From marco at metm.org Sat Aug 1 12:25:53 2009 From: marco at metm.org (Marco Scoffier) Date: Sat, 01 Aug 2009 12:25:53 -0400 Subject: [nycbug-talk] dns slaves serve up empty data In-Reply-To: References: <920498180-1249004931-cardhu_decombobulator_blackberry.rim.net-91468090-@bxe1028.bisx.prod.on.blackberry> <60DF27ED-1BCA-49DF-ADB4-5A2CD79149CA@donnerjack.com> Message-ID: <4A746C91.50101@metm.org> Miles Nordin wrote: > notifies are an optional part of the protocol to speed things up. I'd > the impression they weren't even acknowledged, so I'm not sure why > they would be retried---I'd therefore not infer too much from the > soudn of the error message. > > The mandatory way for slaves to operate, whether the master sends > notifies or not, is to poll your master for an SOA record on a period > specified by the 'refresh' timer in the SOA record they already have. > If they don't succeed, they begin polling on the 'retry' timer's > period, which is typically more frequent. There's no exponential > backoff or anything like that. notifies didn't used to be part of the > standard at all, and the whole process will work without them, so > don't overfocus on it. > > notifies could be broken in your environment if gandi doesn't in fact > use the single nameserver they expose to you. It's possible to use a > slave as the master for another slave, so if they wanted (not sure why > they would), they could have one hidden server that sucks down all the > zones from their customers' masters, and then a network of exposed > slaves that sucks zones from that hidden zonesuck server. In that > case, you'd send a notify to the exposed master, which might (I'm not > sure) say ``this notify's coming from the wrong source, so I'm > ignoring it.'' I don't think they do this weird arrangement---it's > just a reasonable example that breaks notifies, unless you manually > reconfigure your master. and you'll never notice, because notifies > aren't actually needed: gandi is allowed to openly or accidentally not > support them. really notifies go together with IXFR as a mechanism for > synchronizing dyndns updates. > > Without notifies you will have to wait the 'retry' period after making > changes to the master for the slaves to poll again, although I'm not > absolutely certain slaves will respect SOA 'retry' on an expired > zone---they may use a fixed default polling timer which, without > actually knowing (I control all my slaves so I just 'rndc reload' or > ask my friend to do so), I would guess to be about an hour. > > If you have been working on this for several days and writing all > these mails you probably have some effort to burn: why don't you try > setting up your own slave server on your laptop or something, and see > if you can get it to suck down the zone. If you can't, fix it. If > you can, check that gandi has the right IP for your master, and if > they do, get a different company to be your slave server. (I like > gandi in general but have not used this feature of theirs.) > > Dear Miles, Thank you for your detailed response. I didn't realize that the notifies were 'optional' , and I guess I put more faith in them than I should have because they have been working for so long. I finally got to the bottom of exactly what was going on. I moved the name server about 2 weeks ago. I uploaded the new zone with the IP of the new nameserver from the old machine on the old IP. Before shutting it down I made sure that the zone had been uploaded to the secondaries and that they were serving it properly. What I assumed was that the secondaries would take the IP of the primary from the zone file I uploaded. I was wrong. Instead buried deep in nested set of webforms is the text box where I had to update the IP for the primary. After which I am subject to the time they decide to poll my master. Except for this deeply nested webform, my primary is identified on gandi's website only by its url so I had no way of knowing that they were still checking the old machine's IP address. Grrr. My fault or gandi's I don't know. It's probably my deep hatred of relying on webforms for anything important ... I just followed up in case someone else is going through a similar weird problem. Also I wish to apologize for "all the emails". It is true I was a bit frantic. I tend to manage things carefully and get upset when I feel blindsided by something over which I have no control, such as when the slaves will update my zone. I used to share secondaries with friends but this got unstable so I decided to use a large company. If anyone reliable wants to swap slaving I would be happy to slave for you. I've stopped using xname.org as their servers are stupidly slow and often unreachable. Hopefully all these issues are behind me :) Marco From spork at bway.net Sat Aug 1 15:40:27 2009 From: spork at bway.net (Charles Sprickman) Date: Sat, 1 Aug 2009 15:40:27 -0400 (EDT) Subject: [nycbug-talk] dns slaves serve up empty data In-Reply-To: References: <920498180-1249004931-cardhu_decombobulator_blackberry.rim.net-91468090-@bxe1028.bisx.prod.on.blackberry> <60DF27ED-1BCA-49DF-ADB4-5A2CD79149CA@donnerjack.com> Message-ID: On Fri, 31 Jul 2009, Miles Nordin wrote: > ...and if they do, get a different company to be your slave server. (I > like gandi in general but have not used this feature of theirs.) I recently started using zoneedit.com for a personal domain. The price was right. So far they seem decent enough. My registrar, 1&1/Schlunde offers secondary service but it never worked and the support was just horrible. Three reps in a row claimed that their slave not answering for my domain was "normal" because "our server takes over when yours fails" and the secondaries "don't normally answer replies since they are secondary servers". Yeah, whatever. About a week after moving to zoneedit, they replied that an admin had "fixed" the problem. Charles From drulavigne at sympatico.ca Mon Aug 3 14:17:29 2009 From: drulavigne at sympatico.ca (Dru Lavigne) Date: Mon, 3 Aug 2009 18:17:29 +0000 Subject: [nycbug-talk] BSDA on Sunday Message-ID: I know some people on this list wanted to take the exam this past Sunday but were unable to due to other time commitments. We do have a room available this upcoming Sunday at 15:00 at 55 Broad Street in Manhattan. If you're interested, please register beforehand and meet at the front door at 14:45: https://register.bsdcertification.org//register/register-for-an-exam Cheers, Dru -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at atopia.net Mon Aug 3 17:41:42 2009 From: matt at atopia.net (Matt Juszczak) Date: Mon, 3 Aug 2009 17:41:42 -0400 (EDT) Subject: [nycbug-talk] Best BSD development method? Message-ID: Hi all, Looking to develop a new FAMP project. What's the best FreeBSD "virtualization" setup out there? I was considering either ordering a FreeBSD jail from a provider (which as of late, is a full instance of BSD, correct?), or getting a FreeBSD VPS from somewhere. I'd probably prefer the former, as it keeps things native. Thoughts? -Matt From george at ceetonetechnology.com Mon Aug 3 19:09:48 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 03 Aug 2009 19:09:48 -0400 Subject: [nycbug-talk] Best BSD development method? In-Reply-To: References: Message-ID: <4A776E3C.3040100@ceetonetechnology.com> Matt Juszczak wrote: > Hi all, > > Looking to develop a new FAMP project. What's the best FreeBSD > "virtualization" setup out there? I was considering either ordering a > FreeBSD jail from a provider (which as of late, is a full instance of BSD, > correct?), or getting a FreeBSD VPS from somewhere. I'd probably prefer > the former, as it keeps things native. > > Thoughts? Check out man jail in terms of what a jail actually is. . . But the question ultimately is "what do you want?". For development purposes? Hosting? Start with that, but IMHO, an FBSD jail would be fine for a "FAMP" solution. George From matt at atopia.net Mon Aug 3 19:18:40 2009 From: matt at atopia.net (Matt Juszczak) Date: Mon, 3 Aug 2009 19:18:40 -0400 (EDT) Subject: [nycbug-talk] Best BSD development method? In-Reply-To: <4A776E3C.3040100@ceetonetechnology.com> References: <4A776E3C.3040100@ceetonetechnology.com> Message-ID: > But the question ultimately is "what do you want?". For development > purposes? Hosting? Well, I've used jails in the past in the same way I would chroot a specific process - apache, etc. But I guess my question was more how they work if an entire system is operating as a jail versus a single process. But I've read up on the differences. This is for a development environment for a new project, which will eventually move to dedicated hardware once the project grows. There used to be a FreeBSD jail hosting provider (host.com), but I can't remember what it was called. This was 5-7 years back, if not more. I'm also considering these guys (http://www.rootbsd.net/). Anyone recommend anyone else? -M From george at ceetonetechnology.com Mon Aug 3 20:33:26 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 03 Aug 2009 20:33:26 -0400 Subject: [nycbug-talk] Best BSD development method? In-Reply-To: References: <4A776E3C.3040100@ceetonetechnology.com> Message-ID: <4A7781D6.3090107@ceetonetechnology.com> Matt Juszczak wrote: >> But the question ultimately is "what do you want?". For development >> purposes? Hosting? > > Well, I've used jails in the past in the same way I would chroot a > specific process - apache, etc. But I guess my question was more how > they work if an entire system is operating as a jail versus a single > process. But I've read up on the differences. Again, look at the man page man 8 jail Chroot "jailing" is different from jail (8) > > This is for a development environment for a new project, which will > eventually move to dedicated hardware once the project grows. > > There used to be a FreeBSD jail hosting provider (host.com), > but I can't remember what it was called. This was 5-7 years back, if > not more. > > I'm also considering these guys (http://www.rootbsd.net/). Anyone > recommend anyone else? > George From thomas at zaph.org Tue Aug 4 00:48:42 2009 From: thomas at zaph.org (N.J. Thomas) Date: Tue, 4 Aug 2009 00:48:42 -0400 Subject: [nycbug-talk] Best BSD development method? In-Reply-To: References: Message-ID: <20090804044842.GV1124@zaph.org> * Matt Juszczak [2009-08-03 17:41:42-0400]: > What's the best FreeBSD "virtualization" setup out there? I was > considering either ordering a FreeBSD jail from a provider, or getting > a FreeBSD VPS from somewhere. I'd probably prefer the former, as it > keeps things native. For the last year and a half, I have VPS setups from RootBSD and JohnCompanies (the top two FreeBSD VPS providers). Both are excellent and I heartily recommend a VPS setup if you know what you are doing -- basically if you know how to admin a box properly, then VPS is for you. If you had to pick one, I'd recommend RootBSD over JC. Their VPS is cheaper, and you get a Xen instance that you have console access to and have full network, kernel, and source upgrade access. The JC server is a little more restrictive (I think they provide a jailed system), that you cannot upgrade in place, and I don't believe they have console access. But they are both very good service providers and both have excellent support. Thomas P.S. I have no affiliation with either company, apart from being a (satisfied) customer. From matt at atopia.net Tue Aug 4 00:59:38 2009 From: matt at atopia.net (Matt Juszczak) Date: Tue, 4 Aug 2009 00:59:38 -0400 (EDT) Subject: [nycbug-talk] Best BSD development method? In-Reply-To: <20090804044842.GV1124@zaph.org> References: <20090804044842.GV1124@zaph.org> Message-ID: > P.S. I have no affiliation with either company, apart from being a > (satisfied) customer. Hi Thomas, Johncompanies! That's it! The other one I was thinking of. OK, thanks! I'll go with rootbsd From lists at stringsutils.com Thu Aug 6 10:16:11 2009 From: lists at stringsutils.com (Francisco Reyes) Date: Thu, 06 Aug 2009 10:16:11 -0400 Subject: [nycbug-talk] Best BSD development method? References: <4A776E3C.3040100@ceetonetechnology.com> Message-ID: Matt Juszczak writes: > I'm also considering these guys (http://www.rootbsd.net/). Anyone > recommend anyone else? I have been using http://hub.org for a few years with good results. From nikolai at fetissov.org Thu Aug 6 21:08:30 2009 From: nikolai at fetissov.org (nikolai) Date: Thu, 6 Aug 2009 21:08:30 -0400 Subject: [nycbug-talk] Audust 2009 meeting audio Message-ID: Folks, Audio of Dru's talk is online at: http://www.fetissov.org/public/nycbug/nycbug-08-05-09.mp3 Cheers, -- Nikolai From pete at nomadlogic.org Fri Aug 7 08:48:37 2009 From: pete at nomadlogic.org (Pete Wright) Date: Fri, 7 Aug 2009 12:48:37 +0000 Subject: [nycbug-talk] storage companies in nyc? Message-ID: <20090807124834.GA84351@pv.nomadlogic.org> hey all, so the shop i work for purchased a ton of Dell 1950 and 2950 servers due to them being EOL'd and us not having time to fully test everything on their new gear (and despite what they say there are bugs on the new r200 systems :) anyway - we got a bunch of these guys and have some colo space in nyc. can anyone recommed a good storage company in manhattan? while our computers are in nyc we work from europe and west-coast north america so folks would prefer if the gear is in manhattan so we don't have to deal with trekking to long island city (hi jesse!) to get our gear :) i was thinking chelsea mini storage or manhattan ministorage...thoughts? thanks! -pete From george at ceetonetechnology.com Fri Aug 7 13:21:52 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 07 Aug 2009 13:21:52 -0400 Subject: [nycbug-talk] BSDCert SME session Message-ID: <4A7C62B0.8020700@ceetonetechnology.com> We had a great meeting and discussion about BSD Certification on Wednesday. . . I think everyone in that room was qualified to be at the SME session this Sunday. SME sessions are for reviewing the content and questions to improve the exam. It's about ensuring the exam covers the core of the BSD operating systems. 10 am to 2 pm at an unspecified downtown location (SME shouldn't be at a publicly announced place Alex :) We need confirms offlist about who is exactly coming. . . chair at bsdcertification dot org Thanks g From mspitzer at gmail.com Wed Aug 12 00:20:56 2009 From: mspitzer at gmail.com (Marc Spitzer) Date: Wed, 12 Aug 2009 00:20:56 -0400 Subject: [nycbug-talk] network security data sets Message-ID: <8c50a3c30908112120i486916d0mbd409001d58328d4@mail.gmail.com> if you are intrested in such things:P http://www.itoc.usma.edu/research/dataset/index.html marc -- Freedom is nothing but a chance to be better. Albert Camus From matt at atopia.net Wed Aug 12 13:48:04 2009 From: matt at atopia.net (Matt Juszczak) Date: Wed, 12 Aug 2009 13:48:04 -0400 (EDT) Subject: [nycbug-talk] Is there something similar to lockrun in the ports? Message-ID: Something similar to this: http://unixwiz.net/tools/lockrun.html For FreeBSD in FreeBSD ports? Easy to implement? Thanks! From mspitzer at gmail.com Wed Aug 12 14:01:03 2009 From: mspitzer at gmail.com (Marc Spitzer) Date: Wed, 12 Aug 2009 14:01:03 -0400 Subject: [nycbug-talk] Is there something similar to lockrun in the ports? In-Reply-To: References: Message-ID: <8c50a3c30908121101w22eebbffj5649a30fdf5062f@mail.gmail.com> On Wed, Aug 12, 2009 at 1:48 PM, Matt Juszczak wrote: > Something similar to this: > > http://unixwiz.net/tools/lockrun.html > > For FreeBSD in FreeBSD ports? ?Easy to implement? from that page: We've tested this in FreeBSD and Linux, but other operating systems might trip over compilation issues. We welcome portability reports (for good or bad). marc > > Thanks! > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -- Freedom is nothing but a chance to be better. Albert Camus From thomas at zaph.org Wed Aug 12 14:13:05 2009 From: thomas at zaph.org (thomas at zaph.org) Date: Wed, 12 Aug 2009 14:13:05 -0400 Subject: [nycbug-talk] Is there something similar to lockrun in the ports? In-Reply-To: References: Message-ID: <20090812181305.GI52786@zaph.org> * Matt Juszczak [2009-08-12 13:48:04-0400]: > Something similar to this: > http://unixwiz.net/tools/lockrun.html > For FreeBSD in FreeBSD ports? Easy to implement? See lockfile(1) which is part of the procmail package and does something very similar. Run it like this: lockfile ~/.lockfile && /path/to/job && rm -f ~/.lockfile I've used it for years and it works great. Thomas From carton at Ivy.NET Wed Aug 12 14:30:07 2009 From: carton at Ivy.NET (Miles Nordin) Date: Wed, 12 Aug 2009 14:30:07 -0400 Subject: [nycbug-talk] Is there something similar to lockrun in the ports? In-Reply-To: <20090812181305.GI52786@zaph.org> (thomas@zaph.org's message of "Wed, 12 Aug 2009 14:13:05 -0400") References: <20090812181305.GI52786@zaph.org> Message-ID: >>>>> "t" == thomas writes: t> See lockfile(1) which is part of the procmail package shlock(1) HISTORY shlock was written for the first Network News Transfer Protocol (NNTP) software distribution, released in March 1986. The algorithm was sug- gested by Peter Honeyman, from work he did on HoneyDanBer UUCP. