From carton at Ivy.NET  Wed Jan  3 11:23:19 2007
From: carton at Ivy.NET (Miles Nordin)
Date: Wed, 03 Jan 2007 11:23:19 -0500
Subject: [nycbug-talk] nycbsdcon 2006
Message-ID: <oqr6uckrk8.fsf@castrovalva.Ivy.NET>

Is audio from the Google talk available?


From george at ceetonetechnology.com  Wed Jan  3 11:33:57 2007
From: george at ceetonetechnology.com (George R.)
Date: Wed, 03 Jan 2007 11:33:57 -0500
Subject: [nycbug-talk] nycbsdcon 2006
In-Reply-To: <oqr6uckrk8.fsf@castrovalva.Ivy.NET>
References: <oqr6uckrk8.fsf@castrovalva.Ivy.NET>
Message-ID: <459BDAF5.80303@ceetonetechnology.com>

Miles Nordin wrote:
> Is audio from the Google talk available?

We're still waiting on the slides. . . I'm keeping tabs on it. . .

I assume the audio is around when we're ready, right NF?

George


From nikolai at fetissov.org  Wed Jan  3 15:53:09 2007
From: nikolai at fetissov.org (nikolai)
Date: Wed, 3 Jan 2007 15:53:09 -0500 (EST)
Subject: [nycbug-talk] nycbsdcon 2006
In-Reply-To: <459BDAF5.80303@ceetonetechnology.com>
References: <oqr6uckrk8.fsf@castrovalva.Ivy.NET>
	<459BDAF5.80303@ceetonetechnology.com>
Message-ID: <1482.63.66.6.15.1167857589.squirrel@www.geekisp.com>

> Miles Nordin wrote:
>> Is audio from the Google talk available?
>
> We're still waiting on the slides. . . I'm keeping tabs on it. . .
>
> I assume the audio is around when we're ready, right NF?
>
> George

They told me they don't want to release the audio.
Though I still have the file ...
--
 Nikolai


From carton at Ivy.NET  Wed Jan  3 20:31:08 2007
From: carton at Ivy.NET (Miles Nordin)
Date: Wed, 03 Jan 2007 20:31:08 -0500
Subject: [nycbug-talk] nycbsdcon 2006
In-Reply-To: <1482.63.66.6.15.1167857589.squirrel@www.geekisp.com> (nikolai's
	message of "Wed, 3 Jan 2007 15:53:09 -0500 (EST)")
References: <oqr6uckrk8.fsf@castrovalva.Ivy.NET>
	<459BDAF5.80303@ceetonetechnology.com>
	<1482.63.66.6.15.1167857589.squirrel@www.geekisp.com>
Message-ID: <oqvejnk277.fsf@castrovalva.Ivy.NET>

>>>>> "n" == nikolai  <nikolai at fetissov.org> writes:

     n> I assume the audio is around when we're ready, right NF?

I kinda figured.  

In that case I would suggest you not invite them back.  I heard the
talk was really neat, but BSD is about openness.  We already went
through the AT&T fiasco with some community members being
site-licensed insiders forbidden to share what they knew with others:

  http://crackmonkey.org/unix.html (search for ``The curtain fell'')

Our meetings and conferences should not be held like a persecuted
underground movement because some large company feels threatened, IMO.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070103/9b012a1d/attachment.bin>

From hanulec at hanulec.com  Thu Jan  4 08:18:02 2007
From: hanulec at hanulec.com (Michael Hanulec)
Date: Thu, 4 Jan 2007 08:18:02 -0500 (EST)
Subject: [nycbug-talk] Meeting content, format and future meetings
Message-ID: <Pine.LNX.4.61.0701040740060.4497@mika.hanulec.com>

Hi all -

Last night was the third meeting I've attended since moving back to NYC 
although I've been a member of the mailing list Jan 2004.  I encouraged 
some new folks (new to nycbug) to attend the meeting because I sold them 
on how cool/useful PF is.  Thank you Okan Demirmen for taking the time 
last night and presenting.  I know I learned a thing or two about PF. 
Unfortunately I cannot say the same for some of my friends I asked to come 
down -- overall the presentation was too low level for someone who never 
used PF before.

I know making presentations might not be many of our day jobs but I think 
we ALL can do some simple things to improve the meetings and set people's 
expectations.

0. have the mic or two for audience questions.  not being able to hear 
your fellow member's questions is annoying.  a work around for this is 
having the presenter repeat the person's question prior to responding. 
this is the number one reason i didn't make these comments last night (or 
respond to the "Why use PF on a bastion or single unix server question") 
and decided to use the mailing so i could be "heard" by all.

1. NYCBUGers who attend -- Ask Questions!  Maybe you are like me and felt 
you couldn't be heard (#0 should fix that).  Or maybe you are shy and 
don't like to talk in public (#5 can give you that outlet too).  The 
presenter doesn't think you are interested or following them unless you 
ask a question.  Don't let your question wait until the end of the 
presentation either.

2. provide either the slides or a rough outline of the material to be 
presented a day or two prior to the meetings.  make sure to highlight 
examples/use cases/etc w/in this format.  examples can be as simple as a 
few lines of code to do something silly like a home nat firewall or using 
authpf to replace a vpn router.  i feel my friends might of missed our on 
how simply powerful PF really is.

3. start off and end the presentation with some real world examples.  you 
don't have to own these examples - maybe they can be borrowed from larger 
documentation sources and just cited.  maybe combine the concept of a nat 
firewall or authpf gateway and suggest people look at soekris or pcengines 
hardware to replace the dlink/linksys/netgear routers they have at home. 
or talk about enterprise-level proprietary conversion stories (removing 
cisco, checkpoint, sonicwall from the environment).

4. make the presentation slides available on www.nycbug.org.  i still 
refer to Johnny Lam's XEN slides but as i remember i had to use some 
social engineering to get the slides.

5. offer a standardized forum/method (mailing list?  blog?) and encourage 
NYCBUGers to ask questions of the presenters prior to the meeting in order 
to help meld what NYCBUGers and the presenters are discussing.  these 
questions could be used either to change the presentation prior to 
presenting OR be used and the end of the meeting in a q/a format.

My comments above are only meant to be constructive as I want to see the 
group grow and attract new, active members.  Thanks again to everyone at 
NYCBUG for their hard work.

-Mike

--
hanulec at hanulec.com	                        cell: 201-936-1993
http://www.hanulec.com                EFnet irc && aol im: hanulec


From nikolai at fetissov.org  Thu Jan  4 10:58:33 2007
From: nikolai at fetissov.org (nikolai)
Date: Thu, 4 Jan 2007 10:58:33 -0500 (EST)
Subject: [nycbug-talk] January 07 meeting audio
Message-ID: <37977.63.66.6.15.1167926313.squirrel@www.geekisp.com>

Folks,
Audio recording of Okan's presentation
is available at the usual place:
http://www.fetissov.org/public/nycbug/
--
 Nikolai


From carton at Ivy.NET  Thu Jan  4 11:51:15 2007
From: carton at Ivy.NET (Miles Nordin)
Date: Thu, 04 Jan 2007 11:51:15 -0500
Subject: [nycbug-talk] Meeting content, format and future meetings
In-Reply-To: <Pine.LNX.4.61.0701040740060.4497@mika.hanulec.com> (Michael
	Hanulec's message of "Thu, 4 Jan 2007 08:18:02 -0500 (EST)")
References: <Pine.LNX.4.61.0701040740060.4497@mika.hanulec.com>
Message-ID: <oqejqaka64.fsf@castrovalva.Ivy.NET>

>>>>> "mh" == Michael Hanulec <hanulec at hanulec.com> writes:

    mh> constructive 

yeah, the big step for users' groups seems to be to get enough
audience and presenter interest to have regular meetings about serious
topics at all.  Everything else is easy by comparison.

    mh> Ask Questions!

It's a little late, but I have some questions about PF!

(1) Did anything ever come of those rumors of integrating the IPsec
    SPD into PF?  Was it finished or deemed unfeasible?

(2) For those who have used ALTQ, why does PF's queue( a, b ) form
    filter on the TOS bits?  This simply doesn't work except on a
    LAN---the bits are now DSCP rather than TOS, which means they're
    altered on their way through the Internet.  As soon as I set this
    up and tried to measure its effect, the problem was immediately
    obvious, and tcpdump quickly shows the cause.  It's actually
    harmful to force-provide this broken scheme along with the useful
    ACK-prioritization scheme, because who knows how those bits will
    arrive off the Internet.

(2.5) I think the form for matching TOS is broken, too---it implies
      some kind of bitwise AND without documenting it.  This breaks
      matching DSCP.  And there is no facility to set DSCP.

(3) PF 'keep state' rules are supposed to ``pass ICMP associated with
    the TCP flow'', but they actually do *NOT* pass
    ICMP-unreachable-fragmentation-needed from intermediate routers
    between the two end systems.  You have to pass these by hand with
    a stateless rule.  so there are actually a bunch, probably the
    overwhelming majority, of PF routers out there misconfigured with
    'keep state' only and thus causing the ``PPPoE problem'',
    including my own router until recently, even though I understand
    the problem.  Shouldn't this configuration issue, which affects
    basically everyone who uses PF, be documented accurately instead
    of suggesting ``keep state is all you need'' like they do now?
    Alternatively, 'keep state' should look inside all ICMP and match
    it against the TCP flows by the ICMP payload instead of the
    header.  In any case, the issue which affects basically everyone
    ought to be in the examples.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070104/7af5ce00/attachment.bin>

From pete at nomadlogic.org  Thu Jan  4 12:14:19 2007
From: pete at nomadlogic.org (Pete Wright)
Date: Thu, 4 Jan 2007 12:14:19 -0500
Subject: [nycbug-talk] FreeBSD 340.noid periodic script + jails
In-Reply-To: <Pine.OSX.4.61.0612262310360.329@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.61.0612262310360.329@white.nat.fasttrackmonkey.com>
Message-ID: <20070104171415.GA69848@sunset.nomadlogic.org>

On Tue, Dec 26, 2006 at 11:15:55PM -0500, Charles Sprickman wrote:
> Hi all,
> 
> Just thought I'd run this one by the group...
> 
> You're probably familiar with the periodic script 
> (/etc/periodic/weekly/340.noid) that reports on what files on a host that 
> have an unknown user or group.  One annoyance I've found beyond the 
> occasional tarball that unpacks with unused uids is that many times there 
> are UIDs that exist in a jail but not on the main host.
> 
> For now we just threw a patch in there to skip the path that matches where 
> we stash the jails.  Ideally I'd like to figure out a method that would 
> not involve applying this everytime we see a change there in a mergemaster 
> run.
> 
> We brainstormed a bit and came up entry.  Anyone else faced with this tiny 
> annoyance?
> 

sorry for the really late reply on this, just catching up on my email,
what does your patch look like?  according to the periodic.conf man page
you can define this variable:

weekly_noid_dirs
	(str) A list of directories under which orphaned files are
        searched for.  This would usually be set to /.
  
HTH

-p


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From george at ceetonetechnology.com  Thu Jan  4 13:17:20 2007
From: george at ceetonetechnology.com (George R.)
Date: Thu, 04 Jan 2007 13:17:20 -0500
Subject: [nycbug-talk] nycbsdcon 2006
In-Reply-To: <oqvejnk277.fsf@castrovalva.Ivy.NET>
References: <oqr6uckrk8.fsf@castrovalva.Ivy.NET>	<459BDAF5.80303@ceetonetechnology.com>	<1482.63.66.6.15.1167857589.squirrel@www.geekisp.com>
	<oqvejnk277.fsf@castrovalva.Ivy.NET>
Message-ID: <459D44B0.1070506@ceetonetechnology.com>

Miles Nordin wrote:
>>>>>> "n" == nikolai  <nikolai at fetissov.org> writes:
> 
> n> I assume the audio is around when we're ready, right NF?
> 
> I kinda figured.
> 
> In that case I would suggest you not invite them back.  I heard the 
> talk was really neat, but BSD is about openness.  We already went 
> through the AT&T fiasco with some community members being 
> site-licensed insiders forbidden to share what they knew with others:
> 
> 
> http://crackmonkey.org/unix.html (search for ``The curtain fell'')
> 
> Our meetings and conferences should not be held like a persecuted 
> underground movement because some large company feels threatened,
> IMO.

Nice.

The reality is that having a speaker who works for a major corporation is
probably going to have to have the meeting signed off on and approved by
various internal characters and processes.

That's reality.

You are aware of the issue because it's come up, but it's never been
public knowledge until now.

g


From george at ceetonetechnology.com  Thu Jan  4 13:38:01 2007
From: george at ceetonetechnology.com (George R.)
Date: Thu, 04 Jan 2007 13:38:01 -0500
Subject: [nycbug-talk] Meeting content, format and future meetings
In-Reply-To: <Pine.LNX.4.61.0701040740060.4497@mika.hanulec.com>
References: <Pine.LNX.4.61.0701040740060.4497@mika.hanulec.com>
Message-ID: <459D4989.2000006@ceetonetechnology.com>

Michael Hanulec wrote:
> Hi all -
> 
> Last night was the third meeting I've attended since moving back to
> NYC although I've been a member of the mailing list Jan 2004.  I
> encouraged some new folks (new to nycbug) to attend the meeting
> because I sold them on how cool/useful PF is.  Thank you Okan
> Demirmen for taking the time last night and presenting.  I know I
> learned a thing or two about PF. Unfortunately I cannot say the same
> for some of my friends I asked to come down -- overall the
> presentation was too low level for someone who never used PF before.

Hmmm. . .

Do you mean low-level or high-level?

Assuming you meant the meeting was too "high level," then it's because
there is a general level of proficiency with BSD firewalls around as the
early very unscientific poll in the beginning of the meeting
illustrated. . .

If you meant "low level," then I think Okan was very clear on providing
a flexibility in his talk to go in *any* direction the discussion demanded.

And to some extent it did. . .

> I know making presentations might not be many of our day jobs but I
> think we ALL can do some simple things to improve the meetings and
> set people's expectations.
> 
> 0. have the mic or two for audience questions.  not being able to
> hear your fellow member's questions is annoying.  a work around for
> this is having the presenter repeat the person's question prior to
> responding. this is the number one reason i didn't make these
> comments last night (or respond to the "Why use PF on a bastion or
> single unix server question") and decided to use the mailing so i
> could be "heard" by all.
> 

Agree. . . Strongly.  We have made that point regularly, and Okan tried
to do a number of times.

> 1. NYCBUGers who attend -- Ask Questions!  Maybe you are like me and
> felt you couldn't be heard (#0 should fix that).  Or maybe you are
> shy and don't like to talk in public (#5 can give you that outlet
> too).  The presenter doesn't think you are interested or following
> them unless you ask a question.  Don't let your question wait until
> the end of the presentation either.
> 

Agree even more strongly.  But I would think by now any who's been to a
meeting or two knows that interruptive questions are encouraged.  And
Okan did state that in the beginning.

> 2. provide either the slides or a rough outline of the material to be
>  presented a day or two prior to the meetings.  make sure to
> highlight examples/use cases/etc w/in this format.  examples can be
> as simple as a few lines of code to do something silly like a home
> nat firewall or using authpf to replace a vpn router.  i feel my
> friends might of missed our on how simply powerful PF really is.
> 

Hmm. . .

> 3. start off and end the presentation with some real world examples.
> you don't have to own these examples - maybe they can be borrowed
> from larger documentation sources and just cited.  maybe combine the
> concept of a nat firewall or authpf gateway and suggest people look
> at soekris or pcengines hardware to replace the dlink/linksys/netgear
> routers they have at home. or talk about enterprise-level proprietary
> conversion stories (removing cisco, checkpoint, sonicwall from the
> environment).
> 

We have *only* had real world PF meetings from the beginning. .
.PFSense, Soekris, Mischa from Germany on his firm's usage, etc.

That is true more often than not, but not for every meeting.

> 4. make the presentation slides available on www.nycbug.org.  i still
>  refer to Johnny Lam's XEN slides but as i remember i had to use some
>  social engineering to get the slides.
> 

We try to have that done.. . and it's usually part of the post-meeting
followup.

> 5. offer a standardized forum/method (mailing list?  blog?) and
> encourage NYCBUGers to ask questions of the presenters prior to the
> meeting in order to help meld what NYCBUGers and the presenters are
> discussing.  these questions could be used either to change the
> presentation prior to presenting OR be used and the end of the
> meeting in a q/a format.
> 

Easier said than done.  We've made some attempts on that, and if you
feel that way, great.  Now you can initiate for future meetings. :)

> My comments above are only meant to be constructive as I want to see
> the group grow and attract new, active members.  Thanks again to
> everyone at NYCBUG for their hard work.

Your input is appreciated. . . Now you should take the initiative in
providing input for the issues you mentioned.

You should have mentioned the mike/repeat question thing yourself (Okan
stopped listening to me a long time ago :)

You should raise the meeting topic before the meetings if you have any
issues/comments/questions.

We are not rigid in this stuff. . . we are what we all make it. . .

George


From jschauma at netmeister.org  Thu Jan  4 13:25:58 2007
From: jschauma at netmeister.org (Jan Schaumann)
Date: Thu, 4 Jan 2007 10:25:58 -0800
Subject: [nycbug-talk] nycbsdcon 2006
In-Reply-To: <459D44B0.1070506@ceetonetechnology.com>
References: <oqr6uckrk8.fsf@castrovalva.Ivy.NET>
	<459BDAF5.80303@ceetonetechnology.com>
	<1482.63.66.6.15.1167857589.squirrel@www.geekisp.com>
	<oqvejnk277.fsf@castrovalva.Ivy.NET>
	<459D44B0.1070506@ceetonetechnology.com>
Message-ID: <20070104182558.GA6168@netmeister.org>

"George R." <george at ceetonetechnology.com> wrote:
 
> The reality is that having a speaker who works for a major corporation is
> probably going to have to have the meeting signed off on and approved by
> various internal characters and processes.

Yes, but you'd figure that this would happen _before_ the person is
giving the presentation.  Trying to suppress the publication of the
content _after_ it was given seems... suboptimal for all involved.

-Jan

-- 
   It's psychosomatic. You need a lobotomy. I'll get a saw.
		  -- Calvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070104/53a1b2ee/attachment.bin>

From jschauma at netmeister.org  Thu Jan  4 13:28:35 2007
From: jschauma at netmeister.org (Jan Schaumann)
Date: Thu, 4 Jan 2007 10:28:35 -0800
Subject: [nycbug-talk] Meeting content, format and future meetings
In-Reply-To: <Pine.LNX.4.61.0701040740060.4497@mika.hanulec.com>
References: <Pine.LNX.4.61.0701040740060.4497@mika.hanulec.com>
Message-ID: <20070104182835.GB6168@netmeister.org>

Michael Hanulec <hanulec at hanulec.com> wrote:
 
> 4. make the presentation slides available on www.nycbug.org.  i still 
> refer to Johnny Lam's XEN slides but as i remember i had to use some 
> social engineering to get the slides.

JFTR, Johnny's slides are available online at
http://www.netbsd.org/gallery/presentations/jlam/xen.html

-Jan

-- 
http://www.ncadp.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070104/a266cdf7/attachment.bin>

From skreuzer at f2o.org  Fri Jan  5 16:52:05 2007
From: skreuzer at f2o.org (Steven Kreuzer)
Date: Fri, 5 Jan 2007 16:52:05 -0500
Subject: [nycbug-talk] Reentrant syslog for FreeBSD
Message-ID: <43E3B34F-3AB0-4BE9-B0C4-9D979D34DA55@f2o.org>

Greetings-

I was wondering if any folks would like to help me test a patch that  
makes syslog reentrant on FreeBSD. I've done a little bit of testing  
and so far, so good.

The patch essentially takes OpenBSD's reentrant syslog functions  
(openlog_r, closelog_r, syslog_r and vsyslog_r) and makes the  
available in FreeBSD. Hopefully this will make building of packages  
such as spamd under FreeBSD easier since the source shouldn't require  
modifications.

To apply the patch as root:

cd /usr/src/
patch -p0 < /path/to/patch
make buildworld && make installworld
reboot

Feedback is very much appreciated.

Thanks,

Steven

-------------- next part --------------
A non-text attachment was scrubbed...
Name: reentrant-syslog.patch
Type: application/octet-stream
Size: 9236 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070105/813f548e/attachment.obj>
-------------- next part --------------



From george at galis.org  Sat Jan  6 19:31:40 2007
From: george at galis.org (George Georgalis)
Date: Sat, 6 Jan 2007 19:31:40 -0500
Subject: [nycbug-talk] nycbsdcon 2006
In-Reply-To: <20070104182558.GA6168@netmeister.org>
References: <oqr6uckrk8.fsf@castrovalva.Ivy.NET>
	<459BDAF5.80303@ceetonetechnology.com>
	<1482.63.66.6.15.1167857589.squirrel@www.geekisp.com>
	<oqvejnk277.fsf@castrovalva.Ivy.NET>
	<459D44B0.1070506@ceetonetechnology.com>
	<20070104182558.GA6168@netmeister.org>
Message-ID: <20070107003140.GF15710@run.galis.org>

On Thu, Jan 04, 2007 at 10:25:58AM -0800, Jan Schaumann wrote:
>"George R." <george at ceetonetechnology.com> wrote:
> 
>> The reality is that having a speaker who works for a major corporation is
>> probably going to have to have the meeting signed off on and approved by
>> various internal characters and processes.
>
>Yes, but you'd figure that this would happen _before_ the person is
>giving the presentation.  Trying to suppress the publication of the
>content _after_ it was given seems... suboptimal for all involved.

Humm, no atomic operation from the powers that be. Well there is a
first time for everything.

So what'd the presenter talk about that was so secret? Or did some
profanity slip in?

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><


From george at ceetonetechnology.com  Sat Jan  6 23:12:48 2007
From: george at ceetonetechnology.com (George R.)
Date: Sat, 06 Jan 2007 23:12:48 -0500
Subject: [nycbug-talk] nycbsdcon 2006
In-Reply-To: <20070107003140.GF15710@run.galis.org>
References: <oqr6uckrk8.fsf@castrovalva.Ivy.NET>	<459BDAF5.80303@ceetonetechnology.com>	<1482.63.66.6.15.1167857589.squirrel@www.geekisp.com>	<oqvejnk277.fsf@castrovalva.Ivy.NET>	<459D44B0.1070506@ceetonetechnology.com>	<20070104182558.GA6168@netmeister.org>
	<20070107003140.GF15710@run.galis.org>
Message-ID: <45A07340.6050909@ceetonetechnology.com>

George Georgalis wrote:
> On Thu, Jan 04, 2007 at 10:25:58AM -0800, Jan Schaumann wrote:
>> "George R." <george at ceetonetechnology.com> wrote:
>>
>>> The reality is that having a speaker who works for a major corporation is
>>> probably going to have to have the meeting signed off on and approved by
>>> various internal characters and processes.
>> Yes, but you'd figure that this would happen _before_ the person is
>> giving the presentation.  Trying to suppress the publication of the
>> content _after_ it was given seems... suboptimal for all involved.
> 
> Humm, no atomic operation from the powers that be. Well there is a
> first time for everything.
> 
> So what'd the presenter talk about that was so secret? Or did some
> profanity slip in?

