From jekillen at prodigy.net Sun Sep 2 16:58:48 2007 From: jekillen at prodigy.net (jekillen) Date: Sun, 2 Sep 2007 13:58:48 -0700 Subject: [nycbug-talk] booting FreeBSD v6.2 Message-ID: Hello: I am working with a home built Gigabyte/AMD64 system I had FreeBSD 6.0 installed on the machine and it was running fine as a development server. I recently had problems trying to install v6.2 on an MSI RX480 Neo2 motherboard and AMD64 processor. The machine refused to boot the install cd from commercial boxed cd set. It kept panicking on hardware and memory disc issues. I decided to go to the Gigabyte/AMD64 system and reconfigure that machine with three SATA drives. One is to be the boot drive and the others are SATA 10k rpm drives dedicated to /usr and /var file systems. Sysinstall lists the drive numbers as ad4 ad8 and ad10. I installed the system successfully and when came time to reboot, the system refuses to boot. This is the console output: FreeBSD/i386 boot default: 0;ad(0,a)/boot/kernel/kernel Boot: Invalid Partition No /boot/kernel/kernel FreeBSD/i386 boot default: 0;ad(0,a)/boot/kernel/kernel Boot: I tried Boot: ad4s1a and got the same response, Invalid Partition.... etc I do not know what to type here. If, as I configured the drives the root filesystem with the kernel is on ad4s1a from other installations and the manuals and data, the first IDE master is ad0 but I am not using IDE. I am using SATA drive. No SATA as IDE option in bios. what do I do here. The FreeBSD handbook and other publications I have do not give me enough info to figure it out. If any FreeBSD gurus on this list: Thanks, I appreciate any knowledgeable info on this. I have queried the FreeBSD general question list but have not gotten response. (They have been indignant, somewhat, because I have been bypassing ports and just building and installing Apache, php, and MySQL from source tarballs. ) I have been doing Linux, Mac OSX, and FreeBSD for about 5 years, as a 'hobbyist' and wannabe web designer/developer I have static ip addresses and run my own dns servers. manage internal network, have built and installed server software from source, ran patch and rebuilt FreeBSD kernel to add support for ethernet device. I Avoid Windows as much as possible. Who I am: www.brushandbard.com Jeff K From lavalamp at spiritual-machines.org Sun Sep 2 17:29:12 2007 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Sun, 2 Sep 2007 17:29:12 -0400 (EDT) Subject: [nycbug-talk] booting FreeBSD v6.2 In-Reply-To: References: Message-ID: <20070902172323.Y56607@arbitor.digitalfreaks.org> > This is the console output: > FreeBSD/i386 boot > default: 0;ad(0,a)/boot/kernel/kernel J: Gotta love how this stuff still happens in 2007, huh> What we need to do is validate that the BIOS of your motherboard is mapping device at 0x80 to what FreeBSD later interprets to be "ad4". The 1st and 2nd stage boot loader isn't going to know anything about kernel device names. We know because the 1st stage loader is starting that the BIOS is picking the correct physical drive to read the MBR from. Break out of the boot loader and send us the output of: lsdev -v boot-conf show Also, we can find out what changed in loader(8) on AMD64 pretty easily between 6.0 and 6.2 using CVS. ~~BAS > Boot: > Invalid Partition From jekillen at prodigy.net Sun Sep 2 19:00:00 2007 From: jekillen at prodigy.net (jekillen) Date: Sun, 2 Sep 2007 16:00:00 -0700 Subject: [nycbug-talk] booting FreeBSD v6.2 In-Reply-To: <20070902172323.Y56607@arbitor.digitalfreaks.org> References: <20070902172323.Y56607@arbitor.digitalfreaks.org> Message-ID: <3048bb8a80b07cf27b07ae45f12e39b1@prodigy.net> On Sep 2, 2007, at 2:29 PM, Brian A. Seklecki wrote: >> This is the console output: >> FreeBSD/i386 boot >> default: 0;ad(0,a)/boot/kernel/kernel > > J: > > Gotta love how this stuff still happens in 2007, huh> > > What we need to do is validate that the BIOS of your motherboard is > mapping device at 0x80 to what FreeBSD later interprets to be "ad4". > > The 1st and 2nd stage boot loader isn't going to know anything about > kernel device names. > > We know because the 1st stage loader is starting that the BIOS is > picking the correct physical drive to read the MBR from. > > Break out of the boot loader and send us the output of: > > lsdev -v > boot-conf > show > Learning how as I go .... how do I break out of the boot loader, to what shell? What runs this series of instructions? Thats is deeper than I have gone to this point. Like, even though I have found my way around the shell enough to do tar -xvf (ect) and ./config and all those incantations, and even find my way through errors here and there, tinker with some shell scripting, python scripting, even some console c programming; and lots and lots of php. Nothing can be worse than javascript from scratch from text books. But I got the hang of that too. this is something I am unfamiliar with. > Also, we can find out what changed in loader(8) on AMD64 pretty easily > between 6.0 and 6.2 using CVS. > just some extra data if it makes a difference here, I am using generic kernel, not AMD64 (and I presume there is a difference). Thanks for the response and info. Jeff K From tekronis at gmail.com Sun Sep 2 19:54:43 2007 From: tekronis at gmail.com (H. G.) Date: Sun, 2 Sep 2007 19:54:43 -0400 Subject: [nycbug-talk] booting FreeBSD v6.2 In-Reply-To: <3048bb8a80b07cf27b07ae45f12e39b1@prodigy.net> References: <20070902172323.Y56607@arbitor.digitalfreaks.org> <3048bb8a80b07cf27b07ae45f12e39b1@prodigy.net> Message-ID: <60131f920709021654m34e02db1k76609b313aa065a2@mail.gmail.com> On 9/2/07, jekillen wrote: > > > On Sep 2, 2007, at 2:29 PM, Brian A. Seklecki wrote: > > >> This is the console output: > >> FreeBSD/i386 boot > >> default: 0;ad(0,a)/boot/kernel/kernel > > > > J: > > > > Gotta love how this stuff still happens in 2007, huh> > > > > What we need to do is validate that the BIOS of your motherboard is > > mapping device at 0x80 to what FreeBSD later interprets to be "ad4". > > > > The 1st and 2nd stage boot loader isn't going to know anything about > > kernel device names. > > > > We know because the 1st stage loader is starting that the BIOS is > > picking the correct physical drive to read the MBR from. > > > > Break out of the boot loader and send us the output of: > > > > lsdev -v > > boot-conf > > show > > > Learning how as I go .... how do I break out of the boot loader, to > what shell? What runs this series of instructions? > Thats is deeper than I have gone to this point. Like, even though I > have found my way around the shell enough > to do tar -xvf (ect) and ./config and all those incantations, and even > find my way through errors here and there, > tinker with some shell scripting, python scripting, even some console c > programming; and lots and lots of php. > Nothing can be worse than javascript from scratch from text books. But > I got the hang of that too. > this is something I am unfamiliar with. > > > Also, we can find out what changed in loader(8) on AMD64 pretty easily > > between 6.0 and 6.2 using CVS. > > > just some extra data if it makes a difference here, I am using generic > kernel, not AMD64 (and I presume > there is a difference). > > Thanks for the response and info. > Jeff K > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > Right during the point during the boot process, when you see the little spinner spinning, pay attention. You'll soon see text that reads "Hit [Enter] to boot, any other key to go to command prompt" Right at this point, you smack any key except Enter. You should end up in at the boot loader's prompt, which is where you can execute these commands. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lavalamp at spiritual-machines.org Sun Sep 2 20:14:57 2007 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Sun, 2 Sep 2007 20:14:57 -0400 (EDT) Subject: [nycbug-talk] booting FreeBSD v6.2 In-Reply-To: <60131f920709021654m34e02db1k76609b313aa065a2@mail.gmail.com> References: <20070902172323.Y56607@arbitor.digitalfreaks.org> <3048bb8a80b07cf27b07ae45f12e39b1@prodigy.net> <60131f920709021654m34e02db1k76609b313aa065a2@mail.gmail.com> Message-ID: <20070902201334.I56607@arbitor.digitalfreaks.org> > Right during the point during the boot process, when you see the little > spinner spinning, pay attention. > You'll soon see text that reads "Hit [Enter] to boot, any other key to go to > command prompt" Correct. And as far as GENERIC on 6.2/amd64, this is basically an SMP kernel. But the kernel version will not effect your problem so long as /boot/kernel/kernel is exists ~BAS > Right at this point, you smack any key except Enter. You should end up in > at the boot loader's prompt, > which is where you can execute these commands. > l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don't know it. So who's really in jail?" ~Maynard James Keenan From tekronis at gmail.com Sun Sep 2 20:31:04 2007 From: tekronis at gmail.com (H. G.) Date: Sun, 2 Sep 2007 20:31:04 -0400 Subject: [nycbug-talk] booting FreeBSD v6.2 In-Reply-To: <20070902201334.I56607@arbitor.digitalfreaks.org> References: <20070902172323.Y56607@arbitor.digitalfreaks.org> <3048bb8a80b07cf27b07ae45f12e39b1@prodigy.net> <60131f920709021654m34e02db1k76609b313aa065a2@mail.gmail.com> <20070902201334.I56607@arbitor.digitalfreaks.org> Message-ID: <60131f920709021731r7e7bd18bu1a05a9350ce6f6c5@mail.gmail.com> On 9/2/07, Brian A. Seklecki wrote: > > > > Right during the point during the boot process, when you see the little > > spinner spinning, pay attention. > > You'll soon see text that reads "Hit [Enter] to boot, any other key to > go to > > command prompt" > > Correct. And as far as GENERIC on 6.2/amd64, this is basically an SMP > kernel. But the kernel version will not effect your problem so long as > /boot/kernel/kernel is exists ~BAS > > > > Right at this point, you smack any key except Enter. You should end up > in > > at the boot loader's prompt, > > which is where you can execute these commands. > > > > l8* > -lava (Brian A. Seklecki - Pittsburgh, PA, USA) > http://www.spiritual-machines.org/ > > "Guilty? Yeah. But he knows it. I mean, you're guilty. > You just don't know it. So who's really in jail?" > ~Maynard James Keenan > > Yes, I was stating the obvious. But I believe in thoroughness. :D -------------- next part -------------- An HTML attachment was scrubbed... URL: From jekillen at prodigy.net Sun Sep 2 22:13:47 2007 From: jekillen at prodigy.net (jekillen) Date: Sun, 2 Sep 2007 19:13:47 -0700 Subject: [nycbug-talk] booting FreeBSD v6.2 In-Reply-To: <20070902201334.I56607@arbitor.digitalfreaks.org> References: <20070902172323.Y56607@arbitor.digitalfreaks.org> <3048bb8a80b07cf27b07ae45f12e39b1@prodigy.net> <60131f920709021654m34e02db1k76609b313aa065a2@mail.gmail.com> <20070902201334.I56607@arbitor.digitalfreaks.org> Message-ID: <6f2da05b003fd02f9d07cc743ed2ed4b@prodigy.net> On Sep 2, 2007, at 5:14 PM, Brian A. Seklecki wrote: > >> Right during the point during the boot process, when you see the >> little >> spinner spinning, pay attention. >> You'll soon see text that reads "Hit [Enter] to boot, any other key >> to go to >> command prompt" > > Correct. And as far as GENERIC on 6.2/amd64, this is basically an SMP > kernel. But the kernel version will not effect your problem so long > as /boot/kernel/kernel is exists ~BAS > > Thank you for the info. Along this line I understand that the AMD Hyper Transport Technology is different than Intel's Hyper Threading Technology and makes them more suitable for servers. Is that what the AMD64 specific versions are designed to take advantage of? Jeff K From jekillen at prodigy.net Sun Sep 2 22:37:54 2007 From: jekillen at prodigy.net (jekillen) Date: Sun, 2 Sep 2007 19:37:54 -0700 Subject: [nycbug-talk] boot problem solved Message-ID: Yup, I did it again; regarding this exchange: Gotta love how this stuff still happens in 2007, huh> What we need to do is validate that the BIOS of your motherboard is mapping device at 0x80 to what FreeBSD later interprets to be "ad4". The 1st and 2nd stage boot loader isn't going to know anything about kernel device names. We know because the 1st stage loader is starting that the BIOS is picking the correct physical drive to read the MBR from. Break out of the boot loader and send us the output of: lsdev -v boot-conf show Also, we can find out what changed in loader(8) on AMD64 pretty easily between 6.0 and 6.2 using CVS. And following the instructions regarding watching for the spinner and hitting any key at the prompt, I was not getting the spinner at all. But, I went back to look at my bios settings and did not have the bootable drive set to be the first drive after the cdrom to try to boot from. So, I corrected that and I am up an running. In the future all your info and instructions will be very useful. Thanks again, I was contemplating swapping out the drive with the root partition with an IDE drive and reinstalling, that would been the long way around and a waste of time. Jeff K From lavalamp at spiritual-machines.org Sun Sep 2 22:56:25 2007 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Sun, 2 Sep 2007 22:56:25 -0400 (EDT) Subject: [nycbug-talk] boot problem solved In-Reply-To: References: Message-ID: <20070902225203.N56607@arbitor.digitalfreaks.org> Ahh, the bootloader / MBR must have accidentally been written to your data-drives causing the confusion. A common problem for sysinstall newcomers. Wont cause you any problems other than confusion. Normally you'd get "unable to find bootable drive", and, depending on the BIOS (award/phoenix/AMI), it would try the bootable media it comprehends in some arbitrary