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From matt at atopia.net Wed Aug 12 14:04:28 2009 From: matt at atopia.net (matt at atopia.net) Date: Wed, 12 Aug 2009 18:04:28 +0000 Subject: [nycbug-talk] Is there something similar to lockrun in the ports? Message-ID: <1451904353-1250100266-cardhu_decombobulator_blackberry.rim.net-1952086506-@bxe1284.bisx.prod.on.blackberry> I saw that. I'm looking for something that is already in ports so its easy to package. I'm already using lockrun on freebsd. I just want to know if other things like it already exist in ports. ------Original Message------ From: Marc Spitzer To: Matt Juszczak Cc: talk at lists.nycbug.org Subject: Re: [nycbug-talk] Is there something similar to lockrun in the ports? Sent: Aug 12, 2009 14:01 On Wed, Aug 12, 2009 at 1:48 PM, Matt Juszczak wrote: > Something similar to this: > > http://unixwiz.net/tools/lockrun.html > > For FreeBSD in FreeBSD ports? ?Easy to implement? from that page: We've tested this in FreeBSD and Linux, but other operating systems might trip over compilation issues. We welcome portability reports (for good or bad). marc > > Thanks! >_______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -- Freedom is nothing but a chance to be better. Albert Camus From jkeen at verizon.net Wed Aug 12 19:37:50 2009 From: jkeen at verizon.net (James E Keenan) Date: Wed, 12 Aug 2009 19:37:50 -0400 Subject: [nycbug-talk] Bar Camp: On or Off? Message-ID: <35D6AC73-31B8-4AB4-B00E-EA6B95BFFAE5@verizon.net> I got the impression from some talk at the start of the August meeting that the Bar Camp idea was off the table for this year. Is that impression correct? jimk From trish at bsdunix.net Thu Aug 13 11:38:00 2009 From: trish at bsdunix.net (Siobhan Lynch) Date: Thu, 13 Aug 2009 11:38:00 -0400 Subject: [nycbug-talk] Bar Camp: On or Off? In-Reply-To: <35D6AC73-31B8-4AB4-B00E-EA6B95BFFAE5@verizon.net> References: <35D6AC73-31B8-4AB4-B00E-EA6B95BFFAE5@verizon.net> Message-ID: <5AD3B967-739B-4392-9724-267586E57BF8@bsdunix.net> We just ran a barcamp-model event in another community with minimal planning time. I was on the comittee (providing tech/Internet). I believe it still can be done - if people want. Trish -- Siobhan Lynch On Aug 12, 2009, at 7:37 PM, James E Keenan wrote: > I got the impression from some talk at the start of the August > meeting that the Bar Camp idea was off the table for this year. > > Is that impression correct? > > jimk > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From george at ceetonetechnology.com Thu Aug 13 11:42:15 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Thu, 13 Aug 2009 11:42:15 -0400 Subject: [nycbug-talk] Bar Camp: On or Off? In-Reply-To: <5AD3B967-739B-4392-9724-267586E57BF8@bsdunix.net> References: <35D6AC73-31B8-4AB4-B00E-EA6B95BFFAE5@verizon.net> <5AD3B967-739B-4392-9724-267586E57BF8@bsdunix.net> Message-ID: <4A843457.8070303@ceetonetechnology.com> Siobhan Lynch wrote: > We just ran a barcamp-model event in another community with minimal > planning time. I was on the comittee (providing tech/Internet). > > I believe it still can be done - if people want. I think maybe we can discuss again at the next meeting. The difficulty has been meeting space. .. which we were unsuccessful at sorting out cheaply. g From zippy1981 at gmail.com Thu Aug 13 11:54:46 2009 From: zippy1981 at gmail.com (Justin Dearing) Date: Thu, 13 Aug 2009 11:54:46 -0400 Subject: [nycbug-talk] Is there something similar to lockrun in the ports? In-Reply-To: <1451904353-1250100266-cardhu_decombobulator_blackberry.rim.net-1952086506-@bxe1284.bisx.prod.on.blackberry> References: <1451904353-1250100266-cardhu_decombobulator_blackberry.rim.net-1952086506-@bxe1284.bisx.prod.on.blackberry> Message-ID: <5458db3c0908130854x56b5bc86hb349ee599a25aeb6@mail.gmail.com> Marc, Why not make a port yourself. It's not that hard. You can then submit the port to FreeBSD. On Wed, Aug 12, 2009 at 2:04 PM, wrote: > I saw that. I'm looking for something that is already in ports so its easy > to package. > > I'm already using lockrun on freebsd. I just want to know if other things > like it already exist in ports. > > ------Original Message------ > From: Marc Spitzer > To: Matt Juszczak > Cc: talk at lists.nycbug.org > Subject: Re: [nycbug-talk] Is there something similar to lockrun in the > ports? > Sent: Aug 12, 2009 14:01 > > On Wed, Aug 12, 2009 at 1:48 PM, Matt Juszczak wrote: > > Something similar to this: > > > > http://unixwiz.net/tools/lockrun.html > > > > For FreeBSD in FreeBSD ports? Easy to implement? > > from that page: > We've tested this in FreeBSD and Linux, but other operating systems > might trip over compilation issues. We welcome portability reports > (for good or bad). > > marc > > > > > Thanks! > >_______________________________________________ > > talk mailing list > > talk at lists.nycbug.org > > http://lists.nycbug.org/mailman/listinfo/talk > > > > > > -- > Freedom is nothing but a chance to be better. > Albert Camus > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > -------------- next part -------------- An HTML attachment was scrubbed... URL: From trish at bsdunix.net Thu Aug 13 11:34:59 2009 From: trish at bsdunix.net (Siobhan Lynch) Date: Thu, 13 Aug 2009 11:34:59 -0400 Subject: [nycbug-talk] Bar Camp: On or Off? In-Reply-To: <35D6AC73-31B8-4AB4-B00E-EA6B95BFFAE5@verizon.net> References: <35D6AC73-31B8-4AB4-B00E-EA6B95BFFAE5@verizon.net> Message-ID: <4DBEB7E3-B730-4BDA-85E9-E8D4A11437B9@bsdunix.net> -- Siobhan Lynch On Aug 12, 2009, at 7:37 PM, James E Keenan wrote: > I got the impression from some talk at the start of the August > meeting that the Bar Camp idea was off the table for this year. > > Is that impression correct? > > jimk > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From mspitzer at gmail.com Thu Aug 13 14:16:08 2009 From: mspitzer at gmail.com (Marc Spitzer) Date: Thu, 13 Aug 2009 14:16:08 -0400 Subject: [nycbug-talk] Is there something similar to lockrun in the ports? In-Reply-To: <5458db3c0908130854x56b5bc86hb349ee599a25aeb6@mail.gmail.com> References: <1451904353-1250100266-cardhu_decombobulator_blackberry.rim.net-1952086506-@bxe1284.bisx.prod.on.blackberry> <5458db3c0908130854x56b5bc86hb349ee599a25aeb6@mail.gmail.com> Message-ID: <8c50a3c30908131116q1b9e0144y9f4c5eb53c3ec70@mail.gmail.com> Because I have no interest in or need for the software in question. Also nothing is stopping you from making the port and you seem to care. marc On Thu, Aug 13, 2009 at 11:54 AM, Justin Dearing wrote: > Marc, > Why not make a port yourself. It's not that hard. You can then submit the > port to FreeBSD. > > On Wed, Aug 12, 2009 at 2:04 PM, wrote: >> >> I saw that. I'm looking for something that is already in ports so its easy >> to package. >> >> I'm already using lockrun on freebsd. I just want to know if other things >> like it already exist in ports. >> >> ------Original Message------ >> From: Marc Spitzer >> To: Matt Juszczak >> Cc: talk at lists.nycbug.org >> Subject: Re: [nycbug-talk] Is there something similar to lockrun in the >> ports? >> Sent: Aug 12, 2009 14:01 >> >> On Wed, Aug 12, 2009 at 1:48 PM, Matt Juszczak wrote: >> > Something similar to this: >> > >> > http://unixwiz.net/tools/lockrun.html >> > >> > For FreeBSD in FreeBSD ports? ?Easy to implement? >> >> from that page: >> We've tested this in FreeBSD and Linux, but other operating systems >> might trip over compilation issues. We welcome portability reports >> (for good or bad). >> >> marc >> >> > >> > Thanks! >> >_______________________________________________ >> > talk mailing list >> > talk at lists.nycbug.org >> > http://lists.nycbug.org/mailman/listinfo/talk >> > >> >> >> >> -- >> Freedom is nothing but a chance to be better. >> Albert Camus >> >> _______________________________________________ >> talk mailing list >> talk at lists.nycbug.org >> http://lists.nycbug.org/mailman/listinfo/talk > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > > -- Freedom is nothing but a chance to be better. Albert Camus From marco at metm.org Thu Aug 13 14:26:34 2009 From: marco at metm.org (Marco Scoffier) Date: Thu, 13 Aug 2009 14:26:34 -0400 Subject: [nycbug-talk] Is there something similar to lockrun in the ports? In-Reply-To: <8c50a3c30908131116q1b9e0144y9f4c5eb53c3ec70@mail.gmail.com> References: <1451904353-1250100266-cardhu_decombobulator_blackberry.rim.net-1952086506-@bxe1284.bisx.prod.on.blackberry> <5458db3c0908130854x56b5bc86hb349ee599a25aeb6@mail.gmail.com> <8c50a3c30908131116q1b9e0144y9f4c5eb53c3ec70@mail.gmail.com> Message-ID: <4A845ADA.9060603@metm.org> Hi Marc, I think that Justin meant to say Matt. Why doesn't Matt make the port. Seems like it would be a good exercise for him. Marco Marc Spitzer wrote: > Because I have no interest in or need for the software in question. > Also nothing is stopping you from making the port and you seem to > care. > > marc > > On Thu, Aug 13, 2009 at 11:54 AM, Justin Dearing wrote: > >> Marc, >> Why not make a port yourself. It's not that hard. You can then submit the >> port to FreeBSD. >> >> On Wed, Aug 12, 2009 at 2:04 PM, wrote: >> >>> I saw that. I'm looking for something that is already in ports so its easy >>> to package. >>> >>> I'm already using lockrun on freebsd. I just want to know if other things >>> like it already exist in ports. >>> >>> ------Original Message------ >>> From: Marc Spitzer >>> To: Matt Juszczak >>> Cc: talk at lists.nycbug.org >>> Subject: Re: [nycbug-talk] Is there something similar to lockrun in the >>> ports? >>> Sent: Aug 12, 2009 14:01 >>> >>> On Wed, Aug 12, 2009 at 1:48 PM, Matt Juszczak wrote: >>> >>>> Something similar to this: >>>> >>>> http://unixwiz.net/tools/lockrun.html >>>> >>>> For FreeBSD in FreeBSD ports? Easy to implement? >>>> >>> from that page: >>> We've tested this in FreeBSD and Linux, but other operating systems >>> might trip over compilation issues. We welcome portability reports >>> (for good or bad). >>> >>> marc >>> >>> >>>> Thanks! >>>> _______________________________________________ >>>> talk mailing list >>>> talk at lists.nycbug.org >>>> http://lists.nycbug.org/mailman/listinfo/talk >>>> >>>> >>> >>> -- >>> Freedom is nothing but a chance to be better. >>> Albert Camus >>> >>> _______________________________________________ >>> talk mailing list >>> talk at lists.nycbug.org >>> http://lists.nycbug.org/mailman/listinfo/talk >>> >> _______________________________________________ >> talk mailing list >> talk at lists.nycbug.org >> http://lists.nycbug.org/mailman/listinfo/talk >> >> >> > > > > From zippy1981 at gmail.com Thu Aug 13 14:48:37 2009 From: zippy1981 at gmail.com (Justin Dearing) Date: Thu, 13 Aug 2009 14:48:37 -0400 Subject: [nycbug-talk] Is there something similar to lockrun in the ports? In-Reply-To: <8c50a3c30908131116q1b9e0144y9f4c5eb53c3ec70@mail.gmail.com> References: <1451904353-1250100266-cardhu_decombobulator_blackberry.rim.net-1952086506-@bxe1284.bisx.prod.on.blackberry> <5458db3c0908130854x56b5bc86hb349ee599a25aeb6@mail.gmail.com> <8c50a3c30908131116q1b9e0144y9f4c5eb53c3ec70@mail.gmail.com> Message-ID: <5458db3c0908131148y66414744jbc430294f23b439b@mail.gmail.com> Marc, Marco is correct. I meant to address Matt. I apologize for my mistake. I don't have a need or interest of the software in question, but Matt does. On Thu, Aug 13, 2009 at 2:16 PM, Marc Spitzer wrote: > Because I have no interest in or need for the software in question. > Also nothing is stopping you from making the port and you seem to > care. > > marc > > On Thu, Aug 13, 2009 at 11:54 AM, Justin Dearing > wrote: > > Marc, > > Why not make a port yourself. It's not that hard. You can then submit the > > port to FreeBSD. > > > > On Wed, Aug 12, 2009 at 2:04 PM, wrote: > >> > >> I saw that. I'm looking for something that is already in ports so its > easy > >> to package. > >> > >> I'm already using lockrun on freebsd. I just want to know if other > things > >> like it already exist in ports. > >> > >> ------Original Message------ > >> From: Marc Spitzer > >> To: Matt Juszczak > >> Cc: talk at lists.nycbug.org > >> Subject: Re: [nycbug-talk] Is there something similar to lockrun in the > >> ports? > >> Sent: Aug 12, 2009 14:01 > >> > >> On Wed, Aug 12, 2009 at 1:48 PM, Matt Juszczak wrote: > >> > Something similar to this: > >> > > >> > http://unixwiz.net/tools/lockrun.html > >> > > >> > For FreeBSD in FreeBSD ports? Easy to implement? > >> > >> from that page: > >> We've tested this in FreeBSD and Linux, but other operating systems > >> might trip over compilation issues. We welcome portability reports > >> (for good or bad). > >> > >> marc > >> > >> > > >> > Thanks! > >> >_______________________________________________ > >> > talk mailing list > >> > talk at lists.nycbug.org > >> > http://lists.nycbug.org/mailman/listinfo/talk > >> > > >> > >> > >> > >> -- > >> Freedom is nothing but a chance to be better. > >> Albert Camus > >> > >> _______________________________________________ > >> talk mailing list > >> talk at lists.nycbug.org > >> http://lists.nycbug.org/mailman/listinfo/talk > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nycbug.org > > http://lists.nycbug.org/mailman/listinfo/talk > > > > > > > > -- > Freedom is nothing but a chance to be better. > Albert Camus > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mspitzer at gmail.com Thu Aug 13 17:11:38 2009 From: mspitzer at gmail.com (Marc Spitzer) Date: Thu, 13 Aug 2009 17:11:38 -0400 Subject: [nycbug-talk] Is there something similar to lockrun in the ports? In-Reply-To: <5458db3c0908131148y66414744jbc430294f23b439b@mail.gmail.com> References: <1451904353-1250100266-cardhu_decombobulator_blackberry.rim.net-1952086506-@bxe1284.bisx.prod.on.blackberry> <5458db3c0908130854x56b5bc86hb349ee599a25aeb6@mail.gmail.com> <8c50a3c30908131116q1b9e0144y9f4c5eb53c3ec70@mail.gmail.com> <5458db3c0908131148y66414744jbc430294f23b439b@mail.gmail.com> Message-ID: <8c50a3c30908131411r25bd686by574253a706f7540@mail.gmail.com> no problem. marc On Thu, Aug 13, 2009 at 2:48 PM, Justin Dearing wrote: > Marc, > Marco is correct. I meant to address Matt. I apologize for my mistake. > I don't have a need or interest of the software in question, but Matt does. > > On Thu, Aug 13, 2009 at 2:16 PM, Marc Spitzer wrote: >> >> Because I have no interest in or need for the software in question. >> Also nothing is stopping you from making the port and you seem to >> care. >> >> marc >> >> On Thu, Aug 13, 2009 at 11:54 AM, Justin Dearing >> wrote: >> > Marc, >> > Why not make a port yourself. It's not that hard. You can then submit >> > the >> > port to FreeBSD. >> > >> > On Wed, Aug 12, 2009 at 2:04 PM, wrote: >> >> >> >> I saw that. I'm looking for something that is already in ports so its >> >> easy >> >> to package. >> >> >> >> I'm already using lockrun on freebsd. I just want to know if other >> >> things >> >> like it already exist in ports. >> >> >> >> ------Original Message------ >> >> From: Marc Spitzer >> >> To: Matt Juszczak >> >> Cc: talk at lists.nycbug.org >> >> Subject: Re: [nycbug-talk] Is there something similar to lockrun in the >> >> ports? >> >> Sent: Aug 12, 2009 14:01 >> >> >> >> On Wed, Aug 12, 2009 at 1:48 PM, Matt Juszczak wrote: >> >> > Something similar to this: >> >> > >> >> > http://unixwiz.net/tools/lockrun.html >> >> > >> >> > For FreeBSD in FreeBSD ports? ?Easy to implement? >> >> >> >> from that page: >> >> We've tested this in FreeBSD and Linux, but other operating systems >> >> might trip over compilation issues. We welcome portability reports >> >> (for good or