Yeah, he let out some NSA secrets and explained what google is doing
with all that dark fiber.

</topic>

g


From george at ceetonetechnology.com  Sat Jan  6 23:14:46 2007
From: george at ceetonetechnology.com (George R.)
Date: Sat, 06 Jan 2007 23:14:46 -0500
Subject: [nycbug-talk] vi interview with Joy
Message-ID: <45A073B6.4000606@ceetonetechnology.com>

Found this off the DFly Digest. . . is on the British Register. . . from
1999:

http://tinyurl.com/d5vt9

g


From george at ceetonetechnology.com  Sat Jan  6 23:16:54 2007
From: george at ceetonetechnology.com (George R.)
Date: Sat, 06 Jan 2007 23:16:54 -0500
Subject: [nycbug-talk] upcoming meeting
Message-ID: <45A07436.3050506@ceetonetechnology.com>

As someone noted earlier, it would be useful to entertain pre-meeting
questions and comments.  So here goes. . .

Ivan approached me at NYCBSDCon about doing this meeting, so here's the
blurb from the www site:

Ivan Ivanov on The Version Control System Subversion

The presentation will discuss Subversion from both client and server
points of view. It will show how to create repositories and how to make
them accessible over the network using different access schemes like
http://, file:// or svn://. Pointers are given on securing the
repositories and on authenticating and authorizing the clients. Next,
the presentation shows how an user interacts with the repository and
describes some of the important Subversion client commands. Finally, it
deals with administrating the repository using "hook scripts".

Ivan Ivanov is generally interested in Version Control Systems since his
student years in Sofia University, Bulgaria, where he set up and
maintained a CVS server for an academic project. When Subversion became
a fact and proved to be "a better CVS" he researched it and last year
deployed it for his NYC-based employer Ariel Partners
(http://www.arielpartners.com/). He intergrated the Subversion
repositories with Apache Web Server over https to enable a reliable and
secure way to access them from any point.


From spork at bway.net  Sat Jan  6 23:58:12 2007
From: spork at bway.net (Charles Sprickman)
Date: Sat, 6 Jan 2007 23:58:12 -0500 (EST)
Subject: [nycbug-talk] upcoming meeting
In-Reply-To: <45A07436.3050506@ceetonetechnology.com>
References: <45A07436.3050506@ceetonetechnology.com>
Message-ID: <Pine.OSX.4.64.0701062348420.8361@white.nat.fasttrackmonkey.com>

On Sat, 6 Jan 2007, George R. wrote:

> As someone noted earlier, it would be useful to entertain pre-meeting
> questions and comments.  So here goes. . .
>
> Ivan approached me at NYCBSDCon about doing this meeting, so here's the
> blurb from the www site:
>
> Ivan Ivanov on The Version Control System Subversion

Sounds like a good one!

I don't use cvs or svn much for day-to-day stuff beyond storing some 
configs in there (unix hosts and routers).  However, I did recently do 
some work moving a client from cvs to subversion, and it's still somewhat 
fresh in my mind.  Two things that I think are essential if you've got a 
background in cvs:

1.

http://svnbook.red-bean.com/nightly/en/svn.basic.in-action.html#svn.basic.in-action.revs

That section of the (excellent) free, online svn book is a really good 
read.  While svn and cvs try to present the user with similar/compatible 
tools, the way things work behind the scenes are radically different. 
That section helps explain how and things didn't click for me until I read 
that.  The folks actually using svn were not quite understanding why a 
change in one file bumped the revision number on every file in the 
repository.

One also needs to understand that branches and tags are much more 
loose/arbitrary than in cvs and are more of a "virtual" grouping of files 
than they are in cvs.

2.

http://cvs2svn.tigris.org/

Since many folks are not starting from scratch, but moving from cvs to 
svn, that tool is very cool.  It gets quite hairy if your cvs repo is kind 
of a mess, but it tries really hard to get things right.

I'll also add a third, which is more of a question...  With cvs, it's easy 
to set an environment variable in your shell to tell cvs where the repo 
lives.  There is no such thing in svn.  What kind of hackery is out there 
for those that don't like typing svn urls with every command?

Charles



From lists at genoverly.net  Sun Jan  7 09:26:12 2007
From: lists at genoverly.net (michael)
Date: Sun, 7 Jan 2007 09:26:12 -0500
Subject: [nycbug-talk] vi interview with Joy
In-Reply-To: <45A073B6.4000606@ceetonetechnology.com>
References: <45A073B6.4000606@ceetonetechnology.com>
Message-ID: <20070107092612.18bcc112@dt.genoverly.com>

On Sat, 06 Jan 2007 23:14:46 -0500
"George R." <george at ceetonetechnology.com> wrote:

> Found this off the DFly Digest. . . is on the British Register. . .
> from 1999:
> 
> http://tinyurl.com/d5vt9
> 
> g


Now we know exactly who to blame! 

	"People don't know that vi was written for a world that doesn't
		exist anymore -" 

So, lets move on to something better.

I know vi is one of the defacto editors in unix. But is continuity
really the only reason to hang onto one of the zaniest text editors
ever conceived?  Why else would the unix world not come up with a
simple, elegant, and effective text editor... that is unixy?

-- 

michael

(this address does not accept public email)



From mhernandez at ocsny.com  Sun Jan  7 12:16:39 2007
From: mhernandez at ocsny.com (Michael Hernandez)
Date: Sun, 7 Jan 2007 12:16:39 -0500
Subject: [nycbug-talk] vi interview with Joy
In-Reply-To: <20070107092612.18bcc112@dt.genoverly.com>
References: <45A073B6.4000606@ceetonetechnology.com>
	<20070107092612.18bcc112@dt.genoverly.com>
Message-ID: <48501B09-65F2-40DC-8B0D-F148FA92F4B4@ocsny.com>


On Jan 7, 2007, at 9:26 AM, michael wrote:

> On Sat, 06 Jan 2007 23:14:46 -0500
> "George R." <george at ceetonetechnology.com> wrote:
>
>> Found this off the DFly Digest. . . is on the British Register. . .
>> from 1999:
>>
>> http://tinyurl.com/d5vt9
>>
>> g
>
>
> Now we know exactly who to blame!
>
> 	"People don't know that vi was written for a world that doesn't
> 		exist anymore -"
>
> So, lets move on to something better.


vim :)

--Mike H


From mspitzer at gmail.com  Sun Jan  7 22:52:21 2007
From: mspitzer at gmail.com (Marc Spitzer)
Date: Sun, 7 Jan 2007 22:52:21 -0500
Subject: [nycbug-talk] nycbsdcon 2006
In-Reply-To: <45A07340.6050909@ceetonetechnology.com>
References: <oqr6uckrk8.fsf@castrovalva.Ivy.NET>
	<459BDAF5.80303@ceetonetechnology.com>
	<1482.63.66.6.15.1167857589.squirrel@www.geekisp.com>
	<oqvejnk277.fsf@castrovalva.Ivy.NET>
	<459D44B0.1070506@ceetonetechnology.com>
	<20070104182558.GA6168@netmeister.org>
	<20070107003140.GF15710@run.galis.org>
	<45A07340.6050909@ceetonetechnology.com>
Message-ID: <8c50a3c30701071952h1f182da8m3590c99e03ba217d@mail.gmail.com>

On 1/6/07, George R. <george at ceetonetechnology.com> wrote:
>
> Yeah, he let out some NSA secrets and explained what google is doing
> with all that dark fiber.
>

That is not true, they let slip about the complex on the back of the
moon(lunar-plex)

marc

-- 
Freedom is nothing but a chance to be better.
Albert Camus


From tux at penguinnetwerx.net  Mon Jan  8 19:03:23 2007
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Mon, 08 Jan 2007 19:03:23 -0500
Subject: [nycbug-talk] *BSD on Hold?
Message-ID: <45A2DBCB.9070702@penguinnetwerx.net>

http://bsd.slashdot.org/bsd/07/01/08/1219254.shtml


From dlavigne6 at sympatico.ca  Mon Jan  8 19:17:56 2007
From: dlavigne6 at sympatico.ca (Dru)
Date: Mon, 8 Jan 2007 19:17:56 -0500 (EST)
Subject: [nycbug-talk] *BSD on Hold?
In-Reply-To: <45A2DBCB.9070702@penguinnetwerx.net>
References: <45A2DBCB.9070702@penguinnetwerx.net>
Message-ID: <20070108191656.Y629@dru.domain.org>



On Mon, 8 Jan 2007, Kevin Reiter wrote:

> http://bsd.slashdot.org/bsd/07/01/08/1219254.shtml


And my response:

http://blogs.ittoolbox.com/unix/bsd/archives/the-big-license-mess-13833

Dru


From bob at redivi.com  Mon Jan  8 19:14:20 2007
From: bob at redivi.com (Bob Ippolito)
Date: Mon, 8 Jan 2007 16:14:20 -0800
Subject: [nycbug-talk] *BSD on Hold?
In-Reply-To: <45A2DBCB.9070702@penguinnetwerx.net>
References: <45A2DBCB.9070702@penguinnetwerx.net>
Message-ID: <6a36e7290701081614v35c637a7gf2abc4ffe7c1ace@mail.gmail.com>

On 1/8/07, Kevin Reiter <tux at penguinnetwerx.net> wrote:
> http://bsd.slashdot.org/bsd/07/01/08/1219254.shtml

Gentoo/FreeBSD is not *BSD.

"""
Gentoo/FreeBSD (or Gentoo/FBSD, or G/FBSD) is an effort to create a
complete FreeBSD-based Gentoo system, sharing the complete
administration facilities of Gentoo with the reliability of the
FreeBSD kernel and userland.
"""

http://www.gentoo.org/proj/en/gentoo-alt/bsd/fbsd/

-bob


From pete at nomadlogic.org  Mon Jan  8 19:23:23 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Mon, 8 Jan 2007 16:23:23 -0800 (PST)
Subject: [nycbug-talk] *BSD on Hold?
In-Reply-To: <45A2DBCB.9070702@penguinnetwerx.net>
References: <45A2DBCB.9070702@penguinnetwerx.net>
Message-ID: <51460.160.33.20.11.1168302203.squirrel@webmail.nomadlogic.org>


> http://bsd.slashdot.org/bsd/07/01/08/1219254.shtml
>

I saw this article this morning and got confused at first.  I think what's
happening is that someone decided the ports system and FreeBSD userland
sucks so they wanted to implement a GNU userland and portage to the
FreeBSD kernel (atleast that's the only reason i could come up with - not
that i agree with that reasoning).  hence gentoo/freebsd.

a dev found something regarding the advertising clause in some code and
realized that it's not fully compatible with the GPLv2 (libkvm i belive). 
although i would be surprised if this was the case at the end of the
day....

not really sure why this is a big deal though...or why someone would want
to stack a gnu/linux system ontop of FreeBSD....

-pete

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From spork at bway.net  Mon Jan  8 22:12:49 2007
From: spork at bway.net (Charles Sprickman)
Date: Mon, 8 Jan 2007 22:12:49 -0500 (EST)
Subject: [nycbug-talk] FreeBSD 340.noid periodic script + jails
In-Reply-To: <20070104171415.GA69848@sunset.nomadlogic.org>
References: <Pine.OSX.4.61.0612262310360.329@white.nat.fasttrackmonkey.com>
	<20070104171415.GA69848@sunset.nomadlogic.org>
Message-ID: <Pine.OSX.4.64.0701082207310.8361@white.nat.fasttrackmonkey.com>

On Thu, 4 Jan 2007, Pete Wright wrote:

> On Tue, Dec 26, 2006 at 11:15:55PM -0500, Charles Sprickman wrote:
>> Hi all,
>>
>> Just thought I'd run this one by the group...
>>
>> You're probably familiar with the periodic script
>> (/etc/periodic/weekly/340.noid) that reports on what files on a host that
>> have an unknown user or group.  One annoyance I've found beyond the
>> occasional tarball that unpacks with unused uids is that many times there
>> are UIDs that exist in a jail but not on the main host.
>>
>> For now we just threw a patch in there to skip the path that matches where
>> we stash the jails.  Ideally I'd like to figure out a method that would
>> not involve applying this everytime we see a change there in a mergemaster
>> run.
>>
>> We brainstormed a bit and came up entry.  Anyone else faced with this tiny
>> annoyance?
>>
>
> sorry for the really late reply on this, just catching up on my email,
> what does your patch look like?  according to the periodic.conf man page
> you can define this variable:
>
> weekly_noid_dirs
> 	(str) A list of directories under which orphaned files are
>        searched for.  This would usually be set to /.

Sorry for the late reply to your late reply. :)

That looks like it should help us out.

The "patch" was just to add another line to the find command to exclude 
anything with "jail" in it's name.

Thanks,

Charles

> HTH
>
> -p
>
>
> -- 
> ~~oO00Oo~~
> Peter Wright
> pete at nomadlogic.org
> www.nomadlogic.org/~pete
> 310.869.9459
>
>


From tux at penguinnetwerx.net  Tue Jan  9 00:29:36 2007
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Tue, 09 Jan 2007 00:29:36 -0500
Subject: [nycbug-talk] *BSD on Hold?
In-Reply-To: <6a36e7290701081614v35c637a7gf2abc4ffe7c1ace@mail.gmail.com>
References: <45A2DBCB.9070702@penguinnetwerx.net>
	<6a36e7290701081614v35c637a7gf2abc4ffe7c1ace@mail.gmail.com>
Message-ID: <45A32840.603@penguinnetwerx.net>

Bob Ippolito wrote:
> On 1/8/07, Kevin Reiter <tux at penguinnetwerx.net> wrote:
>> http://bsd.slashdot.org/bsd/07/01/08/1219254.shtml
> 
> Gentoo/FreeBSD is not *BSD.
> 
> """
> Gentoo/FreeBSD (or Gentoo/FBSD, or G/FBSD) is an effort to create a
> complete FreeBSD-based Gentoo system, sharing the complete
> administration facilities of Gentoo with the reliability of the
> FreeBSD kernel and userland.
> """
> 
> http://www.gentoo.org/proj/en/gentoo-alt/bsd/fbsd/

My bad.. I read, "..among the various *BSD projects who use BSD-4 
licensed code (which is all of them). .." and wasn't paying close enough 
attention, I guess.  Serves me right for doing too many things at once.


From lists at stringsutils.com  Tue Jan  9 23:15:07 2007
From: lists at stringsutils.com (Francisco Reyes)
Date: Tue, 09 Jan 2007 23:15:07 -0500
Subject: [nycbug-talk] BSD Tracker gone?
Message-ID: <cone.1168402507.977095.86642.1000@zoraida.natserv.net>

Maybe I just can't find it.. but didn't there used to be a BSD Tracker on 
the nycbug site? A list of companies/individuals that provide *BSD services.

Looking at the archives I did not see any mention of the tracker getting 
removed from the site.


From lists at genoverly.net  Wed Jan 10 09:35:29 2007
From: lists at genoverly.net (michael)
Date: Wed, 10 Jan 2007 09:35:29 -0500
Subject: [nycbug-talk] BSD Tracker gone?
In-Reply-To: <cone.1168402507.977095.86642.1000@zoraida.natserv.net>
References: <cone.1168402507.977095.86642.1000@zoraida.natserv.net>
Message-ID: <20070110093529.28ab475d@dt.genoverly.com>

On Tue, 09 Jan 2007 23:15:07 -0500
Francisco Reyes <lists at stringsutils.com> wrote:

> Maybe I just can't find it.. but didn't there used to be a BSD
> Tracker on the nycbug site? A list of companies/individuals that
> provide *BSD services.
> 
> Looking at the archives I did not see any mention of the tracker
> getting removed from the site.

Yes, tracker is temporarily offline.

-- 

michael


(this address does not accept public email)



From mikel.king at techally.com  Wed Jan 10 14:40:36 2007
From: mikel.king at techally.com (Mikel King)
Date: Wed, 10 Jan 2007 14:40:36 -0500
Subject: [nycbug-talk] BSD Tracker gone?
In-Reply-To: <cone.1168402507.977095.86642.1000@zoraida.natserv.net>
References: <cone.1168402507.977095.86642.1000@zoraida.natserv.net>
Message-ID: <D60FCBF0-D1F8-4338-97FC-E6688553DFAB@techally.com>


On Jan 9, 2007, at 11:15 PM, Francisco Reyes wrote:

> Maybe I just can't find it.. but didn't there used to be a BSD  
> Tracker on
> the nycbug site? A list of companies/individuals that provide *BSD  
> services.
>
> Looking at the archives I did not see any mention of the tracker  
> getting
> removed from the site.

Fransisco,

	What do you require? We still service *BSD in the NYC Metro area.

Cheers,
Mikel





From lists at stringsutils.com  Wed Jan 10 16:23:03 2007
From: lists at stringsutils.com (Francisco Reyes)
Date: Wed, 10 Jan 2007 16:23:03 -0500
Subject: [nycbug-talk] BSD Tracker gone?
References: <cone.1168402507.977095.86642.1000@zoraida.natserv.net>
	<D60FCBF0-D1F8-4338-97FC-E6688553DFAB@techally.com>
Message-ID: <cone.1168464183.366359.742.5001@35st.simplicato.com>

Mikel King writes:

>What do you require? We still service *BSD in the NYC Metro area.

I sent the details to the job list.

See the posts by "Francisco Reyes" in 
http://lists.nycbug.org/pipermail/jobs/2007-January/author.html


From okan at demirmen.com  Thu Jan 11 09:38:40 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 11 Jan 2007 09:38:40 -0500
Subject: [nycbug-talk] vi interview with Joy
In-Reply-To: <20070107092612.18bcc112@dt.genoverly.com>
References: <45A073B6.4000606@ceetonetechnology.com>
	<20070107092612.18bcc112@dt.genoverly.com>
Message-ID: <20070111143840.GE5788@clam.khaoz.org>

On Sun 2007.01.07 at 09:26 -0500, michael wrote:
> On Sat, 06 Jan 2007 23:14:46 -0500
> "George R." <george at ceetonetechnology.com> wrote:
> 
> > Found this off the DFly Digest. . . is on the British Register. . .
> > from 1999:
> > 
> > http://tinyurl.com/d5vt9
> > 
> > g

....why am i replying to this??? i don't know.

> Now we know exactly who to blame! 
> 
> 	"People don't know that vi was written for a world that doesn't
> 		exist anymore -" 
> 
> So, lets move on to something better.

that quote is taken out of context ...

> I know vi is one of the defacto editors in unix. But is continuity
> really the only reason to hang onto one of the zaniest text editors
> ever conceived?  Why else would the unix world not come up with a
> simple, elegant, and effective text editor... that is unixy?

what? are you trying to start a flame war? get over it.


From okan at demirmen.com  Thu Jan 11 09:38:55 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 11 Jan 2007 09:38:55 -0500
Subject: [nycbug-talk] vi interview with Joy
In-Reply-To: <48501B09-65F2-40DC-8B0D-F148FA92F4B4@ocsny.com>
References: <45A073B6.4000606@ceetonetechnology.com>
	<20070107092612.18bcc112@dt.genoverly.com>
	<48501B09-65F2-40DC-8B0D-F148FA92F4B4@ocsny.com>
Message-ID: <20070111143855.GF5788@clam.khaoz.org>

On Sun 2007.01.07 at 12:16 -0500, Michael Hernandez wrote:
> 
> On Jan 7, 2007, at 9:26 AM, michael wrote:
> 
> > On Sat, 06 Jan 2007 23:14:46 -0500
> > "George R." <george at ceetonetechnology.com> wrote:
> >
> >> Found this off the DFly Digest. . . is on the British Register. . .
> >> from 1999:
> >>
> >> http://tinyurl.com/d5vt9
> >>
> >> g
> >
> >
> > Now we know exactly who to blame!
> >
> > 	"People don't know that vi was written for a world that doesn't
> > 		exist anymore -"
> >
> > So, lets move on to something better.
> 
> 
> vim :)

run for hills!


From okan at demirmen.com  Thu Jan 11 09:44:42 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 11 Jan 2007 09:44:42 -0500
Subject: [nycbug-talk] upcoming meeting
In-Reply-To: <45A07436.3050506@ceetonetechnology.com>
References: <45A07436.3050506@ceetonetechnology.com>
Message-ID: <20070111144442.GG5788@clam.khaoz.org>

On Sat 2007.01.06 at 23:16 -0500, George R. wrote:
> As someone noted earlier, it would be useful to entertain pre-meeting
> questions and comments.  So here goes. . .

as much as finding out about how svn works, i think coverage on why, and
importantly *where", one would want/use a versioning system, and
possible implementations would be nice to hear.  software projects are
one thing, but exploring the possibilities of versioning say, system
configurations and database schemas, and all that jazz.  how about
versioning in change management systems?

the list could go on, but the point is to also discuss the applications
of "versioning systems", be it svn of cvs.

just an idea ;)

cheers


From okan at demirmen.com  Thu Jan 11 09:45:56 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 11 Jan 2007 09:45:56 -0500
Subject: [nycbug-talk] January 07 meeting audio
In-Reply-To: <37977.63.66.6.15.1167926313.squirrel@www.geekisp.com>
References: <37977.63.66.6.15.1167926313.squirrel@www.geekisp.com>
Message-ID: <20070111144556.GH5788@clam.khaoz.org>

On Thu 2007.01.04 at 10:58 -0500, nikolai wrote:
> Folks,
> Audio recording of Okan's presentation
> is available at the usual place:
> http://www.fetissov.org/public/nycbug/

thanks nikolai.

and when i stop remembering at the wrong and most inconvenient times,
i'll post the slides.


From okan at demirmen.com  Thu Jan 11 10:21:41 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 11 Jan 2007 10:21:41 -0500
Subject: [nycbug-talk] Meeting content, format and future meetings
In-Reply-To: <oqejqaka64.fsf@castrovalva.Ivy.NET>
References: <Pine.LNX.4.61.0701040740060.4497@mika.hanulec.com>
	<oqejqaka64.fsf@castrovalva.Ivy.NET>
Message-ID: <20070111152141.GI5788@clam.khaoz.org>

On Thu 2007.01.04 at 11:51 -0500, Miles Nordin wrote:
> >>>>> "mh" == Michael Hanulec <hanulec at hanulec.com> writes:
> 
>     mh> constructive 
> 
> yeah, the big step for users' groups seems to be to get enough
> audience and presenter interest to have regular meetings about serious
> topics at all.  Everything else is easy by comparison.
> 
>     mh> Ask Questions!
> 
> It's a little late, but I have some questions about PF!
> 
> (1) Did anything ever come of those rumors of integrating the IPsec
>     SPD into PF?  Was it finished or deemed unfeasible?

doh, the IPsec SPD into pf? i missed that rumor. why would you want the
SPD *in* pf? now, what is possible is tagging ipsec flows in ipsec.conf:

ike esp from any to 172.16.30.0/27 peer 64.90.xxx.xx tag voip

then in pf.conf:

pass out on egress tagged voip queue btlviop

> (2) For those who have used ALTQ, why does PF's queue( a, b ) form
>     filter on the TOS bits?  This simply doesn't work except on a
>     LAN---the bits are now DSCP rather than TOS, which means they're
>     altered on their way through the Internet.  As soon as I set this
>     up and tried to measure its effect, the problem was immediately
>     obvious, and tcpdump quickly shows the cause.  It's actually
>     harmful to force-provide this broken scheme along with the useful
>     ACK-prioritization scheme, because who knows how those bits will
>     arrive off the Internet.

i don't know.