order based on the alignment of the starts and the menu at the local Thai restaurant. God I pine for OpenFirmware. ~BAS On Sun, 2 Sep 2007, jekillen wrote: > Yup, I did it again; > > regarding this exchange: > > Gotta love how this stuff still happens in 2007, huh> > > What we need to do is validate that the BIOS of your motherboard is > mapping device at 0x80 to what FreeBSD later interprets to be "ad4". > > The 1st and 2nd stage boot loader isn't going to know anything about > kernel device names. > > We know because the 1st stage loader is starting that the BIOS is > picking the correct physical drive to read the MBR from. > > Break out of the boot loader and send us the output of: > > lsdev -v > boot-conf > show > > Also, we can find out what changed in loader(8) on AMD64 pretty easily > between 6.0 and 6.2 using CVS. > > And following the instructions regarding watching for the spinner and > hitting any key at the prompt, I > was not getting the spinner at all. > > But, I went back to look at my bios settings and did not have the > bootable drive set to be the first > drive after the cdrom to try to boot from. > > So, I corrected that and I am up an running. > In the future all your info and instructions will be very useful. > Thanks again, I was contemplating swapping out the drive with the root > partition with an IDE drive > and reinstalling, that would been the long way around and a waste of > time. > Jeff K > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don't know it. So who's really in jail?" ~Maynard James Keenan From andy.kosela at gmail.com Mon Sep 3 14:00:23 2007 From: andy.kosela at gmail.com (Andy Kosela) Date: Mon, 3 Sep 2007 20:00:23 +0200 Subject: [nycbug-talk] booting FreeBSD v6.2 In-Reply-To: <6f2da05b003fd02f9d07cc743ed2ed4b@prodigy.net> References: <20070902172323.Y56607@arbitor.digitalfreaks.org> <3048bb8a80b07cf27b07ae45f12e39b1@prodigy.net> <60131f920709021654m34e02db1k76609b313aa065a2@mail.gmail.com> <20070902201334.I56607@arbitor.digitalfreaks.org> <6f2da05b003fd02f9d07cc743ed2ed4b@prodigy.net> Message-ID: <3cc535c80709031100l76682617jabae2b741f9fc97b@mail.gmail.com> On 9/3/07, jekillen wrote: > > On Sep 2, 2007, at 5:14 PM, Brian A. Seklecki wrote: > > > > >> Right during the point during the boot process, when you see the > >> little > >> spinner spinning, pay attention. > >> You'll soon see text that reads "Hit [Enter] to boot, any other key > >> to go to > >> command prompt" > > > > Correct. And as far as GENERIC on 6.2/amd64, this is basically an SMP > > kernel. But the kernel version will not effect your problem so long > > as /boot/kernel/kernel is exists ~BAS > > > > > Thank you for the info. > Along this line I understand that the AMD Hyper Transport Technology is > different than Intel's Hyper Threading Technology > and makes them more suitable for servers. Is that what the AMD64 > specific versions are designed to take advantage of? FreeBSD's AMD64 is more commonly known as x86-64 architecture and it includes both AMD family of processors: # AMD Athlon 64 # AMD Athlon 64 X2 # AMD Athlon 64 FX # AMD Opteron # AMD Turion 64 # AMD Turion 64 X2 # AMD Sempron and also Intel's 64 line (also known as EM64T): # Pentium 4 # Pentium D # Pentium Extreme Edition # Celeron D # Xeon # Pentium Dual-Core processors # Intel Core 2 It's quite a standard nowadays, both in server and desktop market. just my 2 cents. I just found this BSD group. I would like to say peace to everybody. It's so beautiful to see so much people interested in sharing the knowledge and keeping alive the legacy of BSD. -- Andy Kosela Protect Ya Neck Records/Wu-Tang Management www.protect-ya-neck.com Staten Island, NY From af.dingo at gmail.com Wed Sep 5 06:41:44 2007 From: af.dingo at gmail.com (Jeff Quast) Date: Wed, 5 Sep 2007 06:41:44 -0400 Subject: [nycbug-talk] OWASP in NYC September 6th 5:30pm-9:00pm Message-ID: sorry for the crosspost, but this seems of interest for NYC locals; "Meetings are FREE and open to the PUBLIC - RSVP IS REQUESTED" - can't beat that, Meeting Address: 86 Trinity Place, NY NY 10006 ---------- Forwarded message ---------- From: Dave Aitel Date: Sep 4, 2007 4:24 PM Subject: [Dailydave] The IPO of the 0day To: dailydave -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Justine (Immunity's CEO) is talking twice this week - so if you missed it in Singapore then this would be a great chance to catch her and ask her questions about it. - -dave 1. OWASP in NYC Thursday * - NYNJMetro (17:30 / 21:00) - "Financial Real-Time Threats: Impacting Trading Floor Operations" - "JBroFuzz: Effective Fuzzing for Network and Web Applications" , Dr. Yiannis Pavlosoglou , Information Risk Management - "Stock fluctuation from an unrecognized influence" , Justine Bone-Aitel , Immunity Security - "Hackers...BotNets oh My! Obtain a briefing on the current BotNet investigations etc.", NYC FBI Cyber Crime Unit - "Why today's vulnerability assessments are failing and a case for industry standardization" - "Blackhat/Defcon", Tom Brennan (President OWASP NY/NJ Metro) - Panel: "Global Security Week What is the current state of Privacy on Web Application Security? What should we be focusing on?" 2. Friday in Orlando ISSA at CISO Executive Forum at 1pm. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG3b8PB8JNm+PA+iURAlTrAKC87XZF8JZYzt0IfkAMubF7jJ/anQCg0GoB 3u/uhb7AxXaocekGSFyHfmQ= =sFPr -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave at lists.immunitysec.com http://lists.immunitysec.com/mailman/listinfo/dailydave From nikolai at fetissov.org Thu Sep 6 23:04:55 2007 From: nikolai at fetissov.org (nikolai) Date: Thu, 6 Sep 2007 23:04:55 -0400 (EDT) Subject: [nycbug-talk] [announce] NYCBUG Tonight In-Reply-To: <1FA34BB4-F8DF-421D-9370-E29C8F537033@ceetonetechnology.com> References: <1FA34BB4-F8DF-421D-9370-E29C8F537033@ceetonetechnology.com> Message-ID: <48581.69.119.146.233.1189134295.squirrel@www.geekisp.com> > September 05, 2007 > > Using Cryptography to Improve Web Application Performance and Security > > 6:45 pm, Suspenders Restaurant > http://www.suspendersbar.com/location.php Sorry, no audio so far. I'm left with Vista-only laptop at the moment and it looks like the junk windows software I use for decoding is not compatible with that. Will figure something out over the weekend. -- Nikolai From ike at lesmuug.org Fri Sep 7 02:53:59 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 7 Sep 2007 02:53:59 -0400 Subject: [nycbug-talk] [announce] NYCBUG Tonight In-Reply-To: <48581.69.119.146.233.1189134295.squirrel@www.geekisp.com> References: <1FA34BB4-F8DF-421D-9370-E29C8F537033@ceetonetechnology.com> <48581.69.119.146.233.1189134295.squirrel@www.geekisp.com> Message-ID: Wordemup, On Sep 6, 2007, at 11:04 PM, nikolai wrote: >> September 05, 2007 >> >> Using Cryptography to Improve Web Application Performance and >> Security >> >> 6:45 pm, Suspenders Restaurant >> http://www.suspendersbar.com/location.php > > Sorry, no audio so far. I'm left with Vista-only > laptop at the moment and it looks like the junk > windows software I use for decoding is not > compatible with that. Will figure something out > over the weekend. > -- > Nikolai Nikolai, your the best. Not having the audio up immediately after a meeting reminds me how much dedication you've put in to make this happen! Don't sweat it- wish I could help you out man! Best, .ike From huyslogic at gmail.com Fri Sep 7 09:33:30 2007 From: huyslogic at gmail.com (Huy Ton That) Date: Fri, 7 Sep 2007 09:33:30 -0400 Subject: [nycbug-talk] [announce] NYCBUG Tonight In-Reply-To: <48581.69.119.146.233.1189134295.squirrel@www.geekisp.com> References: <1FA34BB4-F8DF-421D-9370-E29C8F537033@ceetonetechnology.com> <48581.69.119.146.233.1189134295.squirrel@www.geekisp.com> Message-ID: <1cac28080709070633p52576c56uede9fe067db65148@mail.gmail.com> Speaking of which, did Galbreath upload his presentation anywhere as he mentioned? I had to leave early so I want to see what I missed ;) -Huy On 9/6/07, nikolai wrote: > > > September 05, 2007 > > > > Using Cryptography to Improve Web Application Performance and Security > > > > 6:45 pm, Suspenders Restaurant > > http://www.suspendersbar.com/location.php > > Sorry, no audio so far. I'm left with Vista-only > laptop at the moment and it looks like the junk > windows software I use for decoding is not > compatible with that. Will figure something out > over the weekend. > -- > Nikolai > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Fri Sep 7 09:50:05 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 7 Sep 2007 09:50:05 -0400 Subject: [nycbug-talk] [announce] NYCBUG Tonight In-Reply-To: <1cac28080709070633p52576c56uede9fe067db65148@mail.gmail.com> References: <1FA34BB4-F8DF-421D-9370-E29C8F537033@ceetonetechnology.com> <48581.69.119.146.233.1189134295.squirrel@www.geekisp.com> <1cac28080709070633p52576c56uede9fe067db65148@mail.gmail.com> Message-ID: <29CB9928-85A2-49DC-98EC-4CCEB647FFA2@ceetonetechnology.com> On Sep 7, 2007, at 9:33 AM, Huy Ton That wrote: > Speaking of which, did Galbreath upload his presentation anywhere > as he mentioned? I had to leave early so I want to see what I > missed ;) > > -Huy I sent Nick a reminder on that one. . . George From george at ceetonetechnology.com Fri Sep 7 10:37:58 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 7 Sep 2007 10:37:58 -0400 Subject: [nycbug-talk] new Asus ultraportables Message-ID: There's been some side discussions about these, but it looks like the end of the month for the EEE Asus subnotebooks: http://tinyurl.com/2f8f6x The specs and pricing has changed. . . from $199 for the base unit to $259, with the camera removed. They are running some variant of Xandros Linux, so that puts us a step ahead in terms of BSD installs. At least it should :) I suspect this will be a NYCBUG craze much like the Soekris thing a long while back. . . George From alex at pilosoft.com Fri Sep 7 10:56:21 2007 From: alex at pilosoft.com (Alex Pilosov) Date: Fri, 7 Sep 2007 10:56:21 -0400 (EDT) Subject: [nycbug-talk] new Asus ultraportables In-Reply-To: Message-ID: On Fri, 7 Sep 2007, George Rosamond wrote: > > I suspect this will be a NYCBUG craze much like the Soekris thing a long > while back. . . probably just as useless in reality you are paying size premium to have x86-compatible cpu, which isn't really relevant if you are loonix/bsd user. sizewise, its too big to be carried on your person, in fact, its about twice as big and twice as heavy as OQO. oqo is a-game, eee is b-game or c-game, for people who can't afford oqo. -alex From skreuzer at exit2shell.com Fri Sep 7 10:56:10 2007 From: skreuzer at exit2shell.com (Steven Kreuzer) Date: Fri, 7 Sep 2007 07:56:10 -0700 Subject: [nycbug-talk] new Asus ultraportables In-Reply-To: References: Message-ID: <20070907145610.GA1525@clamps.exit2shell.com> On Fri, Sep 07, 2007 at 10:37:58AM -0400, George Rosamond wrote: > There's been some side discussions about these, but it looks like the > end of the month for the EEE Asus subnotebooks: > > http://tinyurl.com/2f8f6x > > The specs and pricing has changed. . . from $199 for the base unit to > $259, with the camera removed. > > They are running some variant of Xandros Linux, so that puts us a > step ahead in terms of BSD installs. At least it should :) > > I suspect this will be a NYCBUG craze much like the Soekris thing a > long while back. . . > > George Some additional pictures of this thing can be found on flickr http://flickr.com/photos/kandance/1304072391/ http://flickr.com/photos/garotasemfio/717896672/ http://flickr.com/photos/garotasemfio/717899104/ http://flickr.com/photos/garotasemfio/591457157/ http://flickr.com/photos/jm_ruiz/531931643/ -- Steven Kreuzer http://www.exit2shell.com/~skreuzer From george at ceetonetechnology.com Fri Sep 7 11:04:52 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 7 Sep 2007 11:04:52 -0400 Subject: [nycbug-talk] new Asus ultraportables In-Reply-To: References: Message-ID: On Sep 7, 2007, at 10:56 AM, Alex Pilosov wrote: > On Fri, 7 Sep 2007, George Rosamond wrote: >> >> I suspect this will be a NYCBUG craze much like the Soekris thing >> a long >> while back. . . > probably just as useless in reality > > you are paying size premium to have x86-compatible cpu, which isn't > really > relevant if you are loonix/bsd user. > > sizewise, its too big to be carried on your person, in fact, its about > twice as big and twice as heavy as OQO. > > oqo is a-game, eee is b-game or c-game, for people who can't afford > oqo. > Valid points, Mr. Nyetwork. . . But I do think low power, cheapo UMPCs aren't just for One Laptop Per Child. I'd certainly be happy dragging around these 2 pounds with my relevant data, internet access capability and ability to SSH over anything else. I played with the ~$1700 UMPCs from OQO and it was nice, but for $259 or so, with flash storage, it's very tempting. George From joshmccormack at travelersdiary.com Fri Sep 7 11:34:20 2007 From: joshmccormack at travelersdiary.com (Josh McCormack) Date: Fri, 7 Sep 2007 10:34:20 -0500 Subject: [nycbug-talk] new Asus ultraportables In-Reply-To: References: Message-ID: On 9/7/07, George Rosamond wrote: > > Valid points, Mr. Nyetwork. . . > > But I do think low power, cheapo UMPCs aren't just for One Laptop Per > Child. > > I'd certainly be happy dragging around these 2 pounds with my > relevant data, internet access capability and ability to SSH over > anything else. > > I played with the ~$1700 UMPCs from OQO and it was nice, but for $259 > or so, with flash storage, it's very tempting. > > George I love cheap computers, and ultraportables. It would be nice if battery life were better, though. I think