bad). >> >> >> >> marc >> >> >> >> > >> >> > Thanks! >> >> >_______________________________________________ >> >> > talk mailing list >> >> > talk at lists.nycbug.org >> >> > http://lists.nycbug.org/mailman/listinfo/talk >> >> > >> >> >> >> >> >> >> >> -- >> >> Freedom is nothing but a chance to be better. >> >> Albert Camus >> >> >> >> _______________________________________________ >> >> talk mailing list >> >> talk at lists.nycbug.org >> >> http://lists.nycbug.org/mailman/listinfo/talk >> > >> > >> > _______________________________________________ >> > talk mailing list >> > talk at lists.nycbug.org >> > http://lists.nycbug.org/mailman/listinfo/talk >> > >> > >> >> >> >> -- >> Freedom is nothing but a chance to be better. >> Albert Camus > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > > -- Freedom is nothing but a chance to be better. Albert Camus From matt at atopia.net Thu Aug 13 23:14:19 2009 From: matt at atopia.net (Matt Juszczak) Date: Thu, 13 Aug 2009 23:14:19 -0400 (EDT) Subject: [nycbug-talk] Is there something similar to lockrun in the ports? In-Reply-To: <4A845ADA.9060603@metm.org> References: <1451904353-1250100266-cardhu_decombobulator_blackberry.rim.net-1952086506-@bxe1284.bisx.prod.on.blackberry> <5458db3c0908130854x56b5bc86hb349ee599a25aeb6@mail.gmail.com> <8c50a3c30908131116q1b9e0144y9f4c5eb53c3ec70@mail.gmail.com> <4A845ADA.9060603@metm.org> Message-ID: <9024d33a19aba94b938027f16d593532.squirrel@www.atopia.net> Thanks all :) > Hi Marc, > > I think that Justin meant to say Matt. > Why doesn't Matt make the port. > Seems like it would be a good exercise for him. > > Marco > > Marc Spitzer wrote: >> Because I have no interest in or need for the software in question. >> Also nothing is stopping you from making the port and you seem to >> care. >> >> marc >> >> On Thu, Aug 13, 2009 at 11:54 AM, Justin Dearing >> wrote: >> >>> Marc, >>> Why not make a port yourself. It's not that hard. You can then submit >>> the >>> port to FreeBSD. >>> >>> On Wed, Aug 12, 2009 at 2:04 PM, wrote: >>> >>>> I saw that. I'm looking for something that is already in ports so its >>>> easy >>>> to package. >>>> >>>> I'm already using lockrun on freebsd. I just want to know if other >>>> things >>>> like it already exist in ports. >>>> >>>> ------Original Message------ >>>> From: Marc Spitzer >>>> To: Matt Juszczak >>>> Cc: talk at lists.nycbug.org >>>> Subject: Re: [nycbug-talk] Is there something similar to lockrun in >>>> the >>>> ports? >>>> Sent: Aug 12, 2009 14:01 >>>> >>>> On Wed, Aug 12, 2009 at 1:48 PM, Matt Juszczak wrote: >>>> >>>>> Something similar to this: >>>>> >>>>> http://unixwiz.net/tools/lockrun.html >>>>> >>>>> For FreeBSD in FreeBSD ports? Easy to implement? >>>>> >>>> from that page: >>>> We've tested this in FreeBSD and Linux, but other operating systems >>>> might trip over compilation issues. We welcome portability reports >>>> (for good or bad). >>>> >>>> marc >>>> >>>> >>>>> Thanks! >>>>> _______________________________________________ >>>>> talk mailing list >>>>> talk at lists.nycbug.org >>>>> http://lists.nycbug.org/mailman/listinfo/talk >>>>> >>>>> >>>> >>>> -- >>>> Freedom is nothing but a chance to be better. >>>> Albert Camus >>>> >>>> _______________________________________________ >>>> talk mailing list >>>> talk at lists.nycbug.org >>>> http://lists.nycbug.org/mailman/listinfo/talk >>>> >>> _______________________________________________ >>> talk mailing list >>> talk at lists.nycbug.org >>> http://lists.nycbug.org/mailman/listinfo/talk >>> >>> >>> >> >> >> >> > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > From scottro at nyc.rr.com Mon Aug 17 14:06:48 2009 From: scottro at nyc.rr.com (Scott Robbins) Date: Mon, 17 Aug 2009 14:06:48 -0400 Subject: [nycbug-talk] stuff for free Message-ID: <20090817180648.GA29456@mail.scottro.net> I have some things I don't need anymore--I don't know if anyone is interested but... HP Jetdirect--the old one, parallel connection only, 10/MB complete with parallel cable. HP Deskjet 840C (it has ink in it). USB or parallel. HP 5200C scanner. It still seems to work relatively well. All seem to work well with FreeBSD> Anyone interested, email me off-list. You'd have to come pick it up in the West 50's. If I don't hear from anyone by tomorrow or so, I'll post it on NYLUG as well. Thanks. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Spike: Should I really trust you? Adam: Scout's honor. Spike: You were a Boy Scout? Adam: Parts of me. From njt at ayvali.org Mon Aug 17 16:48:49 2009 From: njt at ayvali.org (N.J. Thomas) Date: Mon, 17 Aug 2009 16:48:49 -0400 Subject: [nycbug-talk] NYCBSDCon 2009? Message-ID: <20090817204849.GD91011@zaph.org> Is there a conference for 2009, or is it only being held on alternate years? Thomas From george at ceetonetechnology.com Mon Aug 17 18:06:06 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 17 Aug 2009 18:06:06 -0400 Subject: [nycbug-talk] NYCBSDCon 2009? In-Reply-To: <20090817204849.GD91011@zaph.org> References: <20090817204849.GD91011@zaph.org> Message-ID: <4A89D44E.9040200@ceetonetechnology.com> N.J. Thomas wrote: > Is there a conference for 2009, or is it only being held on alternate > years? > > Thomas We're going for the alternate year approach. . . We are still considering a 'camp'-type event though. Our alternate sister conference is DCBSDCon. . . g From matt at atopia.net Tue Aug 18 10:37:39 2009 From: matt at atopia.net (Matt Juszczak) Date: Tue, 18 Aug 2009 10:37:39 -0400 (EDT) Subject: [nycbug-talk] OT: Thinkpad Discounts Message-ID: A year or so ago, someone posted a method for receiving discounts on Thinkpads. It may have been a specific website, or perhaps a way of getting cashback. I can't quite remember. And I've searched and can't find anything in my email even though I'm pretty sure it was this list. Can someone potentially update me on methods for Thinkpad discounts? Sorry to spam the list if this topic has already been covered recently. -Matt From matt at atopia.net Tue Aug 18 12:12:55 2009 From: matt at atopia.net (Matt Juszczak) Date: Tue, 18 Aug 2009 12:12:55 -0400 (EDT) Subject: [nycbug-talk] OT: Thinkpad Discounts In-Reply-To: <4A8AD278.4070301@bsdunix.net> References: <4A8AD278.4070301@bsdunix.net> Message-ID: That works ;) Thanks! On Tue, 18 Aug 2009, Siobhan Lynch wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Matt Juszczak wrote: >> A year or so ago, someone posted a method for receiving discounts on >> Thinkpads. It may have been a specific website, or perhaps a way of >> getting cashback. I can't quite remember. And I've searched and can't >> find anything in my email even though I'm pretty sure it was this list. >> >> Can someone potentially update me on methods for Thinkpad discounts? >> >> Sorry to spam the list if this topic has already been covered recently. >> >> -Matt >> > > Just found this: http://www.couponseven.com/group/computer.asp > > There are a bunch of others ones out there too, its all e-coupon codes. > Some are time-sensitive (like the 25% off select think/ideapads) > > - -Trish > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.12 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJKitJ4AAoJENuznd1nXU/UFJAIAKG/2TQNd24addIOQbAwIlBo > jj6GuEygFIQvtUhlkjyMaQ/2asnp426sGYqyr1fyjhngp+Frq8SnQkJ1s5Wpi63/ > 24C5+QeSkrraF1UpjW5NgBKvxBVnQKSaBwv7vZDL3JLnkM5nATN+1Z3yddx9mEiF > foWoDIOOpqHuW2btO+uC49mchIxnlfrj3FKq/oWUTV3MBz/cgjjH5/SAnHiO95n4 > c6FNo5jFObcrXgbHpCDILvcmipU1s+hGcVdyg5UG645b2s+Y1WPpMg9e6LhlvKe6 > nONDzRvyKiDvmzGrCvhY2mU8z+KLxNPEFNW3lVf8icbTXHlUek8N5J7D3AlvWLI= > =vx4b > -----END PGP SIGNATURE----- > From trish at bsdunix.net Tue Aug 18 12:10:32 2009 From: trish at bsdunix.net (Siobhan Lynch) Date: Tue, 18 Aug 2009 12:10:32 -0400 Subject: [nycbug-talk] OT: Thinkpad Discounts In-Reply-To: References: Message-ID: <4A8AD278.4070301@bsdunix.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Juszczak wrote: > A year or so ago, someone posted a method for receiving discounts on > Thinkpads. It may have been a specific website, or perhaps a way of > getting cashback. I can't quite remember. And I've searched and can't > find anything in my email even though I'm pretty sure it was this list. > > Can someone potentially update me on methods for Thinkpad discounts? > > Sorry to spam the list if this topic has already been covered recently. > > -Matt > Just found this: http://www.couponseven.com/group/computer.asp There are a bunch of others ones out there too, its all e-coupon codes. Some are time-sensitive (like the 25% off select think/ideapads) - -Trish -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJKitJ4AAoJENuznd1nXU/UFJAIAKG/2TQNd24addIOQbAwIlBo jj6GuEygFIQvtUhlkjyMaQ/2asnp426sGYqyr1fyjhngp+Frq8SnQkJ1s5Wpi63/ 24C5+QeSkrraF1UpjW5NgBKvxBVnQKSaBwv7vZDL3JLnkM5nATN+1Z3yddx9mEiF foWoDIOOpqHuW2btO+uC49mchIxnlfrj3FKq/oWUTV3MBz/cgjjH5/SAnHiO95n4 c6FNo5jFObcrXgbHpCDILvcmipU1s+hGcVdyg5UG645b2s+Y1WPpMg9e6LhlvKe6 nONDzRvyKiDvmzGrCvhY2mU8z+KLxNPEFNW3lVf8icbTXHlUek8N5J7D3AlvWLI= =vx4b -----END PGP SIGNATURE----- From pete at nomadlogic.org Thu Aug 20 04:10:33 2009 From: pete at nomadlogic.org (Pete Wright) Date: Thu, 20 Aug 2009 08:10:33 +0000 Subject: [nycbug-talk] Cisco Parts Locally? Message-ID: <20090820081029.GA11359@pv.nomadlogic.org> I know this came up back in 2007, but was wondering if anyone has found a local parts supplier since then. For example I recently got a new 6500's series cisco switch and they forgot to ship it with a CF card, so I'm basically looking for standard Cisco stuff - don't need someone who has odd backplanes (although if they do that's even better :). we've decided to hold off on setting this up until Cisco rectifies their screw up, but knowing if there are parts houses in the City would be super. Cheers, -pete From pete at nomadlogic.org Thu Aug 20 07:33:20 2009 From: pete at nomadlogic.org (Pete Wright) Date: Thu, 20 Aug 2009 11:33:20 +0000 Subject: [nycbug-talk] Cisco Parts Locally? In-Reply-To: References: <20090820081029.GA11359@pv.nomadlogic.org> Message-ID: <20090820113317.GA11584@pv.nomadlogic.org> On Thu, Aug 20, 2009 at 10:53:19AM -0400, Alex Pilosov wrote: > On Thu, 20 Aug 2009, Pete Wright wrote: > > > I know this came up back in 2007, but was wondering if anyone has found > > a local parts supplier since then. For example I recently got a new > > 6500's series cisco switch and they forgot to ship it with a CF card, so > > I'm basically looking for standard Cisco stuff - don't need someone who > > has odd backplanes (although if they do that's even better :). > Um, if you are asking where to buy CF card in the city, Duane Reade is on > every corner. And yes, they aren't special cisco cf cards. > > > we've decided to hold off on setting this up until Cisco rectifies their > > screw up, but knowing if there are parts houses in the City would be > > super. > If you need to borrow something, chances are, we have it. Otherwise, > www.myriadsupply.com has a warehouse in manhattan. They are good guys and > fun to drink with, so recommended! > thanks alex - this was more of a moving forward type thing for us. we got guys in vancouver and dublin. so i was hoping to get the name of a local place for when things inevitably go south :) cheers, -pete From nylug at sky-haven.net Thu Aug 20 11:39:44 2009 From: nylug at sky-haven.net (nylug at sky-haven.net) Date: Thu, 20 Aug 2009 11:39:44 -0400 Subject: [nycbug-talk] Cisco Parts Locally? In-Reply-To: <20090820081029.GA11359@pv.nomadlogic.org> References: <20090820081029.GA11359@pv.nomadlogic.org> Message-ID: <4A8D6E40.8030207@sky-haven.net> Scr?obh Pete Wright: > I know this came up back in 2007, but was wondering if anyone has found > a local parts supplier since then. For example I recently got a new > 6500's series cisco switch and they forgot to ship it with a CF card, so > I'm basically looking for standard Cisco stuff - don't need someone who > has odd backplanes (although if they do that's even better :). Hello, Specific to CF cards for 6500 supervisors: where I work we've often had worse luck with "Cisco certified" PC Card ATA FLASH compared to just buying something generic (at or under 1GB for Supervisor2) and just using that. I couldn't speak towards linear FLASH; I don't even know if it comes in the PC Card form factor. All of our Sup2s have ROMMON 7.1(1) on them. From alex at pilosoft.com Thu Aug 20 10:53:19 2009 From: alex at pilosoft.com (Alex Pilosov) Date: Thu, 20 Aug 2009 10:53:19 -0400 (EDT) Subject: [nycbug-talk] Cisco Parts Locally? In-Reply-To: <20090820081029.GA11359@pv.nomadlogic.org> Message-ID: On Thu, 20 Aug 2009, Pete Wright wrote: > I know this came up back in 2007, but was wondering if anyone has found > a local parts supplier since then. For example I recently got a new > 6500's series cisco switch and they forgot to ship it with a CF card, so > I'm basically looking for standard Cisco stuff - don't need someone who > has odd backplanes (although if they do that's even better :). Um, if you are asking where to buy CF card in the city, Duane Reade is on every corner. And yes, they aren't special cisco cf cards. > we've decided to hold off on setting this up until Cisco rectifies their > screw up, but knowing if there are parts houses in the City would be > super. If you need to borrow something, chances are, we have it. Otherwise, www.myriadsupply.com has a warehouse in manhattan. They are good guys and fun to drink with, so recommended! -alex From mark.saad at ymail.com Fri Aug 21 17:34:32 2009 From: mark.saad at ymail.com (Mark Saad) Date: Fri, 21 Aug 2009 14:34:32 -0700 (PDT) Subject: [nycbug-talk] Qmail TLS Issues Message-ID: <555542.40080.qm@web43409.mail.sp1.yahoo.com> All I am working with two qmail mail server that are having the same tls issue one is qmail-ldap-1.03 and the other netqmail-1.06 both are using http://inoa.net/qmail-tls/ for tls support. The issue is when I try to verify the smtpd service on each box can do a "STARTTLS" it fails with a weird message. Here is what I did %openssl s_client -starttls smtp -connect mail1.af.mil:25 -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A SSL3 alert write:fatal:bad certificate SSL_connect:error in SSLv3 read server certificate B SSL_connect:error in SSLv3 read server certificate B 712:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142: 712:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1303: 712:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:208:Type=ASN1_PRINTABLE 712:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=value, Type=X509_NAME_ENTRY 712:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:709: 712:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:709: 712:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=issuer, Type=X509_CINF 712:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=cert_info, Type=X509 712:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1 lib:s3_clnt.c:955: both servers do the same thing. both are FreeBSD 7.2-RELEASE-p3 64bit qmail was built from ports along with openssl from ports. Ideas ? -- Mark Saad mark.saad at ymail.com From brian.gupta at gmail.com Sun Aug 23 16:52:21 2009 From: brian.gupta at gmail.com (Brian Gupta) Date: Sun, 23 Aug 2009 16:52:21 -0400 Subject: [nycbug-talk] Fwd: August 27th - OpenOffice.org talk In-Reply-To: <5b5090780908231347gf857d8fu9640f12e688a5396@mail.gmail.com> References: <5b5090780908231347gf857d8fu9640f12e688a5396@mail.gmail.com> Message-ID: <5b5090780908231352j4cdfe583w961323fe9f9b9de5@mail.gmail.com> Hey guys. Isaac asked me to pass this invite on to you guys, as this of general Open/Free software interest. Please note the RSVP info is below. Please feel free to follow up with Isaac if you have any questions, as I will be on vacation, and regrettably not in attendance. Cheers, Brian - Brian Gupta New York City user groups calendar: http://nyc.brandorr.com/ ---------- Forwarded message ---------- From: Isaac R. Date: Fri, Aug 21, 2009 at 1:31 PM Subject: [ug-nycosug] August NYC OpenSolaris User Group meeting - OpenOffice.org talk To: "ug-nycosug at opensolaris.org" Hello everyone, {Please feel free to forward this invite to other interested OS/platform groups - as this event will cover a topic/project that has a much wider scope then the OS itself} *As previously announced, the New York {Open}Solaris Community User Group will be holding its August meeting