From lists at genoverly.net Thu Mar 1 10:41:44 2007 From: lists at genoverly.net (michael) Date: Thu, 1 Mar 2007 10:41:44 -0500 Subject: [nycbug-talk] FreeBSD Mall Message-ID: <20070301104144.06643307@dt.genoverly.com> In case you missed it.. iXsystems Announces Acquisition of FreeBSD Mall Story: http://www.prweb.com/releases/2007/2/prweb506879.htm Press Release; http://mediaserver.prweb.com/pdfdownload/506879/pr.pdf -- michael (this address does not accept public email) From dlavigne6 at sympatico.ca Thu Mar 1 11:00:36 2007 From: dlavigne6 at sympatico.ca (Dru) Date: Thu, 1 Mar 2007 11:00:36 -0500 (EST) Subject: [nycbug-talk] FreeBSD Mall In-Reply-To: <20070301104144.06643307@dt.genoverly.com> References: <20070301104144.06643307@dt.genoverly.com> Message-ID: <20070301110009.C631@dru.domain.org> On Thu, 1 Mar 2007, michael wrote: > In case you missed it.. > iXsystems Announces Acquisition of FreeBSD Mall > > Story: > http://www.prweb.com/releases/2007/2/prweb506879.htm > > Press Release; > http://mediaserver.prweb.com/pdfdownload/506879/pr.pdf Interview regarding the acquisition: http://blogs.ittoolbox.com/unix/bsd/archives/freebsdmall-acquired-14759 Dru From skreuzer at f2o.org Thu Mar 1 12:08:23 2007 From: skreuzer at f2o.org (Steven Kreuzer) Date: Thu, 1 Mar 2007 12:08:23 -0500 Subject: [nycbug-talk] FreeBSD Mall In-Reply-To: <20070301104144.06643307@dt.genoverly.com> References: <20070301104144.06643307@dt.genoverly.com> Message-ID: <6469A946-450A-4C61-AB7C-644AA33D2DB7@f2o.org> Its worth mentioning that at NYCBSDCon 2006, the FreeBSD table was stocked with merchandise that was donated to us by the good folks at FreeBSDMall. (http://flickr.com/photos/skreuzer/283060428/) Without them, FreeBSD might not have had a presence at the conference, and Alfred Perlstein and I would not have been able to raise over 600 dollars for the FreeBSD foundation. FreeBSD Mall has been a long time supporter of the community, and I wish them continued success. SK On Mar 1, 2007, at 10:41 AM, michael wrote: > In case you missed it.. > iXsystems Announces Acquisition of FreeBSD Mall > > Story: > http://www.prweb.com/releases/2007/2/prweb506879.htm > > Press Release; > http://mediaserver.prweb.com/pdfdownload/506879/pr.pdf > > -- > > michael > > > (this address does not accept public email) > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month From skreuzer at f2o.org Thu Mar 1 12:08:23 2007 From: skreuzer at f2o.org (Steven Kreuzer) Date: Thu, 1 Mar 2007 12:08:23 -0500 Subject: [nycbug-talk] FreeBSD Mall In-Reply-To: <20070301104144.06643307@dt.genoverly.com> References: <20070301104144.06643307@dt.genoverly.com> Message-ID: <6469A946-450A-4C61-AB7C-644AA33D2DB7@f2o.org> Its worth mentioning that at NYCBSDCon 2006, the FreeBSD table was stocked with merchandise that was donated to us by the good folks at FreeBSDMall. (http://flickr.com/photos/skreuzer/283060428/) Without them, FreeBSD might not have had a presence at the conference, and Alfred Perlstein and I would not have been able to raise over 600 dollars for the FreeBSD foundation. FreeBSD Mall has been a long time supporter of the community, and I wish them continued success. SK On Mar 1, 2007, at 10:41 AM, michael wrote: > In case you missed it.. > iXsystems Announces Acquisition of FreeBSD Mall > > Story: > http://www.prweb.com/releases/2007/2/prweb506879.htm > > Press Release; > http://mediaserver.prweb.com/pdfdownload/506879/pr.pdf > > -- > > michael > > > (this address does not accept public email) > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month From okan at demirmen.com Thu Mar 1 12:37:07 2007 From: okan at demirmen.com (Okan Demirmen) Date: Thu, 1 Mar 2007 12:37:07 -0500 Subject: [nycbug-talk] FreeBSD Mall In-Reply-To: <6469A946-450A-4C61-AB7C-644AA33D2DB7@f2o.org> References: <20070301104144.06643307@dt.genoverly.com> <6469A946-450A-4C61-AB7C-644AA33D2DB7@f2o.org> Message-ID: <20070301173707.GU10311@clam.khaoz.org> On Thu 2007.03.01 at 12:08 -0500, Steven Kreuzer wrote: > Its worth mentioning that at NYCBSDCon 2006, the FreeBSD table was > stocked with merchandise that was donated to us by the good folks at > FreeBSDMall. (http://flickr.com/photos/skreuzer/283060428/) > Without them, FreeBSD might not have had a presence at the > conference, and Alfred Perlstein and I would not have been able to > raise over 600 dollars for the FreeBSD foundation. uhu? are you sure that was FreeBSDMall and not BSDMall? > FreeBSD Mall has been a long time supporter of the community, and I > wish them continued success. > > SK > > On Mar 1, 2007, at 10:41 AM, michael wrote: > > > In case you missed it.. > > iXsystems Announces Acquisition of FreeBSD Mall > > > > Story: > > http://www.prweb.com/releases/2007/2/prweb506879.htm > > > > Press Release; > > http://mediaserver.prweb.com/pdfdownload/506879/pr.pdf > > > > -- > > > > michael > > > > > > (this address does not accept public email) > > > > _______________________________________________ > > % NYC*BUG talk mailing list > > http://lists.nycbug.org/mailman/listinfo/talk > > %Be sure to check out our Jobs and NYCBUG-announce lists > > %We meet the first Wednesday of the month > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month From george at ceetonetechnology.com Thu Mar 1 12:43:36 2007 From: george at ceetonetechnology.com (George R.) Date: Thu, 01 Mar 2007 12:43:36 -0500 Subject: [nycbug-talk] FreeBSD Mall In-Reply-To: <20070301173707.GU10311@clam.khaoz.org> References: <20070301104144.06643307@dt.genoverly.com> <6469A946-450A-4C61-AB7C-644AA33D2DB7@f2o.org> <20070301173707.GU10311@clam.khaoz.org> Message-ID: <45E710C8.4050203@ceetonetechnology.com> Okan Demirmen wrote: > On Thu 2007.03.01 at 12:08 -0500, Steven Kreuzer wrote: >> Its worth mentioning that at NYCBSDCon 2006, the FreeBSD table was >> stocked with merchandise that was donated to us by the good folks at >> FreeBSDMall. (http://flickr.com/photos/skreuzer/283060428/) >> Without them, FreeBSD might not have had a presence at the >> conference, and Alfred Perlstein and I would not have been able to >> raise over 600 dollars for the FreeBSD foundation. > > uhu? > > are you sure that was FreeBSDMall and not BSDMall? No . . . it was FreeBSDMall. . . not BSDMall. Steve is right. g -- This confidential email is only intended for the stated recipients. All Cee Tone Technology-related support issues must be directed to support@ in order to facilitate the most timely reply. Urgent requests should be directed to emergency at . From skreuzer at f2o.org Thu Mar 1 12:49:54 2007 From: skreuzer at f2o.org (Steven Kreuzer) Date: Thu, 1 Mar 2007 12:49:54 -0500 Subject: [nycbug-talk] FreeBSD Mall In-Reply-To: <45E710C8.4050203@ceetonetechnology.com> References: <20070301104144.06643307@dt.genoverly.com> <6469A946-450A-4C61-AB7C-644AA33D2DB7@f2o.org> <20070301173707.GU10311@clam.khaoz.org> <45E710C8.4050203@ceetonetechnology.com> Message-ID: On Mar 1, 2007, at 12:43 PM, George R. wrote: > > No . . . it was FreeBSDMall. . . not BSDMall. > > Steve is right. Steve is always right ;) Look under the $500-$999 section of http://www.freebsdfoundation.org/ donate/sponsors.shtml FreeBSD Mall is listed there. SK (Also, sorry for the doublepost before, my mail client crashed when I clicked send) From jca at sdf.lonestar.org Fri Mar 2 13:07:22 2007 From: jca at sdf.lonestar.org (Jonathan C. Allen) Date: Fri, 2 Mar 2007 18:07:22 +0000 Subject: [nycbug-talk] Salary Ranges, etc. For North Jersey Message-ID: <20070302180722.GA5388@SDF.LONESTAR.ORG> I'm trying to define an opening for a SysAdmin position in North Jersey. Does anyone have a good reference such as salary surveys, etc. for this region? I really want to hire someone but I don't know what the fair market rate is around here. A range would be great so I can get a ballpark idea of what it will cost for X level of experience. Maybe SAGE/Usenix has a publication? I'll post to jobs@ once I get all the details together. jca From pete at nomadlogic.org Fri Mar 2 13:37:38 2007 From: pete at nomadlogic.org (Peter Wright) Date: Fri, 2 Mar 2007 10:37:38 -0800 (PST) Subject: [nycbug-talk] Salary Ranges, etc. For North Jersey In-Reply-To: <20070302180722.GA5388@SDF.LONESTAR.ORG> References: <20070302180722.GA5388@SDF.LONESTAR.ORG> Message-ID: <46527.160.33.20.11.1172860658.squirrel@webmail.nomadlogic.org> > I'm trying to define an opening for a SysAdmin position in > North Jersey. Does anyone have a good reference such as salary > surveys, etc. for this region? I really want to hire someone > but I don't know what the fair market rate is around here. > > A range would be great so I can get a ballpark idea of what > it will cost for X level of experience. Maybe SAGE/Usenix > has a publication? > yea there is the SAGE salary survey that is done yearly. i believe you have to be a member to get access to the full reports - although i could be wrong. -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From jca at sdf.lonestar.org Fri Mar 2 13:57:26 2007 From: jca at sdf.lonestar.org (Jonathan C. Allen) Date: Fri, 2 Mar 2007 18:57:26 +0000 Subject: [nycbug-talk] Salary Ranges, etc. For North Jersey In-Reply-To: <46527.160.33.20.11.1172860658.squirrel@webmail.nomadlogic.org> References: <20070302180722.GA5388@SDF.LONESTAR.ORG> <46527.160.33.20.11.1172860658.squirrel@webmail.nomadlogic.org> Message-ID: <20070302185726.GA27171@SDF.LONESTAR.ORG> On Fri, Mar 02, 2007 at 10:37:38AM -0800, Peter Wright wrote: > > > I'm trying to define an opening for a SysAdmin position in > > North Jersey. Does anyone have a good reference such as salary > > surveys, etc. for this region? I really want to hire someone > > but I don't know what the fair market rate is around here. > > > > A range would be great so I can get a ballpark idea of what > > it will cost for X level of experience. Maybe SAGE/Usenix > > has a publication? > > > > yea there is the SAGE salary survey that is done yearly. i believe you > have to be a member to get access to the full reports - although i could > be wrong. > I found the SAGE salary surveys. Current survey (2005-2006) requires membership, previous surveys are publicly available. http://www.sage.org/salsurv/salsurv.html jca From george at galis.org Fri Mar 2 16:57:46 2007 From: george at galis.org (George Georgalis) Date: Fri, 2 Mar 2007 16:57:46 -0500 Subject: [nycbug-talk] Salary Ranges, etc. For North Jersey In-Reply-To: <20070302185726.GA27171@SDF.LONESTAR.ORG> References: <20070302180722.GA5388@SDF.LONESTAR.ORG> <46527.160.33.20.11.1172860658.squirrel@webmail.nomadlogic.org> <20070302185726.GA27171@SDF.LONESTAR.ORG> Message-ID: <20070302215746.GI3996@run.galis.org> On Fri, Mar 02, 2007 at 06:57:26PM +0000, Jonathan C. Allen wrote: >On Fri, Mar 02, 2007 at 10:37:38AM -0800, Peter Wright wrote: >> >> > I'm trying to define an opening for a SysAdmin position in >> > North Jersey. Does anyone have a good reference such as salary >> > surveys, etc. for this region? I really want to hire someone >> > but I don't know what the fair market rate is around here. >> > >> > A range would be great so I can get a ballpark idea of what >> > it will cost for X level of experience. Maybe SAGE/Usenix >> > has a publication? I think you got to treat it like insurance. Figure out how much it's worth to you, then pick one who seems best fit to do the job, if you're lucky he'll accept. I lived in North Jersey for several years up to a year ago, and I got inquires from under $40 to over $140K/yr. Problem is a surplus of medium quality admins in NYC post dot com bust. So you have people who work for peanuts so they can work and not a lot of available people who are better than average, cause big bucks in the city will pay for them. Things may have smoothed out some by now, but consider how many 'good fit' people you can find, if any, when you prepare yourself for the sticker shock finding out how much they want. // George -- George Georgalis, systems architect, administrator < From dlavigne6 at sympatico.ca Sat Mar 3 10:33:50 2007 From: dlavigne6 at sympatico.ca (Dru) Date: Sat, 3 Mar 2007 10:33:50 -0500 (EST) Subject: [nycbug-talk] liveCD Message-ID: <20070303103258.H639@dru.domain.org> Thanks to the generosity of NYCBUG, the Postgres livecd is now hosted in the Library. I have a quick writeup about the CD here: http://blogs.ittoolbox.com/unix/bsd/archives/postgresql-livecd-14866 Dru From huyslogic at gmail.com Mon Mar 5 08:32:37 2007 From: huyslogic at gmail.com (Huy Ton That) Date: Mon, 5 Mar 2007 08:32:37 -0500 Subject: [nycbug-talk] Restore ld-elf.so.1 - help Message-ID: <1cac28080703050532u9a6e579h9212d0287f97735f@mail.gmail.com> I accidentally renamed ld-elf.so.1, How do I get this restored? I can't boot up in single user mode? -------------- next part -------------- An HTML attachment was scrubbed... URL: From lavalamp at spiritual-machines.org Mon Mar 5 09:24:22 2007 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Mon, 5 Mar 2007 09:24:22 -0500 (EST) Subject: [nycbug-talk] Restore ld-elf.so.1 - help In-Reply-To: <1cac28080703050532u9a6e579h9212d0287f97735f@mail.gmail.com> References: <1cac28080703050532u9a6e579h9212d0287f97735f@mail.gmail.com> Message-ID: <20070305092125.E16695@arbitor.digitalfreaks.org> Just boot up a Fixit CD image off of the install CD. Utilities -> Fixit I think. fsck -y /dev/da0s1[a-g] or /dev/ad0s1[a-g] or whatever your / file system resides upon. mount /dev/whatever_root /mnt cat /mnt/etc/fstab mv /mnt/libexec/whatever_you_renamed_it_to /mnt/libexec/ld-elf.so.1 ~BAS On Mon, 5 Mar 2007, Huy Ton That wrote: > I accidentally renamed ld-elf.so.1, > > How do I get this restored? I can't boot up in single user mode? > l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when "helpdesk" meant nothing, "diskquota" meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were." -------------- next part -------------- _______________________________________________ % NYC*BUG talk mailing list http://lists.nycbug.org/mailman/listinfo/talk %Be sure to check out our Jobs and NYCBUG-announce lists %We meet the first Wednesday of the month From huyslogic at gmail.com Mon Mar 5 10:29:35 2007 From: huyslogic at gmail.com (Huy Ton That) Date: Mon, 5 Mar 2007 10:29:35 -0500 Subject: [nycbug-talk] Restore ld-elf.so.1 - help In-Reply-To: <20070305092125.E16695@arbitor.digitalfreaks.org> References: <1cac28080703050532u9a6e579h9212d0287f97735f@mail.gmail.com> <20070305092125.E16695@arbitor.digitalfreaks.org> Message-ID: <1cac28080703050729y50aade05l91f0e59704fd8411@mail.gmail.com> Great, thanks that helped me a lot. But now I am back to my original problem... nmbd works, winbindd works, but whenever I launch smbd, I get the following error. I can no longer see my drive shares on the network. [root at localhost /home/huyton]# smbd /libexec/ld-elf.so.1: Shared object "libgnutls.so.15" not found, required by "smbd" Any ideas? I'm stumped... On 3/5/07, Brian A. Seklecki wrote: > > > Just boot up a Fixit CD image off of the install CD. Utilities -> Fixit I > think. > > fsck -y /dev/da0s1[a-g] or /dev/ad0s1[a-g] or whatever your / file system > resides > upon. > > mount /dev/whatever_root /mnt > cat /mnt/etc/fstab > mv /mnt/libexec/whatever_you_renamed_it_to /mnt/libexec/ld-elf.so.1 > > ~BAS > > On Mon, 5 Mar 2007, Huy Ton That wrote: > > > I accidentally renamed ld-elf.so.1, > > > > How do I get this restored? I can't boot up in single user mode? > > > > l8* > -lava (Brian A. Seklecki - Pittsburgh, PA, USA) > http://www.spiritual-machines.org/ > > "...from back in the heady days when "helpdesk" meant nothing, "diskquota" > meant everything, and lives could be bought and sold for a couple of pages > > of laser printout - and frequently were." > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From huyslogic at gmail.com Mon Mar 5 11:33:14 2007 From: huyslogic at gmail.com (Huy Ton That) Date: Mon, 5 Mar 2007 11:33:14 -0500 Subject: [nycbug-talk] Restore ld-elf.so.1 - help In-Reply-To: <1cac28080703050729y50aade05l91f0e59704fd8411@mail.gmail.com> References: <1cac28080703050532u9a6e579h9212d0287f97735f@mail.gmail.com> <20070305092125.E16695@arbitor.digitalfreaks.org> <1cac28080703050729y50aade05l91f0e59704fd8411@mail.gmail.com> Message-ID: <1cac28080703050833o85b3227se7c1d75aa9e818ec@mail.gmail.com> Looks like copying the file from another installation I had handy fixed the problem. Thanks for all your help guys... On 3/5/07, Huy Ton That wrote: > > Great, thanks that helped me a lot. But now I am back to my original > problem... > > nmbd works, winbindd works, but whenever I launch smbd, I get the > following error. I can no longer see my drive shares on the network. > > [root at localhost /home/huyton]# smbd > /libexec/ld-elf.so.1: Shared object "libgnutls.so.15" not found, required > by "smbd" > > Any ideas? I'm stumped... > > > > On 3/5/07, Brian A. Seklecki wrote: > > > > > Just boot up a Fixit CD image off of the install CD. Utilities -> Fixit > > I > > think. > > > > fsck -y /dev/da0s1[a-g] or /dev/ad0s1[a-g] or whatever your / file > > system > > resides > > upon. > > > > mount /dev/whatever_root /mnt > > cat /mnt/etc/fstab > > mv /mnt/libexec/whatever_you_renamed_it_to /mnt/libexec/ld-elf.so.1 > > > > ~BAS > > > > On Mon, 5 Mar 2007, Huy Ton That wrote: > > > > > I accidentally renamed ld-elf.so.1, > > > > > > How do I get this restored? I can't boot up in single user mode? > > > > > > > l8* > > -lava (Brian A. Seklecki - Pittsburgh, PA, USA) > > http://www.spiritual-machines.org/ > > > > "...from back in the heady days when "helpdesk" meant nothing, > > "diskquota" > > meant everything, and lives could be bought and sold for a couple of > > pages > > of laser printout - and frequently were." > > _______________________________________________ > > % NYC*BUG talk mailing list > > http://lists.nycbug.org/mailman/listinfo/talk > > %Be sure to check out our Jobs and NYCBUG-announce lists > > %We meet the first Wednesday of the month > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From carton at Ivy.NET Mon Mar 5 13:00:22 2007 From: carton at Ivy.NET (Miles Nordin) Date: Mon, 05 Mar 2007 13:00:22 -0500 Subject: [nycbug-talk] Restore ld-elf.so.1 - help In-Reply-To: <1cac28080703050532u9a6e579h9212d0287f97735f@mail.gmail.com> (Huy Ton That's message of "Mon, 5 Mar 2007 08:32:37 -0500") References: <1cac28080703050532u9a6e579h9212d0287f97735f@mail.gmail.com> Message-ID: >>>>> "htt" == Huy Ton That writes: htt> I accidentally renamed ld-elf.so.1, in the boot loader, start the kernel with 'boot -a' then when it asks for the path to init, say: /rescue/sh # PATH=/rescue:$PATH # hash -r # mount -u -w / # mount -r /usr [fix your problem] # mount -u -r / # sync # halt goodluck. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From skreuzer at f2o.org Mon Mar 5 13:37:20 2007 From: skreuzer at f2o.org (Steven Kreuzer) Date: Mon, 5 Mar 2007 13:37:20 -0500 Subject: [nycbug-talk] What's cooking in FreeBSD 7? In-Reply-To: References: <1cac28080703050532u9a6e579h9212d0287f97735f@mail.gmail.com> Message-ID: <4E530DB4-FD1E-424B-9961-FD0DC4A0C5DE@f2o.org> Searching around for some of the new features that are in -CURRENT, I found this very handy site that is frequently updated with some of the more interesting features being developed and will hopefully make their way into FreeBSD 7. http://ivoras.sharanet.org/freebsd/freebsd7.html Some of the things I am really excited about are: * DTrace (http://people.freebsd.org/~jb/dtrace/) DTrace is Sun's advanced diagnostic tool and language for operating systems. It's currently being ported to FreeBSD with the intention to make it an official feature. This is mostly a developer tool, useful to track down bugs and performance defficiencies, but can also be used (and in the same way) by advanced system administrators. I had the opportunity to play with DTrace on production Solaris machines, and found it a very valuable tool to debug exactly what your application is doing under a real world workload. * gvirstor (http://wikitest.freebsd.org/gvirstor) Gvirstor is a GEOM storage class that provides a storage device of arbitrary size in "overcommit" mode (i.e. larger than physically available storage). Providers can be added to the virstor device on- line (while used, e.g. mounted), and removed if unused and at the end of the list of components. In a nutshell, if you have a 200gig disk, with a dataset that will eventually grow to 400gigs, you simply create a 400gig partation. From userland, you will see 400gigs of usable space despite the fact the underlaying disk is only 200gigs. When your data starts to get around 200gigs, you pop in a second 200gig hard drive and your all set. Check out http://en.wikipedia.org/wiki/Thin_Provisioning for a little more detail. * ZFS Sun's ZFS is in the process of being ported to FreeBSD, with the intention of offering most (or all) features found in the original implementation. It's integrated with FreeBSD's existing features like UFS and GEOM, thus offering the possibility of creating FreeBSD UFS file systems on ZFS volumes, and using GEOM providers to host ZFS file systems. ZFS is an advanced file system with many interesting features built-in: snapshots, copy-on-write, dynamic striping and RAID5, up to 128-bit file system size, and globally optimal I/O sorting and aggregation. SK From carton at Ivy.NET Tue Mar 6 01:58:26 2007 From: carton at Ivy.NET (Miles Nordin) Date: Tue, 06 Mar 2007 01:58:26 -0500 Subject: [nycbug-talk] What's cooking in FreeBSD 7? In-Reply-To: <4E530DB4-FD1E-424B-9961-FD0DC4A0C5DE@f2o.org> (Steven Kreuzer's message of "Mon, 5 Mar 2007 13:37:20 -0500") References: <1cac28080703050532u9a6e579h9212d0287f97735f@mail.gmail.com> <4E530DB4-FD1E-424B-9961-FD0DC4A0C5DE@f2o.org> Message-ID: >>>>> "sk" == Steven Kreuzer writes: sk> offering the possibility of creating FreeBSD UFS file systems sk> on ZFS volumes, and using GEOM providers to host ZFS file sk> systems. either of which would make the ZFS designers pace back and forth in their Tower muttering angrily. zvol's are meant for things like iSCSI and Xen only, not for hosting some other filesystem when you could just use ZFS instead. (and ZFS does not itself run on top of zvol's.) Also, you are discouraged from using more software RAID underneath ZFS because ZFS can do the job better itself. For example ZFS can tell if one side of a mirror is silently corrupting data because of some bad PATA cable or something, and read from the other side. gmirror can't do that, nor can ZFS if there is a gmirror under it. I guess using geli would be ok---that tool is missing from Solaris for now. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From techneck at goldenpath.org Tue Mar 6 18:03:28 2007 From: techneck at goldenpath.org (Tim A.) Date: Tue, 06 Mar 2007 18:03:28 -0500 Subject: [nycbug-talk] ShmooCon In-Reply-To: <20061222235518.GV8442@cybertron.cyth.net> References: <20061222235518.GV8442@cybertron.cyth.net> Message-ID: <45EDF340.5030001@goldenpath.org> Who has tickets? They're sold out. From dan at langille.org Tue Mar 6 20:25:55 2007 From: dan at langille.org (Dan Langille) Date: Tue, 06 Mar 2007 20:25:55 -0500 Subject: [nycbug-talk] ShmooCon In-Reply-To: <45EDF340.5030001@goldenpath.org> References: <20061222235518.GV8442@cybertron.cyth.net>, <45EDF340.5030001@goldenpath.org> Message-ID: <45EDCE53.4684.C104171@dan.langille.org> On 6 Mar 2007 at 18:03, Tim A. wrote: > Who has tickets? > They're sold out. I have one for me. I *may* be getting a second. The one I'm selling is $150. Anyone see if they've been selling on ebay? ;) -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php PGCon - The PostgreSQL Conference - http://www.pgcon.org/ From okan at demirmen.com Tue Mar 6 22:21:19 2007 From: okan at demirmen.com (Okan Demirmen) Date: Tue, 6 Mar 2007 22:21:19 -0500 Subject: [nycbug-talk] meetings, topics and all things curious Message-ID: <20070307032119.GW10311@clam.khaoz.org> Hello all, As I hope you all know, we strive to keep all our monthly meetings interesting, enjoyable and compelling so as to keep everyone, well, stimulated. One thing I believe that we've yet to really do is to ask the community what (and/or who) you want to hear about (and from) in the monthly meetings. What topics and/or subtopics do people want speakers to on which to present? More advanced topics, simple boring topics, tutorials, more this or less that? We'd like to make sure we are giving the community what it wants... Not only can you suggest topics and speakers, but you too can speak on a topic! You know NYCBUG by now... Cheers, Okan From nycbug-list at 2xlp.com Wed Mar 7 15:37:05 2007 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Wed, 7 Mar 2007 15:37:05 -0500 Subject: [nycbug-talk] FreeBSD software RAID? Message-ID: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> Is there a preferred software raid on FreeBSD ? If so, what is the stability? The only thing i found is vinum, and it seems to be stagnant for the past 3 years. // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | SyndiClick.com | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From skreuzer at f2o.org Wed Mar 7 15:49:57 2007 From: skreuzer at f2o.org (Steven Kreuzer) Date: Wed, 7 Mar 2007 15:49:57 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> Message-ID: <3907E1F7-7BF3-41FC-971E-9A53B60261A9@f2o.org> On Mar 7, 2007, at 3:37 PM, Jonathan Vanasco wrote: > > Is there a preferred software raid on FreeBSD ? GEOM - See Chapter 19 of the FreeBSD handbook for additional information http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/vinum- vinum.html > > If so, what is the stability? The only thing i found is vinum, and > it seems to be stagnant for the past 3 years. There are actually two versions of vinum. "Classic" vinum - which which can do all RAID levels, but not using GEOM. It appeared in FreeBSD 5, and it is not considered stable. GEOM Vinum - A rewrite of vinum using GEOM. It provides most of of functionality of classic, but still seems to be horribly under documented. If you are doing RAID-1, take a look at GEOM Mirror, which is considered stable enough to run in production. More information can be found in Chapter 18.4 of the handbook SK From pete at nomadlogic.org Wed Mar 7 18:03:12 2007 From: pete at nomadlogic.org (Peter Wright) Date: Wed, 7 Mar 2007 15:03:12 -0800 (PST) Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <3907E1F7-7BF3-41FC-971E-9A53B60261A9@f2o.org> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <3907E1F7-7BF3-41FC-971E-9A53B60261A9@f2o.org> Message-ID: <5099.160.33.20.11.1173308592.squirrel@webmail.nomadlogic.org> > > On Mar 7, 2007, at 3:37 PM, Jonathan Vanasco wrote: > >> >> Is there a preferred software raid on FreeBSD ? > > GEOM - See Chapter 19 of the FreeBSD handbook for additional information > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/vinum- > vinum.html > >> >> If so, what is the stability? The only thing i found is vinum, and >> it seems to be stagnant for the past 3 years. > > There are actually two versions of vinum. > > "Classic" vinum - which which can do all RAID levels, but not using > GEOM. It appeared in FreeBSD 5, and it is not considered stable. > GEOM Vinum - A rewrite of vinum using GEOM. It provides most of of > functionality of classic, but still seems to be horribly under > documented. > > If you are doing RAID-1, take a look at GEOM Mirror, which is > considered stable enough to run in production. More information can > be found in Chapter 18.4 of the handbook > most RAID levels seem to be implemented in GEOM if I am not mistaken (gmirror, gstripe and graid3 come to mind off the top of my head). these are actively supported and the man pages should be adequate. i believe RAID5 is achieved under GEOM via vinum still. the man pages for both geom and vinum should be helpful there. -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From carton at Ivy.NET Wed Mar 7 21:48:19 2007 From: carton at Ivy.NET (Miles Nordin) Date: Wed, 07 Mar 2007 21:48:19 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> (Jonathan Vanasco's message of "Wed, 7 Mar 2007 15:37:05 -0500") References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> Message-ID: >>>>> "jv" == Jonathan Vanasco writes: jv> Is there a preferred software raid on FreeBSD ? I think the RAID3 software RAID is theoretically more sound than the RAID5. I don't have direct experience, but please don't be fooled into the crappier implementation by the larger number. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From skreuzer at f2o.org Wed Mar 7 22:46:40 2007 From: skreuzer at f2o.org (Steven Kreuzer) Date: Wed, 7 Mar 2007 22:46:40 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> Message-ID: On Mar 7, 2007, at 9:48 PM, Miles Nordin wrote: >>>>>> "jv" == Jonathan Vanasco writes: > > jv> Is there a preferred software raid on FreeBSD ? > > I think the RAID3 software RAID is theoretically more sound than the > RAID5. I don't have direct experience, but please don't be fooled > into the crappier implementation by the larger number. Cut n Paste from wikipedia because it sums it up better then I can: RAID 3 uses byte-level striping with a dedicated parity disk. RAID 3 is very rare in practice. One of the side-effects of RAID 3 is that it generally cannot service multiple requests simultaneously. This comes about because any single block of data will, by definition, be spread across all members of the set and will reside in the same location. So, any I/O operation requires activity on every disk. I have never used it at all, but I would stay the hell away from RAID 3, both hardware and software implementations SK From lego at therac25.net Wed Mar 7 23:04:58 2007 From: lego at therac25.net (Andy Michaels) Date: Wed, 7 Mar 2007 23:04:58 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> Message-ID: <6ad18d7eb8f85d75059471310ff89b77@therac25.net> On Mar 7, 2007, at 10:46 PM, Steven Kreuzer wrote: > > On Mar 7, 2007, at 9:48 PM, Miles Nordin wrote: > >>>>>>> "jv" == Jonathan Vanasco writes: >> >> jv> Is there a preferred software raid on FreeBSD ? >> >> I think the RAID3 software RAID is theoretically more sound than the >> RAID5. I don't have direct experience, but please don't be fooled >> into the crappier implementation by the larger number. > > Cut n Paste from wikipedia because it sums it up better then I can: > > RAID 3 uses byte-level striping with a dedicated parity disk. RAID 3 > is very rare in practice. One of the side-effects of RAID 3 is that > it generally cannot service multiple requests simultaneously. > This comes about because any single block of data will, by > definition, be spread across all members of the set and will reside > in the same location. So, any I/O operation requires activity on > every disk. > > I have never used it at all, but I would stay the hell away from RAID > 3, both hardware and software implementations > > SK > So we have Miles saying (I think) that the RAID3 implementation in FreeBSD is better than the RAID5 implementation, then Steven saying that RAID3 is the redheaded stepchild of disk arrays. I'm beginning to think that software RAID on FreeBSD isn't worth the hassle and a modest investment in a supported RAID card is in order. Is this the real recommendation? -Andy From nycbug-list at 2xlp.com Wed Mar 7 23:05:56 2007 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Wed, 7 Mar 2007 23:05:56 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> Message-ID: <41EB6556-F3B5-41C9-A159-BCE766B5CB44@2xlp.com> Thanks all. Having issues posting to the list. I'm just doing a mirror raid, so the big number raids don't worry me. // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From george at ceetonetechnology.com Wed Mar 7 23:22:41 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 7 Mar 2007 23:22:41 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <6ad18d7eb8f85d75059471310ff89b77@therac25.net> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> Message-ID: <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> On Mar 7, 2007, at 11:04 PM, Andy Michaels wrote: > On Mar 7, 2007, at 10:46 PM, Steven Kreuzer wrote: > >> >> On Mar 7, 2007, at 9:48 PM, Miles Nordin wrote: >> >>>>>>>> "jv" == Jonathan Vanasco writes: >>> >>> jv> Is there a preferred software raid on FreeBSD ? >>> >>> I think the RAID3 software RAID is theoretically more sound than the >>> RAID5. I don't have direct experience, but please don't be fooled >>> into the crappier implementation by the larger number. >> >> Cut n Paste from wikipedia because it sums it up better then I can: >> >> RAID 3 uses byte-level striping with a dedicated parity disk. RAID 3 >> is very rare in practice. One of the side-effects of RAID 3 is that >> it generally cannot service multiple requests simultaneously. >> This comes about because any single block of data will, by >> definition, be spread across all members of the set and will reside >> in the same location. So, any I/O operation requires activity on >> every disk. >> >> I have never used it at all, but I would stay the hell away from RAID >> 3, both hardware and software implementations >> >> SK >> > So we have Miles saying (I think) that the RAID3 implementation in > FreeBSD is better than the RAID5 implementation, then Steven saying > that RAID3 is the redheaded stepchild of disk arrays. I'm > beginning to > think that software RAID on FreeBSD isn't worth the hassle and a > modest > investment in a supported RAID card is in order. Is this the real > recommendation? > > -Andy That would be my position Andy. . . I would rather just stick to hardware. There's enough cards with the BSDs that are supported, with some preferred over others. . . George From kit at kithalsted.com Wed Mar 7 23:36:34 2007 From: kit at kithalsted.com (Kit Halsted) Date: Wed, 7 Mar 2007 23:36:34 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> Message-ID: I desperately need to upgrade one of my ancient OpenBSD servers. I would like to have RAID, but last I checked RAIDframe's rebuild rates made it unsuitable for a real-world environment. I'm having trouble with the Adaptec 2400 IDE RAID card I have lying around, so I decided on a different option today: I picked up a MegaRAID 795 IDE RAID card on eBay. It only does 0, 1, & 10, but it does do hot spares. Since I want RAID 1 with 1 hot spare & 1 cold spare, it's perfect for me. $8 shipping, $4.95 purchase price. Woohoo! Cheers, -Kit At 11:22 PM -0500 3/7/07, George Rosamond wrote: >On Mar 7, 2007, at 11:04 PM, Andy Michaels wrote: <...> > > think that software RAID on FreeBSD isn't worth the hassle and a >> modest >> investment in a supported RAID card is in order. Is this the real >> recommendation? >> >> -Andy > >That would be my position Andy. . . I would rather just stick to >hardware. > >There's enough cards with the BSDs that are supported, with some >preferred over others. . . -- Kit Halsted Computers & Networking 917-903-9438 kit at kithalsted.com From skreuzer at f2o.org Wed Mar 7 23:44:50 2007 From: skreuzer at f2o.org (Steven Kreuzer) Date: Wed, 7 Mar 2007 23:44:50 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> Message-ID: On Mar 7, 2007, at 11:22 PM, George Rosamond wrote: >> So we have Miles saying (I think) that the RAID3 implementation in >> FreeBSD is better than the RAID5 implementation, then Steven saying >> that RAID3 is the redheaded stepchild of disk arrays. I'm >> beginning to >> think that software RAID on FreeBSD isn't worth the hassle and a >> modest >> investment in a supported RAID card is in order. Is this the real >> recommendation? >> >> -Andy > > That would be my position Andy. . . I would rather just stick to > hardware. > > There's enough cards with the BSDs that are supported, with some > preferred over others. . . If your just doing RAID 0 or 1, you can get away with using and geom_stripe and gmirror. Both are very mature and I would be comfortable running either in production. RAID 5 is another beast, and your better off going with a hardware based solution if it fits in your budget. Its going to be much faster, and more reliable. My rule of thumb is if your budget allows, always go with the hardware based solution ;) SK From kit at kithalsted.com Wed Mar 7 23:59:02 2007 From: kit at kithalsted.com (Kit Halsted) Date: Wed, 7 Mar 2007 23:59:02 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> Message-ID: At 11:44 PM -0500 3/7/07, Steven Kreuzer wrote: <...> >RAID 5 is another beast, and your better off going with a hardware >based solution if it fits in your budget. >Its going to be much faster, and more reliable. Keep in mind that RAID 5 also costs tens of thousands of dollars to recover if something does go wrong. I've seen a surprisingly high number of failures of RAID 5 arrays, considering how few of my clients could afford them in the first place. I'm starting to think it's safer & cheaper (at least in the long run) to stripe a couple of RAID 1 arrays than to do a RAID 5. I'm definitely convinced that RAID 1 is the way to go if your needs can be met by the capacity of a single disk. >My rule of thumb is if your budget allows, always go with the >hardware based solution ;) Absolutely agreed. (Just make sure it's good hardware!) Cheers, -Kit -- Kit Halsted Computers & Networking 917-903-9438 kit at kithalsted.com From carton at Ivy.NET Thu Mar 8 00:28:10 2007 From: carton at Ivy.NET (Miles Nordin) Date: Thu, 08 Mar 2007 00:28:10 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: (Steven Kreuzer's message of "Wed, 7 Mar 2007 22:46:40 -0500") References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> Message-ID: >>>>> "sk" == Steven Kreuzer writes: >>>>> "gr" == George Rosamond writes: sk> RAID 3 is that it generally cannot service multiple requests sk> simultaneously. [...] I would stay the hell away from RAID 3, sk> both hardware and software implementations well, I'd stay the hell away from something because it can lose data or cause filesystem corruption during a power loss that wouldn't have happened to a filesystem on a single disk. RAID5 can do this when there is no NVRAM because of the ``RAID5 write hole''. RAID3 doesn't have this hole in FreeBSD (AIUI), because the UFS blocksize is increased from 512 to cover an entire stripe. The write hole would be the sort of reason that would trigger ``stay the hell away from'' in my mind, not so much ``it's slower for seek-heavy workloads.'' that's my reason for saying RAID3, and I think also the reason FreeBSD bothered to implement it (and implement the variable blocksize for UFS to go on top of it). but I'm not sure. I hope I'm not leading you wrong. It makes sense to me, but the manual pages are so short, and there isn't an easy way to just test the ideas rather than reading all my ranty speculations. gr> That would be my position Andy. . . I would rather just stick gr> to hardware. yeah maybe. again, I'm heavy on ranting and short on experience, but at least going from my _friends'_ experience with hardware RAID, I intend to stay the hell away from any RAID-on-a-card, period. First, many of them don't have an NVRAM. Some have something they call an NVRAM, but they use it to store metadata, not for a write cache to plug the RAID5 write hole. This is the whole reason for doing hardware RAID: to get that NVRAM to fix the RAID5 write hole. Second, there are too many horror stories of RAID cards losing entire arrays. The card goes bad or gets confused. It's part of Dell's card-of-the-month club, and a replacement card is unobtainable, and new cards won't work with the array. Or the array's metadata was stored on the old card's so-called-but-not-really NVRAM, so the new card understands the old array but won't recognize it. or the configurator tool is clunky and buggy and won't give back your array, or there's more than one configurator like one in BIOS and one in DOS and one in Windows, and only one tool works and the others are decoys, or whatever. With software RAID, you can back up your metadata on _paper_ if you want to, and type it in by hand---the array will still work. If you're concerned about your method of paper backup, you can test it on a non-live filesystem. Deliberately delete/confuse your metadata, and force-recreate the array, see if it passes fsck and 'pax -r . > /dev/null'. Keep trying until you have a written procedure that works. Label the physical disks with their names on the sheet of paper (so you've recorded their stripe ordering). so there is less possibility software RAID will refuse to see your array because some little pointer block got mangled, than with the card-RAID. And you don't have to worry about multiple opaque configurator tools---there's just one, and it's native to the OS, and it's available on the LiveCD/installCD/whatever. With software RAID, there's no concern about not being able to obtain a card that matches the array structure. Even if geom changes its structure, you can more easily document which version of FreeBSD you used than which Dell card-of-the-month they shipped. And you can always obtain that old version of FreeBSD at any time in the future. Software RAID thus solves all the ``second'' problems with RAID-on-a-card, if you are a good sysadmin, or has them worse than ever if you're a bad one. And RAID3 instead of RAID5 solves the First problems with RAID-on-a-card, as I understand it. I'm sure a bunch of people can chime in and say ``I've used RAID-on-a-card, and I can't stress enough how close to zero is the number of problems I've had with it. It is really close to zero. It's so unbelieveably close to zero, it IS zero, so I think it must be very trustworthy.'' Well, that's great, I'm just saying I've heard more than one story from someone who HAS had some stupid problem with some expensive RAID-on-a-card that they really shouldn't be having. so basically it all sucks. :) Honestly if what you want is a ``backup'' I would do nightly rsync, maybe with some kind of sanity-check. mirroring is more for continuity, when you don't want to lose availability when a disk fails (even then it's a little hard to make it live up to its promise because a slowly failing disk will start taking 30 seconds instead of 30 milliseconds to answer requests---it stays in the array but slows your machine to 1/1000th speed, so you call it ``crashed''. The bad disk ``crashed'' my machine.). or mirroring for speed, if you want the seek bandwidth of an extra spindle for reads. not so much for backup, IMHO, but definitely not worthless for that purpose I guess, and used successfully by a few friends who saw disk failures. A mirror is also very nice for snapshots. You can break the mirror, do something dangerous, and then resync it only if you succeed. Sometimes either side of the mirror is bootable, so that's extremely nice. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From dan at langille.org Thu Mar 8 07:42:34 2007 From: dan at langille.org (Dan Langille) Date: Thu, 08 Mar 2007 07:42:34 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <6ad18d7eb8f85d75059471310ff89b77@therac25.net> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com>, , <6ad18d7eb8f85d75059471310ff89b77@therac25.net> Message-ID: <45EFBE6A.15375.13A21ADC@dan.langille.org> On 7 Mar 2007 at 23:04, Andy Michaels wrote: > On Mar 7, 2007, at 10:46 PM, Steven Kreuzer wrote: > > > > > On Mar 7, 2007, at 9:48 PM, Miles Nordin wrote: > > > >>>>>>> "jv" == Jonathan Vanasco writes: > >> > >> jv> Is there a preferred software raid on FreeBSD ? > >> > >> I think the RAID3 software RAID is theoretically more sound than the > >> RAID5. I don't have direct experience, but please don't be fooled > >> into the crappier implementation by the larger number. > > > > Cut n Paste from wikipedia because it sums it up better then I can: > > > > RAID 3 uses byte-level striping with a dedicated parity disk. RAID 3 > > is very rare in practice. One of the side-effects of RAID 3 is that > > it generally cannot service multiple requests simultaneously. > > This comes about because any single block of data will, by > > definition, be spread across all members of the set and will reside > > in the same location. So, any I/O operation requires activity on > > every disk. > > > > I have never used it at all, but I would stay the hell away from RAID > > 3, both hardware and software implementations > > > > SK > > > So we have Miles saying (I think) that the RAID3 implementation in > FreeBSD is better than the RAID5 implementation, then Steven saying > that RAID3 is the redheaded stepchild of disk arrays. Andy: The discussions you read about RAID5 and RAID3 where not based on the "FreeBSD implementation". They were about RAID in general. They were discussing the pros and cons that that particular RAID configuration. They were *not* talking about any particular implementation of RAID. It is an important point. Reading this might help understand the various RAID configurations: http://en.wikipedia.org/wiki/Redundant_array_of_independent_disks > I'm beginning to think that software RAID on FreeBSD isn't worth the > hassle and a modest investment in a supported RAID card is in order. > Is this the real recommendation? Nobody said that in what you quoted. They were steering you away from RAID-3 and from RAID-5. Personally, I recommend RAID-1 (mirroring, minimum of 2 disks) or RAID-10 (mirroring and striping, minimum of 4 disks). I have a few servers using RAID: RAID-1, RAID-10, and RAID-5. I have nothing running software RAID, but that it not for any particular reason. Certainly, for a simple RAID-1, there's not much to setting it up on FreeBSD. See what Dru did: http://www.onlamp.com/pub/a/bsd/2005/11/10/FreeBSD_Basics.html -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php PGCon - The PostgreSQL Conference - http://www.pgcon.org/ From jonathan at kc8onw.net Thu Mar 8 07:59:05 2007 From: jonathan at kc8onw.net (Jonathan Stewart) Date: Thu, 08 Mar 2007 07:59:05 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> Message-ID: <45F00899.1070108@kc8onw.net> Jonathan Vanasco wrote: > Is there a preferred software raid on FreeBSD ? > > If so, what is the stability? The only thing i found is vinum, and > it seems to be stagnant for the past 3 years. I know it doesn't do much good right now but RAIDZ, which is part of ZFS, is being ported to FreeBSD right now. It's something I'm definitely keeping my eye on. Jonathan From lego at therac25.net Thu Mar 8 09:11:07 2007 From: lego at therac25.net (Andy Michaels) Date: Thu, 8 Mar 2007 09:11:07 -0500 (EST) Subject: [nycbug-talk] was Re: FreeBSD software RAID? In-Reply-To: <45EFBE6A.15375.13A21ADC@dan.langille.org> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com>, , <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <45EFBE6A.15375.13A21ADC@dan.langille.org> Message-ID: On Thu, 8 Mar 2007, Dan Langille wrote: /* snip snip */ >> So we have Miles saying (I think) that the RAID3 implementation in >> FreeBSD is better than the RAID5 implementation, then Steven saying >> that RAID3 is the redheaded stepchild of disk arrays. > > Andy: The discussions you read about RAID5 and RAID3 where not based > on the "FreeBSD implementation". They were about RAID in general. > They were discussing the pros and cons that that particular RAID > configuration. They were *not* talking about any particular > implementation of RAID. It is an important point. > > Reading this might help understand the various RAID configurations: > > http://en.wikipedia.org/wiki/Redundant_array_of_independent_disks > Good read! >> I'm beginning to think that software RAID on FreeBSD isn't worth the >> hassle and a modest investment in a supported RAID card is in order. >> Is this the real recommendation? > > Nobody said that in what you quoted. They were steering you away > from RAID-3 and from RAID-5. Personally, I recommend RAID-1 > (mirroring, minimum of 2 disks) or RAID-10 (mirroring and striping, > minimum of 4 disks). > Great! Thanks for the clarification. I wasn't sure if the FreeBSD specifics were being discussed or if a general disdain for RAID3 and 5 was being expressed. > I have a few servers using RAID: RAID-1, RAID-10, and RAID-5. > > I have nothing running software RAID, but that it not for any > particular reason. Certainly, for a simple RAID-1, there's not much > to setting it up on FreeBSD. See what Dru did: > > http://www.onlamp.com/pub/a/bsd/2005/11/10/FreeBSD_Basics.html > Also a good article! I am currently using LVM (on debian) for our 2TB NAS here at work. I had to do a lot of digging because of "NVRAID". I guess this "hardware-assisted" RAID is all the rage these days. Finally, I realized that I could completely ignore it and just use pure software RAID via LVM. That machine also has a Promise SuperTrak EX8350. Nice card. We're running it in RAID5. So far, good expereinces, haven't run into issues, so I don't know how well it does in failure situations. The drivers are open source, and supported under FBSD. Unfortunately, it ain't cheap. On the software side, all of our XServes (3 of 'em, 2 G5 and one Xeon) are using Apple's software RAID. It's really convenient, but something about it makes me nervous. I guess since we're just doing RAID-1, it's not such a big deal, but I'm kind of surprised Apple doesn't ship their enterprise-class boxes with hardware RAID. Can anyone confirm that the XServe RAID is honest-to-goodness hardware RAID? sorry for the ramble! -Andy From kit at kithalsted.com Thu Mar 8 10:12:50 2007 From: kit at kithalsted.com (Kit Halsted) Date: Thu, 8 Mar 2007 10:12:50 -0500 Subject: [nycbug-talk] was Re: FreeBSD software RAID? In-Reply-To: References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com>, , <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <45EFBE6A.15375.13A21ADC@dan.langille.org> Message-ID: XServe RAIDs are definitely hardware RAID. What you get is a 3u box with 14 drive bays. There are 2 RAID controller units, each controlling 7 drive bays. Each drive bay is an independent IDE channel. There are redundant power supplies and cooling modules, & everything is hot-swappable. The only caveat I would mention is that the controllers are not redundant. Cheers, -Kit At 9:11 AM -0500 3/8/07, Andy Michaels wrote: <...> >I'm kind of surprised Apple doesn't ship their >enterprise-class boxes with hardware RAID. Can anyone confirm that the >XServe RAID is honest-to-goodness hardware RAID? <...> -- Kit Halsted Computers & Networking 917-903-9438 kit at kithalsted.com From KReiter at insidefsi.net Thu Mar 8 10:44:19 2007 From: KReiter at insidefsi.net (Kevin Reiter) Date: Thu, 8 Mar 2007 10:44:19 -0500 Subject: [nycbug-talk] Scripting Question Message-ID: <184B0715C3D74243B86F872B55C340E703A90CCC@fsi32.fsidp.insidefsi.com> All, I know this doesn't pertain to *BSD specifically, but I know there are scripting gurus in here that may know how to do this. What I'm trying to do is take a file containing a list of numbers, in the form of: 1 2 3 4 5 and convert it to a comma-delimited list on a single line (i.e. 1,2,3,4,5) and write that to an existing file on a specific line. (For the curious, what I'm trying to accomplish is taking the results of an Nmap scan, grepping the open ports found, and writing those ports to .nessusrc in order to have Nessus only scan the open ports. I'm using Free 6.2-RELEASE as my platform of choice, and Bash as my shell, FWIW) The examples I've found on a few Google searches don't come close enough to provide any clues. TIA, Kev Kevin Reiter Senior Security Engineer Financial Services, Inc. 21 Harristown Road Glen Rock, New Jersey 07452 (201)652-6000, ext. 588 PGP ID: 0xEE665233 This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed. If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. From KReiter at insidefsi.net Thu Mar 8 11:04:23 2007 From: KReiter at insidefsi.net (Kevin Reiter) Date: Thu, 8 Mar 2007 11:04:23 -0500 Subject: [nycbug-talk] Scripting Question In-Reply-To: <20070308160043.GQ15998@cybertron.cyth.net> Message-ID: <184B0715C3D74243B86F872B55C340E703A90CCD@fsi32.fsidp.insidefsi.com> -----Original Message----- From: Ray Lai [mailto:ray at cyth.net] Sent: Thursday, March 08, 2007 11:00 AM To: Kevin Reiter Cc: NYCBUG Talk Subject: Re: [nycbug-talk] Scripting Question On Thu, Mar 08, 2007 at 10:44:19AM -0500, Kevin Reiter wrote: > All, > > I know this doesn't pertain to *BSD specifically, but I know there are scripting gurus in here that may know how to do this. > > What I'm trying to do is take a file containing a list of numbers, in the form of: > > 1 > 2 > 3 > 4 > 5 > > and convert it to a comma-delimited list on a single line (i.e. 1,2,3,4,5) and write that to an existing file on a specific line. $ jot -s, 5 Interesting, indeed. What's the syntax when I don't know the last number, nor how many numbers are in the given list? This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed. If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. From bob at redivi.com Thu Mar 8 11:12:04 2007 From: bob at redivi.com (Bob Ippolito) Date: Thu, 8 Mar 2007 08:12:04 -0800 Subject: [nycbug-talk] was Re: FreeBSD software RAID? In-Reply-To: References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <45EFBE6A.15375.13A21ADC@dan.langille.org> Message-ID: <6a36e7290703080812k524923c6jf188f3d49a7c873c@mail.gmail.com> That's no what an Xserve is. That's the Xserve RAID... -bob On 3/8/07, Kit Halsted wrote: > XServe RAIDs are definitely hardware RAID. What you get is a 3u box > with 14 drive bays. There are 2 RAID controller units, each > controlling 7 drive bays. Each drive bay is an independent IDE > channel. There are redundant power supplies and cooling modules, & > everything is hot-swappable. The only caveat I would mention is that > the controllers are not redundant. > > Cheers, > -Kit > > At 9:11 AM -0500 3/8/07, Andy Michaels wrote: > <...> > >I'm kind of surprised Apple doesn't ship their > >enterprise-class boxes with hardware RAID. Can anyone confirm that the > >XServe RAID is honest-to-goodness hardware RAID? > <...> > > -- > Kit Halsted > Computers & Networking > 917-903-9438 > kit at kithalsted.com > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From KReiter at insidefsi.net Thu Mar 8 11:13:33 2007 From: KReiter at insidefsi.net (Kevin Reiter) Date: Thu, 8 Mar 2007 11:13:33 -0500 Subject: [nycbug-talk] Scripting Question In-Reply-To: <20070308160737.GR15998@cybertron.cyth.net> Message-ID: <184B0715C3D74243B86F872B55C340E703A90CCE@fsi32.fsidp.insidefsi.com> -----Original Message----- From: Ray Lai [mailto:ray at cyth.net] Sent: Thursday, March 08, 2007 11:07 AM To: Kevin Reiter Subject: Re: [nycbug-talk] Scripting Question On Thu, Mar 08, 2007 at 11:00:20AM -0500, Ray Lai wrote: > On Thu, Mar 08, 2007 at 10:44:19AM -0500, Kevin Reiter wrote: > > All, > > > > I know this doesn't pertain to *BSD specifically, but I know there are scripting gurus in here that may know how to do this. > > > > What I'm trying to do is take a file containing a list of numbers, in the form of: > > > > 1 > > 2 > > 3 > > 4 > > 5 > > > > and convert it to a comma-delimited list on a single line (i.e. 1,2,3,4,5) and write that to an existing file on a specific line. > > $ jot -s, 5 Oops, should have read more carefully. Try: $ tr '\n' , < file.in | sed 's/,$//' > file.out The bit about a specific line is more difficult, though you could probably use a combination of head(1) and tail(1). Or just use Perl. -Ray- I don't know how to do "Hello World!" in Perl, let alone trying to figure this out with it :) The second example worked like a charm: tr '\n' , < host-ports | sed 's/,$//' > $port_temp That did the trick, aside from rewriting the line in .nessusrc with the output, which I can I can do in a minute or two.. Thanks! This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed. If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. From scottro at nyc.rr.com Thu Mar 8 11:39:45 2007 From: scottro at nyc.rr.com (Scott Robbins) Date: Thu, 8 Mar 2007 11:39:45 -0500 Subject: [nycbug-talk] Scripting Question In-Reply-To: <184B0715C3D74243B86F872B55C340E703A90CCE@fsi32.fsidp.insidefsi.com> References: <20070308160737.GR15998@cybertron.cyth.net> <184B0715C3D74243B86F872B55C340E703A90CCE@fsi32.fsidp.insidefsi.com> Message-ID: <20070308163945.GA43890@uws1.starlofashions.com> On Thu, Mar 08, 2007 at 11:13:33AM -0500, Kevin Reiter wrote: > -----Original Message----- > From: Ray Lai [mailto:ray at cyth.net] > Sent: Thursday, March 08, 2007 11:07 AM > To: Kevin Reiter > Subject: Re: [nycbug-talk] Scripting Question > > > On Thu, Mar 08, 2007 at 11:00:20AM -0500, Ray Lai wrote: > > On Thu, Mar 08, 2007 at 10:44:19AM -0500, Kevin Reiter wrote: > > > All, > > > > > > I know this doesn't pertain to *BSD specifically, but I know there are scripting gurus in here that may know how to do this. > > > > > > What I'm trying to do is take a file containing a list of numbers, in the form of: > > > > > > 1 > > > 2 > > > 3 > > > 4 > > > 5 > > > > > > and convert it to a comma-delimited list on a single line (i.e. 1,2,3,4,5) and write that to an existing file on a specific line. > > > > $ jot -s, 5 Just for fun (and because I ~like~ jot) Call the original file test #!/bin/sh Y="$(wc -l test)" jot -s "$Y" < test worked perfectly. Kevin's solution is more elegant (and more robust I think). It proves the adage that in Unix (and of course, Unix-like systems) there's always more than one way to do something. (The corollary is that somone will think your way is stupid.) :) -- Scott Robbins GPG KeyID EB3467D6 ( 1B848 077D 66F6 9DB0 FDC2 A409 FA54 D575 EB34 67D6) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Angel: She murdered a man right in front of me, and I can't even testify to that fact in a court of law. Cordelia: Well, maybe in night court you could... From bob at redivi.com Thu Mar 8 11:48:38 2007 From: bob at redivi.com (Bob Ippolito) Date: Thu, 8 Mar 2007 08:48:38 -0800 Subject: [nycbug-talk] Scripting Question In-Reply-To: <184B0715C3D74243B86F872B55C340E703A90CCC@fsi32.fsidp.insidefsi.com> References: <184B0715C3D74243B86F872B55C340E703A90CCC@fsi32.fsidp.insidefsi.com> Message-ID: <6a36e7290703080848g5e9346efvb912ea45cc10802d@mail.gmail.com> On 3/8/07, Kevin Reiter wrote: > All, > > I know this doesn't pertain to *BSD specifically, but I know there are scripting gurus in here that may know how to do this. > > What I'm trying to do is take a file containing a list of numbers, in the form of: > > 1 > 2 > 3 > 4 > 5 > > and convert it to a comma-delimited list on a single line (i.e. 1,2,3,4,5) and write that to an existing file on a specific line. > > (For the curious, what I'm trying to accomplish is taking the results of an Nmap scan, grepping the open ports found, and writing those ports to .nessusrc in order to have Nessus only scan the open ports. I'm using Free 6.2-RELEASE as my platform of choice, and Bash as my shell, FWIW) > > The examples I've found on a few Google searches don't come close enough to provide any clues. bump:~/tmp bob$ awk 'BEGIN { printf "%s", getline } { printf ",%s", $0 } END { print }' < foo 1,2,3,4,5 bump:~/tmp bob$ cat foo 1 2 3 4 5 -bob From nikolai at fetissov.org Thu Mar 8 13:29:59 2007 From: nikolai at fetissov.org (nikolai) Date: Thu, 8 Mar 2007 13:29:59 -0500 (EST) Subject: [nycbug-talk] March 2007 meeting audio Message-ID: <2529.63.66.6.15.1173378599.squirrel@www.geekisp.com> Folks, The audio of Matthew's presentation is available. Cheers, -- Nikolai http://www.fetissov.org/public/nycbug/ From pete at nomadlogic.org Thu Mar 8 13:40:21 2007 From: pete at nomadlogic.org (Peter Wright) Date: Thu, 8 Mar 2007 10:40:21 -0800 (PST) Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> Message-ID: <3111.160.33.20.11.1173379221.squirrel@webmail.nomadlogic.org> >>>>>> "sk" == Steven Kreuzer writes: >>>>>> "gr" == George Rosamond writes: > > yeah maybe. again, I'm heavy on ranting and short on experience, but > at least going from my _friends'_ experience with hardware RAID, I > intend to stay the hell away from any RAID-on-a-card, period. > That's crazy, hardware RAID is by far the prefered method for implementing disk redundancy. Aside from the fact that it allows you to offload the RAID management and logic to hardware dedicated to the task - most decent controllers offer BBU's (Battery Backup Units) which not only allow better I/O rates but also help prevent loss of data during a catastrophic event. with out this, the only way one can garunetee that data makes it to disk is to use synchronous writes, this will hinder disk I/O substantially. This is not possible with software RAID implementations - as your are dependent upon the health of the OS to ensure data makes it to disk. You think vendors like NetApp/EMC/IBM/etc. use software to implement low level RAID functionality? > First, many of them don't have an NVRAM. Some have something they > call an NVRAM, but they use it to store metadata, not for a write > cache to plug the RAID5 write hole. This is the whole reason for > doing hardware RAID: to get that NVRAM to fix the RAID5 write hole. > OK, let's be careful here, there is the configuration data that the hardware raid controller knows about which will often be stored on the cards NVRAM. then there is the filesystem metadata - which is stored on disk. it's completely possible, and reasonable, to swap hardware RAID cards and configure them with the same RAID configuration and have your data on disk be intact. > Second, there are too many horror stories of RAID cards losing entire > arrays. The card goes bad or gets confused. It's part of Dell's > card-of-the-month club, and a replacement card is unobtainable, and > new cards won't work with the array. Or the array's metadata was > stored on the old card's so-called-but-not-really NVRAM, so the new > card understands the old array but won't recognize it. or the > configurator tool is clunky and buggy and won't give back your array, > or there's more than one configurator like one in BIOS and one in DOS > and one in Windows, and only one tool works and the others are decoys, > or whatever. I do not know of any production class RAID controllers that store all metadata for files on the controller itself. Maybe I'm not reading this correctly though... > > With software RAID, you can back up your metadata on _paper_ if you > want to, and type it in by hand---the array will still work. If > you're concerned about your method of paper backup, you can test it on > a non-live filesystem. Deliberately delete/confuse your metadata, and > force-recreate the array, see if it passes fsck and 'pax -r . > > /dev/null'. Keep trying until you have a written procedure that > works. Label the physical disks with their names on the sheet of > paper (so you've recorded their stripe ordering). so there is less > possibility software RAID will refuse to see your array because some > little pointer block got mangled, than with the card-RAID. And you > don't have to worry about multiple opaque configurator tools---there's > just one, and it's native to the OS, and it's available on the > LiveCD/installCD/whatever. > yea right, let's try typing in the metadata for a 2TB volume :) a better solution may be to back up your metadata to some sort of digital archive medium (tape/dvd etc) - but i don't even know of any software raid implementations that allow you to store you filesystem metadata outside of the raid array. this is something that is often done with hardware raid controllers - in fact it's a recommend configuration for SAN's that do high I/O from multiple clients. reading and modifying metadata is a pretty expensive operation. i think you may be thinking about your software raid configuration data here not metadata... > > I'm sure a bunch of people can chime in and say ``I've used > RAID-on-a-card, and I can't stress enough how close to zero is the > number of problems I've had with it. It is really close to zero. > It's so unbelieveably close to zero, it IS zero, so I think it must be > very trustworthy.'' Well, that's great, I'm just saying I've heard > more than one story from someone who HAS had some stupid problem with > some expensive RAID-on-a-card that they really shouldn't be having. > i'd be willing to bet any problems people have had with hardware RAID may have been due to misconfiguration of the array itself, or a misunderstanding about the fundamentals of configuring RAID. > A mirror is also very nice for snapshots. You can break the mirror, > do something dangerous, and then resync it only if you succeed. > Sometimes either side of the mirror is bootable, so that's extremely > nice. snap shotting and RAID/mirroring/etc are two completely independent concepts. granted most people will need to implement some sort of RAID implementation when doing snap shotting due to the amount of data you will be generating. snap shotting allows an admin to take an image (a snap shot) of the current state of a file system and store it in a read-only location on your volume/disk. many people will use this in addition with traditional backup policies, as a "nearline" backup for example - or even take a snap shot of a volume then back data that up rather than the live data. -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From george at ceetonetechnology.com Thu Mar 8 13:45:00 2007 From: george at ceetonetechnology.com (George R.) Date: Thu, 08 Mar 2007 13:45:00 -0500 Subject: [nycbug-talk] March 2007 meeting audio In-Reply-To: <2529.63.66.6.15.1173378599.squirrel@www.geekisp.com> References: <2529.63.66.6.15.1173378599.squirrel@www.geekisp.com> Message-ID: <45F059AC.9040207@ceetonetechnology.com> nikolai wrote: > Folks, > The audio of Matthew's presentation is available. > Cheers, > -- > Nikolai > > http://www.fetissov.org/public/nycbug/ Thanks, as usual, Nikolai. . . George From carton at Ivy.NET Thu Mar 8 14:49:55 2007 From: carton at Ivy.NET (Miles Nordin) Date: Thu, 08 Mar 2007 14:49:55 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <3111.160.33.20.11.1173379221.squirrel@webmail.nomadlogic.org> (Peter Wright's message of "Thu, 8 Mar 2007 10:40:21 -0800 (PST)") References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> <3111.160.33.20.11.1173379221.squirrel@webmail.nomadlogic.org> Message-ID: >>>>> "pw" == Peter Wright writes: pw> i think you may be thinking about your software raid pw> configuration data here not metadata... yeah, I am. The meaning of the word ``meta'' is very flexible. The way I've used it _is_ appropriate---in Solaris SVM for example: NAME metadb - create and delete replicas of the metadevice state database (which is where array geometry and state is stored) pw> most decent controllers offer BBU's (Battery Backup Units) pw> which not only allow better I/O rates but also help prevent pw> loss of data during a catastrophic well the BBU's plug the RAID5 write hole, so long as they're not separated from the disks that make up the array, as they would be if for example the hardware RAID controller card failed. They are perhaps sold for speeding up databases and mailservers and (in the old days) NFSv2 servers that do a lot of fsync(), but for the purposes of this ``i wouldn't touch'' thread, again, it's the RAID5 write hole that I care about, not performance. The need for them to achieve the illusion of the correct behavior of a single disk is the reason I think software RAID5 is, AIUI, a bad idea. pw> You think vendors like NetApp/EMC/IBM/etc. use software to pw> implement low level RAID functionality? That's a funny statement, but I know what you mean. In any case I think we agree on this so far as: my criticisms apply to RAID-on-a-card only. The SAN vendors do all have NVRAM that fixes the RAID5 write hole, but the cards often don't. Even cards that say ``we have NVRAM!'' often don't have what the SAN vendors call NVRAM, and that bugs me a lot because they are basing their business on trying to confuse people rather than on building trust, which I think is quite wrong in this space. pw> i'd be willing to bet any problems people have had with pw> hardware RAID may have been due to misconfiguration of the pw> array itself, or a misunderstanding about the fundamentals of pw> configuring RAID. ...well...I think there's a misunderstanding about the fundamental problem of losing your array because you are not able to order the model of hardware RAID controller that matches your metadata, or not being able to safely backup this metadata or move it from one card to another without a lot of hesitant, ominous key-pecks in some clunky BIOS Blue Screen of Setup. (RAID metadata, not filesystem metadata) pw> snap shotting and RAID/mirroring/etc are two completely pw> independent concepts. we disagree. I think the idea that you can use the ability to split a RAID1 to get a very simple snapshot is a relationship between mirroring and snapshots. It's also not an invention of mine nor an odd practice. In fact it's documented in the EXAMPLES section of the gmirror man page. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From pete at nomadlogic.org Thu Mar 8 16:33:38 2007 From: pete at nomadlogic.org (Peter Wright) Date: Thu, 8 Mar 2007 13:33:38 -0800 (PST) Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> <3111.160.33.20.11.1173379221.squirrel@webmail.nomadlogic.org> Message-ID: <27171.160.33.20.11.1173389618.squirrel@webmail.nomadlogic.org> >>>>>> "pw" == Peter Wright writes: > > pw> i think you may be thinking about your software raid > pw> configuration data here not metadata... > > yeah, I am. The meaning of the word ``meta'' is very flexible. The > way I've used it _is_ appropriate---in Solaris SVM for example: > > NAME > metadb - create and delete replicas of the metadevice state > database > > (which is where array geometry and state is stored) hmmm... > > pw> most decent controllers offer BBU's (Battery Backup Units) > pw> which not only allow better I/O rates but also help prevent > pw> loss of data during a catastrophic > > well the BBU's plug the RAID5 write hole, so long as they're not > separated from the disks that make up the array, as they would be if > for example the hardware RAID controller card failed. > well that's why any hardware raid controller worth purchasing supports BBU's and a write-back cache. otherwise you would need to use synchronous writes when mounting the filesystem, which for some people may be acceptable. > They are perhaps sold for speeding up databases and mailservers and > (in the old days) NFSv2 servers that do a lot of fsync(), but for the > purposes of this ``i wouldn't touch'' thread, again, it's the RAID5 > write hole that I care about, not performance. > pretty much any "enterprise" grade hardware RAID controller will use a BBU and write-back cache not only for data integrity reasons but also for the performance gains. > The need for them to achieve the illusion of the correct behavior of a > single disk is the reason I think software RAID5 is, AIUI, a bad idea. > > pw> You think vendors like NetApp/EMC/IBM/etc. use software to > pw> implement low level RAID functionality? > > That's a funny statement, but I know what you mean. > sorta, i was referring to the fact that most hardware raid controllers will calculate parity etc. on the ASIC which is independent from the OS. hope that clarifies my intent. this is an important distinction: if a RAID implementation is tied to the OS, then any interruption to the OS increases risk a data corruption. by offloading this to a ASIC with a BBU one mitigates this risk by allowing data in caches to be sync'd to disk regardless of the sate of the OS. > In any case I think we agree on this so far as: my criticisms apply to > RAID-on-a-card only. The SAN vendors do all have NVRAM that fixes the > RAID5 write hole, but the cards often don't. Even cards that say ``we > have NVRAM!'' often don't have what the SAN vendors call NVRAM, and > that bugs me a lot because they are basing their business on trying to > confuse people rather than on building trust, which I think is quite > wrong in this space. > hmm...i guess i'm just not sure what you mean by "RAID-on-a-card". i'll also have to look into the "RAID5 write hole" as that's a new term for me as well. > pw> i'd be willing to bet any problems people have had with > pw> hardware RAID may have been due to misconfiguration of the > pw> array itself, or a misunderstanding about the fundamentals of > pw> configuring RAID. > > ...well...I think there's a misunderstanding about the fundamental > problem of losing your array because you are not able to order the > model of hardware RAID controller that matches your metadata, or not > being able to safely backup this metadata or move it from one card to > another without a lot of hesitant, ominous key-pecks in some clunky > BIOS Blue Screen of Setup. (RAID metadata, not filesystem metadata) > call it what it is, configuration data...not data-about-data. i still don't see your point, although i recon at this point we are beyond splitting hairs. -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From skreuzer at f2o.org Thu Mar 8 16:55:23 2007 From: skreuzer at f2o.org (Steven Kreuzer) Date: Thu, 8 Mar 2007 16:55:23 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <27171.160.33.20.11.1173389618.squirrel@webmail.nomadlogic.org> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> <3111.160.33.20.11.1173379221.squirrel@webmail.nomadlogic.org> <27171.160.33.20.11.1173389618.squirrel@webmail.nomadlogic.org> Message-ID: <113C12E4-28B2-4E2F-842B-2A5BA54B6102@f2o.org> On Mar 8, 2007, at 4:33 PM, Peter Wright wrote: > > hmm...i guess i'm just not sure what you mean by "RAID-on-a-card". > i'll > also have to look into the "RAID5 write hole" as that's a new term > for me > as well. When data in a raid stripe is updated, the parity also needs to be updated so that an XOR on all of the disks will be zero. (That what allows you to rebuild the disk when they fail). The write hole is is because you can't update two or more disks atomically so the stripe can become damaged during a crash or power outage if data is written to disk, but the parity bits didn't get calculated yet. If this occurs, when the set is being rebuilt, the parity will be inconsistent and the reconstruction will result in garbage data and it will have no idea it is generating garbage data. (RAID-1 also suffers from this) However, this is nothing to concern yourself with if you have a RAID controller with a battery backed cache. If you are going with a software RAID-1/RAID-5, stick the machine on a UPS and make sure it has enough juice to shut down the machine and have write caching turned on in the drives. SK From pete at nomadlogic.org Thu Mar 8 17:21:23 2007 From: pete at nomadlogic.org (Peter Wright) Date: Thu, 8 Mar 2007 14:21:23 -0800 (PST) Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <113C12E4-28B2-4E2F-842B-2A5BA54B6102@f2o.org> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> <3111.160.33.20.11.1173379221.squirrel@webmail.nomadlogic.org> <27171.160.33.20.11.1173389618.squirrel@webmail.nomadlogic.org> <113C12E4-28B2-4E2F-842B-2A5BA54B6102@f2o.org> Message-ID: <21507.160.33.20.11.1173392483.squirrel@webmail.nomadlogic.org> > > On Mar 8, 2007, at 4:33 PM, Peter Wright wrote: >> >> hmm...i guess i'm just not sure what you mean by "RAID-on-a-card". >> i'll >> also have to look into the "RAID5 write hole" as that's a new term >> for me >> as well. > > When data in a raid stripe is updated, the parity also needs to be > updated so that an XOR on all of the disks will be zero. (That what > allows you to rebuild the disk when they fail). The write hole is is > because you can't update two or more disks atomically so the stripe > can become damaged during a crash or power outage if data is written > to disk, but the parity bits didn't get calculated yet. > > If this occurs, when the set is being rebuilt, the parity will be > inconsistent and the reconstruction will result in garbage data and > it will have no idea it is generating garbage data. (RAID-1 also > suffers from this) > > However, this is nothing to concern yourself with if you have a RAID > controller with a battery backed cache. > If you are going with a software RAID-1/RAID-5, stick the machine on > a UPS and make sure it has enough juice to shut down the machine and > have write caching turned on in the drives. > ahh..i'm familiar with that issue, never thought to give it a name. thanks! -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From okan at demirmen.com Thu Mar 8 17:25:45 2007 From: okan at demirmen.com (Okan Demirmen) Date: Thu, 8 Mar 2007 17:25:45 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <27171.160.33.20.11.1173389618.squirrel@webmail.nomadlogic.org> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> <3111.160.33.20.11.1173379221.squirrel@webmail.nomadlogic.org> <27171.160.33.20.11.1173389618.squirrel@webmail.nomadlogic.org> Message-ID: <20070308222545.GN10311@clam.khaoz.org> [snip everything i prefer not to comment on] > > In any case I think we agree on this so far as: my criticisms apply to > > RAID-on-a-card only. The SAN vendors do all have NVRAM that fixes the > > RAID5 write hole, but the cards often don't. Even cards that say ``we > > have NVRAM!'' often don't have what the SAN vendors call NVRAM, and > > that bugs me a lot because they are basing their business on trying to > > confuse people rather than on building trust, which I think is quite > > wrong in this space. there are 3 types of raid: software, hardware and hardware+software. don't confuse and spread fud about one or the other until you specify which one you wish to praise or defame. i have my opinions and experience, but i'll defer. > hmm...i guess i'm just not sure what you mean by "RAID-on-a-card". yes, he has not been clear; there are major differences. From nycbug-list at 2xlp.com Thu Mar 8 17:35:56 2007 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Thu, 8 Mar 2007 17:35:56 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <27171.160.33.20.11.1173389618.squirrel@webmail.nomadlogic.org> References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> <3111.160.33.20.11.1173379221.squirrel@webmail.nomadlogic.org> <27171.160.33.20.11.1173389618.squirrel@webmail.nomadlogic.org> Message-ID: Chiming in, as I started this all-- I'm just doing a mirror for redundancy, so a software implementation should be fine. Likely a mirror + a DB log for double redundancy -- but thats another story. I've incidentally found an increasing number of motherboards that directly support raid through their SATA controllers, so that might be an option. I've used hardware raids in the past - not with FreeBSD, but with Macs. 9/10 times they ended up being the root of all problems. Drivers would phase in and out of compatibility with os updates. Raid cards would continually fail. I'm not saying that its common, I'm just saying that its my luck -- something I've experienced , and something I'd like to avoid. A properly done hardware raid would undoubtedly be better than a software one -- I've just yet to experience a card mfg with consistent hardware and software support. I'm sure many people here have found satisfactory solutions -- I just haven't. I've also never had an IBM drive fail , but have had 10 Western Digitals die -- and know many people who are the exact opposite. // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | SyndiClick.com | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From carton at Ivy.NET Thu Mar 8 17:47:50 2007 From: carton at Ivy.NET (Miles Nordin) Date: Thu, 08 Mar 2007 17:47:50 -0500 Subject: [nycbug-talk] FreeBSD software RAID? In-Reply-To: <27171.160.33.20.11.1173389618.squirrel@webmail.nomadlogic.org> (Peter Wright's message of "Thu, 8 Mar 2007 13:33:38 -0800 (PST)") References: <71D39211-3BE3-486D-8EEE-68D0F562A5B0@2xlp.com> <6ad18d7eb8f85d75059471310ff89b77@therac25.net> <4D4EDB9D-F9AE-4E42-9BFB-DE536CC1FFE6@ceetonetechnology.com> <3111.160.33.20.11.1173379221.squirrel@webmail.nomadlogic.org> <27171.160.33.20.11.1173389618.squirrel@webmail.nomadlogic.org> Message-ID: >>>>> "pw" == Peter Wright writes: pw> well that's why any hardware raid controller worth purchasing pw> supports BBU's and a write-back cache. IIRC most Dell PERC are sold without pw> otherwise you would need to use synchronous writes when pw> mounting the filesystem, which for some people may be pw> acceptable. I disagree. The NVRAM may allow you to turn on -o sync without losing as much performance w.r.t. softdep as you would with a real disk. but if you use -o softdep like a normal mount, (if it weren't for the problems of NVRAMless RAID5) you would have the same level of integrity protection with or without the BBU---that level which is defined by softdep. And on a non-NVRAM system, mounting the filesystem '-o sync' will *not* help with the RAID5 write hole. only NVRAM will help that. pw> this is an important distinction: if a RAID implementation is pw> tied to the OS, then any interruption to the OS increases risk pw> a data corruption. by offloading this to a ASIC with a BBU pw> one mitigates this risk by allowing data in caches to be pw> sync'd to disk regardless of the sate of the OS. but softdep does provide integrity guarantees on power loss. and using RAID3 instead of RAID5 closes the RAID5 write hole by always doing full stripe writes (ZFS does the same thing). pw> i guess i'm just not sure what you mean by "RAID-on-a-card". I mean so-called ``hardware RAID'' that's implemented by a tiny computer on a PCI card or a motherboard. This is what most people seem to run to after they use software RAID5 and lose a bunch of data, or get tired of waiting for mirror rebuilds with software RAID1. and it is IMHO junk. pw> i still don't see your point, If you smoke your RAID card, and it's an old RAID card, and you can't get another one, you can lose the contents whole array. Sometimes, even if you can get another one, some quirk of the multiple BIOS/DOS/Windows configuraturs they give you makes it impossible to get the old array working with your new card. I've heard multiple stories like this from friends, and the Interweb is full of them as well with headings like ``Dell PERC OH GOD NO''. Software RAID doesn't have this problem. (nor does SAN under a service contract.) It has other problems, but not this one. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From ike at lesmuug.org Thu Mar 8 14:16:31 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 9 Mar 2007 04:16:31 +0900 Subject: [nycbug-talk] March 2007 meeting audio In-Reply-To: <2529.63.66.6.15.1173378599.squirrel@www.geekisp.com> References: <2529.63.66.6.15.1173378599.squirrel@www.geekisp.com> Message-ID: <8C797F3D-D79A-48BF-A3EC-DC515B3AD5A2@lesmuug.org> On Mar 9, 2007, at 3:29 AM, nikolai wrote: > Folks, > The audio of Matthew's presentation is available. > Cheers, > -- > Nikolai > > http://www.fetissov.org/public/nycbug/ Nikolai, Thank You!!! Rocket- .ike From skreuzer at f2o.org Thu Mar 8 19:08:06 2007 From: skreuzer at f2o.org (Steven Kreuzer) Date: Thu, 8 Mar 2007 19:08:06 -0500 Subject: [nycbug-talk] FreeBSD Approved for Redistribution of Intel WiFi Firmware Message-ID: <75303036-1CD9-42F1-A5A5-2732D8CB90C4@f2o.org> I saw this mentioned to the freebsd-current mailing list and Intel put out a press release about it. http://www.prweb.com/releases/2007/03/prweb509818.htm "The inclusion of firmware for popular Intel wireless devices means that users of FreeBSD will have native wireless support for many Centrino-branded Intel PRO/Wireless devices without downloading additional software. This approval includes firmware for the Intel 2100, 2200BG, 2225BG, 2915ABG, and the 3945ABG devices." Now, after you install FreeBSD on a laptop with one of the chipsets listed above, you no longer have to plug it into a wired network, goto Intel's site, hunt down the firmware and click through the license to download it. You simply set legal.intel_driver.license_ack=1 in /boot/loader.conf after you agree to the Intel LICENSE file located in /usr/share/doc/legal/intel_driver (driver will be either ipw or iwi) While its still annoying, its not as annoying as it used to be. I suppose that is a somewhat fair compromise for now. SK From KReiter at insidefsi.net Fri Mar 9 13:12:44 2007 From: KReiter at insidefsi.net (Kevin Reiter) Date: Fri, 9 Mar 2007 13:12:44 -0500 Subject: [nycbug-talk] Scripting Question In-Reply-To: <184B0715C3D74243B86F872B55C340E703A90CCE@fsi32.fsidp.insidefsi.com> Message-ID: <184B0715C3D74243B86F872B55C340E703A90D25@fsi32.fsidp.insidefsi.com> ----- opriginal message ----- The second example worked like a charm: tr '\n' , < host-ports | sed 's/,$//' > $port_temp That did the trick, aside from rewriting the line in .nessusrc with the output, which I can I can do in a minute or two.. Thanks! ------------------------------ (yeah, Outlook sucks :) Follow-up question: Is there a quick and dirty way to check for duplicate entries, and eliminate them if they exist? For example: 1 1 2 3 3 3 4 5 I need: 1,2,3,4,5 Is there a quick check/solution for this? TIA, Kev This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed. If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. From quincy111 at gmail.com Fri Mar 9 13:36:32 2007 From: quincy111 at gmail.com (James) Date: Fri, 09 Mar 2007 13:36:32 -0500 Subject: [nycbug-talk] Scripting Question In-Reply-To: <184B0715C3D74243B86F872B55C340E703A90D25@fsi32.fsidp.insidefsi.com> References: <184B0715C3D74243B86F872B55C340E703A90D25@fsi32.fsidp.insidefsi.com> Message-ID: <45F1A930.7010708@gmail.com> Kevin Reiter wrote: > Follow-up question: Is there a quick and dirty way to check for duplicate entries, and eliminate them if they exist? > > For example: > > 1 > 1 > 2 > 3 > 3 > 3 > 4 > 5 > > I need: 1,2,3,4,5 > > Is there a quick check/solution for this? > uniq should work, no? -- james From okan at demirmen.com Fri Mar 9 13:37:58 2007 From: okan at demirmen.com (Okan Demirmen) Date: Fri, 9 Mar 2007 13:37:58 -0500 Subject: [nycbug-talk] Scripting Question In-Reply-To: <184B0715C3D74243B86F872B55C340E703A90D25@fsi32.fsidp.insidefsi.com> References: <184B0715C3D74243B86F872B55C340E703A90CCE@fsi32.fsidp.insidefsi.com> <184B0715C3D74243B86F872B55C340E703A90D25@fsi32.fsidp.insidefsi.com> Message-ID: <20070309183758.GW10311@clam.khaoz.org> On Fri 2007.03.09 at 13:12 -0500, Kevin Reiter wrote: > ----- opriginal message ----- > The second example worked like a charm: > > tr '\n' , < host-ports | sed 's/,$//' > $port_temp > > That did the trick, aside from rewriting the line in .nessusrc with the output, which I can I can do in a minute or two.. > > Thanks! > > ------------------------------ > (yeah, Outlook sucks :) > > Follow-up question: Is there a quick and dirty way to check for duplicate entries, and eliminate them if they exist? > > For example: > > 1 > 1 > 2 > 3 > 3 > 3 > 4 > 5 > > I need: 1,2,3,4,5 > > Is there a quick check/solution for this? there are tons, here is one: cat host-ports |sort|uniq|xargs|sed 's/ /,/g' cat host-ports |sort -u|xargs|sed 's/ /,/g' From okan at demirmen.com Fri Mar 9 13:40:38 2007 From: okan at demirmen.com (Okan Demirmen) Date: Fri, 9 Mar 2007 13:40:38 -0500 Subject: [nycbug-talk] FreeBSD Approved for Redistribution of Intel WiFi Firmware In-Reply-To: <75303036-1CD9-42F1-A5A5-2732D8CB90C4@f2o.org> References: <75303036-1CD9-42F1-A5A5-2732D8CB90C4@f2o.org> Message-ID: <20070309184038.GX10311@clam.khaoz.org> On Thu 2007.03.08 at 19:08 -0500, Steven Kreuzer wrote: > I saw this mentioned to the freebsd-current mailing list and Intel > put out a press release about it. > > http://www.prweb.com/releases/2007/03/prweb509818.htm > > "The inclusion of firmware for popular Intel wireless devices means > that users of FreeBSD will have native wireless support for many > Centrino-branded Intel PRO/Wireless devices without downloading > additional software. This approval includes firmware for the Intel > 2100, 2200BG, 2225BG, 2915ABG, and the 3945ABG devices." > > Now, after you install FreeBSD on a laptop with one of the chipsets > listed above, you no longer have to plug it into a wired network, > goto Intel's site, hunt down the firmware and click through the > license to download it. > > You simply set legal.intel_driver.license_ack=1 in /boot/loader.conf > after you agree to the Intel LICENSE file located in > /usr/share/doc/legal/intel_driver (driver will be either ipw or iwi) > > While its still annoying, its not as annoying as it used to be. I > suppose that is a somewhat fair compromise for now. this topic has hit many other places; and let's just say the response is less than stellar. From mspitzer at gmail.com Fri Mar 9 14:25:14 2007 From: mspitzer at gmail.com (Marc Spitzer) Date: Fri, 9 Mar 2007 14:25:14 -0500 Subject: [nycbug-talk] Scripting Question In-Reply-To: <8c50a3c30703091124s1be1bafarc47e548d2032a1a4@mail.gmail.com> References: <184B0715C3D74243B86F872B55C340E703A90D25@fsi32.fsidp.insidefsi.com> <45F1A930.7010708@gmail.com> <8c50a3c30703091124s1be1bafarc47e548d2032a1a4@mail.gmail.com> Message-ID: <8c50a3c30703091125s3fbd44f9x8acc88171d7e845c@mail.gmail.com> On 3/9/07, Marc Spitzer wrote: > On 3/9/07, James wrote: > > Kevin Reiter wrote: > > > Follow-up question: Is there a quick and dirty way to check for duplicate entries, and eliminate them if they exist? > > > > > > For example: > > > > > > 1 > > > 1 > > > 2 > > > 3 > > > 3 > > > 3 > > > 4 > > > 5 > > > > > > I need: 1,2,3,4,5 > > > > > > Is there a quick check/solution for this? > > > > > > > uniq should work, no? > > no, uniq assumes a sorted list. It will only remove things when they > are alike AND next to each other, like so: > -bash-3.00$ cat xxx > 1 > 1 > 2 > 1 > 1 > -bash-3.00$ uniq< xxx > 1 > 2 > 1 > -bash-3.00$ > > marc > -- > Freedom is nothing but a chance to be better. > Albert Camus > -- Freedom is nothing but a chance to be better. Albert Camus From elric at imrryr.org Fri Mar 9 14:28:02 2007 From: elric at imrryr.org (Roland Dowdeswell) Date: Fri, 09 Mar 2007 14:28:02 -0500 Subject: [nycbug-talk] Scripting Question In-Reply-To: Your message of "Fri, 09 Mar 2007 13:36:32 EST." <45F1A930.7010708@gmail.com> Message-ID: <20070309192802.7575737326@arioch.imrryr.org> On 1173465392 seconds since the Beginning of the UNIX epoch James wrote: > >Kevin Reiter wrote: >> Follow-up question: Is there a quick and dirty way to check for duplicate e >ntries, and eliminate them if they exist? >> >> For example: >> >> 1 >> 1 >> 2 >> 3 >> 3 >> 3 >> 4 >> 5 >> >> I need: 1,2,3,4,5 >> >> Is there a quick check/solution for this? >> > >uniq should work, no? sort -u. or if you want line counts, something like: sort | uniq -c | sort -nr -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/ From KReiter at insidefsi.net Fri Mar 9 16:10:04 2007 From: KReiter at insidefsi.net (Kevin Reiter) Date: Fri, 9 Mar 2007 16:10:04 -0500 Subject: [nycbug-talk] Scripting Question In-Reply-To: <20070309192802.7575737326@arioch.imrryr.org> Message-ID: <184B0715C3D74243B86F872B55C340E703A90D7B@fsi32.fsidp.insidefsi.com> Sorry for the top post, but Outlook sucks (I have no choice here at work...) Thanks to everyone that provided auggestions on this. I'm almost done with this monster, and sofar, everything is working perfectly. Here's a snippet that did the trick (and what I'm doing): # Get a full list of ports in 1 file. Since there's a full subnet # worth of files, put it in a temp location: mkdir temp cp $nmaplog/*.nmap temp/ cd temp/ cat ./*.nmap >> nessus_temp cat nessus_temp | grep open | cut -f -d\/ > ports.tmp # Then convert it into 1 line: cat ports.tmp |sort -n|uniq|xargs|sed 's/ /,/g' > ports.list mv ports.list .. cd .. # Delete the temp directory: rm -rf ./temp # Work some magik: ports=`cat ports.list` temp="port_range = $ports" # Rewrite the nessusrc with the ports we want to scan: sed -e "s/port_range =/$temp/" $nessusfile > nessus.tmp mv nessus.tmp $nessusfile -----Original Message----- From: Roland Dowdeswell [mailto:elric