I'd prefer more weight and twice the battery. Josh -------------- next part -------------- An HTML attachment was scrubbed... URL: From mspitzer at gmail.com Fri Sep 7 16:26:24 2007 From: mspitzer at gmail.com (Marc Spitzer) Date: Fri, 7 Sep 2007 16:26:24 -0400 Subject: [nycbug-talk] new Asus ultraportables In-Reply-To: References: Message-ID: <8c50a3c30709071326mb4b9566td1b46cbfb13d8b7@mail.gmail.com> On 9/7/07, Josh McCormack wrote: > On 9/7/07, George Rosamond wrote: > > > > > > > > Valid points, Mr. Nyetwork. . . > > > > But I do think low power, cheapo UMPCs aren't just for One Laptop Per > > Child. > > > > I'd certainly be happy dragging around these 2 pounds with my > > relevant data, internet access capability and ability to SSH over > > anything else. > > > > I played with the ~$1700 UMPCs from OQO and it was nice, but for $259 > > or so, with flash storage, it's very tempting. > > > > George > > > > I love cheap computers, and ultraportables. It would be nice if battery life > were better, though. I think I'd prefer more weight and twice the battery. > > Josh > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > > waiting for the 10 inch screen myself. And I think of it as a vt220 with stuff. It might make sense to buy one for the server room at work, the serial console is a POS and sometimes I need to console in in spite of it. marc -- Freedom is nothing but a chance to be better. Albert Camus From george at ceetonetechnology.com Fri Sep 7 22:17:20 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 07 Sep 2007 22:17:20 -0400 Subject: [nycbug-talk] test Message-ID: <46E20630.6030601@ceetonetechnology.com> From ike at lesmuug.org Fri Sep 7 22:21:15 2007 From: ike at lesmuug.org (Isaac Levy) Date: Fri, 7 Sep 2007 22:21:15 -0400 Subject: [nycbug-talk] new Asus ultraportables In-Reply-To: <8c50a3c30709071326mb4b9566td1b46cbfb13d8b7@mail.gmail.com> References: <8c50a3c30709071326mb4b9566td1b46cbfb13d8b7@mail.gmail.com> Message-ID: BTW- Lee in midtown said late-month availability on the first models... I want the cheapest model, small screen and all. On Sep 7, 2007, at 4:26 PM, Marc Spitzer wrote: > And I think of it as a vt220 > with stuff. That should be a marketing slogan for it :) Seriously, I don't care about wanting a windowing enviornment- (though fluxbox or some other minimal X11 should run nicely on these specs?) I'd rather carry one of these in my winter jacket pocket than an iPhone- all I've ever wanted is a small shell and network capabilities on my person at all times... > It might make sense to buy one for the server room at > work, the serial console is a POS and sometimes I need to console in > in spite of it. HECK YEAH. Seriously much nicer to have around machine rooms for various tasks than a cart with a head... Toss one in the datacenter cabinet for emergencies, etc... As an aside, I want one to drive a usb scanner setup, dedicate the EEE to the scanner- (just velcro the thing to the scanner lid ;) > > marc Rocket- .ike From george at ceetonetechnology.com Sat Sep 8 10:00:31 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Sat, 08 Sep 2007 10:00:31 -0400 Subject: [nycbug-talk] Slides from Meeting Message-ID: <46E2AAFF.4010101@ceetonetechnology.com> Nick G has posted the slides from last Wednesday's meeting. . . http://modp.com/slides/reallyappliedcryptography1.html George From andy.kosela at gmail.com Sun Sep 9 07:29:13 2007 From: andy.kosela at gmail.com (Andy Kosela) Date: Sun, 9 Sep 2007 13:29:13 +0200 Subject: [nycbug-talk] FreeBSD & HP Pavilion G5050EW Message-ID: <3cc535c80709090429xb114665ja0b62242202be5d2@mail.gmail.com> Does anyone have any experience with running FreeBSD 6.2-RELEASE on HP Pavilion G5050EW? I know it uses Intel Graphics Media Accelerator 950 (1280x800 native mode) which "should" work with i810 driver. What about the sound and wireless support? Thank you for any insights. Andy Kosela From ike at lesmuug.org Sun Sep 9 14:09:55 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sun, 9 Sep 2007 14:09:55 -0400 Subject: [nycbug-talk] EuroBSDCon NYC/North-American Crew? Message-ID: <73CE2A0E-EE3F-4D44-8366-69A1BDF6F776@lesmuug.org> Hey All, Time has snuck up on me, and I'm heading to Copenhagen this week for EuroBSDCon, (to give my last lecture on FreeBSD jail(8), ever. Really. Ever. I swear.) With that, is anybody else on list going? Just curious, and hoping to see friends, (the whole Viking vibe makes me a bit nervous ;) http://2007.eurobsdcon.org/ I'll definitely post to list with any fun news from the Con... Rocket- .ike From ike at lesmuug.org Sun Sep 9 14:17:12 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sun, 9 Sep 2007 14:17:12 -0400 Subject: [nycbug-talk] FreeBSD & HP Pavilion G5050EW In-Reply-To: <3cc535c80709090429xb114665ja0b62242202be5d2@mail.gmail.com> References: <3cc535c80709090429xb114665ja0b62242202be5d2@mail.gmail.com> Message-ID: <6CC97611-AEBC-4F55-9968-7545B9D5A8DE@lesmuug.org> Hi Andy, On Sep 9, 2007, at 7:29 AM, Andy Kosela wrote: > Does anyone have any experience with running FreeBSD 6.2-RELEASE on HP > Pavilion G5050EW? > I know it uses Intel Graphics Media Accelerator 950 (1280x800 native > mode) which "should" work with i810 driver. > What about the sound and wireless support? > > Thank you for any insights. > > Andy Kosela Hope you got something good out of your cross-post to the other list, did you get this running? Rocket- .ike From nikolai at fetissov.org Mon Sep 10 09:28:00 2007 From: nikolai at fetissov.org (nikolai) Date: Mon, 10 Sep 2007 09:28:00 -0400 (EDT) Subject: [nycbug-talk] September 2007 meeting audio Message-ID: <33268.204.153.88.2.1189430880.squirrel@www.geekisp.com> Folks, The audio of Nick's presentation is online at http://www.fetissov.org/public/nycbug/ Sorry for the delay. -- Nikolai From ike at lesmuug.org Mon Sep 10 12:39:48 2007 From: ike at lesmuug.org (Isaac Levy) Date: Mon, 10 Sep 2007 12:39:48 -0400 Subject: [nycbug-talk] September 2007 meeting audio In-Reply-To: <33268.204.153.88.2.1189430880.squirrel@www.geekisp.com> References: <33268.204.153.88.2.1189430880.squirrel@www.geekisp.com> Message-ID: <047EC182-A77D-4EE2-BA3C-A5F696378919@lesmuug.org> On Sep 10, 2007, at 9:28 AM, nikolai wrote: > Folks, > > The audio of Nick's presentation is online at > http://www.fetissov.org/public/nycbug/ > > Sorry for the delay. Yay! Thanks Nikolai!! Rocket- .ike From ike at lesmuug.org Sat Sep 15 01:55:48 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sat, 15 Sep 2007 07:55:48 +0200 Subject: [nycbug-talk] Day 1, EuroBSDCon 2007 report Message-ID: Hi Everybody, Day 1 of EuroBSDCon is over, and the first day ROCKED. The facility is great, and they provided all meals (and pleasantly, ample coffee and tea all day). The venue is far away from any stores or food, so it's necessary- but they're taking good care of everyone. The talks: Starting backwards, the end of the day had Steven Murdoch with the talk: "Hot or Not: Fingerpring hosts through clock skew" - Surprising and insane lecture- basically, how to compromise TOR in many ways simply using principles in machine temperature. Totally insane stuff. (the speaker is paid to work on TOR these days, but he gave many ways to break it) I saw Claudio Jeker give an overview of "Using OpenBSD as a Routing Platform", good stuff. I saw Simon L. Nielson give the structural low-down on "The FreeBSD Security Officer Function" I missed Robert Watson and Soren Straarup speak, they were right after my talk on jail(8) and I had to deal with some things... (cigarettes and posting lecture notes) Sadly, Sam Leffler was home sick with a Flu, but dig this: He video- taped his talk from his home office, and the organizers did a multimedia thing. Sam ran over about 30 MINUTES into my talk, so I was trumped by a ghost! Ha! Mark Balmer (Swiss) from the OpenBSD project did a talk on his work with Radio Clocks in OpenBSD, VERY VERY cool work- and a great presentation. (Makes me want to setup a radio clock NTP server in Williamsburg when I get home :) Other stuff I missed, Ryan Bickhart did a talk on TCP-to-SCTP translation shim in the FreeBSD kernel, Pierre-Yves Ritschard did a talk on OpenBSD Load Balancing, all very cool guys- and people seemed to really like these talks. -- That was day 1, very very impressive orginizaton here, the DKUUG, (Danish Unix Users Group) are totally swell folks- very much like NYCBUG but um, Danish. :) Sidenote- funny- The Hostel where most of us are staying is nice, but barebones- HOWEVER, Kristen Nielson (DKUUG guy, organized the tutorial sessions)- he works for the big scandinavian telco, and hooked up a 100mbit internet connection in the basement at the Hostel, for everyone's use. I repeat- he whipped up a temporary 100mbit pipe, so we could have internet access at the Hostel. Holy moses. Oh yeah- a big reception last night was held at the Zoo, (yeah, I thought it was weird too at first)- and I was suprised to see camels, flamingos, lions, etc... Very nice Zoo. We also got a tour to see the only Tszmanian Devils which exist outside Tasmania or Australia, (the zookeepers were very proud of them, they were like a gift to the royal family here or something...). They look like pot-bellied pigs but meaner, and somehow cuter. http://www.turkishdailynews.com.tr/article.php?enewsid=26124 -- /salute, that's the report for now- day 2 starts soon, and I'm jetlagged :) Rocket- .ike From andy.kosela at gmail.com Sat Sep 15 06:48:32 2007 From: andy.kosela at gmail.com (Andy Kosela) Date: Sat, 15 Sep 2007 12:48:32 +0200 Subject: [nycbug-talk] Day 1, EuroBSDCon 2007 report In-Reply-To: References: Message-ID: <3cc535c80709150348se87c1d6p9fa0f4d7d3065b38@mail.gmail.com> On 9/15/07, Isaac Levy wrote: > Hi Everybody, > > Day 1 of EuroBSDCon is over, and the first day ROCKED. Isaac, thank you for your report. It seems EuroBSDCon2007 is great (as usual). I really hope they will put up Sam Leffler's video presentation on the website. Me (and probably all of us :) would like to see it. He is a true UNIX legend. -- Andy Kosela Protect Ya Neck Records/Wu-Tang Management www.protect-ya-neck.com Staten Island, NY From carton at Ivy.NET Sat Sep 15 07:20:47 2007 From: carton at Ivy.NET (Miles Nordin) Date: Sat, 15 Sep 2007 07:20:47 -0400 Subject: [nycbug-talk] Day 1, EuroBSDCon 2007 report In-Reply-To: <3cc535c80709150348se87c1d6p9fa0f4d7d3065b38@mail.gmail.com> (Andy Kosela's message of "Sat, 15 Sep 2007 12:48:32 +0200") References: <3cc535c80709150348se87c1d6p9fa0f4d7d3065b38@mail.gmail.com> Message-ID: >>>>> "ak" == Andy Kosela writes: ak> He is a true UNIX legend. he is certainly infamous, but I don't want collaborators like that in my tent. Free/NetBSD need to follow Linux's lead and get that guy's crap out of their kernels. It offends me they will not tolerate GPL'ed stuff in their supposedly pristine kernels, and have such strict code review processes they take multiple years to check in working code, but Sam Leffler's broken garbage which is not only proprietary but has an atrocious track record is greedily and instantly devoured. I can understand ``oops, well it seemed like the right decision at the time,'' but our whole wireless stack has been completely fucked basically since forever (since cardbus/80211g anyway), and this true UNIX legend is really, erum, ``making a difference'' in this department, just not the good kind of difference I think. but then again, I'm probably more pissed off than well-informed. that fucking guy though. I can't believe you lost 30min of your talk to a video tape. They should have just pressed STOP and referred everyone to some Youtube! URL. Since you can only play those videos with a proprietary player, Sam should love being posted there. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From dan at langille.org Sat Sep 15 10:48:19 2007 From: dan at langille.org (Dan Langille) Date: Sat, 15 Sep 2007 10:48:19 -0400 Subject: [nycbug-talk] Day 1, EuroBSDCon 2007 report In-Reply-To: References: , <3cc535c80709150348se87c1d6p9fa0f4d7d3065b38@mail.gmail.com> (Andy Kosela's message of "Sat, 15 Sep 2007 12:48:32 +0200"), Message-ID: <46EBB873.6928.95CFF49@dan.langille.org> On 15 Sep 2007 at 7:20, Miles Nordin wrote: > but then again, I'm probably more pissed off than well-informed. Yes, so it seems. I hope your day gets better. And perhaps have a coffee before you post such venom. -- Dan Langille - http://www.langille.org/ Available for hire: http://www.freebsddiary.org/dan_langille.php From bonsaime at gmail.com Sat Sep 15 12:00:57 2007 From: bonsaime at gmail.com (Jesse Callaway) Date: Sat, 15 Sep 2007 12:00:57 -0400 Subject: [nycbug-talk] wonderful saturday Message-ID: I'm sure we're all having just a wonderful morning. Cheers everyone! RMS posted to misc, albeit trivial and SCO just filed Chapter 11. Two totally unrelated but funny things that happend yesterday. -jesse From dan at langille.org Sat Sep 15 13:59:35 2007 From: dan at langille.org (Dan Langille) Date: Sat, 15 Sep 2007 13:59:35 -0400 Subject: [nycbug-talk] Day 1, EuroBSDCon 2007 report In-Reply-To: <46EBB873.6928.95CFF49@dan.langille.org> References: , , <46EBB873.6928.95CFF49@dan.langille.org> Message-ID: <46EBE547.29457.A0C18AA@dan.langille.org> On 15 Sep 2007 at 10:48, Dan Langille wrote: > On 15 Sep 2007 at 7:20, Miles Nordin wrote: > > > but then again, I'm probably more pissed off than well-informed. > > Yes, so it seems. > > I hope your day gets better. And perhaps have a coffee before you > post such venom. Miles: Yes, I got your private reply. Do I have permission to post it to the list? Don't bother with insults off-list as well as on- list. -- Dan Langille - http://www.langille.org/ Available for hire: http://www.freebsddiary.org/dan_langille.php From george at ceetonetechnology.com Sat Sep 15 14:19:41 2007 From: george at ceetonetechnology.com (george at ceetonetechnology.com) Date: Sat, 15 Sep 2007 14:19:41 -0400 Subject: [nycbug-talk] Day 1, EuroBSDCon 2007 report In-Reply-To: <46EBE547.29457.A0C18AA@dan.langille.org> References: , , <46EBB873.6928.95CFF49@dan.langille.org> <46EBE547.29457.A0C18AA@dan.langille.org> Message-ID: <20070915141941.c4eq17rfwo8kog04@business.loftmail.com> Quoting Dan Langille : > On 15 Sep 2007 at 10:48, Dan Langille wrote: > >> On 15 Sep 2007 at 7:20, Miles Nordin wrote: >> >> > but then again, I'm probably more pissed off than well-informed. >> >> Yes, so it seems. >> >> I hope your day gets better. And perhaps have a coffee before you >> post such venom. > > Miles: Yes, I got your private reply. Do I have permission to post > it to the list? Don't bother with insults off-list as well as on- > list. > Okay. . . enough. If you want to discuss the question of binaries and wireless drivers, continue. If not, end of the thread. Have a nice day all. George From ike at lesmuug.org Sun Sep 16 00:31:05 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sun, 16 Sep 2007 06:31:05 +0200 Subject: [nycbug-talk] Day 1, EuroBSDCon 2007 report In-Reply-To: References: <3cc535c80709150348se87c1d6p9fa0f4d7d3065b38@mail.gmail.com> Message-ID: <48F88AB8-73FC-4A8F-B76F-3CFFFF6E3070@lesmuug.org> Hey All, On Sep 15, 2007, at 1:20 PM, Miles Nordin wrote: > I can't believe you lost 30min of your talk to a > video tape. Oh no, I simply ran over, (as did all speakers), and everyone dealt with an adjusted schedule. Marc Balmer and Steven Murdoch both helped out, due to their extensive experience with clock skew ;P -- But seriously, it was a great time- and all the lecture content was incredible, I'm sad Sam wasn't here. It's excellent to see developers from ALL the projects sharing so many ideas (and eventually, drinks)... Best, .ike From ike at lesmuug.org Sun Sep 16 00:55:31 2007 From: ike at lesmuug.org (Isaac Levy) Date: Sun, 16 Sep 2007 06:55:31 +0200 Subject: [nycbug-talk] Day 2, EuroBSDCon 2007 report Message-ID: Hey All, Day 2 was awesome! The morning, I missed some things- Brooks Davis was detained, so the morning got off to a rocky start... and he didn't get to give his talk about Open Source in his company. In the meantime Yvan Vanhullebus gave a talk about how they use BSD at their firewall company in France. John Hartmann's keynote was an INSANELY COOL SURPRISE. He gave a talk about CMS pipes, "Real mens pipes", and how they differ from UNIX pipes. http://en.wikipedia.org/wiki/Hartmann_pipeline http://vm.marist.edu/~pipeline/ Think IBM Denmark, 1970's. Totally mind-blowing fun. Then, Kirk did "A Brief History of the BSD Fast Filesystem", I'd seen it before, so I went to see Gregers Petersen talk about Open Source and property. It was a great talk, however I was surprised to see such a talk at a technical conference. However, he spoke mostly about historical observations about culture, value, trust... in relation to property- and there was a hearty discussion afterwards. Then came the big excitement- Pawel Jakub Dawidek, "FreeBSD and ZFS". I saw this talk in Tokyo, Pawel had just ported Sun's ZFS to FreeBSD. Now at this point, it will take some time, but this is the first SIGNIFIGANT improvement over UFS in the *BSD world in many years. His presentation (and his work) was so good, it even got the attention of many of the OpenBSD developers I spoke to, (who will remain anonymous :). The features, performance, and implementation are hard to ignore- and it's running stable in the 7-CURRENT branch. I can't tell everyone how INSANELY COOL this is. Also, Pawel got some animation help from a friend, the talk was really well done. Kirk McKusick is even excited... Antti Kantee and Allistair Crooks did a talk about ReFuise, "Userspeace FUSE Reimplementation using puffs"- which I wanted to see, because I know nothing about it- but instead, I saw George Neville-Neil talk about "Network Protocol Testing in FreeBSD and in General"- which was awesome. He showed off his test suite for network stack testing, as well as discussing his VAST experiences with network protocol implementation, leading to the tools creation... Then the fun... They did a '3rd party software deathmatch', had people from various ports teams present their systems, and everyone voted on them: They got some good sport Gentoo guys, a Debian guy, a Pkgsrc guy, an OpenBSD guy, and a FreeBSD guy (brooks davis) to present a short snipped on the system. Much booing, cheering, and heckling for this competition- and FreeBSD ports won out in the end. Will post the votes if I hear them again. All in all, the voting was not serious, (the judges wore devilish costumes, and were openly bribed with Beer by the OpenBSD guy), so... A very good way to end the conference. -- Everyone who helped, the DKUUG, everyone- deserve so much mention: Flemming Fr?kj?r Flemming Jacobsen Lars Thegler Poul-Henning Kamp Sidsel Jensen Simon L. Nielsen Kristen Nielsen Lennart Sorth Robert Watson Ole Guldberg Jensen Michael Knudsen Emmanuel Dreyfus Everyone worked SO hard, and the conference was awesome. Today, we go to Legoland in about 10 minutes, I'll report back later... I'll be at the FreeBSD developers summit, somewhere out in the country, for the next 2 days before I come home, working on some personal projects... /salute Rocket- .ike From md at mailq.de Sun Sep 16 05:37:34 2007 From: md at mailq.de (Mischa Diehm) Date: Sun, 16 Sep 2007 11:37:34 +0200 Subject: [nycbug-talk] Day 2, EuroBSDCon 2007 report In-Reply-To: References: Message-ID: <20070916093734.GA5483@mailq.de> Hellas, On Sun, Sep 16, 2007 at 06:55:31AM +0200, Isaac Levy wrote: > I can't tell everyone how INSANELY COOL this is. Also, Pawel got > some animation help from a friend, the talk was really well done. tatally agree on that. ZFS has it all (Shots, Clones, Integrity...) You name it. > Antti Kantee and Allistair Crooks did a talk about ReFuise, > "Userspeace FUSE Reimplementation using puffs"- which I wanted to > see, because I know nothing about it- Same applied to me - so I went and checked it out. Turns out that Antti has had the same idea like the FUSE guys apparently not knowing of or interested in their implementation at the time. So he implemented puffs which is very nicely integrated in the FS layering of NetBSD. By the time it was working there were already many Userland FS-implementations for FUSE ... Along came Alistair and did a reemplementation of FUSE named ReFUSE which sits on top of puffs and allows the use of all existing FUSE FSs. If that stuff got you interested go check out: http://www.netbsd.org/docs/misc/puffs.html On a site note Antti mentioned that the implementation should be easily portable to the other BSDs... looking forward to that. Speaking of the conference I totally agree with ike and I'm looking forward to next years conference in Strasbourg, France. Mischa p.s.: ike's last talk about jails or second last - I guess you never know - was as usual a very nice and entertaining show. From carton at Ivy.NET Sun Sep 16 09:00:02 2007 From: carton at Ivy.NET (Miles Nordin) Date: Sun, 16 Sep 2007 09:00:02 -0400 Subject: [nycbug-talk] Day 2, EuroBSDCon 2007 report In-Reply-To: (Isaac Levy's message of "Sun, 16 Sep 2007 06:55:31 +0200") References: Message-ID: >>>>> "il" == Isaac Levy writes: il> Pawel Jakub Dawidek, "FreeBSD and ZFS". I have been using it on Solaris for a little over a year, and it really is ``that good''. and some of the problems I blogged about last December have been fixed between nevada b44 and b71. It's still not perfect, though, and some of these problems will certainly spill into FreeBSD's implementation: * I'm still having some problems that the machine panics if a disk goes away. panic on strange filesystem stuff (and even in some cases I think kernel memory corruption if some on-disk data structure is garbage?) was the norm with FFS. but this norm needs to end. * I still don't understand the state machine for mirrors---if half a mirror goes away, then comes back, when will ZFS notice it's out of sync, right away or after scrub? - claim is that it notices right away, and yes, there is a mini-resilver that happens after the mirror is rejoined. But if I do 'zpool scrub pool' after the mini-resliver finishes, scrub still finds inconsistencies. - errors reported by 'zpool status' including mirror inconsistency ``please scrub me by hand'' errors tend to vanish after rebooting. It forgets that it noticed the mirror was inconsistent. That doesn't seem okay. for things like iSCSI (restarting the daemon) or scratchy firewire connections (targets go away and come back, at worst maybe even with a different device name), it's important to deal with a mirror component that vanishes for, say, 2.5 seconds, then comes back, in a solid and graceful way. The real message here, though, is an optimistic one: that ZFS has given an architecture and a style that makes it possible to ask for something so ridiculous as ``please gracefully deal with targets that vanish for 2.5 seconds and re-appear on a different device node,'' which would be impossible with a regular LVM/geom/RAIDframe type system, or even for a hardware system without a gigabyte of NVRAM. * Also there is a missing feature which would be very nice: LVM's 'pvmove' command to migrate data off a vdev onto the other (possibly just-added) empty vdevs, so that you can safely remove the whole old vdev from the pool. but yeah ZFS is probably better than everything else. but there is so much obvious and non-obvious stuff that's fantastic about it. For example I think the idea of scrubbing is a non-obvious fantastic thing. For near-line storage, it's common for disks to go bad quietly---you don't know they're bad until you try to access the seldomly-read data, which is terrible because you end up with mirrors and RAID5's that have multiple bad components. so in my opinion disks in a mirror or RAID5 should be tested with 'dd if=/dev/disk of=/dev/null', or with some kind of SMART testing (offline testing or background testing?) every couple months, something that reads every block. but this practice is not common, and even if you think a drive might be bad and fsck it, this practice is not even done by modern fsck invoked in the normal way. It hasn't been done since the ancient days of disks that didn't remap bad blocks. The practice needs to come back---not necessarily reading of unallocated areas of the disk, but at least for every block that's holding data there should be a bimonthly test-read, and 'zpool scrub' does this in an I think O(n) way, and its use is a common ZFS best-practice. People always have strange, complicated, long stories about how they lose their data, but my impression is home users tend to lose everything about once every one or two years, and experienced Unix people maybe every five years or so? I think sometihng like scrubbing a giant near-line array vs. not doing that can increase its in-practice lifespan by many years. I haven't lost everything yet, but I do have these habitual mini-disasters that need to stop. I had an unmirrorred single-disk ZFS go bad recently---the drive was still working but had read and write errors. I go through this marginal-disk problem a lot, and the answer for me is usually: dd if=/dev/broken of=/dev/newdisk bs=512 conv=noerror,sync fsck /dev/newdisk so, with ZFS, this becomes more like: dd if=/dev/broken of=/dev/newdisk bs=512 conv=noerror,sync zpool import [look for the pool's serial number] zpool import -f 73710598603223 zpool scrub pool There were two regions of read errors on the disk. When ZFS's scrub finished, 'zpool status' gave me the pathnames of the files that were corrupted by dd's replacing with zeroes. I didn't need the files, so I deleted them, and now ZFS shows this: bash-3.00# zpool status -v pool pool: pool state: ONLINE status: One or more devices has experienced an error resulting in data corruption. Applications may be affected. action: Restore the file in question if possible. Otherwise restore the entire pool from backup. see: http://www.sun.com/msg/ZFS-8000-8A scrub: none requested config: NAME STATE READ WRITE CKSUM pool ONLINE 0 0 0 c3t1d0s3 ONLINE 0 0 0 errors: Permanent errors have been detected in the following files: pool/export:<0x3a10e> pool/export:<0x226cb6> pool/export:<0x28cf7b> (it used to show pathnames, I promise.) With Linux ext3, I discovered these errors a year later when some .avi wouldn't play. Having pathnames is obviously great, because I can go hunting all over the Internet or my disk clutter for another copy of the corrupt file. I can do my hunting before next year when other copies of the file have become more scarce. I can feel confident the rest of the disk is in good shape, not worry I should maybe reinstall operating systems. This saves me so much time and lets me be lazy. It's good to have this accurate and sanely-displayed data about exactly which data was lost in an fsck of an unclean filesystem, rather than 'inode 98fed94 CLEARED!!!'. FFS has been keeping my valuable data since 1999, and now after a year of testing ZFS I think I will move this data onto ZFS for the next eight years. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From ike at lesmuug.org Sun Sep 16 18:11:07 2007 From: ike at lesmuug.org (Isaac Levy) Date: Mon, 17 Sep 2007 00:11:07 +0200 Subject: [nycbug-talk] Day 2, EuroBSDCon 2007 report In-Reply-To: References: Message-ID: <91401EB8-5473-4BFA-A2DF-6415716190F3@lesmuug.org> Word, On Sep 16, 2007, at 3:00 PM, Miles Nordin wrote: > il> Pawel Jakub Dawidek, "FreeBSD and ZFS". As an aside, Pawel's laptop is running ZFS for all but the boot volume, though he told me on the bus earlier that someone has already re-worked all the tedious parts of the bootloader- and has FreeBSD booting correctly from ZFS volumes. His report is that for disk/block stability, he feels it's actually more stable than UFS- today. (However the work is all in CURRENT, which itself is not stable today :) > > I have been using it on Solaris for a little over a year, and it > really is ``that good''. That's another great report to add! /salute Rocket- .ike From ike at lesmuug.org Sun Sep 16 20:03:38 2007 From: ike at lesmuug.org (Isaac Levy) Date: Mon, 17 Sep 2007 02:03:38 +0200 Subject: [nycbug-talk] Addendum, GPLv3 Problem (Was: Day 2, EuroBSDCon 2007 report) Message-ID: <39EA33B7-9F7D-4467-863D-C8ADD3CF4963@lesmuug.org> Hi All, This is an addendum to my reports from EuroBSDCon. We went on a group trip to Legoland today, that was a total blast. Photos from the conference are being centralized on Flikr, search with keyword "eurobsdcon2007". http://www.flickr.com/search/?q=eurobsdcon2007 Photos are slowly trickling in... -- Which leads me to one important session I forgot- the "Project status" session. PHK organized a great session here. He took 1 representative from each project, and the audience could ask all of them a question- which would be answered by all of the projects respective representatives. The lineup was: FreeBSD: George Neville-Neil OpenBSD: Claudio Jeker NetBSD: Alistair Crooks PC-BSD/Dragonfly: Sven Willenberger http://www.flickr.com/photos/12884927 at N07/1388399822/ With that, so the first question was EXTREMELY important, (much to the surprise of many)... GPLv3, what is everyone doing about it? So to recap the problem, the GPLv3 has some incredibly viral problems when including or using the software. Worst-case implications are: everyone would need to rip out EVERY piece of GPL software, (this includes ports, and the GCC). The ports problem is huge, Samba and to a lesser extent Bash being heavy setbacks- but there's many more... The GCC problem is fundamentally more than huge, it's gargantuan. We need a new, unencumbered, compiler- and this is non-trivial. - The answers went like this (paraphrased!!!): 1) FreeBSD, GNN said: - Licences, this one in particular, needs Lawyers to deal with. The FreeBSD foundation has hired lawyers, who are actively reviewing the situation now. His attitude is just to 'keep coding' for now, and don't waste time dealing with things the lawyers will eventually need to take care of anyhow. However, this has brought up the compiler issue... . It's about time this core non-bsd component is addressed, right? 2) OpenBSD, Claudio said: - "We will do what we need to do" as we continue, and have discussed the compiler situation at length. There were some laughs and (constructive) hecklers regarding an OpenBSD being shipped without a compiler, (like removing Apache haha). 3) NetBSD, Alistair said: - they also are aware of the situation, and have explored various compiler replacements- but have no solid answers. 4) Dragonfly/PC-BSD, Sven said: - they also are aware of the situation, and have explored various compiler replacements- but have no solid answers. Everyone agreed the lawyers are really necessary for dealing with GPL3, and everyone is clear and in agreement on the issues at hand. It seems there are some differences approach for replacing the GCC, and regarding Portage, all projects feel this is far to complex a problem to comment on now- (excepting OpenBSD, who outright will rip out any GPL port) With that, it was great to see all the projects are on the same page- and that they're all aware and taking proactive steps to deal with this now... -- That's it for this report, I'm headed to the FreeBSD Dev. summit in the morning, somewhere out in the countryside... Should be great. That's it for now, see yall' back in NY late this week! Rocket- .ike From nycbug at cyth.net Sun Sep 16 20:09:13 2007 From: nycbug at cyth.net (Ray Lai) Date: Sun, 16 Sep 2007 20:09:13 -0400 Subject: [nycbug-talk] Addendum, GPLv3 Problem (Was: Day 2, EuroBSDCon 2007 report) In-Reply-To: <39EA33B7-9F7D-4467-863D-C8ADD3CF4963@lesmuug.org> References: <39EA33B7-9F7D-4467-863D-C8ADD3CF4963@lesmuug.org> Message-ID: <20070917000936.GZ32474@cybertron.cyth.net> On Mon, Sep 17, 2007 at 02:03:38AM +0200, Isaac Levy wrote: > The GCC problem is fundamentally more than huge, it's gargantuan. We > need a new, unencumbered, compiler- and this is non-trivial. Luckily we discovered pcc: http://undeadly.org/cgi?action=article&sid=20070915195203 -Ray- From mspitzer at gmail.com Sun Sep 16 21:35:28 2007 From: mspitzer at gmail.com (Marc Spitzer) Date: Sun, 16 Sep 2007 21:35:28 -0400 Subject: [nycbug-talk] Addendum, GPLv3 Problem (Was: Day 2, EuroBSDCon 2007 report) In-Reply-To: <20070917000936.GZ32474@cybertron.cyth.net> References: <39EA33B7-9F7D-4467-863D-C8ADD3CF4963@lesmuug.org> <20070917000936.GZ32474@cybertron.cyth.net> Message-ID: <8c50a3c30709161835p5d257793u58c2aa8a9b4475df@mail.gmail.com> On 9/16/07, Ray Lai wrote: > On Mon, Sep 17, 2007 at 02:03:38AM +0200, Isaac Levy wrote: > > The GCC problem is fundamentally more than huge, it's gargantuan. We > > need a new, unencumbered, compiler- and this is non-trivial. > > Luckily we discovered pcc: > > http://undeadly.org/cgi?action=article&sid=20070915195203 > > -Ray- > I read somewhere that RMS is planning even more GPL goodness in the near term future. I wonder what he will think up. marc -- Freedom is nothing but a chance to be better. Albert Camus From carton at Ivy.NET Mon Sep 17 09:42:29 2007 From: carton at Ivy.NET (Miles Nordin) Date: Mon, 17 Sep 2007 09:42:29 -0400 Subject: [nycbug-talk] Addendum, GPLv3 Problem In-Reply-To: <39EA33B7-9F7D-4467-863D-C8ADD3CF4963@lesmuug.org> (Isaac Levy's message of "Mon, 17 Sep 2007 02:03:38 +0200") References: <39EA33B7-9F7D-4467-863D-C8ADD3CF4963@lesmuug.org> Message-ID: >>>>> "il" == Isaac Levy writes: il> With that, it was great to see all the projects are on the il> same page- and that they're all aware and taking proactive il> steps to deal with this now... well...from your summaries, they're all aware of it, anyway. sorry if this is kind of a noob question but...if BSD doesn't like GPLv3, is there a problem with simply forking the GPLv2 gcc we have now? meaning, simply stop checking into ___BSD CVS any gcc or patch to gcc once GNU switches their tree to GPLv3 only. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From george at ceetonetechnology.com Mon Sep 17 10:45:40 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 17 Sep 2007 10:45:40 -0400 Subject: [nycbug-talk] upcoming IPv6 meeting Message-ID: <46EE9314.6000102@ceetonetechnology.com> For those of you who attended the last meeting, you know that we have Gene Cronk in town. A number of us know Gene from past conferences, and are excited to have him speaking at the next meeting on IPv6. The meeting spiel is now up on the www site. There was an animated thread way back on IPv6 on talk. While Ike's observations in Japan prompted the discussion, he was only opening the gates to a discussion that happens informally all over the place. It's on that note that we ask that others provide input to Gene to make sure the meeting begins to address the main questions on everyone's mind. This talk list is a good place for this to occur. George From mspitzer at gmail.com Mon Sep 17 11:00:09 2007 From: mspitzer at gmail.com (Marc Spitzer) Date: Mon, 17 Sep 2007 11:00:09 -0400 Subject: [nycbug-talk] Addendum, GPLv3 Problem In-Reply-To: References: <39EA33B7-9F7D-4467-863D-C8ADD3CF4963@lesmuug.org> Message-ID: <8c50a3c30709170800l51c31626r6fe7a25758e8c44a@mail.gmail.com> On 9/17/07, Miles Nordin wrote: > >>>>> "il" == Isaac Levy writes: > > il> With that, it was great to see all the projects are on the > il> same page- and that they're all aware and taking proactive > il> steps to deal with this now... > > well...from your summaries, they're all aware of it, anyway. > > sorry if this is kind of a noob question but...if BSD doesn't like > GPLv3, is there a problem with simply forking the GPLv2 gcc we have > now? meaning, simply stop checking into ___BSD CVS any gcc or patch > to gcc once GNU switches their tree to GPLv3 only. > Well there is the clause that allows for license upgrade in gpl2, you can release under this version or any future version, that could turn into a major issue for tracking license version. Also some one could make a "new" bsd distribution and use the new license to infect everything they can and then do some useful work. Then let the other bsds incorporate it and claim that Xbsd is gpled or parts of it are. pcc is looking better and better. marc -- Freedom is nothing but a chance to be better. Albert Camus From carton at Ivy.NET Mon Sep 17 11:46:05 2007 From: carton at Ivy.NET (Miles Nordin) Date: Mon, 17 Sep 2007 11:46:05 -0400 Subject: [nycbug-talk] Addendum, GPLv3 Problem In-Reply-To: <8c50a3c30709170800l51c31626r6fe7a25758e8c44a@mail.gmail.com> (Marc Spitzer's message of "Mon, 17 Sep 2007 11:00:09 -0400") References: <39EA33B7-9F7D-4467-863D-C8ADD3CF4963@lesmuug.org> <8c50a3c30709170800l51c31626r6fe7a25758e8c44a@mail.gmail.com> Message-ID: >>>>> "ms" == Marc Spitzer writes: ms> Well there is the clause that allows for license upgrade in ms> gpl2, you can release under this version or any future ms> version, that could turn into a major issue for tracking ms> license version. I don't see how. The license version is easy to track by reading the LICENSE file before you import something, and this file doesn't change by itself, only changes when you import things from GNU into the tree. Neither GNU nor anyone else can change their license retroactively. ms> Also some one could make a "new" bsd distribution and use the ms> new license to infect everything they can to whatever extent this is possible and whatever actual consequence it has, deciding to ditch gcc from the tree entirely rather than forking the existing GPLv2 gcc will make no difference in whether or not someone is able to make this hypothetical/problematic new BSD distribution, and no difference in the consequences of their doing so. so far it all looks like FUD to me. I'm still trying to understand the problem and the necessity for reacting somehow. All I see so far is: ``don't import any GPLv3 code into CVS until the license is well-understood.'' Fine. Obvious. Easy. I don't understand the motivation for this reactionary rush to ditch things that were fine yesterday---it looks to me like the not-at-all-new desire to get rid of more GPLv2 stuff is completely unrelated to the GPLv3, and maybe some GPLv2 detractors are now using the FUD surrounding GPLv3 to get sysadmins into some kind of ``update your timezone files'' frenzy so something gets done even if the reasons for it are muddy. Maybe it is a good idea to remove some more GPL stuff, but wanting for a long time to get rid of more GPLv2 stuff should be discussed separately from this GPLv3 FUD. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From ike at lesmuug.org Mon Sep 17 13:15:16 2007 From: ike at lesmuug.org (Isaac Levy) Date: Mon, 17 Sep 2007 19:15:16 +0200 Subject: [nycbug-talk] upcoming IPv6 meeting In-Reply-To: <46EE9314.6000102@ceetonetechnology.com> References: <46EE9314.6000102@ceetonetechnology.com> Message-ID: Word, On Sep 17, 2007, at 4:45 PM, George Rosamond wrote: > For those of you who attended the last meeting, you know that we have > Gene Cronk in town. woot! > It's on that note that we ask that others provide input to Gene to > make > sure the meeting begins to address the main questions on everyone's > mind. To be straight, I'm really looking foreword to the more *practical* parts of IPv6 deployment, how to setup a tunnel on a home or office network, how to set up a tunnel in a datacenter enviornment... the basics. What I'd like the meeting *not* to be, is a discussion of the possibilities of if/when/why kinds of v6 discussion... I mean, there's enough of that which can happen with or without Gene in town IMHO... But I could be wrong, does anyone else want to just focus mostly on doing stuff with IPv6? I'm sick of discussing the socio-economics and politics of the whole thing for now... Rocket- .ike From mikel.king at techally.com Mon Sep 17 13:32:30 2007 From: mikel.king at techally.com (Mikel King) Date: Mon, 17 Sep 2007 13:32:30 -0400 Subject: [nycbug-talk] upcoming IPv6 meeting In-Reply-To: References: <46EE9314.6000102@ceetonetechnology.com> Message-ID: On Sep 17, 2007, at 1:15 PM, Isaac Levy wrote: > Word, > > On Sep 17, 2007, at 4:45 PM, George Rosamond wrote: > >> For those of you who attended the last meeting, you know that we have >> Gene Cronk in town. > woot! > >> It's on that note that we ask that others provide input to Gene to >> make >> sure the meeting begins to address the main questions on everyone's >> mind. > > To be straight, I'm really looking foreword to the more *practical* > parts of IPv6 deployment, how to setup a tunnel on a home or office > network, how to set up a tunnel in a datacenter enviornment... the > basics. > > What I'd like the meeting *not* to be, is a discussion of the > possibilities of if/when/why kinds of v6 discussion... I mean, > there's enough of that which can happen with or without Gene in town > IMHO... > > But I could be wrong, does anyone else want to just focus mostly on > doing stuff with IPv6? I'm sick of discussing the socio-economics and > politics of the whole thing for now... > > Rocket- > .ike > > Ike, Sounds like you have the makings of a fine Daemon News Article here... m From bonsaime at gmail.com Mon Sep 17 16:45:19 2007 From: bonsaime at gmail.com (Jesse Callaway) Date: Mon, 17 Sep 2007 16:45:19 -0400 Subject: [nycbug-talk] upcoming IPv6 meeting In-Reply-To: References: <46EE9314.6000102@ceetonetechnology.com> Message-ID: On 9/17/07, Isaac Levy wrote: > Word, > > On Sep 17, 2007, at 4:45 PM, George Rosamond wrote: > > > For those of you who attended the last meeting, you know that we have > > Gene Cronk in town. > woot! > > > It's on that note that we ask that others provide input to Gene to > > make > > sure the meeting begins to address the main questions on everyone's > > mind. > > To be straight, I'm really looking foreword to the more *practical* > parts of IPv6 deployment, how to setup a tunnel on a home or office > network, how to set up a tunnel in a datacenter enviornment... the > basics. > > What I'd like the meeting *not* to be, is a discussion of the > possibilities of if/when/why kinds of v6 discussion... I mean, > there's enough of that which can happen with or without Gene in town > IMHO... > > But I could be wrong, does anyone else want to just focus mostly on > doing stuff with IPv6? I'm sick of discussing the socio-economics and > politics of the whole thing for now... > > Rocket- > .ike > > Nah, just stuff. No huff and puff. The labs look like they will be fun, especially with MysteryBSD. -jesse From carton at Ivy.NET Mon Sep 17 16:47:25 2007 From: carton at Ivy.NET (Miles Nordin) Date: Mon, 17 Sep 2007 16:47:25 -0400 Subject: [nycbug-talk] upcoming IPv6 meeting In-Reply-To: (Isaac Levy's message of "Mon, 17 Sep 2007 19:15:16 +0200") References: <46EE9314.6000102@ceetonetechnology.com> Message-ID: >>>>> "il" == Isaac Levy writes: il> *practical* parts of IPv6 deployment, As for how to get a good no-bullshit tunnel even if you're willing to pay, I still don't have an answer here, unless you have some kind of lucky inside connection. I've gotten a tunnel from a friend at a small ISP who has some Hurricane Electric transit. he.net doesn't seem to be nearly as bad as they used to be (not so much NYC->Europe->Japan->California problems), so if you can talk them into selling you a colocation in New York you may be all set. The mrmcd110b conference had IPv6 which I helped set up. It was delivered natively on gigabit Ethernet over SMF from friends at MANDA, the Metropolitan Area Network of Darmstadt. There was Juniper on MANDA's end and FreeBSD on our end. The primary problem here is the same one I have at home: it's not affordable to route a gigabit of IPv6. It's possible to get gigabit L2 and L3 switches which are affordable, even some old fairly good ones---for example I've bought an Extreme Alpine which is not perfect (everyone hates its CLI and I suspect it may be flow-based routing not true longest-prefix matching), but still it's really pretty good and will do BGP and OSPF and QoS. But these are all v4-only! For v6, AFAICT so far only Cisco and Juniper can do it, which isn't cheap. Extreme is still routing v6 in software (!!) even on their latest currently-shipping XOS switches. I don't know if Foundry even has a complete v6 stack (including OSPFv3 for example) at all. so you are easily talking $10,000 for something proper that can do >1Gbit/s of L3 IPv6. The answer at mrmcd and at home was to use PeeCees, and this just sucks. They have lots of jitter compared to real switches, and the QoS is absent or not working, and the realistic performance even with FreeBSD polling(4) is almost two orders of magnitude less than my Extreme Alpine's v4 capability which has a 64Gbit/s backplane. Cisco is doing fairly well with working and relatively complete v6 support in even old, cheap, slow devices (1605, 1720, 3620 all working fine), and first-class support on the 6500 with hardware switching, hardware ACL's, QoS classification on L4 of IPv6, all that (although one guy has told me running it there is ``still scary'' because of possible crashes or Pings of Death or some such). However even though they are better than many of their competitors, still I don't know if Cisco's IPsec stack is supporting v6, or if PIX supports it---i suspect ``no'' or ``not well.'' in comparison, BSD PF does support it and works well. 'racoon' is supposed to support it, but I haven't tried. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From quigongene at gmail.com Mon Sep 17 16:56:18 2007 From: quigongene at gmail.com (gene cronk) Date: Mon, 17 Sep 2007 16:56:18 -0400 Subject: [nycbug-talk] upcoming IPv6 meeting In-Reply-To: References: <46EE9314.6000102@ceetonetechnology.com> Message-ID: <7bb72ca70709171356r428b0ae5m974683af0daf17a0@mail.gmail.com> On 9/17/07, Isaac Levy wrote: > > Word, > > On Sep 17, 2007, at 4:45 PM, George Rosamond wrote: > > > For those of you who attended the last meeting, you know that we have > > Gene Cronk in town. > woot! > > > It's on that note that we ask that others provide input to Gene to > > make > > sure the meeting begins to address the main questions on everyone's > > mind. > > To be straight, I'm really looking foreword to the more *practical* > parts of IPv6 deployment, how to setup a tunnel on a home or office > network, how to set up a tunnel in a datacenter enviornment... the > basics. > > What I'd like the meeting *not* to be, is a discussion of the > possibilities of if/when/why kinds of v6 discussion... I mean, > there's enough of that which can happen with or without Gene in town > IMHO... > > But I could be wrong, does anyone else want to just focus mostly on > doing stuff with IPv6? I'm sick of discussing the socio-economics and > politics of the whole thing for now... > > Rocket- > .ike I'm trying to keep this one more along the lines of a technical talk, as it seems you can go to just about anywhere technical that's giving some sort of IPv6 talk and get the "you really need to use IPv6 because of blahblahblah". Nobody's really covering HOW to use it. I'm attacking it from more of a "I want to set this up at home and play" perspective, but I will be digging around on how to set it up in a datacenter using standard routing/peering protocols. I'll do my best with the datacenter side stuff, but it may not be spot on. The tunnel and daemon setups, OTOH, will be. You'll be able to take my methods home with you and get a tunnel up that night if you wish (or the next day if you've had a couple too many at Suspenders....;-)). I'm not really going to touch the WHY you should learn it. Everyone has heard that ad nauseum. If you want to discuss the whys after the meeting, cool, but for the most part during the talk I want to stick to the down and dirty HOWS. Sound good to everyone? --Gene -------------- next part -------------- An HTML attachment was scrubbed... URL: From ike at lesmuug.org Mon Sep 17 17:05:03 2007 From: ike at lesmuug.org (Isaac Levy) Date: Mon, 17 Sep 2007 23:05:03 +0200 Subject: [nycbug-talk] upcoming IPv6 meeting In-Reply-To: <7bb72ca70709171356r428b0ae5m974683af0daf17a0@mail.gmail.com> References: <46EE9314.6000102@ceetonetechnology.com> <7bb72ca70709171356r428b0ae5m974683af0daf17a0@mail.gmail.com> Message-ID: <473F4D8B-7A63-4D2D-B46C-744C867967D7@lesmuug.org> On Sep 17, 2007, at 10:56 PM, gene cronk wrote: > I'm not really going to touch the WHY you should learn it. > Everyone has heard that ad nauseum. If you want to discuss the > whys after the meeting, cool, but for the most part during the talk > I want to stick to the down and dirty HOWS. Sound good to everyone? YES Rocket- .ike From spork at bway.net Mon Sep 17 17:21:16 2007 From: spork at bway.net (Charles Sprickman) Date: Mon, 17 Sep 2007 17:21:16 -0400 (EDT) Subject: [nycbug-talk] upcoming IPv6 meeting In-Reply-To: References: <46EE9314.6000102@ceetonetechnology.com> Message-ID: On Mon, 17 Sep 2007, Miles Nordin wrote: >>>>>> "il" == Isaac Levy writes: > > il> *practical* parts of IPv6 deployment, > > As for how to get a good no-bullshit tunnel even if you're willing to > pay, I still don't have an answer here, unless you have some kind of > lucky inside connection. I've gotten a tunnel from a friend at a > small ISP who has some Hurricane Electric transit. he.net doesn't > seem to be nearly as bad as they used to be (not so much > NYC->Europe->Japan->California problems), so if you can talk them into > selling you a colocation in New York you may be all set. One of the places I work for is a small ISP. After Ike's last v6 proselytising after visting Japan, I thought it would be interesting to see what our upstreams offer. We have Level3 and HE.net. Level3 never responded. I don't know if that means they don't sell it or not, or they do, but we wouldn't be interested in the prices they offer. HE.net (ie: Lightning.net on this coast) stated that they would have to do another ethernet drop (plus install fee), pay a recurring port charge, and pay for usage. My pie-in-the-sky hope was that one of them would say "yes" and that we'd only pay for traffic. If these two providers are indicative of what the v6 market is like, then that explains why you don't see it at least in the small/regional ISP space. Let me know if anyone wants to start a IPv6 co-lo in NYC. Coming up with a few customers in a good co-lo where real IPv6 transit is available would be a good way to push this locally at least. Thanks, Charles From george at ceetonetechnology.com Mon Sep 17 17:31:43 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 17 Sep 2007 17:31:43 -0400 Subject: [nycbug-talk] upcoming IPv6 meeting In-Reply-To: <473F4D8B-7A63-4D2D-B46C-744C867967D7@lesmuug.org> References: <46EE9314.6000102@ceetonetechnology.com> <7bb72ca70709171356r428b0ae5m974683af0daf17a0@mail.gmail.com> <473F4D8B-7A63-4D2D-B46C-744C867967D7@lesmuug.org> Message-ID: <46EEF23F.3090008@ceetonetechnology.com> Isaac Levy wrote: > On Sep 17, 2007, at 10:56 PM, gene cronk wrote: > >> I'm not really going to touch the WHY you should learn it. >> Everyone has heard that ad nauseum. If you want to discuss the >> whys after the meeting, cool, but for the most part during the talk >> I want to stick to the down and dirty HOWS. Sound good to everyone? > > YES > > Rocket- > .ike Yes. . . There's plenty out there for the "why-askers". . . The main problem, at least initially for many of us is how. But the "how" is also tied to the chicken-egg problem of "from whom." Miles just mentioned, and maybe you should both touch base off-list, but I've heard that he's (Miles) had some implementation experience with one or more providers. This is really the front and center question for us. . . we (at least me :) don't have clients or bosses or whoever asking us to implement IPv6 networks. . . but we want to play, learn and get some hands-on with a standard that we've been reading about for what, 10, 12, whatever years? On the test-play network would be nice. . . but home networks are, well, home. g From spork at bway.net Mon Sep 17 17:31:49 2007 From: spork at bway.net (Charles Sprickman) Date: Mon, 17 Sep 2007 17:31:49 -0400 (EDT) Subject: [nycbug-talk] upcoming IPv6 meeting In-Reply-To: <7bb72ca70709171356r428b0ae5m974683af0daf17a0@mail.gmail.com> References: <46EE9314.6000102@ceetonetechnology.com> <7bb72ca70709171356r428b0ae5m974683af0daf17a0@mail.gmail.com> Message-ID: On Mon, 17 Sep 2007, gene cronk wrote: > I'm trying to keep this one more along the lines of a technical talk, as it > seems you can go to just about anywhere technical that's giving some sort of > IPv6 talk and get the "you really need to use IPv6 because of > blahblahblah". Nobody's really covering HOW to use it. I'm attacking it > from more of a "I want to set this up at home and play" perspective, but I > will be digging around on how to set it up in a datacenter using standard > routing/peering protocols. I'll do my best with the datacenter side stuff, > but it may not be spot on. The tunnel and daemon setups, OTOH, will be. This sounds great. If you have slides, I'd love it if you could post them after the talk. My excuse for not attending this week is (prepare for "too much info") is that that evening is my wife's prep for a colonoscopy the next day. I'm lending moral support. That said, I'm really bummed to be missing this, as that's exactly what I'm looking for. I've never seen a good tutorial online that covers both "howto" and "how it works", and I don't deal well without both of those pieces of info. I mean basics - the addressing, etc. I'll even share a really stupid question right now: I type "ifconfig" on an ipv6-enabled (but not connected) host and I see the following... inet6 fe80::217:f2ff:fe50:de4c%en1 prefixlen 64 scopeid 0x5 My first thought is, as something of a network guy, is "how the hell do I keep that number in my head?" or if eventually you're an ISP and a customer calls up how do you tell them to ping their gateway for troubleshooting? "Hi, please tell me if you can ping fe80::217:f2ff:fe50:de4c". Ouch. My head can (and does) contain many ipv4 addresses - the dotted quad is easy to remember. v6 addresses, I can't see having even one of them in my memory for more than a few seconds. That's my question, if you can call it that. > You'll be able to take my methods home with you and get a tunnel up that > night if you wish (or the next day if you've had a couple too many at > Suspenders....;-)). Awesome. > I'm not really going to touch the WHY you should learn it. Everyone has > heard that ad nauseum. If you want to discuss the whys after the meeting, > cool, but for the most part during the talk I want to stick to the down and > dirty HOWS. Sound good to everyone? I won't