> (2.5) I think the form for matching TOS is broken, too---it implies
>       some kind of bitwise AND without documenting it.  This breaks
>       matching DSCP.  And there is no facility to set DSCP.

ditto.

> (3) PF 'keep state' rules are supposed to ``pass ICMP associated with
>     the TCP flow'', but they actually do *NOT* pass
>     ICMP-unreachable-fragmentation-needed from intermediate routers
>     between the two end systems.  You have to pass these by hand with
>     a stateless rule.  so there are actually a bunch, probably the
>     overwhelming majority, of PF routers out there misconfigured with
>     'keep state' only and thus causing the ``PPPoE problem'',
>     including my own router until recently, even though I understand
>     the problem.  Shouldn't this configuration issue, which affects
>     basically everyone who uses PF, be documented accurately instead
>     of suggesting ``keep state is all you need'' like they do now?
>     Alternatively, 'keep state' should look inside all ICMP and match
>     it against the TCP flows by the ICMP payload instead of the
>     header.  In any case, the issue which affects basically everyone
>     ought to be in the examples.

if you are talking about mtu path discovery...it is not a pf issue if
admins don't know how to deal with this, and especially those you just
like to block icmp period.

if documentation is the issue, (i'll say it) submit a patch for the
manpages, being as clear and consise as you believe it should be.  have
you read and understood pf.conf(5) completely? (it is in there)

> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month



From okan at demirmen.com  Thu Jan 11 10:25:31 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 11 Jan 2007 10:25:31 -0500
Subject: [nycbug-talk] Meeting content, format and future meetings
In-Reply-To: <Pine.LNX.4.61.0701040740060.4497@mika.hanulec.com>
References: <Pine.LNX.4.61.0701040740060.4497@mika.hanulec.com>
Message-ID: <20070111152531.GJ5788@clam.khaoz.org>

On Thu 2007.01.04 at 08:18 -0500, Michael Hanulec wrote:
> My comments above are only meant to be constructive as I want to see the 
> group grow and attract new, active members.  Thanks again to everyone at 
> NYCBUG for their hard work.

thanks mike - hopefully george answered the questions and concerns, and
(i'll) we'll take the suggestions onward ;)

okan

p.s. yes, i'll get the slides posted.


From rambiusparkisanius at gmail.com  Thu Jan 11 11:54:27 2007
From: rambiusparkisanius at gmail.com (Ivan "Rambius" Ivanov)
Date: Thu, 11 Jan 2007 11:54:27 -0500
Subject: [nycbug-talk] upcoming meeting
In-Reply-To: <20070111144442.GG5788@clam.khaoz.org>
References: <45A07436.3050506@ceetonetechnology.com>
	<20070111144442.GG5788@clam.khaoz.org>
Message-ID: <89ce7f740701110854r3b8ad7bco9ce9295e36b614d9@mail.gmail.com>

Hello,

On 1/11/07, Okan Demirmen <okan at demirmen.com> wrote:
> On Sat 2007.01.06 at 23:16 -0500, George R. wrote:
> > As someone noted earlier, it would be useful to entertain pre-meeting
> > questions and comments.  So here goes. . .
>
> as much as finding out about how svn works, i think coverage on why, and
> importantly *where", one would want/use a versioning system, and
> possible implementations would be nice to hear.  software projects are
> one thing, but exploring the possibilities of versioning say, system
> configurations and database schemas, and all that jazz.  how about
> versioning in change management systems?
I plan to include an example about storing the system configuration
files of a server in svn. The configuration files can be those of
Apache, OpenVPN, samba, etc.

> the list could go on, but the point is to also discuss the applications
> of "versioning systems", be it svn of cvs.
I myself am interested in configuring the svn server, because it has
more options and more way to access than cvs. However, we can skip
some of the configuration details and discuss the applications of svn
or of a version control system in general.

>
> just an idea ;)
Well, thanks for the idea :)

Regards
Ivan

-- 
Tangra Mega Rock: http://www.radiotangra.com


From mspitzer at gmail.com  Thu Jan 11 11:55:30 2007
From: mspitzer at gmail.com (Marc Spitzer)
Date: Thu, 11 Jan 2007 11:55:30 -0500
Subject: [nycbug-talk] vi interview with Joy
In-Reply-To: <20070111143840.GE5788@clam.khaoz.org>
References: <45A073B6.4000606@ceetonetechnology.com>
	<20070107092612.18bcc112@dt.genoverly.com>
	<20070111143840.GE5788@clam.khaoz.org>
Message-ID: <8c50a3c30701110855i24cadbe5y9bf1a11ab206a301@mail.gmail.com>

On 1/11/07, Okan Demirmen <okan at demirmen.com> wrote:
> On Sun 2007.01.07 at 09:26 -0500, michael wrote:
> > On Sat, 06 Jan 2007 23:14:46 -0500
> > "George R." <george at ceetonetechnology.com> wrote:
>
> > I know vi is one of the defacto editors in unix. But is continuity
> > really the only reason to hang onto one of the zaniest text editors
> > ever conceived?  Why else would the unix world not come up with a
> > simple, elegant, and effective text editor... that is unixy?
>
> what? are you trying to start a flame war? get over it.

Come on we all know george does windows, allowances need to be made
after all.  Now If you want to see another odd editor xedit from ibm.
Here is a clone http://www.uic.edu/depts/accc/software/the/

marc

-- 
Freedom is nothing but a chance to be better.
Albert Camus


From pete at nomadlogic.org  Thu Jan 11 12:57:19 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Thu, 11 Jan 2007 09:57:19 -0800 (PST)
Subject: [nycbug-talk] upcoming meeting
In-Reply-To: <89ce7f740701110854r3b8ad7bco9ce9295e36b614d9@mail.gmail.com>
References: <45A07436.3050506@ceetonetechnology.com>
	<20070111144442.GG5788@clam.khaoz.org>
	<89ce7f740701110854r3b8ad7bco9ce9295e36b614d9@mail.gmail.com>
Message-ID: <62453.160.33.20.11.1168538239.squirrel@webmail.nomadlogic.org>


> Hello,
>
> On 1/11/07, Okan Demirmen <okan at demirmen.com> wrote:
>> On Sat 2007.01.06 at 23:16 -0500, George R. wrote:
>> > As someone noted earlier, it would be useful to entertain pre-meeting
>> > questions and comments.  So here goes. . .
>>
>> as much as finding out about how svn works, i think coverage on why, and
>> importantly *where", one would want/use a versioning system, and
>> possible implementations would be nice to hear.  software projects are
>> one thing, but exploring the possibilities of versioning say, system
>> configurations and database schemas, and all that jazz.  how about
>> versioning in change management systems?
> I plan to include an example about storing the system configuration
> files of a server in svn. The configuration files can be those of
> Apache, OpenVPN, samba, etc.
>

As a side note, I've found that using RCS/make is very usefull for storing
info on local "one-off" systems/config files.  If I was able to attend
this meeting I'd be interested to hear about people's experience using
cvs/svn with cfengine or puppet.

anyway it sounds like it should be a great talk!

-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From george at ceetonetechnology.com  Thu Jan 11 14:02:07 2007
From: george at ceetonetechnology.com (George R.)
Date: Thu, 11 Jan 2007 14:02:07 -0500
Subject: [nycbug-talk] vi interview with Joy
In-Reply-To: <8c50a3c30701110855i24cadbe5y9bf1a11ab206a301@mail.gmail.com>
References: <45A073B6.4000606@ceetonetechnology.com>	<20070107092612.18bcc112@dt.genoverly.com>	<20070111143840.GE5788@clam.khaoz.org>
	<8c50a3c30701110855i24cadbe5y9bf1a11ab206a301@mail.gmail.com>
Message-ID: <45A689AF.7050803@ceetonetechnology.com>

Marc Spitzer wrote:
> On 1/11/07, Okan Demirmen <okan at demirmen.com> wrote:
>> On Sun 2007.01.07 at 09:26 -0500, michael wrote:
>>> On Sat, 06 Jan 2007 23:14:46 -0500 "George R."
>>> <george at ceetonetechnology.com> wrote: I know vi is one of the
>>> defacto editors in unix. But is continuity really the only reason
>>> to hang onto one of the zaniest text editors ever conceived?  Why
>>> else would the unix world not come up with a simple, elegant, and
>>> effective text editor... that is unixy?
>> what? are you trying to start a flame war? get over it.
> 
> Come on we all know george does windows, allowances need to be made 
> after all.  Now If you want to see another odd editor xedit from ibm.
>  Here is a clone http://www.uic.edu/depts/accc/software/the/

Nice. . . if you could follow the thread in your outlook express
you'd catch that I *didn't* say that. . .

Back to the topic. . .

Like many, I have used vi for a long long time, and I don't need a
replacement.

It was certainly frustrating to use in the beginning, but so is a
keyboard and mouse.

g


From carton at Ivy.NET  Thu Jan 11 15:57:50 2007
From: carton at Ivy.NET (Miles Nordin)
Date: Thu, 11 Jan 2007 15:57:50 -0500
Subject: [nycbug-talk] PF
In-Reply-To: <20070111152141.GI5788@clam.khaoz.org> (Okan Demirmen's message
	of "Thu, 11 Jan 2007 10:21:41 -0500")
References: <Pine.LNX.4.61.0701040740060.4497@mika.hanulec.com>
	<oqejqaka64.fsf@castrovalva.Ivy.NET>
	<20070111152141.GI5788@clam.khaoz.org>
Message-ID: <oqwt3tcmcx.fsf_-_@castrovalva.Ivy.NET>

>>>>> "od" == Okan Demirmen <okan at demirmen.com> writes:

    od> if you are talking about mtu path discovery...it is not a pf
    od> issue if admins don't know how to deal with this, and
    od> especially those you just like to block icmp period.

what I am saying is that I think PF creates this problem when used on
a server.

But challenged to look more closely, I think the problem is more
confusing than simple outright brokenness.  I'm not sure now if it's
PF or something else.

    od> have you read and understood pf.conf(5) completely? (it is in
    od> there)

I searched for 'MTU' in the man page and couldn't find anything about
PMTU&ICMP or the common misconfiguration and the tcp mss workaround.
The 'scrub max-mss' does not even say in the man page what is it's
purpose.  But my complaint was that you need to explicitly pass ICMP
for things to work, while the manual says the opposite:

     ICMP messages fall into two categories: ICMP error messages, which always
     refer to a TCP or UDP packet, are matched against the referred to connec-
     tion.  If one keeps state on a TCP connection, and an ICMP source quench
     message referring to this TCP connection arrives, it will be matched to
     the right state and get passed.

It looks like I was wrong either completely or at least partly.
Looking more carefully, I find that some of these ICMP need-to-frag
messages get passed just as the documentation promises:

20:45:21.071388 IP (tos 0x0, ttl 254, id 48036, offset 0, flags [none], proto: ICMP (1), length: 56) 69.31.131.57 > 10.100.100.140: ICMP 121.140.62.51 unreachable - need to frag (mtu 1476), length 36
        IP (tos 0x0, ttl  62, id 54841, offset 0, flags [DF], proto: TCP (6), length: 1500) 10.100.100.140.41461 > 121.140.62.51.6881:  tcp 1480 [bad hdr length 0 - too short, < 20]
20:45:22.639579 IP (tos 0x0, ttl 254, id 48039, offset 0, flags [none], proto: ICMP (1), length: 56) 69.31.131.57 > 10.100.100.140: ICMP 82.28.7.59 unreachable - need to frag (mtu 1476), length 36
        IP (tos 0x0, ttl  62, id 43920, offset 0, flags [DF], proto: TCP (6), length: 1492) 10.100.100.140.52611 > 82.28.7.59.52766:  tcp 1472 [bad hdr length 0 - too short, < 20]
20:45:23.321231 IP (tos 0x0, ttl 254, id 48040, offset 0, flags [none], proto: ICMP (1), length: 56) 69.31.131.57 > 10.100.100.140: ICMP 82.224.153.188 unreachable - need to frag (mtu 1476), length 36
        IP (tos 0x0, ttl  58, id 33526, offset 0, flags [DF], proto: TCP (6), length: 1500) 10.100.100.140.56881 > 82.224.153.188.5334:  tcp 1480 [bad hdr length 0 - too short, < 20]

while others end up blocked on pflog0:

20:45:21.804815 IP (tos 0x0, ttl 255, id 48037, offset 0, flags [none], proto: ICMP (1), length: 56) 69.31.131.57 > 10.100.100.140: ICMP 198.31.229.238 unreachable - need to frag (mtu 1476), length 36
        IP (tos 0x0, ttl  62, id 23542, offset 0, flags [DF], proto: TCP (6), length: 1500) 10.100.100.140.36040 > 198.31.229.238.10001:  tcp 1480 [bad hdr length 0 - too short, < 20]
20:45:25.190748 IP (tos 0x0, ttl 255, id 48043, offset 0, flags [none], proto: ICMP (1), length: 56) 69.31.131.57 > 10.100.100.140: ICMP 189.146.99.232 unreachable - need to frag (mtu 1476), length 36
        IP (tos 0x0, ttl  62, id 8156, offset 0, flags [DF], proto: TCP (6), length: 1492) 10.100.100.140.58081 > 189.146.99.232.39437:  tcp 1472 [bad hdr length 0 - too short, < 20]
20:45:26.003286 IP (tos 0x0, ttl 255, id 48046, offset 0, flags [none], proto: ICMP (1), length: 56) 69.31.131.57 > 10.100.100.140: ICMP 82.24.138.186 unreachable - need to frag (mtu 1476), length 36
        IP (tos 0x0, ttl  58, id 6289, offset 0, flags [DF], proto: TCP (6), length: 1500) 10.100.100.140.56881 > 82.24.138.186.1113:  tcp 1480 [bad hdr length 0 - too short, < 20]

not sure what is the difference.  This is not some kind of malformed
packet attack---it's clearly just bittorrent.  It's possible the
blocked ones simply don't have any 'keep state' state associated with
them, but I don't know why that would be, or how to check if it's
true.

I see the blocked ones have ttl 255, and the passed have ttl 254, but
(1) so what? and (2) both are generated by the same IOS 12.3(15)fc3
router at my site, so it's not like half the packets are generated by
some broken OS.  I don't know why the TTL difference nor why one would
be more valid than the other according to PF.

I'm passing ICMP need-frag manually (not just implicitly by tcp 'keep
state') until I can explain this, to avoid becoming part of the PPPoE
misconfigured-firewall-problem.

That IPsec-tagging is neat---didn't know about it.  IMHO one of the
best reasons to run OpenBSD is so that all the seldom-used PF bells
and whistles actually work instead of causing kernel panics.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070111/b1fb4538/attachment.bin>

From ike at lesmuug.org  Thu Jan 11 17:02:35 2007
From: ike at lesmuug.org (Isaac Levy)
Date: Thu, 11 Jan 2007 17:02:35 -0500
Subject: [nycbug-talk] OpenBSD Crypto Disk Question
Message-ID: <58A113C1-50AF-48DE-BC97-4C8CF4E171BF@lesmuug.org>

Hi All,

I'm wondering this:

Is there any reliable way to make an encrypted volume on OpenBSD on  
the fly?  (like on FreeBSD, using disk images (file-backed memory  
disks).

I've got a stock 4.0 install on a box, and now want to stuff some  
data on an encrypted volume.

Thanks!

Best,
.ike





From jlam at pkgsrc.org  Thu Jan 11 17:26:20 2007
From: jlam at pkgsrc.org (Johnny C. Lam)
Date: Thu, 11 Jan 2007 17:26:20 -0500
Subject: [nycbug-talk] OpenBSD Crypto Disk Question
In-Reply-To: <58A113C1-50AF-48DE-BC97-4C8CF4E171BF@lesmuug.org>
References: <58A113C1-50AF-48DE-BC97-4C8CF4E171BF@lesmuug.org>
Message-ID: <45A6B98C.3070902@pkgsrc.org>

Isaac Levy wrote:
> 
> I'm wondering this:
> 
> Is there any reliable way to make an encrypted volume on OpenBSD on  
> the fly?  (like on FreeBSD, using disk images (file-backed memory  
> disks).
> 
> I've got a stock 4.0 install on a box, and now want to stuff some  
> data on an encrypted volume.

On OpenBSD, I think this is svnd(4), which is prepared with vnconfig(8). 
  AFAIR, it does only Blowfish encryption.

	Cheers,
	
	-- Johnny Lam <jlam at pkgsrc.org>


From nycbug at cyth.net  Thu Jan 11 17:25:47 2007
From: nycbug at cyth.net (Ray Lai)
Date: Thu, 11 Jan 2007 17:24:47 -0501
Subject: [nycbug-talk] OpenBSD Crypto Disk Question
In-Reply-To: <58A113C1-50AF-48DE-BC97-4C8CF4E171BF@lesmuug.org>
References: <58A113C1-50AF-48DE-BC97-4C8CF4E171BF@lesmuug.org>
Message-ID: <20070111222510.GT464@cybertron.cyth.net>

On Thu, Jan 11, 2007 at 05:02:35PM -0500, Isaac Levy wrote:
> Hi All,
> 
> I'm wondering this:
> 
> Is there any reliable way to make an encrypted volume on OpenBSD on  
> the fly?  (like on FreeBSD, using disk images (file-backed memory  
> disks).
> 
> I've got a stock 4.0 install on a box, and now want to stuff some  
> data on an encrypted volume.

Check out vnconfig(8).

-Ray-


From okan at demirmen.com  Thu Jan 11 17:27:35 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Thu, 11 Jan 2007 17:27:35 -0500
Subject: [nycbug-talk] OpenBSD Crypto Disk Question
In-Reply-To: <45A6B98C.3070902@pkgsrc.org>
References: <58A113C1-50AF-48DE-BC97-4C8CF4E171BF@lesmuug.org>
	<45A6B98C.3070902@pkgsrc.org>
Message-ID: <20070111222735.GR31979@clam.khaoz.org>

On Thu 2007.01.11 at 17:26 -0500, Johnny C. Lam wrote:
> Isaac Levy wrote:
> > 
> > I'm wondering this:
> > 
> > Is there any reliable way to make an encrypted volume on OpenBSD on  
> > the fly?  (like on FreeBSD, using disk images (file-backed memory  
> > disks).
> > 
> > I've got a stock 4.0 install on a box, and now want to stuff some  
> > data on an encrypted volume.
> 
> On OpenBSD, I think this is svnd(4), which is prepared with vnconfig(8). 
>   AFAIR, it does only Blowfish encryption.

yup - and it is reliable (which seemed to be your listed requirement).


From nycbug at cyth.net  Thu Jan 11 17:37:19 2007
From: nycbug at cyth.net (Ray Lai)
Date: Thu, 11 Jan 2007 17:37:19 -0500
Subject: [nycbug-talk] OpenBSD Crypto Disk Question
In-Reply-To: <45A6B98C.3070902@pkgsrc.org>
References: <58A113C1-50AF-48DE-BC97-4C8CF4E171BF@lesmuug.org>
	<45A6B98C.3070902@pkgsrc.org>
Message-ID: <20070111223742.GU464@cybertron.cyth.net>

On Thu, Jan 11, 2007 at 05:26:20PM -0500, Johnny C. Lam wrote:
> Isaac Levy wrote:
> > 
> > I'm wondering this:
> > 
> > Is there any reliable way to make an encrypted volume on OpenBSD on  
> > the fly?  (like on FreeBSD, using disk images (file-backed memory  
> > disks).
> > 
> > I've got a stock 4.0 install on a box, and now want to stuff some  
> > data on an encrypted volume.
> 
> On OpenBSD, I think this is svnd(4), which is prepared with vnconfig(8). 
>   AFAIR, it does only Blowfish encryption.

While having more choices would be nice, please don't read that as
"blowfish is insecure."

-Ray-


From jlam at pkgsrc.org  Thu Jan 11 18:03:47 2007
From: jlam at pkgsrc.org (Johnny C. Lam)
Date: Thu, 11 Jan 2007 18:03:47 -0500
Subject: [nycbug-talk] OpenBSD Crypto Disk Question
In-Reply-To: <20070111223742.GU464@cybertron.cyth.net>
References: <58A113C1-50AF-48DE-BC97-4C8CF4E171BF@lesmuug.org>	<45A6B98C.3070902@pkgsrc.org>
	<20070111223742.GU464@cybertron.cyth.net>
Message-ID: <45A6C253.8040000@pkgsrc.org>

Ray Lai wrote:
> On Thu, Jan 11, 2007 at 05:26:20PM -0500, Johnny C. Lam wrote:
>> Isaac Levy wrote:
>>> I'm wondering this:
>>>
>>> Is there any reliable way to make an encrypted volume on OpenBSD on  
>>> the fly?  (like on FreeBSD, using disk images (file-backed memory  
>>> disks).
>>>
>>> I've got a stock 4.0 install on a box, and now want to stuff some  
>>> data on an encrypted volume.
>> On OpenBSD, I think this is svnd(4), which is prepared with vnconfig(8). 
>>   AFAIR, it does only Blowfish encryption.
> 
> While having more choices would be nice, please don't read that as
> "blowfish is insecure."

I agree with Ray -- all that I'm stating is that there is only one 
supported encryption method: Blowfish, not that Blowfish is insecure. 
With NetBSD's cgd(4) I use Blowfish for encrypted disks on slower 
machines because it's faster than using AES-128 or AES-256 (up to twice 
the throughput), though on the mega-fast machines available nowadays, I 
don't care so much.