at imrryr.org] Sent: Friday, March 09, 2007 2:28 PM To: James Cc: Kevin Reiter; NYCBUG Talk Subject: Re: [nycbug-talk] Scripting Question On 1173465392 seconds since the Beginning of the UNIX epoch James wrote: > >Kevin Reiter wrote: >> Follow-up question: Is there a quick and dirty way to check for duplicate e >ntries, and eliminate them if they exist? >> >> For example: >> >> 1 >> 1 >> 2 >> 3 >> 3 >> 3 >> 4 >> 5 >> >> I need: 1,2,3,4,5 >> >> Is there a quick check/solution for this? >> > >uniq should work, no? sort -u. or if you want line counts, something like: sort | uniq -c | sort -nr This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed. If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. From jschauma at netmeister.org Fri Mar 9 16:58:03 2007 From: jschauma at netmeister.org (Jan Schaumann) Date: Fri, 9 Mar 2007 13:58:03 -0800 Subject: [nycbug-talk] Scripting Question In-Reply-To: <184B0715C3D74243B86F872B55C340E703A90D7B@fsi32.fsidp.insidefsi.com> References: <20070309192802.7575737326@arioch.imrryr.org> <184B0715C3D74243B86F872B55C340E703A90D7B@fsi32.fsidp.insidefsi.com> Message-ID: <20070309215803.GA11854@netmeister.org> Kevin Reiter wrote: > Sorry for the top post, but Outlook sucks (I have no choice here at work...) How exactly does Outlook force you to top post? More so, how does it force you to do it with your full knowledge, against your will and circumvents all the various actions you've attempted to not top post? It disables the "Select unused text and hit delete" functionality? A weird program indeed. :-) -Jan -- Defending Freedom in the Digital World: --- Electronic Frontier Foundation -- http://www.eff.org --- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From mspitzer at gmail.com Fri Mar 9 17:18:42 2007 From: mspitzer at gmail.com (Marc Spitzer) Date: Fri, 9 Mar 2007 17:18:42 -0500 Subject: [nycbug-talk] Scripting Question In-Reply-To: <20070309215803.GA11854@netmeister.org> References: <20070309192802.7575737326@arioch.imrryr.org> <184B0715C3D74243B86F872B55C340E703A90D7B@fsi32.fsidp.insidefsi.com> <20070309215803.GA11854@netmeister.org> Message-ID: <8c50a3c30703091418r4707db69ta8b8611a7e04928c@mail.gmail.com> On 3/9/07, Jan Schaumann wrote: > Kevin Reiter wrote: > > Sorry for the top post, but Outlook sucks (I have no choice here at work...) > > How exactly does Outlook force you to top post? More so, how does it > force you to do it with your full knowledge, against your will and > circumvents all the various actions you've attempted to not top post? > > It disables the "Select unused text and hit delete" functionality? Mind control rays marc > > A weird program indeed. :-) > > -Jan > > -- > Defending Freedom in the Digital World: > --- Electronic Frontier Foundation -- http://www.eff.org --- > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > > > -- Freedom is nothing but a chance to be better. Albert Camus From ike at lesmuug.org Fri Mar 9 22:24:00 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sat, 10 Mar 2007 12:24:00 +0900 Subject: [nycbug-talk] AsiaBSDCon!!!! Message-ID: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> Hi all! So today is the first day of the normal proceedings for AsiaBSDCon! So far there have already been some full-day tutorial sessions, which I couldn't attend... I'm taking boatloads of pics, will try to figure out how/where to post them, and will make some kind of post about the con! Rocket- .ike p.s.: TOKYO ROCKS. For the time ever for me, NYC seems like a small place- this city is like a medieval village, set about 70 years in the future, 36 million people... Amazing. From ike at lesmuug.org Fri Mar 9 22:30:50 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sat, 10 Mar 2007 12:30:50 +0900 Subject: [nycbug-talk] AsiaBSDCon!!!! Traceroute Postcard In-Reply-To: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> References: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> Message-ID: Here's a traceroute from the University of Tokyo, (amazing facility btw). Wish you were all here! ikebook:/Users/ike ike$ traceroute -I nycbug.org traceroute to nycbug.org (64.90.179.122), 64 hops max, 60 byte packets 1 192.51.212.1 (192.51.212.1) 2.508 ms 2.885 ms 1.477 ms 2 ra36-vlan2.nc.u-tokyo.ac.jp (133.11.127.43) 2.803 ms 2.321 ms 1.994 ms 3 ra37-vlan3.nc.u-tokyo.ac.jp (133.11.127.78) 2.656 ms 4.529 ms 1.531 ms 4 tokyo-s1-g2-0.sinet.ad.jp (150.99.197.169) 1.687 ms 1.570 ms 1.607 ms 5 tokyo-core1-p3-0.sinet.ad.jp (150.99.197.37) 2.465 ms 3.729 ms 3.187 ms 6 nii-s1-p4-0.sinet.ad.jp (150.99.197.22) 2.343 ms 3.088 ms 2.223 ms 7 nii-gate2-p4-0.sinet.ad.jp (150.99.198.22) 1.978 ms 2.079 ms 5.593 ms 8 lax-gate1-p4-1.sinet.ad.jp (150.99.199.14) 102.732 ms 102.793 ms 103.630 ms 9 ge-6-3.car1.losangeles1.level3.net (64.156.173.93) 102.887 ms 102.871 ms 102.795 ms 10 ae-1-51.bbr1.losangeles1.level3.net (4.68.102.1) 108.178 ms 103.090 ms 102.980 ms 11 as-1-0.bbr2.newyork1.level3.net (64.159.1.85) 174.067 ms 174.183 ms ae-0-0.bbr1.newyork1.level3.net (64.159.1.41) 174.118 ms 12 ae-24-54.car4.newyork1.level3.net (4.68.97.115) 173.763 ms ae-14-53.car4.newyork1.level3.net (4.68.97.83) 173.887 ms 174.927 ms 13 core01-gige-100-william.nyi.net (63.208.174.50) 174.467 ms 173.763 ms 176.893 ms 14 cs30.nyinternet.net (64.147.101.2) 173.842 ms 178.052 ms 174.230 ms 15 * * * 16 * * * 17 64.90.179.122.nyinternet.net (64.90.179.122) 193.813 ms 187.008 ms 189.635 ms On Mar 10, 2007, at 12:24 PM, Isaac Levy wrote: > Hi all! > > So today is the first day of the normal proceedings for > AsiaBSDCon! So far there have already been some full-day tutorial > sessions, which I couldn't attend... > > I'm taking boatloads of pics, will try to figure out how/where to > post them, and will make some kind of post about the con! > > Rocket- > .ike > > > p.s.: TOKYO ROCKS. For the time ever for me, NYC seems like a > small place- this city is like a medieval village, set about 70 > years in the future, 36 million people... Amazing. > From lavalamp at spiritual-machines.org Fri Mar 9 22:39:48 2007 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Fri, 9 Mar 2007 22:39:48 -0500 (EST) Subject: [nycbug-talk] AsiaBSDCon!!!! In-Reply-To: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> References: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> Message-ID: <20070309223837.Y87127@arbitor.digitalfreaks.org> > I'm taking boatloads of pics, will try to figure out how/where to I'll buy you an island in the south pacific if you can find me pics you took in November at the conference >:p ~BAS From scottro at nyc.rr.com Fri Mar 9 22:48:28 2007 From: scottro at nyc.rr.com (Scott Robbins) Date: Fri, 9 Mar 2007 22:48:28 -0500 Subject: [nycbug-talk] AsiaBSDCon!!!! In-Reply-To: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> References: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> Message-ID: <20070310034828.GA20157@mail.scottro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Mar 10, 2007 at 12:24:00PM +0900, Isaac Levy wrote: > Hi all! > > So today is the first day of the normal proceedings for AsiaBSDCon! > So far there have already been some full-day tutorial sessions, which > I couldn't attend... > > I'm taking boatloads of pics, will try to figure out how/where to > post them, and will make some kind of post about the con! > > Rocket- > .ike > > > p.s.: TOKYO ROCKS. For the time ever for me, NYC seems like a small > place- this city is like a medieval village, set about 70 years in > the future, 36 million people... Amazing. Have fun on the subways. :) The interesting thing about Tokyo is that there's absolutely no rhyme or reason to streets or numbers. I believe it's because they were named in order of being given by the shougun to his favorites. - -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Xander: I'm not worried. If there's something bad out there, we'll find, you'll slay, we'll party. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFF8iqM+lTVdes0Z9YRAlvsAJ4qRAQlDTF9DX59jNa60RAILEbVqwCgmYgI KJUjptE6VdaBytNgqMS40lA= =KnDX -----END PGP SIGNATURE----- From george at ceetonetechnology.com Fri Mar 9 22:52:30 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 09 Mar 2007 22:52:30 -0500 Subject: [nycbug-talk] AsiaBSDCon!!!! In-Reply-To: <20070310034828.GA20157@mail.scottro.net> References: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> Message-ID: <45F22B7E.7040703@ceetonetechnology.com> Scott Robbins wrote: > On Sat, Mar 10, 2007 at 12:24:00PM +0900, Isaac Levy wrote: >> Hi all! > >> So today is the first day of the normal proceedings for AsiaBSDCon! >> So far there have already been some full-day tutorial sessions, which >> I couldn't attend... > >> I'm taking boatloads of pics, will try to figure out how/where to >> post them, and will make some kind of post about the con! > >> Rocket- >> .ike > > >> p.s.: TOKYO ROCKS. For the time ever for me, NYC seems like a small >> place- this city is like a medieval village, set about 70 years in >> the future, 36 million people... Amazing. > > Have fun on the subways. :) > > The interesting thing about Tokyo is that there's absolutely no rhyme or > reason to streets or numbers. I believe it's because they were named in > order of being given by the shougun to his favorites. > I haven't been, but to me the most interesting thing is the 'tech ghetto' Akihabara. http://en.wikipedia.org/wiki/Akihabara Full of crazy gadgets for soldering or plugging into your USB port. . . It sounds like it's worth the 18 hour flight itself. According to offlist discussions with Ike, he needed a serious nap after his trip there. . . George From scottro at nyc.rr.com Fri Mar 9 23:11:59 2007 From: scottro at nyc.rr.com (Scott Robbins) Date: Fri, 9 Mar 2007 23:11:59 -0500 Subject: [nycbug-talk] AsiaBSDCon!!!! In-Reply-To: <45F22B7E.7040703@ceetonetechnology.com> References: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> <45F22B7E.7040703@ceetonetechnology.com> Message-ID: <20070310041159.GA21295@mail.scottro.net> On Fri, Mar 09, 2007 at 10:52:30PM -0500, George Rosamond wrote: > Scott Robbins wrote: > > > > The interesting thing about Tokyo is that there's absolutely no rhyme or > > reason to streets or numbers. I believe it's because they were named in > > order of being given by the shougun to his favorites. > > > > I haven't been, but to me the most interesting thing is the 'tech > ghetto' Akihabara. > > http://en.wikipedia.org/wiki/Akihabara > > Full of crazy gadgets for soldering or plugging into your USB port. . . > > It sounds like it's worth the 18 hour flight itself. 18 hours? On a nonstop, it's usually about 13 there and 10-11 back (due to winds) > > According to offlist discussions with Ike, he needed a serious nap after > his trip there. . . Yes, that you do. :) -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Xander: Well, I guess that makes it official. Everybody's paired off. Vampires get dates. Hell, even the school librarian sees more action than me. From yusuke at cs.nyu.edu Sat Mar 10 00:02:29 2007 From: yusuke at cs.nyu.edu (Yusuke Shinyama) Date: Sat, 10 Mar 2007 00:02:29 -0500 Subject: [nycbug-talk] AsiaBSDCon!!!! In-Reply-To: <45F22B7E.7040703@ceetonetechnology.com> References: <45F22B7E.7040703@ceetonetechnology.com> <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> Message-ID: <20070310050229.18878.16427.yusuke@mango.cs.nyu.edu> On Fri, 09 Mar 2007 22:52:30 -0500, George Rosamond wrote: > > I haven't been, but to me the most interesting thing is the 'tech > ghetto' Akihabara. > > http://en.wikipedia.org/wiki/Akihabara > > Full of crazy gadgets for soldering or plugging into your USB port. . . Akihabara has changed a lot. It used to be the place where ubergeeks get together, but recently the town has been turned into more like a anime/hentai palace for the mildly perverted. Lots of nice stores has closed or moved and bizarre business is coming up at the sites. cf. http://en.wikipedia.org/wiki/Cosplay_restaurant As for BSD-wise topics, Japan has been long time a BSDish country. I remember FreeBSD was actually much more popular than Linux about 10 yrs ago, mainly because of the very nicely done FreeBSD port for PC-98 series. > It sounds like it's worth the 18 hour flight itself. It's about 13 hours or so, I guess. But every time I go back to Japan I feel it's painfully long. I ended up with finishing all the sudokus on the magazine and still 10 or so hours left in my hand... Yusuke From spork at bway.net Sat Mar 10 00:24:10 2007 From: spork at bway.net (Charles Sprickman) Date: Sat, 10 Mar 2007 00:24:10 -0500 (EST) Subject: [nycbug-talk] some C help? Message-ID: Hi All, I'm playing around with a FreeBSD port of spamd/spamlogd from OpenBSD that someone posted here some time ago. Spamd seems to work, spamlogd seems to almost work. It's C, so I'm a little lost, but I am able to find the area where things are getting screwed up. In short, spamlogd runs tcpdump with some very specific flags to look for inbound or outbound mail, finds an IP in the tcpdump output, and then throws it into the spamd db as whitelisted. For example, in my case I'm looking at outbound mail - generally mxers that *I* send to are not going to be spamming me - they are more likely going to be legit servers. So I have a pf rule to tag the traffic, and spamlogd is catching it, but some pattern matching must be going awry. Here I'm sending mail to a host at 10.10.10.10, and this is what tcpdump sees (called with the same args spamlogd is using): listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68 bytes rule 12/0(match): pass out on fxp0: 10.10.10.9 > 10.10.10.10: [|tcp] But then it spits this out to syslog: Mar 10 00:09:24 slimjim spamlogd[72636]: invalid ip address 10.10.10 Note the lack of the final octet. This is (I hope) the area where spamlogd parses the output of tcpdump: if (strstr(buf, "pass out") != NULL) { /* * this is outbound traffic - we whitelist * the destination address, because we assume * that a reply may come to this outgoing mail * we are sending. */ if (!inbound && (cp = (strchr(buf, '>'))) != NULL) { if (sscanf(cp, "> %s", buf2) == 1) { cp = strrchr(buf2, '.'); if (cp != NULL) { *cp = '\0'; cp = buf2; syslog_r(LOG_DEBUG, &sdata, "outbound %s\n", cp); } } else cp = NULL; } } else { /* next is the inbound check... */ That chunk makes very little sense to me. Can anyone give me a quick shove in the right direction? Thanks, Charles From mspitzer at gmail.com Sat Mar 10 02:41:53 2007 From: mspitzer at gmail.com (Marc Spitzer) Date: Sat, 10 Mar 2007 02:41:53 -0500 Subject: [nycbug-talk] some C help? In-Reply-To: References: Message-ID: <8c50a3c30703092341h3cc73c9n3c10ec5db11c61d7@mail.gmail.com> Well I could let a real programmer handle this, but how would that be fun? see below On 3/10/07, Charles Sprickman wrote: > Hi All, > > I'm playing around with a FreeBSD port of spamd/spamlogd from OpenBSD that > someone posted here some time ago. > > Spamd seems to work, spamlogd seems to almost work. It's C, so I'm a > little lost, but I am able to find the area where things are getting > screwed up. In short, spamlogd runs tcpdump with some very specific flags > to look for inbound or outbound mail, finds an IP in the tcpdump output, > and then throws it into the spamd db as whitelisted. For example, in my > case I'm looking at outbound mail - generally mxers that *I* send to are > not going to be spamming me - they are more likely going to be legit > servers. > > So I have a pf rule to tag the traffic, and spamlogd is catching it, but > some pattern matching must be going awry. Here I'm sending mail to a host > at 10.10.10.10, and this is what tcpdump sees (called with the same args > spamlogd is using): > > listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68 > bytes > rule 12/0(match): pass out on fxp0: 10.10.10.9 > 10.10.10.10: [|tcp] > > But then it spits this out to syslog: > > Mar 10 00:09:24 slimjim spamlogd[72636]: invalid ip address 10.10.10 > > Note the lack of the final octet. > > This is (I hope) the area where spamlogd parses the output of tcpdump: > > if (strstr(buf, "pass out") != NULL) { > /* > * this is outbound traffic - we whitelist > * the destination address, because we assume > * that a reply may come to this outgoing mail > * we are sending. > */ > if (!inbound && (cp = (strchr(buf, '>'))) != NULL) { > if (sscanf(cp, "> %s", buf2) == 1) { > cp = strrchr(buf2, '.'); strrchr looks for the last ocurance of '.' in buf2, good chance it is the '.' before the last octect > if (cp != NULL) { > *cp = '\0'; this sets the char cp points to to null, terminating the string at that point. > cp = buf2; this sets cp to the beggining of buf2 above > syslog_r(LOG_DEBUG, &sdata, > "outbound %s\n", cp); > } > } else > cp = NULL; > } > > } else { > /* next is the inbound check... */ > > That chunk makes very little sense to me. starting where buf2 shows up, lets say buf2 looks like this: "1.2.3.4" after the cp='\0' bit it looks like this: "1.2.3'\0'4" and syslog stops at the '\0' that seperates 3 and 4, null terminated string and all. > > Can anyone give me a quick shove in the right direction? If you follow my advice you are doomed. marc -- Freedom is nothing but a chance to be better. Albert Camus From dlavigne6 at sympatico.ca Sat Mar 10 12:12:20 2007 From: dlavigne6 at sympatico.ca (Dru) Date: Sat, 10 Mar 2007 12:12:20 -0500 (EST) Subject: [nycbug-talk] FreeBSD Approved for Redistribution of Intel WiFi Firmware In-Reply-To: <20070309184038.GX10311@clam.khaoz.org> References: <75303036-1CD9-42F1-A5A5-2732D8CB90C4@f2o.org> <20070309184038.GX10311@clam.khaoz.org> Message-ID: <20070310121054.H636@dru.domain.org> On Fri, 9 Mar 2007, Okan Demirmen wrote: >> While its still annoying, its not as annoying as it used to be. I >> suppose that is a somewhat fair compromise for now. > > this topic has hit many other places; and let's just say the response is > less than stellar. I'm assuming there has been negative response regarding the license. Do you have any particular URLS? Dru From okan at demirmen.com Sat Mar 10 16:28:31 2007 From: okan at demirmen.com (Okan Demirmen) Date: Sat, 10 Mar 2007 16:28:31 -0500 Subject: [nycbug-talk] some C help? In-Reply-To: References: Message-ID: <20070310212831.GF10311@clam.khaoz.org> On Sat 2007.03.10 at 00:24 -0500, Charles Sprickman wrote: > Hi All, > > I'm playing around with a FreeBSD port of spamd/spamlogd from OpenBSD that > someone posted here some time ago. > > Spamd seems to work, spamlogd seems to almost work. It's C, so I'm a > little lost, but I am able to find the area where things are getting > screwed up. In short, spamlogd runs tcpdump with some very specific flags > to look for inbound or outbound mail, finds an IP in the tcpdump output, > and then throws it into the spamd db as whitelisted. For example, in my > case I'm looking at outbound mail - generally mxers that *I* send to are > not going to be spamming me - they are more likely going to be legit > servers. > > So I have a pf rule to tag the traffic, and spamlogd is catching it, but > some pattern matching must be going awry. Here I'm sending mail to a host > at 10.10.10.10, and this is what tcpdump sees (called with the same args > spamlogd is using): > > listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68 > bytes > rule 12/0(match): pass out on fxp0: 10.10.10.9 > 10.10.10.10: [|tcp] > > But then it spits this out to syslog: > > Mar 10 00:09:24 slimjim spamlogd[72636]: invalid ip address 10.10.10 > > Note the lack of the final octet. > > This is (I hope) the area where spamlogd parses the output of tcpdump: yes, it is, but no need to analyze it... it does its job correctly. > That chunk makes very little sense to me. > > Can anyone give me a quick shove in the right direction? ...and the reason yours is failing is not because of that chunk of code, but rather your pflog interface. it should look like: [blah] 10.10.10.9.XXXX > 10.10.10.10.25: [blah] where XXXX is an ephemeral port...basically your log is dropping the port number. why? i don't know - what does your pf rule look like? okan From okan at demirmen.com Sat Mar 10 16:28:35 2007 From: okan at demirmen.com (Okan Demirmen) Date: Sat, 10 Mar 2007 16:28:35 -0500 Subject: [nycbug-talk] FreeBSD Approved for Redistribution of Intel WiFi Firmware In-Reply-To: <20070310121054.H636@dru.domain.org> References: <75303036-1CD9-42F1-A5A5-2732D8CB90C4@f2o.org> <20070309184038.GX10311@clam.khaoz.org> <20070310121054.H636@dru.domain.org> Message-ID: <20070310212835.GG10311@clam.khaoz.org> On Sat 2007.03.10 at 12:12 -0500, Dru wrote: > > > On Fri, 9 Mar 2007, Okan Demirmen wrote: > > >>While its still annoying, its not as annoying as it used to be. I > >>suppose that is a somewhat fair compromise for now. > > > >this topic has hit many other places; and let's just say the response is > >less than stellar. > > > I'm assuming there has been negative response regarding the license. Do > you have any particular URLS? Basically yes. I'm sure you can understand why this will not help the current situation and fight with vendors. I don't have many URL's to give, but the post on undeadly.org should have some details. From okan at demirmen.com Sat Mar 10 16:35:07 2007 From: okan at demirmen.com (Okan Demirmen) Date: Sat, 10 Mar 2007 16:35:07 -0500 Subject: [nycbug-talk] some C help? In-Reply-To: <20070310212831.GF10311@clam.khaoz.org> References: <20070310212831.GF10311@clam.khaoz.org> Message-ID: <20070310213507.GI10311@clam.khaoz.org> On Sat 2007.03.10 at 16:28 -0500, Okan Demirmen wrote: > On Sat 2007.03.10 at 00:24 -0500, Charles Sprickman wrote: > > Hi All, > > > > I'm playing around with a FreeBSD port of spamd/spamlogd from OpenBSD that > > someone posted here some time ago. > > > > Spamd seems to work, spamlogd seems to almost work. It's C, so I'm a > > little lost, but I am able to find the area where things are getting > > screwed up. In short, spamlogd runs tcpdump with some very specific flags > > to look for inbound or outbound mail, finds an IP in the tcpdump output, > > and then throws it into the spamd db as whitelisted. For example, in my > > case I'm looking at outbound mail - generally mxers that *I* send to are > > not going to be spamming me - they are more likely going to be legit > > servers. > > > > So I have a pf rule to tag the traffic, and spamlogd is catching it, but > > some pattern matching must be going awry. Here I'm sending mail to a host > > at 10.10.10.10, and this is what tcpdump sees (called with the same args > > spamlogd is using): > > > > listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68 > > bytes > > rule 12/0(match): pass out on fxp0: 10.10.10.9 > 10.10.10.10: [|tcp] > > > > But then it spits this out to syslog: > > > > Mar 10 00:09:24 slimjim spamlogd[72636]: invalid ip address 10.10.10 > > > > Note the lack of the final octet. > > > > This is (I hope) the area where spamlogd parses the output of tcpdump: > > yes, it is, but no need to analyze it... > > it does its job correctly. > > > That chunk makes very little sense to me. > > > > Can anyone give me a quick shove in the right direction? > > ...and the reason yours is failing is not because of that chunk of code, > but rather your pflog interface. it should look like: > > [blah] 10.10.10.9.XXXX > 10.10.10.10.25: [blah] > > where XXXX is an ephemeral port...basically your log is dropping the > port number. why? i don't know - what does your pf rule look like? oh, and i'll add that -current (and 4.1) doesn't spawn tcpdump any more, but uses pcap directly....plus lots of other yummy features - ask for the port to get upgraded ;) From lavalamp at spiritual-machines.org Sat Mar 10 17:16:52 2007 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Sat, 10 Mar 2007 17:16:52 -0500 (EST) Subject: [nycbug-talk] some C help? In-Reply-To: <20070310213507.GI10311@clam.khaoz.org> References: <20070310212831.GF10311@clam.khaoz.org> <20070310213507.GI10311@clam.khaoz.org> Message-ID: <20070310171407.C87127@arbitor.digitalfreaks.org> >>> spamlogd is using): >>> >>> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68 >>> bytes >>> rule 12/0(match): pass out on fxp0: 10.10.10.9 > 10.10.10.10: [|tcp] >>> >>> But then it spits this out to syslog: This bug is pretty well documented in a ticket I opened with the NetBSD folks on the default size of the "snaplen" size being determined based on the presence of the IPv6 at compile-time v.s. run-time v.s "-i" argument. http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=34733 -s 96 or -s 128 for the win. ~BAS >>> >>> Mar 10 00:09:24 slimjim spamlogd[72636]: invalid ip address 10.10.10 >>> >>> Note the lack of the final octet. >>> >>> This is (I hope) the area where spamlogd parses the output of tcpdump: >> >> yes, it is, but no need to analyze it... >> >> it does its job correctly. >> >>> That chunk makes very little sense to me. >>> >>> Can anyone give me a quick shove in the right direction? >> >> ...and the reason yours is failing is not because of that chunk of code, >> but rather your pflog interface. it should look like: >> >> [blah] 10.10.10.9.XXXX > 10.10.10.10.25: [blah] >> >> where XXXX is an ephemeral port...basically your log is dropping the >> port number. why? i don't know - what does your pf rule look like? > > oh, and i'll add that -current (and 4.1) doesn't spawn tcpdump any more, > but uses pcap directly....plus lots of other yummy features - ask for > the port to get upgraded ;) > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when "helpdesk" meant nothing, "diskquota" meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were." From ike at lesmuug.org Sat Mar 10 20:08:45 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sun, 11 Mar 2007 10:08:45 +0900 Subject: [nycbug-talk] AsiaBSDCon!!!! In-Reply-To: <20070309223837.Y87127@arbitor.digitalfreaks.org> References: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070309223837.Y87127@arbitor.digitalfreaks.org> Message-ID: <299BB592-2BE6-4662-ADE3-A7B9E68876F7@lesmuug.org> On Mar 10, 2007, at 12:39 PM, Brian A. Seklecki wrote: > >> I'm taking boatloads of pics, will try to figure out how/where to > > I'll buy you an island in the south pacific if you can find me pics > you took in November at the conference >:p > > ~BAS ? I only had my camera-phone then, somebody at an office I work in loaned me a camera for this trip... Rocket- .ike From ike at lesmuug.org Sat Mar 10 20:13:45 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sun, 11 Mar 2007 10:13:45 +0900 Subject: [nycbug-talk] AsiaBSDCon!!!! In-Reply-To: <20070310034828.GA20157@mail.scottro.net> References: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> Message-ID: On Mar 10, 2007, at 12:48 PM, Scott Robbins wrote: > Have fun on the subways. :) It took a day or so, but the subways are like NYC- (just MUCH BIGGER SYSTEM). How to use Tokyo subway: http://www.tokyometro.jp/e/tmguide/index.html Map With English Names: http://www.tokyometro.jp/rosen/rosenzu/pdf/rosen_eng.pdf Map with geography (more like MTA/NYC maps): http://www.tokyometro.jp/kabegami/img1024/rosen01.jpg Rocket- .ike From ike at lesmuug.org Sat Mar 10 20:16:07 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sun, 11 Mar 2007 10:16:07 +0900 Subject: [nycbug-talk] AsiaBSDCon!!!! In-Reply-To: <45F22B7E.7040703@ceetonetechnology.com> References: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> <45F22B7E.7040703@ceetonetechnology.com> Message-ID: <1760D739-A041-4773-AE34-67CCD0E0B548@lesmuug.org> On Mar 10, 2007, at 12:52 PM, George Rosamond wrote: > I haven't been, but to me the most interesting thing is the 'tech > ghetto' Akihabara. > > http://en.wikipedia.org/wiki/Akihabara > > Full of crazy gadgets for soldering or plugging into your USB > port. . . > > It sounds like it's worth the 18 hour flight itself. I totally got lost in Akihabara district, the 'Electric Light District'- if one wanted to build a robot army anywhere, it would be right here- I SERIOUSLY wish we had something like this in NYC- it's like if times square was turned into a Mouser electronics catalog everything from weird network embedded components, cellphone charms, to EVERY solderable component imaginable, mad computer scientist action, to heavy servers, to vaccum tubes (for the uber-perverted), to anime game stuff, manga madness and video games, to whatever computing. It's totally nuts. Had to take a nap after that experience. Like for example, you can buy solderable USB plugs just about on any corner in Akihabara... Have pics- will figure out what to do to post them... (sidenote- the Con is AMAZING... More on that later) Rocket- .ike From ike at lesmuug.org Sat Mar 10 20:21:36 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sun, 11 Mar 2007 10:21:36 +0900 Subject: [nycbug-talk] AsiaBSDCon!!!! In-Reply-To: <20070310041159.GA21295@mail.scottro.net> References: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> <45F22B7E.7040703@ceetonetechnology.com> <20070310041159.GA21295@mail.scottro.net> Message-ID: <30226C82-5C4E-422F-BC40-08B4C114E5B5@lesmuug.org> On Mar 10, 2007, at 1:11 PM, Scott Robbins wrote: > 18 hours? On a nonstop, it's usually about 13 there and 10-11 back > (due > to winds) I had a bad flight- bad winds, 18hrs from Toronto layover. Whatever- worth it... Rocket- .ike From ike at lesmuug.org Sat Mar 10 20:26:32 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sun, 11 Mar 2007 10:26:32 +0900 Subject: [nycbug-talk] AsiaBSDCon!!!! In-Reply-To: <20070310050229.18878.16427.yusuke@mango.cs.nyu.edu> References: <45F22B7E.7040703@ceetonetechnology.com> <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> <20070310050229.18878.16427.yusuke@mango.cs.nyu.edu> Message-ID: I Love Tokyo! On Mar 10, 2007, at 2:02 PM, Yusuke Shinyama wrote: > Akihabara has changed a lot. It used to be the place where > ubergeeks get together, but recently the town has been turned into > more like a anime/hentai palace for the mildly perverted. Lots of > nice stores has closed or moved and bizarre business is coming > up at the sites. cf. http://en.wikipedia.org/wiki/Cosplay_restaurant Ha! Yeah, I had a coffee at a 'maid cafe'- very bizarre experience for me... Not my thing, but very interesting. > > As for BSD-wise topics, Japan has been long time a BSDish country. > I remember FreeBSD was actually much more popular than Linux about > 10 yrs ago, mainly because of the very nicely done FreeBSD port > for PC-98 series. Man, *BSD seems to run damn near everything here. Mobile IPV6 madness, the phones are all packet networks (on IPV6 backboone), mad ip action. Even the toilets are electronic here. Not kidding. Every toilet I've seen. It took me a few days of talking to people (politely) to figure them out... Rocket- .ike From carton at Ivy.NET Sun Mar 11 12:11:39 2007 From: carton at Ivy.NET (Miles Nordin) Date: Sun, 11 Mar 2007 12:11:39 -0400 Subject: [nycbug-talk] FreeBSD Approved for Redistribution of Intel WiFi Firmware In-Reply-To: <20070310212835.GG10311@clam.khaoz.org> (Okan Demirmen's message of "Sat, 10 Mar 2007 16:28:35 -0500") References: <75303036-1CD9-42F1-A5A5-2732D8CB90C4@f2o.org> <20070309184038.GX10311@clam.khaoz.org> <20070310121054.H636@dru.domain.org> <20070310212835.GG10311@clam.khaoz.org> Message-ID: >>>>> "od" == Okan Demirmen writes: od> URL's there's the ``only open for business'' openbsd talk posted here a while ago, which almost made me want to stop telling jokes at Theo's expense. http://www.openbsd.org/papers/opencon06-drivers/mgp00024.html That talk was the first thing I thought of when I read the post, ``This is FANTASTIC NEWS! Not only is FreeBSD using .o's to force us all into beta-testing unstable Atheros HAL's that no NDA-signing licensee would ever load into their access points for Sam Leffler and his $EMPLOYER, but now FreeBSD is also enabling Intel's binary blob regime! Aren't you all as thrilled as I am?'' I especially like the part where they invented their own form of click-wrap license. how original! monkey-see, monkey-grovel. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From lists at zaunere.com Sun Mar 11 16:20:46 2007 From: lists at zaunere.com (Hans Zaunere) Date: Sun, 11 Mar 2007 16:20:46 -0400 Subject: [nycbug-talk] AsiaBSDCon!!!! Traceroute Postcard In-Reply-To: References: <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> Message-ID: <015d01c7641a$c09bc5f0$0202fea9@MobileZ> Isaac Levy wrote on Friday, March 09, 2007 10:31 PM: > Here's a traceroute from the University of Tokyo, (amazing facility > btw). > > Wish you were all here! > ... > 6 nii-s1-p4-0.sinet.ad.jp (150.99.197.22) 2.343 ms 3.088 ms 2.223 > ms 7 nii-gate2-p4-0.sinet.ad.jp (150.99.198.22) 1.978 ms 2.079 ms > 5.593 ms > 8 lax-gate1-p4-1.sinet.ad.jp (150.99.199.14) 102.732 ms 102.793 > ms 103.630 ms Love that Pacific Ocean - Sounds like fun - wish I was there too. H From george at ceetonetechnology.com Sun Mar 11 20:50:33 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Sun, 11 Mar 2007 20:50:33 -0400 Subject: [nycbug-talk] DST issue and beyond resource Message-ID: <45F4A3D9.6040201@ceetonetechnology.com> Hope everything is working out for everyone on the Daylight Saving Time issue . . . Nice little resource from SANS Internet Storm Center: http://isc.sans.org/ g From techneck at goldenpath.org Mon Mar 12 10:33:38 2007 From: techneck at goldenpath.org (Tim A.) Date: Mon, 12 Mar 2007 10:33:38 -0400 Subject: [nycbug-talk] AsiaBSDCon!!!! In-Reply-To: References: <45F22B7E.7040703@ceetonetechnology.com> <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> <20070310050229.18878.16427.yusuke@mango.cs.nyu.edu> Message-ID: <45F564C2.7000302@goldenpath.org> Isaac Levy wrote: > I Love Tokyo! > > On Mar 10, 2007, at 2:02 PM, Yusuke Shinyama wrote: > > >> Akihabara has changed a lot. It used to be the place where >> ubergeeks get together, but recently the town has been turned into >> more like a anime/hentai palace for the mildly perverted. Lots of >> nice stores has closed or moved and bizarre business is coming >> up at the sites. cf. http://en.wikipedia.org/wiki/Cosplay_restaurant >> Apparently, Shenzhen is the current incarnation of geek paradise on earth. I don't know if any of you are familiar with Andrew "bunnie" Huang, author of "Hacking the Xbox: An Introduction to Reverse Engineering" Which, by the way, is an *excellent* book. From Bunnie's Blog, an interesting post on this topic: Akihabara, Eat Your Heart Out, http://www.bunniestudios.com/wordpress/?p=147 A more recent, related post: Where Have All the Innovators Gone? http://www.bunniestudios.com/wordpress/?p=157 -------------- next part -------------- An HTML attachment was scrubbed... URL: From pete at nomadlogic.org Mon Mar 12 12:24:09 2007 From: pete at nomadlogic.org (Peter Wright) Date: Mon, 12 Mar 2007 09:24:09 -0700 (PDT) Subject: [nycbug-talk] ORDB.org replacement Message-ID: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> hey all, i used to use the ordb.org blacklist on my postfix boxen. they have shut down. are there any other decent rbl lists out there that folks are using? thx, -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From nycbug at cyth.net Mon Mar 12 12:37:02 2007 From: nycbug at cyth.net (Ray Lai) Date: Mon, 12 Mar 2007 12:37:02 -0400 Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> Message-ID: <20070312163725.GA12761@cybertron.cyth.net> On Mon, Mar 12, 2007 at 09:24:09AM -0700, Peter Wright wrote: > hey all, > i used to use the ordb.org blacklist on my postfix boxen. they have > shut down. are there any other decent rbl lists out there that folks > are using? http://www.openbsd.org/spamd/ From pete at nomadlogic.org Mon Mar 12 12:44:56 2007 From: pete at nomadlogic.org (Peter Wright) Date: Mon, 12 Mar 2007 09:44:56 -0700 (PDT) Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <20070312163725.GA12761@cybertron.cyth.net> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312163725.GA12761@cybertron.cyth.net> Message-ID: <46885.160.33.20.11.1173717896.squirrel@webmail.nomadlogic.org> > On Mon, Mar 12, 2007 at 09:24:09AM -0700, Peter Wright wrote: >> hey all, >> i used to use the ordb.org blacklist on my postfix boxen. they have >> shut down. are there any other decent rbl lists out there that folks >> are using? > > http://www.openbsd.org/spamd/ > thanks ray! -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From pete at nomadlogic.org Mon Mar 12 12:47:42 2007 From: pete at nomadlogic.org (Peter Wright) Date: Mon, 12 Mar 2007 09:47:42 -0700 (PDT) Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <46885.160.33.20.11.1173717896.squirrel@webmail.nomadlogic.org> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312163725.GA12761@cybertron.cyth.net> <46885.160.33.20.11.1173717896.squirrel@webmail.nomadlogic.org> Message-ID: <52824.160.33.20.11.1173718062.squirrel@webmail.nomadlogic.org> > >> On Mon, Mar 12, 2007 at 09:24:09AM -0700, Peter Wright wrote: >>> hey all, >>> i used to use the ordb.org blacklist on my postfix boxen. they have >>> shut down. are there any other decent rbl lists out there that folks >>> are using? >> >> http://www.openbsd.org/spamd/ >> > > thanks ray! > err...hit send too quickly...i'm not going to use spamd though...thanks for trying :) i'll see if i can use any of these URL's though with my current policy.. -p -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From george at ceetonetechnology.com Mon Mar 12 12:54:29 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 12 Mar 2007 12:54:29 -0400 Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <52824.160.33.20.11.1173718062.squirrel@webmail.nomadlogic.org> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312163725.GA12761@cybertron.cyth.net> <46885.160.33.20.11.1173717896.squirrel@webmail.nomadlogic.org> <52824.160.33.20.11.1173718062.squirrel@webmail.nomadlogic.org> Message-ID: <45F585C5.7010901@ceetonetechnology.com> Peter Wright wrote: >>> On Mon, Mar 12, 2007 at 09:24:09AM -0700, Peter Wright wrote: >>>> hey all, >>>> i used to use the ordb.org blacklist on my postfix boxen. they have >>>> shut down. are there any other decent rbl lists out there that folks >>>> are using? >>> http://www.openbsd.org/spamd/ >>> >> thanks ray! >> > > err...hit send too quickly...i'm not going to use spamd though...thanks > for trying :) > > i'll see if i can use any of these URL's though with my current policy.. What would be nice, though, to merge Pete's request and Ray packaged reply ;-) is broadening the synchronization: http://undeadly.org/cgi?action=article&sid=20070304035922 How about a big fat, NYCBUG-based, list? We need to verify you to join it, but anyone can pull it. George From pete at nomadlogic.org Mon Mar 12 13:01:58 2007 From: pete at nomadlogic.org (Peter Wright) Date: Mon, 12 Mar 2007 10:01:58 -0700 (PDT) Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <45F585C5.7010901@ceetonetechnology.com> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312163725.GA12761@cybertron.cyth.net> <46885.160.33.20.11.1173717896.squirrel@webmail.nomadlogic.org> <52824.160.33.20.11.1173718062.squirrel@webmail.nomadlogic.org> <45F585C5.7010901@ceetonetechnology.com> Message-ID: <21409.160.33.20.11.1173718918.squirrel@webmail.nomadlogic.org> > Peter Wright wrote: >>>> On Mon, Mar 12, 2007 at 09:24:09AM -0700, Peter Wright wrote: >>>>> hey all, >>>>> i used to use the ordb.org blacklist on my postfix boxen. they >>>>> have >>>>> shut down. are there any other decent rbl lists out there that folks >>>>> are using? >>>> http://www.openbsd.org/spamd/ >>>> >>> thanks ray! >>> >> >> err...hit send too quickly...i'm not going to use spamd though...thanks >> for trying :) >> >> i'll see if i can use any of these URL's though with my current policy.. > > What would be nice, though, to merge Pete's request and Ray packaged > reply ;-) is broadening the synchronization: > > http://undeadly.org/cgi?action=article&sid=20070304035922 > > How about a big fat, NYCBUG-based, list? > > We need to verify you to join it, but anyone can pull it. > interesting thought. i was under the initial impression that this was to keep an active/active spamd cluster in sync. never thought about using this to keep remote sites in sync though... -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From lists at genoverly.net Mon Mar 12 13:11:48 2007 From: lists at genoverly.net (michael) Date: Mon, 12 Mar 2007 13:11:48 -0400 Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> Message-ID: <20070312131148.14ef4794@dt.genoverly.com> On Mon, 12 Mar 2007 09:24:09 -0700 (PDT) "Peter Wright" wrote: > hey all, > i used to use the ordb.org blacklist on my postfix boxen. they have > shut down. are there any other decent rbl lists out there that folks > are using? > > thx, > -pete I know what you mean pete. Most the ones I've used in the past have dropped. Here a snip from my main.cf. # reject_rbl_client relays.ordb.org # reject_rbl_client sbl.spamhaus.org # reject_rbl_client opm.blitzed.org reject_rbl_client list.dsbl.org -- michael (this address does not accept public email) From pete at nomadlogic.org Mon Mar 12 13:22:03 2007 From: pete at nomadlogic.org (Peter Wright) Date: Mon, 12 Mar 2007 10:22:03 -0700 (PDT) Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <20070312131148.14ef4794@dt.genoverly.com> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312131148.14ef4794@dt.genoverly.com> Message-ID: <7761.160.33.20.11.1173720123.squirrel@webmail.nomadlogic.org> > On Mon, 12 Mar 2007 09:24:09 -0700 (PDT) > "Peter Wright" wrote: > >> hey all, >> i used to use the ordb.org blacklist on my postfix boxen. they have >> shut down. are there any other decent rbl lists out there that folks >> are using? >> >> thx, >> -pete > > I know what you mean pete. Most the ones I've used in the past have > dropped. Here a snip from my main.cf. > > # reject_rbl_client relays.ordb.org > # reject_rbl_client sbl.spamhaus.org > # reject_rbl_client opm.blitzed.org > reject_rbl_client list.dsbl.org > lol...that's pretty much what i have as well ;) i'll give dsbl.org a shot now. thanks! -pete > -- > > michael > > > (this address does not accept public email) > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From okan at demirmen.com Mon Mar 12 14:05:45 2007 From: okan at demirmen.com (Okan Demirmen) Date: Mon, 12 Mar 2007 14:05:45 -0400 Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <7761.160.33.20.11.1173720123.squirrel@webmail.nomadlogic.org> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312131148.14ef4794@dt.genoverly.com> <7761.160.33.20.11.1173720123.squirrel@webmail.nomadlogic.org> Message-ID: <20070312180545.GT10311@clam.khaoz.org> On Mon 2007.03.12 at 10:22 -0700, Peter Wright wrote: > > > On Mon, 12 Mar 2007 09:24:09 -0700 (PDT) > > "Peter Wright" wrote: > > > >> hey all, > >> i used to use the ordb.org blacklist on my postfix boxen. they have > >> shut down. are there any other decent rbl lists out there that folks > >> are using? > >> > >> thx, > >> -pete > > > > I know what you mean pete. Most the ones I've used in the past have > > dropped. Here a snip from my main.cf. > > > > # reject_rbl_client relays.ordb.org > > # reject_rbl_client sbl.spamhaus.org > > # reject_rbl_client opm.blitzed.org > > reject_rbl_client list.dsbl.org > > > > lol...that's pretty much what i have as well ;) i'll give dsbl.org a shot > now. thanks! why do you guys even use blacklists? have you any statistics on the effectiveness of blacklists after greylisting? i'm assuming close to 0%, for with just greylisting the amount of spam is already close to nil (and it costs nothing). i am interested in data; i'm not just advocating. From dan at langille.org Mon Mar 12 14:17:51 2007 From: dan at langille.org (Dan Langille) Date: Mon, 12 Mar 2007 14:17:51 -0400 Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <20070312180545.GT10311@clam.khaoz.org> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org>, <7761.160.33.20.11.1173720123.squirrel@webmail.nomadlogic.org>, <20070312180545.GT10311@clam.khaoz.org> Message-ID: <45F5610F.26175.10B49D4B@dan.langille.org> On 12 Mar 2007 at 14:05, Okan Demirmen wrote: > On Mon 2007.03.12 at 10:22 -0700, Peter Wright wrote: > > > > > On Mon, 12 Mar 2007 09:24:09 -0700 (PDT) > > > "Peter Wright" wrote: > > > > > >> hey all, > > >> i used to use the ordb.org blacklist on my postfix boxen. they have > > >> shut down. are there any other decent rbl lists out there that folks > > >> are using? > > >> > > >> thx, > > >> -pete > > > > > > I know what you mean pete. Most the ones I've used in the past have > > > dropped. Here a snip from my main.cf. > > > > > > # reject_rbl_client relays.ordb.org > > > # reject_rbl_client sbl.spamhaus.org > > > # reject_rbl_client opm.blitzed.org > > > reject_rbl_client list.dsbl.org > > > > > > > lol...that's pretty much what i have as well ;) i'll give dsbl.org a shot > > now. thanks! > > why do you guys even use blacklists? have you any statistics on the > effectiveness of blacklists after greylisting? i'm assuming close to > 0%, for with just greylisting the amount of spam is already close to > nil (and it costs nothing). What are you basing that estimate upon? > i am interested in data; i'm not just advocating. I turned off blacklists for a few days to see what would happen. My spam levels jumped by between 200 and 400%. Despite greylisting. There are many areas of the internet that produce a great deal of spam through valid MTAs. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php PGCon - The PostgreSQL Conference - http://www.pgcon.org/ From pete at nomadlogic.org Mon Mar 12 14:23:23 2007 From: pete at nomadlogic.org (Peter Wright) Date: Mon, 12 Mar 2007 11:23:23 -0700 (PDT) Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <20070312180545.GT10311@clam.khaoz.org> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312131148.14ef4794@dt.genoverly.com> <7761.160.33.20.11.1173720123.squirrel@webmail.nomadlogic.org> <20070312180545.GT10311@clam.khaoz.org> Message-ID: <22314.160.33.20.11.1173723803.squirrel@webmail.nomadlogic.org> > On Mon 2007.03.12 at 10:22 -0700, Peter Wright wrote: >> >> > On Mon, 12 Mar 2007 09:24:09 -0700 (PDT) >> > "Peter Wright" wrote: >> > >> >> hey all, >> >> i used to use the ordb.org blacklist on my postfix boxen. they >> have >> >> shut down. are there any other decent rbl lists out there that folks >> >> are using? >> >> >> >> thx, >> >> -pete >> > >> > I know what you mean pete. Most the ones I've used in the past have >> > dropped. Here a snip from my main.cf. >> > >> > # reject_rbl_client relays.ordb.org >> > # reject_rbl_client sbl.spamhaus.org >> > # reject_rbl_client opm.blitzed.org >> > reject_rbl_client list.dsbl.org >> > >> >> lol...that's pretty much what i have as well ;) i'll give dsbl.org a >> shot >> now. thanks! > > why do you guys even use blacklists? have you any statistics on the > effectiveness of blacklists after greylisting? i'm assuming close to > 0%, for with just greylisting the amount of spam is already close to > nil (and it costs nothing). sigh...i knew i should not have posted this question to the list today...i've been waiting for this post.... OP: "i have a question about X." R1: "X sucks, use Y" R2: "this is how i do it with Y" let alone i have my own reasons for using X, or that I'm experimenting with X versus Y or what ever... honestly, i was using ORDB as another layer of the onion...not that it matters though.... -pete wright -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From lists at genoverly.net Mon Mar 12 14:26:26 2007 From: lists at genoverly.net (michael) Date: Mon, 12 Mar 2007 14:26:26 -0400 Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <20070312180545.GT10311@clam.khaoz.org> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312131148.14ef4794@dt.genoverly.com> <7761.160.33.20.11.1173720123.squirrel@webmail.nomadlogic.org> <20070312180545.GT10311@clam.khaoz.org> Message-ID: <20070312142626.1a1ed748@dt.genoverly.com> On Mon, 12 Mar 2007 14:05:45 -0400 Okan Demirmen wrote: > why do you guys even use blacklists? have you any statistics on the > effectiveness of blacklists after greylisting? [shrug] I don't have any concrete, highly justifyable reasons.. just left over from the way I did it in the past; before greylisting and spamd. You would be happier if I stopeed doing it? [grin] -- michael (this address does not accept public email) From okan at demirmen.com Mon Mar 12 14:36:00 2007 From: okan at demirmen.com (Okan Demirmen) Date: Mon, 12 Mar 2007 14:36:00 -0400 Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <20070312142626.1a1ed748@dt.genoverly.com> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312131148.14ef4794@dt.genoverly.com> <7761.160.33.20.11.1173720123.squirrel@webmail.nomadlogic.org> <20070312180545.GT10311@clam.khaoz.org> <20070312142626.1a1ed748@dt.genoverly.com> Message-ID: <20070312183600.GW10311@clam.khaoz.org> On Mon 2007.03.12 at 14:26 -0400, michael wrote: > On Mon, 12 Mar 2007 14:05:45 -0400 > Okan Demirmen wrote: > > > why do you guys even use blacklists? have you any statistics on the > > effectiveness of blacklists after greylisting? > > [shrug] I don't have any concrete, highly justifyable reasons.. just > left over from the way I did it in the past; before greylisting and > spamd. You would be happier if I stopeed doing it? [grin] i would neither jump for joy nor sulk if you stopped blacklisting; it is a personal or business decision. From okan at demirmen.com Mon Mar 12 14:37:29 2007 From: okan at demirmen.com (Okan Demirmen) Date: Mon, 12 Mar 2007 14:37:29 -0400 Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <22314.160.33.20.11.1173723803.squirrel@webmail.nomadlogic.org> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312131148.14ef4794@dt.genoverly.com> <7761.160.33.20.11.1173720123.squirrel@webmail.nomadlogic.org> <20070312180545.GT10311@clam.khaoz.org> <22314.160.33.20.11.1173723803.squirrel@webmail.nomadlogic.org> Message-ID: <20070312183729.GX10311@clam.khaoz.org> On Mon 2007.03.12 at 11:23 -0700, Peter Wright wrote: > > > On Mon 2007.03.12 at 10:22 -0700, Peter Wright wrote: > >> > >> > On Mon, 12 Mar 2007 09:24:09 -0700 (PDT) > >> > "Peter Wright" wrote: > >> > > >> >> hey all, > >> >> i used to use the ordb.org blacklist on my postfix boxen. they > >> have > >> >> shut down. are there any other decent rbl lists out there that folks > >> >> are using? > >> >> > >> >> thx, > >> >> -pete > >> > > >> > I know what you mean pete. Most the ones I've used in the past have > >> > dropped. Here a snip from my main.cf. > >> > > >> > # reject_rbl_client relays.ordb.org > >> > # reject_rbl_client sbl.spamhaus.org > >> > # reject_rbl_client opm.blitzed.org > >> > reject_rbl_client list.dsbl.org > >> > > >> > >> lol...that's pretty much what i have as well ;) i'll give dsbl.org a > >> shot > >> now. thanks! > > > > why do you guys even use blacklists? have you any statistics on the > > effectiveness of blacklists after greylisting? i'm assuming close to > > 0%, for with just greylisting the amount of spam is already close to > > nil (and it costs nothing). > > sigh...i knew i should not have posted this question to the list > today...i've been waiting for this post.... > OP: "i have a question about X." > R1: "X sucks, use Y" > R2: "this is how i do it with Y" > > let alone i have my own reasons for using X, or that I'm experimenting > with X versus Y or what ever... > > honestly, i was using ORDB as another layer of the onion...not that it > matters though.... > > -pete wright i hit a nerve! :) i was just looking for reasons/data, that's all...and it doesn't have to come from you ;) From lists at genoverly.net Mon Mar 12 14:48:43 2007 From: lists at genoverly.net (michael) Date: Mon, 12 Mar 2007 14:48:43 -0400 Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <20070312183600.GW10311@clam.khaoz.org> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312131148.14ef4794@dt.genoverly.com> <7761.160.33.20.11.1173720123.squirrel@webmail.nomadlogic.org> <20070312180545.GT10311@clam.khaoz.org> <20070312142626.1a1ed748@dt.genoverly.com> <20070312183600.GW10311@clam.khaoz.org> Message-ID: <20070312144843.5aee1ff4@dt.genoverly.com> On Mon, 12 Mar 2007 14:36:00 -0400 Okan Demirmen wrote: > On Mon 2007.03.12 at 14:26 -0400, michael wrote: > > On Mon, 12 Mar 2007 14:05:45 -0400 > > Okan Demirmen wrote: > > > > > why do you guys even use blacklists? have you any statistics on > > > the effectiveness of blacklists after greylisting? > > > > [shrug] I don't have any concrete, highly justifyable reasons.. > > just left over from the way I did it in the past; before > > greylisting and spamd. You would be happier if I stopeed doing it? > > [grin] > > i would neither jump for joy nor sulk if you stopped blacklisting; it > is a personal or business decision. heh.. makes a teensy curious what *would* make you move your emotion needle from dead center.. haha.. check that, I don't want to know. -- michael (this address does not accept public email) From dan at langille.org Mon Mar 12 15:03:41 2007 From: dan at langille.org (Dan Langille) Date: Mon, 12 Mar 2007 15:03:41 -0400 Subject: [nycbug-talk] Mondays Message-ID: <45F56BCD.725.10DE92CF@dan.langille.org> resent, with a cc to the list On 12 Mar 2007 at 11:23, Peter Wright wrote: > sigh...i knew i should not have posted this question to the list > today...i've been waiting for this post.... > OP: "i have a question about X." > R1: "X sucks, use Y" > R2: "this is how i do it with Y" > > let alone i have my own reasons for using X, or that I'm experimenting > with X versus Y or what ever... Thread drift. Thread highjacking. Neither is much use in solving the original problem. > honestly, i was using ORDB as another layer of the onion...not that it > matters though.... Yep. > -pete wright On a more positive note, I believe you have a voucher to admission to a conference... unused from a previous year. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php PGCon - The PostgreSQL Conference - http://www.pgcon.org/ From pete at nomadlogic.org Mon Mar 12 15:09:44 2007 From: pete at nomadlogic.org (Peter Wright) Date: Mon, 12 Mar 2007 12:09:44 -0700 (PDT) Subject: [nycbug-talk] Mondays In-Reply-To: <45F56BCD.725.10DE92CF@dan.langille.org> References: <45F56BCD.725.10DE92CF@dan.langille.org> Message-ID: <12150.160.33.20.11.1173726584.squirrel@webmail.nomadlogic.org> > resent, with a cc to the list > > On 12 Mar 2007 at 11:23, Peter Wright wrote: > >> sigh...i knew i should not have posted this question to the list >> today...i've been waiting for this post.... >> OP: "i have a question about X." >> R1: "X sucks, use Y" >> R2: "this is how i do it with Y" >> >> let alone i have my own reasons for using X, or that I'm experimenting >> with X versus Y or what ever... > > Thread drift. Thread highjacking. Neither is much use in solving the > original problem. > >> honestly, i was using ORDB as another layer of the onion...not that it >> matters though.... > > Yep. > >> -pete wright > > On a more positive note, I believe you have a voucher to admission to > > a conference... unused from a previous year. > yea i'm hoping to take you up on that for sure...although my girlfriends birthday is May18th :( I'm hoping i can work something out with her though ;) -pete > -- > Dan Langille : Software Developer looking for work > my resume: http://www.freebsddiary.org/dan_langille.php > PGCon - The PostgreSQL Conference - http://www.pgcon.org/ > > > -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From spork at bway.net Mon Mar 12 15:29:56 2007 From: spork at bway.net (Charles Sprickman) Date: Mon, 12 Mar 2007 15:29:56 -0400 (EDT) Subject: [nycbug-talk] some C help? In-Reply-To: <20070310171407.C87127@arbitor.digitalfreaks.org> References: <20070310212831.GF10311@clam.khaoz.org> <20070310213507.GI10311@clam.khaoz.org> <20070310171407.C87127@arbitor.digitalfreaks.org> Message-ID: Top posting, don't kill me... I had a busy weekend, so I did not get a chance to digest all this yet, but it looks like I should be able to get this going with all the information I've got so far. Thank you all very much, and yes, that certainly includes Marc for trying to teach me a little bit about C. I have yet to crack that "Learn C in 21 Days" book that I bought almost a decade ago. :( Thanks again, Charles On Sat, 10 Mar 2007, Brian A. Seklecki wrote: >>>> spamlogd is using): >>>> >>>> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68 >>>> bytes >>>> rule 12/0(match): pass out on fxp0: 10.10.10.9 > 10.10.10.10: [|tcp] >>>> >>>> But then it spits this out to syslog: > > > This bug is pretty well documented in a ticket I opened with the NetBSD > folks on the default size of the "snaplen" size being determined based on > the presence of the IPv6 at compile-time v.s. run-time v.s "-i" argument. > > http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=34733 > > -s 96 or -s 128 for the win. > > ~BAS > > >>>> >>>> Mar 10 00:09:24 slimjim spamlogd[72636]: invalid ip address 10.10.10 >>>> >>>> Note the lack of the final octet. >>>> >>>> This is (I hope) the area where spamlogd parses the output of tcpdump: >>> >>> yes, it is, but no need to analyze it... >>> >>> it does its job correctly. >>> >>>> That chunk makes very little sense to me. >>>> >>>> Can anyone give me a quick shove in the right direction? >>> >>> ...and the reason yours is failing is not because of that chunk of code, >>> but rather your pflog interface. it should look like: >>> >>> [blah] 10.10.10.9.XXXX > 10.10.10.10.25: [blah] >>> >>> where XXXX is an ephemeral port...basically your log is dropping the >>> port number. why? i don't know - what does your pf rule look like? >> >> oh, and i'll add that -current (and 4.1) doesn't spawn tcpdump any more, >> but uses pcap directly....plus lots of other yummy features - ask for >> the port to get upgraded ;) >> _______________________________________________ >> % NYC*BUG talk mailing list >> http://lists.nycbug.org/mailman/listinfo/talk >> %Be sure to check out our Jobs and NYCBUG-announce lists >> %We meet the first Wednesday of the month >> > > l8* > -lava (Brian A. Seklecki - Pittsburgh, PA, USA) > http://www.spiritual-machines.org/ > > "...from back in the heady days when "helpdesk" meant nothing, "diskquota" > meant everything, and lives could be bought and sold for a couple of pages > of laser printout - and frequently were." > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From matt at atopia.net Mon Mar 12 15:48:25 2007 From: matt at atopia.net (Matt Juszczak) Date: Mon, 12 Mar 2007 14:48:25 -0500 (EST) Subject: [nycbug-talk] bsdjobs.net Message-ID: <20070312144800.K79048@saturn.atopia.net> I finally finished the site. Open to the community, if anyone wants to use it. I still have some features to add, but it all mostly works. -MJ From okan at demirmen.com Mon Mar 12 16:53:53 2007 From: okan at demirmen.com (Okan Demirmen) Date: Mon, 12 Mar 2007 16:53:53 -0400 Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <45F5610F.26175.10B49D4B@dan.langille.org> References: <20070312180545.GT10311@clam.khaoz.org> <45F5610F.26175.10B49D4B@dan.langille.org> Message-ID: <20070312205353.GG10311@clam.khaoz.org> On Mon 2007.03.12 at 14:17 -0400, Dan Langille wrote: > On 12 Mar 2007 at 14:05, Okan Demirmen wrote: > > > On Mon 2007.03.12 at 10:22 -0700, Peter Wright wrote: > > > > > > > On Mon, 12 Mar 2007 09:24:09 -0700 (PDT) > > > > "Peter Wright" wrote: > > > > > > > >> hey all, > > > >> i used to use the ordb.org blacklist on my postfix boxen. they have > > > >> shut down. are there any other decent rbl lists out there that folks > > > >> are using? > > > >> > > > >> thx, > > > >> -pete > > > > > > > > I know what you mean pete. Most the ones I've used in the past have > > > > dropped. Here a snip from my main.cf. > > > > > > > > # reject_rbl_client relays.ordb.org > > > > # reject_rbl_client sbl.spamhaus.org > > > > # reject_rbl_client opm.blitzed.org > > > > reject_rbl_client list.dsbl.org > > > > > > > > > > lol...that's pretty much what i have as well ;) i'll give dsbl.org a shot > > > now. thanks! > > > > why do you guys even use blacklists? have you any statistics on the > > effectiveness of blacklists after greylisting? i'm assuming close to > > 0%, for with just greylisting the amount of spam is already close to > > nil (and it costs nothing). > > What are you basing that estimate upon? my experiences, but i do not have hard data to back up .9% or .1% - that is why i was asking for data from others who do blacklisting...they do keep stats right? > > i am interested in data; i'm not just advocating. > > I turned off blacklists for a few days to see what would happen. My > spam levels jumped by between 200 and 400%. Despite greylisting. interesting - so you are saying that greylisting + blacklisting reduces overall spam in your enviornment by 200-400%. > There are many areas of the internet that produce a great deal of > spam through valid MTAs. true, but are full scale backlists the right solution. does every blacklist meet the requirements of your business? anyway, feel free to ignore - this is OT. From okan at demirmen.com Mon Mar 12 16:55:27 2007 From: okan at demirmen.com (Okan Demirmen) Date: Mon, 12 Mar 2007 16:55:27 -0400 Subject: [nycbug-talk] some C help? In-Reply-To: References: <20070310212831.GF10311@clam.khaoz.org> <20070310213507.GI10311@clam.khaoz.org> <20070310171407.C87127@arbitor.digitalfreaks.org> Message-ID: <20070312205527.GH10311@clam.khaoz.org> On Mon 2007.03.12 at 15:29 -0400, Charles Sprickman wrote: > Top posting, don't kill me... > > I had a busy weekend, so I did not get a chance to digest all this yet, > but it looks like I should be able to get this going with all the > information I've got so far. what would be interesting to know is if your situation matches that of brian's. are you compiling a kernel without ipv6 support? From nycbug-list at 2xlp.com Mon Mar 12 17:51:44 2007 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Mon, 12 Mar 2007 17:51:44 -0400 Subject: [nycbug-talk] ORDB.org replacement In-Reply-To: <20070312180545.GT10311@clam.khaoz.org> References: <4884.160.33.20.11.1173716649.squirrel@webmail.nomadlogic.org> <20070312131148.14ef4794@dt.genoverly.com> <7761.160.33.20.11.1173720123.squirrel@webmail.nomadlogic.org> <20070312180545.GT10311@clam.khaoz.org> Message-ID: <90503FB5-A046-48E2-B1FE-68ED9741503E@2xlp.com> On Mar 12, 2007, at 2:05 PM, Okan Demirmen wrote: > > why do you guys even use blacklists? have you any statistics on the > effectiveness of blacklists after greylisting? i'm assuming close to > 0%, for with just greylisting the amount of spam is already close to > nil (and it costs nothing). > > i am interested in data; i'm not just advocating. I will not use blacklists on any machines -- there are too many false positives. From my experiences, the people who both run the blacklists, and those who report them are all far too fanatical to be trusted. I've had servers reject email from large ISPs and companies, because they were somehow in a list. I've often found my own servers -- dedicated and shared -- somehow in a list because another machine at the same facility had php compromised to send spam. I had to leave a host once, because an RBL didn't care that my machine was unaffected - too many machines at the facility i used had been compromised, so they blacklisted several gigantic ranges. If you're fine with that -- great. Using some simple spam filtering, along with SPF to minimize job jobs, I dont see too much spam in my inbox. More importantly, I'm able to receive all the mail i need. // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From dan at langille.org Mon Mar 12 18:14:14 2007 From: dan at langille.org (Dan Langille) Date: Mon, 12 Mar 2007 18:14:14 -0400 Subject: [nycbug-talk] Mondays In-Reply-To: <12150.160.33.20.11.1173726584.squirrel@webmail.nomadlogic.org> References: <45F56BCD.725.10DE92CF@dan.langille.org>, <12150.160.33.20.11.1173726584.squirrel@webmail.nomadlogic.org> Message-ID: <45F59876.16899.118D05CE@dan.langille.org> On 12 Mar 2007 at 12:09, Peter Wright wrote: > > > resent, with a cc to the list > > > > On 12 Mar 2007 at 11:23, Peter Wright wrote: > > > >> sigh...i knew i should not have posted this question to the list > >> today...i've been waiting for this post.... > >> OP: "i have a question about X." > >> R1: "X sucks, use Y" > >> R2: "this is how i do it with Y" > >> > >> let alone i have my own reasons for using X, or that I'm experimenting > >> with X versus Y or what ever... > > > > Thread drift. Thread highjacking. Neither is much use in solving the > > original problem. > > > >> honestly, i was using ORDB as another layer of the onion...not that it > >> matters though.... > > > > Yep. > > > >> -pete wright > > > > On a more positive note, I believe you have a voucher to admission to > > > > a conference... unused from a previous year. > > > > yea i'm hoping to take you up on that for sure...although my girlfriends > birthday is May18th :( I'm hoping i can work something out with her > though ;) We have one guy bringing his wife for their anniversary... of course they're staying in the Chateau Laurier... -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php PGCon - The PostgreSQL Conference - http://www.pgcon.org/ From pete at nomadlogic.org Mon Mar 12 18:16:34 2007 From: pete at nomadlogic.org (Peter Wright) Date: Mon, 12 Mar 2007 15:16:34 -0700 (PDT) Subject: [nycbug-talk] Mondays In-Reply-To: <45F59876.16899.118D05CE@dan.langille.org> References: <45F56BCD.725.10DE92CF@dan.langille.org>, <12150.160.33.20.11.1173726584.squirrel@webmail.nomadlogic.org> <45F59876.16899.118D05CE@dan.langille.org> Message-ID: <23395.160.33.20.11.1173737794.squirrel@webmail.nomadlogic.org> > On 12 Mar 2007 at 12:09, Peter Wright wrote: > >> >> > resent, with a cc to the list >> > >> > On 12 Mar 2007 at 11:23, Peter Wright wrote: >> > >> >> sigh...i knew i should not have posted this question to the list >> >> today...i've been waiting for this post.... >> >> OP: "i have a question about X." >> >> R1: "X sucks, use Y" >> >> R2: "this is how i do it with Y" >> >> >> >> let alone i have my own reasons for using X, or that I'm >> experimenting >> >> with X versus Y or what ever... >> > >> > Thread drift. Thread highjacking. Neither is much use in solving the >> > original problem. >> > >> >> honestly, i was using ORDB as another layer of the onion...not that >> it >> >> matters though.... >> > >> > Yep. >> > >> >> -pete wright >> > >> > On a more positive note, I believe you have a voucher to admission to >> > >> > a conference... unused from a previous year. >> > >> >> yea i'm hoping to take you up on that for sure...although my girlfriends >> birthday is May18th :( I'm hoping i can work something out with her >> though ;) > > We have one guy bringing his wife for their anniversary... of course > they're staying in the Chateau Laurier... > > i'll have to try that on her...although i think if she heads back to canada any time soon it's going to be BC so she can see her family. -p -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From spork at bway.net Mon Mar 12 19:48:48 2007 From: spork at bway.net (Charles Sprickman) Date: Mon, 12 Mar 2007 19:48:48 -0400 (EDT) Subject: [nycbug-talk] some C help? In-Reply-To: <20070312205527.GH10311@clam.khaoz.org> References: <20070310212831.GF10311@clam.khaoz.org> <20070310213507.GI10311@clam.khaoz.org> <20070310171407.C87127@arbitor.digitalfreaks.org> <20070312205527.GH10311@clam.khaoz.org> Message-ID: On Mon, 12 Mar 2007, Okan Demirmen wrote: > On Mon 2007.03.12 at 15:29 -0400, Charles Sprickman wrote: >> Top posting, don't kill me... >> >> I had a busy weekend, so I did not get a chance to digest all this yet, >> but it looks like I should be able to get this going with all the >> information I've got so far. > > what would be interesting to know is if your situation matches that of > brian's. are you compiling a kernel without ipv6 support? Yessir: [spork at slimjim ~]$ grep INET /sys/i386/conf/ENO options INET # InterNETworking #options INET6 # IPv6 communications protocols Charles > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From lavalamp at spiritual-machines.org Mon Mar 12 21:22:23 2007 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Mon, 12 Mar 2007 21:22:23 -0400 (EDT) Subject: [nycbug-talk] some C help? In-Reply-To: References: <20070310212831.GF10311@clam.khaoz.org> <20070310213507.GI10311@clam.khaoz.org> <20070310171407.C87127@arbitor.digitalfreaks.org> <20070312205527.GH10311@clam.khaoz.org> Message-ID: <20070312212039.Q81037@arbitor.digitalfreaks.org> There's no harm (performance) in defaulting to a larger snaplen regardless of #ifdef INET6. If anything, it should be a runtime check against the interface type! Besides, shops that use tcpdump in extreme high performance environments are going to run a custom build out of Ports/Pkgsrc anyway, not the in-tree one. But I guess that's up to the maintainers. ~BAS On Mon, 12 Mar 2007, Charles Sprickman wrote: > On Mon, 12 Mar 2007, Okan Demirmen wrote: > >> On Mon 2007.03.12 at 15:29 -0400, Charles Sprickman wrote: >>> Top posting, don't kill me... >>> >>> I had a busy weekend, so I did not get a chance to digest all this yet, >>> but it looks like I should be able to get this going with all the >>> information I've got so far. >> >> what would be interesting to know is if your situation matches that of >> brian's. are you compiling a kernel without ipv6 support? > > Yessir: > > [spork at slimjim ~]$ grep INET /sys/i386/conf/ENO > options INET # InterNETworking > #options INET6 # IPv6 communications protocols > > Charles > >> _______________________________________________ >> % NYC*BUG talk mailing list >> http://lists.nycbug.org/mailman/listinfo/talk >> %Be sure to check out our Jobs and NYCBUG-announce lists >> %We meet the first Wednesday of the month >> > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when "helpdesk" meant nothing, "diskquota" meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were." From schmonz at schmonz.com Tue Mar 13 17:02:17 2007 From: schmonz at schmonz.com (Amitai Schlair) Date: Tue, 13 Mar 2007 17:02:17 -0400 Subject: [nycbug-talk] Scripting Question In-Reply-To: <20070309215803.GA11854@netmeister.org> References: <20070309192802.7575737326@arioch.imrryr.org> <184B0715C3D74243B86F872B55C340E703A90D7B@fsi32.fsidp.insidefsi.com> <20070309215803.GA11854@netmeister.org> Message-ID: <5DD61054-3687-4345-AD6A-0B7B3D737595@schmonz.com> On Mar 9, 2007, at 4:58 PM, Jan Schaumann wrote: > Kevin Reiter wrote: >> Sorry for the top post, but Outlook sucks (I have no choice here >> at work...) > > How exactly does Outlook force you to top post? More so, how does it > force you to do it with your full knowledge, against your will and > circumvents all the various actions you've attempted to not top post? > > It disables the "Select unused text and hit delete" functionality? http://home.in.tum.de/~jain/software/outlook-quotefix/ makes Outlook suck a little less. From KReiter at insidefsi.net Wed Mar 14 09:17:09 2007 From: KReiter at insidefsi.net (Kevin Reiter) Date: Wed, 14 Mar 2007 09:17:09 -0400 Subject: [nycbug-talk] Scripting Question In-Reply-To: <5DD61054-3687-4345-AD6A-0B7B3D737595@schmonz.com> Message-ID: <184B0715C3D74243B86F872B55C340E703A90E40@fsi32.fsidp.insidefsi.com> -----Original Message----- From: talk-bounces at lists.nycbug.org [mailto:talk-bounces at lists.nycbug.org]On Behalf Of Amitai Schlair Sent: Tuesday, March 13, 2007 5:02 PM To: talk at lists.nycbug.org Subject: Re: [nycbug-talk] Scripting Question On Mar 9, 2007, at 4:58 PM, Jan Schaumann wrote: > Kevin Reiter wrote: >> Sorry for the top post, but Outlook sucks (I have no choice here >> at work...) > > How exactly does Outlook force you to top post? More so, how does it > force you to do it with your full knowledge, against your will and > circumvents all the various actions you've attempted to not top post? > > It disables the "Select unused text and hit delete" functionality? http://home.in.tum.de/~jain/software/outlook-quotefix/ makes Outlook suck a little less. _______________________________________________ Not found.. (404) This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed. If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. From KReiter at insidefsi.net Wed Mar 14 09:35:36 2007 From: KReiter at insidefsi.net (Kevin Reiter) Date: Wed, 14 Mar 2007 09:35:36 -0400 Subject: [nycbug-talk] Scripting Question In-Reply-To: <184B0715C3D74243B86F872B55C340E703A90E40@fsi32.fsidp.insidefsi.com> Message-ID: <184B0715C3D74243B86F872B55C340E703A90E41@fsi32.fsidp.insidefsi.com> talk-bounces at lists.nycbug.org wrote: : -----Original Message----- : From: talk-bounces at lists.nycbug.org : [mailto:talk-bounces at lists.nycbug.org]On Behalf Of Amitai Schlair : Sent: Tuesday, March 13, 2007 5:02 PM : To: talk at lists.nycbug.org : Subject: Re: [nycbug-talk] Scripting Question : : : On Mar 9, 2007, at 4:58 PM, Jan Schaumann wrote: : :: Kevin Reiter wrote: ::: Sorry for the top post, but Outlook sucks (I have no choice here ::: at work...) :: :: How exactly does Outlook force you to top post? More so, how does it :: force you to do it with your full knowledge, against your will and :: circumvents all the various actions you've attempted to not top post? :: :: It disables the "Select unused text and hit delete" functionality? : : http://home.in.tum.de/~jain/software/outlook-quotefix/ makes Outlook : suck a little less. : _______________________________________________ : : Not found.. (404) : : This message may contain confidential or proprietary information and : is intended solely for the individual(s) to whom it is addressed. If : you are not a named addressee you should not disseminate, distribute : or copy this e-mail or act upon the information contained herein. : Please notify the sender immediately by e-mail if you have received : this e-mail by mistake and delete this e-mail from your system. : OK, found it :) Anyone know how to fix the "talk-bounces at lists.nycbug.org wrote:" portion? -Kev From yusuke at cs.nyu.edu Wed Mar 14 10:10:08 2007 From: yusuke at cs.nyu.edu (Yusuke Shinyama) Date: Wed, 14 Mar 2007 10:10:08 -0400 Subject: [nycbug-talk] How common is blocking outbound 25/tcp? (Re: AsiaBSDCon!!!!) In-Reply-To: References: <45F22B7E.7040703@ceetonetechnology.com> <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> <20070310050229.18878.16427.yusuke@mango.cs.nyu.edu> Message-ID: <20070314141008.11214.37938.yusuke@mango.cs.nyu.edu> Speaking of Japan, although I'm away from admin jobs there for several years, I've heard blocking outbound 25/tcp is fairly pervasive in the most major Japanese ISPs now. I'm curious how this is common in the US or any other country. Does anyone have any experience or statistics on this topic? Googling with the related keywords mostly pops up Japanese pages, but seems like not many US ISPs are doing this... Is there any reason behind? Thanks Yusuke From lego at therac25.net Wed Mar 14 10:24:11 2007 From: lego at therac25.net (Andy Michaels) Date: Wed, 14 Mar 2007 10:24:11 -0400 (EDT) Subject: [nycbug-talk] How common is blocking outbound 25/tcp? (Re: AsiaBSDCon!!!!) In-Reply-To: <20070314141008.11214.37938.yusuke@mango.cs.nyu.edu> References: <45F22B7E.7040703@ceetonetechnology.com> <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> <20070310050229.18878.16427.yusuke@mango.cs.nyu.edu> <20070314141008.11214.37938.yusuke@mango.cs.nyu.edu> Message-ID: No statistics, only anecdotes here! I've been on 3 ISPs in the last 10 years. 2 of them were "big ISPs" and they blocked port 25 outbound a few years ago. CableVision and TimeWarner Cable. The third was a small, local ISP and they let me do just about anything I wanted to do. They also ran FreeBSD :) Anyway, from my experience, it's pretty common in the states. -Andy On Wed, 14 Mar 2007, Yusuke Shinyama wrote: > Speaking of Japan, although I'm away from admin jobs there for > several years, I've heard blocking outbound 25/tcp is fairly > pervasive in the most major Japanese ISPs now. I'm curious how > this is common in the US or any other country. Does anyone have > any experience or statistics on this topic? Googling with the > related keywords mostly pops up Japanese pages, but seems like not > many US ISPs are doing this... Is there any reason behind? > > Thanks > Yusuke > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From pete at nomadlogic.org Wed Mar 14 13:39:01 2007 From: pete at nomadlogic.org (Peter Wright) Date: Wed, 14 Mar 2007 10:39:01 -0700 (PDT) Subject: [nycbug-talk] Mailing List Netiquette Message-ID: <26941.160.33.20.11.1173893941.squirrel@webmail.nomadlogic.org> Hi All, I've been noticing a fair amount of new traffic on talk@ and thought it'd be a good time to remind everyone about our mailing list ground rules. NYCBUG pretty much adheres to standard *BSD mailing list netiquette: http://www.nycbug.org/index.php?NAV=MailingLists Basically it boils down to this: - respect your peers - keep threads on topic, if the thread topic changes update the subject to reflect this - don't top post (my favorite ;) - have fun! I think talk@ is probably one of the best tech mailing lists I'm subscribed to, and I hope by sticking to these guidelines we can keep our little corner of the net a nicer place to slack off during business hours for a long time to come :^) -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From mspitzer at gmail.com Wed Mar 14 13:44:35 2007 From: mspitzer at gmail.com (Marc Spitzer) Date: Wed, 14 Mar 2007 13:44:35 -0400 Subject: [nycbug-talk] How common is blocking outbound 25/tcp? (Re: AsiaBSDCon!!!!) In-Reply-To: References: <45F22B7E.7040703@ceetonetechnology.com> <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> <20070310050229.18878.16427.yusuke@mango.cs.nyu.edu> <20070314141008.11214.37938.yusuke@mango.cs.nyu.edu> Message-ID: <8c50a3c30703141044l18cad9adif18401bae81f6813@mail.gmail.com> Yup they do that, for a couple of resasons: 1: when you have a large bunch of admin illeterats, normal home users, there will be a solid chunk that are owned by bots. So you force them to funnel their email through your servers and spam/virus check them and or rate limit them(no you can not send 500 emails/minute). This prevents you from getting blacklisted, again, mebey. ok one reason. marc On 3/14/07, Andy Michaels wrote: > No statistics, only anecdotes here! I've been on 3 ISPs in the last 10 > years. 2 of them were "big ISPs" and they blocked port 25 outbound a few > years ago. CableVision and TimeWarner Cable. The third was a small, > local ISP and they let me do just about anything I wanted to do. They > also ran FreeBSD :) > > Anyway, from my experience, it's pretty common in the states. > > -Andy > > On Wed, 14 Mar 2007, Yusuke Shinyama wrote: > > > Speaking of Japan, although I'm away from admin jobs there for > > several years, I've heard blocking outbound 25/tcp is fairly > > pervasive in the most major Japanese ISPs now. I'm curious how > > this is common in the US or any other country. Does anyone have > > any experience or statistics on this topic? Googling with the > > related keywords mostly pops up Japanese pages, but seems like not > > many US ISPs are doing this... Is there any reason behind? > > > > Thanks > > Yusuke > > _______________________________________________ > > % NYC*BUG talk mailing list > > http://lists.nycbug.org/mailman/listinfo/talk > > %Be sure to check out our Jobs and NYCBUG-announce lists > > %We meet the first Wednesday of the month > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- Freedom is nothing but a chance to be better. Albert Camus From brian.mcgonigle at gmail.com Wed Mar 14 14:17:06 2007 From: brian.mcgonigle at gmail.com (Brian McGonigle) Date: Wed, 14 Mar 2007 14:17:06 -0400 Subject: [nycbug-talk] Looking for a good NIC Message-ID: <816A685E-3D7B-4100-B25A-59CCEE29D560@gmail.com> Hi All, I'm trying to find a very good pci-express NIC. We've started buying HP DL360G5's and we're running into problems with the bce NIC. We're considering buying new NIC's but I'd like to find something with no known issues. Also, has anyone worked with the DL360G5's or know of a rock-solid NIC? We're using FreeBSD 6.2 on x86_64 Intel Xeons. Thanks, Brian From lego at therac25.net Wed Mar 14 14:41:25 2007 From: lego at therac25.net (Andy Michaels) Date: Wed, 14 Mar 2007 14:41:25 -0400 (EDT) Subject: [nycbug-talk] Looking for a good NIC In-Reply-To: <816A685E-3D7B-4100-B25A-59CCEE29D560@gmail.com> References: <816A685E-3D7B-4100-B25A-59CCEE29D560@gmail.com> Message-ID: On Wed, 14 Mar 2007, Brian McGonigle wrote: > Hi All, > > I'm trying to find a very good pci-express NIC. We've started buying > HP DL360G5's and we're running into problems with the bce NIC. We're > considering buying new NIC's but I'd like to find something with no > known issues. Also, has anyone worked with the DL360G5's or know of a > rock-solid NIC? We're using FreeBSD 6.2 on x86_64 Intel Xeons. > > Thanks, > Brian > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > Brian, you can try http://www.small-tree.com They carry a line of intel based ethernet adapters (PCI-e) and have a 4-port and 6-port model. We just put a 6-port model in one of our new Xeon-based XServes. I haven't had a chance to play with it yet :( The cards are supported under a variety of OSes including FreeBSD 4.x or later and NetBSD 1.6x and later. Company-wise, they're pretty cool to work with, too. We're also investigating their AoE solution as a replacement for our SAN. If anyone is interested I can post our findings. -Andy From mikel.king at techally.com Wed Mar 14 15:29:54 2007 From: mikel.king at techally.com (Mikel King) Date: Wed, 14 Mar 2007 15:29:54 -0400 Subject: [nycbug-talk] Looking for a good NIC In-Reply-To: <816A685E-3D7B-4100-B25A-59CCEE29D560@gmail.com> References: <816A685E-3D7B-4100-B25A-59CCEE29D560@gmail.com> Message-ID: <256A0498-20EA-48DC-9D0F-0B66169AEBAA@techally.com> On Mar 14, 2007, at 2:17 PM, Brian McGonigle wrote: > Hi All, > > I'm trying to find a very good pci-express NIC. We've started buying > HP DL360G5's and we're running into problems with the bce NIC. We're > considering buying new NIC's but I'd like to find something with no > known issues. Also, has anyone worked with the DL360G5's or know of a > rock-solid NIC? We're using FreeBSD 6.2 on x86_64 Intel Xeons. > > Thanks, > Brian I've been dropping in Intel server nic in lieu of the on board bce ones found on these Dells. Cheers, m! From anthony.elizondo at gmail.com Wed Mar 14 15:47:52 2007 From: anthony.elizondo at gmail.com (Anthony Elizondo) Date: Wed, 14 Mar 2007 15:47:52 -0400 Subject: [nycbug-talk] Looking for a good NIC In-Reply-To: <816A685E-3D7B-4100-B25A-59CCEE29D560@gmail.com> References: <816A685E-3D7B-4100-B25A-59CCEE29D560@gmail.com> Message-ID: On 3/14/07, Brian McGonigle wrote: > Hi All, > > I'm trying to find a very good pci-express NIC. We've started buying > HP DL360G5's and we're running into problems with the bce NIC. We're > considering buying new NIC's but I'd like to find something with no > known issues. Also, has anyone worked with the DL360G5's or know of a > rock-solid NIC? We're using FreeBSD 6.2 on x86_64 Intel Xeons. What sort of problems are you having? We run a lot of 360G5s, but under RedHat, and they are pretty stable. For bge problems under FreeBSD, see http://www.mail-archive.com/freebsd-stable at freebsd.org/msg86660.html > Thanks, > Brian Anthony From brian.mcgonigle at gmail.com Wed Mar 14 17:13:51 2007 From: brian.mcgonigle at gmail.com (Brian McGonigle) Date: Wed, 14 Mar 2007 17:13:51 -0400 Subject: [nycbug-talk] Looking for a good NIC In-Reply-To: References: <816A685E-3D7B-4100-B25A-59CCEE29D560@gmail.com> Message-ID: <8e835900703141413o5e491a8by8f3aa571762ca82b@mail.gmail.com> On 3/14/07, Anthony Elizondo wrote: > > On 3/14/07, Brian McGonigle wrote: > > Hi All, > > > > I'm trying to find a very good pci-express NIC. We've started buying > > HP DL360G5's and we're running into problems with the bce NIC. We're > > considering buying new NIC's but I'd like to find something with no > > known issues. Also, has anyone worked with the DL360G5's or know of a > > rock-solid NIC? We're using FreeBSD 6.2 on x86_64 Intel Xeons. > > What sort of problems are you having? We run a lot of 360G5s, but > under RedHat, and they are pretty stable. > > For bge problems under FreeBSD, see > http://www.mail-archive.com/freebsd-stable at freebsd.org/msg86660.html > > > Thanks, > > Brian > > Anthony > We've just started seeing the connectivity drop on 5 new DL360G5's (bce driver) we installed 2 weeks ago. We haven't had any problems on the linux side. We've also experienced problems getting a dhcp address during installation when using the bge driver. We use an Intel Pro/1000 CT for installing with dhcp or a static IP with the bge drive. There's open issues with both the bce and em drivers so we're looking to avoid them both. http://www.freebsd.org/releases/6.2R/todo.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at intricatesoftware.com Wed Mar 14 17:40:08 2007 From: lists at intricatesoftware.com (Kurt Miller) Date: Wed, 14 Mar 2007 17:40:08 -0400 Subject: [nycbug-talk] openbsd.nyi.net status Message-ID: <200703141740.09240.lists@intricatesoftware.com> Hi, openbsd.nyi.net which hosts anoncvs.nyc.openbsd.org and ftp.nyc.openbsd.org is down. is the person responsible aware of this? Thanks, -Kurt From george at ceetonetechnology.com Wed Mar 14 17:47:57 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 14 Mar 2007 17:47:57 -0400 Subject: [nycbug-talk] openbsd.nyi.net status In-Reply-To: <200703141740.09240.lists@intricatesoftware.com> References: <200703141740.09240.lists@intricatesoftware.com> Message-ID: <12A9D85B-C37C-472A-913E-5E72CA4C68BD@ceetonetechnology.com> On Mar 14, 2007, at 5:40 PM, Kurt Miller wrote: > Hi, > > openbsd.nyi.net which hosts anoncvs.nyc.openbsd.org and > ftp.nyc.openbsd.org is down. is the person responsible > aware of this? Yes. . . We'll let everyone know when it's back up . . . . probably in the am tomorrow. Sorry for the inconvenience. George From okan at demirmen.com Wed Mar 14 17:52:24 2007 From: okan at demirmen.com (Okan Demirmen) Date: Wed, 14 Mar 2007 17:52:24 -0400 Subject: [nycbug-talk] openbsd.nyi.net status In-Reply-To: <200703141740.09240.lists@intricatesoftware.com> References: <200703141740.09240.lists@intricatesoftware.com> Message-ID: <20070314215224.GX11545@clam.khaoz.org> On Wed 2007.03.14 at 17:40 -0400, Kurt Miller wrote: > Hi, > > openbsd.nyi.net which hosts anoncvs.nyc.openbsd.org and > ftp.nyc.openbsd.org is down. is the person responsible > aware of this? yes mickey is aware and we'll be getting down to the colo shortly. From spork at bway.net Wed Mar 14 23:21:22 2007 From: spork at bway.net (Charles Sprickman) Date: Wed, 14 Mar 2007 23:21:22 -0400 (EDT) Subject: [nycbug-talk] FreeBSD USB debug info Message-ID: Hi all, I'm (trying) to help one of the NUT (http://www.networkupstools.org) developers squash some bugs, get friendly with FreeBSD, and get support for a TrippLite USB UPS here. He's making some excellent progress... I was digging around the uhid.c source on FreeBSD 6.2 and saw some #defines for debugging. This would probably help him a whole lot. Example: #ifdef USB_DEBUG #define DPRINTF(x) if (uhiddebug) logprintf x #define DPRINTFN(n,x) if (uhiddebug>(n)) logprintf x int uhiddebug = 0; SYSCTL_NODE(_hw_usb, OID_AUTO, uhid, CTLFLAG_RW, 0, "USB uhid"); SYSCTL_INT(_hw_usb_uhid, OID_AUTO, debug, CTLFLAG_RW, &uhiddebug, 0, "uhid debug level"); #else #define DPRINTF(x) #define DPRINTFN(n,x) #endif I don't see anything in NOTES about this. How do you build this particular driver/module with USB_DEBUG defined? Just a "-DUSB_DEBUG=1" on a "make buildkernel"? Also, would it be possible to just build the uhid module without rebuilding the whole kernel? I think he's got a fairly slow box for FBSD and I'd like to make this experience as painless as possible... Thanks, Charles From skreuzer at f2o.org Wed Mar 14 23:32:17 2007 From: skreuzer at f2o.org (Steven Kreuzer) Date: Wed, 14 Mar 2007 23:32:17 -0400 Subject: [nycbug-talk] FreeBSD USB debug info In-Reply-To: References: Message-ID: <5F942C1F-1CF9-4BF8-99C2-455D684078AD@f2o.org> On Mar 14, 2007, at 11:21 PM, Charles Sprickman wrote: > > > I don't see anything in NOTES about this. How do you build this > particular driver/module with USB_DEBUG defined? Just a "- > DUSB_DEBUG=1" > on a "make buildkernel"? Also, would it be possible to just build the > uhid module without rebuilding the whole kernel? I think he's got a > fairly slow box for FBSD and I'd like to make this experience as > painless > as possible... Stick the following into your kernel conf: options USB_DEBUG makeoptions DEBUG=-g and then rebuild and reinstall your kernel Keep on hacking...... SK From thenorthsecedes at gmail.com Wed Mar 14 23:33:15 2007 From: thenorthsecedes at gmail.com (Eric Lee) Date: Wed, 14 Mar 2007 23:33:15 -0400 Subject: [nycbug-talk] Edward Tufte - Presenting Data And Information Message-ID: Hello, I am planning to attend the Edward Tufte 'Presenting Data And Information' one day course next month at the Manhattan Center. While browsing the 'courses' section of his site, I noticed this clause: "The fee for the one-day course is $380 per person. [...] Groups of 10 or more, registering simultaneously, receive a 25% discount. " Course site: http://www.edwardtufte.com/tufte/courses Dates: Tue, Apr-24; Wed, Apr-25, Fri, Apr-26 The cost per individual with the group discount would be $285. The cost as a student is $200 ( $150 w/ group discount ). Sorry for spamming the list with this request, but I just thought it would be a shame if nine other people were silently planning to attend. I'm beginning to gain an interest in Information Design and this seems like a decent way to learn a bit about it from a practitioner. And no, this is not a web design course. If any of you have done his course in the past and have negative impressions of it, please let me know so that I may redirect these funds towards Wii games, energy drinks and/or a kurobox. You may now begin the hurling of rotten vegetables in my general direction. /eric From lego at therac25.net Wed Mar 14 23:43:14 2007 From: lego at therac25.net (Andy Michaels) Date: Wed, 14 Mar 2007 23:43:14 -0400 Subject: [nycbug-talk] Edward Tufte - Presenting Data And Information In-Reply-To: References: Message-ID: <9edbf3a93a0670d03212c27ae7283090@therac25.net> On Mar 14, 2007, at 11:33 PM, Eric Lee wrote: > Hello, > > I am planning to attend the Edward Tufte 'Presenting Data And > Information' one day course next month at the Manhattan Center. > While browsing the 'courses' section of his site, I noticed this > clause: > > "The fee for the one-day course is $380 per person. [...] Groups of > 10 or more, registering simultaneously, receive a 25% discount. " > > Course site: http://www.edwardtufte.com/tufte/courses > Dates: Tue, Apr-24; Wed, Apr-25, Fri, Apr-26 > > The cost per individual with the group discount would be $285. The > cost as a student is $200 ( $150 w/ group discount ). > > Sorry for spamming the list with this request, but I just thought it > would be a shame if nine other people were silently planning to > attend. I'm beginning to gain an interest in Information Design and > this seems like a decent way to learn a bit about it from a > practitioner. And no, this is not a web design course. If any of you > have done his course in the past and have negative impressions of it, > please let me know so that I may redirect these funds towards Wii > games, energy drinks and/or a kurobox. > > You may now begin the hurling of rotten vegetables in my general > direction. > > /eric Tufte is the master. I have read 3 of his books and try to use the principles therein in all my data graphics. Unfortunately, I can't make it to the class. I'm sure it's