be there, but that sounds great to me. :) Charles > --Gene > From carton at Ivy.NET Mon Sep 17 19:44:58 2007 From: carton at Ivy.NET (Miles Nordin) Date: Mon, 17 Sep 2007 19:44:58 -0400 Subject: [nycbug-talk] upcoming IPv6 meeting In-Reply-To: Charles Sprickman's message of "Mon, 17 Sep 2007 17:31:49 -0400 (EDT)" References: <46EE9314.6000102@ceetonetechnology.com> <7bb72ca70709171356r428b0ae5m974683af0daf17a0@mail.gmail.com> <473F4D8B-7A63-4D2D-B46C-744C867967D7@lesmuug.org> <46EEF23F.3090008@ceetonetechnology.com> Message-ID: >>>>> "cs" == Charles Sprickman writes: cs> inet6 fe80::217:f2ff:fe50:de4c%en1 prefixlen 64 scopeid 0x5 cs> if eventually you're an ISP and a customer calls up how do you cs> tell them to ping their gateway for troubleshooting? honestly, if you need to read the address over the phone for some reason, you just do it. it's not too big a deal. But the general advice from the NetBSD help pages anyway is that we should be using dynamic routing pretty ubiquitously on IPv6. I've been running Quagga since I set up IPv6 on my LAN---I followed their advice and didn't turn up IPv6 until I was ready to do it with Quagga. but at mrmcd I did not use any dynamic routing (only had ~4 hours to install FreeBSD and finish), so it's possible either way. here is the tunnel from my colocated router to the C1720 at home: -----8<----- $ ifconfig gif1 gif1: flags=8051 mtu 1476 tunnel inet [XXX] --> [YYY] inet6 fe80::203:baff:fe0f:aa45%gif1 prefixlen 64 scopeid 0x6 inet 69.31.131.52 --> 69.31.131.53 netmask 0xfffffffe $ ping6 ff02::2%gif1 PING6(56=40+8+8 bytes) fe80::203:baff:fe0f:aa45%gif1 --> ff02::2%gif1 16 bytes from fe80::203:baff:fe0f:aa45%gif1, icmp_seq=0 hlim=64 time=0.868 ms 16 bytes from fe80::451f:17fb%gif1, icmp_seq=0 hlim=64 time=8.749 ms(DUP!) 16 bytes from fe80::203:baff:fe0f:aa45%gif1, icmp_seq=1 hlim=64 time=0.534 ms 16 bytes from fe80::451f:17fb%gif1, icmp_seq=1 hlim=64 time=7.140 ms(DUP!) ^C -----8<----- so, you do not always need to type it to do something like check connectivity. ff02::1 is all hosts. ff02::2 is all routers (for *BSD, this means anything running rtadvd to advertise prefixes). ff02::5 is all OSPFv3 speakers. A number of operating systems like FreeBSD and Mac OS X very stupidly disabled pings to the v4 broadcast address after Smurf attacks, following Windows's lead, when in fact all that's necessary to plug the security hole is to disable forwarding broadcasts across interfaces---you may, and should, and Cisco and NetBSD do, still answer the broadcast ping so long as the reply stays on the same subnet. At least these two FreeBSD and Mac OS X will still respond to the ipv6 all-hosts multicast address ff02::1 even though they've turned off the analagous v4 feature. This is a good thing, not a security problem to get hysterical about. but the idiots who turned off the v4 broadcast ping feature would probably disable this one, too, if they knew about it, so it's an example of how there are likely more security problems lurking in v6 that we don't know about yet. In general I think it's not customary to ssh to a link-local address, although it'll work. Link-local addresses are good for using as next-hops when you are running dynamic routing protocols like OSPFv3. It makes router-to-router links more switch-like and less router-like, because you can plug any two of your routers together, and they'll discover each other and work fine---you don't have to configure every pair of ends onto a matching /30 subnet like before. The routers will still show up in 'traceroute'---they'll grab a global address from somewhere else (like a /128 global scope alias that you added to lo0). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From ike at lesmuug.org Tue Sep 18 12:09:02 2007 From: ike at lesmuug.org (Isaac Levy) Date: Tue, 18 Sep 2007 18:09:02 +0200 Subject: [nycbug-talk] Virtualized Network Stack, jail fun Message-ID: Hey All, So this is COOL. At the FreeBSD dev summit, I had the pleasure of speaking with Marco Zec, (Croatia- Univ. of Zagreb), about his work Virtualizing the network stack in FreeBSD. This is cool stuff, described in great detail here: http://imunes.tel.fer.hr/virtnet/ -- Why am I posting this? Jail(8). This is currently the future path towards multiple IP addresses for jails, (and a proper loopback interface), as well as IPv6 addressing for jails. Additionally, it enables each jail to do anything which it is given, for it's IP addresses- including running a packet filter. (spamd from jails, here we come!!!! Yeah!!!!) With that, I just wanted to drop this email on list, as many people have asked me about firewalling from jailed systems- and eventually it will not only be possible, but as a separate subsystem from jail (8) altogether :) -- Add in ZFS work, and jail(8) looks better than ever once FreeBSD 7 hits the street as REL! Additionally, there are several areas where people are working towards various cpu/memory/disk resource control, (which would be great for jailing as well) but this work is extremely difficult- low level kernel work that moves very slowly... So... Rocket- .ike From george at ceetonetechnology.com Thu Sep 20 11:43:17 2007 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 20 Sep 2007 11:43:17 -0400 Subject: [nycbug-talk] Zimbra Message-ID: <46F29515.4070808@ceetonetechnology.com> I know it was just acquired by Yahoo. . . Anyone have any experience with it? Good experiences? Nightmares? It seems it runs on Linux and OS X, but it's not in the FBSD ports. . . Although I read the threads about it, and see that PCBSD has it somewhat ported. . . George From riegersteve at gmail.com Thu Sep 20 11:52:17 2007 From: riegersteve at gmail.com (=?utf-8?B?c3RldmU=?=) Date: Thu, 20 Sep 2007 15:52:17 +0000 Subject: [nycbug-talk] Zimbra In-Reply-To: <46F29515.4070808@ceetonetechnology.com> References: <46F29515.4070808@ceetonetechnology.com> Message-ID: <1189422974-1190303560-cardhu_decombobulator_blackberry.rim.net-1191552085-@bxe003.bisx.prod.on.blackberry> Good product, setup can be a bit challenging, but since I help develop it feel free to ask any questions. Requires tomcat so might be a bit more involved on *bsd than on linux Sent via BlackBerry , i can be reached at (310) 947-8565 -----Original Message----- From: George Rosamond Date: Thu, 20 Sep 2007 11:43:17 To:NYCBUG Subject: [nycbug-talk] Zimbra I know it was just acquired by Yahoo. . . Anyone have any experience with it? Good experiences? Nightmares? It seems it runs on Linux and OS X, but it's not in the FBSD ports. . . Although I read the threads about it, and see that PCBSD has it somewhat ported. . . George _______________________________________________ talk mailing list talk at lists.nycbug.org http://lists.nycbug.org/mailman/listinfo/talk We meet the first Wednesday of the month Be sure to join our Announce list at http://lists.nycbug.org From dave at donnerjack.com Thu Sep 20 11:58:17 2007 From: dave at donnerjack.com (David Lawson) Date: Thu, 20 Sep 2007 11:58:17 -0400 Subject: [nycbug-talk] Zimbra In-Reply-To: <1189422974-1190303560-cardhu_decombobulator_blackberry.rim.net-1191552085-@bxe003.bisx.prod.on.blackberry> References: <46F29515.4070808@ceetonetechnology.com> <1189422974-1190303560-cardhu_decombobulator_blackberry.rim.net-1191552085-@bxe003.bisx.prod.on.blackberry> Message-ID: <9DFB0A9E-CE25-4A97-91F7-70257229A908@donnerjack.com> I checked it out a while ago and it was a seriously hot product, but I couldn't get it running correctly in my environment, we were doing some slightly strange port forwarding, NATing between the box and the net. Other than that, it looks really nice, we may have another look at it in the near future. --Dave On Sep 20, 2007, at 11:52 AM, steve wrote: > Good product, setup can be a bit challenging, but since I help > develop it feel free to ask any questions. > > Requires tomcat so might be a bit more involved on *bsd than on linux > > > > Sent via BlackBerry , i can be reached at > > (310) 947-8565 > > -----Original Message----- > From: George Rosamond > > Date: Thu, 20 Sep 2007 11:43:17 > To:NYCBUG > Subject: [nycbug-talk] Zimbra > > > I know it was just acquired by Yahoo. . . > > Anyone have any experience with it? Good experiences? Nightmares? > > It seems it runs on Linux and OS X, but it's not in the FBSD > ports. . . > > Although I read the threads about it, and see that PCBSD has it > somewhat > ported. . . > > George > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > We meet the first Wednesday of the month > Be sure to join our Announce list at http://lists.nycbug.org > > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > We meet the first Wednesday of the month > Be sure to join our Announce list at http://lists.nycbug.org > From jonathan at kc8onw.net Sat Sep 22 18:03:37 2007 From: jonathan at kc8onw.net (jonathan at kc8onw.net) Date: Sat, 22 Sep 2007 18:03:37 -0400 (EDT) Subject: [nycbug-talk] Draconian firewall issues Message-ID: <53995.214.13.212.26.1190498617.squirrel@www.kc8onw.net> I'm currently in a situation where I am behind a horribly draconian firewall that only allows ports 80, 443 and 21 outbound. It also appears they do layer 7 filtering because my traditional method of using port 21 for SSH instead of FTP fails in a flood of RST packets as soon as a packet with a non-text payload is sent. I plan to setup my server to allow HTTP CONNECT over port 443 and ssh that way but I need to get to my server first... I've tried browsing the public open proxy server lists but have been unable to find one I could actually use with ssh rather than regular web requests. I've also attempted to use Tor with no luck so far because the primary Directory servers are actively blocked and I can't get any alternates to work. I used the advanced search at http://torstatus.kgprog.com/ to find directory servers that listen on 80 or 443 and I can telnet to those ports but Tor never seems to successfully use them. More information is below. If someone has suggestions or is willing to set something up for me I would hopefully only need about 24 hours to get my server setup. If no one has any other ideas I can give someone I know with access my root password and hope they don't mess anything up too badly but I would really rather not do that. Thanks for your time, Jonathan (Sorry for the horrible wrapping) [changes from default torrc] FascistFirewall 1 Dirserver 66.225.36.149:443 023220505A550D6FDF0C20FF7C48E66BA06A49A6 Dirserver 86.15.239.219:80 F4AD 52CD DCF4 1398 8574 9FBD 5866 2BCD 168A 6FF6 [tor output] H:\Tor.2>tor Sep 23 01:20:39.921 [notice] Tor v0.2.0.6-alpha (r11277). This is experimental software. Do not rely on it for strong anonymity. (Running on Windows 2000 Servic e Pack 4 [server] {terminal services, single user} {terminal services}) Sep 23 01:20:40.078 [notice] Converting FascistFirewall config option to new for mat: "ReachableDirAddresses *:80" Sep 23 01:20:40.140 [notice] Converting FascistFirewall config option to new for mat: "ReachableORAddresses *:443" Sep 23 01:20:40.203 [warn] You have used DirServer to specify directory authorit ies in your configuration. This is potentially dangerous: it can make you look different from all other Tor users, and hurt your anonymity. Even if you've spe cified the same authorities as Tor uses by default, the defaults could change in the future. Be sure you know what you're doing. Sep 23 01:20:40.343 [notice] Initialized libevent version 1.3b using method win3 2. Good. Sep 23 01:20:40.406 [notice] Opening Socks listener on 127.0.0.1:9050 Sep 23 01:20:41.046 [notice] I learned some more directory information, but not enough to build a circuit. Sep 23 01:20:46.046 [notice] I learned some more directory information, but not enough to build a circuit. ^C H:\Tor.2>tor Sep 23 01:25:07.671 [notice] Tor v0.2.0.6-alpha (r11277). This is experimental s oftware. Do not rely on it for strong anonymity. (Running on Windows 2000 Service Pack 4 [server] {terminal services, single user} {terminal services}) Sep 23 01:25:07.750 [notice] Converting FascistFirewall config option to new format: "ReachableDirAddresses *:80" Sep 23 01:25:07.750 [notice] Converting FascistFirewall config option to new format: "ReachableORAddresses *:443" Sep 23 01:25:07.750 [warn] You have used DirServer to specify directory authorities in your configuration. This is potentially dangerous: it can make you look different from all other Tor users, and hurt your anonymity. Even if you've specified the same authorities as Tor uses by default, the defaults could change in the future. Be sure you know what you're doing. Sep 23 01:25:07.781 [notice] Initialized libevent version 1.3b using method win32. Good. Sep 23 01:25:07.828 [notice] Opening Socks listener on 127.0.0.1:9050 Sep 23 01:25:08.453 [notice] I learned some more directory information, but not enough to build a circuit. Sep 23 01:25:10.281 [notice] I learned some more directory information, but not enough to build a circuit. Sep 23 01:26:11.625 [notice] I learned some more directory information, but not enough to build a circuit. Sep 23 01:27:12.765 [notice] I learned some more directory information, but not enough to build a circuit. Sep 23 01:28:13.250 [notice] I learned some more directory information, but not enough to build a circuit. Sep 23 01:29:14.703 [notice] I learned some more directory information, but not enough to build a circuit. Sep 23 01:30:15.984 [notice] I learned some more directory information, but not enough to build a circuit. From jonathan at kc8onw.net Sat Sep 22 23:59:13 2007 From: jonathan at kc8onw.net (jonathan at kc8onw.net) Date: Sat, 22 Sep 2007 23:59:13 -0400 (EDT) Subject: [nycbug-talk] Draconian firewall issues In-Reply-To: <20070923020026.GM18316@loftmail.com> References: <53995.214.13.212.26.1190498617.squirrel@www.kc8onw.net> <20070923020026.GM18316@loftmail.com> Message-ID: <23945.214.13.212.26.1190519953.squirrel@www.kc8onw.net> I'd like to say thanks to Miles Nordin and Bruno for their offers, thanks! I was given a temp account to bounce through and am working on it now. Thanks, Jonathan From andy.kosela at gmail.com Sun Sep 23 07:47:39 2007 From: andy.kosela at gmail.com (Andy Kosela) Date: Sun, 23 Sep 2007 13:47:39 +0200 Subject: [nycbug-talk] Draconian firewall issues In-Reply-To: <53995.214.13.212.26.1190498617.squirrel@www.kc8onw.net> References: <53995.214.13.212.26.1190498617.squirrel@www.kc8onw.net> Message-ID: <3cc535c80709230447j2bdf5e05w74fe3c98c48b5192@mail.gmail.com> On 9/23/07, jonathan at kc8onw.net wrote: > I'm currently in a situation where I am behind a horribly draconian > firewall that only allows ports 80, 443 and 21 outbound. It also appears > they do layer 7 filtering because my traditional method of using port 21 > for SSH instead of FTP fails in a flood of RST packets as soon as a packet > with a non-text payload is sent. > Hello If you have access to some remote shell account you can use it to create a tunnel and work from there. Also I would suggest you read this article: http://en.tldp.org/HOWTO/Firewall-Piercing/index.html Let us know how you managed to get it working. peace -- Andy Kosela Protect Ya Neck Records/Wu-Tang Management www.protect-ya-neck.com Staten Island, NY From jonathan at kc8onw.net Sun Sep 23 16:08:13 2007 From: jonathan at kc8onw.net (jonathan at kc8onw.net) Date: Sun, 23 Sep 2007 16:08:13 -0400 (EDT) Subject: [nycbug-talk] Draconian firewall issues In-Reply-To: <3cc535c80709230447j2bdf5e05w74fe3c98c48b5192@mail.gmail.com> References: <53995.214.13.212.26.1190498617.squirrel@www.kc8onw.net> <3cc535c80709230447j2bdf5e05w74fe3c98c48b5192@mail.gmail.com> Message-ID: <54484.214.13.212.26.1190578093.squirrel@www.kc8onw.net> On Sun, September 23, 2007 7:47 am, Andy Kosela wrote: > On 9/23/07, jonathan at kc8onw.net wrote: > >> I'm currently in a situation where I am behind a horribly draconian >> firewall that only allows ports 80, 443 and 21 outbound. It also appears >> they do layer 7 filtering because my traditional method of using port >> 21 >> for SSH instead of FTP fails in a flood of RST packets as soon as a >> packet with a non-text payload is sent. >> > > Let us know how you managed to get it working. I got it working now. My .ssh/config I don't know why I had to set hostname to localhost, anywhere other than the local ssh server I can use the real hostname but not for the ssh server the proxy also runs on. ##### ProxyCommand proxytunnel -v -E -p kc8onw.net:443 -d %h:%p Host XXXX.XXX HostName localhost Compression yes CompressionLevel 9 DynamicForward 8080 ForwardX11Trusted yes LocalForward 143 localhost:143 ##### I built Proxytunnel 1.7.2 under cygwin and for some reason had to comment out the printf in the following block in cmdline.c I know a smidgen of C but not enough to know why that line errors on compile ########### #include "cmdline.h" void cmdline_parser_print_version (void) { /*printf ("%s %s (rev %d)\nCopyright 2001-2006 Proxytunnel Project\n%s\n", PACKAGE, VERSION, REV, AUTHORS);*/ } ######### I have the following in httpd.conf, don't forget to set up an allow/deny block for the proxy as well. LoadModule proxy_module libexec/apache22/mod_proxy.so LoadModule proxy_http_module libexec/apache22/mod_proxy_http.so LoadModule proxy_connect_module libexec/apache22/mod_proxy_connect.so #These 2 are in the SSL vhost AllowCONNECT 22 ProxyRequests on I also had to patch Apache [1] I used this [2] file because the latest patch didn't apply cleanly and I was in a hurry and didn't want to patch it by hand. [1] http://issues.apache.org/bugzilla/show_bug.cgi?id=29744 [2] http://issues.apache.org/bugzilla/show_bug.cgi?id=29744#c34 If I left something out or someone has more questions please let me know, Jonathan From yds at CoolRat.org Mon Sep 24 20:28:50 2007 From: yds at CoolRat.org (Yarema) Date: Mon, 24 Sep 2007 20:28:50 -0400 Subject: [nycbug-talk] FreeBSD PseudoRAID RAID0 array broken on atapci1: Message-ID: <866CEC2FB789142D3C0AAFCB@[192.168.1.72]> Hi, I need some help recovering from this. First some back story. Running 6.2-STABLE i386 from Sep 17, 2007. My /home slice is mounted from /dev/ar0s1e where the relevant kernel messages look like so when all is good: atapci1: ata2: on atapci1 ata3: on atapci1 ad4: 381554MB at ata2-master SATA150 ad6: 381554MB at ata3-master SATA150 ar0: 763108MB status: READY ar0: disk0 READY using ad4 at ata2-master ar0: disk1 READY using ad6 at ata3-master Today this server crashed with the following loggeed: ad4: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=144888320 ad4: TIMEOUT - READ_DMA retrying (1 retry left) LBA=143390319 ad4: FAILURE - device detached ar0: FAILURE - RAID0 array broken subdisk4: detached ad4: detached g_vfs_done():ar0s1e[WRITE(offset=146002964480, length=2048)]error = 5 initiate_write_filepage: already started g_vfs_done():ar0s1e[WRITE(offset=146002964480, length=2048)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=6144000, length=16384)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=6160384, length=16384)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=6176768, length=16384)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=6193152, length=16384)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=6209536, length=2048)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=65536, length=2048)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=147801325568, length=12288)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=147142686720, length=2048)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=65536, length=2048)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=6144000, length=16384)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=6160384, length=16384)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=6176768, length=16384)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=6193152, length=16384)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=6209536, length=2048)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=146831867904, length=16384)]error = 5 g_vfs_done():ar0s1e[WRITE(offset=147024330752, length=16384)]error = 5 initiate_write_filepage: already started g_vfs_done():ar0s1e[WRITE(offset=146002964480, length=2048)]error = 5 initiate_write_filepage: already started g_vfs_done():ar0s1e[WRITE(offset=146002964480, length=2048)]error = 5 initiate_write_filepage: already started g_vfs_done():ar0s1e[WRITE(offset=147801325568, length=12288)]error = 5 initiate_write_filepage: already started g_vfs_done():ar0s1e[WRITE(offset=147142686720, length=2048)]error = 5 Now the kernel messages read: ar0: FAILURE - RAID0 array broken ar0: 763108MB status: BROKEN ar0: disk0 READY using ad4 at ata2-master ar0: disk1 DOWN no device found for this subdisk ar1: 763108MB status: BROKEN ar1: disk0 DOWN no device found for this subdisk ar1: disk1 READY using ad6 at ata3-master For some reason the second disk in the array shows up as ar1 instead of being part of ar0. I suspect there's gotta be some way to force the two drives to show up as part of the same array by perhaps editing the PseudoRAID metadata on disk without putting any of the UFS2 data in "jeopardy". Any pointers on where to start poking around for the relevant metadata structures on disk or what to search for? I figure if I can dd the metadata off the disks, tweak a field or two and then dd the whole mess back I stand a chance of either hosing the array irrevocably or getting it all back. ;) Or maybe atacontrol could be used to re-create the metadata without destroying the UFS2 on the array? I have a coredump of the kernel from this crash if that helps analyze things any. -- Yarema From yds at CoolRat.org Tue Sep 25 18:16:40 2007 From: yds at CoolRat.org (Yarema) Date: Tue, 25 Sep 2007 18:16:40 -0400 Subject: [nycbug-talk] FreeBSD PseudoRAID RAID0 array broken on atapci1: In-Reply-To: <46F8AF60.4020709@deepcore.dk> References: <866CEC2FB789142D3C0AAFCB@[192.168.1.72]> <46F8AF60.4020709@deepcore.dk> Message-ID: <5AB37930CB158A943D586344@[192.168.1.72]> --On Tuesday, September 25, 2007 8:49 AM +0200 S?ren Schmidt wrote: > Yarema wrote: >> Hi, I need some help recovering from this. First some back story. >> Running 6.2-STABLE i386 from Sep 17, 2007. My /home slice is mounted >> from /dev/ar0s1e where the relevant kernel messages look like so when >> all is good: >> >> atapci1: >> ata2: on atapci1 >> ata3: on atapci1 >> ad4: 381554MB at ata2-master SATA150 >> ad6: 381554MB at ata3-master SATA150 >> ar0: 763108MB status: READY >> ar0: disk0 READY using ad4 at ata2-master >> ar0: disk1 READY using ad6 at ata3-master >> >> Today this server crashed with the following loggeed: >> >> ad4: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=144888320 >> ad4: TIMEOUT - READ_DMA retrying (1 retry left) LBA=143390319 >> ad4: FAILURE - device detached >> ar0: FAILURE - RAID0 array broken >> subdisk4: detached >> ad4: detached >> g_vfs_done():ar0s1e[WRITE(offset=146002964480, length=2048)]error = 5 >> initiate_write_filepage: already started >> g_vfs_done():ar0s1e[WRITE(offset=146002964480, length=2048)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=6144000, length=16384)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=6160384, length=16384)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=6176768, length=16384)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=6193152, length=16384)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=6209536, length=2048)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=65536, length=2048)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=147801325568, length=12288)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=147142686720, length=2048)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=65536, length=2048)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=6144000, length=16384)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=6160384, length=16384)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=6176768, length=16384)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=6193152, length=16384)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=6209536, length=2048)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=146831867904, length=16384)]error = 5 >> g_vfs_done():ar0s1e[WRITE(offset=147024330752, length=16384)]error = 5 >> initiate_write_filepage: already started >> g_vfs_done():ar0s1e[WRITE(offset=146002964480, length=2048)]error = 5 >> initiate_write_filepage: already started >> g_vfs_done():ar0s1e[WRITE(offset=146002964480, length=2048)]error = 5 >> initiate_write_filepage: already started >> g_vfs_done():ar0s1e[WRITE(offset=147801325568, length=12288)]error = 5 >> initiate_write_filepage: already started >> g_vfs_done():ar0s1e[WRITE(offset=147142686720, length=2048)]error = 5 >> >> Now the kernel messages read: >> >> ar0: FAILURE - RAID0 array broken >> ar0: 763108MB status: BROKEN >> ar0: disk0 READY using ad4 at ata2-master >> ar0: disk1 DOWN no device found for this subdisk >> ar1: 763108MB status: BROKEN >> ar1: disk0 DOWN no device found for this subdisk >> ar1: disk1 READY using ad6 at ata3-master >> >> For some reason the second disk in the array shows up as ar1 instead >> of being part of ar0. I suspect there's gotta be some way to force >> the two drives to show up as part of the same array by perhaps editing >> the PseudoRAID metadata on disk without putting any of the UFS2 data >> in "jeopardy". Any pointers on where to start poking around for the >> relevant metadata structures on disk or what to search for? I figure >> if I can dd the metadata off the disks, tweak a field or two and then >> dd the whole mess back I stand a chance of either hosing the array >> irrevocably or getting it all back. ;) Or maybe atacontrol could be >> used to re-create the metadata without destroying the UFS2 on the >> array? I have a coredump of the kernel from this crash if that helps >> analyze things any. >> > > The solution to getting the array back is to "atacontrol delete ar0" > "atacontrol delete ar1" "atacontrol create stripe 512 ad4 ad6" and > the array is reborn. > However your filesystems might be just a bunch of bits depending > on how much of the failed write that made it in there, you get the > (missing) protection you asked for using RAID0.... S?ren, Thank you for your prompt and helpful reply. I'm running into an new situation with atacontrol: % atacontrol create RAID0 512 ad4 ad6 ar0: 763108MB status: READY ar0: disk0 READY using ad4 at ata2-master ar0: disk1 READY using ad6 at ata3-master Note that the original RAID0 which broke was ar0: 763108MB status: READY Now atacontrol will not create FreeBSD PseudoRAID metadata with a 256KB stripe, but insists on creating Intel MatrixRAID metadata with a 128KB stripe. This is on a non-R version of the ICH5 southbridge. So there's no way to enable/disable the Intel MatrixRAID from the BIOS. Nor is there any way to change the stripe size in the BIOS since there is no Intel MatrixRAID BIOS on this motherboard. The computer in question is a Dell SC400 with an Intel OEM motherboard which has a very limited BIOS Setup interface typical of Intel/Dell. Is there any way to force atacontrol to create FreeBSD PseudoRAID metadata? Perhaps using an older FreeSBIE release based on FreeBSD 6.0 since IIRC I created this RAID0 back when 6.0 was CURRENT. -- Yarema