	Cheers,

	-- Johnny Lam <jlam at pkgsrc.org>


From ike at lesmuug.org  Fri Jan 12 02:13:50 2007
From: ike at lesmuug.org (Isaac Levy)
Date: Fri, 12 Jan 2007 02:13:50 -0500
Subject: [nycbug-talk] OpenBSD Crypto Disk Question
In-Reply-To: <20070111222735.GR31979@clam.khaoz.org>
References: <58A113C1-50AF-48DE-BC97-4C8CF4E171BF@lesmuug.org>
	<45A6B98C.3070902@pkgsrc.org>
	<20070111222735.GR31979@clam.khaoz.org>
Message-ID: <356B117E-33C6-4D9D-99D5-43A7E4EB5530@lesmuug.org>

Hi All,

On Jan 11, 2007, at 5:27 PM, Okan Demirmen wrote:

>>> I'm wondering this:
>>>
>>> Is there any reliable way to make an encrypted volume on OpenBSD on
>>> the fly?  (like on FreeBSD, using disk images (file-backed memory
>>> disks).
>>>
>>> I've got a stock 4.0 install on a box, and now want to stuff some
>>> data on an encrypted volume.
>>
>> On OpenBSD, I think this is svnd(4), which is prepared with  
>> vnconfig(8).
>>   AFAIR, it does only Blowfish encryption.
>
> yup - and it is reliable (which seemed to be your listed requirement).

Thanks everyone for the replies!  svnd(4) and vnconfig(8) seem to be  
the combo I was looking for, and oh, I guess I can bear to deal with  
blowfish (/sigh).

(For clarity, just kidding there- blowfish is delightfully  
appropriate for my uses).

Best,
.ike




From af.dingo at gmail.com  Fri Jan 12 09:23:39 2007
From: af.dingo at gmail.com (Jeff Quast)
Date: Fri, 12 Jan 2007 09:23:39 -0500
Subject: [nycbug-talk] vi interview with Joy
In-Reply-To: <20070107092612.18bcc112@dt.genoverly.com>
References: <45A073B6.4000606@ceetonetechnology.com>
	<20070107092612.18bcc112@dt.genoverly.com>
Message-ID: <c1feb8190701120623k75b56d45h9a1dd749a1e8b11f@mail.gmail.com>

On 1/7/07, michael <lists at genoverly.net> wrote:
> On Sat, 06 Jan 2007 23:14:46 -0500
> "George R." <george at ceetonetechnology.com> wrote:
>
> > Found this off the DFly Digest. . . is on the British Register. . .
> > from 1999:
> >
> > http://tinyurl.com/d5vt9
> >
>
>        "People don't know that vi was written for a world that doesn't
>                exist anymore -"
>

I don't think this is entirely true. For instance I I use both a
cellular modem card which has very high latency, and a blackberry
device.  This has caused me to begin using vi command mode on
ksh/pdksh and csh/tcsh.

On a blackberry, there are no arrow keys, and the control key is a
menu item! It may be easy to spread out your hands to perform
ctrl/meta combos on a full keyboard, but try it on a zaurus.

With carpal tunnel settling in, I can no longer stand all the awkward
hand movements emacs-like editors demand from me for the amount of
work I do on a daily basis -- even on an IBM Model M keyboard, not
just phone devices. I can only work so long until pain settles in.
Emacs modes make that settle in twice as fast, as almost all of my
time is spent on the command line or in an editor.

90% of programming is moving, chopping, trimming, searching, pasting,
saving, compiling, jumping to the line of error.... this is all just
simple alpha-numerics in vi command mode. my hands barely move. In
emacs, this becomes a terrible array of ctrl/meta key combos that
frustrates me to no end.

"command mode" and "insert mode" is genius, imo. I imagine even a
writer of novels would spend more time in command mode than insert
mode.

Flame away! :)

jdq


From jonathan at kc8onw.net  Fri Jan 12 11:53:15 2007
From: jonathan at kc8onw.net (Jonathan Stewart)
Date: Fri, 12 Jan 2007 11:53:15 -0500
Subject: [nycbug-talk] Traffic shaping a cable internet connection
Message-ID: <45A7BCFB.9080703@kc8onw.net>

Hello all,

I am working on setting up bandwidth limiting for my cable modem 
connection to help keep latency down but I don't know my actual upload 
limit. iftop has peaked as high as 1mb/s but the average seems to be 
closer to 500-700kb/s. I'm not sure if I would be better off setting the 
limit a little low like 600 and sacrificing a little bandwidth to 
hopefully reduce latency or if I should just set it to 1mb/s or so and 
hope it works out right that way? Anyone know anywhere better to ask?

Thank you,
Jonathan


From pete at nomadlogic.org  Fri Jan 12 12:06:57 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Fri, 12 Jan 2007 09:06:57 -0800 (PST)
Subject: [nycbug-talk] iSCSI *BSD survey
Message-ID: <29178.160.33.20.11.1168621617.squirrel@webmail.nomadlogic.org>

hi all,

just pinging folks to get a feel for iSCSI support in *BSD.  specifically
hardware iSCSI initiator experience, although software iSCSI initiator
experience would be helpfull as well.  i've done a fair amount of work
with both implementations on linux and have been pretty impressed.

what i think has the most promise is combining iSCSI with something like a
NetApp and it's flexibility with cloning and moving LUN's, it seems like
it would be a nice (sys)jail package that should scale very nicely. 
another application would obviously be to build diskless clusters (which
is something i'm working on now).

thx!
-pete

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From lists at genoverly.net  Fri Jan 12 12:29:24 2007
From: lists at genoverly.net (michael)
Date: Fri, 12 Jan 2007 12:29:24 -0500
Subject: [nycbug-talk] iSCSI *BSD survey
In-Reply-To: <29178.160.33.20.11.1168621617.squirrel@webmail.nomadlogic.org>
References: <29178.160.33.20.11.1168621617.squirrel@webmail.nomadlogic.org>
Message-ID: <20070112122924.7f677715@dt.genoverly.com>

On Fri, 12 Jan 2007 09:06:57 -0800 (PST)
"Peter Wright" <pete at nomadlogic.org> wrote:

> another application would obviously be to build diskless
> clusters (which is something i'm working on now).
> 

I smell a really good talk topic for a meeting.  Pete, next time you
are on this coast, bring slides!

-- 

michael


(this address does not accept public email)



From pete at nomadlogic.org  Fri Jan 12 12:46:13 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Fri, 12 Jan 2007 09:46:13 -0800 (PST)
Subject: [nycbug-talk] iSCSI *BSD survey
In-Reply-To: <20070112122924.7f677715@dt.genoverly.com>
References: <29178.160.33.20.11.1168621617.squirrel@webmail.nomadlogic.org>
	<20070112122924.7f677715@dt.genoverly.com>
Message-ID: <27554.160.33.20.11.1168623973.squirrel@webmail.nomadlogic.org>


> On Fri, 12 Jan 2007 09:06:57 -0800 (PST)
> "Peter Wright" <pete at nomadlogic.org> wrote:
>
>> another application would obviously be to build diskless
>> clusters (which is something i'm working on now).
>>
>
> I smell a really good talk topic for a meeting.  Pete, next time you
> are on this coast, bring slides!
>

yea...i may be able to cook something up...although the major issue is
getting you all out here to see the talk ;^)

-p

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From lists at genoverly.net  Fri Jan 12 15:43:20 2007
From: lists at genoverly.net (michael)
Date: Fri, 12 Jan 2007 15:43:20 -0500
Subject: [nycbug-talk] Secure Passwords Keep You Safer
Message-ID: <20070112154320.53fd7fc9@dt.genoverly.com>

Newsflash!

	By Bruce Schneier
	02:00 AM Jan, 11, 2007

	"The attack I'm evaluating against is an offline password-
	guessing attack."

	"Offline password guessers have gotten both fast and smart.
	AccessData sells Password Recovery Toolkit, or PRTK. Depending
	on the software it's attacking, PRTK can test up to hundreds of
	thousands of passwords per second, and it tests more common
	passwords sooner than obscure ones."

	"What's happening is that the Windows operating system's memory
	management leaves data all over the place in the normal course
	of operations. You'll type your password into a program, and it
	gets stored in memory somewhere. Windows swaps the page out to
	disk, and it becomes the tail end of some file. It gets moved
	to some far out portion of your hard drive, and there it'll sit
	forever. Linux and Mac OS aren't any better in this regard."

http://www.wired.com/news/columns/0,72458-0.html

-- 

michael


(this address does not accept public email)



From nycbug at chrisbuechler.com  Fri Jan 12 15:59:48 2007
From: nycbug at chrisbuechler.com (Chris Buechler)
Date: Fri, 12 Jan 2007 15:59:48 -0500
Subject: [nycbug-talk] Traffic shaping a cable internet connection
In-Reply-To: <45A7BCFB.9080703@kc8onw.net>
References: <45A7BCFB.9080703@kc8onw.net>
Message-ID: <45A7F6C4.6010106@chrisbuechler.com>

Jonathan Stewart wrote:
> I am working on setting up bandwidth limiting for my cable modem 
> connection to help keep latency down but I don't know my actual upload 
> limit. iftop has peaked as high as 1mb/s but the average seems to be 
> closer to 500-700kb/s. I'm not sure if I would be better off setting the 
> limit a little low like 600 and sacrificing a little bandwidth to 
> hopefully reduce latency or if I should just set it to 1mb/s or so and 
> hope it works out right that way? Anyone know anywhere better to ask?
>   

It's essentially impossible to shape a connection with varying bandwidth 
(it's theoretically possible, but very difficult to implement and I 
don't know of any such implementations). If you set it to 1 Mb, but 
you're capped at 700 Kb, it won't help at all. Your modem will start 
queuing and your latency will go through the roof.  If you set it to 700 
Kb and you actually have 1 Mb, you'll be limited to the slower speed, 
but it should work as intended. 

Your cable modem should have a static upload cap (unless you have a 
really, really strange ISP). If you don't know what it is, I'd suggest 
asking your ISP. If your modem's cap is 1 Mb up, you may "max out" at 
500-700 Kbps speeds at times (maybe a limit between you and whatever 
remote site, maybe your ISP employs some sort of traffic shaping on 
their network) but your modem shouldn't be queuing at that point so your 
latency should still be low. If at times you're using 500-700 Kb up and 
your cap is supposed to be 1 Mb, but your latency is through the roof at 
those lower speeds, you have an issue you should address with your ISP 
(assuming nothing on your network is causing the slow downs).

cheers,
-Chris



From carton at Ivy.NET  Fri Jan 12 17:45:20 2007
From: carton at Ivy.NET (Miles Nordin)
Date: Fri, 12 Jan 2007 17:45:20 -0500
Subject: [nycbug-talk] Traffic shaping a cable internet connection
In-Reply-To: <45A7BCFB.9080703@kc8onw.net> (Jonathan Stewart's message of "Fri,
	12 Jan 2007 11:53:15 -0500")
References: <45A7BCFB.9080703@kc8onw.net>
Message-ID: <oqirfbampr.fsf@castrovalva.Ivy.NET>

>>>>> "js" == Jonathan Stewart <jonathan at kc8onw.net> writes:

    js> if I would be better off setting the limit a little low like
    js> 600 and sacrificing a little bandwidth to hopefully reduce
    js> latency

yeah, ``what Chris said.''  Doing proper QoS on a broadcast network
has to be done inside the cable modem using QoS algorithms built into
the MAC (which, I assume, is exactly what they do for their
telephone-over-cable services).  These algorithms are different from
and more primitive than what's in ALTQ.

If the carrier is selling you say, like Towerstream, ``1.5Mbit/s
guaranteed, burstable to 5Mbit/s'', then the burstable bandwidth is
absolutely worthless to you if you want to do ALTQ-style QoS.  If you
want to use ALTQ, you can only use the 1.5Mbit/s.

Residential cable modems are probably something like ``0Mbit/s
guaranteed, burstable to 1Mbit/s''.

I get so sick of people telling me the great bandwidth deals they get
on their cable OMG I am getting so many megabits of Intarweb and
paying so little.  It's worthless to me because I cannot do bittorrent
and ssh at the same time, while right now, I can.  I can't do
business-quality voip over cable, while right now, I can.  I've no
objection in principle to ``sharing'' with my neighbors, but it's a
fundamentally different kind of service that you get from cable.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070112/7c4b14eb/attachment.bin>

From anthony.elizondo at gmail.com  Sat Jan 13 22:04:45 2007
From: anthony.elizondo at gmail.com (Anthony Elizondo)
Date: Sat, 13 Jan 2007 22:04:45 -0500
Subject: [nycbug-talk] FreeBSD-6.2-RELEASE coming soon
In-Reply-To: <20061109170749.GA23043@sunset.nomadlogic.org>
References: <20061109170749.GA23043@sunset.nomadlogic.org>
Message-ID: <a49e62c80701131904g3586f8aenc3f839e9814264bc@mail.gmail.com>

On 11/9/06, Pete Wright <pete at nomadlogic.org> wrote:
> hi all,
> just a reminder that with freebsd's 6.2-RELEASE coming soon that we have
> a local mirror of the cvs tree and ftp site for nycbug members:
>
> freebsd.nycbug.org
>
> i've been trying to keep this site as up to date as possible, so please
> feel free to use it.  there has been alot of work going on with NIC
> drivers in this relase (i know the em driver has gotten alot of work
> recently) so if you have some cycles let's help the FreeBSD folks out
> and test these beta's and RC's.

Don't know if you update manually or script it, but i see 6.2-RELEASE
on the master site and some select mirrors.

> -pete
>
> --
> ~~oO00Oo~~
> Peter Wright
> pete at nomadlogic.org
> www.nomadlogic.org/~pete
> 310.869.9459

Anthony


From spork at bway.net  Sun Jan 14 00:59:01 2007
From: spork at bway.net (Charles Sprickman)
Date: Sun, 14 Jan 2007 00:59:01 -0500 (EST)
Subject: [nycbug-talk] FreeBSD-6.2-RELEASE coming soon
In-Reply-To: <a49e62c80701131904g3586f8aenc3f839e9814264bc@mail.gmail.com>
References: <20061109170749.GA23043@sunset.nomadlogic.org>
	<a49e62c80701131904g3586f8aenc3f839e9814264bc@mail.gmail.com>
Message-ID: <Pine.OSX.4.64.0701140055370.13775@white.nat.fasttrackmonkey.com>

On Sat, 13 Jan 2007, Anthony Elizondo wrote:

> On 11/9/06, Pete Wright <pete at nomadlogic.org> wrote:
>> hi all,
>> just a reminder that with freebsd's 6.2-RELEASE coming soon that we have
>> a local mirror of the cvs tree and ftp site for nycbug members:
>>
>> freebsd.nycbug.org
>>
>> i've been trying to keep this site as up to date as possible, so please
>> feel free to use it.  there has been alot of work going on with NIC
>> drivers in this relase (i know the em driver has gotten alot of work
>> recently) so if you have some cycles let's help the FreeBSD folks out
>> and test these beta's and RC's.
>
> Don't know if you update manually or script it, but i see 6.2-RELEASE
> on the master site and some select mirrors.

Yessir, I think I saw it yesterday, and did a few boxes today:

[root at www /usr/src]# uname -a
FreeBSD www.xxx.com 6.2-RELEASE FreeBSD 6.2-RELEASE #1: Sat Jan 13 
21:42:43 EST 2007     spork at www.xxx.com:/usr/obj/usr/src/sys/WWW  i386

Charles

>> -pete
>>
>> --
>> ~~oO00Oo~~
>> Peter Wright
>> pete at nomadlogic.org
>> www.nomadlogic.org/~pete
>> 310.869.9459
>
> Anthony
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


From swygue at gmail.com  Mon Jan 15 12:35:55 2007
From: swygue at gmail.com (swygue)
Date: Mon, 15 Jan 2007 12:35:55 -0500
Subject: [nycbug-talk] Deliver mail to multiple mailhost
Message-ID: <cdb2c1f30701150935i3220f264lb43461564ba655c1@mail.gmail.com>

I have a sendmail server that relays all incoming mail for my domain.
I am using the virtusertable to deliver user at domain to
user at mailhost.domain. How can have the mail delivered to multiple host
? So user at domain to user at mailhost1.domain and user at mailhost2.domain.

It does not have to be sendmail specefic, it could be Qmail or Postfix.

Thanks

-- 
swygue neron --->>


From elric at imrryr.org  Mon Jan 15 12:41:36 2007
From: elric at imrryr.org (Roland Dowdeswell)
Date: Mon, 15 Jan 2007 12:41:36 -0500
Subject: [nycbug-talk] OpenBSD Crypto Disk Question
In-Reply-To: Your message of "Thu, 11 Jan 2007 17:37:19 EST."
	<20070111223742.GU464@cybertron.cyth.net> 
Message-ID: <20070115174136.BDD1637106@arioch.imrryr.org>

On 1168555039 seconds since the Beginning of the UNIX epoch
Ray Lai wrote:
>
>On Thu, Jan 11, 2007 at 05:26:20PM -0500, Johnny C. Lam wrote:
>> Isaac Levy wrote:
>> > 
>> > I'm wondering this:
>> > 
>> > Is there any reliable way to make an encrypted volume on OpenBSD on  
>> > the fly?  (like on FreeBSD, using disk images (file-backed memory  
>> > disks).
>> > 
>> > I've got a stock 4.0 install on a box, and now want to stuff some  
>> > data on an encrypted volume.
>> 
>> On OpenBSD, I think this is svnd(4), which is prepared with vnconfig(8). 
>>   AFAIR, it does only Blowfish encryption.
>
>While having more choices would be nice, please don't read that as
>"blowfish is insecure."

Make sure that you use -K rather than -k or your encrypted volume will
be vulnerable to offline dictionary attacks rather trivially.

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/


From nycbug-list at 2xlp.com  Mon Jan 15 16:25:16 2007
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Mon, 15 Jan 2007 16:25:16 -0500
Subject: [nycbug-talk] Deliver mail to multiple mailhost
In-Reply-To: <cdb2c1f30701150935i3220f264lb43461564ba655c1@mail.gmail.com>
References: <cdb2c1f30701150935i3220f264lb43461564ba655c1@mail.gmail.com>
Message-ID: <32784D6A-0903-4532-8BFF-B8D7A23E48B0@2xlp.com>


On Jan 15, 2007, at 12:35 PM, swygue wrote:

> It does not have to be sendmail specefic, it could be Qmail or  
> Postfix.

in exim there is an 'unseen'  option for doing just that.  there's  
also the option to pipe a message to a script that  could handle that.

i don't know about qmail or postfix, but you could try googling for a  
comparison of features and finding the unseen equivalent.


// Jonathan Vanasco

| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -




From okan at demirmen.com  Mon Jan 15 16:42:21 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Mon, 15 Jan 2007 16:42:21 -0500
Subject: [nycbug-talk] Deliver mail to multiple mailhost
In-Reply-To: <cdb2c1f30701150935i3220f264lb43461564ba655c1@mail.gmail.com>
References: <cdb2c1f30701150935i3220f264lb43461564ba655c1@mail.gmail.com>
Message-ID: <20070115214221.GK31979@clam.khaoz.org>

On Mon 2007.01.15 at 12:35 -0500, swygue wrote:
> I have a sendmail server that relays all incoming mail for my domain.
> I am using the virtusertable to deliver user at domain to
> user at mailhost.domain. How can have the mail delivered to multiple host
> ? So user at domain to user at mailhost1.domain and user at mailhost2.domain.
> 
> It does not have to be sendmail specefic, it could be Qmail or Postfix.

virtusertable
-------------
user at domain	magicbeans

aliases
-------
magicbeans:	user at mailhost1.domain,user at mailhost2.domain


From mspitzer at gmail.com  Mon Jan 15 18:39:32 2007
From: mspitzer at gmail.com (Marc Spitzer)
Date: Mon, 15 Jan 2007 18:39:32 -0500
Subject: [nycbug-talk] bsd is really the gpl, on grok law
Message-ID: <8c50a3c30701151539r1b90d839r75c58aeaa98772db@mail.gmail.com>

I have just skimmed parts but he seems to say that bsd licence is
really very gpl like:

http://www.groklaw.net/article.php?story=20070114093427179

If I read this right he needs his medication ajusted,

marc
-- 
Freedom is nothing but a chance to be better.
Albert Camus


From dan at langille.org  Mon Jan 15 19:31:01 2007
From: dan at langille.org (Dan Langille)
Date: Mon, 15 Jan 2007 19:31:01 -0500
Subject: [nycbug-talk] bsd is really the gpl, on grok law
In-Reply-To: <8c50a3c30701151539r1b90d839r75c58aeaa98772db@mail.gmail.com>
References: <8c50a3c30701151539r1b90d839r75c58aeaa98772db@mail.gmail.com>
Message-ID: <45ABD675.24636.9BF119F0@dan.langille.org>

On 15 Jan 2007 at 18:39, Marc Spitzer wrote:

> I have just skimmed parts but he seems to say that bsd licence is
> really very gpl like:
> 
> http://www.groklaw.net/article.php?story=20070114093427179
> 
> If I read this right he needs his medication ajusted,

Already seen it.  Concluded: the author wants to make a name for 
himself and has chosen to take a controversial stance.  He'll fall 
over. It has no logs.

I think Jonathan Bryce summed it up best.  From 
http://preview.tinyurl.com/u5jcz :

"I think the answer is in the licence.

Where do you get permission to distribute the program?

Redistribution and use in source and binary forms, with or without 
modification, are permitted provided that the following conditions 
are met:  

there then follows a list of conditions.

You have to comply with them, but any other licence that allows you 
to comply with those conditions is surely OK."  


-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php
PGCon - The PostgreSQL Conference - http://www.pgcon.org/




From pete at nomadlogic.org  Tue Jan 16 11:32:01 2007
From: pete at nomadlogic.org (Pete Wright)
Date: Tue, 16 Jan 2007 11:32:01 -0500
Subject: [nycbug-talk] FreeBSD-6.2-RELEASE coming soon
In-Reply-To: <a49e62c80701131904g3586f8aenc3f839e9814264bc@mail.gmail.com>
References: <20061109170749.GA23043@sunset.nomadlogic.org>
	<a49e62c80701131904g3586f8aenc3f839e9814264bc@mail.gmail.com>
Message-ID: <20070116163158.GA19814@sunset.nomadlogic.org>

On Sat, Jan 13, 2007 at 10:04:45PM -0500, Anthony Elizondo wrote:
> On 11/9/06, Pete Wright <pete at nomadlogic.org> wrote:
> >hi all,
> >just a reminder that with freebsd's 6.2-RELEASE coming soon that we have
> >a local mirror of the cvs tree and ftp site for nycbug members:
> >
> >freebsd.nycbug.org
> >
> >i've been trying to keep this site as up to date as possible, so please
> >feel free to use it.  there has been alot of work going on with NIC
> >drivers in this relase (i know the em driver has gotten alot of work
> >recently) so if you have some cycles let's help the FreeBSD folks out
> >and test these beta's and RC's.
> 
> Don't know if you update manually or script it, but i see 6.2-RELEASE
> on the master site and some select mirrors.
> 

nope it's all scripted.  we do infact have 6.2-RELEASE (as well as the
RC's ;) available on freebsd.nycbug.org.  you can get your ISO's or
perform a network based install against this host.  let me know if you
spot any issues.