a good session, though! Enjoy. small multiples! -Andy > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month From mspitzer at gmail.com Thu Mar 15 02:05:47 2007 From: mspitzer at gmail.com (Marc Spitzer) Date: Thu, 15 Mar 2007 02:05:47 -0400 Subject: [nycbug-talk] Edward Tufte - Presenting Data And Information In-Reply-To: <9edbf3a93a0670d03212c27ae7283090@therac25.net> References: <9edbf3a93a0670d03212c27ae7283090@therac25.net> Message-ID: <8c50a3c30703142305n7df5a7a1va17e7c85fbe85350@mail.gmail.com> On 3/14/07, Andy Michaels wrote: > > On Mar 14, 2007, at 11:33 PM, Eric Lee wrote: > > > Hello, > > > > I am planning to attend the Edward Tufte 'Presenting Data And > > Information' one day course next month at the Manhattan Center. > > While browsing the 'courses' section of his site, I noticed this > > clause: > > > > "The fee for the one-day course is $380 per person. [...] Groups of > > 10 or more, registering simultaneously, receive a 25% discount. " > > > > Course site: http://www.edwardtufte.com/tufte/courses > > Dates: Tue, Apr-24; Wed, Apr-25, Fri, Apr-26 > > > > The cost per individual with the group discount would be $285. The > > cost as a student is $200 ( $150 w/ group discount ). > > > > Sorry for spamming the list with this request, but I just thought it > > would be a shame if nine other people were silently planning to > > attend. I'm beginning to gain an interest in Information Design and > > this seems like a decent way to learn a bit about it from a > > practitioner. And no, this is not a web design course. If any of you > > have done his course in the past and have negative impressions of it, > > please let me know so that I may redirect these funds towards Wii > > games, energy drinks and/or a kurobox. > > > > You may now begin the hurling of rotten vegetables in my general > > direction. > > > > /eric > > Tufte is the master. I have read 3 of his books and try to use the > principles therein in all my data graphics. Unfortunately, I can't > make it to the class. I'm sure it's a good session, though! Enjoy. > > small multiples! He does a good job, I caught his course at BNL on long island. marc -- Freedom is nothing but a chance to be better. Albert Camus From stucchi at willystudios.com Thu Mar 15 04:39:54 2007 From: stucchi at willystudios.com (Massimiliano Stucchi) Date: Thu, 15 Mar 2007 09:39:54 +0100 Subject: [nycbug-talk] How common is blocking outbound 25/tcp? (Re: AsiaBSDCon!!!!) In-Reply-To: <20070314141008.11214.37938.yusuke@mango.cs.nyu.edu> References: <45F22B7E.7040703@ceetonetechnology.com> <518A411B-1EC7-4219-90D7-4BB5EC45DADB@lesmuug.org> <20070310034828.GA20157@mail.scottro.net> <20070310050229.18878.16427.yusuke@mango.cs.nyu.edu> <20070314141008.11214.37938.yusuke@mango.cs.nyu.edu> Message-ID: <20070315083954.GH25491@willystudios.com> On 140307, 10:10, Yusuke Shinyama wrote: > Speaking of Japan, although I'm away from admin jobs there for > several years, I've heard blocking outbound 25/tcp is fairly > pervasive in the most major Japanese ISPs now. I'm curious how > this is common in the US or any other country. Does anyone have > any experience or statistics on this topic? Googling with the > related keywords mostly pops up Japanese pages, but seems like not > many US ISPs are doing this... Is there any reason behind? One of the major ISPs down here in Italy does so. Needless to say, it causes _big_ headhaches to his customers. Ciao -- Massimiliano Stucchi, CTO & Director of Operations WillyStudios.com - IT Consulting, Web and VoIP Services stucchi at willystudios.com | Tel (+39) 0244417203 | Fax (+39) 0244417204 IT-20040, Carnate (Milano), via Carducci 9 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From chris at chrisclymer.com Thu Mar 15 08:11:59 2007 From: chris at chrisclymer.com (Chris Clymer) Date: Thu, 15 Mar 2007 08:11:59 -0400 Subject: [nycbug-talk] Remote Vuln found in OpenBSD Message-ID: http://www.coresecurity.com/index.php5? module=ContentMod&action=item&id=1703 From skreuzer at f2o.org Thu Mar 15 12:16:51 2007 From: skreuzer at f2o.org (Steven Kreuzer) Date: Thu, 15 Mar 2007 12:16:51 -0400 Subject: [nycbug-talk] Enterprise BSD Success / Failure Stories Message-ID: <4BD51B09-15A0-4962-A8D3-F742C50ABC25@f2o.org> Greetings- For an upcoming NYCBUG meeting, we would like to find a few people with stories of running BSD in production. Have you ever either replaced an existing solution with BSD, or were forced to replace a BSD solution? For instance, replacing a commercial load balancing product with two openbsd machines running carp, replacing some blackbox spam filter with spamd or having to migrate to Linux because MySQL underperforms on FreeBSD. The overall goal of the talk would not be so much of a "this is how we setup spamd", but more along the lines of these are the real world actual results of running spamd in production. The talk would outline the issues they were having with the existing solution, migration paths they evaluated and the results of those evaluations and how their current solution is performing. If you have a story to share and would like to give a presentation of your experience, please send us a short description of what happened to admin at nycbug.org. We are hoping to find 3 or 4 people. Thanks SK From carton at Ivy.NET Thu Mar 15 12:45:05 2007 From: carton at Ivy.NET (Miles Nordin) Date: Thu, 15 Mar 2007 12:45:05 -0400 Subject: [nycbug-talk] Looking for a good NIC In-Reply-To: <8e835900703141413o5e491a8by8f3aa571762ca82b@mail.gmail.com> (Brian McGonigle's message of "Wed, 14 Mar 2007 17:13:51 -0400") References: <816A685E-3D7B-4100-B25A-59CCEE29D560@gmail.com> <8e835900703141413o5e491a8by8f3aa571762ca82b@mail.gmail.com> Message-ID: >>>>> "bm" == Brian McGonigle writes: bm> We've just started seeing the connectivity drop on 5 new bm> DL360G5's (bce driver) we installed 2 weeks ago. these bge stories remind me of the tulip (tlp/dc) disaster after Intel bought the core from Digital and then started pimping it like a cheap crack whore to all those chip-of-the-month-club companies. The original Digital parts were the best 100Mbit/s cores of the time and I think appeared secretly inside a lot of Cisco stuff. but then the crappy cards flooded the market, the drivers bulged with workarounds, and the knockoff companies started coming and going so fast that, even if you found a decent knockoff, you couldn't get the same one six months later. thus the Tulip reputation became meaningless, or worse. What about the Realtek 8169S gigabit chip that de Raadt likes so much? Even if it were not quite as performant as em/wm or bge, something that could avoid all this chip-stepping garbage would be worth it. Maybe if you get a decent chip that _starts_ its life made by a cheap knockoff company, it won't decay into crappyness as it matures. We may as well embrace the inevitable future of hardware, especially if we're already using PeeCee crap anyway. Does anyone have some horror stories about re(4)? or know where to get quad-8169S cards? I think it is not PCIe, which may kill it for many people already. http://www.openbsd.org/cgi-bin/man.cgi?query=re&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html o Buffalo LGY-PCI-GT (8169S) o Corega CG-LAPCIGT (8169S) o D-Link DGE-528T (8169S) o Gigabyte 7N400 Pro2 Integrated Gigabit Ethernet (8110S) o LevelOne GNC-0105T (8169S) o Linksys EG1032v3 (8169S) o Netgear GA311 (8169S) o Netgear GA511 PC Card (8169) o PLANEX COMMUNICATIONS Inc. GN-1200TC (8169S) o Surecom EP-320G-TX1 (8169S) o US Robotics USR997902 (8169S) ...of course in the real future we will all use HyperTransport-to-InfiniPath bridges as NICs, and debate the merits of various TCP-to-SCTP Translating Load Balancers. For future reference, this is pronounced TiSCToLB. :) but in the mean time, yeah, what cheap chip works? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From brian.mcgonigle at gmail.com Thu Mar 15 13:25:25 2007 From: brian.mcgonigle at gmail.com (Brian McGonigle) Date: Thu, 15 Mar 2007 13:25:25 -0400 Subject: [nycbug-talk] Looking for a good NIC In-Reply-To: References: <816A685E-3D7B-4100-B25A-59CCEE29D560@gmail.com> <8e835900703141413o5e491a8by8f3aa571762ca82b@mail.gmail.com> Message-ID: <08DE6B91-E125-4622-B7B6-18FC7227D140@gmail.com> On Mar 15, 2007, at 12:45 PM, Miles Nordin wrote: >>>>>> "bm" == Brian McGonigle writes: > > bm> We've just started seeing the connectivity drop on 5 new > bm> DL360G5's (bce driver) we installed 2 weeks ago. > > these bge stories remind me of the tulip (tlp/dc) disaster after Intel > bought the core from Digital and then started pimping it like a cheap > crack whore to all those chip-of-the-month-club companies. The > original Digital parts were the best 100Mbit/s cores of the time and I > think appeared secretly inside a lot of Cisco stuff. but then the > crappy cards flooded the market, the drivers bulged with workarounds, > and the knockoff companies started coming and going so fast that, even > if you found a decent knockoff, you couldn't get the same one six > months later. thus the Tulip reputation became meaningless, or worse. > > What about the Realtek 8169S gigabit chip that de Raadt likes so much? > > Even if it were not quite as performant as em/wm or bge, something > that could avoid all this chip-stepping garbage would be worth it. > Maybe if you get a decent chip that _starts_ its life made by a cheap > knockoff company, it won't decay into crappyness as it matures. We > may as well embrace the inevitable future of hardware, especially if > we're already using PeeCee crap anyway. > > Does anyone have some horror stories about re(4)? or know where to > get quad-8169S cards? I think it is not PCIe, which may kill it for > many people already. > > http://www.openbsd.org/cgi-bin/man.cgi? > query=re&apropos=0&sektion=4&manpath=OpenBSD > +Current&arch=i386&format=html > > o Buffalo LGY-PCI-GT (8169S) > o Corega CG-LAPCIGT (8169S) > o D-Link DGE-528T (8169S) > o Gigabyte 7N400 Pro2 Integrated Gigabit Ethernet (8110S) > o LevelOne GNC-0105T (8169S) > o Linksys EG1032v3 (8169S) > o Netgear GA311 (8169S) > o Netgear GA511 PC Card (8169) > o PLANEX COMMUNICATIONS Inc. GN-1200TC (8169S) > o Surecom EP-320G-TX1 (8169S) > o US Robotics USR997902 (8169S) > > ...of course in the real future we will all use > HyperTransport-to-InfiniPath bridges as NICs, and debate the merits of > various TCP-to-SCTP Translating Load Balancers. For future reference, > this is pronounced TiSCToLB. :) > > but in the mean time, yeah, what cheap chip works? > _______________________________________________ I'm waiting for a couple of D-Link DGE-560T's (nce) to arrive and start testing, but we might go with the more expense HP NC320T (bge) which we already have. I mentioned before that I can't get dhcp during the install with bge cards so I'm holding out for the D-Links. I'll share my experiences with the D-Link soon. Thanks, Brian From spork at bway.net Thu Mar 15 16:26:59 2007 From: spork at bway.net (Charles Sprickman) Date: Thu, 15 Mar 2007 16:26:59 -0400 (EDT) Subject: [nycbug-talk] FreeBSD USB debug info In-Reply-To: <5F942C1F-1CF9-4BF8-99C2-455D684078AD@f2o.org> References: <5F942C1F-1CF9-4BF8-99C2-455D684078AD@f2o.org> Message-ID: On Wed, 14 Mar 2007, Steven Kreuzer wrote: > On Mar 14, 2007, at 11:21 PM, Charles Sprickman wrote: >> >> >> I don't see anything in NOTES about this. How do you build this >> particular driver/module with USB_DEBUG defined? Just a "- >> DUSB_DEBUG=1" >> on a "make buildkernel"? Also, would it be possible to just build the >> uhid module without rebuilding the whole kernel? I think he's got a >> fairly slow box for FBSD and I'd like to make this experience as >> painless >> as possible... > > > Stick the following into your kernel conf: > > options USB_DEBUG > makeoptions DEBUG=-g > > and then rebuild and reinstall your kernel > > Keep on hacking...... Thanks, man! I've passed that on. No complaints yet, so I'll assume it worked. :) Charles > SK > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From omar at westside.urbanblight.com Fri Mar 16 11:14:04 2007 From: omar at westside.urbanblight.com (Omar Thameen) Date: Fri, 16 Mar 2007 11:14:04 -0400 Subject: [nycbug-talk] Wanted: graphics designer for small website Message-ID: <20070316151404.GD59499@biglist.com> Hi, I'm looking for someone to put together a front page and one interior template/page (both with CSS). If you can do this, or if you know someone who does good work, please see the details below. The elements are: * Banner with logo, name, and tag line (these three items have been created already) * Sign up form for mailing list - "Please let me know when this product becomes available." (You don't need to provide the actual cgi, just design it in.) * Email address for contact * Product info: either J. Peterman style picture (which we'd want you to produce) or paragraph description What we'd be looking for is to integrate those elements into a single page in a design which reflects the product. The product is a variation on socks (we'll obviously provide more details later). It would need to be finished within the next 7-10 days. If interested, please email with any questions, a link to sites you have designed, and a quote. Thanks, Omar From george at ceetonetechnology.com Fri Mar 16 11:16:59 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 16 Mar 2007 11:16:59 -0400 Subject: [nycbug-talk] Wanted: graphics designer for small website In-Reply-To: <20070316151404.GD59499@biglist.com> References: <20070316151404.GD59499@biglist.com> Message-ID: <45FAB4EB.6080702@ceetonetechnology.com> Omar Thameen wrote: > Hi, > > I'm looking for someone to put together a front page and one interior > template/page (both with CSS). If you can do this, or if you know > someone who does good work, please see the details below. > > The elements are: > > * Banner with logo, name, and tag line (these three items have been > created already) > * Sign up form for mailing list - "Please let me know when this > product becomes available." (You don't need to provide the actual > cgi, just design it in.) > * Email address for contact > * Product info: either J. Peterman style picture (which we'd want > you to produce) or paragraph description > > What we'd be looking for is to integrate those elements into a > single page in a design which reflects the product. The product > is a variation on socks (we'll obviously provide more details > later). > > It would need to be finished within the next 7-10 days. > > If interested, please email with any questions, a link to sites > you have designed, and a quote. > > Thanks, > Omar Wrong list Omar: jobs on lists.nycbug.org And generally, these lists are not saturated with graphic designers, if you've noticed. George From george at ceetonetechnology.com Fri Mar 16 11:28:01 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 16 Mar 2007 11:28:01 -0400 Subject: [nycbug-talk] NYU Message-ID: <45FAB781.9060603@ceetonetechnology.com> If anyone from the list is a student, faculty member or staff at NYU, please contact me off list. George From omar at westside.urbanblight.com Fri Mar 16 11:36:49 2007 From: omar at westside.urbanblight.com (Omar Thameen) Date: Fri, 16 Mar 2007 11:36:49 -0400 Subject: [nycbug-talk] Wanted: graphics designer for small website In-Reply-To: <45FAB4EB.6080702@ceetonetechnology.com> References: <20070316151404.GD59499@biglist.com> <45FAB4EB.6080702@ceetonetechnology.com> Message-ID: <20070316153649.GE59499@biglist.com> On Fri, Mar 16, 2007 at 11:16:59AM -0400, George Rosamond wrote: > Omar Thameen wrote: > > Hi, > > > > I'm looking for someone to put together a front page and one interior > > template/page (both with CSS). If you can do this, or if you know > > someone who does good work, please see the details below. [...] > > Wrong list Omar: > > jobs on lists.nycbug.org > > And generally, these lists are not saturated with graphic designers, if > you've noticed. > > George Apologies to all. Tech people (myself included) are pretty particular, so I was mostly hoping someone might have a good reference, but I understand the objection. Omar From ike at lesmuug.org Tue Mar 20 22:45:14 2007 From: ike at lesmuug.org (Isaac Levy) Date: Tue, 20 Mar 2007 22:45:14 -0400 Subject: [nycbug-talk] AsiaBSDCon, pics, highlights Message-ID: Hi All, On Mar 9, 2007, at 10:24 PM, Isaac Levy wrote: > I'm taking boatloads of pics, will try to figure out how/where to > post them, and will make some kind of post about the con! > > Rocket- > .ike > > > p.s.: TOKYO ROCKS. For the time ever for me, NYC seems like a small > place- this city is like a medieval village, set about 70 years in > the future, 36 million people... Amazing. Ok, so here's tons of pictures! http://diversaform.com/asiabsdcon2007/ -- Picture Highlights: Conference Materials: A 'Hanko' stamp in my notebook, note the 10,000jpy Tokyo Metro Subway card, custom printed with the conference logo! Over the top. http://diversaform.com/asiabsdcon2007/index-Pages/Image8.html Goldfish on the subway platform near the university: http://diversaform.com/asiabsdcon2007/index-Pages/Image10.html Akihabara, electronic geek heaven: http://diversaform.com/asiabsdcon2007/index-Pages/Image45.html Mark Balmer purchasing 'IPv6 ready' Ethernet Cables: http://diversaform.com/asiabsdcon2007/index-Pages/Image71.html VRRP, IPv6, SoHo/home router: http://diversaform.com/asiabsdcon2007/index-Pages/Image78.html Main Organizers, GNN and Hiroki Sato (Sato-san) with 'The Cake': http://diversaform.com/asiabsdcon2007/index-Pages/Image170.html Kirk McKusick chatting it up with Jun Murai http://diversaform.com/asiabsdcon2007/index-Pages/Image159.html This guy was new to me, his lecture blew my mind: Box Lunch: http://diversaform.com/asiabsdcon2007/index-Pages/Image188.html Cellphones in Japan ROCK, (and all run via IP backbone, IPV6 actually...): http://diversaform.com/asiabsdcon2007/index-Pages/Image252.html Cellphones seem really important in Japan, Gold plated Dolce and Gabana Moto-Razr (incidentally, this phone doesn't work in Japan, I was told it's for Europeans shopping...) http://diversaform.com/asiabsdcon2007/index-Pages/Image540.html One of many views from Tokyo Tower, (36 million people in Tokyo, [36m is population of Canada!]) http://diversaform.com/asiabsdcon2007/index-Pages/Image319.html Payphones are all ISDN? http://diversaform.com/asiabsdcon2007/index-Pages/Image451.html This shocked me to stumble into: http://diversaform.com/asiabsdcon2007/index-Pages/Image525.html -- Next AsiaBSDCon, I'll definately be organizing the NYC crew to go!!!! Rocket- .ike From pete at nomadlogic.org Wed Mar 21 11:08:03 2007 From: pete at nomadlogic.org (Peter Wright) Date: Wed, 21 Mar 2007 08:08:03 -0700 (PDT) Subject: [nycbug-talk] AsiaBSDCon, pics, highlights In-Reply-To: References: Message-ID: <2736.160.33.20.11.1174489683.squirrel@webmail.nomadlogic.org> > Hi All, > > On Mar 9, 2007, at 10:24 PM, Isaac Levy wrote: >> I'm taking boatloads of pics, will try to figure out how/where to >> post them, and will make some kind of post about the con! >> >> Rocket- >> .ike >> >> >> p.s.: TOKYO ROCKS. For the time ever for me, NYC seems like a small >> place- this city is like a medieval village, set about 70 years in >> the future, 36 million people... Amazing. > > Ok, so here's tons of pictures! > > http://diversaform.com/asiabsdcon2007/ > Ike this is awesome, thanks for the pics! you just brought back all sorts of memories for me: http://diversaform.com/asiabsdcon2007/index-Pages/Image83.html my dad brought me one of these when he came back from a trip to japan when i was a little kid. it was like my favorite toy. looks like it was a great trip! -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From ike at lesmuug.org Thu Mar 22 00:00:59 2007 From: ike at lesmuug.org (Isaac Levy) Date: Thu, 22 Mar 2007 00:00:59 -0400 Subject: [nycbug-talk] IPv6 in Japan Message-ID: <0AD0D543-1B78-4C3E-AB41-6156412D5D81@lesmuug.org> Hi All, So after Tokyo, as I process the overload, there's one special thing that I've brought back, that I'm now consumed by: IPv6 (in America). --------------------- --------------------- Here's 4 reasons why: 1) MORE SCARY STATS (reality check?): Jun Murai gave an amazing talk titled "BSD for the Internet, the Internet for BSD". In the talk, he discussed the following slide: http://diversaform.com/asiabsdcon2007/index-Pages/Image128.html IPv4 netblocks: /8 = 16,777,214 usable addresses Approx. 50 /8 remaining Approx. 10 /8 consumed annually That means IANA predicts complete IPv4 pool exhaustion July, 2011. Noteworthy, the US is cited as the largest annual consumer of IPv4 addresses. This email is being written in 2007, the first NYC*BUG meeting was what, 3 + years ago? Regardless of weather or not it pans out according to the predicted graph, it's inevitable we're all going to hit a wall eventually in America. 2) HUMBLING EXPERIENCES: Wifi hotspots in Tokyo gave me problems. OK, so finding an open AP was simple- it's an understatement to say Tokyo is totally wired... However, I had serious problems connecting to my systems in NY, because many WiFi hotspots gave me IPv6 routes! I was totally typing all thumbs! Sitting there with my mac, I had no clue how to find DNS servers- let alone tunnel to my networks back home, on the IPv4 internet. All I could think to do was use ping6 and traceroute6 to confirm I really was touching IPv6 router(s). That was truly humbling- and somehow really titillating at the same time. Not only can you get real IPv6 internet to your home, you can get 100mbit connections to your home for approximately $80usd/mo. Makes me want to cry. 3) NNT Do Co Mo: The Japanese wireless telephone company, to my understanding after various IPv6 lectures at AsiaBSDCon, uses an IP backbone- an IPv6 backbone, to be precise. The Japanese networks are therefore exremely modular, scalable, adaptable, and use open standard infrastructure. Wow. The end result is that everyone uses the internet from their cellphone without thinking it's special. I mean, we use the internet from our phones too, but even a search engine homepage takes about 90 seconds to load on my Cingular/At&T phone- unusable. Their phones look more like personal computing to me. They listen to their music on their phones, (instead of buying music from their phone company)- I mean Do Co Mo really seems to be focused on everything our US telcos are not: providing solid infrastructure for people to use- (as opposed to focusing on selling content to customers). 4) BSD, Kame stack: So, as it's widely understood by many of us, and repeated in all the IPv6 related talks at the conference, the Kame project for an IPv6 network stack, was led by the BSD developers in Japan. With that, *BSD is everywhere in Japan, on all scales- from embedded gear to satellites and network backbones. -------------------- -------------------- Returning to America, it all felt like some kind of dream. Back to the old grind of running *BSD in a Windows and Linux dominated IT market. Back to an IT workplace where Cingular has root on my cellphone- and that phone has little meaningful connection to the rest of my IT world. Back to IPv4, back to ADSL in Brooklyn. Back to 5mbps at my colo facility. Back to T1 speeds at client offices. Well, at least I know how to get DNS servers. But I'm depressed. I'm exited. I'm depressed. I'm exited! I'm going to do something about it... Anyone want to dive in headfirst with me? Rocket- .ike From ike at lesmuug.org Thu Mar 22 00:06:57 2007 From: ike at lesmuug.org (Isaac Levy) Date: Thu, 22 Mar 2007 00:06:57 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call Message-ID: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> Hey All, Does anyone on this list, in NY or America in general run IPv6 services? One thing at a time, right now, I'm trying to setup IPv6 DNS 'AAAA' records- and my registrars, (GoDaddy and Register.com) don't support the IPv6 TLD's... I've found .jp registrars that support the TLD's, but the .com/.net/.org TLD's are supposedly all ready to go since 2004 or so... -- It seems that all your usual DNS server softwares, (bind, djbdns, tinydns, etc...) all have all the necessary support and hooks for the IPv6 TLD's, but one's registrar has to make the names propogate... If I have to move some domain names to a new registrar for now, so be it... Does anyone have experience with this in America yet? Rocket- .ike From jonathan at kc8onw.net Thu Mar 22 05:44:08 2007 From: jonathan at kc8onw.net (Jonathan Stewart) Date: Thu, 22 Mar 2007 05:44:08 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> Message-ID: <46024FE8.2040106@kc8onw.net> Isaac Levy wrote: > Hey All, > > Does anyone on this list, in NY or America in general run IPv6 services? > > One thing at a time, right now, I'm trying to setup IPv6 DNS 'AAAA' > records- and my registrars, (GoDaddy and Register.com) don't support > the IPv6 TLD's... > > I've found .jp registrars that support the TLD's, but > the .com/.net/.org TLD's are supposedly all ready to go since 2004 or > so... > > -- > It seems that all your usual DNS server softwares, (bind, djbdns, > tinydns, etc...) all have all the necessary support and hooks for the > IPv6 TLD's, but one's registrar has to make the names propogate... > > If I have to move some domain names to a new registrar for now, so be > it... > > Does anyone have experience with this in America yet? I'm going to be gone for most of the day after this email but I've been running my server on v6 for about 4 months now. I'm also using it as a v6 router to provide v6 services for the computers on my local net. I can post sample configs and the like later if anyone is interested. I'm using a tunnel from Hurricane Electric http://tunnelbroker.net/index.php and I'm using http://www.no-ip.com/ for DNS. NoIP does not officially support ipv6 right now but when I asked them about it they offered to set static v6 records for me. Jonathan From mhernandez at ocsny.com Thu Mar 22 07:12:18 2007 From: mhernandez at ocsny.com (Michael Hernandez) Date: Thu, 22 Mar 2007 07:12:18 -0400 Subject: [nycbug-talk] IPv6 in Japan In-Reply-To: <0AD0D543-1B78-4C3E-AB41-6156412D5D81@lesmuug.org> References: <0AD0D543-1B78-4C3E-AB41-6156412D5D81@lesmuug.org> Message-ID: <85EE572D-F376-4F32-9627-EEDF9AE6D4F7@ocsny.com> On Mar 22, 2007, at 12:00 AM, Isaac Levy wrote: > Hi All, > > So after Tokyo, as I process the overload, there's one special thing > that I've brought back, that I'm now consumed by: > > IPv6 (in America). > > --------------------- > --------------------- > Here's 4 reasons why: Those 4 reasons deserve to be an article... Granted the email was already published on this great list - I just read it and came away with a feeling I normally am left with after reading a great news article. Just a suggestion. Let me know if/when I can digg it ;) Mike H From ike at lesmuug.org Thu Mar 22 09:47:54 2007 From: ike at lesmuug.org (Isaac Levy) Date: Thu, 22 Mar 2007 09:47:54 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <46024FE8.2040106@kc8onw.net> References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> <46024FE8.2040106@kc8onw.net> Message-ID: <84DF63C4-EE93-42EE-8FE7-80924CEAB42C@lesmuug.org> Holy Cow, On Mar 22, 2007, at 5:44 AM, Jonathan Stewart wrote: > Isaac Levy wrote: >> Hey All, >> Does anyone on this list, in NY or America in general run IPv6 >> services? >> One thing at a time, right now, I'm trying to setup IPv6 DNS >> 'AAAA' records- and my registrars, (GoDaddy and Register.com) >> don't support the IPv6 TLD's... >> I've found .jp registrars that support the TLD's, but >> the .com/.net/.org TLD's are supposedly all ready to go since 2004 >> or so... >> -- >> It seems that all your usual DNS server softwares, (bind, djbdns, >> tinydns, etc...) all have all the necessary support and hooks for >> the IPv6 TLD's, but one's registrar has to make the names >> propogate... >> If I have to move some domain names to a new registrar for now, so >> be it... >> Does anyone have experience with this in America yet? > > I'm going to be gone for most of the day after this email me too here... > but I've been running my server on v6 for about 4 months now. AWESOME. > I'm also using it as a v6 router to provide v6 services for the > computers on my local net. Again, AWESOME. > I can post sample configs and the like later if anyone is interested. MMMMMMe!!! > I'm using a tunnel from Hurricane Electric http://tunnelbroker.net/ > index.php and I'm using http://www.no-ip.com/ for DNS. NoIP does > not officially support ipv6 right now but when I asked them about > it they offered to set static v6 records for me. Cool- guess it pays to ask nicely... > > Jonathan Jonathan, anything, even the smallest tid-bits or URLS that led you to your setup would be most appreciated!! Rocket- .ike From pete at nomadlogic.org Thu Mar 22 12:10:21 2007 From: pete at nomadlogic.org (Peter Wright) Date: Thu, 22 Mar 2007 09:10:21 -0700 (PDT) Subject: [nycbug-talk] IPv6 in Japan In-Reply-To: <0AD0D543-1B78-4C3E-AB41-6156412D5D81@lesmuug.org> References: <0AD0D543-1B78-4C3E-AB41-6156412D5D81@lesmuug.org> Message-ID: <22417.160.33.20.11.1174579821.squirrel@webmail.nomadlogic.org> > IPv4 netblocks: > /8 = 16,777,214 usable addresses > Approx. 50 /8 remaining > Approx. 10 /8 consumed annually > > That means IANA predicts complete IPv4 pool exhaustion July, 2011. > Noteworthy, the US is cited as the largest annual consumer of IPv4 > addresses. > This email is being written in 2007, the first NYC*BUG meeting was > what, 3 + years ago? > > Regardless of weather or not it pans out according to the predicted > graph, it's inevitable we're all going to hit a wall eventually in > America. I remember seeing similar, startling, statistics at the first bsdcans' KAME talk. glad to see that the progression has not changed at least ;) did he talk about any of side effects of an ipv6 world...i remember thinking about living in a world w/o NAT and getting pretty excited... > > > 2) HUMBLING EXPERIENCES: > Wifi hotspots in Tokyo gave me problems. OK, so finding an open AP > was simple- it's an understatement to say Tokyo is totally wired... > However, I had serious problems connecting to my systems in NY, > because many WiFi hotspots gave me IPv6 routes! I was totally typing > all thumbs! Sitting there with my mac, I had no clue how to find DNS > servers- let alone tunnel to my networks back home, on the IPv4 > internet. > > All I could think to do was use ping6 and traceroute6 to confirm I > really was touching IPv6 router(s). > > That was truly humbling- and somehow really titillating at the same > time. > > Not only can you get real IPv6 internet to your home, you can get > 100mbit connections to your home for approximately $80usd/mo. Makes > me want to cry. > > wow - that's pretty wicked. so if i understand ipv6 correctly (which i most likely do not) you get a publicly routable IPv6 addr from these wifi hotspots right. hmm...now i can see why there has been some pushback, or inaction at least, from many western IT vendors. i surprised that OSX had problems getting things going...i always suspected that the paradigm shift would be under the surface of the os - not on the user end. > 3) NNT Do Co Mo: > The Japanese wireless telephone company, to my understanding after > various IPv6 lectures at AsiaBSDCon, uses an IP backbone- an IPv6 > backbone, to be precise. The Japanese networks are therefore > exremely modular, scalable, adaptable, and use open standard > infrastructure. Wow. well, i'd assume that most backbone carriers use a standards based architecture. i mean that's one reason standards are published right, so high capacity carriers can interact and not have to reinvent the wheel right? it's not like the verizon is using decnet while quest is using IP on their backbones - shoot maybe they are, that'd explain a lot ;) > 4) BSD, Kame stack: > So, as it's widely understood by many of us, and repeated in all the > IPv6 related talks at the conference, the Kame project for an IPv6 > network stack, was led by the BSD developers in Japan. With that, > *BSD is everywhere in Japan, on all scales- from embedded gear to > satellites and network backbones. > yea it's pretty awesome for sure. one thing that's really suprised me is how much BSD code i've run into when working with various storage vendors - we are everywhere :) > > I'm going to do something about it... Anyone want to dive in > headfirst with me? > heh you've sold me... -p -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From alex at pilosoft.com Thu Mar 22 14:51:23 2007 From: alex at pilosoft.com (alex at pilosoft.com) Date: Thu, 22 Mar 2007 14:51:23 -0400 (EDT) Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> Message-ID: On Thu, 22 Mar 2007, Isaac Levy wrote: > Does anyone on this list, in NY or America in general run IPv6 services? Seriously? As in production, money-carrying traffic? No. On nanog conferences, it is always talked about, but it is a chicken-and-egg problem: providers will not sell IPv6 until there's customer demand. There's no demand, cause, well, why'd you *want* ipv6. > One thing at a time, right now, I'm trying to setup IPv6 DNS 'AAAA' > records- and my registrars, (GoDaddy and Register.com) don't support the > IPv6 TLD's... > > I've found .jp registrars that support the TLD's, but the .com/.net/.org > TLD's are supposedly all ready to go since 2004 or so... Ummm...If you want AAAA records, just have your nameserver serve them up. If you want your *glue* to be AAAA - well, its a bad idea - nobody could get to anything in your domain if you have only AAAA glue. > It seems that all your usual DNS server softwares, (bind, djbdns, > tinydns, etc...) all have all the necessary support and hooks for the > IPv6 TLD's, but one's registrar has to make the names propogate... > > If I have to move some domain names to a new registrar for now, so be > it... > > Does anyone have experience with this in America yet? nobody cares in america. -alex From yusuke at cs.nyu.edu Thu Mar 22 15:30:31 2007 From: yusuke at cs.nyu.edu (Yusuke Shinyama) Date: Thu, 22 Mar 2007 15:30:31 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: References: Message-ID: <20070322193031.24892.46097.yusuke@mango.cs.nyu.edu> On Thu, 22 Mar 2007 14:51:23 -0400 (EDT), alex at pilosoft.com wrote: > On Thu, 22 Mar 2007, Isaac Levy wrote: > > > Does anyone on this list, in NY or America in general run IPv6 services? > Seriously? As in production, money-carrying traffic? No. > > On nanog conferences, it is always talked about, but it is a > chicken-and-egg problem: providers will not sell IPv6 until there's > customer demand. There's no demand, cause, well, why'd you *want* ipv6. This reminds me the points that Daniel Bernstein has made several years ago... http://cr.yp.to/djbdns/ipv6mess.html Well, I have seen lots of arguments for IPv6 in Japan... and they are actually being deployed for IP phones. But it seems they're used as an alternative network rather than the global replacement of IPv4. Yusuke From alex at pilosoft.com Thu Mar 22 15:35:30 2007 From: alex at pilosoft.com (alex at pilosoft.com) Date: Thu, 22 Mar 2007 15:35:30 -0400 (EDT) Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <20070322193031.24892.46097.yusuke@mango.cs.nyu.edu> Message-ID: On Thu, 22 Mar 2007, Yusuke Shinyama wrote: > On Thu, 22 Mar 2007 14:51:23 -0400 (EDT), alex at pilosoft.com wrote: > > On Thu, 22 Mar 2007, Isaac Levy wrote: > > > > > Does anyone on this list, in NY or America in general run IPv6 services? > > Seriously? As in production, money-carrying traffic? No. > > > > On nanog conferences, it is always talked about, but it is a > > chicken-and-egg problem: providers will not sell IPv6 until there's > > customer demand. There's no demand, cause, well, why'd you *want* ipv6. > > This reminds me the points that Daniel Bernstein has made several years > ago... http://cr.yp.to/djbdns/ipv6mess.html djb is generally on crack, half of that paper is wrong, but the general idea is still correct - there isn't any need for IPv6, so there's no push either by clients or carriers to implement it. > Well, I have seen lots of arguments for IPv6 in Japan... and they are > actually being deployed for IP phones. But it seems they're used as an > alternative network rather than the global replacement of IPv4. From pete at nomadlogic.org Thu Mar 22 17:46:32 2007 From: pete at nomadlogic.org (Peter Wright) Date: Thu, 22 Mar 2007 14:46:32 -0700 (PDT) Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: References: Message-ID: <28922.160.33.20.11.1174599992.squirrel@webmail.nomadlogic.org> > On Thu, 22 Mar 2007, Yusuke Shinyama wrote: > >> On Thu, 22 Mar 2007 14:51:23 -0400 (EDT), alex at pilosoft.com wrote: >> > On Thu, 22 Mar 2007, Isaac Levy wrote: >> > >> > > Does anyone on this list, in NY or America in general run IPv6 >> services? >> > Seriously? As in production, money-carrying traffic? No. >> > >> > On nanog conferences, it is always talked about, but it is a >> > chicken-and-egg problem: providers will not sell IPv6 until there's >> > customer demand. There's no demand, cause, well, why'd you *want* >> ipv6. >> >> This reminds me the points that Daniel Bernstein has made several years >> ago... http://cr.yp.to/djbdns/ipv6mess.html > djb is generally on crack, half of that paper is wrong, but the general > idea is still correct - there isn't any need for IPv6, so there's no push > either by clients or carriers to implement it. ahh alex, always the unbiased diplomatic poster to talk@ ;) -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From jonathan at kc8onw.net Thu Mar 22 17:50:25 2007 From: jonathan at kc8onw.net (Jonathan Stewart) Date: Thu, 22 Mar 2007 17:50:25 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <84DF63C4-EE93-42EE-8FE7-80924CEAB42C@lesmuug.org> References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> <46024FE8.2040106@kc8onw.net> <84DF63C4-EE93-42EE-8FE7-80924CEAB42C@lesmuug.org> Message-ID: <4602FA21.6060700@kc8onw.net> Isaac Levy wrote: > Jonathan, anything, even the smallest tid-bits or URLS that led you > to your setup would be most appreciated!! Alright then here goes. URLs http://www.no-ip.com/ http://tunnelbroker.net/index.php http://www.kame.net/ http://ipv6.klingon.nl/ http://6bone.informatik.uni-leipzig.de/ipv6/stats/why-en.html A commented/stripped version of my rc.conf. # Setup interfaces on server/router like normal dhclient_enable="YES" ifconfig_fxp0="inet 10.70.3.1 netmask 255.255.255.0" ifconfig_nve0="DHCP" hostname="server.kc8onw.net" # Enable IPv6 on the system, must also be compiled into the kernel ipv6_enable="YES" # Allow the system to act as an IPv6 router ipv6_gateway_enable="YES" # This should be the v6 address at the other end of your tunnel ipv6_defaultrouter="2001:470:1F01:FFFF::1AE0" # Hurricane Electric uses gif tunnels so set one up here gif_interfaces="gif0" # Set source and destination v4 addresses for the tunnel gifconfig_gif0="72.230.86.229 64.71.128.83" # Set source and destination v6 addresses for the tunnel ipv6_ifconfig_gif0="2001:470:1F01:FFFF::1AE1 2001:470:1F01:FFFF::1AE0 prefixlen 128" # This is the /64 allocated to me by hurricane electric # Set the XXXX::1 address on the internal network interface # as the gateway ipv6_ifconfig_fxp0="2001:470:1F01:3540::1 prefixlen 64" # Allow the system to send IPv6 router advertisement packets rtadvd_enable="YES" # Set to YES to enable an IPv6 router # Specify that we only act as a v6 router on the internal subnet rtadvd_interfaces="fxp0" # Interfaces rtadvd sends RA packets. Jonathan Stewart P.S. I'm willing to help over IM/phone/skype/etc if anyone is interested, message me off list to work something out. From deep_blue at sebek.org Thu Mar 22 18:02:09 2007 From: deep_blue at sebek.org (deep_blue at sebek.org) Date: Thu, 22 Mar 2007 15:02:09 -0700 (PDT) Subject: [nycbug-talk] IPv6 NY-US Roll Call Message-ID: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> Is there any other advantage to IPv6 other than virtually unlimited addresses? Not that I am trivializing that fact. ----- Original Message ---- From: Jonathan Stewart To: Isaac Levy Cc: NYCBUG List Sent: Thursday, March 22, 2007 4:50:25 PM Subject: Re: [nycbug-talk] IPv6 NY-US Roll Call Isaac Levy wrote: > Jonathan, anything, even the smallest tid-bits or URLS that led you > to your setup would be most appreciated!! Alright then here goes. URLs http://www.no-ip.com/ http://tunnelbroker.net/index.php http://www.kame.net/ http://ipv6.klingon.nl/ http://6bone.informatik.uni-leipzig.de/ipv6/stats/why-en.html A commented/stripped version of my rc.conf. # Setup interfaces on server/router like normal dhclient_enable="YES" ifconfig_fxp0="inet 10.70.3.1 netmask 255.255.255.0" ifconfig_nve0="DHCP" hostname="server.kc8onw.net" # Enable IPv6 on the system, must also be compiled into the kernel ipv6_enable="YES" # Allow the system to act as an IPv6 router ipv6_gateway_enable="YES" # This should be the v6 address at the other end of your tunnel ipv6_defaultrouter="2001:470:1F01:FFFF::1AE0" # Hurricane Electric uses gif tunnels so set one up here gif_interfaces="gif0" # Set source and destination v4 addresses for the tunnel gifconfig_gif0="72.230.86.229 64.71.128.83" # Set source and destination v6 addresses for the tunnel ipv6_ifconfig_gif0="2001:470:1F01:FFFF::1AE1 2001:470:1F01:FFFF::1AE0 prefixlen 128" # This is the /64 allocated to me by hurricane electric # Set the XXXX::1 address on the internal network interface # as the gateway ipv6_ifconfig_fxp0="2001:470:1F01:3540::1 prefixlen 64" # Allow the system to send IPv6 router advertisement packets rtadvd_enable="YES" # Set to YES to enable an IPv6 router # Specify that we only act as a v6 router on the internal subnet rtadvd_interfaces="fxp0" # Interfaces rtadvd sends RA packets. Jonathan Stewart P.S. I'm willing to help over IM/phone/skype/etc if anyone is interested, message me off list to work something out. _______________________________________________ % NYC*BUG talk mailing list http://lists.nycbug.org/mailman/listinfo/talk %Be sure to check out our Jobs and NYCBUG-announce lists %We meet the first Wednesday of the month -------------- next part -------------- An HTML attachment was scrubbed... URL: From spork at bway.net Thu Mar 22 18:21:21 2007 From: spork at bway.net (Charles Sprickman) Date: Thu, 22 Mar 2007 18:21:21 -0400 (EDT) Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <28922.160.33.20.11.1174599992.squirrel@webmail.nomadlogic.org> References: <28922.160.33.20.11.1174599992.squirrel@webmail.nomadlogic.org> Message-ID: On Thu, 22 Mar 2007, Peter Wright wrote: >> On Thu, 22 Mar 2007, Yusuke Shinyama wrote: >> >>> On Thu, 22 Mar 2007 14:51:23 -0400 (EDT), alex at pilosoft.com wrote: >>>> On Thu, 22 Mar 2007, Isaac Levy wrote: >>>> >>>>> Does anyone on this list, in NY or America in general run IPv6 >>> services? >>>> Seriously? As in production, money-carrying traffic? No. >>>> >>>> On nanog conferences, it is always talked about, but it is a >>>> chicken-and-egg problem: providers will not sell IPv6 until there's >>>> customer demand. There's no demand, cause, well, why'd you *want* >>> ipv6. >>> >>> This reminds me the points that Daniel Bernstein has made several years >>> ago... http://cr.yp.to/djbdns/ipv6mess.html >> djb is generally on crack, half of that paper is wrong, but the general >> idea is still correct - there isn't any need for IPv6, so there's no push >> either by clients or carriers to implement it. > > ahh alex, always the unbiased diplomatic poster to talk@ ;) It's the idealistic optimist vs. the IPv4 curmudgeon. :) C > -pete > > > -- > ~~oO00Oo~~ > Peter Wright > pete at nomadlogic.org > www.nomadlogic.org/~pete > 310.869.9459 > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From jonathan at kc8onw.net Thu Mar 22 18:36:01 2007 From: jonathan at kc8onw.net (Jonathan Stewart) Date: Thu, 22 Mar 2007 18:36:01 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> References: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> Message-ID: <460304D1.2090708@kc8onw.net> deep_blue at sebek.org wrote: > Is there any other advantage to IPv6 other than virtually unlimited > addresses? Not that I am trivializing that fact. Wikipedia explains it better than I can. One upside/downside I will mention here is that it eliminates the need for NAT, the downside of this is people can't rely on NAT to work as a firewall and need to configure a proper one. http://en.wikipedia.org/wiki/Ipv6 Jonathan From pete at nomadlogic.org Thu Mar 22 18:44:25 2007 From: pete at nomadlogic.org (Peter Wright) Date: Thu, 22 Mar 2007 15:44:25 -0700 (PDT) Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> References: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> Message-ID: <28000.160.33.20.11.1174603465.squirrel@webmail.nomadlogic.org> > Is there any other advantage to IPv6 other than virtually unlimited > addresses? Not that I am trivializing that fact. > well, some would argue that the address space would be a big enough gain on it's own...here's a list of some other nifty features: http://en.wikipedia.org/wiki/Ipv6#Features_of_IPv6 my two favorites: ipsec intergration into the base stack stateless autoconfiguration of hosts -pete > ----- Original Message ---- > From: Jonathan Stewart > To: Isaac Levy > Cc: NYCBUG List > Sent: Thursday, March 22, 2007 4:50:25 PM > Subject: Re: [nycbug-talk] IPv6 NY-US Roll Call > > Isaac Levy wrote: >> Jonathan, anything, even the smallest tid-bits or URLS that led you >> to your setup would be most appreciated!! > > Alright then here goes. > > URLs > > http://www.no-ip.com/ > http://tunnelbroker.net/index.php > http://www.kame.net/ > http://ipv6.klingon.nl/ > http://6bone.informatik.uni-leipzig.de/ipv6/stats/why-en.html > > A commented/stripped version of my rc.conf. > > # Setup interfaces on server/router like normal > dhclient_enable="YES" > ifconfig_fxp0="inet 