on our regular last Thursday of the month on 8/27/2009* At this meeting, we will be joined by Elizabeth Matthis, a linguist and a long-time contributor to the OpenOffice.org team. Elizabeth (Liz) has been with the original product team that had been acquired by Sun (i.e. the product that became StarOffice and had later been opensourced under the OpenOffice project umbrella). She will give us an update on what's happening in the OpenOffice community space, what she's been working on in terms of improving the user experience and what Project Renaissance is all about. She has been a member of the StarOffice/OpenOffice.org engineering team in Germany for the past 10+ years and continues to be an active contributor to the OpenOffice.org productivity suite. She is here on vacation and has flown in from Germany where she resides; Liz has agreed to come talk to the NY audience while she's here! OpenOffice is a free open source productivity suite that is compatible with Microsoft Office but runs on many more platforms, including MacOS, various Linux distributions, Solaris, etc. More details about OpenOffice can be seen at OpenOffice.org We will also be giving out OpenSolaris 2009.06 media, swag and raffle off 2 "Pro OpenSolaris" books that have been signed by their authors. [Please RSVP by 8/26, so we have an approximate count and your name is registered with the building's security in the lobby] We'll get started with refreshments @ 6:00pm. MORE INFO: http://www.opensolaris.org/os/project/nycosug/events/20/ Meeting Details *WHEN:* 6:00-8:30 PM *WHERE:* Sun Microsystems Office 101 Park Avenue, 4th floor - Grammercy Park Conference Room New York, NY *AGENDA:* 6:00pm Food/Refreshments 6:10pm Welcome back, What's New - Isaac Rozenfeld 6:30pm OpenOffice in the Enterprise - Elizabeth Matthis *QUESTIONS:* Isaac Rozenfeld isaac -at- sun.com *SPONSOR:* Sun Microsystems, Inc. *RSVP (Suggested)* RSVP NOW -- Isaac Rozenfeld Principal Field Technologist Global Financial Services Industry Team Sun Microsystems Inc.http://www.sun.com/solutions/landing/industry/financial_services.xml Direct: 877-718-4423 Email: isaac at sun.com Blog: http://blogs.sun.com/unixman OpenSolaris: http://www.opensolaris.org/os/project/nycosug/ SWAN: http://origin.east.sun.com _______________________________________________ ug-nycosug mailing list ug-nycosug at opensolaris.org http://mail.opensolaris.org/mailman/listinfo/ug-nycosug -------------- next part -------------- An HTML attachment was scrubbed... URL: From drulavigne at sympatico.ca Mon Aug 24 09:25:33 2009 From: drulavigne at sympatico.ca (Dru Lavigne) Date: Mon, 24 Aug 2009 13:25:33 +0000 Subject: [nycbug-talk] fave BSD tips/tricks? Message-ID: I'm finishing up an article for BSD mag on BSD tips and tricks. Anyone have a favourite tip or trick they'd like to see in this article? Cheers, Dru -------------- next part -------------- An HTML attachment was scrubbed... URL: From spork at bway.net Mon Aug 24 14:44:24 2009 From: spork at bway.net (Charles Sprickman) Date: Mon, 24 Aug 2009 14:44:24 -0400 (EDT) Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: Message-ID: On Mon, 24 Aug 2009, Dru Lavigne wrote: > I'm finishing up an article for BSD mag on BSD tips and tricks. Anyone > have a favourite tip or trick they'd like to see in this article? I have two non-spectacular "tips" relating to jails: -Shamelessly stolen from George R., /usr/ports/ports-mgmt/jailaudit a very handy tool to report on all vulnerabilities in all jails. Output comes with the main host's daily run. -Up until FBSD 7.1, multiple IPs in a jail were not possible without a set of external patches. As of 7.2 this is included. It works flawlessly (tested a box with a few hundred IPs in two jails). Additionally, ezjail can deal with this, just add the IPs, separated by commas, to the "export jail_php4_web_bway_net_ip=" line. Charles > Cheers, > > Dru > From mhernandez at techally.com Mon Aug 24 15:01:21 2009 From: mhernandez at techally.com (Michael Hernandez) Date: Mon, 24 Aug 2009 15:01:21 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: Message-ID: <361112AF-EA13-4970-97A7-E4B3286549F6@techally.com> On Aug 24, 2009, at 2:44 PM, Charles Sprickman wrote: > On Mon, 24 Aug 2009, Dru Lavigne wrote: > >> I'm finishing up an article for BSD mag on BSD tips and tricks. >> Anyone >> have a favourite tip or trick they'd like to see in this article? > > I have two non-spectacular "tips" relating to jails: > > -Shamelessly stolen from George R., /usr/ports/ports-mgmt/jailaudit > a very > handy tool to report on all vulnerabilities in all jails. Output > comes > with the main host's daily run. > > -Up until FBSD 7.1, multiple IPs in a jail were not possible without > a set > of external patches. As of 7.2 this is included. It works flawlessly > (tested a box with a few hundred IPs in two jails). Additionally, > ezjail > can deal with this, just add the IPs, separated by commas, to the > "export > jail_php4_web_bway_net_ip=" line. > I have one regarding NetBSD 5 in Parallels 4... If you try to get NetBSD 5.x to work in Parallels by telling it the guest OS is "Other" (I also tried tried lying and saying it was FreeBSD with similar results), it might not have networking. To get around this, try telling Parallels that the guest OS is Solaris! That worked for me! --Mike H From george at ceetonetechnology.com Mon Aug 24 15:59:44 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 24 Aug 2009 15:59:44 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: Message-ID: <4A92F130.8070904@ceetonetechnology.com> Charles Sprickman wrote: > On Mon, 24 Aug 2009, Dru Lavigne wrote: > >> I'm finishing up an article for BSD mag on BSD tips and tricks. Anyone >> have a favourite tip or trick they'd like to see in this article? > > I have two non-spectacular "tips" relating to jails: > > -Shamelessly stolen from George R., /usr/ports/ports-mgmt/jailaudit a very > handy tool to report on all vulnerabilities in all jails. Output comes > with the main host's daily run. nice :) It's specifically useful in the context that you have jail admins who don't check their dailies. There's lots more in terms of FBSD jail-specific stuff. . . but I'm not sure if that's what Dru wants. > > -Up until FBSD 7.1, multiple IPs in a jail were not possible without a set > of external patches. As of 7.2 this is included. It works flawlessly > (tested a box with a few hundred IPs in two jails). Additionally, ezjail > can deal with this, just add the IPs, separated by commas, to the "export > jail_php4_web_bway_net_ip=" line. cool. DL, are you looking for general Unix/bsd stuff? How about some stuff on how people handle their dailies? I'd be curious to hear. I mean, for those who actually *read* them :) off the top of my head. . . RAID STATUSES DAILY I get lots of dailies. . . and always add the following to cron on its own: status of RAIDs on the local box. Every blob or BSD software raid solution has its 'status' check, and seeing an email specific on that makes me sleep better. LOGGER I also use logger(1) more and more now. . . it's great put into scripts to see when certain stages were hit, like in updating the base source. So I might have: /usr/bin/logger -i -t SOURCE "starting buildworld" after running buildworld. RC VERBOSITY I also like to have lots of verbosity when not unwieldy. . . for instance, on FreeBSD, I always have rc_debug="YES" rc_info="YES" in /etc/rc.conf SSHD As some people know (and sometimes mock:), I don't run sshd on tcp/22 in general. . . The load of brute force zombies can be high. . . using an alternate port for sshd isn't about more security, since I hardly fear brute force zombies since I use keys, but about not wasting CPU on them. Another thing I regularly do is put the netblocks of countries not being ssh'd from that are also frequently hosting zombie'd boxes, and use tcp-wrappers to block them. XORG LIBARIES Servers don't usually need X11 . . . so make sure you put: WITHOUT_X11=yes in /etc/make.conf before you install ports. Post 7.0 FreeBSD, man src.conf MAIL & BIG JOBS It's nice to know when certain tasks or scripts are completed when you're not local to the box. So often I'll "&& mail. . ." to the end of single instance rsyncs, etc., to know when something is done. Gee. I love the toolbox-ishness of Unix. And while spork gave credit to me on jailaudit, I'm sure there are others out there who deserve credit on at least some of these. . . eg, ike with logger. g From drulavigne at sympatico.ca Mon Aug 24 16:10:18 2009 From: drulavigne at sympatico.ca (Dru Lavigne) Date: Mon, 24 Aug 2009 20:10:18 +0000 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A92F130.8070904@ceetonetechnology.com> References: <4A92F130.8070904@ceetonetechnology.com> Message-ID: > DL, are you looking for general Unix/bsd stuff? > > How about some stuff on how people handle their dailies? I'd be curious > to hear. I mean, for those who actually *read* them :) If it works on BSD and you think it's cool, I'm interested :-) Cheers, Dru -------------- next part -------------- An HTML attachment was scrubbed... URL: From carton at Ivy.NET Mon Aug 24 16:49:33 2009 From: carton at Ivy.NET (Miles Nordin) Date: Mon, 24 Aug 2009 16:49:33 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A92F130.8070904@ceetonetechnology.com> (George Rosamond's message of "Mon, 24 Aug 2009 15:59:44 -0400") References: <4A92F130.8070904@ceetonetechnology.com> Message-ID: >>>>> "gr" == George Rosamond writes: gr> RAID STATUSES DAILY <3 gr> XORG LIBARIES gr> Servers don't usually need X11 . . . so make sure you put: gr> WITHOUT_X11=yes gr> in /etc/make.conf ugh. HATE for this common practice. I bet you don't compile emacs either. gr> MAIL & BIG JOBS nice. I need to get a faster MUA, something that could handle instant messages and email threads with a converged interface. the 'zephyr' protocol and its sorta-descendent 'gale' was originally designed for just this itch, but I've never had either set up, and I don't get the impression they scratched the itch particularly well. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From george at ceetonetechnology.com Mon Aug 24 17:37:56 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 24 Aug 2009 17:37:56 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> Message-ID: <4A930834.9040500@ceetonetechnology.com> Miles Nordin wrote: >>>>>> "gr" == George Rosamond writes: how about a tip on NOT including the email address of the person you're replying to. . .why feed those spam spiders? > > gr> RAID STATUSES DAILY > > <3 > > gr> XORG LIBARIES > gr> Servers don't usually need X11 . . . so make sure you put: > gr> WITHOUT_X11=yes > gr> in /etc/make.conf > > ugh. HATE for this common practice. > > I bet you don't compile emacs either. no way. . . oh, yes, *those* ports. . . mtr, eg, needs some xorg libraries, but it's really about if there's a choice. > > gr> MAIL & BIG JOBS > > nice. > > I need to get a faster MUA, something that could handle instant > messages and email threads with a converged interface. > > the 'zephyr' protocol and its sorta-descendent 'gale' was originally > designed for just this itch, but I've never had either set up, and I > don't get the impression they scratched the itch particularly well. hmmm . . . but what function are you talking about miles? g From lists at stringsutils.com Mon Aug 24 18:07:28 2009 From: lists at stringsutils.com (Francisco Reyes) Date: Mon, 24 Aug 2009 18:07:28 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? References: Message-ID: Dru Lavigne writes: > have a favourite tip or trick they'd like to see in this article? !$ substitution ls /etc cd !$ Changes to /etc Basically, !$ becomes the last parameter of the last command. Safest to use for non changing/updating operations. ie don't recommend to do things like "rm !$". From spork at bway.net Mon Aug 24 18:24:01 2009 From: spork at bway.net (Charles Sprickman) Date: Mon, 24 Aug 2009 18:24:01 -0400 (EDT) Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A92F130.8070904@ceetonetechnology.com> References: <4A92F130.8070904@ceetonetechnology.com> Message-ID: On Mon, 24 Aug 2009, George Rosamond wrote: > RAID STATUSES DAILY > > I get lots of dailies. . . and always add the following to cron on its own: > status of RAIDs on the local box. Every blob or BSD software raid solution > has its 'status' check, and seeing an email specific on that makes me sleep > better. That's a good one. For gmirror, at some point this file showed up in /etc/periodic/daily: /etc/periodic/daily/406.status-gmirror Which is activated by setting daily_status_gmirror_enable="YES" in /etc/periodic.conf. Actually, just looking through /etc/defaults/periodic.conf is handy as well. You can combine your daily and security emails into one, turn off checks that you don't need (ie: the r* checks), and basically trim your daily reports down to something more manageable. Back to RAID, some cards, like the LSI stuff in Dells that use the mpt driver have no utility to manage or check the status. But there is some info on "non-optimal volumes" available in the sysctl output. Some other drivers with no management software may do the same. Regardless, here's a silly shell script I dumped in /usr/local/etc/periodic/daily to put RAID status in my daily emails: ---- #!/bin/sh # show number of non-optimal drives attached to mpt raid card NONOPT=`/sbin/sysctl -n dev.mpt.0.nonoptimal_volumes` echo echo "Checking MPT RAID array" echo if [ $NONOPT -eq 0 ]; then echo "No non-optimal volumes: ($NONOPT)" elif [ $NONOPT -ne 0 ]; then echo "WARNING, $NONOPT non-optimal volumes!" fi ---- Charles > > g > From carton at Ivy.NET Mon Aug 24 18:46:57 2009 From: carton at Ivy.NET (Miles Nordin) Date: Mon, 24 Aug 2009 18:46:57 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A930834.9040500@ceetonetechnology.com> (George Rosamond's message of "Mon, 24 Aug 2009 17:37:56 -0400") References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> Message-ID: gr> how about a tip on NOT including the email address of the gr> person you're replying to. . .why feed those spam spiders? I am on about 30 active lists and have not encountered this idea of etiquette anywhere else. Email etiquette is extremely slow to change so it will be hard for you to win this on any large scale. IMHO I think you should fix your list archives if you care: either fuzz the <[^> \t]*@[^> \t]*> pattern, or make the archives members-only. I don't mind leaving out your address that much, but I'm not going to change the quote header that's accepted on 29/30 lists, especially when it supplies useful information, and I'm unlikely to remember to customize yours manually a month from now. I think there is some way I can have different settings for different lists, but it'd probably take me 2 or 3 hours to figure out which is longer than it takes to argue with you, so long as I believe I'm right, which I do: same address since 1995, never pester my friends with jumping through spam hoops (which I view as a form of backscatter), and my inbox is still workable. gr> mtr, eg, needs some xorg libraries, but it's really about if gr> there's a choice. I think it's better for avoiding regressions to build everything the same way, in particular ``hidden dependency'' regressions, and gains basically nothing of practical value to leave X out, and I actually do use X11 programs remotely over 'ssh -o forwardx11=yes -o forwardx11trusted=yes' somewhat often. For example, I have a simple BSD box acting as a firewall with not too many daemons running on it: ssh into the box, then ssh further into something protected. If you do not build X11 into the base distribution, then ssh will not forward X11, so not only you cannot use X11 on the firewall ``server'' but you can't on any machine behind the firewall either, and you have to try, fail, go through all kinds of gyrations to get the job done. A lot of sysadmins seem to think they're more ``secure'' by leaving stuff out of their userland which I think is wrong, or else it's just some OCD/NIH/bikeshed behavior like espresso brewing or car audio. It's just annoying when basic unix things like apropos, xcalc, or emacs are missing. Unix has become a single-user platform. Working on something after some sysadmin has come in to delete eevrything he doesn't use is like a cluttered house full of unruly children: every time you try to do something you trip over some garbage and have to find another way, and eventually get three or four prerequisites deep in solving the original problem and forget what you originally wanted to do. It's extremely frustrating and entirely avoidable. At the very least I wish people would include whatever comes in Mac OS X or on an Ubuntu livecd, and even put some effort into not leaving out things others are likely to want, while around nycbug it seems like everyone applies their effort in just the opposite direction, swapping tips on how to ``minimize their installz''. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From jschauma at netmeister.org Mon Aug 24 19:21:13 2009 From: jschauma at netmeister.org (Jan Schaumann) Date: Mon, 24 Aug 2009 19:21:13 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: Message-ID: <20090824232112.GB10139@netmeister.org> Dru Lavigne wrote: > > > I'm finishing up an article for BSD mag on BSD tips and tricks. Anyone > have a favourite tip or trick they'd like to see in this article? My favorite trick is man Unlike on other unix flavors, on NetBSD, this actually is useful, reliable, complete and up to date. I know, not very exciting. Oh, and cd /usr/pkgsrc/*/package to let the shell figure out where the package I want to install is. Not BSD specific, though -- I use that in many, many cases, including multiply nested hierarchies (cd /some/where/*/2*/a*/foo/bar/z*). -Jan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From george at ceetonetechnology.com Mon Aug 24 20:14:10 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 24 Aug 2009 20:14:10 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> Message-ID: <4A932CD2.9080803@ceetonetechnology.com> Miles Nordin wrote: > gr> how about a tip on NOT including the email address of the > gr> person you're replying to. . .why feed those spam spiders? > > I am on about 30 active lists and have not encountered this idea of > etiquette anywhere else. Email etiquette is extremely slow to change > so it will be hard for you to win this on any large scale. IMHO I > think you should fix your list archives if you care: either fuzz the > <[^> \t]*@[^> \t]*> pattern, or make the archives members-only. I > don't mind leaving out your address that much, but I'm not going to > change the quote header that's accepted on 29/30 lists, especially > when it supplies useful information, and I'm unlikely to remember to > customize yours manually a month from now. I think there is some way > I can have different settings for different lists, but it'd probably > take me 2 or 3 hours to figure out which is longer than it takes to > argue with you, so long as I believe I'm right, which I do: same > address since 1995, never pester my friends with jumping through spam > hoops (which I view as a form of backscatter), and my inbox is still > workable. world has changed greatly since 1995. > > gr> mtr, eg, needs some xorg libraries, but it's really about if > gr> there's a choice. > > I think it's better for avoiding regressions to build everything the > same way, in particular ``hidden dependency'' regressions, and gains > basically nothing of practical value to leave X out, and I actually do > use X11 programs remotely over 'ssh -o forwardx11=yes -o > forwardx11trusted=yes' somewhat often. > > For example, I have a simple BSD box acting as a firewall with not too > many daemons running on it: ssh into the box, then ssh further into > something protected. If you do not build X11 into the base > distribution, then ssh will not forward X11, so not only you cannot > use X11 on the firewall ``server'' but you can't on any machine behind > the firewall either, and you have to try, fail, go through all kinds > of gyrations to get the job done. Certainly a valid point for such usage. > > A lot of sysadmins seem to think they're more ``secure'' by leaving > stuff out of their userland which I think is wrong, or else it's just > some OCD/NIH/bikeshed behavior like espresso brewing or car audio. > LOL. . . that spawns a great question then. .. besides a default install bsd system, which ports/pkgs do you install immediately? I don't think OpenBSD supports multiple log files with tail, so multitail it is. sudo, certainly. That point always makes me laugh. . . "it's a stripped down system but has the vital packages of x, y AND z." > It's just annoying when basic unix things like apropos, xcalc, or > emacs are missing. Unix has become a single-user platform. Working the "single-user platform" comment really depends on the environment, of course. If you're the only one with sudo or even shell access, it's completely different than having multiple users. What about large large installations? In the scenarios I've experienced, sudo and maybe bash is it. But emacs on servers, if that's what we're assuming? I disagree, but *a* disagreement proves the point, I guess. > on something after some sysadmin has come in to delete eevrything he > doesn't use is like a cluttered house full of unruly children: every > time you try to do something you trip over some garbage and have to > find another way, and eventually get three or four prerequisites deep > in solving the original problem and forget what you originally wanted > to do. It's extremely frustrating and entirely avoidable. At the > very least I wish people would include whatever comes in Mac OS X or > on an Ubuntu livecd, and even put some effort into not leaving out > things others are likely to want, while around nycbug it seems like > everyone applies their effort in just the opposite direction, swapping > tips on how to ``minimize their installz''. > I can't imagine Ubuntu's sense of "vital packages" (useful term or not?) is necessarily useful. Do they do dailies yet? :) So, Miles, you think having a (relatively) more extensive list of base tools is better? I'd rather figure out which tools I can pipe or learn on the base system to accomplish the task first. . . which I guess you see as the approach of most NYCBUG people. But isn't that what Unix is about? (quick jab about .rmrc to someone else here. . .) Of course, a nice counterpoint to that is the extension of subsystems, flag options, base package rewrites, etc., is hardly minimalist. Interesting points. g From okan at demirmen.com Mon Aug 24 20:24:29 2009 From: okan at demirmen.com (Okan Demirmen) Date: Mon, 24 Aug 2009 20:24:29 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> Message-ID: <20090825002429.GR11107@clam.khaoz.org> On Mon 2009.08.24 at 18:46 -0400, Miles Nordin wrote: [snip] > things others are likely to want, while around nycbug it seems like > everyone applies their effort in just the opposite direction, swapping > tips on how to ``minimize their installz''. hey now, that's generalizing using only a sample of those who like to "talk" on talk - certainly not representative. From carton at Ivy.NET Tue Aug 25 03:22:40 2009 From: carton at Ivy.NET (Miles Nordin) Date: Tue, 25 Aug 2009 03:22:40 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: George Rosamond's message of "Mon, 24 Aug 2009 20:14:10 -0400" References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A932CD2.9080803@ceetonetechnology.com> <20090824232112.GB10139@netmeister.org> Message-ID: gr> world has changed greatly since 1995. I'm sure it has, but I'm saying 29 of 30 mailing lists have not. and yeah I guess some of the changes I just don't care about, like wankers posting through web forums---I don't see clearly oblivious people who have broken the continuity of etiquette as qualified to lead the way forward. If I did, I'd be top-posting and using text/plain; format=flowed. js> cd /usr/pkgsrc/*/package yeah it is annoying openbsd ports are like in outline form or something, not all packages living at the same nesting level. NetBSD is all category/package without exception, which is good. however, in Gentoo I can translate from the name of the installed package directly to the directory in which the build instructions live. In pkgsrc the only way to make that translation is to execute the Makefile, and that's kind of fail. I guess there is some tool to help you do it though, right? I sort of feel like I should be able to type 'gdb command' and get a session with access to full sources for 'command' and every library it depends on, and the sources should be extracted, readable, and pointed to by the installed objects, for any command on the system, yet if I run plain 'command' there should be no memory penalty for the debug info. There should be an organized-enough way to install a system so it behaves this way, enough that I can expect others' systems to be like this provided they've enough disk space, which, frankly, everyone does. I don't know of any Unix distribution that delivers this though maybe I'm just dense. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From jbaltz at 3phasecomputing.com Tue Aug 25 10:07:28 2009 From: jbaltz at 3phasecomputing.com (Jerry B. Altzman) Date: Tue, 25 Aug 2009 10:07:28 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> Message-ID: <4A93F020.1000600@3phasecomputing.com> on 8/24/2009 6:46 PM Miles Nordin said the following: > It's just annoying when basic unix things like apropos, xcalc, or > emacs are missing. Unix has become a single-user platform. Working Clearly, your idea of what 'basic unix' things are and mine differ. That's ok, _non disputandum est_ and all that. > on something after some sysadmin has come in to delete eevrything he > doesn't use is like a cluttered house full of unruly children: every > time you try to do something you trip over some garbage and have to > find another way, and eventually get three or four prerequisites deep > in solving the original problem and forget what you originally wanted Now, that's an interesting metaphor -- an emptier room is filled with more clutter. > to do. It's extremely frustrating and entirely avoidable. At the > very least I wish people would include whatever comes in Mac OS X or > on an Ubuntu livecd, and even put some effort into not leaving out > things others are likely to want, while around nycbug it seems like > everyone applies their effort in just the opposite direction, swapping > tips on how to ``minimize their installz''. Surely, you can realize that there are good and compelling reasons to NOT leave around a full set of tools; the smaller your surface area, the smaller your system is as a target. Of course, if you're making a development environment rather than a production server, having the kitchen sink available is a plus. We had a hard and fast rule about not even having compilers available on production servers: why give possible miscreants more tools to play with? Surely the notion of unix-system-as-server is as understandable as unix-system-as-nethack-platform? //jbaltz -- jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 From pete at nomadlogic.org Tue Aug 25 08:48:20 2009 From: pete at nomadlogic.org (Pete Wright) Date: Tue, 25 Aug 2009 12:48:20 +0000 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: Message-ID: <20090825124817.GA91594@pv.nomadlogic.org> On Mon, Aug 24, 2009 at 01:25:33PM +0000, Dru Lavigne wrote: > > > I'm finishing up an article for BSD mag on BSD tips and tricks. Anyone have a favourite tip or trick they'd like to see in this article? > i've recently found these dtrace scritps are available on my OSX 10.5 systems that are *very* handy and will probably result in me porting them freebsd if they are not already there: iosnoop iotop iopattern iopending opensnoop man -k dtrace shows a bunch of other precooked scripts. this is barely BSD related, but still quite handy to have :) -pete From carton at Ivy.NET Tue Aug 25 13:00:20 2009 From: carton at Ivy.NET (Miles Nordin) Date: Tue, 25 Aug 2009 13:00:20 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A93F020.1000600@3phasecomputing.com> (Jerry B. Altzman's message of "Tue, 25 Aug 2009 10:07:28 -0400") References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> Message-ID: >>>>> "jba" == Jerry B Altzman writes: jba> Clearly, your idea of what 'basic unix' things are and mine jba> differ. mine's based on what used to be included on Unix systems. ex., xcalc is part of the base X11 distribution and used to always be there, while on overmodularized Gentoo I don't get it unless I ask for it. I get systems that have tar but are missing pax and cpio, systems that don't have tcsh because, durrrrr, guess the sysadmin doesn't use tcsh! I don't either, but leaving it out used to break most passwd files. Likewise, emacs is an extremely basic tool expected on any serious Unix system because well over half of wizards use it. It's like some kind of revolution of the dropouts that emacs isn't expected any more---clicky certified sysadmins don't use emacs so ``times have changed''? We don't have to install it because nano-using idiots are the ones doing the menial work of installing the systems that the wizards have to use, at least what few wizards are left. ``works for me so fuck off'' is a Windows attitude. jba> Now, that's an interesting metaphor -- an emptier room is jba> filled with more clutter. yes, I thought it was interesting, too: trip over things which aren't there. jba> Surely, you can realize that there are good and compelling jba> reasons to NOT leave around a full set of tools; the smaller jba> your surface area, the smaller your system is as a target. surface area...again you're privileging the analogy over what it's meant to illustrate, lost haggling about words instead of ideas. Internet-exposed software listening on sockets makes your system a bigger target, as does more kernel code, more network protocols (IPv6), and more setuid binaries. xcalc, not so much. It's just plain wrong. Deleting stuff like this does jackall for your securitah. Installing things on the disk that the attacker could just upload anyway doesn't make any difference! It may set off your security buzzer a little more often, because vulnerabilities like ``reading a malformed message with mutt could execute arbitrary code in the user context'' won't go BRRK-BRRK if you don't install mutt, but removing mutt doesn't give you any more security than not using mutt. Do I really need to explain the unix security model? It seems blatently obvious to me, yet I see MOST people operating under these silly wrong assumptions. jba> We had a hard and fast rule about not even having jba> compilers available on production servers: why give possible jba> miscreants more tools to play with? see above. Or learn how to actually break into a machine, compete in a CTF game or something. yeah, doing nonsense like this may actually help you in CTF, but only because it's a time-based spy-vs-spy game. Annoying yourself to annoy the attacker without actually doing anything concrete to stop him is dumb. unless you really think that you are the only one who can figure out how to compile programs somewhere else and/or install a compiler when one isn't there, and the attacker can't manage it, which seems preposterous since the attacker will have more skill than a sysadmin of this kind. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From jbaltz at 3phasecomputing.com Tue Aug 25 13:58:02 2009 From: jbaltz at 3phasecomputing.com (Jerry B. Altzman) Date: Tue, 25 Aug 2009 13:58:02 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> Message-ID: <4A94262A.2060307@3phasecomputing.com> on 8/25/2009 1:00 PM Miles Nordin said the following: >>>>>> "jba" == Jerry B Altzman writes: > jba> Clearly, your idea of what 'basic unix' things are and mine > jba> differ. > mine's based on what used to be included on Unix systems. ex., xcalc > is part of the base X11 distribution and used to always be there, OK, well, someone took it off. > while on overmodularized Gentoo I don't get it unless I ask for it. I > get systems that have tar but are missing pax and cpio, systems that > don't have tcsh because, durrrrr, guess the sysadmin doesn't use tcsh! > I don't either, but leaving it out used to break most passwd files. > Likewise, emacs is an extremely basic tool expected on any serious > Unix system because well over half of wizards use it. It's like some > kind of revolution of the dropouts that emacs isn't expected any > more---clicky certified sysadmins don't use emacs so ``times have > changed''? We don't have to install it because nano-using idiots are > the ones doing the menial work of installing the systems that the > wizards have to use, at least what few wizards are left. ``works for > me so fuck off'' is a Windows attitude. Yes, but "you don't need it on a production server" is not. Leaving out tcsh from a server and having it break password files is bad. Leaving out emacs is a matter of taste at the very worst -- I don't include it in on production servers, because, well, people aren't supposed to be doing heavy-lifting editing there. > Internet-exposed software listening on sockets makes your system a > bigger target, as does more kernel code, more network protocols > (IPv6), and more setuid binaries. No argument there. > xcalc, not so much. It's just plain wrong. Deleting stuff like this Sez you. "Just plain wrong." Feh. I don't want xcalc on my public-facing servers. > does jackall for your securitah. Installing things on the disk that > the attacker could just upload anyway doesn't make any difference! It Why leave the tools around? I don't get it. It's not security through obscurity, it makes your machine that much harder to compromise through silly stupid stuff. I don't leave knives in the baby's playpen, either. > may set off your security buzzer a little more often, because When you have more than one machine to manage, having a quieter security buzzer means more sleep at night. Your mileage may vary. > vulnerabilities like ``reading a malformed message with mutt could > execute arbitrary code in the user context'' won't go BRRK-BRRK if you > don't install mutt, but removing mutt doesn't give you any more > security than not using mutt. Do I really need to explain the unix Yes, but if I have more than one user on my machine, just because *I* don't use mutt doesn't mean someone *ELSE* won't. You want it both ways here: you want all the things YOU think are useful and castigate people who remove Miles's Expected Packages, and yet you forget here that you might have other users on the machine who might use tools that you don't! If isn't installed, then none of the other sysadmins on my team will inadvertently use to do something stupid. > security model? It seems blatently obvious to me, yet I see MOST > people operating under these silly wrong assumptions. Which part of the security model? Least privilege? Don't leave sharp tools around? Or maybe "security in depth"? I'm not into the whole Tootsie Pop ("hard and crunchy on the outside, soft and chewy on the inside") security model. > jba> We had a hard and fast rule about not even having > jba> compilers available on production servers: why give possible > jba> miscreants more tools to play with? > see above. Why make it *EASIER*? If someone gets on the box as an unprivileged user, but they have to spend hours getting gcc on there to compile their rootkits, it's that much more time I have to respond to the incoming threat. > Or learn how to actually break into a machine, compete in a CTF game > or something. Been there done that. So what? When talking about development servers, sure, have everything you want. When talking about production servers, no, have the barest minimum. Lock it down tight. > yeah, doing nonsense like this may actually help you in CTF, but only > because it's a time-based spy-vs-spy game. Annoying yourself to annoy > the attacker without actually doing anything concrete to stop him is > dumb. unless you really think that you are the only one who can Yah, well, I guess everyone's entitled to your opinion. It doesn't annoy my trained staff to expect very little on my production servers. > figure out how to compile programs somewhere else and/or install a > compiler when one isn't there, and the attacker can't manage it, which > seems preposterous since the attacker will have more skill than a > sysadmin of this kind. So...the alternative is...what? I don't get it. If I have an extra hour, then that's an extra HOUR I have to prevent or mitigate damage. At what cost? The cost of not having gcc or xcalc on my *production* servers? Why do I want someone running unnecessary processes there? Seems like a minor inconvenience for a stronger security model. //jbaltz -- jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 From spork at bway.net Tue Aug 25 17:31:36 2009 From: spork at bway.net (Charles Sprickman) Date: Tue, 25 Aug 2009 17:31:36 -0400 (EDT) Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A93F020.1000600@3phasecomputing.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> Message-ID: On Tue, 25 Aug 2009, Jerry B. Altzman wrote: > on 8/24/2009 6:46 PM Miles Nordin said the following: >> It's just annoying when basic unix things like apropos, xcalc, or >> emacs are missing. Unix has become a single-user platform. Working > > Clearly, your idea of what 'basic unix' things are and mine differ. > That's ok, _non disputandum est_ and all that. Hey, you know real men use "bc" for all their calculator needs, right? :) (it is part of the base OS in FreeBSD and OS-X, fwiw) > > //jbaltz > -- > jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > From sahil at tandon.net Tue Aug 25 21:29:49 2009 From: sahil at tandon.net (Sahil Tandon) Date: Tue, 25 Aug 2009 21:29:49 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <20090825124817.GA91594@pv.nomadlogic.org> References: <20090825124817.GA91594@pv.nomadlogic.org> Message-ID: <20090826012949.GA2135@tandon.net> On Tue, 25 Aug 2009, Pete Wright wrote: > i've recently found these dtrace scritps are available on my OSX 10.5 > systems that are *very* handy and will probably result in me porting > them freebsd if they are not already there: > > iosnoop > iotop > iopattern > iopending > opensnoop These are all part of the DTraceToolkit[1] and already available in FreeBSD ports[2]. > man -k dtrace shows a bunch of other precooked scripts. I prefer apropos(1). :-) [1] http://www.opensolaris.org/os/community/dtrace/dtracetoolkit/ [2] http://www.freebsd.org/cgi/cvsweb.cgi/ports/sysutils/DTraceToolkit/ -- Sahil Tandon From isaac at diversaform.com Tue Aug 25 23:08:33 2009 From: isaac at diversaform.com (Isaac Levy) Date: Tue, 25 Aug 2009 23:08:33 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: Message-ID: <0E894269-A1C5-4E47-9CC6-DF8FC640508A@diversaform.com> On Aug 24, 2009, at 9:25 AM, Dru Lavigne wrote: > > I'm finishing up an article for BSD mag on BSD tips and tricks. > Anyone have a favourite tip or trick they'd like to see in this > article? > > Cheers, > > Dru Being a huge fan of carp(4) for redundant routers/firewalls, I've recently become terribly enamored with lagg(4), for *extremely* easy link failover, (or aggregation). To my knowledge, FreeBSD is all I know that has lagg interfaces. With carp and lagg, (and some redundant upstream infrastructure) one can create full network redundancy all the way up to a server- aside from the network redundancy/HA aspects, it's awesome to be able to upgrade or replace network components in a live network: security upgrades happen easier, hardware gets shuffled on the fly, life is good. Rocket- .ike From isaac at diversaform.com Tue Aug 25 23:21:44 2009 From: isaac at diversaform.com (Isaac Levy) Date: Tue, 25 Aug 2009 23:21:44 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A94262A.2060307@3phasecomputing.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> Message-ID: <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> On Aug 25, 2009, at 1:58 PM, Jerry B. Altzman wrote: > on 8/25/2009 1:00 PM Miles Nordin said the following: >>>>>>> "jba" == Jerry B Altzman writes: Lively. You both have strong points- but what's lacking overall is context. To do or not to do ends up a discussion of threat models, computing objectives, and constraints- which decide these points in a given context quite easily. I see no fundamental 'right' in either side of the points argued, Miles keeps his compiler, and Jerry deletes his. Good thing nobody has taken rm out of any base UNIX system, (well, perhaps some embedded UNIXs cellphone doesn't have ls?!) Rocket- .ike From okan at demirmen.com Tue Aug 25 23:26:15 2009 From: okan at demirmen.com (Okan Demirmen) Date: Tue, 25 Aug 2009 23:26:15 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <0E894269-A1C5-4E47-9CC6-DF8FC640508A@diversaform.com> References: <0E894269-A1C5-4E47-9CC6-DF8FC640508A@diversaform.com> Message-ID: <20090826032615.GE11107@clam.khaoz.org> On Tue 2009.08.25 at 23:08 -0400, Isaac Levy wrote: > On Aug 24, 2009, at 9:25 AM, Dru Lavigne wrote: > > > > > I'm finishing up an article for BSD mag on BSD tips and tricks. > > Anyone have a favourite tip or trick they'd like to see in this > > article? > > > > Cheers, > > > > Dru > > > > Being a huge fan of carp(4) for redundant routers/firewalls, I've > recently become terribly enamored with lagg(4), for *extremely* easy > link failover, (or aggregation). > > To my knowledge, FreeBSD is all I know that has lagg interfaces. OpenBSD has had trunk(4) for a while; does lacp, failover, loadbalance, and roundrobin. Heck, one can use it to roam from wired to wireless - there's a tip that differs ;) Toss bgpd(8) in and there's your HA network. > With carp and lagg, (and some redundant upstream infrastructure) one > can create full network redundancy all the way up to a server- aside > from the network redundancy/HA aspects, it's awesome to be able to > upgrade or replace network components in a live network: security > upgrades happen easier, hardware gets shuffled on the fly, life is good. > > Rocket- > .ike > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From okan at demirmen.com Tue Aug 25 23:34:28 2009 From: okan at demirmen.com (Okan Demirmen) Date: Tue, 25 Aug 2009 23:34:28 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <20090826032615.GE11107@clam.khaoz.org> References: <0E894269-A1C5-4E47-9CC6-DF8FC640508A@diversaform.com> <20090826032615.GE11107@clam.khaoz.org> Message-ID: <20090826033428.GF11107@clam.khaoz.org> On Tue 2009.08.25 at 23:26 -0400, Okan Demirmen wrote: > On Tue 2009.08.25 at 23:08 -0400, Isaac Levy wrote: > > Being a huge fan of carp(4) for redundant routers/firewalls, I've > > recently become terribly enamored with lagg(4), for *extremely* easy > > link failover, (or aggregation). > > > > To my knowledge, FreeBSD is all I know that has lagg interfaces. > > OpenBSD has had trunk(4) for a while; does lacp, failover, loadbalance, > and roundrobin. Heck, one can use it to roam from wired to wireless - > there's a tip that differs ;) Toss bgpd(8) in and there's your HA > network. oh (almost forgot what list i'm on), before someone goes and accuses me of running bgpd over wireless while roaming, that last sentence was meant merely to be a *different* example of the use of carp, trunk and bgpd - much like ike's below. > > With carp and lagg, (and some redundant upstream infrastructure) one > > can create full network redundancy all the way up to a server- aside > > from the network redundancy/HA aspects, it's awesome to be able to > > upgrade or replace network components in a live network: security > > upgrades happen easier, hardware gets shuffled on the fly, life is good. > > > > Rocket- > > .ike > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nycbug.org > > http://lists.nycbug.org/mailman/listinfo/talk > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From isaac at diversaform.com Tue Aug 25 23:49:46 2009 From: isaac at diversaform.com (Isaac Levy) Date: Tue, 25 Aug 2009 23:49:46 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <20090826032615.GE11107@clam.khaoz.org> References: <0E894269-A1C5-4E47-9CC6-DF8FC640508A@diversaform.com> <20090826032615.GE11107@clam.khaoz.org> Message-ID: <399D728D-D9DB-40E2-9C65-AC25773A6B12@diversaform.com> On Aug 25, 2009, at 11:26 PM, Okan Demirmen wrote: > OpenBSD has had trunk(4) for a while; does lacp, failover, > loadbalance, > and roundrobin Yeah- been jealous of trunk since you told me about it like 2 yrs ago at a meeting :) Doing some more research, on FreeBSD, the man page for trunk(4) brings up the man page for lagg(4), which states it was actually originally written for OpenBSD, and the LACP bits were written on NetBSD. Cool. :) -- Perhaps wandering off-topic, I wonder why the name changed when the code was ported? Rocket- .ike From bonsaime at gmail.com Wed Aug 26 00:10:13 2009 From: bonsaime at gmail.com (Jesse Callaway) Date: Wed, 26 Aug 2009 00:10:13 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> Message-ID: On Mon, Aug 24, 2009 at 6:24 PM, Charles Sprickman wrote: > On Mon, 24 Aug 2009, George Rosamond wrote: > >> RAID STATUSES DAILY >> >> I get lots of dailies. . . and always add the following to cron on its own: >> status of RAIDs on the local box. ?Every blob or BSD software raid solution >> has its 'status' check, and seeing an email specific on that makes me sleep >> better. > > That's a good one. > > For gmirror, at some point this file showed up in /etc/periodic/daily: > > /etc/periodic/daily/406.status-gmirror > > Which is activated by setting daily_status_gmirror_enable="YES" in > /etc/periodic.conf. > > Actually, just looking through /etc/defaults/periodic.conf is handy as > well. ?You can combine your daily and security emails into one, turn off > checks that you don't need (ie: the r* checks), and basically trim your > daily reports down to something more manageable. > > Back to RAID, some cards, like the LSI stuff in Dells that use the mpt > driver have no utility to manage or check the status. ?But there is some > info on "non-optimal volumes" available in the sysctl output. ?Some other > drivers with no management software may do the same. > > Regardless, here's a silly shell script I dumped in > /usr/local/etc/periodic/daily to put RAID status in my daily emails: > > ---- > #!/bin/sh > > # show number of non-optimal drives attached to mpt raid card > > NONOPT=`/sbin/sysctl -n dev.mpt.0.nonoptimal_volumes` > > echo > echo "Checking MPT RAID array" > echo > > if [ $NONOPT -eq 0 ]; then > ? ? ? ? echo "No non-optimal volumes: ($NONOPT)" > elif [ $NONOPT -ne 0 ]; then > ? ? ? ? echo "WARNING, $NONOPT non-optimal volumes!" > fi > ---- > Charles > >> >> g >> > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > If anyone uses the megacli program... the camel case and the dashes before any arguments are optional. From spork at bway.net Wed Aug 26 00:14:08 2009 From: spork at bway.net (Charles Sprickman) Date: Wed, 26 Aug 2009 00:14:08 -0400 (EDT) Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A94B5FE.2020400@3phasecomputing.