-pete

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459



From ike at lesmuug.org  Tue Jan 16 16:22:21 2007
From: ike at lesmuug.org (Isaac Levy)
Date: Tue, 16 Jan 2007 16:22:21 -0500
Subject: [nycbug-talk] bsd is really the gpl, on grok law
In-Reply-To: <45ABD675.24636.9BF119F0@dan.langille.org>
References: <8c50a3c30701151539r1b90d839r75c58aeaa98772db@mail.gmail.com>
	<45ABD675.24636.9BF119F0@dan.langille.org>
Message-ID: <AA2E65FE-16C0-484F-8B26-4D6E41858185@lesmuug.org>

Hi All,

On Jan 15, 2007, at 7:31 PM, Dan Langille wrote:

>> I have just skimmed parts but he seems to say that bsd licence is
>> really very gpl like:
>>
>> http://www.groklaw.net/article.php?story=20070114093427179
>>
>> If I read this right he needs his medication ajusted,
>
> Already seen it.  Concluded: the author wants to make a name for
> himself and has chosen to take a controversial stance.  He'll fall
> over. It has no logs.

There's holes all over this paper, however, let me point out that  
folks like this tend to miss small details:

"Open source licenses have been subject to little judicial scrutiny  
to date."

Um,
http://cm.bell-labs.com/cm/cs/who/dmr/bsdi/bsdisuit.html

--
It's just been getting me angry lately, the hubris GPL people operate  
with, like we all just invented this stuff last week...

--
I agree with Dan, the author is just a lawyer trying to make a buzz-  
and is blinded by the idea of western capitalism, like most Business- 
turned-OSS people, looking at the world through GPL colored glasses,  
dollar signs in the eyes...  Snakeoil distribution is simply now  
picking up in the legal marketplace, nothing to get exited about.

Brendan Scott:
http://www.opensourcelaw.biz/

Rocket-
.ike




From nycbug-list at 2xlp.com  Tue Jan 16 16:48:40 2007
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Tue, 16 Jan 2007 16:48:40 -0500
Subject: [nycbug-talk] bsd is really the gpl, on grok law
In-Reply-To: <AA2E65FE-16C0-484F-8B26-4D6E41858185@lesmuug.org>
References: <8c50a3c30701151539r1b90d839r75c58aeaa98772db@mail.gmail.com>
	<45ABD675.24636.9BF119F0@dan.langille.org>
	<AA2E65FE-16C0-484F-8B26-4D6E41858185@lesmuug.org>
Message-ID: <316C9E21-AFF6-444D-BC93-CB40511C7B80@2xlp.com>


On Jan 16, 2007, at 4:22 PM, Isaac Levy wrote:

> I agree with Dan, the author is just a lawyer trying to make a buzz-
> and is blinded by the idea of western capitalism, like most Business-
> turned-OSS people, looking at the world through GPL colored glasses,
> dollar signs in the eyes...  Snakeoil distribution is simply now
> picking up in the legal marketplace, nothing to get exited about.

Just to add -- this is an Australian LAWYER'S OPINION
its not based on US or UK / EU law.  He even notes that (though it  
could be ' profitably applied' )

in any event, note the two capitalized words above:
	OPINION -- ie, its not fact.
	LAWYER's -- ie, someone hired to advocate a position and find a way  
to make it legally compelling.

Sure, a lawyer can make a good argument that the BSD==GPL.  I bet he  
could also make just as compelling an argument as the opposite.   
Lawyers are neat like that, they make shit up and then figure out a  
way to make agree with it.  The great thing about them is that half  
the time they're right and the other half they're wrong.

it'll be interesting to see what his nemesis- probably the guy he  
competed with at law school on 'who has the biggest dick, er, i mean  
ego' content - decides to come up with as a response.

// Jonathan Vanasco

| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -




From pete at nomadlogic.org  Wed Jan 17 12:12:53 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Wed, 17 Jan 2007 09:12:53 -0800 (PST)
Subject: [nycbug-talk] memtest86+ dundled with freesbie?
Message-ID: <34949.160.33.20.11.1169053973.squirrel@webmail.nomadlogic.org>

hi all,
does anyone know if memtest86+ is bundled with freesbie, and if not is
there an easy way to bundle it?  i know it comes with knoppix - but i'd
prefer to use freesbie if possible.

thanks!
-pete

-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From kit at kithalsted.com  Thu Jan 18 12:06:38 2007
From: kit at kithalsted.com (Kit Halsted)
Date: Thu, 18 Jan 2007 12:06:38 -0500
Subject: [nycbug-talk] RAM downtown?
Message-ID: <p060020f6c1d558958399@[10.0.1.23]>

Only peripherally BSD-related, as it will be used in a BSD-based 
system, but very NYC-related...

Anybody got a recommendation for somewhere I might be able to grab a 
512MB or 1GB stick of PC100 desktop RAM? I'm downtown (as in the view 
in front of the building has both rivers) & will be in NoHo later 
before heading to my client in DuMBO.

Help, I can't remember where to buy memory...

TIA,
-Kit


From bschonhorst at gmail.com  Thu Jan 18 12:16:55 2007
From: bschonhorst at gmail.com (Brad Schonhorst)
Date: Thu, 18 Jan 2007 12:16:55 -0500
Subject: [nycbug-talk] RAM downtown?
In-Reply-To: <p060020f6c1d558958399@10.0.1.23>
References: <p060020f6c1d558958399@10.0.1.23>
Message-ID: <7708fd680701180916v7c591911rf482b6709cd9ed64@mail.gmail.com>

On 1/18/07, Kit Halsted <kit at kithalsted.com> wrote:
> Only peripherally BSD-related, as it will be used in a BSD-based
> system, but very NYC-related...
>
> Anybody got a recommendation for somewhere I might be able to grab a
> 512MB or 1GB stick of PC100 desktop RAM? I'm downtown (as in the view
> in front of the building has both rivers) & will be in NoHo later
> before heading to my client in DuMBO.
>
> Help, I can't remember where to buy memory...
>

Although I've never actually purchased RAM from them, J&R Computer
comes to mind...


From alex at pilosoft.com  Thu Jan 18 12:17:52 2007
From: alex at pilosoft.com (alex at pilosoft.com)
Date: Thu, 18 Jan 2007 12:17:52 -0500 (EST)
Subject: [nycbug-talk] RAM downtown?
In-Reply-To: <p060020f6c1d558958399@[10.0.1.23]>
Message-ID: <Pine.LNX.4.44.0701181216390.5773-100000@bawx.pilosoft.com>

On Thu, 18 Jan 2007, Kit Halsted wrote:

> Only peripherally BSD-related, as it will be used in a BSD-based system,
> but very NYC-related...
> 
> Anybody got a recommendation for somewhere I might be able to grab a
> 512MB or 1GB stick of PC100 desktop RAM? I'm downtown (as in the view in
> front of the building has both rivers) & will be in NoHo later before
> heading to my client in DuMBO.
> 
> Help, I can't remember where to buy memory...
If you exhaust your options, stop by our office (Pilosoft, 55 Broad St). 
We stock lots of various gear, and we do have PC100/133 RAM.

Other than that, I doubt you'll be able to buy SDRAM at any store - its 
not 2004 anymore...

-alex



From njt at ayvali.org  Thu Jan 18 12:27:09 2007
From: njt at ayvali.org (N.J. Thomas)
Date: Thu, 18 Jan 2007 12:27:09 -0500
Subject: [nycbug-talk] RAM downtown?
In-Reply-To: <p060020f6c1d558958399@[10.0.1.23]>
References: <p060020f6c1d558958399@[10.0.1.23]>
Message-ID: <20070118172709.GZ31068@ayvali.org>

* Kit Halsted <kit at kithalsted.com> [2007-01-18 12:06:38 -0500]:
> Anybody got a recommendation for somewhere I might be able to grab a
> 512MB or 1GB stick of PC100 desktop RAM? I'm downtown

Like others said, you should really purchase this online, but if you
absolutely need it ASAP try Cables & Chips on Fulton (near Broadway):

    http://www.cablesandchipsinc.com/

or J&R.

Thomas

-- 
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo


From pete at nomadlogic.org  Fri Jan 19 19:02:13 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Fri, 19 Jan 2007 16:02:13 -0800 (PST)
Subject: [nycbug-talk] google calendar
Message-ID: <12870.160.33.20.11.1169251333.squirrel@webmail.nomadlogic.org>


maybe i'm a little late on the scene, but noticed that google calendar
(www.google.com/calendar) allows a user to search public events.  the
calendar AJAX thingy is actually pretty fun to play with...so maybe i'll
start posting nycbug meetings up there so other people using this app may
stumble upon nycbug in the future.

anywho, just thought i'd share that with other folks slacking on a friday
afternoon ;)

-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From george at ceetonetechnology.com  Fri Jan 19 19:05:52 2007
From: george at ceetonetechnology.com (George R.)
Date: Fri, 19 Jan 2007 19:05:52 -0500
Subject: [nycbug-talk] google calendar
In-Reply-To: <12870.160.33.20.11.1169251333.squirrel@webmail.nomadlogic.org>
References: <12870.160.33.20.11.1169251333.squirrel@webmail.nomadlogic.org>
Message-ID: <45B15CE0.30405@ceetonetechnology.com>

Peter Wright wrote:
> maybe i'm a little late on the scene, but noticed that google calendar
> (www.google.com/calendar) allows a user to search public events.  the
> calendar AJAX thingy is actually pretty fun to play with...so maybe i'll
> start posting nycbug meetings up there so other people using this app may
> stumble upon nycbug in the future.

very nice.

> anywho, just thought i'd share that with other folks slacking on a friday
> afternoon ;)

Hey Cali-Boy, it's nighttime here!

g


From george at ceetonetechnology.com  Sun Jan 21 13:46:14 2007
From: george at ceetonetechnology.com (George R.)
Date: Sun, 21 Jan 2007 13:46:14 -0500
Subject: [nycbug-talk] mail server survey
Message-ID: <45B3B4F6.2080505@ceetonetechnology.com>

Interesting article from O'Reilly, cited in Dru's blog about
fingerprinting and the breakdown of mail servers. . .

http://tinyurl.com/yczscd

DL: you should announce when you hit your blog. . .

g


From pete at nomadlogic.org  Mon Jan 22 12:23:13 2007
From: pete at nomadlogic.org (Peter Wright)
Date: Mon, 22 Jan 2007 09:23:13 -0800 (PST)
Subject: [nycbug-talk] Oracle Consultant's?
Message-ID: <29077.160.33.20.11.1169486593.squirrel@webmail.nomadlogic.org>

Hi All,
Not posting to job's as I am hoping to hear some discussion on this.  My
company is beginning to look for an outside consultant to evaluate one of
our current Oracle installations and was hoping some folks may have some
insight on this matter.

we have been working with oracle support to resolve an unstable cluster
and frankly the support they offer has been lacking (although to be honest
the blame may not rest completely on Oracle).  i guess my two questions
are, has anyone had success bringing in an onsight oracle engineer to
solve issues on production databases?  secondly, are there any standout
oracle support *firms* that may be worth checking out?

thanks in advance!
-pete


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
310.869.9459


From jfreeman at columbia.edu  Tue Jan 23 15:33:12 2007
From: jfreeman at columbia.edu (Joshua S. Freeman)
Date: Tue, 23 Jan 2007 15:33:12 -0500
Subject: [nycbug-talk] Anyone besides me work at or around Columbia?
Message-ID: <C1DBDB38.E8FEA%jfreeman@columbia.edu>

Hey all,

I have an IBM thinkpad that is dual boot XP Pro and FreeBSD 5.?? (haven't
booted in to FreeBSD in longer than I care to admit.)

I would like to get back on the FreeBSD horse and really get more adept at
administration the FreeBSD way... I have a tutorial printed out on how to
get wifi networking working on the Thinkpad under FreeBSD but given my deep
level of inexperience I'd feel so much better doing this with someone who
has a shot of bailing me me out if things go south.

I'll buy the beer... Anyone wanna get together and give it a shot sometime?
We can do it during work hours or after... I'm easy.

TIA,

Joshua
-- 

Joshua S. Freeman | jfreeman at columbia.edu
Project Director - CUIT
O: 212.854.2083  M: 347.392 2560
skype: karmester


This message (including any attachments) contains confidential information
intended for a specific individual/group of individuals and a specific
purpose, and is protected by law.  If you are not an intended recipient, you
should delete this message.  Any disclosure, copying, or distribution of
this message, or the taking of any action based on it, is strictly
prohibited.





From jpb at sixshooter.v6.thrupoint.net  Tue Jan 23 17:03:14 2007
From: jpb at sixshooter.v6.thrupoint.net (Jim Brown)
Date: Tue, 23 Jan 2007 22:03:14 +0000
Subject: [nycbug-talk] Anyone besides me work at or around Columbia?
In-Reply-To: <C1DBDB38.E8FEA%jfreeman@columbia.edu>
References: <C1DBDB38.E8FEA%jfreeman@columbia.edu>
Message-ID: <20070123220314.GA37484@sixshooter.v6.thrupoint.net>

* Joshua S. Freeman <jfreeman at columbia.edu> [2007-01-23 16:32]:
> Hey all,
> 
> I have an IBM thinkpad that is dual boot XP Pro and FreeBSD 5.?? (haven't
> booted in to FreeBSD in longer than I care to admit.)
> 
> I would like to get back on the FreeBSD horse and really get more adept at
> administration the FreeBSD way... I have a tutorial printed out on how to
> get wifi networking working on the Thinkpad under FreeBSD but given my deep
> level of inexperience I'd feel so much better doing this with someone who
> has a shot of bailing me me out if things go south.
> 
> I'll buy the beer... Anyone wanna get together and give it a shot sometime?
> We can do it during work hours or after... I'm easy.
> 
> TIA,
> 
> Joshua
> -- 


Hi Joshua,

I just went through this on my T42.  I bought a Linksys Wireless G
and set it up last weekend.  I'm using WPA-TKIP.

There's an excellent introduction in the handbook- Chapter 27.3.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html#NETWORK-WIRELESS

Very readable.

Best Regards,
Jim B.



From skreuzer at f2o.org  Thu Jan 25 13:46:18 2007
From: skreuzer at f2o.org (Steven Kreuzer)
Date: Thu, 25 Jan 2007 13:46:18 -0500
Subject: [nycbug-talk] Adopt a FreeBSD Port
Message-ID: <7D946E7F-5BBE-4CA7-A7B2-417CC90D1596@f2o.org>

Hey Guys-

As I am sure alot of you already know, the FreeBSD Ports and Packages  
Collection offers an easy and consistent way of installing software  
packages on FreeBSD and is a very important section of the operating  
system as a whole.

Currently, there are 4333 ports with MAINTAINER set to  
ports at freebsd.org, which means that no one is currently actively  
maintaining them. Out of these ports, 371 (or 8.56%) are out of date.

A list of ports that need some love and attention can be found at  
http://beta.inerd.com/portscout/ports at freebsd.org.html

If you see a port listed that you use, consider adopting it. If its  
out of date, consider updating it. Its a pretty simple way to start  
contributing back to FreeBSD. All that is really required to adopt a  
port is to change the MAINTAINER line in the makefile, create a  
unified diff and the submit a PR for that patch at http:// 
www.freebsd.org/send-pr.html

A good place to get familiar with how the ports system works is to  
browse through the FreeBSD Porter's Handbook which you can find at  
http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/

Another good read is Michael W. Lucas's article on Modifying a Port  
which can be found at http://www.onlamp.com/lpt/a/574

Of course, this list is also a very good place to find answers to  
your questions as well, so feel free to post them.

So, get to work ;)

-Steven


From spork at bway.net  Thu Jan 25 23:34:11 2007
From: spork at bway.net (Charles Sprickman)
Date: Thu, 25 Jan 2007 23:34:11 -0500 (EST)
Subject: [nycbug-talk] HFS+ in FreeBSD
Message-ID: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>

Hi all,

Long story, but I've recently had both my iBook and my G5 tower die.

No biggie for the most part since the iBook was not expected to live much 
longer so I got a deal ($1300) on a CoreDuo MacBook Pro.

However I'm now looking at an SATA disk with an Apple partition table and 
an HFS+ FS on it.  I have no functioning Apple gear with an SATA port.  I 
have one 1U server (temporarily) running FreeBSD 6.2 with SATA ports.

I want to pull a few files (like my accounting system stuff with the last 
few weeks of billing) off the drive...

Any quickie ideas?

Thanks,

Charles


From dave at donnerjack.com  Thu Jan 25 23:40:52 2007
From: dave at donnerjack.com (David Lawson)
Date: Thu, 25 Jan 2007 23:40:52 -0500
Subject: [nycbug-talk] HFS+ in FreeBSD
In-Reply-To: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
Message-ID: <0707549B-12AC-4C49-915B-A17297D7A5EE@donnerjack.com>

USB/FW drive with a SATA connector.  Shouldn't run more than $20-30  
on NewEgg, might be able to find one local too if you're the  
impatient type (as I am, for example).  That'd probably be simplest,  
honestly, plus it has the added advantage of letting you do snapshot  
backups down the road if you want.

--Dave
On Jan 25, 2007, at 11:34 PM, Charles Sprickman wrote:

> Hi all,
>
> Long story, but I've recently had both my iBook and my G5 tower die.
>
> No biggie for the most part since the iBook was not expected to  
> live much
> longer so I got a deal ($1300) on a CoreDuo MacBook Pro.
>
> However I'm now looking at an SATA disk with an Apple partition  
> table and
> an HFS+ FS on it.  I have no functioning Apple gear with an SATA  
> port.  I
> have one 1U server (temporarily) running FreeBSD 6.2 with SATA ports.
>
> I want to pull a few files (like my accounting system stuff with  
> the last
> few weeks of billing) off the drive...
>
> Any quickie ideas?
>
> Thanks,
>
> Charles
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>



From spork at bway.net  Thu Jan 25 23:48:31 2007
From: spork at bway.net (Charles Sprickman)
Date: Thu, 25 Jan 2007 23:48:31 -0500 (EST)
Subject: [nycbug-talk] HFS+ in FreeBSD
In-Reply-To: <0707549B-12AC-4C49-915B-A17297D7A5EE@donnerjack.com>
References: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
	<0707549B-12AC-4C49-915B-A17297D7A5EE@donnerjack.com>
Message-ID: <Pine.OSX.4.64.0701252345002.472@white.nat.fasttrackmonkey.com>

On Thu, 25 Jan 2007, David Lawson wrote:

> USB/FW drive with a SATA connector.  Shouldn't run more than $20-30 on 
> NewEgg, might be able to find one local too if you're the impatient type (as 
> I am, for example).  That'd probably be simplest, honestly, plus it has the 
> added advantage of letting you do snapshot backups down the road if you want.

I almost bought one recently, but they are insanely pricey at NewEgg if 
you want Firewire+SATA.

Now I do have a spare drive, a spare enclosure...  I wonder what would 
happen if I dd'd from the Mac drive to another?  I would assume that would 
copy the partition table and everything...  and then I could plug that 
copy of the sata drive into the MBP...  Hmmm.

I see there (was?) HFS support for 5.x, but I think the patches are way 
too old to work against 6.2.  Oddly enough there is geom_apple to read the 
partition table, but I'm not finding any support for actually mounting.  I 
only need read-only.

Thanks,

Charles

> --Dave
> On Jan 25, 2007, at 11:34 PM, Charles Sprickman wrote:
>
>> Hi all,
>> 
>> Long story, but I've recently had both my iBook and my G5 tower die.
>> 
>> No biggie for the most part since the iBook was not expected to live much
>> longer so I got a deal ($1300) on a CoreDuo MacBook Pro.
>> 
>> However I'm now looking at an SATA disk with an Apple partition table and
>> an HFS+ FS on it.  I have no functioning Apple gear with an SATA port.  I
>> have one 1U server (temporarily) running FreeBSD 6.2 with SATA ports.
>> 
>> I want to pull a few files (like my accounting system stuff with the last
>> few weeks of billing) off the drive...
>> 
>> Any quickie ideas?
>> 
>> Thanks,
>> 
>> Charles
>> _______________________________________________
>> % NYC*BUG talk mailing list
>> http://lists.nycbug.org/mailman/listinfo/talk
>> %Be sure to check out our Jobs and NYCBUG-announce lists
>> %We meet the first Wednesday of the month
>> 
>


From lavalamp at spiritual-machines.org  Thu Jan 25 23:49:46 2007
From: lavalamp at spiritual-machines.org (Brian A. Seklecki)
Date: Thu, 25 Jan 2007 23:49:46 -0500 (EST)
Subject: [nycbug-talk] HFS+ in FreeBSD
In-Reply-To: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
Message-ID: <20070125234726.M18034@arbitor.digitalfreaks.org>


Way out there, but could you use raw character device access to the disk 
under FreeBSD to feed a disk image to the Mac?  Maybe a .dmg, etc.?  Mac's 
are very volume oriented.

Maybe burn a DVD?  Or a disk image file on an external USB drive with a 
Mac-and-freebsd-readable FS?

~BAS

On Thu, 25 Jan 2007, Charles Sprickman wrote:

> Hi all,
>
> Long story, but I've recently had both my iBook and my G5 tower die.


From dave at donnerjack.com  Thu Jan 25 23:59:24 2007
From: dave at donnerjack.com (David Lawson)
Date: Thu, 25 Jan 2007 23:59:24 -0500
Subject: [nycbug-talk] HFS+ in FreeBSD
In-Reply-To: <Pine.OSX.4.64.0701252345002.472@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
	<0707549B-12AC-4C49-915B-A17297D7A5EE@donnerjack.com>
	<Pine.OSX.4.64.0701252345002.472@white.nat.fasttrackmonkey.com>
Message-ID: <DDDFF008-F7B6-48BF-A417-FD03EA9687E6@donnerjack.com>

> I almost bought one recently, but they are insanely pricey at  
> NewEgg if you want Firewire+SATA.

That surprises me, actually, I've gotten some nice, cheap enclosures  
there, but they've all been IDE.  Bummer.  MacMall maybe?  Their  
prices kind of suck, but they have the occasional good deal.

> Now I do have a spare drive, a spare enclosure...  I wonder what  
> would happen if I dd'd from the Mac drive to another?  I would  
> assume that would copy the partition table and everything...  and  
> then I could plug that copy of the sata drive into the MBP...  Hmmm.

Yeah, dd would copy the partition table and everything.  I _think_,  
and I'm relying on a couple year old memory, that you might end up  
with a bunch of unpartitioned free space at the end of the drive,  
depending on the size mismatch.  Also depends on how HFS lays out and  
defines its partitions and all that fun stuff.

> I see there (was?) HFS support for 5.x, but I think the patches are  
> way too old to work against 6.2.  Oddly enough there is geom_apple  
> to read the partition table, but I'm not finding any support for  
> actually mounting.  I only need read-only.

Wow.  Yeah, looks like there was a very basic implementation based on  
the Darwin code in 5.3, but it hasn't been ported up.  No joy in Net  
or Open that's particularly current, either.  Man, that's kind of  
surprising, really.