10.70.3.1 netmask 255.255.255.0" > ifconfig_nve0="DHCP" > hostname="server.kc8onw.net" > > # Enable IPv6 on the system, must also be compiled into the kernel > ipv6_enable="YES" > > # Allow the system to act as an IPv6 router > ipv6_gateway_enable="YES" > > # This should be the v6 address at the other end of your tunnel > ipv6_defaultrouter="2001:470:1F01:FFFF::1AE0" > > # Hurricane Electric uses gif tunnels so set one up here > gif_interfaces="gif0" > > # Set source and destination v4 addresses for the tunnel > gifconfig_gif0="72.230.86.229 64.71.128.83" > > # Set source and destination v6 addresses for the tunnel > ipv6_ifconfig_gif0="2001:470:1F01:FFFF::1AE1 2001:470:1F01:FFFF::1AE0 > prefixlen 128" > > # This is the /64 allocated to me by hurricane electric > # Set the XXXX::1 address on the internal network interface > # as the gateway > ipv6_ifconfig_fxp0="2001:470:1F01:3540::1 prefixlen 64" > > # Allow the system to send IPv6 router advertisement packets > rtadvd_enable="YES" # Set to YES to enable an IPv6 router > > # Specify that we only act as a v6 router on the internal subnet > rtadvd_interfaces="fxp0" # Interfaces rtadvd sends RA packets. > > Jonathan Stewart > > P.S. I'm willing to help over IM/phone/skype/etc if anyone is > interested, message me off list to work something out. > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > > > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From pete at nomadlogic.org Thu Mar 22 18:47:18 2007 From: pete at nomadlogic.org (Peter Wright) Date: Thu, 22 Mar 2007 15:47:18 -0700 (PDT) Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <460304D1.2090708@kc8onw.net> References: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> <460304D1.2090708@kc8onw.net> Message-ID: <34521.160.33.20.11.1174603638.squirrel@webmail.nomadlogic.org> > deep_blue at sebek.org wrote: >> Is there any other advantage to IPv6 other than virtually unlimited >> addresses? Not that I am trivializing that fact. > > Wikipedia explains it better than I can. One upside/downside I will > mention here is that it eliminates the need for NAT, the downside of > this is people can't rely on NAT to work as a firewall and need to > configure a proper one. > heck, i'd consider that an upside as well - a NAT should never take the place of a firewall IMHO. -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From pete at nomadlogic.org Thu Mar 22 18:51:02 2007 From: pete at nomadlogic.org (Peter Wright) Date: Thu, 22 Mar 2007 15:51:02 -0700 (PDT) Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> References: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> Message-ID: <42906.160.33.20.11.1174603862.squirrel@webmail.nomadlogic.org> > Is there any other advantage to IPv6 other than virtually unlimited > addresses? Not that I am trivializing that fact. > heck..may as well post a link to th rfc: http://www.ietf.org/rfc/rfc1883.txt?number=1883 -pete > ----- Original Message ---- > From: Jonathan Stewart > To: Isaac Levy > Cc: NYCBUG List > Sent: Thursday, March 22, 2007 4:50:25 PM > Subject: Re: [nycbug-talk] IPv6 NY-US Roll Call > > Isaac Levy wrote: >> Jonathan, anything, even the smallest tid-bits or URLS that led you >> to your setup would be most appreciated!! > > Alright then here goes. > > URLs > > http://www.no-ip.com/ > http://tunnelbroker.net/index.php > http://www.kame.net/ > http://ipv6.klingon.nl/ > http://6bone.informatik.uni-leipzig.de/ipv6/stats/why-en.html > > A commented/stripped version of my rc.conf. > > # Setup interfaces on server/router like normal > dhclient_enable="YES" > ifconfig_fxp0="inet 10.70.3.1 netmask 255.255.255.0" > ifconfig_nve0="DHCP" > hostname="server.kc8onw.net" > > # Enable IPv6 on the system, must also be compiled into the kernel > ipv6_enable="YES" > > # Allow the system to act as an IPv6 router > ipv6_gateway_enable="YES" > > # This should be the v6 address at the other end of your tunnel > ipv6_defaultrouter="2001:470:1F01:FFFF::1AE0" > > # Hurricane Electric uses gif tunnels so set one up here > gif_interfaces="gif0" > > # Set source and destination v4 addresses for the tunnel > gifconfig_gif0="72.230.86.229 64.71.128.83" > > # Set source and destination v6 addresses for the tunnel > ipv6_ifconfig_gif0="2001:470:1F01:FFFF::1AE1 2001:470:1F01:FFFF::1AE0 > prefixlen 128" > > # This is the /64 allocated to me by hurricane electric > # Set the XXXX::1 address on the internal network interface > # as the gateway > ipv6_ifconfig_fxp0="2001:470:1F01:3540::1 prefixlen 64" > > # Allow the system to send IPv6 router advertisement packets > rtadvd_enable="YES" # Set to YES to enable an IPv6 router > > # Specify that we only act as a v6 router on the internal subnet > rtadvd_interfaces="fxp0" # Interfaces rtadvd sends RA packets. > > Jonathan Stewart > > P.S. I'm willing to help over IM/phone/skype/etc if anyone is > interested, message me off list to work something out. > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > > > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From okan at demirmen.com Thu Mar 22 19:04:53 2007 From: okan at demirmen.com (Okan Demirmen) Date: Thu, 22 Mar 2007 19:04:53 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> Message-ID: <20070322230453.GF10190@clam.khaoz.org> On Thu 2007.03.22 at 00:06 -0400, Isaac Levy wrote: > Hey All, > > Does anyone on this list, in NY or America in general run IPv6 services? http://lists.arin.net/pipermail/ppml/2007-March/006393.html From carton at Ivy.NET Thu Mar 22 19:15:09 2007 From: carton at Ivy.NET (Miles Nordin) Date: Thu, 22 Mar 2007 19:15:09 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: (alex@pilosoft.com's message of "Thu, 22 Mar 2007 14:51:23 -0400 (EDT)") References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> Message-ID: >>>>> "a" == alex writes: >>>>> "il" == Isaac Levy writes: il> Does anyone on this list, in NY or America in general run IPv6 il> services? I did for about two years, until OCCAID cut me off. They used to give tunnels to v6 experimenters, but now they've gone ISP-club-only. And James at TowardEX is now actually charging his colo customers *extra* if they want v6 in addition to v4 (used to be included free for TowardEX colocators, but was mad flakey). OCCAID shut down their ewr2 pop (and moved to some kind of ewr2a pop), and ditched all the old members connected there. The alternative now is SixXS, which gets transit from OCCAID but has lots of automation for serving Interweb users. Unfortunately they also have fewer pops. OCCAID had great connectivity (rtt usually matching or beating v4 from Alex), and they did BGP so I got to look at a full view of all 600 - 700 routes in the IPv6 default-free zone. very fun, very reliable. OCCAID, and their new partners SixXS, seem to be generally technically competent, but they have crippling layer 10 issues. It is stuffed full of those people who claim they want to be ``apolitical'' and then run their organization like some kind of pathetic nerd mafia. problems like: o SixXS problems o AUP forbids irc clients o AUP forbids irc servers o AUP forbids shell servers even when not used for irc o a series of kiddie-heuristic harassment tests when you sign up (``the ten easy steps to ipv6!'') o horror stories from many people who try to use them. If they cut you off, they always cut you off first and ``inform'' you later or not at all. One guy said they kept deleting his account because they didn't believe the name he gave sounded real enough (it was his real name). o OCCAID/SixXS problems I've had in the past o putting mailing lists under ``emergency moderation'' when they feel embarassed by the discussion o offering better support to ``insiders'' on an unpublished irc channel and worse support to people on the mailing list, then banning and klining people from that channel if they're insufficiently sycophantic o AUP forbids so-called ``DNS spam'' which is any DNS reverse lookup that spells an English phrase or sounds excessively cute. I guess this is another anti-irc thing, but I'm not happy about indignities like this and don't think it's in the spirit of the Internet, and I really bristle at the idea of passing on a restriction like that to _my_ users. so, if you can live with that, SixXS is the way to go. I can't stand them, but I will probably sign up soon to get back some kind of censored politicized v6 (albeit without BGP now). We'll see how long it takes them to find an excuse to boot some guy who posts on public mailing lists that he has major problems with their attitude. A year ago I reported the ``DNS spam'' to Declan's politech list. Once Declan's report came out, they hurriedly 404'd all the URLs on their site in Declan's message, reversed their policy, and whistled ``nothing to see here'' for a few months. Then they put the policy back. Hurricane Electric tunnels are, for me, not even worth looking at, because they block irc. I'm not spending $600/mo on Internet so I can put up with this T-Online/Verizon port blocking bullshit. I *will* pay for IPv6, but this second-class interweb crap completely defeats the purpose of an experimental protocol. There's another huge problem with Hurricane Electric. If you set up v6 at your site, it is really, really important that your v6 access be almost as fast and reliable as your v4 access. It should have similar bandwidth and rtt. It should be very, very seldom that v4 is up but v6 is down. At every site I've seen (aside from my own before I was cut off), this is *not* the case. I've even seen sites promoting ipv6 that advertise a broken AAAA for their web server, but work fine over v4. I've had to nag my secondary DNS guy to remove his nameserver's AAAA record when TowardEX's colo v6 has gone down again. The reason this is important: most software does, and should, try v6 before v4. This includes ssh and bind. On most OS's, it includes SMTP, telnet/netcat, NFS, FTP, lynx/links, basically everything. If your v6 is unreliable or has a high rtt or high packet loss, users will first learn that your Internet connection is ``crappier than what I have at home, at least for some sites.'' Probably the crappiness will be, sorta weirdly, for all sites, because it will slow down DNS resolving for anything near to the '.' root where v6 is deployed (first access to a new web site will take 4 seconds, then fast from then on). The second phase of user response to IPv6-crappyness is to learn about these -4 options to all commands. Sometimes sysadmins do this, too---like they will start bind with '-4' and cut off access to any subdomain that has v6-only DNS servers, to make regular resolving faster with their crappy v6. Sysadmins may get into the action by putting stuff in /etc that makes each program prefer v4 instead of v6. The third phase of response to v6 crappyness is, sadly, well underway. It's the _developer_ response to crappy v6 tunnels. We've got all these short-sighted Windows refugee developers working on free software now, who just bang away and hurl feces at problems until they sorta work. irssi's wrapped getaddrinfo() to make it prefer v4 for a while, unless you set it back to v6 in the template config file as I do, and even then it won't effect users who started irssi before you realized the problem and set it back because they'll all have local .irssi/config files. Firefox, on some ``distros'' of Linux anyway, now ships prefering v4 over v6. meaning you will actually have v6, go to kame.net and NOT see the dancing kame. You have to go into some arcane Javascript file to undo their brain damage. Firefox on Solaris still works right, but I guess it's an old version. getaddrinfo() is actually v4/v6-agnostic---it could work with ISO CLNP or IPv2000 or whatever comes next, with no modification to programs that call it in the most generic way possible, once DNS rules for the new protocol were invented. so these new programs are making their calls to getaddrinfo() less portable by hardcoding in an understanding of v4 and v6 address families. The right way to do the third phase is, well, not at all. But the less wrong way is to have a v6 stack that sorts the results of getaddrinfo based on a system-wide config file like /etc/netconfig or /etc/inet/ipaddrsel.conf. but NetBSD doesn't have these files, and on Solaris they don't seem to do what the documentation says. These phases are the Hidden Obstinance to IPv6, aside from uncooperative ISP's or heads-in-the-sand American ``businesses.'' Some of the things that can make your v6 crappy: 1. using a high-rtt tunnel. HE's tunnel endpoint is in Fremont, so to connect to another site here in NYC, your packets cross the US twice, adding 40 - 100ms latency. This is enough for ssh users to notice that v6 sucks and type 'ssh -4'. Hurricane has presence in NYC, but they won't give tunnels from here, and they won't do colocation here so you can make your own tunnel, either. besides he.net, xs26.net in Europe has this problem, too, since your tunnel endpoint is 100ms away. (also, their web site seems down right now, so I dunno if they can meet the ``up almost as often as v4'' criteria) some people make a big deal about ``native'' v6, meaning v6 over the Ethernet cable. Not having tunnels definitely makes routing problems easier to track down, but I really don't think it's faster or intangibly ``better'' somehow. The problem is when the two ends of the tunnel are far apart. The tunnel should only be a couple ms long, not spanning countries or oceans, so routing is still close to optimal. It's the rtt, not the tunnel itself, that sucks. 2. bad neighbor ISP's (cough *Abliene* cough) that fuck up the v6 routing table. with OCCAID I had packets crossing the Atlantic twice to get to Hurricane Electric. stupid. OCCAID blamed HE and said they were doing something wrong and ignoring OCCAID's complaints. Who knows what the real story is. 3. not maintaining your v6 well. If your site depends on some ``tunnel broker'' with a dynamic address on your end, then inevitably the broker machine gets rebooted a couple times a month and loses your site's state. If your tunnel broker client is buggy and crashes, or isn't running at all, then your v6 goes down for weeks until someone notices. so, that covers almost every v6 deployment I've seen. not good. a> If you want your *glue* to be AAAA - well, its a> a bad idea - nobody could get to anything in your domain if a> you have only AAAA glue. but chia.arin.net and a.gtld-servers.net both have AAAA records. so, if you are going to configure your nameserver with v6 _connectivity_ as well as just v6 records, be damn sure your v6 is good, or you will get 4sec delays resolving ~everything. a> There's no demand, cause, well, why'd you *want* ipv6. I'll pay you $50 extra per month for v6 right now. I want it so I can reach and be reached by v6-centric friends in Germany (and apparently also Japan). Not having stable v6 connectivity is a huge problem for me. I use v6 on my LAN, and it's a major pain-in-the-ass to renumber, to remove or add back the v6. And if you have the v6 without a working default route, just to use locally, it makes problems for some OS's (like Solaris). v6 /32's are free from ARIN as long as you are (1) an ISP, (2) an ARIN ``member'' (have v4 blocks from ARIN, or pay $500/yr), and (3) have a plan to assign 200 /48's within 5 years. I think several tier 1 ISP's already to v6. Cisco IOS is much less of a flakey piece of shit on v6 now. so it may be mostly a matter of your time to set it up. I'm intensely frustrated with all these crappy flash-in-the-pan high-rtt port-blocked tunnels and layer 10 bullshit. and, in general, basically with people who have Alex's attitude, which I think is both wrong and pervasive. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From spork at bway.net Thu Mar 22 20:56:41 2007 From: spork at bway.net (Charles Sprickman) Date: Thu, 22 Mar 2007 20:56:41 -0400 (EDT) Subject: [nycbug-talk] some C help? In-Reply-To: <20070310171407.C87127@arbitor.digitalfreaks.org> References: <20070310212831.GF10311@clam.khaoz.org> <20070310213507.GI10311@clam.khaoz.org> <20070310171407.C87127@arbitor.digitalfreaks.org> Message-ID: On Sat, 10 Mar 2007, Brian A. Seklecki wrote: >>>> spamlogd is using): >>>> >>>> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68 >>>> bytes >>>> rule 12/0(match): pass out on fxp0: 10.10.10.9 > 10.10.10.10: [|tcp] >>>> >>>> But then it spits this out to syslog: > > > This bug is pretty well documented in a ticket I opened with the NetBSD > folks on the default size of the "snaplen" size being determined based on > the presence of the IPv6 at compile-time v.s. run-time v.s "-i" argument. > > http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=34733 > > -s 96 or -s 128 for the win. I told you guys I move slowly... I actually didn't want to touch spamlogd so I recompiled tcpdump with SPAPLEN set to 96 for v4 or v6. I'll need to see if there's a PR on this with FreeBSD and if not file one referencing your NetBSD report. All seems well: Mar 22 03:03:31 slimjim spamlogd[700]: invalid ip address 10.10.10 Mar 22 20:53:25 slimjim spamlogd[86729]: outbound 10.10.10.3 [root at slimjim /usr/src/usr.sbin/tcpdump]# spamdb WHITE|10.10.10.154|||1173413700|1173415662|1176526099|4|0 WHITE|10.10.10.3|||1174611205|1174611205|1177721605|1|0 <<-- bingo [root at slimjim /usr/src/usr.sbin/tcpdump]# Thanks again, Charles > ~BAS > > >>>> >>>> Mar 10 00:09:24 slimjim spamlogd[72636]: invalid ip address 10.10.10 >>>> >>>> Note the lack of the final octet. >>>> >>>> This is (I hope) the area where spamlogd parses the output of tcpdump: >>> >>> yes, it is, but no need to analyze it... >>> >>> it does its job correctly. >>> >>>> That chunk makes very little sense to me. >>>> >>>> Can anyone give me a quick shove in the right direction? >>> >>> ...and the reason yours is failing is not because of that chunk of code, >>> but rather your pflog interface. it should look like: >>> >>> [blah] 10.10.10.9.XXXX > 10.10.10.10.25: [blah] >>> >>> where XXXX is an ephemeral port...basically your log is dropping the >>> port number. why? i don't know - what does your pf rule look like? >> >> oh, and i'll add that -current (and 4.1) doesn't spawn tcpdump any more, >> but uses pcap directly....plus lots of other yummy features - ask for >> the port to get upgraded ;) >> _______________________________________________ >> % NYC*BUG talk mailing list >> http://lists.nycbug.org/mailman/listinfo/talk >> %Be sure to check out our Jobs and NYCBUG-announce lists >> %We meet the first Wednesday of the month >> > > l8* > -lava (Brian A. Seklecki - Pittsburgh, PA, USA) > http://www.spiritual-machines.org/ > > "...from back in the heady days when "helpdesk" meant nothing, "diskquota" > meant everything, and lives could be bought and sold for a couple of pages > of laser printout - and frequently were." > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From alex at pilosoft.com Thu Mar 22 21:48:26 2007 From: alex at pilosoft.com (alex at pilosoft.com) Date: Thu, 22 Mar 2007 21:48:26 -0400 (EDT) Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: Message-ID: On Thu, 22 Mar 2007, Miles Nordin wrote: > >>>>> "a" == alex writes: > >>>>> "il" == Isaac Levy writes: > > il> Does anyone on this list, in NY or America in general run IPv6 > il> services? > > I did for about two years, until OCCAID cut me off. They used to give > tunnels to v6 experimenters, but now they've gone ISP-club-only. And > James at TowardEX is now actually charging his colo customers *extra* if > they want v6 in addition to v4 (used to be included free for TowardEX > colocators, but was mad flakey). OCCAID shut down their ewr2 pop (and > moved to some kind of ewr2a pop), and ditched all the old members > connected there. Hahah. If you are still interested, I'm on good terms with james, and can probably get it hooked up again or something. > The alternative now is SixXS, which gets transit from OCCAID but has > lots of automation for serving Interweb users. Unfortunately they also > have fewer pops. > > OCCAID had great connectivity (rtt usually matching or beating v4 from > Alex), and they did BGP so I got to look at a full view of all 600 - 700 > routes in the IPv6 default-free zone. very fun, very reliable. more fun than reliable, i think. > OCCAID, and their new partners SixXS, seem to be generally technically > competent, but they have crippling layer 10 issues. It is stuffed full > of those people who claim they want to be ``apolitical'' and then run > their organization like some kind of pathetic nerd mafia. problems like: It *IS* the nerd mafia. The definition of nerd mafia. :) > o SixXS problems > o AUP forbids irc clients > o AUP forbids irc servers > o AUP forbids shell servers even when not used for irc Funny, actually irc is probably the only thing I see v6 being used for, actively. Mostly for the cool origin addresses! Of course, the reason behind the policy is the ddos avoidance. anything irc related = painting a big TARGET sign. > o a series of kiddie-heuristic harassment tests when you sign up > (``the ten easy steps to ipv6!'') > > o horror stories from many people who try to use them. If they cut > you off, they always cut you off first and ``inform'' you later > or not at all. One guy said they kept deleting his account > because they didn't believe the name he gave sounded real enough > (it was his real name). Haha. > o OCCAID/SixXS problems I've had in the past > > o putting mailing lists under ``emergency moderation'' when they > feel embarassed by the discussion > > o offering better support to ``insiders'' on an unpublished irc > channel and worse support to people on the mailing list, then > banning and klining people from that channel if they're > insufficiently sycophantic > > o AUP forbids so-called ``DNS spam'' which is any DNS reverse > lookup that spells an English phrase or sounds excessively cute. > I guess this is another anti-irc thing, but I'm not happy about > indignities like this and don't think it's in the spirit of the > Internet, and I really bristle at the idea of passing on a > restriction like that to _my_ users. I think all of that above are signs of trying to keep the children away personally. Its a free service. If you want no restrictions, pay for proper v6 transit. :) If there's customer demand, I can probably sell v6 transit... > so, if you can live with that, SixXS is the way to go. I can't stand > them, but I will probably sign up soon to get back some kind of censored > politicized v6 (albeit without BGP now). We'll see how long it takes > them to find an excuse to boot some guy who posts on public mailing > lists that he has major problems with their attitude. > > A year ago I reported the ``DNS spam'' to Declan's politech list. Once > Declan's report came out, they hurriedly 404'd all the URLs on their > site in Declan's message, reversed their policy, and whistled ``nothing > to see here'' for a few months. Then they put the policy back. > > Hurricane Electric tunnels are, for me, not even worth looking at, > because they block irc. I'm not spending $600/mo on Internet so I can > put up with this T-Online/Verizon port blocking bullshit. I *will* pay > for IPv6, but this second-class interweb crap completely defeats the > purpose of an experimental protocol. Why are you so in love with irc? ;) irc is a waste of time at best, and ddos target at worst... > There's another huge problem with Hurricane Electric. > > If you set up v6 at your site, it is really, really important that your > v6 access be almost as fast and reliable as your v4 access. It should > have similar bandwidth and rtt. It should be very, very seldom that v4 > is up but v6 is down. > > At every site I've seen (aside from my own before I was cut off), this > is *not* the case. I've even seen sites promoting ipv6 that advertise a > broken AAAA for their web server, but work fine over v4. I've had to > nag my secondary DNS guy to remove his nameserver's AAAA record when > TowardEX's colo v6 has gone down again. You are paying for v4 transit but getting v6 for free, what do you expect? > > > a> If you want your *glue* to be AAAA - well, its > a> a bad idea - nobody could get to anything in your domain if > a> you have only AAAA glue. > > but chia.arin.net and a.gtld-servers.net both have AAAA records. so, if > you are going to configure your nameserver with v6 _connectivity_ as > well as just v6 records, be damn sure your v6 is good, or you will get > 4sec delays resolving ~everything. I see, you want both A and AAAA. I guess that make sense. Yeah, I googled a bit and I dont see registrar that supports v6 either. Funny, because SRS (registry) does support v6 since 02. > a> There's no demand, cause, well, why'd you *want* ipv6. > > I'll pay you $50 extra per month for v6 right now. I want it so I can > reach and be reached by v6-centric friends in Germany (and apparently > also Japan). Eh, that doesn't quite bump it in the priorities list, but I might look at it sometime soon. Technically, I think I can get v6 routes from as4436 (or at worst, occaid), if I wanted to, and my core is v6-capable (but probably not v6 enabled). > Not having stable v6 connectivity is a huge problem for me. I use v6 > on my LAN, and it's a major pain-in-the-ass to renumber, to remove or > add back the v6. And if you have the v6 without a working default > route, just to use locally, it makes problems for some OS's (like > Solaris). > > v6 /32's are free from ARIN as long as you are (1) an ISP, (2) an ARIN > ``member'' (have v4 blocks from ARIN, or pay $500/yr), and (3) have a > plan to assign 200 /48's within 5 years. I think several tier 1 ISP's > already to v6. Cisco IOS is much less of a flakey piece of shit on v6 > now. so it may be mostly a matter of your time to set it up. > > I'm intensely frustrated with all these crappy flash-in-the-pan high-rtt > port-blocked tunnels and layer 10 bullshit. and, in general, basically > with people who have Alex's attitude, which I think is both wrong and > pervasive. I think all you said above pretty much proves my point - a) ipv6 not ready for prime time b) nobody gives a damn about v6 -alex From ike at lesmuug.org Fri Mar 23 08:21:20 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 08:21:20 -0400 Subject: [nycbug-talk] IPv6 in Japan In-Reply-To: <22417.160.33.20.11.1174579821.squirrel@webmail.nomadlogic.org> References: <0AD0D543-1B78-4C3E-AB41-6156412D5D81@lesmuug.org> <22417.160.33.20.11.1174579821.squirrel@webmail.nomadlogic.org> Message-ID: <2A482895-CBAD-4B5A-BC90-FEAC079A4D97@lesmuug.org> Word Pete, On Mar 22, 2007, at 12:10 PM, Peter Wright wrote: > >> IPv4 netblocks: >> >> That means IANA predicts complete IPv4 pool exhaustion July, 2011. > > I remember seeing similar, startling, statistics at the first bsdcans' > KAME talk. glad to see that the progression has not changed at > least ;) > did he talk about any of side effects of an ipv6 world...i remember > thinking about living in a world w/o NAT and getting pretty excited... And scary-fun! I know NAT isn't any way to secure a network, but lets face it- most of the US office, home, and other networks are all trivially protected by NAT. So with this new network world, comes new responsibilities in securing network software, on all levels of the stack... As I see it, packet filtering becomes fundamentally important in a whole new way as we proceed. It needs to become simpler to manage, and integrated better into 'home' products IMHO. > >> >> >> 2) HUMBLING EXPERIENCES: >> Wifi hotspots in Tokyo gave me problems. OK, so finding an open AP >> was simple- it's an understatement to say Tokyo is totally wired... >> However, I had serious problems connecting to my systems in NY, >> because many WiFi hotspots gave me IPv6 routes! I was totally typing >> all thumbs! Sitting there with my mac, I had no clue how to find DNS >> servers- let alone tunnel to my networks back home, on the IPv4 >> internet. >> >> All I could think to do was use ping6 and traceroute6 to confirm I >> really was touching IPv6 router(s). >> >> That was truly humbling- and somehow really titillating at the same >> time. >> >> Not only can you get real IPv6 internet to your home, you can get >> 100mbit connections to your home for approximately $80usd/mo. Makes >> me want to cry. >> >> > > wow - that's pretty wicked. so if i understand ipv6 correctly > (which i > most likely do not) you get a publicly routable IPv6 addr from > these wifi > hotspots right. hmm...now i can see why there has been some > pushback, or > inaction at least, from many western IT vendors. i surprised that > OSX had > problems getting things going...i always suspected that the > paradigm shift > would be under the surface of the os - not on the user end. I *believe* what happened to me was that my machine gave itself an IP, and the router advertisements my machine called for gave me routers (DHCP is gone, autoconfiguration is part of the spec, right...) With that, the problem I had was getting DNS servers- which I didn't figure out. (Even if I had, I'm not sure what I would have tried to resolve?) Getting to my servers (via ssh), and checking email, which was my objective at that moment- was totally out of the question without some kind of 4->6->4 tunnel, which again, I was at a loss to figure out. Like I said, humbling! > >> 3) NNT Do Co Mo: >> The Japanese wireless telephone company, to my understanding after >> various IPv6 lectures at AsiaBSDCon, uses an IP backbone- an IPv6 >> backbone, to be precise. The Japanese networks are therefore >> exremely modular, scalable, adaptable, and use open standard >> infrastructure. Wow. > > well, i'd assume that most backbone carriers use a standards based > architecture. i mean that's one reason standards are published > right, so > high capacity carriers can interact and not have to reinvent the wheel > right? it's not like the verizon is using decnet while quest is > using IP > on their backbones - shoot maybe they are, that'd explain a lot ;) > > Er, well, I may be speaking incorrectly here, (this is beyond my scope of expertise), but it seems their IP infrastructure reaches all the way down to last-mile distribution, which US telephony does not- (CDMA, 3G, we do a lot of different things- each carrier has competing proprietary networking). Their IP infrastructre allows them to do bizzare flexible things with the network data- like their in-car navigation services, or mobile phone networks intermingling with internet services, etc... I need to do more research to get my facts straight though. > >> 4) BSD, Kame stack: >> So, as it's widely understood by many of us, and repeated in all the >> IPv6 related talks at the conference, the Kame project for an IPv6 >> network stack, was led by the BSD developers in Japan. With that, >> *BSD is everywhere in Japan, on all scales- from embedded gear to >> satellites and network backbones. >> > > yea it's pretty awesome for sure. one thing that's really suprised > me is > how much BSD code i've run into when working with various storage > vendors > - we are everywhere :) :) > > >> >> I'm going to do something about it... Anyone want to dive in >> headfirst with me? >> > > heh you've sold me... Yay!!! Objective: see you on IPv6 irc, (once we get the server up?) Rocket- .ike From ike at lesmuug.org Fri Mar 23 08:28:54 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 08:28:54 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: References: Message-ID: <9C3FD0AD-60B5-4356-863C-DE3F2D7585FE@lesmuug.org> Hi Alex, All, On Mar 22, 2007, at 2:51 PM, alex at pilosoft.com wrote: > On Thu, 22 Mar 2007, Isaac Levy wrote: > >> Does anyone on this list, in NY or America in general run IPv6 >> services? > Seriously? As in production, money-carrying traffic? No. > > On nanog conferences, it is always talked about, but it is a > chicken-and-egg problem: providers will not sell IPv6 until there's > customer demand. There's no demand, cause, well, why'd you *want* > ipv6. OK. I WANT IPv6. > >> One thing at a time, right now, I'm trying to setup IPv6 DNS 'AAAA' >> records- and my registrars, (GoDaddy and Register.com) don't >> support the >> IPv6 TLD's... >> >> I've found .jp registrars that support the TLD's, but >> the .com/.net/.org >> TLD's are supposedly all ready to go since 2004 or so... > Ummm...If you want AAAA records, just have your nameserver serve > them up. > If you want your *glue* to be AAAA - well, its a bad idea - nobody > could > get to anything in your domain if you have only AAAA glue. OK- that's useful to understand, AAAA is just a crossover for v6 addressing when querying normal v4 nameservers. I see that I can just add AAAA records easily to my nameserver. So it's really at the registrar, and their reporting to the IPv6 TLD. > >> It seems that all your usual DNS server softwares, (bind, djbdns, >> tinydns, etc...) all have all the necessary support and hooks for the >> IPv6 TLD's, but one's registrar has to make the names propogate... >> >> If I have to move some domain names to a new registrar for now, so be >> it... >> >> Does anyone have experience with this in America yet? > nobody cares in america. > > -alex Alex, totally understated and realistic comment. However, that's not my point on this thread- I'm moving beyond that- most importantly out of hacking interest, and future-thinking needs. I mean, why do we need the IPv4 internet in the first place? :) Rocket- .ike From ike at lesmuug.org Fri Mar 23 08:30:25 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 08:30:25 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <4602FA21.6060700@kc8onw.net> References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> <46024FE8.2040106@kc8onw.net> <84DF63C4-EE93-42EE-8FE7-80924CEAB42C@lesmuug.org> <4602FA21.6060700@kc8onw.net> Message-ID: <26B7C71C-4061-4F75-AB41-FB73F252398B@lesmuug.org> Sorry to top-post, THANK YOU JONATHAN! Reading... On Mar 22, 2007, at 5:50 PM, Jonathan Stewart wrote: > Isaac Levy wrote: >> Jonathan, anything, even the smallest tid-bits or URLS that led you >> to your setup would be most appreciated!! > > Alright then here goes. > > URLs > > http://www.no-ip.com/ > http://tunnelbroker.net/index.php > http://www.kame.net/ > http://ipv6.klingon.nl/ > http://6bone.informatik.uni-leipzig.de/ipv6/stats/why-en.html > > A commented/stripped version of my rc.conf. > > # Setup interfaces on server/router like normal > dhclient_enable="YES" > ifconfig_fxp0="inet 10.70.3.1 netmask 255.255.255.0" > ifconfig_nve0="DHCP" > hostname="server.kc8onw.net" > > # Enable IPv6 on the system, must also be compiled into the kernel > ipv6_enable="YES" > > # Allow the system to act as an IPv6 router > ipv6_gateway_enable="YES" > > # This should be the v6 address at the other end of your tunnel > ipv6_defaultrouter="2001:470:1F01:FFFF::1AE0" > > # Hurricane Electric uses gif tunnels so set one up here > gif_interfaces="gif0" > > # Set source and destination v4 addresses for the tunnel > gifconfig_gif0="72.230.86.229 64.71.128.83" > > # Set source and destination v6 addresses for the tunnel > ipv6_ifconfig_gif0="2001:470:1F01:FFFF::1AE1 2001:470:1F01:FFFF:: > 1AE0 prefixlen 128" > > # This is the /64 allocated to me by hurricane electric > # Set the XXXX::1 address on the internal network interface > # as the gateway > ipv6_ifconfig_fxp0="2001:470:1F01:3540::1 prefixlen 64" > > # Allow the system to send IPv6 router advertisement packets > rtadvd_enable="YES" # Set to YES to enable an IPv6 router > > # Specify that we only act as a v6 router on the internal subnet > rtadvd_interfaces="fxp0" # Interfaces rtadvd sends RA packets. > > Jonathan Stewart > > P.S. I'm willing to help over IM/phone/skype/etc if anyone is > interested, message me off list to work something out. > From ike at lesmuug.org Fri Mar 23 08:36:27 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 08:36:27 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: References: <28922.160.33.20.11.1174599992.squirrel@webmail.nomadlogic.org> Message-ID: Hi All, On Mar 22, 2007, at 6:21 PM, Charles Sprickman wrote: >> ahh alex, always the unbiased diplomatic poster to talk@ ;) > > It's the idealistic optimist vs. the IPv4 curmudgeon. :) > > C Nah, Alex is really quite right in the US. However, my interest with this thread is to disregard that- and find out who's with me... I love NYC, I love Tokyo- and want to bridge them. Since nobody has plans for a train between Grand Central and Tokyo Station metro, I wanna build the network instead :) Rocket- .ike From ike at lesmuug.org Fri Mar 23 08:43:51 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 08:43:51 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <28000.160.33.20.11.1174603465.squirrel@webmail.nomadlogic.org> References: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> <28000.160.33.20.11.1174603465.squirrel@webmail.nomadlogic.org> Message-ID: <71EFE879-FFC2-45D6-A369-D65D812A95A5@lesmuug.org> Hi All, On Mar 22, 2007, at 6:44 PM, Peter Wright wrote: >> Is there any other advantage to IPv6 other than virtually unlimited >> addresses? Not that I am trivializing that fact. >> > > well, some would argue that the address space would be a big enough > gain > on it's own...here's a list of some other nifty features: > > http://en.wikipedia.org/wiki/Ipv6#Features_of_IPv6 > > my two favorites: > ipsec intergration into the base stack HECK YEAH. While listing to MSF speak about IPSEC application weaknesses at AsiaBSDCon, (picking on raccoon, ike, userland, apis etc...)- a simple thing *snapped* in my brain: IPSEC isn't just for encrypted tunnels, tunnelling was merely the first good application of IPSEC. IPSEC can be written into any network application, and *could* largely replace things like ssl/tls alltogether. IPSEC advantage over ssl/tls is complete transport layer, packet-level crypto- as opposed to application-layer crypto... > stateless autoconfiguration of hosts DHCP, farewell. I'm still confused about how to get DNS Servers though... (but historically, this was a band-aid hack idea to DHCP that stuck- because it worked...) Rocket- .ike From ike at lesmuug.org Fri Mar 23 08:45:59 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 08:45:59 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <34521.160.33.20.11.1174603638.squirrel@webmail.nomadlogic.org> References: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> <460304D1.2090708@kc8onw.net> <34521.160.33.20.11.1174603638.squirrel@webmail.nomadlogic.org> Message-ID: <1FABE245-9884-41B2-91F0-9B3C5FE3B443@lesmuug.org> On Mar 22, 2007, at 6:47 PM, Peter Wright wrote: >> deep_blue at sebek.org wrote: >>> Is there any other advantage to IPv6 other than virtually unlimited >>> addresses? Not that I am trivializing that fact. >> >> Wikipedia explains it better than I can. One upside/downside I will >> mention here is that it eliminates the need for NAT, the downside of >> this is people can't rely on NAT to work as a firewall and need to >> configure a proper one. >> > > heck, i'd consider that an upside as well - a NAT should never take > the > place of a firewall IMHO. Agreed- but this means that we have to get networks, vendors, and applications ready to deal with these changes... It's not hard if we fundamentally start thinking of each node in our private IPv4 networks, as being publicly addressable... (I said it's not hard, but it's a tedious paradigm shift...) Rocket- .ike From ike at lesmuug.org Fri Mar 23 08:47:58 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 08:47:58 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <20070322230453.GF10190@clam.khaoz.org> References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> <20070322230453.GF10190@clam.khaoz.org> Message-ID: <3A207EDF-2207-4277-9756-1D90368CBEDA@lesmuug.org> Okan, Sweet, On Mar 22, 2007, at 7:04 PM, Okan Demirmen wrote: > On Thu 2007.03.22 at 00:06 -0400, Isaac Levy wrote: >> Hey All, >> >> Does anyone on this list, in NY or America in general run IPv6 >> services? > > http://lists.arin.net/pipermail/ppml/2007-March/006393.html That reminded me of one biggie: "The US government has a mandate for agencies to move to IPv6" http://www.gcn.com/online/vol1_no1/43181-1.html This summer is the deadline? Is nyc.gov on the IPv6 net? Rocket- .ike From okan at demirmen.com Fri Mar 23 09:39:46 2007 From: okan at demirmen.com (Okan Demirmen) Date: Fri, 23 Mar 2007 09:39:46 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <3A207EDF-2207-4277-9756-1D90368CBEDA@lesmuug.org> References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> <20070322230453.GF10190@clam.khaoz.org> <3A207EDF-2207-4277-9756-1D90368CBEDA@lesmuug.org> Message-ID: <20070323133946.GL10190@clam.khaoz.org> On Fri 2007.03.23 at 08:47 -0400, Isaac Levy wrote: > Okan, Sweet, > > On Mar 22, 2007, at 7:04 PM, Okan Demirmen wrote: > > >On Thu 2007.03.22 at 00:06 -0400, Isaac Levy wrote: > >>Hey All, > >> > >>Does anyone on this list, in NY or America in general run IPv6 > >>services? > > > >http://lists.arin.net/pipermail/ppml/2007-March/006393.html > > That reminded me of one biggie: > > "The US government has a mandate for agencies to move to IPv6" > http://www.gcn.com/online/vol1_no1/43181-1.html > > This summer is the deadline? Is nyc.gov on the IPv6 net? July 2008 From af.dingo at gmail.com Fri Mar 23 09:57:28 2007 From: af.dingo at gmail.com (Jeff Quast) Date: Fri, 23 Mar 2007 09:57:28 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <71EFE879-FFC2-45D6-A369-D65D812A95A5@lesmuug.org> References: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> <28000.160.33.20.11.1174603465.squirrel@webmail.nomadlogic.org> <71EFE879-FFC2-45D6-A369-D65D812A95A5@lesmuug.org> Message-ID: On 3/23/07, Isaac Levy wrote: > On Mar 22, 2007, at 6:44 PM, Peter Wright wrote: > >> Is there any other advantage to IPv6 other than virtually unlimited > >> addresses? Not that I am trivializing that fact. > > > > my two favorites: > > ipsec intergration into the base stack > > HECK YEAH. While listing to MSF speak about IPSEC application > weaknesses at AsiaBSDCon, (picking on raccoon, ike, userland, apis > etc...)