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94B5FE.2020400@3phasecomputing.com> Message-ID: On Wed, 26 Aug 2009, Jerry B. Altzman wrote: > on 8/25/2009 5:31 PM Charles Sprickman said the following: >> On Tue, 25 Aug 2009, Jerry B. Altzman wrote: >>> on 8/24/2009 6:46 PM Miles Nordin said the following: >>>> It's just annoying when basic unix things like apropos, xcalc, or >>>> emacs are missing. Unix has become a single-user platform. Working >>> Clearly, your idea of what 'basic unix' things are and mine differ. >>> That's ok, _non disputandum est_ and all that. >> Hey, you know real men use "bc" for all their calculator needs, right? :) > > I was going to write something like that, but I didn't want to fall into the > "Real Programmers" mentality, or as Miles go nicely put it: >> ``works for >> me so fuck off'' is a Windows attitude. I seriously do use it. Even on my Mac. The terminal window is right there, and who doesn't love two-letter commands? Plus the launch time of the gui calculator on my Mac depresses me. C > //jbaltz > -- > jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 > From lavalamp at spiritual-machines.org Wed Aug 26 00:30:06 2009 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Wed, 26 Aug 2009 00:30:06 -0400 (EDT) Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <399D728D-D9DB-40E2-9C65-AC25773A6B12@diversaform.com> References: <0E894269-A1C5-4E47-9CC6-DF8FC640508A@diversaform.com> <20090826032615.GE11107@clam.khaoz.org> <399D728D-D9DB-40E2-9C65-AC25773A6B12@diversaform.com> Message-ID: > -- Perhaps wandering off-topic, I wonder why the name changed when the > code was ported? Before someone suggests it, I doubt it was to obfuscate the origin of the code. Trunk is the Cisco-esque terminology for "VLAN trunking" between. Link "aggregation", or "bonding" are what other groups call it, to avoid ambiguity. Except Radware, bah. From carton at Ivy.NET Wed Aug 26 02:10:34 2009 From: carton at Ivy.NET (Miles Nordin) Date: Wed, 26 Aug 2009 02:10:34 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: Isaac Levy's message of "Tue, 25 Aug 2009 23:21:44 -0400" References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> Message-ID: >>>>> "il" == Isaac Levy writes: >>>>> "cs" == Charles Sprickman writes: il> Lively. You both have strong points- which points were strong? or by strong did you mean strong opinions, in that neither one of us was the slightest bit swayed by the other, and has if anything less respect for the other than when he began? il> To do or not to do ends up a discussion of threat models, Yeah, but you're acting like a discussion of threat models never took place, and it did. I said something like ``kernel code, setuid binaries, and listening daemons matter because they are exposed to attackers. For ordinary userspace programs, programs you don't run are no less secure than programs that aren't installed, because the attacker can just upload whatever code he needs. Not installing a compiler inconveniences you more than the attacker, and `inconvenience the attacker' should not be the goal of your security anyway.'' There's no whiteboard involved in the ``threat modeling'' I did, but pointing out ``these classes of threats are equivalent'' sounds like a model to me. Jerry said something like, ``yeah well every little bit you can hypothetically slow down a particular specific kind of attacker is Good so I see no need to change my rituals.'' His model is to basically leave clutter all over the place, slowing down attackers and legitimate users alike. just slow down everything. It's so obviously dumb. Shall we ``model'' it further? Most attacks are automated, so unless you're the lucky FIRST GUY on which the attack's designed, it won't matter how much you do or don't slow down his development because the attack will already be scripted and replicated by the time you face it. It's unlikely you'll even slow down the first victim, because the attacker will almost certainly build his own machine to attack first, because when you are trying to develop the exploit you keep getting it wrong over and over which crashes the victim daemon, so you have to restart the daemon, and if you practice on a real victim he'll get wise. seriously, minified systems are end-to-end dumb. il> computing objectives, and constraints- which decide these il> points in a given context quite easily. whaaaaaaa? how many contexts have you got in mind? can you even think of two examples that obviously sway one to my view and one to Jerry's? Where the relevant difference is in the ``objective''? upon which we'd both plausibly agree? il> I see no fundamental 'right' in either side of the points il> argued, Miles keeps his compiler, and Jerry deletes his. I just hate these ``can't we all just get along'' posts. What for? It's obvious this guy and I are not going to agree, and the only thing you do with these feelgood prozac posts is encourage everyone to forget everything they read because it's all ``relative'' or something. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From jbaltz at 3phasecomputing.com Wed Aug 26 00:11:42 2009 From: jbaltz at 3phasecomputing.com (Jerry B. Altzman) Date: Wed, 26 Aug 2009 00:11:42 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> Message-ID: <4A94B5FE.2020400@3phasecomputing.com> on 8/25/2009 5:31 PM Charles Sprickman said the following: > On Tue, 25 Aug 2009, Jerry B. Altzman wrote: >> on 8/24/2009 6:46 PM Miles Nordin said the following: >>> It's just annoying when basic unix things like apropos, xcalc, or >>> emacs are missing. Unix has become a single-user platform. Working >> Clearly, your idea of what 'basic unix' things are and mine differ. >> That's ok, _non disputandum est_ and all that. > Hey, you know real men use "bc" for all their calculator needs, right? :) I was going to write something like that, but I didn't want to fall into the "Real Programmers" mentality, or as Miles go nicely put it: > ``works for > me so fuck off'' is a Windows attitude. //jbaltz -- jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 From akosela at andykosela.com Wed Aug 26 03:27:52 2009 From: akosela at andykosela.com (Andy Kosela) Date: Wed, 26 Aug 2009 09:27:52 +0200 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> Message-ID: <4a94e3f8.S1+RrsylfVflWexS%akosela@andykosela.com> Charles Sprickman wrote: > On Tue, 25 Aug 2009, Jerry B. Altzman wrote: > > > on 8/24/2009 6:46 PM Miles Nordin said the following: > >> It's just annoying when basic unix things like apropos, xcalc, or > >> emacs are missing. Unix has become a single-user platform. Working > > > > Clearly, your idea of what 'basic unix' things are and mine differ. > > That's ok, _non disputandum est_ and all that. > > Hey, you know real men use "bc" for all their calculator needs, right? :) > > (it is part of the base OS in FreeBSD and OS-X, fwiw) And I think you all know that real wizards still use ed(1) :) --Andy From akosela at andykosela.com Wed Aug 26 03:36:13 2009 From: akosela at andykosela.com (Andy Kosela) Date: Wed, 26 Aug 2009 09:36:13 +0200 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> Message-ID: <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> Miles Nordin wrote: > I said something like ``kernel code, setuid binaries, and listening > daemons matter because they are exposed to attackers. For ordinary > userspace programs, programs you don't run are no less secure than > programs that aren't installed, because the attacker can just upload > whatever code he needs. Not installing a compiler inconveniences you > more than the attacker, and `inconvenience the attacker' should not be > the goal of your security anyway.'' There's no whiteboard involved in > the ``threat modeling'' I did, but pointing out ``these classes of > threats are equivalent'' sounds like a model to me. I generally agree with Miles here, but still think that X11 on the production server (say DNS or mail) is not really necessary and it saves you from some bloat. For me the UNIX toolkit is strictly CLI tools -- X11 is only good for a desktop machine anyway. --Andy From bcully at gmail.com Wed Aug 26 08:11:36 2009 From: bcully at gmail.com (Brian Cully) Date: Wed, 26 Aug 2009 08:11:36 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> Message-ID: <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> On 26-Aug-2009, at 03:36, Andy Kosela wrote: > I generally agree with Miles here, but still think that X11 on the > production server (say DNS or mail) is not really necessary and it > saves > you from some bloat. For me the UNIX toolkit is strictly CLI tools -- > X11 is only good for a desktop machine anyway. X has proved its worth to me on production servers many times in the past, from using it for ethereal/wireshark to Erlang's tcl/tk toolkits, to being able to run purify on a production daemon to nail down a crash. It strikes me as the same kind of problems as logs, only less-so: you don't often need full logging, but when you do, it's a life saver, so it's good to have them even if you don't think you'll need them. As George says, it's not 1995 anymore. Developers are starting to reach for GUI toolkits for administration over CLI, and some tasks are just plain better done in GUI, anyway (wireshark is a huge win over tcpdump, especially in a crunch). -bjc From george at ceetonetechnology.com Wed Aug 26 09:34:26 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 26 Aug 2009 09:34:26 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> Message-ID: <4A9539E2.6060503@ceetonetechnology.com> Brian Cully wrote: > On 26-Aug-2009, at 03:36, Andy Kosela wrote: >> I generally agree with Miles here, but still think that X11 on the >> production server (say DNS or mail) is not really necessary and it >> saves >> you from some bloat. For me the UNIX toolkit is strictly CLI tools -- >> X11 is only good for a desktop machine anyway. > > X has proved its worth to me on production servers many times in the > past, from using it for ethereal/wireshark to Erlang's tcl/tk > toolkits, to being able to run purify on a production daemon to nail > down a crash. It strikes me as the same kind of problems as logs, only > less-so: you don't often need full logging, but when you do, it's a > life saver, so it's good to have them even if you don't think you'll > need them. > > As George says, it's not 1995 anymore. Developers are starting to > reach for GUI toolkits for administration over CLI, and some tasks are > just plain better done in GUI, anyway (wireshark is a huge win over > tcpdump, especially in a crunch). I was hoping that this thread would either go back to its relevant beginnings, or just die. Still have my fingers crossed. My "it's not 1995" comment wasn't about dropping the CLI, it was about spammers scrapping the world for email addresses. g From jbaltz at 3phasecomputing.com Wed Aug 26 10:29:39 2009 From: jbaltz at 3phasecomputing.com (Jerry B. Altzman) Date: Wed, 26 Aug 2009 10:29:39 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> Message-ID: <4A9546D3.1060809@3phasecomputing.com> on 8/26/2009 8:11 AM Brian Cully said the following: > As George says, it's not 1995 anymore. Developers are starting to > reach for GUI toolkits for administration over CLI, and some tasks are > just plain better done in GUI, anyway (wireshark is a huge win over > tcpdump, especially in a crunch). Why are developers on production servers? Why are you developing on production servers? There's a bit of difference between J. Random Godaddy hosting where everybody's on one machine -- for a development environment, I encourage having a full complement of packages. For my production environments, I want much tighter controls. > -bjc //jbaltz -- jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 From chsnyder at gmail.com Wed Aug 26 10:37:11 2009 From: chsnyder at gmail.com (Chris Snyder) Date: Wed, 26 Aug 2009 10:37:11 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94B5FE.2020400@3phasecomputing.com> Message-ID: On Wed, Aug 26, 2009 at 12:14 AM, Charles Sprickman wrote: > I seriously do use it. ?Even on my Mac. ?The terminal window is right > there, and who doesn't love two-letter commands? > > Plus the launch time of the gui calculator on my Mac depresses me. That's because it connects to wu.apple.com for the latest exchange rates as it launches. From george at ceetonetechnology.com Wed Aug 26 11:07:24 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 26 Aug 2009 11:07:24 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A9546D3.1060809@3phasecomputing.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> <4A9546D3.1060809@3phasecomputing.com> Message-ID: <4A954FAC.1070703@ceetonetechnology.com> Jerry B. Altzman wrote: > on 8/26/2009 8:11 AM Brian Cully said the following: >> As George says, it's not 1995 anymore. Developers are starting to >> reach for GUI toolkits for administration over CLI, and some tasks are >> just plain better done in GUI, anyway (wireshark is a huge win over >> tcpdump, especially in a crunch). > > Why are developers on production servers? > Why are you developing on production servers? > > There's a bit of difference between J. Random Godaddy hosting where > everybody's on one machine -- for a development environment, I encourage > having a full complement of packages. For my production environments, I > want much tighter controls. That's really the crux of it. But take a step back: we all know (or know of) the relatively safe pre-http environment of academic computing in Unix's origins. . . or really the 1970's to be exact. I think the wholesale installation of tools and packages made sense in that context. But it was restricted by the expense of drive space and memory. Frankly, trying to keep lots of ports updated (because they are the major source of vulnerabilities) is the point. Why worry about keeping more updated? Why watch for more apps alerts? The relatively infrequent BSD-related base vulnerability alerts are pleasant. .. the third-party-based ports are what keeps most of us up at night. I really don't understand the point here. This was the beauty of comparing my first Linux versus my first OpenBSD install. I could run 'top' on OpenBSD, and I wasn't doing anything I didn't want. Hell, I couldn't do *anything* :). With Linux, I was probably running an open mail relay. But the OpenBSD box was going to do what I asked, and nothing more. It's not a "Windows attitude" versus a "BSD attitude." Open Source and traditional Unix-land provides the keys to knowing every inch of code that is running. Windows (and Linuxes) pile on the garbage to the nth degree for both the "ease of use" and crackers. (FreeBSD blob comments understood) My $0.02 in this wildly useless tangent. g From bcully at gmail.com Wed Aug 26 12:42:24 2009 From: bcully at gmail.com (Brian Cully) Date: Wed, 26 Aug 2009 12:42:24 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A9546D3.1060809@3phasecomputing.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> <4A9546D3.1060809@3phasecomputing.com> Message-ID: <617CD56C-6161-4A9E-A807-C6201FEF3B3A@gmail.com> On 26-Aug-2009, at 10:29, Jerry B. Altzman wrote: > Why are developers on production servers? Because sometimes a sysadmin doesn't have enough knowledge of a complex piece of software to figure out why things are going awry in production. Sometimes problems only crop up in production. Sometimes your developers are your sysadmins. Sometimes sysadmins prefer these tools or have no other suitable CLI substitute. > Why are you developing on production servers? I didn't say I or anyone else was. X is still valuable even if you do the actual development/compilation somewhere else. I just don't see the harm except for niche environments. Why should I fret about having X take up a hundred megs of space even if I don't use it when I have a terabytes? And odds are good that at some point in the future, if I use the box long enough, I'll want X in a crunch. -bjc From drulavigne at sympatico.ca Wed Aug 26 13:10:01 2009 From: drulavigne at sympatico.ca (Dru Lavigne) Date: Wed, 26 Aug 2009 17:10:01 +0000 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <617CD56C-6161-4A9E-A807-C6201FEF3B3A@gmail.