd/ -- Chris Snyder http://chxo.com/ From george at galis.org Tue Oct 31 20:33:59 2006 From: george at galis.org (George Georgalis) Date: Tue, 31 Oct 2006 20:33:59 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> <20061007151820.GA22719@run.galis.org> <0E1C3430-DF3D-4A4A-B7F6-0F8658ACCE3F@2xlp.com> <20061007154733.GB22719@run.galis.org> Message-ID: <20061101013359.GE1658@run.galis.org> On Sat, Oct 28, 2006 at 12:20:30AM -0400, Francisco Reyes wrote: >George Georgalis writes: > >>>On Oct 7, 2006, at 11:18 AM, George Georgalis wrote: >>> >>>> if they support a white list of non-complient MTAs, where is it? >... >> I could generate IPs from the stuff, but exactly > >/usr/local/etc/sqlgrey/clients_ip_whitelist.local > >Format is: > #Comment > #Comment where exactly can I download that file? // George -- George Georgalis, systems architect, administrator < From george at galis.org Tue Oct 31 20:48:46 2006 From: george at galis.org (George Georgalis) Date: Tue, 31 Oct 2006 20:48:46 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: References: <20061001164839.GQ24150@clam.khaoz.org> Message-ID: <20061101014846.GF1658@run.galis.org> On Tue, Oct 31, 2006 at 03:11:47PM -0500, csnyder wrote: >On 10/1/06, Okan Demirmen wrote: > >> > Any ideas or opinions on all this? >> >> you can run spamd(8) in front of any mta; either on the same box or in >> front. > >And if you're at all interested in this, take a look at the slides >from Bob Beck's presentation on Sunday... > >http://www.ualberta.ca/~beck/nycbug06/spamd/ cool, new slides. :) does anyone using spamd (or greylist frontend) have trouble delivering to verizon.net? 450 Requested mail action not taken-Try later:sv14pub.verizon.net what's your solution? or do they do that (perpetually) for anyone not using a major ISP MX? // George -- George Georgalis, systems architect, administrator < From okan at demirmen.com Tue Oct 31 21:21:24 2006 From: okan at demirmen.com (Okan Demirmen) Date: Tue, 31 Oct 2006 21:21:24 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061101014846.GF1658@run.galis.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061101014846.GF1658@run.galis.org> Message-ID: <20061101022124.GD8113@clam.khaoz.org> On Tue 2006.10.31 at 20:48 -0500, George Georgalis wrote: > does anyone using spamd (or greylist frontend) have trouble > delivering to verizon.net? spamd(8) has little to nothing to do with delivering mail. > 450 Requested mail action not taken-Try later:sv14pub.verizon.net > > what's your solution? or do they do that (perpetually) for anyone > not using a major ISP MX? you are obviously on the other side of greylisting. if you are having issues delivering after getting 450, then it is you who should look at your mail configuration. From george at galis.org Tue Oct 31 22:54:35 2006 From: george at galis.org (George Georgalis) Date: Tue, 31 Oct 2006 22:54:35 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061101022124.GD8113@clam.khaoz.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061101014846.GF1658@run.galis.org> <20061101022124.GD8113@clam.khaoz.org> Message-ID: <20061101035435.GG1658@run.galis.org> On Tue, Oct 31, 2006 at 09:21:24PM -0500, Okan Demirmen wrote: >On Tue 2006.10.31 at 20:48 -0500, George Georgalis wrote: >> does anyone using spamd (or greylist frontend) have trouble >> delivering to verizon.net? > >spamd(8) has little to nothing to do with delivering mail. unless it blocks sender verification. >> 450 Requested mail action not taken-Try later:sv14pub.verizon.net >> >> what's your solution? or do they do that (perpetually) for anyone >> not using a major ISP MX? > >you are obviously on the other side of greylisting. if you are having >issues delivering after getting 450, then it is you who should look at >your mail configuration. Can you be more specific? what's wrong with this? it's the only response I or my mta gets. # dnsmx verizon.net 0 relay.verizon.net # telnet relay.verizon.net 25 Trying 206.46.232.11... Connected to relay.verizon.net. Escape character is '^]'. 220 sv27pub.verizon.net MailPass SMTP server v1.2.0 - 112105154401JY+PrW ready Tue, 31 Oct 2006 21:44:32 -0600 helo galis.org 250 sv27pub.verizon.net mail from: 450 Requested mail action not taken-Try later:sv27pub.verizon.net presumably they are checking envelope from for something (eg expecting my mx to do something spamd is not doing), because when I lie about envelope from, I get substantially improved results # telnet relay.verizon.net 25 Trying 206.46.232.11... Connected to relay.verizon.net. Escape character is '^]'. 220 sv22pub.verizon.net MailPass SMTP server v1.2.0 - 112105154401JY+PrW ready Tue, 31 Oct 2006 21:48:30 -0600 helo galis.org 250 sv22pub.verizon.net mail from: 250 Sender OK rcpt to: 550 4.2.1 mailbox temporarily disabled: nobody at verizon.net quit 221 2.3.0 Bye received. Goodbye. Connection closed by foreign host. So my question is, does anybody running spamd deliver to verizon.net without providing a false envelope from? What do you do? // George -- George Georgalis, systems architect, administrator <