- a simple thing *snapped* in my brain: > > IPSEC isn't just for encrypted tunnels, tunnelling was merely the > first good application of IPSEC. > ipsec in openbsd is so incredibly easy it blows my mind. I knew absolutely nothing about ipsec except what was forced on me through news sites, I never cared to look into it. I decided I needed it, read the manual pages for about 15 minutes, read a small ~3 page introductory paper for a few minutes, and followed by the EXAMPLE section and got started. I was finished in about 20 minutes. racoon on the other hand, I looked, I cringed, I ran, i screamed like a girl, and I never looked back... Regardless -- ipv6 wasn't needed at all. It worked on ipv4 only -- so how is ipv6 going to help this get any easier than a 1-line configuration file? Why should I bother, I just got what i needed... > idea is still correct - there isn't any need for IPv6, so there's no push > either by clients or carriers to implement it. Alex is a smart man. So I just joined a very hip, very modern, very new evdo cellular network that was deployed nation-wide in less than a year. pppd warns that the remote site refuses ipv6 handshaking. They had the chance to design this network from scratch, and they left ipv6 out. That pisses me off. Unfortunatly, there is absolutely no form of getting an ipv6 pipe between my home and the world (without having it piggy-back ipv4 in some form). Regardless, I am confident the pa-risc, macppc, arm, i386, and sparc64 in my home will take little to no work to join this network seamlessly, thanks to BSD's efforts. If the other major US cellular evdo network offered ipv6 addressing, I'd switch, break my contract, and make it very clear why I switched and while I'll never come back. We have to do this whenever we can, it shows these companies there is -MONEY- involved in supporting an ipv6 network, from major ISP's to home broadband. From ike at lesmuug.org Fri Mar 23 09:57:31 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 09:57:31 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <20070323133946.GL10190@clam.khaoz.org> References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> <20070322230453.GF10190@clam.khaoz.org> <3A207EDF-2207-4277-9756-1D90368CBEDA@lesmuug.org> <20070323133946.GL10190@clam.khaoz.org> Message-ID: On Mar 23, 2007, at 9:39 AM, Okan Demirmen wrote: >>> http://lists.arin.net/pipermail/ppml/2007-March/006393.html >> >> That reminded me of one biggie: >> >> "The US government has a mandate for agencies to move to IPv6" >> http://www.gcn.com/online/vol1_no1/43181-1.html >> >> This summer is the deadline? Is nyc.gov on the IPv6 net? > > July 2008 Ok. So 14 months. Seriously, in 14 months I want every NYC*BUG member to look up their local garbage collection routes on nyc.gov, via IPv6. Just for kicks. Rocket- .ike From bonsaime at gmail.com Fri Mar 23 10:01:17 2007 From: bonsaime at gmail.com (Jesse Callaway) Date: Fri, 23 Mar 2007 10:01:17 -0400 Subject: [nycbug-talk] IPv6 in Japan In-Reply-To: <0AD0D543-1B78-4C3E-AB41-6156412D5D81@lesmuug.org> References: <0AD0D543-1B78-4C3E-AB41-6156412D5D81@lesmuug.org> Message-ID: On 3/22/07, Isaac Levy wrote: > Hi All, > > So after Tokyo, as I process the overload, there's one special thing > that I've brought back, that I'm now consumed by: > > IPv6 (in America). ... > I'm going to do something about it... Anyone want to dive in > headfirst with me? > > Rocket- > .ike > I'm compelled to use ipv6, but not because I'm scared we're going to run out of ipv4 numbers. Frankly, I think that would be kind of fun and very profitable... but aside from my destructive profit motive disincentive to get ipv6 rolling - ipv6 is just cooler, more functional, and needs to have the kinks worked out with deployment here in the usa. Let's move forward! -jesse From pete at nomadlogic.org Fri Mar 23 11:10:03 2007 From: pete at nomadlogic.org (Peter Wright) Date: Fri, 23 Mar 2007 08:10:03 -0700 (PDT) Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <1FABE245-9884-41B2-91F0-9B3C5FE3B443@lesmuug.org> References: <329539.15755.qm@web404.biz.mail.mud.yahoo.com> <460304D1.2090708@kc8onw.net> <34521.160.33.20.11.1174603638.squirrel@webmail.nomadlogic.org> <1FABE245-9884-41B2-91F0-9B3C5FE3B443@lesmuug.org> Message-ID: <28236.160.33.20.11.1174662603.squirrel@webmail.nomadlogic.org> > On Mar 22, 2007, at 6:47 PM, Peter Wright wrote: > >>> deep_blue at sebek.org wrote: >>>> Is there any other advantage to IPv6 other than virtually unlimited >>>> addresses? Not that I am trivializing that fact. >>> >>> Wikipedia explains it better than I can. One upside/downside I will >>> mention here is that it eliminates the need for NAT, the downside of >>> this is people can't rely on NAT to work as a firewall and need to >>> configure a proper one. >>> >> >> heck, i'd consider that an upside as well - a NAT should never take >> the >> place of a firewall IMHO. > > Agreed- but this means that we have to get networks, vendors, and > applications ready to deal with these changes... > > It's not hard if we fundamentally start thinking of each node in our > private IPv4 networks, as being publicly addressable... (I said it's > not hard, but it's a tedious paradigm shift...) > yea that' for sure. i saw alan kay give a lecture once, and he went on and on about how bad our current state of network security is, not just from a security standpoint - but from a software design standpoint as well. i guess it's hoped that - at least from a mile high view - that things like ipv6 will help address both the security and design issues we currently find ourselves in. -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From tillman at seekingfire.com Fri Mar 23 11:38:25 2007 From: tillman at seekingfire.com (Tillman Hodgson) Date: Fri, 23 Mar 2007 09:38:25 -0600 Subject: [nycbug-talk] IPv6 in Japan In-Reply-To: <2A482895-CBAD-4B5A-BC90-FEAC079A4D97@lesmuug.org> References: <0AD0D543-1B78-4C3E-AB41-6156412D5D81@lesmuug.org> <22417.160.33.20.11.1174579821.squirrel@webmail.nomadlogic.org> <2A482895-CBAD-4B5A-BC90-FEAC079A4D97@lesmuug.org> Message-ID: <20070323153825.GC1385@seekingfire.com> On Fri, Mar 23, 2007 at 08:21:20AM -0400, Isaac Levy wrote: > Objective: see you on IPv6 irc, (once we get the server up?) I run an IRC network on The Metanetwork (http://www.metanetwork.ca) ... an IPv6 sounds neat, and since it's a private network I can fairly easily get IPv6 stuff going on it. What ircd were you planning on using (that has IPv6 support -- things like C: and H: lines will change somewhat, for example)? -T -- When a person is confused, he sees east as west. When he is enlightened, west itself is east. Ta-Hui From ike at lesmuug.org Fri Mar 23 12:32:07 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 12:32:07 -0400 Subject: [nycbug-talk] IPv6 ircd Message-ID: <6479CDF9-292C-434D-BC1A-8A09D2F65FD6@lesmuug.org> On Mar 23, 2007, at 11:38 AM, Tillman Hodgson wrote: > I run an IRC network on The Metanetwork (http:// > www.metanetwork.ca) ... Wow- interesting. I love the Metanetwork idea. > an IPv6 sounds neat, and since it's a private network I can fairly > easily get IPv6 stuff going on it. What ircd were you planning on > using > (that has IPv6 support -- things like C: and H: lines will change > somewhat, for example)? Yikes! I hadn't thought of which ircd- it's been years since I've even run a server... Um... Miles Nordin: if you read this on list, what ircd can you recommend? Rocket- .ike From mspitzer at gmail.com Fri Mar 23 12:35:45 2007 From: mspitzer at gmail.com (Marc Spitzer) Date: Fri, 23 Mar 2007 12:35:45 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <3A207EDF-2207-4277-9756-1D90368CBEDA@lesmuug.org> References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> <20070322230453.GF10190@clam.khaoz.org> <3A207EDF-2207-4277-9756-1D90368CBEDA@lesmuug.org> Message-ID: <8c50a3c30703230935u25b25eb7nea2e42714772ec1f@mail.gmail.com> On 3/23/07, Isaac Levy wrote: > Okan, Sweet, > > On Mar 22, 2007, at 7:04 PM, Okan Demirmen wrote: > > > On Thu 2007.03.22 at 00:06 -0400, Isaac Levy wrote: > >> Hey All, > >> > >> Does anyone on this list, in NY or America in general run IPv6 > >> services? > > > > http://lists.arin.net/pipermail/ppml/2007-March/006393.html > > That reminded me of one biggie: > > "The US government has a mandate for agencies to move to IPv6" > http://www.gcn.com/online/vol1_no1/43181-1.html > > This summer is the deadline? Is nyc.gov on the IPv6 net? They mandated all federal gov. nyc is not federal, its not even state after all. And I have a feeling that exceptions are going to be flowing like water on this. marc > > Rocket- > .ike > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- Freedom is nothing but a chance to be better. Albert Camus From ike at lesmuug.org Fri Mar 23 13:52:11 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 13:52:11 -0400 Subject: [nycbug-talk] IPv6 tunnel broker In-Reply-To: References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> Message-ID: Wordup Miles, HOLY MOSES, you have a lot of bloody-knuckle IPv6 experience, thanks for sharing it!, I'm splitting up the replies, to try to simplify the wealth of info presented- -- Tunnel Brokers: On Mar 22, 2007, at 7:15 PM, Miles Nordin wrote: >>>>>> "a" == alex writes: >>>>>> "il" == Isaac Levy writes: > > il> Does anyone on this list, in NY or America in general run IPv6 > il> services? > > I did for about two years, until OCCAID cut me off. > The alternative now is SixXS, which gets transit from OCCAID but has > lots of automation for serving Interweb users. Unfortunately they > also have fewer pops. SixXS- (url for the record Ok, so just to get my basic facts straight- they *only* do v4->v6 tunnel broker services, or do they offer actual direct connectivity as well? > > Hurricane Electric tunnels are, for me, not even worth looking at, > because they block irc. I'm not spending $600/mo on Internet so I can > put up with this T-Online/Verizon port blocking bullshit. I *will* > pay for IPv6, but this second-class interweb crap completely defeats > the purpose of an experimental protocol. Re. Hurricane Electric Tunnels: (url for the record ) > There's another huge problem with Hurricane Electric. > > > unreliable -- Do you know anything about Hexago? They were recently featured in BSDNews, their tunnel broker software was released under a BSD License (cool!): http://bsdnews.com/view_story.php3?story_id=6364 http://www.go6.net/ -- At the moment, it seems getting familiar with 4-to-6 tunnels is really important, but I *really* want to get real IPv6 connnections from ISP's... :) Rocket- .ike From ike at lesmuug.org Fri Mar 23 14:11:59 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 14:11:59 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> Message-ID: Wordup Miles, On Mar 22, 2007, at 7:15 PM, Miles Nordin wrote: >>>>>> "a" == alex writes: >>>>>> "il" == Isaac Levy writes: > > il> Does anyone on this list, in NY or America in general run IPv6 > il> services? > > I did for about two years, until OCCAID cut me off. -- > The second phase of user response to IPv6-crappyness is to learn about > these -4 options to all commands. Sometimes sysadmins do this, > too---like they will start bind with '-4' and cut off access to any > subdomain that has v6-only DNS servers, to make regular resolving > faster with their crappy v6. Sysadmins may get into the action by > putting stuff in /etc that makes each program prefer v4 instead of v6. Hrm. I wonder how many *BSD apps have implementation details all cleaned up? I honestly haven't thought through this, but this makes perfect sense. > The third phase of response to v6 crappyness is, sadly, well underway. > It's the _developer_ response to crappy v6 tunnels. We've got all > these short-sighted Windows refugee developers working on free > software now, who just bang away and hurl feces at problems until they > sorta work. irssi's wrapped getaddrinfo() to make it prefer v4 for a > while, unless you set it back to v6 in the template config file as I > do, and even then it won't effect users who started irssi before you > realized the problem and set it back because they'll all have local > .irssi/config files. Firefox, on some ``distros'' of Linux anyway, > now ships prefering v4 over v6. meaning you will actually have v6, go > to kame.net and NOT see the dancing kame. You have to go into some > arcane Javascript file to undo their brain damage. Firefox on Solaris > still works right, but I guess it's an old version. Yikes. Ok- so this is another issue to address- making sure apps work sanely, (by making sure they are written correctly). > getaddrinfo() is actually v4/v6-agnostic---it could work with ISO CLNP > or IPv2000 or whatever comes next, with no modification to programs > that call it in the most generic way possible, once DNS rules for the > new protocol were invented. > so these new programs are making their > calls to getaddrinfo() less portable by hardcoding in an understanding > of v4 and v6 address families. The right way to do the third phase > is, well, not at all. But the less wrong way is to have a v6 stack > that sorts the results of getaddrinfo based on a system-wide config > file like /etc/netconfig or /etc/inet/ipaddrsel.conf. but NetBSD > doesn't have these files, and on Solaris they don't seem to do what > the documentation says. Sounds simply like folks just haven't gotten enough experience deploying and using the systems yet- Solaris makes sense, NetBSD as well, that they'd have rough edges... (Sun being an American company, but NetBSD? I guess we all have details to work out as systems get deployed...) > > These phases are the Hidden Obstinance to IPv6, aside from > uncooperative ISP's or heads-in-the-sand American ``businesses.'' > Some of the things that can make your v6 crappy: > > 1. using a high-rtt tunnel. HE's tunnel endpoint is in Fremont, so to > connect to another site here in NYC, your packets cross the US > twice, adding 40 - 100ms latency. This is enough for ssh users to > notice that v6 sucks and type 'ssh -4'. Hurricane has presence in > NYC, but they won't give tunnels from here, and they won't do > colocation here so you can make your own tunnel, either. Holy moses you know the tunnel scene well man. > > besides he.net, xs26.net in Europe has this problem, too, since > your tunnel endpoint is 100ms away. (also, their web site seems > down right now, so I dunno if they can meet the ``up almost as > often as v4'' criteria) > > some people make a big deal about ``native'' v6, meaning v6 over > the Ethernet cable. Not having tunnels definitely makes routing > problems easier to track down, but I really don't think it's faster > or intangibly ``better'' somehow. The problem is when the two ends > of the tunnel are far apart. The tunnel should only be a couple ms > long, not spanning countries or oceans, so routing is still close > to optimal. It's the rtt, not the tunnel itself, that sucks. > > 2. bad neighbor ISP's (cough *Abliene* cough) that up the v6 > routing table. with OCCAID I had packets crossing the Atlantic > twice to get to Hurricane Electric. stupid. OCCAID blamed HE and > said they were doing something wrong and ignoring OCCAID's > complaints. Who knows what the real story is. > > 3. not maintaining your v6 well. If your site depends on some > ``tunnel broker'' with a dynamic address on your end, then > inevitably the broker machine gets rebooted a couple times a month > and loses your site's state. If your tunnel broker client is buggy > and crashes, or isn't running at all, then your v6 goes down for > weeks until someone notices. > > so, that covers almost every v6 deployment I've seen. not good. > > > a> If you wantyour *glue* to be AAAA - well, its > a> a bad idea - nobody could get to anything in your domain if > a> you have only AAAA glue. > > but chia.arin.net and a.gtld-servers.net both have AAAA records. so, > if you are going to configure your nameserver with v6 _connectivity_ > as well as just v6 record s, be damn sure your v6 is good, or you will > get 4sec delays resolving ~everything. Noted! This seems like another problem for adoption/growth, if the networks suck, why use them? > > Not having stable v6 connectivity is a huge problem for me. I use v6 > on my LAN, and it's a major pain-in-the-ass to renumber, to remove or > add back the v6. And if you have the v6 without a working default > route, just to use locally, it makes problems for some OS's (like > Solaris). Gah- makes sense. This seems like a really tough stumbling block for everybody. If we all are constantly rebuilding networks, it's hard to move foreword and *use* them... > > v6 /32's are free from ARIN as long as you are (1) an ISP, (2) an ARIN > ``member'' (have v4 blocks from ARIN, or pay $500/yr), and (3) have a > plan to assign 200 /48's within 5 years. I think several tier 1 ISP's > already to v6. Cisco IOS is much less of a flakey piece of shit on v6 > now. so it may be mostly a matter of your time to set it up. What are ARIN's definition of 'ISP'? I mean, I'm provisioned one IPv4 /24 for my Colo operations, but I'm by no means a commercial ISP- (even though I do host systems for my clients). (I've never thought about it, but I think I realistically don't count...) Rocket- and thanks for sharing all of this! .ike From ike at lesmuug.org Fri Mar 23 14:18:08 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 14:18:08 -0400 Subject: [nycbug-talk] (I hate IPv6!) - Thread Fork In-Reply-To: References: Message-ID: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> Hi Alex, All, This topic deserves discussion, On Mar 22, 2007, at 2:51 PM, alex at pilosoft.com wrote: >> Does anyone have experience with this in America yet? > nobody cares in america. On Mar 22, 2007, at 3:35 PM, alex at pilosoft.com wrote: > there isn't any need for IPv6, so there's no push > either by clients or carriers to implement it. On Mar 22, 2007, at 9:48 PM, alex at pilosoft.com wrote: >> I'm intensely frustrated with all these crappy flash-in-the-pan >> high-rtt >> port-blocked tunnels and layer 10 bullshit. and, in general, >> basically >> with people who have Alex's attitude, which I think is both wrong and >> pervasive. > I think all you said above pretty much proves my point - > a) ipv6 not ready for prime time > b) nobody gives a damn about v6 Alex, you've inspired me to fork this whole topic to a different thread. This is not a joke. Seriously speaking here, what do you see as the largest problems to the US getting wired and up to speed with IPv6? Why do you think it won't happen anytime soon? Best, .ike From spork at bway.net Fri Mar 23 15:37:49 2007 From: spork at bway.net (Charles Sprickman) Date: Fri, 23 Mar 2007 15:37:49 -0400 (EDT) Subject: [nycbug-talk] some C help? In-Reply-To: References: <20070310212831.GF10311@clam.khaoz.org> <20070310213507.GI10311@clam.khaoz.org> <20070310171407.C87127@arbitor.digitalfreaks.org> Message-ID: On Thu, 22 Mar 2007, Charles Sprickman wrote: > On Sat, 10 Mar 2007, Brian A. Seklecki wrote: > >> >> This bug is pretty well documented in a ticket I opened with the NetBSD >> folks on the default size of the "snaplen" size being determined based on >> the presence of the IPv6 at compile-time v.s. run-time v.s "-i" argument. >> >> http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=34733 Here's the answer to my bug report over at FreeBSD. State-Changed-From-To: open->closed State-Changed-By: remko State-Changed-When: Fri Mar 23 06:43:45 UTC 2007 State-Changed-Why: Please raise this with the tcpdump maintainers, they can change this and we can import the new version if needed. Since this is a vendor/contributed item, we are not going to change that locally. Want to tag-team the tcpdump people? :) Charles >> -s 96 or -s 128 for the win. > > I told you guys I move slowly... > > I actually didn't want to touch spamlogd so I recompiled tcpdump with SPAPLEN > set to 96 for v4 or v6. I'll need to see if there's a PR on this with > FreeBSD and if not file one referencing your NetBSD report. > > All seems well: > > Mar 22 03:03:31 slimjim spamlogd[700]: invalid ip address 10.10.10 > > Mar 22 20:53:25 slimjim spamlogd[86729]: outbound 10.10.10.3 > > [root at slimjim /usr/src/usr.sbin/tcpdump]# spamdb > WHITE|10.10.10.154|||1173413700|1173415662|1176526099|4|0 > WHITE|10.10.10.3|||1174611205|1174611205|1177721605|1|0 <<-- bingo > [root at slimjim /usr/src/usr.sbin/tcpdump]# > > Thanks again, > > Charles > >> ~BAS >> >> >>>>> >>>>> Mar 10 00:09:24 slimjim spamlogd[72636]: invalid ip address 10.10.10 >>>>> >>>>> Note the lack of the final octet. >>>>> >>>>> This is (I hope) the area where spamlogd parses the output of tcpdump: >>>> >>>> yes, it is, but no need to analyze it... >>>> >>>> it does its job correctly. >>>> >>>>> That chunk makes very little sense to me. >>>>> >>>>> Can anyone give me a quick shove in the right direction? >>>> >>>> ...and the reason yours is failing is not because of that chunk of code, >>>> but rather your pflog interface. it should look like: >>>> >>>> [blah] 10.10.10.9.XXXX > 10.10.10.10.25: [blah] >>>> >>>> where XXXX is an ephemeral port...basically your log is dropping the >>>> port number. why? i don't know - what does your pf rule look like? >>> >>> oh, and i'll add that -current (and 4.1) doesn't spawn tcpdump any more, >>> but uses pcap directly....plus lots of other yummy features - ask for >>> the port to get upgraded ;) >>> _______________________________________________ >>> % NYC*BUG talk mailing list >>> http://lists.nycbug.org/mailman/listinfo/talk >>> %Be sure to check out our Jobs and NYCBUG-announce lists >>> %We meet the first Wednesday of the month >>> >> >> l8* >> -lava (Brian A. Seklecki - Pittsburgh, PA, USA) >> http://www.spiritual-machines.org/ >> >> "...from back in the heady days when "helpdesk" meant nothing, "diskquota" >> meant everything, and lives could be bought and sold for a couple of pages >> of laser printout - and frequently were." >> _______________________________________________ >> % NYC*BUG talk mailing list >> http://lists.nycbug.org/mailman/listinfo/talk >> %Be sure to check out our Jobs and NYCBUG-announce lists >> %We meet the first Wednesday of the month >> > From ike at lesmuug.org Fri Mar 23 15:53:53 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 15:53:53 -0400 Subject: [nycbug-talk] IPv6 and CIDR confusion Message-ID: <37631FE2-8FBC-4A25-91C8-C9999C232BEB@lesmuug.org> Hi All, When searching for info about IPv6 netblocks, I found: "IPv6 uses a CIDR-style architecture for address allocation" -but it's not actually CIDR? Does anyone know where to find out about the breakdown of netblocks? (e.g. what is a /64 for IPv6? What is the equivalent of an IPv4 Class C, (/24 with 254 usable addresses?)) Rocket- .ike From spork at bway.net Fri Mar 23 16:01:33 2007 From: spork at bway.net (Charles Sprickman) Date: Fri, 23 Mar 2007 16:01:33 -0400 (EDT) Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: References: <28922.160.33.20.11.1174599992.squirrel@webmail.nomadlogic.org> Message-ID: On Fri, 23 Mar 2007, Isaac Levy wrote: > Hi All, > > On Mar 22, 2007, at 6:21 PM, Charles Sprickman wrote: > >>> ahh alex, always the unbiased diplomatic poster to talk@ ;) >> >> It's the idealistic optimist vs. the IPv4 curmudgeon. :) >> >> C > > Nah, Alex is really quite right in the US. I like Alex, but he is a curmudgeon, and I don't think he'd take that as an insult. :) > However, my interest with this thread is to disregard that- and find > out who's with me... I have so many questions about v6 that it makes my head hurt just trying to make a list of them. Where's the canonical primer on this? Sadly I also noticed that pfsense does not support v6 at this point... That will make trying to do this at home more fun. > I love NYC, I love Tokyo- and want to bridge them. Since nobody has > plans for a train between Grand Central and Tokyo Station metro, I > wanna build the network instead :) When you go back again we can tie a cat5 spool to your plane. :) C > Rocket- > .ike > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > From okan at demirmen.com Fri Mar 23 16:25:17 2007 From: okan at demirmen.com (Okan Demirmen) Date: Fri, 23 Mar 2007 16:25:17 -0400 Subject: [nycbug-talk] some C help? In-Reply-To: References: <20070310212831.GF10311@clam.khaoz.org> <20070310213507.GI10311@clam.khaoz.org> <20070310171407.C87127@arbitor.digitalfreaks.org> Message-ID: <20070323202517.GC10190@clam.khaoz.org> On Fri 2007.03.23 at 15:37 -0400, Charles Sprickman wrote: > > On Thu, 22 Mar 2007, Charles Sprickman wrote: > >On Sat, 10 Mar 2007, Brian A. Seklecki wrote: > > > >> > >>This bug is pretty well documented in a ticket I opened with the NetBSD > >>folks on the default size of the "snaplen" size being determined based on > >>the presence of the IPv6 at compile-time v.s. run-time v.s "-i" argument. > >> > >>http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=34733 > > Here's the answer to my bug report over at FreeBSD. > > State-Changed-From-To: open->closed > State-Changed-By: remko > State-Changed-When: Fri Mar 23 06:43:45 UTC 2007 > State-Changed-Why: > Please raise this with the tcpdump maintainers, they can change this and > we can import the new version if needed. Since this is a > vendor/contributed item, we are not going to change that locally. > > Want to tag-team the tcpdump people? :) feel free to...however, i suggest using a more recent spamlogd (along with a more recent spamd). From ike at lesmuug.org Fri Mar 23 16:33:51 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 16:33:51 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: References: <28922.160.33.20.11.1174599992.squirrel@webmail.nomadlogic.org> Message-ID: <4CD70D96-3C77-4F05-AFB9-53DF2ADD22D0@lesmuug.org> On Mar 23, 2007, at 4:01 PM, Charles Sprickman wrote: > I have so many questions about v6 that it makes my head hurt just > trying to make a list of them. > > Where's the canonical primer on this? Crap. I believe this thread is the closest thing I've seen to a primer ;) We need to start to write one somehow? A notepad of developing info, a quickly changing manual? > > Sadly I also noticed that pfsense does not support v6 at this > point... That will make trying to do this at home more fun. BINGO- that's the best idea I've heard on list all day... (excepting it may be difficult to pull off without more IPv6 core people over there to make it work out) > >> I love NYC, I love Tokyo- and want to bridge them. Since nobody has >> plans for a train between Grand Central and Tokyo Station metro, I >> wanna build the network instead :) > > When you go back again we can tie a cat5 spool to your plane. :) It's a plan :) Rocket- .ike From nycbug at chrisbuechler.com Fri Mar 23 16:44:10 2007 From: nycbug at chrisbuechler.com (Chris Buechler) Date: Fri, 23 Mar 2007 16:44:10 -0400 Subject: [nycbug-talk] (I hate IPv6!) - Thread Fork In-Reply-To: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> References: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> Message-ID: <46043C1A.3040705@chrisbuechler.com> Isaac Levy wrote: >> I think all you said above pretty much proves my point - >> a) ipv6 not ready for prime time >> b) nobody gives a damn about v6 >> > > Alex, you've inspired me to fork this whole topic to a different > thread. This is not a joke. > > Seriously speaking here, what do you see as the largest problems to > the US getting wired and up to speed with IPv6? Why do you think it > won't happen anytime soon? > Speaking from the perspective of the organizations whose networks I run, it won't happen in the foreseeable future because there's no business reason to do so. The benefits of IPv6 aren't enough on their own to justify the migration, and public IP's are readily available for little or no cost. The driver of migration I foresee is increasing cost of public IP's. If they do indeed eventually become as scarce as people think they will then the cost will go up substantially enough to drive the change. None of the several T1 providers I use charge anything for public IP's, and will give you up to a /24 at no cost if you can justify having it. The local LEC will give you 5 public IP's for $5/month on a business DSL account, and the local cable company charges $5/month per IP for additional IP's. At those costs, nobody cares about extra IP space because it would take 100+ years of IP charges to equal the cost of migrating to IPv6. Plus, no ISP around here offers IPv6, probably because they have plenty of IPv4 addresses and don't care to deal with the support issues an IPv6 network would undoubtedly cause. "Local" and "around here" being the Louisville KY metro area, nowhere near NYC, but not a hole in the ground either with ~1 million people. My view is businesses drive IT demand, whether it's an ISP or any other sort of vendor or service provider, and businesses won't be pushing for IPv6 until the cost of IPv4 is excessive enough to justify the expense of conversion. The politics, coolness factor, geek factor, or whatever that drives those of you on this list that want IPv6 isn't nearly widespread enough to drive any significant change. cheers, -Chris From jonathan at kc8onw.net Fri Mar 23 16:45:31 2007 From: jonathan at kc8onw.net (Jonathan Stewart) Date: Fri, 23 Mar 2007 16:45:31 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: <4CD70D96-3C77-4F05-AFB9-53DF2ADD22D0@lesmuug.org> References: <28922.160.33.20.11.1174599992.squirrel@webmail.nomadlogic.org> <4CD70D96-3C77-4F05-AFB9-53DF2ADD22D0@lesmuug.org> Message-ID: <46043C6B.4070804@kc8onw.net> Isaac Levy wrote: > On Mar 23, 2007, at 4:01 PM, Charles Sprickman wrote: > >> I have so many questions about v6 that it makes my head hurt just >> trying to make a list of them. >> >> Where's the canonical primer on this? > > Crap. I believe this thread is the closest thing I've seen to a > primer ;) > > We need to start to write one somehow? A notepad of developing info, > a quickly changing manual? I have a wiki, I suppose I could start one if no one knows of a good one primer. Jonathan Stewart From jonathan at kc8onw.net Fri Mar 23 17:00:38 2007 From: jonathan at kc8onw.net (Jonathan Stewart) Date: Fri, 23 Mar 2007 17:00:38 -0400 Subject: [nycbug-talk] IPv6 and CIDR confusion In-Reply-To: <37631FE2-8FBC-4A25-91C8-C9999C232BEB@lesmuug.org> References: <37631FE2-8FBC-4A25-91C8-C9999C232BEB@lesmuug.org> Message-ID: <46043FF6.6050203@kc8onw.net> Isaac Levy wrote: > Hi All, > > When searching for info about IPv6 netblocks, I found: "IPv6 uses a > CIDR-style architecture for address allocation" > > -but it's not actually CIDR? It is actually CIDR style in the sense of being classless, no Class A/B/C etc. > Does anyone know where to find out about the breakdown of netblocks? > (e.g. what is a /64 for IPv6? What is the equivalent of an IPv4 > Class C, (/24 with 254 usable addresses?)) I was hoping to find something on wikipedia that would be a bit easier to work through for someone new to it but the RFC always works :) http://tools.ietf.org/html/rfc2373 Jonathan Stewart From ike at lesmuug.org Fri Mar 23 17:08:52 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 17:08:52 -0400 Subject: [nycbug-talk] IPv6 and CIDR confusion In-Reply-To: <46043FF6.6050203@kc8onw.net> References: <37631FE2-8FBC-4A25-91C8-C9999C232BEB@lesmuug.org> <46043FF6.6050203@kc8onw.net> Message-ID: Hi Jonathan, On Mar 23, 2007, at 5:00 PM, Jonathan Stewart wrote: > Isaac Levy wrote: >> Hi All, >> When searching for info about IPv6 netblocks, I found: "IPv6 uses >> a CIDR-style architecture for address allocation" >> -but it's not actually CIDR? > > It is actually CIDR style in the sense of being classless, no Class > A/B/C etc. Good to know, cool. > >> Does anyone know where to find out about the breakdown of netblocks? >> (e.g. what is a /64 for IPv6? What is the equivalent of an IPv4 >> Class C, (/24 with 254 usable addresses?)) > > I was hoping to find something on wikipedia that would be a bit > easier to work through for someone new to it but the RFC always > works :) > http://tools.ietf.org/html/rfc2373 An RFC is perfect. I like my information the same way as my martini, a bit dry. :) Rocket- .ike From jbaltz at 3phasecomputing.com Fri Mar 23 17:11:45 2007 From: jbaltz at 3phasecomputing.com (Jerry B. Altzman) Date: Fri, 23 Mar 2007 17:11:45 -0400 Subject: [nycbug-talk] (I hate IPv6!) - Thread Fork In-Reply-To: <2BB47342-A292-42BA-A21F-4B695681402F@lesmuug.org> References: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> <46042ECE.8040403@3phasecomputing.com> <2BB47342-A292-42BA-A21F-4B695681402F@lesmuug.org> Message-ID: <46044291.1050703@3phasecomputing.com> My original post didn't go to the whole list. I wrote the >> stuff, and Ike wrote the > stuff. on 2007-03-23 16:30 Isaac Levy said the following: > First off, I think this is a great message to post to list- in the 'I > hate IPv6' thread... > I don't think anyone would be discouraged or frustrated, or am I missing > something else? Unless you have some specific objection, please re-post > publically! I'll help put out any flame wars that could transpire! I just thought that pointing people at NANOG in that fashion might simply add more heat than light to the vast majority of folks. >> Spend some time here: >> http://www.merit.edu/cgi-bin/swish/swish.cgi?query=ipv6&si=0&si=5&dr_o=12&dr_s_mon=3&dr_s_day=23&dr_s_year=2007&dr_e_mon=3&dr_e_day=23&dr_e_year=2007&submit=Search%21 >> Alas, it doesn't have LASCIATE OGNE SPERANZA VOI CH'INTRATE like it >> should. > Ah- oh- but shouldn't we *BSD people be right at home in hell? ;P Hell froze over and filled with penguins, weren't you watching? > I do appreciate you pointing me at this- insomuch as it's all these > attitudes I'm looking to bypass. Well, you wanted to know why IPv6 wasn't gaining traction, there's a pointer to many reasons. The short answer to your question, like so many other questions, is "there's no money in it". > Again, unless I'm missing your point, I understand this is the state of > things big picture- NANOG and RIPE and the like. This is why I'm > looking to light a fire under our asses in NYC- no pressure, all fun- we Well, if you're trying to create the grassroots demand for IPv6, put some content there. Pr0n is a good motivator. Offer "Free Pr0n only on IPv6" and the ISPs will trip over each other to get it out. NTT will sell you IPv6 *now* if you want it. > have an oppurtunity in the NYC*BUG group to completely bypass all of > that because most of us are slightly outside of it. Alex excepted... > It seems to me the more I see groups/lists/stuff like these, the more I > come to believe adoption is less about the tech- and more about everyone > dropping our tech egos, and coming to the situation open to learn. > Tokyo made me feel like a little child- *I had so much basic stuff to > learn*- which was hard at first, but EXITING after I psychologically got > over a sense of trying to control my entire situation. Right, well as long as the only kewl stuff on IPv6 is the dancing turtle, demand will simply lag. (As an aside: the O'Reilly book on IPv6 isn't bad, by the way, but it's long on theory and short on implementation. ) > It's hard for technical people to get exited about something new, change > threatens anyone's day-to-day routine, but this is the nature of > everything- especially technology, right? IPv6 isn't terribly new. :-( RFC1883 came out in 1995. > .ike //jbaltz -- jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 From nycbug at chrisbuechler.com Fri Mar 23 17:45:48 2007 From: nycbug at chrisbuechler.com (Chris Buechler) Date: Fri, 23 Mar 2007 17:45:48 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: References: <28922.160.33.20.11.1174599992.squirrel@webmail.nomadlogic.org> Message-ID: <46044A8C.70903@chrisbuechler.com> Charles Sprickman wrote: > Sadly I also noticed that pfsense does not support v6 at this point... > That will make trying to do this at home more fun. > Yeah, almost no demand for it (I think one person has requested it, making it probably the only thing to ever be requested that's only been less than a half dozen times, to give you an idea of the relative unpopularity), plus none of the developers have access to any IPv6 connectivity. It would be a lot of work to support v6 because the IP validation and numerous other portions of the GUI would have to be modified to properly support v6. Don't expect to see it anytime soon, at least not done by any of the current developers. There's a long list of things that a huge number of people would benefit from that'll be taken care of before v6 is even considered. It'll be at least 2-3 years before it's looked at with any intent of being supported. Unfortunate, but there are way too many other areas that could use improvement to consider focusing on something a minuscule fraction of a percent of the Internet could use. cheers, -Chris From njt at ayvali.org Fri Mar 23 17:55:28 2007 From: njt at ayvali.org (N.J. Thomas) Date: Fri, 23 Mar 2007 17:55:28 -0400 Subject: [nycbug-talk] routing to spaces smaller than /24 (was Re: (I hate IPv6!)) In-Reply-To: <46043C1A.3040705@chrisbuechler.com> References: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> <46043C1A.3040705@chrisbuechler.com> Message-ID: <20070323215527.GP28481@ayvali.org> * Chris Buechler [2007-03-23 16:44:10 -0400]: > The benefits of IPv6 aren't enough on their own to justify the > migration, and public IP's are readily available for little or no > cost. Is it still the case that most ISPs won't route to spaces (IPv4) smaller than a /24? It has been an issue for some in the past who may not have necessarily needed an entire /24, but wanted to be multihomed. Thomas From alex at pilosoft.com Fri Mar 23 18:01:57 2007 From: alex at pilosoft.com (alex at pilosoft.com) Date: Fri, 23 Mar 2007 18:01:57 -0400 (EDT) Subject: [nycbug-talk] IPv6 and CIDR confusion In-Reply-To: <37631FE2-8FBC-4A25-91C8-C9999C232BEB@lesmuug.org> Message-ID: On Fri, 23 Mar 2007, Isaac Levy wrote: > Hi All, > > When searching for info about IPv6 netblocks, I found: "IPv6 uses a > CIDR-style architecture for address allocation" > > -but it's not actually CIDR? It is classless. > Does anyone know where to find out about the breakdown of netblocks? > (e.g. what is a /64 for IPv6? What is the equivalent of an IPv4 Class > C, (/24 with 254 usable addresses?)) There's no such thing as classes. Duh. /64 for ipv6 is still the same, SLASH SIXTY FOUR. To have 254 usable IP addresses, you can have a /120. Now, the interesting thing is, most v6 capable routers only will route on the top 64 bits of the prefix. -alex From lavalamp at spiritual-machines.org Fri Mar 23 18:04:02 2007 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Fri, 23 Mar 2007 18:04:02 -0400 (EDT) Subject: [nycbug-talk] routing to spaces smaller than /24 (was Re: (I hate IPv6!)) In-Reply-To: <20070323215527.GP28481@ayvali.org> References: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> <46043C1A.3040705@chrisbuechler.com> <20070323215527.GP28481@ayvali.org> Message-ID: <20070323180142.E47490@arbitor.digitalfreaks.org> Most networks are tiered and layered, thus that border routers with multiple full BGP feeds will have 256Mb+ to accommodate without prefix size restrictions, but internal reflectors (customer connecting ones) do not. ~BAS On Fri, 23 Mar 2007, N.J. Thomas wrote: > * Chris Buechler [2007-03-23 16:44:10 -0400]: >> The benefits of IPv6 aren't enough on their own to justify the >> migration, and public IP's are readily available for little or no >> cost. > > Is it still the case that most ISPs won't route to spaces (IPv4) smaller > than a /24? It has been an issue for some in the past who may not have > necessarily needed an entire /24, but wanted to be multihomed. > > Thomas > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when "helpdesk" meant nothing, "diskquota" meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were." From alex at pilosoft.com Fri Mar 23 18:05:33 2007 From: alex at pilosoft.com (alex at pilosoft.com) Date: Fri, 23 Mar 2007 18:05:33 -0400 (EDT) Subject: [nycbug-talk] routing to spaces smaller than /24 (was Re: (I hate IPv6!)) In-Reply-To: <20070323215527.GP28481@ayvali.org> Message-ID: On Fri, 23 Mar 2007, N.J. Thomas wrote: > * Chris Buechler [2007-03-23 16:44:10 -0400]: > > The benefits of IPv6 aren't enough on their own to justify the > > migration, and public IP's are readily available for little or no > > cost. > > Is it still the case that most ISPs won't route to spaces (IPv4) smaller > than a /24? It has been an issue for some in the past who may not have Yes. > necessarily needed an entire /24, but wanted to be multihomed. No, if you are multihomed, you can get a PI /20 from ARIN direct. I think this thread kind of shows: developers should develop code, and let other people run networks. -alex From alex at pilosoft.com Fri Mar 23 18:17:16 2007 From: alex at pilosoft.com (alex at pilosoft.com) Date: Fri, 23 Mar 2007 18:17:16 -0400 (EDT) Subject: [nycbug-talk] routing to spaces smaller than /24 (was Re: (I hate IPv6!)) In-Reply-To: <20070323180142.E47490@arbitor.digitalfreaks.org> Message-ID: On Fri, 23 Mar 2007, Brian A. Seklecki wrote: > Most networks are tiered and layered, thus that border routers with > multiple full BGP feeds will have 256Mb+ to accommodate without prefix > size restrictions, but internal reflectors (customer connecting ones) do > not. a) nobody accepts anything longer than /24 (from non-customers - for example, if you are a customer, you may announce /28 to your carrier, but it won't propagate to anyone else on the interwebs) b) internal reflectors do not connect customers c) edge routers ("customer-connecting ones") best have full route tables otherwise you, the customer, will have partial view of internet. -alex From ike at lesmuug.org Fri Mar 23 18:23:40 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 18:23:40 -0400 Subject: [nycbug-talk] IPv6 and CIDR confusion In-Reply-To: References: Message-ID: <291BCC21-9B86-4FC6-9BF0-A1E73AF6089E@lesmuug.org> On Mar 23, 2007, at 6:01 PM, alex at pilosoft.com wrote: > On Fri, 23 Mar 2007, Isaac Levy wrote: > >> Hi All, >> >> When searching for info about IPv6 netblocks, I found: "IPv6 uses a >> CIDR-style architecture for address allocation" >> >> -but it's not actually CIDR? > It is classless. Gotig- learning something new every day. > >> Does anyone know where to find out about the breakdown of netblocks? >> (e.g. what is a /64 for IPv6? What is the equivalent of an IPv4 >> Class >> C, (/24 with 254 usable addresses?)) > There's no such thing as classes. Duh. > > /64 for ipv6 is still the same, SLASH SIXTY FOUR. Sure, but it doesn't seem to be the same... > On Mar 23, 2007, at 5:00 PM, Jonathan Stewart wrote: >> I was hoping to find something on wikipedia that would be a bit >> easier to work through for someone new to it but the RFC always >> works :) >> http://tools.ietf.org/html/rfc2373 - so, The IPv4 CIDR number comes from the number of 1's in the subnet mask when converted to binary, right? So it seems the IPv6 notation is not the same thing at all- it's not the subnet mask, but the prefix length of the address. That was confusing, now it's clear. > > To have 254 usable IP addresses, you can have a /120. Alex- do you do the hexadecimal counting in your head dude?!?!? > > Now, the interesting thing is, most v6 capable routers only will > route on > the top 64 bits of the prefix. - whaddya' mean? That sounds interesting? Rocket- .ike (p.s.: for a guy who seems so hellbent against IPv6, you sure know a lot of details...) From bonsaime at gmail.com Fri Mar 23 18:43:21 2007 From: bonsaime at gmail.com (Jesse Callaway) Date: Fri, 23 Mar 2007 18:43:21 -0400 Subject: [nycbug-talk] IPv6 and CIDR confusion In-Reply-To: <291BCC21-9B86-4FC6-9BF0-A1E73AF6089E@lesmuug.org> References: <291BCC21-9B86-4FC6-9BF0-A1E73AF6089E@lesmuug.org> Message-ID: On 3/23/07, Isaac Levy wrote: > On Mar 23, 2007, at 6:01 PM, alex at pilosoft.com wrote: > > > On Fri, 23 Mar 2007, Isaac Levy wrote: > > > >> Hi All, > >> > >> When searching for info about IPv6 netblocks, I found: "IPv6 uses a > >> CIDR-style architecture for address allocation" > >> > >> -but it's not actually CIDR? > > It is classless. > > Gotig- learning something new every day. > > > > >> Does anyone know where to find out about the breakdown of netblocks? > >> (e.g. what is a /64 for IPv6? What is the equivalent of an IPv4 > >> Class > >> C, (/24 with 254 usable addresses?)) > > There's no such thing as classes. Duh. > > > > /64 for ipv6 is still the same, SLASH SIXTY FOUR. > > Sure, but it doesn't seem to be the same... > > > On Mar 23, 2007, at 5:00 PM, Jonathan Stewart wrote: > >> I was hoping to find something on wikipedia that would be a bit > >> easier to work through for someone new to it but the RFC always > >> works :) > >> http://tools.ietf.org/html/rfc2373 > > - so, > > The IPv4 CIDR number comes from the number of 1's in the subnet mask > when converted to binary, right? > > So it seems the IPv6 notation is not the same thing at all- it's not > the subnet mask, but the prefix length of the address. > > That was confusing, now it's clear. > > > > > To have 254 usable IP addresses, you can have a /120. > > Alex- do you do the hexadecimal counting in your head dude?!?!? > > > > > Now, the interesting thing is, most v6 capable routers only will > > route on > > the top 64 bits of the prefix. > > - whaddya' mean? That sounds interesting? > > Rocket- > .ike > > (p.s.: for a guy who seems so hellbent against IPv6, you sure know a > lot of details...) > > It means that if you get more specific about your netmask the router won't be able to differentiate and send it on a different route. -jesse From ike at lesmuug.org Fri Mar 23 18:49:29 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 18:49:29 -0400 Subject: [nycbug-talk] IPv6 and CIDR confusion In-Reply-To: References: <291BCC21-9B86-4FC6-9BF0-A1E73AF6089E@lesmuug.org> Message-ID: <93CA5AC2-67E1-49A9-896D-2CE65D796B68@lesmuug.org> On Mar 23, 2007, at 6:43 PM, Jesse Callaway wrote: >> > Now, the interesting thing is, most v6 capable routers only will >> > route on >> > the top 64 bits of the prefix. >> >> - whaddya' mean? That sounds interesting? >> >> Rocket- >> .ike >> >> (p.s.: for a guy who seems so hellbent against IPv6, you sure know a >> lot of details...) >> >> > > It means that if you get more specific about your netmask the router > won't be able to differentiate and send it on a different route. > > -jesse I see, but to reconfigure my question, is this a feature, a bug, or a defined part of the routing specification? Best, .ike From ike at lesmuug.org Fri Mar 23 18:55:17 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 18:55:17 -0400 Subject: [nycbug-talk] (I hate IPv6!) - Thread Fork In-Reply-To: <46044291.1050703@3phasecomputing.com> References: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> <46042ECE.8040403@3phasecomputing.com> <2BB47342-A292-42BA-A21F-4B695681402F@lesmuug.org> <46044291.1050703@3phasecomputing.com> Message-ID: Hi Jerry, All, On Mar 23, 2007, at 5:11 PM, Jerry B. Altzman wrote: > My original post didn't go to the whole list. I wrote the >> stuff, > and Ike wrote the > stuff. > > on 2007-03-23 16:30 Isaac Levy said the following: >> First off, I think this is a great message to post to list- in the >> 'I hate IPv6' thread... >> I don't think anyone would be discouraged or frustrated, or am I >> missing something else? Unless you have some specific objection, >> please re-post publically! I'll help put out any flame wars that >> could transpire! > > I just thought that pointing people at NANOG in that fashion might > simply add more heat than light to the vast majority of folks. No! Thanks for posting! It's the internet, some things (like how we all connect to each other) should be transparent on all levels, IMHO- especially with regard to people's attitudes. > >>> Spend some time here: >>> http://www.merit.edu/cgi-bin/swish/swish.cgi? >>> query=ipv6&si=0&si=5&dr_o=12&dr_s_mon=3&dr_s_day=23&dr_s_year=2007&d >>> r_e_mon=3&dr_e_day=23&dr_e_year=2007&submit=Search%21 Alas, it >>> doesn't have LASCIATE OGNE SPERANZA VOI CH'INTRATE like it should. >> Ah- oh- but shouldn't we *BSD people be right at home in hell? ;P > > Hell froze over and filled with penguins, weren't you watching? What the hell. > >> I do appreciate you pointing me at this- insomuch as it's all >> these attitudes I'm looking to bypass. > > Well, you wanted to know why IPv6 wasn't gaining traction, there's > a pointer to many reasons. > The short answer to your question, like so many other questions, is > "there's no money in it". Understood, which I believe is a much greater problem in how the US is handling it's "stockpile of innovation" from the last century, it's like a bank account, and we're just drawing from it, not filling it- these days. The closure of all the *serious* research labs over the last 15 years is evidence of this, in our drive to control the international market, we've lost sight of what it took to create the market in the first place. So with that, short-sighted thinking in IT spending and strategy, is to me, a tragic component in this kind of market thinking, and left as it is, will eventually lead to economic trouble. I firmly believe companies should be aggressively adopting and building up emerging technologies, (like IPv6), just like we once did with things like Transistors, CCD chips, and heck, Computers- (all things which came from Bell Labs, but you get the idea). > >> Again, unless I'm missing your point, I understand this is the >> state of things big picture- NANOG and RIPE and the like. This is >> why I'm looking to light a fire