--Dave


From kit at kithalsted.com  Fri Jan 26 00:28:24 2007
From: kit at kithalsted.com (Kit Halsted)
Date: Fri, 26 Jan 2007 00:28:24 -0500
Subject: [nycbug-talk] HFS+ in FreeBSD
In-Reply-To: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
Message-ID: <p06002012c1df40a45fc6@[10.0.2.4]>

Have you got access to any Apple gear with USB 2.0? I'd suggest a USB 
2.0 to SATA + IDE (2.5 / 3.5 / 5.25") Cable Adapter from geeks.com.

http://www.geeks.com/details.asp?invtid=2020&cat=CBL

Cheap, effective, & useful for other situations as well.

HTH,
-Kit
At 11:34 PM -0500 1/25/07, Charles Sprickman wrote:
>Hi all,
>
>Long story, but I've recently had both my iBook and my G5 tower die.
>
>No biggie for the most part since the iBook was not expected to live much
>longer so I got a deal ($1300) on a CoreDuo MacBook Pro.
>
>However I'm now looking at an SATA disk with an Apple partition table and
>an HFS+ FS on it.  I have no functioning Apple gear with an SATA port.  I
>have one 1U server (temporarily) running FreeBSD 6.2 with SATA ports.
>
>I want to pull a few files (like my accounting system stuff with the last
>few weeks of billing) off the drive...
>
>Any quickie ideas?
>
>Thanks,
>
>Charles

-- 
Kit Halsted
Computers & Networking
917-903-9438
kit at kithalsted.com


From spork at bway.net  Fri Jan 26 00:44:51 2007
From: spork at bway.net (Charles Sprickman)
Date: Fri, 26 Jan 2007 00:44:51 -0500 (EST)
Subject: [nycbug-talk] HFS+ in FreeBSD
In-Reply-To: <p06002012c1df40a45fc6@[10.0.2.4]>
References: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
	<p06002012c1df40a45fc6@[10.0.2.4]>
Message-ID: <Pine.OSX.4.64.0701260044040.472@white.nat.fasttrackmonkey.com>

On Fri, 26 Jan 2007, Kit Halsted wrote:

> Have you got access to any Apple gear with USB 2.0? I'd suggest a USB 2.0 to 
> SATA + IDE (2.5 / 3.5 / 5.25") Cable Adapter from geeks.com.
>
> http://www.geeks.com/details.asp?invtid=2020&cat=CBL

Ordered it.  Thanks!

That looks insanely handy.  Much more fun than fiddling with enclosures.

Charles

> Cheap, effective, & useful for other situations as well.
>
> HTH,
> -Kit
> At 11:34 PM -0500 1/25/07, Charles Sprickman wrote:
>> Hi all,
>> 
>> Long story, but I've recently had both my iBook and my G5 tower die.
>> 
>> No biggie for the most part since the iBook was not expected to live much
>> longer so I got a deal ($1300) on a CoreDuo MacBook Pro.
>> 
>> However I'm now looking at an SATA disk with an Apple partition table and
>> an HFS+ FS on it.  I have no functioning Apple gear with an SATA port.  I
>> have one 1U server (temporarily) running FreeBSD 6.2 with SATA ports.
>> 
>> I want to pull a few files (like my accounting system stuff with the last
>> few weeks of billing) off the drive...
>> 
>> Any quickie ideas?
>> 
>> Thanks,
>> 
>> Charles
>
> -- 
> Kit Halsted
> Computers & Networking
> 917-903-9438
> kit at kithalsted.com
>


From nycbug-list at 2xlp.com  Fri Jan 26 01:16:35 2007
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Fri, 26 Jan 2007 01:16:35 -0500
Subject: [nycbug-talk] HFS+ in FreeBSD
In-Reply-To: <Pine.OSX.4.64.0701260044040.472@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
	<p06002012c1df40a45fc6@[10.0.2.4]>
	<Pine.OSX.4.64.0701260044040.472@white.nat.fasttrackmonkey.com>
Message-ID: <39C4A33A-18A3-4DA3-8C10-48B79343FF99@2xlp.com>


On Jan 26, 2007, at 12:44 AM, Charles Sprickman wrote:

> On Fri, 26 Jan 2007, Kit Halsted wrote:
>
>> Have you got access to any Apple gear with USB 2.0? I'd suggest a  
>> USB 2.0 to
>> SATA + IDE (2.5 / 3.5 / 5.25") Cable Adapter from geeks.com.
>>
>> http://www.geeks.com/details.asp?invtid=2020&cat=CBL
>
> Ordered it.  Thanks!
>
> That looks insanely handy.  Much more fun than fiddling with  
> enclosures.
>
> Charles
>
>> Cheap, effective, & useful for other situations as well.
>>
>> HTH,
>> -Kit


GREAT find!

I've been looking for one of these, but they're always out-of-stock  
from $15 vendors or $50 elsewhere.

best buy has been having a bunch of sales lately on 500gb hds.  i  
picked one up a few weeks ago for $140.   i've been meaning to grab  
one of these so i can turn it into a backup system.



// Jonathan Vanasco

| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - - - - -
| SyndiClick.com
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - - - - -
|      FindMeOn.com - The cure for Multiple Web Personality Disorder
|      Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - - - - -
|      RoadSound.com - Tools For Bands, Stuff For Fans
|      Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - - - - -




From spork at bway.net  Fri Jan 26 04:27:55 2007
From: spork at bway.net (Charles Sprickman)
Date: Fri, 26 Jan 2007 04:27:55 -0500 (EST)
Subject: [nycbug-talk] HFS+ in FreeBSD
In-Reply-To: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
Message-ID: <Pine.OSX.4.64.0701260426480.472@white.nat.fasttrackmonkey.com>

On Thu, 25 Jan 2007, Charles Sprickman wrote:

> Hi all,
>
> Long story, but I've recently had both my iBook and my G5 tower die.
>
> No biggie for the most part since the iBook was not expected to live much
> longer so I got a deal ($1300) on a CoreDuo MacBook Pro.
>
> However I'm now looking at an SATA disk with an Apple partition table and
> an HFS+ FS on it.  I have no functioning Apple gear with an SATA port.  I
> have one 1U server (temporarily) running FreeBSD 6.2 with SATA ports.
>
> I want to pull a few files (like my accounting system stuff with the last
> few weeks of billing) off the drive...
>
> Any quickie ideas?

Just so you can all breathe a sigh of relief, the "dd" trick worked well. 
:)

Charles

> Thanks,
>
> Charles
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>


From af.dingo at gmail.com  Fri Jan 26 09:21:00 2007
From: af.dingo at gmail.com (Jeff Quast)
Date: Fri, 26 Jan 2007 09:21:00 -0500
Subject: [nycbug-talk] Adopt a FreeBSD Port
In-Reply-To: <7D946E7F-5BBE-4CA7-A7B2-417CC90D1596@f2o.org>
References: <7D946E7F-5BBE-4CA7-A7B2-417CC90D1596@f2o.org>
Message-ID: <c1feb8190701260621p795071a4h14de952410e41122@mail.gmail.com>

On 1/25/07, Steven Kreuzer <skreuzer at f2o.org> wrote:
> Hey Guys-
>
> As I am sure alot of you already know, the FreeBSD Ports and Packages
> Collection offers an easy and consistent way of installing software
> packages on FreeBSD and is a very important section of the operating
> system as a whole.
>
> Currently, there are 4333 ports with MAINTAINER set to
> ports at freebsd.org, which means that no one is currently actively
> maintaining them. Out of these ports, 371 (or 8.56%) are out of date.
>
> A list of ports that need some love and attention can be found at
> http://beta.inerd.com/portscout/ports at freebsd.org.html
>
> If you see a port listed that you use, consider adopting it. If its
> out of date, consider updating it. Its a pretty simple way to start
> contributing back to FreeBSD. All that is really required to adopt a
> port is to change the MAINTAINER line in the makefile, create a
> unified diff and the submit a PR for that patch at http://
> www.freebsd.org/send-pr.html
>
> A good place to get familiar with how the ports system works is to
> browse through the FreeBSD Porter's Handbook which you can find at
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/
>
> Another good read is Michael W. Lucas's article on Modifying a Port
> which can be found at http://www.onlamp.com/lpt/a/574
>
> Of course, this list is also a very good place to find answers to
> your questions as well, so feel free to post them.
>
> So, get to work ;)
>
> -Steven

Maybe its time to trim the tree.


From nycbug-list at 2xlp.com  Fri Jan 26 10:30:26 2007
From: nycbug-list at 2xlp.com (Jonathan Vanasco)
Date: Fri, 26 Jan 2007 10:30:26 -0500
Subject: [nycbug-talk] HFS+ in FreeBSD
In-Reply-To: <Pine.OSX.4.64.0701260426480.472@white.nat.fasttrackmonkey.com>
References: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
	<Pine.OSX.4.64.0701260426480.472@white.nat.fasttrackmonkey.com>
Message-ID: <575D3E4F-720B-4927-B29F-DBCD2E21DBAE@2xlp.com>


On Jan 26, 2007, at 4:27 AM, Charles Sprickman wrote:

> Just so you can all breathe a sigh of relief, the "dd" trick worked  
> well.
> :)
>
> Charles


I should have added this before:

	Carbon Copy Cloner
	http://www.bombich.com/software/ccc.html

	its ridiculously useful .  yes,  you could do all of that on the  
command line.  but this wraps it all in a gui, along with install  
scripts for misc support utilities, and gives you a bunch of  
checkboxes instead of flags.



From dave at donnerjack.com  Fri Jan 26 10:47:34 2007
From: dave at donnerjack.com (David Lawson)
Date: Fri, 26 Jan 2007 10:47:34 -0500
Subject: [nycbug-talk] HFS+ in FreeBSD
In-Reply-To: <575D3E4F-720B-4927-B29F-DBCD2E21DBAE@2xlp.com>
References: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
	<Pine.OSX.4.64.0701260426480.472@white.nat.fasttrackmonkey.com>
	<575D3E4F-720B-4927-B29F-DBCD2E21DBAE@2xlp.com>
Message-ID: <F5334A17-4ACC-482B-AF3E-8CEBB75A9360@donnerjack.com>


On Jan 26, 2007, at 10:30 AM, Jonathan Vanasco wrote:

>
> On Jan 26, 2007, at 4:27 AM, Charles Sprickman wrote:
>
>> Just so you can all breathe a sigh of relief, the "dd" trick worked
>> well.
>> :)
>>
>> Charles
>
>
> I should have added this before:
>
> 	Carbon Copy Cloner
> 	http://www.bombich.com/software/ccc.html
>
> 	its ridiculously useful .  yes,  you could do all of that on the
> command line.  but this wraps it all in a gui, along with install
> scripts for misc support utilities, and gives you a bunch of
> checkboxes instead of flags.

I've heard good things about that, and particularly good things about  
SuperDuper! for being a little more user friendly and not as  
restricted in what it wants to do.

--Dave


From carton at Ivy.NET  Fri Jan 26 11:16:32 2007
From: carton at Ivy.NET (Miles Nordin)
Date: Fri, 26 Jan 2007 11:16:32 -0500
Subject: [nycbug-talk] HFS+ in FreeBSD
In-Reply-To: <0707549B-12AC-4C49-915B-A17297D7A5EE@donnerjack.com> (David
	Lawson's message of "Thu, 25 Jan 2007 23:40:52 -0500")
References: <Pine.OSX.4.64.0701252331001.472@white.nat.fasttrackmonkey.com>
	<0707549B-12AC-4C49-915B-A17297D7A5EE@donnerjack.com>
Message-ID: <oqr6thu5jz.fsf@castrovalva.Ivy.NET>

>>>>> "dl" == David Lawson <dave at donnerjack.com> writes:

    dl> USB/FW drive with a SATA connector.

don't get cases based on the Prolific PL-3705

 http://web.ivy.net/~carton/oneNightOfWork/20061022-carton.html 
 (scroll down to 'update: 2006-11-04')

The chip has at least two bugs.  The first causes more than one case
on the same bus to not work.  The second causes the case to crash
randomly and need to be power cycled.  You'll see the bugs reported
all over the Interweb, usually by Windows ExPee users who suffered
massive filesystem corruption from repeated case crashes.  The bugs do
exist in the latest firmware.  Many USB+FW cases are based on this
chip, including the USB+FW->SATA 'Coolmax CD-311' case I got on
NewEgg.

If you want Firewire to SATA to work, you will need to get a
SATA-to-PATA board (search for 'JMicron JM20330' and you will find a
bunch in Yahoo! stores for $15).  The same chip can convert PATA
drives to SATA, or convert SATA drives to PATA, depending on how it's
wired onto the product's circuit board.  The chips are dual-direction,
not the finished products.  Then get the usual Oxford 911
PATA-to-Firewire bridge.  This is still hands-down the best and most
stable protocol converter.  They kept the same model number that got
them a good reputation like eight years ago, but of course the chip
itself is much changed.  Any chip but this one is slow or
untrustworthy.

Firewire cases are fine for this debugging/temporary stuff but are not
a good way to build arrays because 'smartctl' commands won't pass
through the bridge, among other things.  (do you trust it to implement
write barriers properly?)  My latest attempt is using Linux's IET
(iSCSI Enterprise Target).  There is also an iSCSI target in NetBSD,
but I need Via ACE crypto-acceleration support for the crypt-o-disk.
NetBSD-current has Via ACE support, and also good crypto-disk support
(real block device backing, not files like OpenBSD), but one feature
does not work together with the other, so stfu don't tell me YOU
SHOULD BE USING BSD!  kthx, I wish I could.  so...i'll let you know
when I run into more catastropies with iSCSI.  so far so good.

doesn't the hfsutils userland package support HFS+?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20070126/130d39e1/attachment.bin>

From runfreebsd at yahoo.com  Sat Jan 27 03:09:07 2007
From: runfreebsd at yahoo.com (Bill)
Date: Sat, 27 Jan 2007 00:09:07 -0800 (PST)
Subject: [nycbug-talk] 6.2 -- Linksys wusb11 wireless supported?
Message-ID: <182102.377.qm@web37507.mail.mud.yahoo.com>

Hello Family,

I have FreeBSD-6.2 installed and I'm having no luck finding any support
docs nor any posts of successful usage with the (usb)Linksys WUSB11
wireless adapter.  Does anyone have this wireless device working?  If
so, is there any docs on it?

Thanks for any help in the area.


 
____________________________________________________________________________________
Finding fabulous fares is fun.  
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.
http://farechase.yahoo.com/promo-generic-14795097


From tismith at suffolk.lib.ny.us  Sat Jan 27 13:51:27 2007
From: tismith at suffolk.lib.ny.us (Smith)
Date: Sat, 27 Jan 2007 13:51:27 -0500 (EST)
Subject: [nycbug-talk] im client
In-Reply-To: <mailman.7.1169917205.8133.talk@lists.nycbug.org>
Message-ID: <Pine.SOL.3.95.1070127135022.26299A-100000@bookworm>


Can anyone suggest a lightweight, console im client?



From okan at demirmen.com  Sat Jan 27 13:58:14 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Sat, 27 Jan 2007 13:58:14 -0500
Subject: [nycbug-talk] im client
In-Reply-To: <Pine.SOL.3.95.1070127135022.26299A-100000@bookworm>
References: <mailman.7.1169917205.8133.talk@lists.nycbug.org>
	<Pine.SOL.3.95.1070127135022.26299A-100000@bookworm>
Message-ID: <20070127185814.GD29366@clam.khaoz.org>

On Sat 2007.01.27 at 13:51 -0500, Smith wrote:
> 
> Can anyone suggest a lightweight, console im client?

bitlbee or pork


From chris at chrisclymer.com  Sat Jan 27 14:03:41 2007
From: chris at chrisclymer.com (Chris Clymer)
Date: Sat, 27 Jan 2007 14:03:41 -0500
Subject: [nycbug-talk] im client
In-Reply-To: <Pine.SOL.3.95.1070127135022.26299A-100000@bookworm>
References: <Pine.SOL.3.95.1070127135022.26299A-100000@bookworm>
Message-ID: <43520972-B247-4F6E-A940-1A39B4AA2299@chrisclymer.com>

I've always been partial to the interface in naim.  Should be in  
freebsd ports, and i think pkgsrc.  On openbsd, you've got to roll  
your own.

On Jan 27, 2007, at 1:51 PM, Smith wrote:

>
> Can anyone suggest a lightweight, console im client?
>
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month



From jca at sdf.lonestar.org  Sat Jan 27 14:16:52 2007
From: jca at sdf.lonestar.org (Jonathan C. Allen)
Date: Sat, 27 Jan 2007 14:16:52 -0500
Subject: [nycbug-talk] im client
In-Reply-To: <Pine.SOL.3.95.1070127135022.26299A-100000@bookworm>
References: <mailman.7.1169917205.8133.talk@lists.nycbug.org>
	<Pine.SOL.3.95.1070127135022.26299A-100000@bookworm>
Message-ID: <20070127191652.GA28534@SDF.LONESTAR.ORG>

On Sat, Jan 27, 2007 at 01:51:27PM -0500, Smith wrote:
> 
> Can anyone suggest a lightweight, console im client?

bsflite (AIM only) or naim (AIM, ICQ, et al).

http://bsflite.sourceforge.net/
http://naim.n.ml.org/about

jca


From g at bin-arts.com  Sat Jan 27 17:27:28 2007
From: g at bin-arts.com (Gordon Smith)
Date: Sat, 27 Jan 2007 17:27:28 -0500
Subject: [nycbug-talk] 6.2 -- Linksys wusb11 wireless supported?
In-Reply-To: <182102.377.qm@web37507.mail.mud.yahoo.com>
Message-ID: <066c01c74262$561e6810$650fa8c0@ws1>

In a manner of speaking, yes, there *is* documentation on the installation
of an appropriate driver for your wireless NIC.  "The NDISulator" is
documented here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-set
up.html#CONFIG-NETWORK-NDIS

Talk about clever approaches to problem solving.  

I used "the NDISulator" to install a Linksys 802.11G card and NDIS driver in
a cruddy old laptop running FreeBSD 5.4 ~ a year and a half ago.  It worked
beautifully.

Gordon Smith

-----Original Message-----
From: talk-bounces at lists.nycbug.org [mailto:talk-bounces at lists.nycbug.org]
On Behalf Of Bill
Sent: Saturday, January 27, 2007 3:09 AM
To: FreeBSD
Subject: [nycbug-talk] 6.2 -- Linksys wusb11 wireless supported?

Hello Family,

I have FreeBSD-6.2 installed and I'm having no luck finding any support
docs nor any posts of successful usage with the (usb)Linksys WUSB11
wireless adapter.  Does anyone have this wireless device working?  If
so, is there any docs on it?

Thanks for any help in the area.


 
____________________________________________________________________________
________
Finding fabulous fares is fun.  
Let Yahoo! FareChase search your favorite travel sites to find flight and
hotel bargains.
http://farechase.yahoo.com/promo-generic-14795097
_______________________________________________
% NYC*BUG talk mailing list
http://lists.nycbug.org/mailman/listinfo/talk
%Be sure to check out our Jobs and NYCBUG-announce lists
%We meet the first Wednesday of the month



From g at bin-arts.com  Sat Jan 27 17:34:39 2007
From: g at bin-arts.com (Gordon Smith)
Date: Sat, 27 Jan 2007 17:34:39 -0500
Subject: [nycbug-talk] 6.2 -- Linksys wusb11 wireless supported?
Message-ID: <066d01c74263$54d83700$650fa8c0@ws1>

Sorry Bill - I just scanned the doc again and I see that it (still) says
that USB devices are not yet supported by NDISulator - I thought they were
at this point.  :-(  Perhaps that has changed w/o the documentation being
updated...

If you could trade in that nic for, say, a PCI, CardBus or PCMCIA card,
you'd probably be able to make it work.  Got any buddies who might be
interested in a hardware trade?

Gordon Smith

-----Original Message-----
From: Gordon Smith [mailto:g at bin-arts.com] 
Sent: Saturday, January 27, 2007 5:27 PM
To: 'Bill'; 'FreeBSD'
Subject: RE: [nycbug-talk] 6.2 -- Linksys wusb11 wireless supported?

In a manner of speaking, yes, there *is* documentation on the installation
of an appropriate driver for your wireless NIC.  "The NDISulator" is
documented here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-set
up.html#CONFIG-NETWORK-NDIS

Talk about clever approaches to problem solving.  

I used "the NDISulator" to install a Linksys 802.11G card and NDIS driver in
a cruddy old laptop running FreeBSD 5.4 ~ a year and a half ago.  It worked
beautifully.

Gordon Smith

-----Original Message-----
From: talk-bounces at lists.nycbug.org [mailto:talk-bounces at lists.nycbug.org]
On Behalf Of Bill
Sent: Saturday, January 27, 2007 3:09 AM
To: FreeBSD
Subject: [nycbug-talk] 6.2 -- Linksys wusb11 wireless supported?

Hello Family,

I have FreeBSD-6.2 installed and I'm having no luck finding any support
docs nor any posts of successful usage with the (usb)Linksys WUSB11
wireless adapter.  Does anyone have this wireless device working?  If
so, is there any docs on it?

Thanks for any help in the area.


 
____________________________________________________________________________
________
Finding fabulous fares is fun.  
Let Yahoo! FareChase search your favorite travel sites to find flight and
hotel bargains.
http://farechase.yahoo.com/promo-generic-14795097
_______________________________________________
% NYC*BUG talk mailing list
http://lists.nycbug.org/mailman/listinfo/talk
%Be sure to check out our Jobs and NYCBUG-announce lists
%We meet the first Wednesday of the month



From tux at penguinnetwerx.net  Sun Jan 28 22:36:58 2007
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Sun, 28 Jan 2007 22:36:58 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
Message-ID: <45BD6BDA.5040600@penguinnetwerx.net>

All,

I've been trying to figure this out for a few hours now, and I can't 
quite get it working, and I *know* someone in here knows how to do this...

I'm trying to force all traffic to an Apache server (on my laptop) to 
use SSL.  The laptop is on a dynamic IP with no static domain, so I 
can't force http://machine.domain.tld to https://machine.domain.tld, and 
since the IP changes depending on where I am, I can't use that for a 
rewrite, either.

Do any of you Apache gurus know of a way to do this using an .htaccess 
file or via a simple edit to httpd.conf?  I've been checking Google for 
awhile, but everything I've come across doesn't quite do the trick.

TIA
Kev


From jonathan at kc8onw.net  Sun Jan 28 22:49:32 2007
From: jonathan at kc8onw.net (Jonathan Stewart)
Date: Sun, 28 Jan 2007 22:49:32 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BD6BDA.5040600@penguinnetwerx.net>
References: <45BD6BDA.5040600@penguinnetwerx.net>
Message-ID: <45BD6ECC.2040704@kc8onw.net>

Kevin Reiter wrote:
> All,
> 
> I've been trying to figure this out for a few hours now, and I can't 
> quite get it working, and I *know* someone in here knows how to do this...
> 
> I'm trying to force all traffic to an Apache server (on my laptop) to 
> use SSL.  The laptop is on a dynamic IP with no static domain, so I 
> can't force http://machine.domain.tld to https://machine.domain.tld, and 
> since the IP changes depending on where I am, I can't use that for a 
> rewrite, either.
> 
> Do any of you Apache gurus know of a way to do this using an .htaccess 
> file or via a simple edit to httpd.conf?  I've been checking Google for 
> awhile, but everything I've come across doesn't quite do the trick.

Not exactly what your asking about but have you considered using a 
dynamic DNS service?  I use No-IP () and have been very happy with them. 
  They even manually setup IPv6 records for me even though they are not 
technically supported.  Although I am paying for a domain name and dns 
they provide free sub-domains as well.  If thats not an option I'll see 
what I can do about a rewrite rule for you.

Jonathan


From okan at demirmen.com  Sun Jan 28 22:54:17 2007
From: okan at demirmen.com (Okan Demirmen)
Date: Sun, 28 Jan 2007 22:54:17 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BD6BDA.5040600@penguinnetwerx.net>
References: <45BD6BDA.5040600@penguinnetwerx.net>
Message-ID: <20070129035417.GI29366@clam.khaoz.org>

On Sun 2007.01.28 at 22:36 -0500, Kevin Reiter wrote:
> All,
> 
> I've been trying to figure this out for a few hours now, and I can't 
> quite get it working, and I *know* someone in here knows how to do this...
> 
> I'm trying to force all traffic to an Apache server (on my laptop) to 
> use SSL.  The laptop is on a dynamic IP with no static domain, so I 
> can't force http://machine.domain.tld to https://machine.domain.tld, and 
> since the IP changes depending on where I am, I can't use that for a 
> rewrite, either.
> 
> Do any of you Apache gurus know of a way to do this using an .htaccess 
> file or via a simple edit to httpd.conf?  I've been checking Google for 
> awhile, but everything I've come across doesn't quite do the trick.

have you tried using %{SERVER_ADDR} ?


From jonathan at kc8onw.net  Sun Jan 28 22:58:33 2007
From: jonathan at kc8onw.net (Jonathan Stewart)
Date: Sun, 28 Jan 2007 22:58:33 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BD6ECC.2040704@kc8onw.net>
References: <45BD6BDA.5040600@penguinnetwerx.net> <45BD6ECC.2040704@kc8onw.net>
Message-ID: <45BD70E9.4090502@kc8onw.net>

Jonathan Stewart wrote:
[snip]
> Not exactly what your asking about but have you considered using a 
> dynamic DNS service?  I use No-IP () 

... and I forgot the link :P http://www.no-ip.com/


From tux at penguinnetwerx.net  Sun Jan 28 23:04:49 2007
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Sun, 28 Jan 2007 23:04:49 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BD6ECC.2040704@kc8onw.net>
References: <45BD6BDA.5040600@penguinnetwerx.net> <45BD6ECC.2040704@kc8onw.net>
Message-ID: <45BD7261.1020001@penguinnetwerx.net>

Jonathan Stewart wrote:
> Kevin Reiter wrote:
>> All,
>>
>> I've been trying to figure this out for a few hours now, and I can't 
>> quite get it working, and I *know* someone in here knows how to do 
>> this...
>>
>> I'm trying to force all traffic to an Apache server (on my laptop) to 
>> use SSL.  The laptop is on a dynamic IP with no static domain, so I 
>> can't force http://machine.domain.tld to https://machine.domain.tld, 
>> and since the IP changes depending on where I am, I can't use that for 
>> a rewrite, either.
>>
>> Do any of you Apache gurus know of a way to do this using an .htaccess 
>> file or via a simple edit to httpd.conf?  I've been checking Google 
>> for awhile, but everything I've come across doesn't quite do the trick.
> 
> Not exactly what your asking about but have you considered using a 
> dynamic DNS service?  I use No-IP () and have been very happy with them. 
>  They even manually setup IPv6 records for me even though they are not 
> technically supported.  Although I am paying for a domain name and dns 
> they provide free sub-domains as well.  If thats not an option I'll see 
> what I can do about a rewrite rule for you.
> 
> Jonathan

This is for a traveling laptop that I use both at home and at client 
sites, and as a test machine at my new job, so I don't always have the 
same IP, which is how I typically access the server.

I should've mentioned that I know about zero when it comes to writing 
rewrite rules (this would be a first).

In this case, a dynamic DNS service would do nothing for me (I've had a 
paid account with FreeDNS[1] for years now.)

Basically, I'm looking to force the use of SSL on my webserver 
(apache+mod_ssl-1.3.37+2.8.28) when the IP and domain are always changing.

I recall seeing something about {SERVER_ADDR} as a variable, which would 
be exactly what I'm looking for, but I don't have a clue outside of that 
what to write in the .htaccess file.


From tux at penguinnetwerx.net  Sun Jan 28 23:09:11 2007
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Sun, 28 Jan 2007 23:09:11 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BD7261.1020001@penguinnetwerx.net>
References: <45BD6BDA.5040600@penguinnetwerx.net> <45BD6ECC.2040704@kc8onw.net>
	<45BD7261.1020001@penguinnetwerx.net>
Message-ID: <45BD7367.5020404@penguinnetwerx.net>

Kevin Reiter wrote:
> Jonathan Stewart wrote:
>> Kevin Reiter wrote:
>>> All,
>>>
>>> I've been trying to figure this out for a few hours now, and I can't 
>>> quite get it working, and I *know* someone in here knows how to do 
>>> this...
>>>
>>> I'm trying to force all traffic to an Apache server (on my laptop) to 
>>> use SSL.  The laptop is on a dynamic IP with no static domain, so I 
>>> can't force http://machine.domain.tld to https://machine.domain.tld, 
>>> and since the IP changes depending on where I am, I can't use that 
>>> for a rewrite, either.
>>>
>>> Do any of you Apache gurus know of a way to do this using an 
>>> .htaccess file or via a simple edit to httpd.conf?  I've been 
>>> checking Google for awhile, but everything I've come across doesn't 
>>> quite do the trick.
>>
>> Not exactly what your asking about but have you considered using a 
>> dynamic DNS service?  I use No-IP () and have been very happy with 
>> them.  They even manually setup IPv6 records for me even though they 
>> are not technically supported.  Although I am paying for a domain name 
>> and dns they provide free sub-domains as well.  If thats not an option 
>> I'll see what I can do about a rewrite rule for you.
>>
>> Jonathan
> 
> This is for a traveling laptop that I use both at home and at client 
> sites, and as a test machine at my new job, so I don't always have the 
> same IP, which is how I typically access the server.
> 
> I should've mentioned that I know about zero when it comes to writing 
> rewrite rules (this would be a first).
> 
> In this case, a dynamic DNS service would do nothing for me (I've had a 
> paid account with FreeDNS[1] for years now.)
> 
> Basically, I'm looking to force the use of SSL on my webserver 
> (apache+mod_ssl-1.3.37+2.8.28) when the IP and domain are always changing.
> 
> I recall seeing something about {SERVER_ADDR} as a variable, which would 
> be exactly what I'm looking for, but I don't have a clue outside of that 
> what to write in the .htaccess file.
> 

Helps when I include the link..

[1] http://freedns.afraid.org/


From dave at donnerjack.com  Sun Jan 28 23:21:36 2007
From: dave at donnerjack.com (David Lawson)
Date: Sun, 28 Jan 2007 23:21:36 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BD6BDA.5040600@penguinnetwerx.net>
References: <45BD6BDA.5040600@penguinnetwerx.net>
Message-ID: <1CD040F6-7F41-4BBE-8EEC-B2348D6AA84D@donnerjack.com>

All you want is to force all traffic through SSL?  This will do it:

<Insert generic SSL stuff here>

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(.*)$
RewriteRule ^(/?.*) https://%1 [R=301]
</VirtualHost>

That'll force a 301 redirect to https.  You can refine it if need be,  
but it'll do basically what you want I think.

--Dave
On Jan 28, 2007, at 10:36 PM, Kevin Reiter wrote:

> All,
>
> I've been trying to figure this out for a few hours now, and I can't
> quite get it working, and I *know* someone in here knows how to do  
> this...
>
> I'm trying to force all traffic to an Apache server (on my laptop) to
> use SSL.  The laptop is on a dynamic IP with no static domain, so I
> can't force http://machine.domain.tld to https:// 
> machine.domain.tld, and
> since the IP changes depending on where I am, I can't use that for a
> rewrite, either.
>
> Do any of you Apache gurus know of a way to do this using an .htaccess
> file or via a simple edit to httpd.conf?  I've been checking Google  
> for
> awhile, but everything I've come across doesn't quite do the trick.
>
> TIA
> Kev
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>



From rambiusparkisanius at gmail.com  Mon Jan 29 00:29:54 2007
From: rambiusparkisanius at gmail.com (Ivan "Rambius" Ivanov)
Date: Mon, 29 Jan 2007 07:29:54 +0200
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BD6BDA.5040600@penguinnetwerx.net>
References: <45BD6BDA.5040600@penguinnetwerx.net>
Message-ID: <89ce7f740701282129o2e52cbebja9bfb82d59e8eae4@mail.gmail.com>

Hello,

On 1/29/07, Kevin Reiter <tux at penguinnetwerx.net> wrote:
> All,
>
> I've been trying to figure this out for a few hours now, and I can't
> quite get it working, and I *know* someone in here knows how to do this...
>
> I'm trying to force all traffic to an Apache server (on my laptop) to
> use SSL.
I did the same, but only for certain

> The laptop is on a dynamic IP with no static domain, so I
> can't force http://machine.domain.tld to https://machine.domain.tld, and
> since the IP changes depending on where I am, I can't use that for a
> rewrite, either.
>
> Do any of you Apache gurus know of a way to do this using an .htaccess
> file or via a simple edit to httpd.conf?  I've been checking Google for
> awhile, but everything I've come across doesn't quite do the trick.

I use the following directives to always redirect http trafiic to a
given URL to https traffic:

RewriteEngine on
RewriteLog logs/rewrite_log
RewriteLogLevel 9
RewriteCond %{HTTPS} !=on
RewriteRule "^(/svn/.*)" "https://%{HTTP_HOST}$1" [R,L]

I believe if you tweak the regular expression in RewriteRule, you can
forward the evry URL to https.

Regards
Ivan

-- 
Tangra Mega Rock: http://www.radiotangra.com


From tux at penguinnetwerx.net  Mon Jan 29 00:36:33 2007
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Mon, 29 Jan 2007 00:36:33 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BD7367.5020404@penguinnetwerx.net>
References: <45BD6BDA.5040600@penguinnetwerx.net>
	<45BD6ECC.2040704@kc8onw.net>	<45BD7261.1020001@penguinnetwerx.net>
	<45BD7367.5020404@penguinnetwerx.net>
Message-ID: <45BD87E1.203@penguinnetwerx.net>

Kevin Reiter wrote:
> Kevin Reiter wrote:
>> Jonathan Stewart wrote:
>>> Kevin Reiter wrote:
>>>> All,
>>>>
>>>> I've been trying to figure this out for a few hours now, and I can't 
>>>> quite get it working, and I *know* someone in here knows how to do 
>>>> this...
>>>>
>>>> I'm trying to force all traffic to an Apache server (on my laptop) to 
>>>> use SSL.  The laptop is on a dynamic IP with no static domain, so I 
>>>> can't force http://machine.domain.tld to https://machine.domain.tld, 
>>>> and since the IP changes depending on where I am, I can't use that 
>>>> for a rewrite, either.
>>>>
>>>> Do any of you Apache gurus know of a way to do this using an 
>>>> .htaccess file or via a simple edit to httpd.conf?  I've been 
>>>> checking Google for awhile, but everything I've come across doesn't 
>>>> quite do the trick.
>>> Not exactly what your asking about but have you considered using a 
>>> dynamic DNS service?  I use No-IP () and have been very happy with 
>>> them.  They even manually setup IPv6 records for me even though they 
>>> are not technically supported.  Although I am paying for a domain name 
>>> and dns they provide free sub-domains as well.  If thats not an option 
>>> I'll see what I can do about a rewrite rule for you.
>>>
>>> Jonathan
>> This is for a traveling laptop that I use both at home and at client 
>> sites, and as a test machine at my new job, so I don't always have the 
>> same IP, which is how I typically access the server.
>>
>> I should've mentioned that I know about zero when it comes to writing 
>> rewrite rules (this would be a first).
>>
>> In this case, a dynamic DNS service would do nothing for me (I've had a 
>> paid account with FreeDNS[1] for years now.)
>>
>> Basically, I'm looking to force the use of SSL on my webserver 
>> (apache+mod_ssl-1.3.37+2.8.28) when the IP and domain are always changing.
>>
>> I recall seeing something about {SERVER_ADDR} as a variable, which would 
>> be exactly what I'm looking for, but I don't have a clue outside of that 
>> what to write in the .htaccess file.
>>
> 
> Helps when I include the link..
> 
> [1] http://freedns.afraid.org/

Almost...

Here's what I have for my root .htaccess file:

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R]

..and this is what I see in the error log after receiving a 500:
[Mon Jan 29 00:34:18 2007] [alert] [client 10.0.25.20] 
/usr/local/www/data/.htaccess: RewriteEngine not allowed here

Any ideas?



From dave at donnerjack.com  Mon Jan 29 00:47:34 2007
From: dave at donnerjack.com (David Lawson)
Date: Mon, 29 Jan 2007 00:47:34 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BD87E1.203@penguinnetwerx.net>
References: <45BD6BDA.5040600@penguinnetwerx.net>
	<45BD6ECC.2040704@kc8onw.net>	<45BD7261.1020001@penguinnetwerx.net>
	<45BD7367.5020404@penguinnetwerx.net>
	<45BD87E1.203@penguinnetwerx.net>
Message-ID: <3ACED581-3C31-4722-8515-671DE11BB245@donnerjack.com>


On Jan 29, 2007, at 12:36 AM, Kevin Reiter wrote:

> Kevin Reiter wrote:
>> Kevin Reiter wrote:
>>> Jonathan Stewart wrote:
>>>> Kevin Reiter wrote:
>>>>> All,
>>>>>
>>>>> I've been trying to figure this out for a few hours now, and I  
>>>>> can't
>>>>> quite get it working, and I *know* someone in here knows how to do
>>>>> this...
>>>>>
>>>>> I'm trying to force all traffic to an Apache server (on my  
>>>>> laptop) to
>>>>> use SSL.  The laptop is on a dynamic IP with no static domain,  
>>>>> so I
>>>>> can't force http://machine.domain.tld to https:// 
>>>>> machine.domain.tld,
>>>>> and since the IP changes depending on where I am, I can't use that
>>>>> for a rewrite, either.
>>>>>
>>>>> Do any of you Apache gurus know of a way to do this using an
>>>>> .htaccess file or via a simple edit to httpd.conf?  I've been
>>>>> checking Google for awhile, but everything I've come across  
>>>>> doesn't
>>>>> quite do the trick.
>>>> Not exactly what your asking about but have you considered using a
>>>> dynamic DNS service?  I use No-IP () and have been very happy with
>>>> them.  They even manually setup IPv6 records for me even though  
>>>> they
>>>> are not technically supported.  Although I am paying for a  
>>>> domain name
>>>> and dns they provide free sub-domains as well.  If thats not an  
>>>> option
>>>> I'll see what I can do about a rewrite rule for you.
>>>>
>>>> Jonathan
>>> This is for a traveling laptop that I use both at home and at client
>>> sites, and as a test machine at my new job, so I don't always  
>>> have the
>>> same IP, which is how I typically access the server.
>>>
>>> I should've mentioned that I know about zero when it comes to  
>>> writing
>>> rewrite rules (this would be a first).
>>>
>>> In this case, a dynamic DNS service would do nothing for me (I've  
>>> had a
>>> paid account with FreeDNS[1] for years now.)
>>>
>>> Basically, I'm looking to force the use of SSL on my webserver
>>> (apache+mod_ssl-1.3.37+2.8.28) when the IP and domain are always  
>>> changing.
>>>
>>> I recall seeing something about {SERVER_ADDR} as a variable,  
>>> which would
>>> be exactly what I'm looking for, but I don't have a clue outside  
>>> of that
>>> what to write in the .htaccess file.
>>>
>>
>> Helps when I include the link..
>>
>> [1] http://freedns.afraid.org/
>
> Almost...
>
> Here's what I have for my root .htaccess file:
>
> Options +FollowSymlinks
> RewriteEngine On
> RewriteCond %{SERVER_PORT} !443
> RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R]
>
> ..and this is what I see in the error log after receiving a 500:
> [Mon Jan 29 00:34:18 2007] [alert] [client 10.0.25.20]
> /usr/local/www/data/.htaccess: RewriteEngine not allowed here
>
> Any ideas?

I'm pretty sure you need to flip a switch somewhere in the httpd.conf  
to allow rewrites in .htaccess files.  Frankly, since it looks like  
that file is in your DocumentRoot anyway, I'd just throw that into a  
default VirtualHost in your main httpd.conf (or, better yet, in a  
file in conf.d).

--Dave



From dan at langille.org  Mon Jan 29 07:23:14 2007
From: dan at langille.org (Dan Langille)
Date: Mon, 29 Jan 2007 07:23:14 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BD7367.5020404@penguinnetwerx.net>
References: <45BD6BDA.5040600@penguinnetwerx.net>,
	<45BD7261.1020001@penguinnetwerx.net>,
	<45BD7367.5020404@penguinnetwerx.net>
Message-ID: <45BDA0E2.27286.1B50A43@dan.langille.org>

On 28 Jan 2007 at 23:09, Kevin Reiter wrote:

> Kevin Reiter wrote:
> > Jonathan Stewart wrote:
> >> Kevin Reiter wrote:
> >>> All,
> >>>
> >>> I've been trying to figure this out for a few hours now, and I can't 
> >>> quite get it working, and I *know* someone in here knows how to do 
> >>> this...
> >>>
> >>> I'm trying to force all traffic to an Apache server (on my laptop) to 
> >>> use SSL.  The laptop is on a dynamic IP with no static domain, so I 
> >>> can't force http://machine.domain.tld to https://machine.domain.tld, 
> >>> and since the IP changes depending on where I am, I can't use that 
> >>> for a rewrite, either.
> >>>
> >>> Do any of you Apache gurus know of a way to do this using an 
> >>> .htaccess file or via a simple edit to httpd.conf?  I've been 
> >>> checking Google for awhile, but everything I've come across doesn't 
> >>> quite do the trick.
> >>
> >> Not exactly what your asking about but have you considered using a 
> >> dynamic DNS service?  I use No-IP () and have been very happy with 
> >> them.  They even manually setup IPv6 records for me even though they 
> >> are not technically supported.  Although I am paying for a domain name 
> >> and dns they provide free sub-domains as well.  If thats not an option 
> >> I'll see what I can do about a rewrite rule for you.
> >>
> >> Jonathan
> > 
> > This is for a traveling laptop that I use both at home and at client 
> > sites, and as a test machine at my new job, so I don't always have the 
> > same IP, which is how I typically access the server.
> > 
> > I should've mentioned that I know about zero when it comes to writing 
> > rewrite rules (this would be a first).
> > 
> > In this case, a dynamic DNS service would do nothing for me (I've had a 
> > paid account with FreeDNS[1] for years now.)
> > 
> > Basically, I'm looking to force the use of SSL on my webserver 
> > (apache+mod_ssl-1.3.37+2.8.28) when the IP and domain are always changing.
> > 
> > I recall seeing something about {SERVER_ADDR} as a variable, which would 
> > be exactly what I'm looking for, but I don't have a clue outside of that 
> > what to write in the .htaccess file.
> > 
> 
> Helps when I include the link..
> 
> [1] http://freedns.afraid.org/

Does this help?  This is how I redirect http://papers.bsdcan.org to 
https://papers.bsdcan.org


<VirtualHost 216.168.29.7>
    ServerAdmin dan at langille.org
    ServerName  papers.bsdcan.org

    Redirect    permanent / https://papers.bsdcan.org/
</VirtualHost>

I use similar methods to redirect http://freshports.org to 
http://www.freshports.org/

hth

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php
PGCon - The PostgreSQL Conference - http://www.pgcon.org/




From tux at penguinnetwerx.net  Tue Jan 30 01:02:19 2007
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Tue, 30 Jan 2007 01:02:19 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BDA0E2.27286.1B50A43@dan.langille.org>
References: <45BD6BDA.5040600@penguinnetwerx.net>,
	<45BD7261.1020001@penguinnetwerx.net>,
	<45BD7367.5020404@penguinnetwerx.net>
	<45BDA0E2.27286.1B50A43@dan.langille.org>
Message-ID: <45BEDF6B.8070405@penguinnetwerx.net>

Dan Langille wrote:
> On 28 Jan 2007 at 23:09, Kevin Reiter wrote:
> 
>> Kevin Reiter wrote:
>>> Jonathan Stewart wrote:
>>>> Kevin Reiter wrote:
>>>>> All,
>>>>>
>>>>> I've been trying to figure this out for a few hours now, and I can't 
>>>>> quite get it working, and I *know* someone in here knows how to do 
>>>>> this...
>>>>>
>>>>> I'm trying to force all traffic to an Apache server (on my laptop) to 
>>>>> use SSL.  The laptop is on a dynamic IP with no static domain, so I 
>>>>> can't force http://machine.domain.tld to https://machine.domain.tld, 
>>>>> and since the IP changes depending on where I am, I can't use that 
>>>>> for a rewrite, either.
>>>>>
>>>>> Do any of you Apache gurus know of a way to do this using an 
>>>>> .htaccess file or via a simple edit to httpd.conf?  I've been 
>>>>> checking Google for awhile, but everything I've come across doesn't 
>>>>> quite do the trick.
>>>> Not exactly what your asking about but have you considered using a 
>>>> dynamic DNS service?  I use No-IP () and have been very happy with 
>>>> them.  They even manually setup IPv6 records for me even though they 
>>>> are not technically supported.  Although I am paying for a domain name 
>>>> and dns they provide free sub-domains as well.  If thats not an option 
>>>> I'll see what I can do about a rewrite rule for you.
>>>>
>>>> Jonathan
>>> This is for a traveling laptop that I use both at home and at client 
>>> sites, and as a test machine at my new job, so I don't always have the 
>>> same IP, which is how I typically access the server.
>>>
>>> I should've mentioned that I know about zero when it comes to writing 
>>> rewrite rules (this would be a first).
>>>
>>> In this case, a dynamic DNS service would do nothing for me (I've had a 
>>> paid account with FreeDNS[1] for years now.)
>>>
>>> Basically, I'm looking to force the use of SSL on my webserver 
>>> (apache+mod_ssl-1.3.37+2.8.28) when the IP and domain are always changing.
>>>
>>> I recall seeing something about {SERVER_ADDR} as a variable, which would 
>>> be exactly what I'm looking for, but I don't have a clue outside of that 
>>> what to write in the .htaccess file.
>>>
>> Helps when I include the link..
>>
>> [1] http://freedns.afraid.org/
> 
> Does this help?  This is how I redirect http://papers.bsdcan.org to 
> https://papers.bsdcan.org
> 
> 
> <VirtualHost 216.168.29.7>
>     ServerAdmin dan at langille.org
>     ServerName  papers.bsdcan.org
> 
>     Redirect    permanent / https://papers.bsdcan.org/
> </VirtualHost>
> 
> I use similar methods to redirect http://freshports.org to 
> http://www.freshports.org/
> 
> hth
> 

It would if I had a static IP, but since it changes multiple times a 
day, I don't think it'll fly for the laptop.  It will, however, be 
perfect for a few other machines I just setup at work - thanks, Dan!