under our asses in NYC- no >> pressure, all fun- we > > Well, if you're trying to create the grassroots demand for IPv6, > put some content there. Pr0n is a good motivator. Offer "Free Pr0n > only on IPv6" and the ISPs will trip over each other to get it out. Hrm. > > NTT will sell you IPv6 *now* if you want it. In America???!!! Well I'll be... http://us.ntt.net/products/ipv6/ Sales info, but no pricing... Um... > >> have an oppurtunity in the NYC*BUG group to completely bypass all >> of that because most of us are slightly outside of it. > > Alex excepted... Sure, and actually, based on the responses to this thread, many others... > >> It seems to me the more I see groups/lists/stuff like these, the >> more I come to believe adoption is less about the tech- and more >> about everyone dropping our tech egos, and coming to the situation >> open to learn. Tokyo made me feel like a little child- *I had so >> much basic stuff to learn*- which was hard at first, but EXITING >> after I psychologically got over a sense of trying to control my >> entire situation. > > Right, well as long as the only kewl stuff on IPv6 is the dancing > turtle, demand will simply lag. > (As an aside: the O'Reilly book on IPv6 isn't bad, by the way, but > it's long on theory and short on implementation. ) Which O'Reilly book? There's 2 of them now- and I'm not sure which is more useful... > >> It's hard for technical people to get exited about something new, >> change threatens anyone's day-to-day routine, but this is the >> nature of everything- especially technology, right? > > IPv6 isn't terribly new. :-( RFC1883 came out in 1995. Heh- barely long enough for *BSD folks to call it mature and put it into production, eh? ;P Rocket- .ikee From ike at lesmuug.org Fri Mar 23 19:40:55 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 23 Mar 2007 19:40:55 -0400 Subject: [nycbug-talk] (I hate IPv6!) - Thread Fork In-Reply-To: <46043C1A.3040705@chrisbuechler.com> References: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> <46043C1A.3040705@chrisbuechler.com> Message-ID: <6F89BDBC-129D-4904-9BD2-FC1316157188@lesmuug.org> Wordup Chris, All, On Mar 23, 2007, at 4:44 PM, Chris Buechler wrote: > Isaac Levy wrote: >>> I think all you said above pretty much proves my point - >>> a) ipv6 not ready for prime time >>> b) nobody gives a damn about v6 >>> >> >> Alex, you've inspired me to fork this whole topic to a different >> thread. This is not a joke. >> >> Seriously speaking here, what do you see as the largest problems to >> the US getting wired and up to speed with IPv6? Why do you think it >> won't happen anytime soon? >> > > > Speaking from the perspective of the organizations whose networks I > run, Well Stated, > it won't happen in the foreseeable future because there's no business > reason to do so. The benefits of IPv6 aren't enough on their own to > justify the migration, and public IP's are readily available for > little > or no cost. The driver of migration I foresee is increasing cost of > public IP's. If they do indeed eventually become as scarce as people > think they will then the cost will go up substantially enough to drive > the change. None of the several T1 providers I use charge anything for > public IP's, and will give you up to a /24 at no cost if you can > justify > having it. The local LEC will give you 5 public IP's for $5/month on a > business DSL account, and the local cable company charges $5/month per > IP for additional IP's. At those costs, nobody cares about extra IP > space because it would take 100+ years of IP charges to equal the cost > of migrating to IPv6. > > Plus, no ISP around here offers IPv6, probably because they have > plenty > of IPv4 addresses and don't care to deal with the support issues an > IPv6 > network would undoubtedly cause. "Local" and "around here" being the > Louisville KY metro area, nowhere near NYC, but not a hole in the > ground > either with ~1 million people. > > My view is businesses drive IT demand, whether it's an ISP or any > other > sort of vendor or service provider, and businesses won't be pushing > for > IPv6 until the cost of IPv4 is excessive enough to justify the expense > of conversion. The politics, coolness factor, geek factor, or whatever > that drives those of you on this list that want IPv6 isn't nearly > widespread enough to drive any significant change. > > cheers, > -Chris Chris, this entire topic has me thinking hard about these issues. I can't concretely persuade 'your organizations' of anything different, but I can do something different myself... so I'll stick mostly to that. While there's no doubt for me that what you, (and Alex, and others) are saying here, is right on the mark. These are precisely the reasons behind why a transition is not happening in America. Your responses are exactly perfect points for me to think through and address, insomuch as I believe the business case for IPv6 in America is the very opposite- but only after seeing the LIVE IPv6 NETWORKS in Japan! (It's a real shame the dot-com boom hurt us all so badly, but I feel like we have to get our asses back up on the horse and ride- or we'll never get over it...) With that, I'm gonna think a lot more about the business case *for* IPv6, and exit this thread with these fun quotes: -- In the last century or two, "We will never make a 32-bit operating system, but I'll always love IBM." - Bill Gates, unknown date "This 'telephone' has too many shortcomings to be seriously considered as a means of communication. The device is inherently of no value to us." - Western Union internal memo, 1876. "I think there is a world market for maybe five computers" - Thomas J. Watson, Chairman of IBM, 1943 (possible misquote) http://en.wikipedia.org/wiki/ Thomas_J._Watson#Famous_misquote "Computers in the future may weigh no more than 1.5 tons." - Popular Mechanics, forecasting the relentless march of science, 1949 "There is no reason anyone would want a computer in their home." - Ken Olson, president, chairman and founder of Digital Equipment Corp., 1977 "Heavier-than-air flying machines are impossible." - Lord Kelvin, president, Royal Society, 1895. "Louis Pasteur's theory of germs is ridiculous fiction". - Pierre Pachet, Professor of Physiology at Toulouse, 1872 "Since PDP-11 Unix became operational in February, 1971, over 600 installations have been put into service." - D. M. Ritchie and K. Thompson, 1974, "The UNIX Time-Sharing System" -- And one of my favorite network diagrams: Arpanet, 1969 - running NCP, (replaced 14 years later by the TCP/IP protocol): http://www.cybergeography.org/atlas/arpanet2.gif Rocket- .ike From yusuke at cs.nyu.edu Fri Mar 23 21:00:45 2007 From: yusuke at cs.nyu.edu (Yusuke Shinyama) Date: Fri, 23 Mar 2007 21:00:45 -0400 Subject: [nycbug-talk] (I hate IPv6!) - Thread Fork In-Reply-To: <6F89BDBC-129D-4904-9BD2-FC1316157188@lesmuug.org> References: <6F89BDBC-129D-4904-9BD2-FC1316157188@lesmuug.org> <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> <46043C1A.3040705@chrisbuechler.com> Message-ID: <20070324010045.29170.26717.yusuke@mango.cs.nyu.edu> Hi Ike, On Fri, 23 Mar 2007 19:40:55 -0400, Isaac Levy wrote: > > While there's no doubt for me that what you, (and Alex, and others) > are saying here, is right on the mark. These are precisely the > reasons behind why a transition is not happening in America. > > Your responses are exactly perfect points for me to think through and > address, insomuch as I believe the business case for IPv6 in America > is the very opposite- but only after seeing the LIVE IPv6 NETWORKS in > Japan! (It's a real shame the dot-com boom hurt us all so badly, but > I feel like we have to get our asses back up on the horse and ride- > or we'll never get over it...) In the US, you can get, say, eight static IPs without any hassle. In Japan, however, getting static IPs is normally optional in most ISP services and it costs around 3,000 yen extra per month (about $25), for only one IP. Eight static IPs cost around 10,000 yen per month, or more. I guess this is why Japan has been so crazy about IPv6 stuff, so they've spent billions of yens already to make all these things work, but... I actually have mixed feeling here. I'm still not sure if this was a proper investment. Because deploying a certain infrastructure needs a huge nationwide effort, I think we should have much stronger justification for this, rather than just "no NATs" or "integrated IPsec". And you say the dot-com boom hurt the US badly, but my feeling is opposite. The software industries in Japan, including web services, are now dominated mostly by the US companies. Most people use MSN, Yahoo!, Google and YouTube, and there's very few alternatives. There have been a discussion why companies like Yahoo! or Google never come up in Japan, but I guess this is partially because they made efforts for a wrong direction. For example, Japanese higher education is terrible. I actually came to the US after graduating from one of the top schools there (not u-tokyo though), but can you imagine people there can graduate even without knowing what's C pointers? They are majoring *Computer Science*. And most software-related researches in Japan are almost dying, partly because their poor funding for fundamental resarches and pathetic support for grad students (compared to the US.) I admit Ipv6 is useful, but I believe there must be a better way for spending money. (Although this is off-topic, you might be interested in why Japanese companies are doing so well without well-established higher education systems. Most companies know Japanese univs are crappy, so they train their employees in-house. They normally don't expect much from students in terms of skills, but they do expect strong loyalty to the company, so that they won't move out after they master skills. Actually, people switching companies from one to another are considered disloyal, so most large companies avoid hiring them. The lifetime employment system, which is still pervasive throughout Japan, also prevents people from moving. Universities in Japan are generally regarded as just a vacation, or a playground for kids before they get into the harsh reality.) Sorry for ranting in my bad English... but I just wanted to say there are too many factors for saying a particular technology is good or bad, espacially when they require a lot of resources. Since there're still many other problems even within IT-related fields, we need to be really careful. Yusuke From alex at pilosoft.com Fri Mar 23 21:12:42 2007 From: alex at pilosoft.com (alex at pilosoft.com) Date: Fri, 23 Mar 2007 21:12:42 -0400 (EDT) Subject: [nycbug-talk] IPv6 and CIDR confusion In-Reply-To: <291BCC21-9B86-4FC6-9BF0-A1E73AF6089E@lesmuug.org> Message-ID: On Fri, 23 Mar 2007, Isaac Levy wrote: > The IPv4 CIDR number comes from the number of 1's in the subnet mask > when converted to binary, right? Nope. That's the number of bits in the *address* part of the prefix, just like v6. > > So it seems the IPv6 notation is not the same thing at all- it's not the > subnet mask, but the prefix length of the address. Same as v4 > > That was confusing, now it's clear. > > > > > To have 254 usable IP addresses, you can have a /120. > > Alex- do you do the hexadecimal counting in your head dude?!?!? Very simple math: You need 8 bits to address 256 things. IPv4 is 32 bits address space. 32 - 8 = 24, thus you need /24 prefix. IPv6 is 128 bits address space. 128 - 8 = 120. > > Now, the interesting thing is, most v6 capable routers only will route > > on the top 64 bits of the prefix. > > - whaddya' mean? That sounds interesting? Basically, this means that you can't have netmasks longer than /64. I.E. local subnet will be always /64 or longer. Example, if you are allocated /48 worth of address space, the most *networks* you can break it down is 2^(64-48) = 65536 networks. > Rocket- .ike > > (p.s.: for a guy who seems so hellbent against IPv6, you sure know a > lot of details...) I'm not against ipv6. I'm just explaining that its not here, yet. -alex From alex at pilosoft.com Fri Mar 23 21:15:43 2007 From: alex at pilosoft.com (alex at pilosoft.com) Date: Fri, 23 Mar 2007 21:15:43 -0400 (EDT) Subject: [nycbug-talk] IPv6 and CIDR confusion In-Reply-To: <93CA5AC2-67E1-49A9-896D-2CE65D796B68@lesmuug.org> Message-ID: On Fri, 23 Mar 2007, Isaac Levy wrote: > I see, but to reconfigure my question, is this a feature, a bug, or a > defined part of the routing specification? I'm leaning towards 'bug' or a 'practical constraint which should be taken into account while determining local addressing scheme'. I'm not positive if it is documented in any rfc, or not. I think not. -alex From mspitzer at gmail.com Fri Mar 23 21:36:16 2007 From: mspitzer at gmail.com (Marc Spitzer) Date: Fri, 23 Mar 2007 21:36:16 -0400 Subject: [nycbug-talk] (I hate IPv6!) - Thread Fork In-Reply-To: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> References: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> Message-ID: <8c50a3c30703231836u749b8123ubc1cea55fc4aa1d1@mail.gmail.com> On 3/23/07, Isaac Levy wrote: > Hi Alex, All, > > This topic deserves discussion, > > On Mar 22, 2007, at 2:51 PM, alex at pilosoft.com wrote: > >> Does anyone have experience with this in America yet? > > nobody cares in america. > > On Mar 22, 2007, at 3:35 PM, alex at pilosoft.com wrote: > > there isn't any need for IPv6, so there's no push > > either by clients or carriers to implement it. > > On Mar 22, 2007, at 9:48 PM, alex at pilosoft.com wrote: > > >> I'm intensely frustrated with all these crappy flash-in-the-pan > >> high-rtt > >> port-blocked tunnels and layer 10 bullshit. and, in general, > >> basically > >> with people who have Alex's attitude, which I think is both wrong and > >> pervasive. > > I think all you said above pretty much proves my point - > > a) ipv6 not ready for prime time > > b) nobody gives a damn about v6 > > Alex, you've inspired me to fork this whole topic to a different > thread. This is not a joke. > > Seriously speaking here, what do you see as the largest problems to > the US getting wired and up to speed with IPv6? Why do you think it > won't happen anytime soon? > > Best, > .ike > Ike, You got a nasty case of "Ohh SHINEY", we all get them. As Alex said there is simply no need to do it here, yet. When the economics change then so will the adoptoion rate. And that is good, the market is your friend. marc -- Freedom is nothing but a chance to be better. Albert Camus From jonathan at kc8onw.net Fri Mar 23 23:51:45 2007 From: jonathan at kc8onw.net (Jonathan Stewart) Date: Fri, 23 Mar 2007 23:51:45 -0400 Subject: [nycbug-talk] IPv6 and CIDR confusion In-Reply-To: References: Message-ID: <4604A051.4020209@kc8onw.net> alex at pilosoft.com wrote: > On Fri, 23 Mar 2007, Isaac Levy wrote: > >> I see, but to reconfigure my question, is this a feature, a bug, or a >> defined part of the routing specification? > I'm leaning towards 'bug' or a 'practical constraint which should be taken > into account while determining local addressing scheme'. > > I'm not positive if it is documented in any rfc, or not. I think not. See section 3.1 and 3.6 http://tools.ietf.org/html/rfc2374 The last 64 bits are defined as the "interface identifier" as part of the specification. I know part of the reason for leaving it so large was to have globally unique interface specifiers in case that ability ever actually becomes useful for something. I guess they also figured 64 is "neat" because it splits the address evenly rather than 80/48 or something like that. Jonathan From carton at Ivy.NET Sat Mar 24 13:00:21 2007 From: carton at Ivy.NET (Miles Nordin) Date: Sat, 24 Mar 2007 13:00:21 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: (Isaac Levy's message of "Fri, 23 Mar 2007 14:11:59 -0400") References: <5A00D735-3806-4FD9-B5BC-19AFC46D8C15@lesmuug.org> Message-ID: >>>>> "il" == Isaac Levy writes: il> What are ARIN's definition of 'ISP'? I don't know. I was thinking of trying to start some free wireless mesh in Brooklyn before the end of the year, so I could ask ARIN for a /32 and be free of all this OCCAID bullshit. Their anti-kiddie deal is, if you announce your own /32 from them rather than accepting their allocation, you're free of their silly layer 10 issues. dunno if ARIN will go for it though. or if I can manage to get a better-paying job and finish the work before December. The ARIN form is, however, very simple, and you are promised a reply in 3 days. so I am hopeful. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From carton at Ivy.NET Sat Mar 24 13:06:22 2007 From: carton at Ivy.NET (Miles Nordin) Date: Sat, 24 Mar 2007 13:06:22 -0400 Subject: [nycbug-talk] (I hate IPv6!) - Thread Fork In-Reply-To: <46043C1A.3040705@chrisbuechler.com> (Chris Buechler's message of "Fri, 23 Mar 2007 16:44:10 -0400") References: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> <46043C1A.3040705@chrisbuechler.com> Message-ID: >>>>> "cb" == Chris Buechler writes: cb> Speaking from the perspective of the organizations whose cb> networks I run, it won't happen in the foreseeable future cb> because there's no business reason to do so. There is huge benefit if you have B2B links over which you want to expose machines not on the Internet, especially if you want to make a lot of them. Without v6, you'll have colliding address spaces and have to do double-NAT. This type of NAT could be a complicated pain in the ass for the often very poorly-written internal custom software that's used over these links. It's just a question of slow-to-understand businesses realizing this fact about their software process. It could also be, for VoIP, that infrastructure gets cheaper if the phones can have their own IP's, because you can simply route&switch the traffic of thousands of phones instead of having it pass through a CPU somewhere. I doubt that will happen soon, though---so far the phones' software is so insecure you'd be insane to expose it directly to other potentially hostile phones on the Internet. Even passing through the encoded audio stream without re-encoding is scary to me and might let a malicious caller take over your VoIP set. I expect codec bugs will come out soon if they haven't already. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From carton at Ivy.NET Sat Mar 24 13:13:26 2007 From: carton at Ivy.NET (Miles Nordin) Date: Sat, 24 Mar 2007 13:13:26 -0400 Subject: [nycbug-talk] IPv6 NY-US Roll Call In-Reply-To: (alex@pilosoft.com's message of "Thu, 22 Mar 2007 21:48:26 -0400 (EDT)") References: Message-ID: >>>>> "a" == alex writes: a> If you are still interested, I'm on good terms with james, and a> can probably get it hooked up again or something. sure. I dunno though, he really dislikes me. He will also say, ``use SixXS''. The reason I can't use SixXS is that they forbid both irc servers and non-irc shell servers, that they have a pattern of cutting people off without warning, and that I'm not sure they have a working POP in NYC metro area (maybe just a ``planned'' one or something? it is hard to tell without jumping through the 10 easy hoops.). I'd be happy to make subtunnels to your customers also. I was already giving 2 or 3 people a /56. a> I think all of that above are signs of trying to keep the a> children away personally. I think a better way would be to insist they use BGP. I understand the policies are related to ``irc children,'' but I think when you look at what SixXS is actually doing and its effect compared to other (demonstrably working) approaches at he, freenet6, xs26, it's more about demonstrating their hatred for the ``children'' than for practical reasons. I also think they're pretty childish themselves, though maybe I shouldn't talk when I'm being so absolutist. And anyway, I think it's all an unfortunate consequence of this blame-the-victim DDoS attitude. If you want to hate someone, hate the DDoSers themselves, or at least hate the customers whose neglected machines end up in botnets, and the ISP's who know it but don't care because the traffic of a single bot is no problem to them. It never seemed right to me to hate the guy being DDoSed. It didn't seem right to me even if he was being thoroughly obnoxious on irc, though honestly it seems usually the guy is just standing up for himself or refusing to kneel to the lord-of-the-flies. I think as Americans we have a right to be thoroughly obnoxious on irc and risk nothing more than getting ourselves or maybe our whole shellhost or even whole netblock banned or KLINEd. DDoS is not an acceptable third penalty. It seems like the sort of thing that would happen in China. Some guy gets beat up by a bunch of corrupt cops bought off by $RICHGUY, and ordinary people start hurling stones at him, too, and refusing to talk to him or his family, and saying that he was ``asking for it'' by speaking his mind. It's backwards and frankly unamerican. Better yet, don't hate anyone. Work on some way to fix it. If some markedroid changes his mind, and over a couple months there's some kind of upstream-bandwidth-bidding-war, residential upstreams will stop being so asymmetrically thin, and this DDoS thing is going to be a true disaster instead of a slow-motion disaster. I think we are on the brink of a world where this blame-the-victim attitude isn't just morally wrong, but also totally ineffective. I don't know if I should wish it to happen soon, or to not happen. But we need some efficient way to block traffic---one that works slightly differently than spam-blacklists so it can be safely left unattended without getting used politically. And some scheme to incent the Level3's and Comcasts of the Internet to do uRPF. a> Its a free service. If you want no restrictions, pay for a> proper v6 transit. :) just tell me where to sign. James is ``apolitical'', and his v6 transit for his colo customer Seth Hardy was down more often than my free tunnel, so I'm not paying him for a colo. Seth had billing problems, too. The OCCAID tunnel stayed up well, though. I guess I'd pay him for that tunnel iff it was as reliable as before, and iff he delivered it with an acceptable AUP which definitely wouldn't include DNS spam rules. he.net does not colocate in NYC---they are many ms away. Before I signed on with you, I spent months trying to make a special deal with them. They wanted $40/mo for power and 1U in NYIIX plus $200/mo for an Ethernet port capped at 1.5Mbit/s. I had the first layer of papers signed and faxed and everything, then there was some gotchya. now the deal is long forgotten. After losing OCCAID I honestly thought of trying to move my T1 and hurricane. But, (1) their sales guy wasted literally months of my time with his confusion and late replies last time I tried to get that half-finished package. It'd take more months just to explain my way back to where I was. and, (2) they want me to terminate the T1 myself which means I have to get a Sangoma card, which (2a) is not well-supported and un-bitrotted on FreeBSD/sparc64 and (2b) means I can't use a PCI NIC any more, and FreeBSD doesn't do interrupt mitigation or device polling on my built-in GEM/ERI interfaces. and (3) I think they might be not very good. :) a> Why are you so in love with irc? ;) well first of all I honestly don't use it just for irc. The web/mail server is v6-accessible. All the LAN windows and linux desktop boxes and the free wireless connect to the outside world with static v6 addresses. I had as many people ssh-ing to my shellhost from CCC Berlin and CCC Cologne as I did connecting to the irc server if not more. but as for irc... 1. you stop first! 2. i'm in love with the Internet, which means no port blocking goddamnit. 3. i like having users and other sysadmins around who use the Internet in the old Unix way, which is built around text and language, and things that run quietly far away for months at a time. I am probably paying ~$100/mo in electricity for people I am giving free colos. many of *these* people like irc, and I don't want to disappoint them or pass on fascist condescending restrictions to them that undermine the Internet idea that I love. 4. sometimes the hobbyist projects I like to do involve adding network gizmos, like v6 or tinc-vpn or fake-DNS-for-rfc1918 or whatever, and irc is one of the neatest ways to test it and say ``look, it works!'' 5. irc is a challenge because its users complain about extremely small outages or QoS problems. a> irc is a waste of time at best, and ddos target at worst... 1. you stop first. :) 2. almost 2yrs and no ddos yet. We are lucky I guess. a> I see, you want both A and AAAA. I guess that make a> sense. Yeah, I googled a bit and I dont see registrar that a> supports v6 either. oh wait, it's ok with me if there isn't AAAA in my ivy.net glue from Gandi. Maybe I shouldn't have said ``glue''. I just meant, if you turn on v6 you better make sure it works well, because if not DNS will get flakey since some of the root servers and in-addr servers are already giving AAAA to themselves. They're still not giving it to the user domains one level up, but a.gtld-servers.net has an AAAA record for itself. a> If there's customer demand, I can probably sell v6 transit... please do! by now maybe I am not the only one. me> I'll pay you $50 a> Eh, that doesn't quite bump it in the priorities list, heh, no kidding. if I can soon get v6 back somehow (from Robin, from a special deal with he.net, from James, from SixxS, something), I could offer to maintain tunnels for your customers. I mean you could just refer them to me. Usually the traffic is so small I wouldn't mind paying for it (though I might want to avoid paying twice, for intra-pilosoft traffic). By the time traffic gets large enough I can't afford it, it's probably also large enough to be a higher priority for you. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From carton at Ivy.NET Sat Mar 24 14:53:24 2007 From: carton at Ivy.NET (Miles Nordin) Date: Sat, 24 Mar 2007 14:53:24 -0400 Subject: [nycbug-talk] IPv6 in Japan In-Reply-To: Tillman Hodgson's message of "Fri, 23 Mar 2007 09:38:25 -0600" References: <0AD0D543-1B78-4C3E-AB41-6156412D5D81@lesmuug.org> <22417.160.33.20.11.1174579821.squirrel@webmail.nomadlogic.org> <2A482895-CBAD-4B5A-BC90-FEAC079A4D97@lesmuug.org> <20070323153825.GC1385@seekingfire.com> <329539.15755.qm@web404.biz.mail.mud.yahoo.com> <28000.160.33.20.11.1174603465.squirrel@webmail.nomadlogic.org> <71EFE879-FFC2-45D6-A369-D65D812A95A5@lesmuug.org> Message-ID: >>>>> "th" == Tillman Hodgson writes: >>>>> "il" == Isaac Levy writes: th> What ircd were you planning on using (that has IPv6 support hybrid has stable v6 support, but they broke CIDR bans between 7.0 and 7.2, so I can't recommend it. anope services does not crash on my v6 ircnet, but it also doesn't have any special v6 support AFAICT. >> my two favorites: ipsec intergration into the base stack il> HECK YEAH. you still have to use racoon. It's really no better than v4 ipsec. It's not ``more tightly integrated'' or any nonsense like that. It's just required to claim compliance. In fact so far I think FreeBSD and NetBSD release versions have FAST_IPSEC for v4 only, not v6, because recently there was news of FAST_IPSEC v6 new in -current. so v4 has better IPsec in existing systems. Does Cisco support v6 in their IKE? anyway this ``integration into the base stack'' is just marketing garbage. il> IPSEC isn't just for encrypted tunnels, tunnelling was merely il> the first good application of IPSEC. yeah I read on one of the NetBSD lists the iSCSI guys are using some kind of channel-binding scheme to replace their CHAP authentication. It depends on having separate SA's for the TCP circuit your IPsec session runs over. It's important for the kernel to clear the SA if it drops the TCP circuit, which the poster (sorry I forget who) was saying Solaris's (still closed source IKE &) IPsec stack does, but NetBSD doesn't. need to understand more about channel binding soon. Also OSPFv3 uses IPsec to replace the homerolled message digest scheme in OSPFv2. It's not specified how you are supposed to maintain the SA's for a multicast protocol. What cisco does, is set up all these special cases for OSPFv3 IPsec, to dispense with IKE entirely, and let you configure static SA's in an equivalent way to bring back an interface that feels like OSPFv2's. il> IPSEC advantage over ssl/tls is complete transport layer, il> packet-level crypto- as opposed to application-layer crypto... what's the ``advantage'' to that? ``easier to do traffic analysis attacks''? It may have an advantage of being easier to implement correctly in hardware because the performance-critical IPsec part is broken out from IKE so it churns less than Team TLS's manure field, has zero ASN.1 garbage in it, and has Counter Mode. (after we have our InfiniPath/SCTP - to - Ethernet/TCP bridges, we can put IPsec as well as TCP inside the bridge instead of inside the Unix box.) il> DHCP, farewell. I'm still confused about how to get DNS il> Servers though... (but historically, this was a band-aid hack il> idea to DHCP that stuck- because it worked...) yes, I have that problem. I do automatic DNS updates for v4 DHCP users, but v6 addresses don't get registered in DNS at all. You could maybe give each client a TSIG key and let them nsupdate their own records using some more generalized ifwatchd to provide the hooks on address discovery. I don't have anything like that working. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From nycbug-list at 2xlp.com Sat Mar 24 15:48:11 2007 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Sat, 24 Mar 2007 15:48:11 -0400 Subject: [nycbug-talk] 6.2 cd install oddness Message-ID: Hoping someone can shed some light- I'm trying to install FreeBSD 6.2 on a machine via the cd. Its booting off the cd into sysinstall fine, but when I choose installation media as a CD , it doesn't find any cd roms. Despite the fact that its running off the cd already. Anyone have a clue? From pete at nomadlogic.org Sat Mar 24 16:07:36 2007 From: pete at nomadlogic.org (Peter Wright) Date: Sat, 24 Mar 2007 13:07:36 -0700 (PDT) Subject: [nycbug-talk] 6.2 cd install oddness In-Reply-To: References: Message-ID: <5334.160.33.20.11.1174766856.squirrel@webmail.nomadlogic.org> > > Hoping someone can shed some light- > > I'm trying to install FreeBSD 6.2 on a machine via the cd. > > Its booting off the cd into sysinstall fine, but when I choose > installation media as a CD , it doesn't find any cd roms. Despite > the fact that its running off the cd already. Anyone have a clue? > > you check dmesg to make sure you cdrom is detected once the kernel is loaded? -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From george at galis.org Sat Mar 24 22:15:53 2007 From: george at galis.org (George Georgalis) Date: Sat, 24 Mar 2007 22:15:53 -0400 Subject: [nycbug-talk] 6.2 cd install oddness In-Reply-To: <5334.160.33.20.11.1174766856.squirrel@webmail.nomadlogic.org> References: <5334.160.33.20.11.1174766856.squirrel@webmail.nomadlogic.org> Message-ID: <20070325021552.GE18152@run.galis.org> On Sat, Mar 24, 2007 at 01:07:36PM -0700, Peter Wright wrote: > >> >> Hoping someone can shed some light- >> >> I'm trying to install FreeBSD 6.2 on a machine via the cd. >> >> Its booting off the cd into sysinstall fine, but when I choose >> installation media as a CD , it doesn't find any cd roms. Despite >> the fact that its running off the cd already. Anyone have a clue? >> >> > >you check dmesg to make sure you cdrom is detected once the kernel is loaded? yeah... I've gotten around weardness like that by pushing the eject button (twice) at just the right time so the CD is spinning up when the kernel goes to detect it, vs when bios does detect it and loads the kernel. // George -- George Georgalis, systems architect, administrator < From nycbug-list at 2xlp.com Sun Mar 25 12:54:15 2007 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Sun, 25 Mar 2007 12:54:15 -0400 Subject: [nycbug-talk] 6.2 cd install oddness In-Reply-To: <20070325021552.GE18152@run.galis.org> References: <5334.160.33.20.11.1174766856.squirrel@webmail.nomadlogic.org> <20070325021552.GE18152@run.galis.org> Message-ID: > On Sat, Mar 24, 2007 at 01:07:36PM -0700, Peter Wright wrote: >> you check dmesg to make sure you cdrom is detected once the kernel >> is loaded? On Mar 24, 2007, at 10:15 PM, George Georgalis wrote: > yeah... I've gotten around weardness like that by > pushing the eject button (twice) at just the right > time so the CD is spinning up when the kernel goes > to detect it, vs when bios does detect it and loads > the kernel. That seems to be it. The kernel isn't picking it up, but BIOS is. I'll try your trick. // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From george at ceetonetechnology.com Thu Mar 29 13:35:36 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 29 Mar 2007 13:35:36 -0400 Subject: [nycbug-talk] little note. . . Message-ID: <460BF8E8.2060407@ceetonetechnology.com> NYPHP is holding a little social this evening. . . http://www.nyphp.org/ Open invite to NYCBUG people from them. . . George From nycbug-list at 2xlp.com Thu Mar 29 16:32:01 2007 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Thu, 29 Mar 2007 16:32:01 -0400 Subject: [nycbug-talk] memory and cpu question on a new setip Message-ID: <95C979F2-E18F-4E97-BAC6-19A679D82A6C@2xlp.com> ( sorry for being clueless this week. new server arrived. ) 1) Memory I just tossed in 2gb of ram into a server , for a total of 4 Bios sees it all The kernel gives me this message on boot (does not go in /var/log/ messages): 720896K of memory above 4GB ignored and this message on boot (does go into /var/log/messages ) Mar 29 16:19:36 crookedrain kernel: real memory = 3479298048 (3318 MB) Mar 29 16:19:36 crookedrain kernel: avail memory = 3404574720 (3246 MB) top shows around 3200 on the system as well. Where could my memory have gone? All the research i've done says that I should be find for memory under 4gb, and that I'd only need to use pae if i'm using 4+gb 2) CPU i'm running a xeon 3040 'dual core' i'm just using the standard kernel. i get this in dmesg FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 i tried using the SMP kernel on a whim, but it wouldn't boot. can someone confirm that should be the case? it makes sense to me that the SMP shouldn't work- i treated this as a single cpu from the outset , considering 2 cores to still be a single cpu. but the dmesg makes me second guess that. any suggestions would be appreciated // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From alex at pilosoft.com Thu Mar 29 16:35:50 2007 From: alex at pilosoft.com (alex at pilosoft.com) Date: Thu, 29 Mar 2007 16:35:50 -0400 (EDT) Subject: [nycbug-talk] memory and cpu question on a new setip In-Reply-To: <95C979F2-E18F-4E97-BAC6-19A679D82A6C@2xlp.com> Message-ID: On Thu, 29 Mar 2007, Jonathan Vanasco wrote: > ( sorry for being clueless this week. new server arrived. ) > > 1) Memory > I just tossed in 2gb of ram into a server , for a total of 4 > > Bios sees it all > The kernel gives me this message on boot (does not go in /var/log/ > messages): > 720896K of memory above 4GB ignored > and this message on boot (does go into /var/log/messages ) > Mar 29 16:19:36 crookedrain kernel: real memory = 3479298048 (3318 > MB) > Mar 29 16:19:36 crookedrain kernel: avail memory = 3404574720 (3246 > MB) > > top shows around 3200 on the system as well. > > Where could my memory have gone? > All the research i've done says that I should be find for memory > under 4gb, and that I'd only need to use pae if i'm using 4+gb There are things like "PCI bounce areas", or areas used for AGP buffers. You can generally get to 3.5G by changing video memory/AGP aperture. Occasionally, if you are lucky, you can get 3.7G. However, to get full 4G, I would suggest x64 kernel. I'm not sure if PAE will fix the "PCI reserved areas" issue. > > 2) CPU > i'm running a xeon 3040 'dual core' > i'm just using the standard kernel. > i get this in dmesg > FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs > cpu0 (BSP): APIC ID: 0 > cpu1 (AP): APIC ID: 1 > > i tried using the SMP kernel on a whim, but it wouldn't boot. can > someone confirm that should be the case? Uh, that message says SMP *did* work. It detected two CPUs. > it makes sense to me that the SMP shouldn't work- i treated this as > a single cpu from the outset , considering 2 cores to still be a > single cpu. No, two cores for all purposes means two CPUs. Why do you say "wouldn't boot"? What was the error? > but the dmesg makes me second guess that. From lavalamp at spiritual-machines.org Thu Mar 29 17:08:15 2007 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Thu, 29 Mar 2007 17:08:15 -0400 (EDT) Subject: [nycbug-talk] memory and cpu question on a new setip In-Reply-To: References: Message-ID: <20070329170727.J6132@arbitor.digitalfreaks.org> Some drivers are incompatible with PAE; i think the module framework doesn't work with PAE alltogether. How about an amd64 kernel? ~BAS On Thu, 29 Mar 2007, alex at pilosoft.com wrote: > On Thu, 29 Mar 2007, Jonathan Vanasco wrote: > >> ( sorry for being clueless this week. new server arrived. ) >> >> 1) Memory >> I just tossed in 2gb of ram into a server , for a total of 4 >> >> Bios sees it all >> The kernel gives me this message on boot (does not go in /var/log/ >> messages): >> 720896K of memory above 4GB ignored >> and this message on boot (does go into /var/log/messages ) >> Mar 29 16:19:36 crookedrain kernel: real memory = 3479298048 (3318 >> MB) >> Mar 29 16:19:36 crookedrain kernel: avail memory = 3404574720 (3246 >> MB) >> >> top shows around 3200 on the system as well. >> >> Where could my memory have gone? >> All the research i've done says that I should be find for memory >> under 4gb, and that I'd only need to use pae if i'm using 4+gb > There are things like "PCI bounce areas", or areas used for AGP buffers. > You can generally get to 3.5G by changing video memory/AGP aperture. > Occasionally, if you are lucky, you can get 3.7G. > > However, to get full 4G, I would suggest x64 kernel. I'm not sure if PAE > will fix the "PCI reserved areas" issue. > >> >> 2) CPU >> i'm running a xeon 3040 'dual core' >> i'm just using the standard kernel. >> i get this in dmesg >> FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs >> cpu0 (BSP): APIC ID: 0 >> cpu1 (AP): APIC ID: 1 >> >> i tried using the SMP kernel on a whim, but it wouldn't boot. can >> someone confirm that should be the case? > Uh, that message says SMP *did* work. It detected two CPUs. > >> it makes sense to me that the SMP shouldn't work- i treated this as >> a single cpu from the outset , considering 2 cores to still be a >> single cpu. > No, two cores for all purposes means two CPUs. > > Why do you say "wouldn't boot"? What was the error? >> but the dmesg makes me second guess that. > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when "helpdesk" meant nothing, "diskquota" meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were." From nycbug-list at 2xlp.com Thu Mar 29 17:23:17 2007 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Thu, 29 Mar 2007 17:23:17 -0400 Subject: [nycbug-talk] memory and cpu question on a new setip In-Reply-To: References: Message-ID: On Mar 29, 2007, at 4:35 PM, alex at pilosoft.com wrote: > There are things like "PCI bounce areas", or areas used for AGP > buffers. > You can generally get to 3.5G by changing video memory/AGP aperture. > Occasionally, if you are lucky, you can get 3.7G. ah. i'm at 3.5 now. 3.7 would be great. > However, to get full 4G, I would suggest x64 kernel. I'm not sure > if PAE > will fix the "PCI reserved areas" issue. > Uh, that message says SMP *did* work. It detected two CPUs. > No, two cores for all purposes means two CPUs. > Why do you say "wouldn't boot"? What was the error? it just hanged on a blank screen but i tried installing it again, and now i'm using the SMP. so thanks. On Mar 29, 2007, at 5:08 PM, Brian A. Seklecki wrote: > How about an amd64 kernel? will they work on intel chips & boards? i had no idea. // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From stucchi at willystudios.com Fri Mar 30 09:39:23 2007 From: stucchi at willystudios.com (Massimiliano Stucchi) Date: Fri, 30 Mar 2007 15:39:23 +0200 Subject: [nycbug-talk] BSDCan 2007 Message-ID: <20070330133923.GZ69580@willystudios.com> Hi all, like the last two years, me and a few Italians are coming over for BSDCan, passing by NYC. We are organizing the trip at the moment, and would like to find out if there's anybody out there wanting to share a trip over to Ottawa by car with us. We are probably going to rent a car, but if anybody else show up, we could also rent a van and accomodate a few other people. Only thing to note is that we are going up on tuesday, since I'll be holding my tutorial right on wednesday, so I'm aware this could be a showstopper for some of you out there... If anybody is interested in coming with us, just drop me an email privately. Ciao ! -- Massimiliano Stucchi, CTO & Director of Operations WillyStudios.com - IT Consulting, Web and VoIP Services stucchi at willystudios.com | Tel (+39) 0244417203 | Fax (+39) 0244417204 IT-20040, Carnate (Milano), via Carducci 9 From stucchi at willystudios.com Fri Mar 30 09:46:00 2007 From: stucchi at willystudios.com (Massimiliano Stucchi) Date: Fri, 30 Mar 2007 15:46:00 +0200 Subject: [nycbug-talk] (I hate IPv6!) - Thread Fork In-Reply-To: <46043C1A.3040705@chrisbuechler.com> References: <08E49910-A5E6-407F-AA12-AACF1EE741F6@lesmuug.org> <46043C1A.3040705@chrisbuechler.com> Message-ID: <20070330134600.GA69580@willystudios.com> On 230307, 16:44, Chris Buechler wrote: > Isaac Levy wrote: > >> I think all you said above pretty much proves my point - > >> a) ipv6 not ready for prime time > >> b) nobody gives a damn about v6 > >> > > > > Alex, you've inspired me to fork this whole topic to a different > > thread. This is not a joke. > > > > Seriously speaking here, what do you see as the largest problems to > > the US getting wired and up to speed with IPv6? Why do you think it > > won't happen anytime soon? > > > > > Speaking from the perspective of the organizations whose networks I run, > it won't happen in the foreseeable future because there's no business > reason to do so. The benefits of IPv6 aren't enough on their own to > justify the migration, and public IP's are readily available for little > or no cost. The driver of migration I foresee is increasing cost of > public IP's. If they do indeed eventually become as scarce as people > think they will then the cost will go up substantially enough to drive > the change. None of the several T1 providers I use charge anything for > public IP's, and will give you up to a /24 at no cost if you can justify > having it. The local LEC will give you 5 public IP's for $5/month on a > business DSL account, and the local cable company charges $5/month per > IP for additional IP's. At those costs, nobody cares about extra IP > space because it would take 100+ years of IP charges to equal the cost > of migrating to IPv6. Good point, Chris. I help run a WISP down here in Italy, and for every customer we assign a /30 for a point-to-point connection and then route a /29 over it. Yes, we waste 4 IP's for every customer. Yes, the IPs are for free. Yes, we have plenty of them available. Ciao -- Massimiliano Stucchi, CTO & Director of Operations WillyStudios.com - IT Consulting, Web and VoIP Services stucchi at willystudios.com | Tel (+39) 0244417203 | Fax (+39) 0244417204 IT-20040, Carnate (Milano), via Carducci 9 From pete at nomadlogic.org Fri Mar 30 11:20:47 2007 From: pete at nomadlogic.org (Pete Wright) Date: Fri, 30 Mar 2007 11:20:47 -0400 Subject: [nycbug-talk] memory and cpu question on a new setip In-Reply-To: References: Message-ID: <20070330152039.GA54020@sunset.nomadlogic.org> On Thu, Mar 29, 2007 at 05:23:17PM -0400, Jonathan Vanasco wrote: > > On Mar 29, 2007, at 4:35 PM, alex at pilosoft.com wrote: > > > There are things like "PCI bounce areas", or areas used for AGP > > buffers. > > You can generally get to 3.5G by changing video memory/AGP aperture. > > Occasionally, if you are lucky, you can get 3.7G. > > ah. i'm at 3.5 now. 3.7 would be great. > > > However, to get full 4G, I would suggest x64 kernel. I'm not sure > > if PAE > > will fix the "PCI reserved areas" issue. > > > Uh, that message says SMP *did* work. It detected two CPUs. > > No, two cores for all purposes means two CPUs. > > Why do you say "wouldn't boot"? What was the error? > it just hanged on a blank screen > > but i tried installing it again, and now i'm using the SMP. so thanks. > > On Mar 29, 2007, at 5:08 PM, Brian A. Seklecki wrote: > > How about an amd64 kernel? > > will they work on intel chips & boards? i had no idea. > depends on the Intel chip you are using. If it's a dual core "Xeon" branded chip it most likely has a 64bit capable instruction set. I'm willing to be you have a 5180, or something similar. If you use the x86_64-SMP kernel/user-land you should be all set on both fronts. -p -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From nycbug-list at 2xlp.com Fri Mar 30 17:12:49 2007 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Fri, 30 Mar 2007 17:12:49 -0400 Subject: [nycbug-talk] 6.2 cd install oddness In-Reply-To: References: <5334.160.33.20.11.1174766856.squirrel@webmail.nomadlogic.org> <20070325021552.GE18152@run.galis.org> Message-ID: <096E5F5F-927A-41E7-8354-FE7A3B66DA76@2xlp.com> On Mar 25, 2007, at 12:54 PM, Jonathan Vanasco wrote: > That seems to be it. The kernel isn't picking it up, but BIOS is. > I'll try your trick. as a followup... The issue was that the kernel doesn't support the chip on the mobo that the cdrom is on -- yet. its in the 6.3 release i never would have thought that it could boot off the drive through bios, but not be visible to the kernel. anyways, thanks to all.