From dan at langille.org  Tue Jan 30 07:33:31 2007
From: dan at langille.org (Dan Langille)
Date: Tue, 30 Jan 2007 07:33:31 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BEDF6B.8070405@penguinnetwerx.net>
References: <45BD6BDA.5040600@penguinnetwerx.net>,
	<45BDA0E2.27286.1B50A43@dan.langille.org>,
	<45BEDF6B.8070405@penguinnetwerx.net>
Message-ID: <45BEF4CB.11306.6E4C9B4@dan.langille.org>

On 30 Jan 2007 at 1:02, Kevin Reiter wrote:

> Dan Langille wrote:
> > On 28 Jan 2007 at 23:09, Kevin Reiter wrote:
> > 
> >> Kevin Reiter wrote:
> >>> Jonathan Stewart wrote:
> >>>> Kevin Reiter wrote:
> >>>>> All,
> >>>>>
> >>>>> I've been trying to figure this out for a few hours now, and I
> >>>>> can't quite get it working, and I *know* someone in here knows
> >>>>> how to do this...
> >>>>>
> >>>>> I'm trying to force all traffic to an Apache server (on my
> >>>>> laptop) to use SSL.  The laptop is on a dynamic IP with no
> >>>>> static domain, so I can't force http://machine.domain.tld to
> >>>>> https://machine.domain.tld, and since the IP changes depending
> >>>>> on where I am, I can't use that for a rewrite, either.
> >>>>>
> >>>>> Do any of you Apache gurus know of a way to do this using an
> >>>>> .htaccess file or via a simple edit to httpd.conf?  I've been
> >>>>> checking Google for awhile, but everything I've come across
> >>>>> doesn't quite do the trick.
> >>>> Not exactly what your asking about but have you considered using
> >>>> a dynamic DNS service?  I use No-IP () and have been very happy
> >>>> with them.  They even manually setup IPv6 records for me even
> >>>> though they are not technically supported.  Although I am paying
> >>>> for a domain name and dns they provide free sub-domains as well. 
> >>>> If thats not an option I'll see what I can do about a rewrite
> >>>> rule for you.
> >>>>
> >>>> Jonathan
> >>> This is for a traveling laptop that I use both at home and at
> >>> client sites, and as a test machine at my new job, so I don't
> >>> always have the same IP, which is how I typically access the
> >>> server.
> >>>
> >>> I should've mentioned that I know about zero when it comes to
> >>> writing rewrite rules (this would be a first).
> >>>
> >>> In this case, a dynamic DNS service would do nothing for me (I've
> >>> had a paid account with FreeDNS[1] for years now.)
> >>>
> >>> Basically, I'm looking to force the use of SSL on my webserver
> >>> (apache+mod_ssl-1.3.37+2.8.28) when the IP and domain are always
> >>> changing.
> >>>
> >>> I recall seeing something about {SERVER_ADDR} as a variable, which
> >>> would be exactly what I'm looking for, but I don't have a clue
> >>> outside of that what to write in the .htaccess file.
> >>>
> >> Helps when I include the link..
> >>
> >> [1] http://freedns.afraid.org/
> > 
> > Does this help?  This is how I redirect http://papers.bsdcan.org to
> > https://papers.bsdcan.org
> > 
> > 
> > <VirtualHost 216.168.29.7>
> >     ServerAdmin dan at langille.org
> >     ServerName  papers.bsdcan.org
> > 
> >     Redirect    permanent / https://papers.bsdcan.org/
> > </VirtualHost>
> > 
> > I use similar methods to redirect http://freshports.org to 
> > http://www.freshports.org/
> > 
> > hth
> > 
> 
> It would if I had a static IP, but since it changes multiple times a
> day, I don't think it'll fly for the laptop.  It will, however, be
> perfect for a few other machines I just setup at work - thanks, Dan!

Details... always with the details.

Use a dynamic dns service so that hostnames are updated when the IP 
address changes.  I use no-ip.com

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php
PGCon - The PostgreSQL Conference - http://www.pgcon.org/




From KReiter at insidefsi.net  Tue Jan 30 09:14:59 2007
From: KReiter at insidefsi.net (Kevin Reiter)
Date: Tue, 30 Jan 2007 09:14:59 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BEF4CB.11306.6E4C9B4@dan.langille.org>
Message-ID: <184B0715C3D74243B86F872B55C340E703598EEF@fsi32.fsidp.insidefsi.com>

-----Original Message-----
From: talk-bounces at lists.nycbug.org
[mailto:talk-bounces at lists.nycbug.org]On Behalf Of Dan Langille
Sent: Tuesday, January 30, 2007 7:34 AM
To: Kevin Reiter
Cc: talk at lists.nycbug.org
Subject: Re: [nycbug-talk] OT: Apache/mod_rewrite question


On 30 Jan 2007 at 1:02, Kevin Reiter wrote:

> Dan Langille wrote:
> > On 28 Jan 2007 at 23:09, Kevin Reiter wrote:
> > 
> >> Kevin Reiter wrote:
> >>> Jonathan Stewart wrote:
> >>>> Kevin Reiter wrote:
> >>>>> All,
> >>>>>
> >>>>> I've been trying to figure this out for a few hours now, and I
> >>>>> can't quite get it working, and I *know* someone in here knows
> >>>>> how to do this...
> >>>>>
> >>>>> I'm trying to force all traffic to an Apache server (on my
> >>>>> laptop) to use SSL.  The laptop is on a dynamic IP with no
> >>>>> static domain, so I can't force http://machine.domain.tld to
> >>>>> https://machine.domain.tld, and since the IP changes depending
> >>>>> on where I am, I can't use that for a rewrite, either.
> >>>>>
> >>>>> Do any of you Apache gurus know of a way to do this using an
> >>>>> .htaccess file or via a simple edit to httpd.conf?  I've been
> >>>>> checking Google for awhile, but everything I've come across
> >>>>> doesn't quite do the trick.
> >>>> Not exactly what your asking about but have you considered using
> >>>> a dynamic DNS service?  I use No-IP () and have been very happy
> >>>> with them.  They even manually setup IPv6 records for me even
> >>>> though they are not technically supported.  Although I am paying
> >>>> for a domain name and dns they provide free sub-domains as well. 
> >>>> If thats not an option I'll see what I can do about a rewrite
> >>>> rule for you.
> >>>>
> >>>> Jonathan
> >>> This is for a traveling laptop that I use both at home and at
> >>> client sites, and as a test machine at my new job, so I don't
> >>> always have the same IP, which is how I typically access the
> >>> server.
> >>>
> >>> I should've mentioned that I know about zero when it comes to
> >>> writing rewrite rules (this would be a first).
> >>>
> >>> In this case, a dynamic DNS service would do nothing for me (I've
> >>> had a paid account with FreeDNS[1] for years now.)
> >>>
> >>> Basically, I'm looking to force the use of SSL on my webserver
> >>> (apache+mod_ssl-1.3.37+2.8.28) when the IP and domain are always
> >>> changing.
> >>>
> >>> I recall seeing something about {SERVER_ADDR} as a variable, which
> >>> would be exactly what I'm looking for, but I don't have a clue
> >>> outside of that what to write in the .htaccess file.
> >>>
> >> Helps when I include the link..
> >>
> >> [1] http://freedns.afraid.org/
> > 
> > Does this help?  This is how I redirect http://papers.bsdcan.org to
> > https://papers.bsdcan.org
> > 
> > 
> > <VirtualHost 216.168.29.7>
> >     ServerAdmin dan at langille.org
> >     ServerName  papers.bsdcan.org
> > 
> >     Redirect    permanent / https://papers.bsdcan.org/
> > </VirtualHost>
> > 
> > I use similar methods to redirect http://freshports.org to 
> > http://www.freshports.org/
> > 
> > hth
> > 
> 
> It would if I had a static IP, but since it changes multiple times a
> day, I don't think it'll fly for the laptop.  It will, however, be
> perfect for a few other machines I just setup at work - thanks, Dan!

Details... always with the details.

Use a dynamic dns service so that hostnames are updated when the IP 
address changes.  I use no-ip.com

(I hate Outlook..)

As I stated before, I can't use a DNS service because I'm connected to client networks with an INSIDE IP, and it wouldn't do any good on a LAN to have such a service in use for this particular instance.

Thanks for the tip, though.  I'll be doing that here at work in a few minutes on my other servers.

Kev

This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed.  If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein.  Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.




From dan at langille.org  Tue Jan 30 10:21:18 2007
From: dan at langille.org (Dan Langille)
Date: Tue, 30 Jan 2007 10:21:18 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <184B0715C3D74243B86F872B55C340E703598EEF@fsi32.fsidp.insidefsi.com>
References: <45BEF4CB.11306.6E4C9B4@dan.langille.org>,
	<184B0715C3D74243B86F872B55C340E703598EEF@fsi32.fsidp.insidefsi.com>
Message-ID: <45BF1C1E.30406.77E632D@dan.langille.org>

On 30 Jan 2007 at 9:14, Kevin Reiter wrote:

> -----Original Message-----
> From: talk-bounces at lists.nycbug.org
> [mailto:talk-bounces at lists.nycbug.org]On Behalf Of Dan Langille
> Sent: Tuesday, January 30, 2007 7:34 AM
> To: Kevin Reiter
> Cc: talk at lists.nycbug.org
> Subject: Re: [nycbug-talk] OT: Apache/mod_rewrite question
> 
> 
> On 30 Jan 2007 at 1:02, Kevin Reiter wrote:
> 
> > Dan Langille wrote:
> > > On 28 Jan 2007 at 23:09, Kevin Reiter wrote:
> > > 
> > >> Kevin Reiter wrote:
> > >>> Jonathan Stewart wrote:
> > >>>> Kevin Reiter wrote:
> > >>>>> All,
> > >>>>>
> > >>>>> I've been trying to figure this out for a few hours now, and I
> > >>>>> can't quite get it working, and I *know* someone in here knows
> > >>>>> how to do this...
> > >>>>>
> > >>>>> I'm trying to force all traffic to an Apache server (on my
> > >>>>> laptop) to use SSL.  The laptop is on a dynamic IP with no
> > >>>>> static domain, so I can't force http://machine.domain.tld to
> > >>>>> https://machine.domain.tld, and since the IP changes depending
> > >>>>> on where I am, I can't use that for a rewrite, either.
> > >>>>>
> > >>>>> Do any of you Apache gurus know of a way to do this using an
> > >>>>> .htaccess file or via a simple edit to httpd.conf?  I've been
> > >>>>> checking Google for awhile, but everything I've come across
> > >>>>> doesn't quite do the trick.
> > >>>> Not exactly what your asking about but have you considered
> > >>>> using a dynamic DNS service?  I use No-IP () and have been very
> > >>>> happy with them.  They even manually setup IPv6 records for me
> > >>>> even though they are not technically supported.  Although I am
> > >>>> paying for a domain name and dns they provide free sub-domains
> > >>>> as well. If thats not an option I'll see what I can do about a
> > >>>> rewrite rule for you.
> > >>>>
> > >>>> Jonathan
> > >>> This is for a traveling laptop that I use both at home and at
> > >>> client sites, and as a test machine at my new job, so I don't
> > >>> always have the same IP, which is how I typically access the
> > >>> server.
> > >>>
> > >>> I should've mentioned that I know about zero when it comes to
> > >>> writing rewrite rules (this would be a first).
> > >>>
> > >>> In this case, a dynamic DNS service would do nothing for me
> > >>> (I've had a paid account with FreeDNS[1] for years now.)
> > >>>
> > >>> Basically, I'm looking to force the use of SSL on my webserver
> > >>> (apache+mod_ssl-1.3.37+2.8.28) when the IP and domain are always
> > >>> changing.
> > >>>
> > >>> I recall seeing something about {SERVER_ADDR} as a variable,
> > >>> which would be exactly what I'm looking for, but I don't have a
> > >>> clue outside of that what to write in the .htaccess file.
> > >>>
> > >> Helps when I include the link..
> > >>
> > >> [1] http://freedns.afraid.org/
> > > 
> > > Does this help?  This is how I redirect http://papers.bsdcan.org
> > > to https://papers.bsdcan.org
> > > 
> > > 
> > > <VirtualHost 216.168.29.7>
> > >     ServerAdmin dan at langille.org
> > >     ServerName  papers.bsdcan.org
> > > 
> > >     Redirect    permanent / https://papers.bsdcan.org/
> > > </VirtualHost>
> > > 
> > > I use similar methods to redirect http://freshports.org to 
> > > http://www.freshports.org/
> > > 
> > > hth
> > > 
> > 
> > It would if I had a static IP, but since it changes multiple times a
> > day, I don't think it'll fly for the laptop.  It will, however, be
> > perfect for a few other machines I just setup at work - thanks, Dan!
> 
> Details... always with the details.
> 
> Use a dynamic dns service so that hostnames are updated when the IP
> address changes.  I use no-ip.com
> 
> (I hate Outlook..)
> 
> As I stated before, I can't use a DNS service because I'm connected to
> client networks with an INSIDE IP, and it wouldn't do any good on a
> LAN to have such a service in use for this particular instance.
> 
> Thanks for the tip, though.  I'll be doing that here at work in a few
> minutes on my other servers.

So... who will be accessing this website?  I think I asked this 
before.  Just you?  Others?

If just you, just localhost, 127.0.0.1.

Of others, you're back to the DNS problem again...

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php
PGCon - The PostgreSQL Conference - http://www.pgcon.org/




From tux at penguinnetwerx.net  Tue Jan 30 22:35:00 2007
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Tue, 30 Jan 2007 22:35:00 -0500
Subject: [nycbug-talk] OT: Apache/mod_rewrite question
In-Reply-To: <45BF1C1E.30406.77E632D@dan.langille.org>
References: <45BEF4CB.11306.6E4C9B4@dan.langille.org>,
	<184B0715C3D74243B86F872B55C340E703598EEF@fsi32.fsidp.insidefsi.com>
	<45BF1C1E.30406.77E632D@dan.langille.org>
Message-ID: <45C00E64.2050201@penguinnetwerx.net>

Dan Langille wrote:
> On 30 Jan 2007 at 9:14, Kevin Reiter wrote:
> 
>> -----Original Message-----
>> From: talk-bounces at lists.nycbug.org
>> [mailto:talk-bounces at lists.nycbug.org]On Behalf Of Dan Langille
>> Sent: Tuesday, January 30, 2007 7:34 AM
>> To: Kevin Reiter
>> Cc: talk at lists.nycbug.org
>> Subject: Re: [nycbug-talk] OT: Apache/mod_rewrite question
>>
>>
>> On 30 Jan 2007 at 1:02, Kevin Reiter wrote:
>>
>>> Dan Langille wrote:
>>>> On 28 Jan 2007 at 23:09, Kevin Reiter wrote:
>>>>
>>>>> Kevin Reiter wrote:
>>>>>> Jonathan Stewart wrote:
>>>>>>> Kevin Reiter wrote:
>>>>>>>> All,
>>>>>>>>
>>>>>>>> I've been trying to figure this out for a few hours now, and I
>>>>>>>> can't quite get it working, and I *know* someone in here knows
>>>>>>>> how to do this...
>>>>>>>>
>>>>>>>> I'm trying to force all traffic to an Apache server (on my
>>>>>>>> laptop) to use SSL.  The laptop is on a dynamic IP with no
>>>>>>>> static domain, so I can't force http://machine.domain.tld to
>>>>>>>> https://machine.domain.tld, and since the IP changes depending
>>>>>>>> on where I am, I can't use that for a rewrite, either.
>>>>>>>>
>>>>>>>> Do any of you Apache gurus know of a way to do this using an
>>>>>>>> .htaccess file or via a simple edit to httpd.conf?  I've been
>>>>>>>> checking Google for awhile, but everything I've come across
>>>>>>>> doesn't quite do the trick.
>>>>>>> Not exactly what your asking about but have you considered
>>>>>>> using a dynamic DNS service?  I use No-IP () and have been very
>>>>>>> happy with them.  They even manually setup IPv6 records for me
>>>>>>> even though they are not technically supported.  Although I am
>>>>>>> paying for a domain name and dns they provide free sub-domains
>>>>>>> as well. If thats not an option I'll see what I can do about a
>>>>>>> rewrite rule for you.
>>>>>>>
>>>>>>> Jonathan
>>>>>> This is for a traveling laptop that I use both at home and at
>>>>>> client sites, and as a test machine at my new job, so I don't
>>>>>> always have the same IP, which is how I typically access the
>>>>>> server.
>>>>>>
>>>>>> I should've mentioned that I know about zero when it comes to
>>>>>> writing rewrite rules (this would be a first).
>>>>>>
>>>>>> In this case, a dynamic DNS service would do nothing for me
>>>>>> (I've had a paid account with FreeDNS[1] for years now.)
>>>>>>
>>>>>> Basically, I'm looking to force the use of SSL on my webserver
>>>>>> (apache+mod_ssl-1.3.37+2.8.28) when the IP and domain are always
>>>>>> changing.
>>>>>>
>>>>>> I recall seeing something about {SERVER_ADDR} as a variable,
>>>>>> which would be exactly what I'm looking for, but I don't have a
>>>>>> clue outside of that what to write in the .htaccess file.
>>>>>>
>>>>> Helps when I include the link..
>>>>>
>>>>> [1] http://freedns.afraid.org/
>>>> Does this help?  This is how I redirect http://papers.bsdcan.org
>>>> to https://papers.bsdcan.org
>>>>
>>>>
>>>> <VirtualHost 216.168.29.7>
>>>>     ServerAdmin dan at langille.org
>>>>     ServerName  papers.bsdcan.org
>>>>
>>>>     Redirect    permanent / https://papers.bsdcan.org/
>>>> </VirtualHost>
>>>>
>>>> I use similar methods to redirect http://freshports.org to 
>>>> http://www.freshports.org/
>>>>
>>>> hth
>>>>
>>> It would if I had a static IP, but since it changes multiple times a
>>> day, I don't think it'll fly for the laptop.  It will, however, be
>>> perfect for a few other machines I just setup at work - thanks, Dan!
>> Details... always with the details.
>>
>> Use a dynamic dns service so that hostnames are updated when the IP
>> address changes.  I use no-ip.com
>>
>> (I hate Outlook..)
>>
>> As I stated before, I can't use a DNS service because I'm connected to
>> client networks with an INSIDE IP, and it wouldn't do any good on a
>> LAN to have such a service in use for this particular instance.
>>
>> Thanks for the tip, though.  I'll be doing that here at work in a few
>> minutes on my other servers.
> 
> So... who will be accessing this website?  I think I asked this 
> before.  Just you?  Others?
> 
> If just you, just localhost, 127.0.0.1.
> 
> Of others, you're back to the DNS problem again...
> 

I'll be the only one accessing the webserver.  Usually, I access it via 
whatever IP the box has on whatever network I'm on, rather than by name 
(since internal DNS won't get the record added before I leave.)

I guess I was thinking that if I use the loopback address, I wouldn't be 
able to hit it outside the local machine.  Yeah, I know, so don't waste 
your breath telling me.  I must've got some real bad crack when I was 
thinking that :P

I'll give it a whirl tomorrow and see if that does the trick.


From tux at penguinnetwerx.net  Wed Jan 31 21:07:50 2007
From: tux at penguinnetwerx.net (Kevin Reiter)
Date: Wed, 31 Jan 2007 21:07:50 -0500
Subject: [nycbug-talk] Google
Message-ID: <45C14B76.7030403@penguinnetwerx.net>

Hey all,

Has anyone else received anything from Google about a job offer?  I 
almost fell off my chair when I read the message from Celia a little 
while ago.

Just curious..

Kev


From alex at pilosoft.com  Wed Jan 31 21:21:52 2007
From: alex at pilosoft.com (alex at pilosoft.com)
Date: Wed, 31 Jan 2007 21:21:52 -0500 (EST)
Subject: [nycbug-talk] Google
In-Reply-To: <45C14B76.7030403@penguinnetwerx.net>
Message-ID: <Pine.LNX.4.44.0701312121271.24798-100000@bawx.pilosoft.com>

On Wed, 31 Jan 2007, Kevin Reiter wrote:

> Has anyone else received anything from Google about a job offer?  I
> almost fell off my chair when I read the message from Celia a little
> while ago.
I think googol is out on a hiring streak. I got message recruiting for 
network admin kinda jobs. Heh.

-alex



From chris at chrisclymer.com  Wed Jan 31 22:15:00 2007
From: chris at chrisclymer.com (Chris Clymer)
Date: Wed, 31 Jan 2007 22:15:00 -0500
Subject: [nycbug-talk] Google
In-Reply-To: <45C14B76.7030403@penguinnetwerx.net>
References: <45C14B76.7030403@penguinnetwerx.net>
Message-ID: <58BA6752-25B4-4DB7-8B59-2D2046C36718@chrisclymer.com>

I just finished my second phone interview actually :D  The recruiter  
told me that they are looking to fill 200-300 admin positions across  
6 different locations in the near future.  I've read elsewhere that  
there are thousands of other positions to be filled...the only  
specific ones i know of are ajax-slingers.

I'm not really looking for a job, but who can pass up google?  It  
second interview was the most technical I've ever had.  He had me  
spend at least 20 minutes explaining every last detail of what  
happens when one surfs to google.com, from DNS to HTTP requests to  
Apache backend stuff.

I figure my only shot at a job is that they've finally run out of  
PhDs to hire ;)

If you decide to follow through, good luck!

On Jan 31, 2007, at 9:07 PM, Kevin Reiter wrote:

> Hey all,
>
> Has anyone else received anything from Google about a job offer?  I
> almost fell off my chair when I read the message from Celia a little
> while ago.
>
> Just curious..
>
> Kev
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month



From jca at sdf.lonestar.org  Wed Jan 31 22:41:43 2007
From: jca at sdf.lonestar.org (Jonathan C. Allen)
Date: Wed, 31 Jan 2007 22:41:43 -0500
Subject: [nycbug-talk] Suspenders Directions Linkage
Message-ID: <20070201034143.GA1967@SDF.LONESTAR.ORG>

The Suspenders link on nycbug.org front page 404s -- here's a working
link:

   http://www.suspendersbar.com/location.php

jca