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> <4A9546D3.1060809@3phasecomputing.com> <617CD56C-6161-4A9E-A807-C6201FEF3B3A@gmail.com> Message-ID: Thanks to all who provided tips! Look for the article in the Q1/2010 issue of BSDMag. Cheers, Dru -------------- next part -------------- An HTML attachment was scrubbed... URL: From jbaltz at 3phasecomputing.com Wed Aug 26 10:14:52 2009 From: jbaltz at 3phasecomputing.com (Jerry B. Altzman) Date: Wed, 26 Aug 2009 10:14:52 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> Message-ID: <4A95435C.2090602@3phasecomputing.com> on 8/26/2009 2:10 AM Miles Nordin said the following: >>>>>> "il" == Isaac Levy writes: >>>>>> "cs" == Charles Sprickman writes: > which points were strong? or by strong did you mean strong opinions, > in that neither one of us was the slightest bit swayed by the other, > and has if anything less respect for the other than when he began? Well, I did love the ph33rst4mpz post. > I said something like ``kernel code, setuid binaries, and listening > daemons matter because they are exposed to attackers. For ordinary > userspace programs, programs you don't run are no less secure than > programs that aren't installed, because the attacker can just upload > whatever code he needs. Not installing a compiler inconveniences you If it takes him more time, if it's harder, then better. > more than the attacker, and `inconvenience the attacker' should not be > the goal of your security anyway.'' There's no whiteboard involved in You could make a whole scarecrow out of that straw man argument. I never said that it's the *GOAL* of my security, but it is PART of it. > Jerry said something like, ``yeah well every little bit you can > hypothetically slow down a particular specific kind of attacker is > Good so I see no need to change my rituals.'' His model is to How is this better than you refusing to change yours? Yes: everything you do to increase the cost of attack on you is better. (For an interesting proof of this, witness the success of graylisting.) > basically leave clutter all over the place, slowing down attackers and > legitimate users alike. just slow down everything. It's so obviously > dumb. Once again, how can you have MORE clutter when FEWER things are there? It's an interesting metaphor, but it's totally wrong. YOUR tools to do you work aren't there...so you have to bring your own (just like any other visitor)...and presumably you'd have to clean up after yourself. WE had methods in place to deploy software to OUR production servers that didn't require an entire development toolset to be available. It worked wonderfully. > Shall we ``model'' it further? Most attacks are automated, so unless > you're the lucky FIRST GUY on which the attack's designed, it won't > matter how much you do or don't slow down his development because the > attack will already be scripted and replicated by the time you face > it. It's unlikely you'll even slow down the first victim, because the > attacker will almost certainly build his own machine to attack first, > because when you are trying to develop the exploit you keep getting it > wrong over and over which crashes the victim daemon, so you have to > restart the daemon, and if you practice on a real victim he'll get > wise. Right. But there are other forms of attack as well -- leaving around detritus, or compromised tools, or ... and not all attackers are as smart as you've made them out to be. The fewer things I have to audit/examine/confirm, the better from a security standpoint. The fewer things I have to maintain and monitor for security updates, the better. > seriously, minified systems are end-to-end dumb. Seriously, minified systems are end-to-end smart. "Least privilege", YAGNI, and whatnot. > il> I see no fundamental 'right' in either side of the points > il> argued, Miles keeps his compiler, and Jerry deletes his. > I just hate these ``can't we all just get along'' posts. What for? Gee, Miles, on this we agree. Miles thinks I'm stupid -- at least in this regard. I think Miles is stupid -- at least in this regard. I don't post here to sway Miles. It's clear that he's thought about this, at least minimally, as have I. I post here to sway others who might be reading. I won't try to speak for Miles; he is eminently capable of speaking for himself. //jbaltz -- jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 From george at ceetonetechnology.com Wed Aug 26 14:35:16 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 26 Aug 2009 14:35:16 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> <4A9546D3.1060809@3phasecomputing.com> <617CD56C-6161-4A9E-A807-C6201FEF3B3A@gmail.com> Message-ID: <4A958064.9050903@ceetonetechnology.com> Dru Lavigne wrote: > > Thanks to all who provided tips! Look for the article in the Q1/2010 > issue of BSDMag. > LOL. . .oh, right. *That* was the point of this :) The thread, or at least the relevant parts, were the good basis of a talk, online doc, etc. . You have to do some weaving, but it could be interesting. . . a kind of unix toolkit talk. Hit me offlist if interested in pursuing anyone. . . (btw, next two talks posted on nycbug.org) g From isaac at diversaform.com Wed Aug 26 14:44:26 2009 From: isaac at diversaform.com (Isaac Levy) Date: Wed, 26 Aug 2009 14:44:26 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4a94e3f8.S1+RrsylfVflWexS%akosela@andykosela.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4a94e3f8.S1+RrsylfVflWexS%akosela@andykosela.com> Message-ID: On Aug 26, 2009, at 3:27 AM, Andy Kosela wrote: > Charles Sprickman wrote: > >> On Tue, 25 Aug 2009, Jerry B. Altzman wrote: >> >>> on 8/24/2009 6:46 PM Miles Nordin said the following: >>>> It's just annoying when basic unix things like apropos, xcalc, or >>>> emacs are missing. Unix has become a single-user platform. >>>> Working >>> >>> Clearly, your idea of what 'basic unix' things are and mine differ. >>> That's ok, _non disputandum est_ and all that. >> >> Hey, you know real men use "bc" for all their calculator needs, >> right? :) >> >> (it is part of the base OS in FreeBSD and OS-X, fwiw) > > And I think you all know that real wizards still use ed(1) :) > > --Andy A nod and grin to ed(1) Rocket- .ike From bcully at gmail.com Wed Aug 26 15:22:15 2009 From: bcully at gmail.com (Brian Cully) Date: Wed, 26 Aug 2009 15:22:15 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A9584BF.7040002@3phasecomputing.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> <4A9546D3.1060809@3phasecomputing.com> <617CD56C-6161-4A9E-A807-C6201FEF3B3A@gmail.com> <4A9584BF.7040002@3phasecomputing.com> Message-ID: On 26-Aug-2009, at 14:53, Jerry B. Altzman wrote: > on 8/26/2009 12:42 PM Brian Cully said the following: >> On 26-Aug-2009, at 10:29, Jerry B. Altzman wrote: >>> Why are developers on production servers? >> Because sometimes a sysadmin doesn't have enough knowledge of a >> complex piece of software to figure out why things are going awry >> in production. Sometimes problems only crop up in production. >> Sometimes your developers are your sysadmins. Sometimes sysadmins >> prefer these tools or have no other suitable CLI substitute. > > That's right...so you take dumps over, or you sit with them...on a > not-the-production-server machine. Dumps? You're off it. Not every piece of software produces a core dump, let alone a usable one. Even if it does, sometimes you can only catch a bug in production unless you're willing to wait until the next ice age catch it you're "right" way. Like it or not, being able to debug in real-time as the problem occurs is an enormous time-saver a lot of the time. And when your system is breaking in production you don't have a lot of time to fix it. And please, don't start on about version control. I've had systems where a hardware rollout has broken servers and that's not exactly something you can just roll back. > I'm not talking about everything-on-a-server. I'm talking about, you > know, real production environments with real change control and > whatnot. FSVO "real." Elitism, I hardly knew ye. >> do the actual development/compilation somewhere else. I just don't >> see the harm except for niche environments. Why should I fret about >> having X take up a hundred megs of space even if I don't use it >> when I have a terabytes? And odds are good that at some point in >> the future, if I use the box long enough, I'll want X in a crunch. > > More straw -- I never mentioned saving disk space. So what's the harm? Where's the attack vector on a non-s*id binary that no one ever runs? Where's the attack vector when it *is* run, assuming I have normal user privs? How does having X clients installed on my box give an attacker more surface area? How is it different than having vi installed on my box? I'm not even talking about compilers, just standard user-land no-privs tools. FWIW, I actually agree about the compilers to some degree, but for different reasons. I don't install them because I don't want people compiling code on the server outside of source control and build mechanisms, not because it grants me security (which it doesn't in any meaningful sense). Even that's basically impossible these days since a lot of code isn't compiled (ruby, php, &c). So perhaps ruby shouldn't be installed either. -bjc From akosela at andykosela.com Wed Aug 26 16:43:41 2009 From: akosela at andykosela.com (Andy Kosela) Date: Wed, 26 Aug 2009 22:43:41 +0200 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> Message-ID: <4a959e7d.hSNOPHWlRx0XHIV3%akosela@andykosela.com> Brian Cully wrote: > As George says, it's not 1995 anymore. Developers are starting to > reach for GUI toolkits for administration over CLI, and some tasks are > just plain better done in GUI, anyway (wireshark is a huge win over > tcpdump, especially in a crunch). Yes, some tasks are done better in Windows, especially for people who are used to point & click behavior. The UNIX toolkit is a set of standard CLI tools mainly centered around pipe "glue". I agree whole heartedly with David Korn who once said: "There are many people who use UNIX or Linux who IMHO do not understand UNIX. UNIX is not just an operating system, it is a way of doing things, and the shell plays a key role by providing the glue that makes it work. The UNIX methodology relies heavily on reuse of a set of tools rather than on building monolithic applications. Even perl programmers often miss the point, writing the heart and soul of the application as perl script without making use of the UNIX toolkit." --David Korn GUI is not a UNIX way of doing things. I am aware that some of you can be spoiled by desktop Linux and its race to imitate Windows, but still there are people out there who grew up on vi(1) and still copy their files using cp(1) and not some fancy GUI file manager. Like it or not UNIX will be always centered around ASCII plain text format and CLI. Those GUI front-ends only unnecessary complicate things. --Andy From jbaltz at 3phasecomputing.com Wed Aug 26 14:53:51 2009 From: jbaltz at 3phasecomputing.com (Jerry B. Altzman) Date: Wed, 26 Aug 2009 14:53:51 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <617CD56C-6161-4A9E-A807-C6201FEF3B3A@gmail.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> <4A9546D3.1060809@3phasecomputing.com> <617CD56C-6161-4A9E-A807-C6201FEF3B3A@gmail.com> Message-ID: <4A9584BF.7040002@3phasecomputing.com> on 8/26/2009 12:42 PM Brian Cully said the following: > On 26-Aug-2009, at 10:29, Jerry B. Altzman wrote: >> Why are developers on production servers? > Because sometimes a sysadmin doesn't have enough knowledge of a > complex piece of software to figure out why things are going awry in > production. Sometimes problems only crop up in production. Sometimes > your developers are your sysadmins. Sometimes sysadmins prefer these > tools or have no other suitable CLI substitute. That's right...so you take dumps over, or you sit with them...on a not-the-production-server machine. I'm not talking about everything-on-a-server. I'm talking about, you know, real production environments with real change control and whatnot. >> Why are you developing on production servers? > I didn't say I or anyone else was. X is still valuable even if you It's the response to "why do you need all on a production server?" You don't need a compiler on a production server. And no, while it's "handy", you don't need X on a production server. > do the actual development/compilation somewhere else. I just don't see > the harm except for niche environments. Why should I fret about having X > take up a hundred megs of space even if I don't use it when I have a > terabytes? And odds are good that at some point in the future, if I use > the box long enough, I'll want X in a crunch. More straw -- I never mentioned saving disk space. > -bjc //jbaltz -- jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 From carton at Ivy.NET Wed Aug 26 18:49:03 2009 From: carton at Ivy.NET (Miles Nordin) Date: Wed, 26 Aug 2009 18:49:03 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: Jerry B. Altzman's message of "Wed, 26 Aug 2009 10:29:39 -0400" References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> <4A9546D3.1060809@3phasecomputing.com> <4A95435C.2090602@3phasecomputing.com> Message-ID: >>>>> "jba" == Jerry B Altzman writes: jba> Why are developers on production servers? examples Brian gave, Wireshark and Purify, both apply to production systems. basically, to fix bugs. Someone else mentioned dtrace which is also designed to be used on production machines because performance data is often something that's better collected than simulated. jba> Why are you developing on production servers? You're not. What I think Jerry's really saying is ``why do I have to put up with people smarter than me with all their fancy smart-person tools using my machines? I should have a separate space where I don't have to accomodate them, so I'm maximally free to do the small job for which I was hired, a job at which I'm provably quite good.'' I think this is a really valid view and a strong point. yeah these guys do break things. so long as you state it honestly, that what you're really doing is making your box deliberately rude, ponderous, and unwelcoming to keep other authorized people off of it, maybe people your management told you ``let them on,'' not defending from outside attackers. however...using some of these powerful complicated observational tools is, serious win, like night and day, and if you can welcome these people in comfortably instead of talking obstructionist circles in meetings, you will all win big. I wish I'd brought it up so clearly. jba> Once again, how can you have MORE clutter when FEWER things jba> are there? haha yeah. I leave this as an exercise for the reader. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 304 bytes Desc: not available URL: From jbaltz at 3phasecomputing.com Wed Aug 26 21:34:30 2009 From: jbaltz at 3phasecomputing.com (Jerry B. Altzman) Date: Wed, 26 Aug 2009 21:34:30 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> <4A9546D3.1060809@3phasecomputing.com> <4A95435C.2090602@3phasecomputing.com> Message-ID: <4A95E2A6.5060808@3phasecomputing.com> on 8/26/2009 6:49 PM Miles Nordin said the following: >>>>>> "jba" == Jerry B Altzman writes: > jba> Why are you developing on production servers? > You're not. Well, that's a grand relief! I can let my breath go now! > What I think Jerry's really saying is ``why do I have to put up with > people smarter than me with all their fancy smart-person tools using > my machines? I should have a separate space where I don't have to Ah, well you see, there you're wrong. Please note that I don't deign to put words in your mouth. Yet, it seems that you have enough words for both of us! This must be my lucky day! I have never claimed that you don't need tools on development servers. Yes, wireshark is k-ool and 1338 and all that...but YAGNI. Capture with tcpdump, carry it offline, and analyze it later. It works for us physicists, and we found the top quark. (Dtrace is something of a special case, for which I'd venture to say that I'd make accommodations for it. X11? Why? I'm still curious why you'd want to log onto a production server only to throw up an xcalc window from there? You can't run xcalc on your local machine?) > accomodate them, so I'm maximally free to do the small job for which I > was hired, a job at which I'm provably quite good.'' I think this is Sigh. Well, whatever, I'm sure you're the smartest person in the room there with yourself. > a really valid view and a strong point. yeah these guys do break > things. so long as you state it honestly, that what you're really > doing is making your box deliberately rude, ponderous, and unwelcoming > to keep other authorized people off of it, maybe people your > management told you ``let them on,'' not defending from outside > attackers. Or, alternatively, you're doing things not to make it friendly for users, but to make it friendly for processing. You know, computing 'n' stuff. The box isn't there to make the developers' lives easy. It's there to run the frikkin nuclear bomb simulation. While we're at it, by the way, it ALSO has the added bonus of making it hard for unauthorized users to do nasty things. Moby win! > however...using some of these powerful complicated observational tools > is, serious win, like night and day, and if you can welcome these > people in comfortably instead of talking obstructionist circles in > meetings, you will all win big. I wish I'd brought it up so clearly. I know I know...and you CAN do that...but you don't have to do it on production servers. Or you can bring in your specialized tools - when you need them - and take them off again. (An aside with performance measurement: be careful, lest you carefully measure your tools. But that's a different issue--one that by and large people also ignore.) > jba> Once again, how can you have MORE clutter when FEWER things > jba> are there? > haha yeah. I leave this as an exercise for the reader. You're the smartest guy in the room there, I'm sure you and Euler can figure it out. Thanks, Miles, I'm sure you're a fun guy and all, go put words in someone else's mouth. //jbaltz -- jerry b. altzman jbaltz at 3phasecomputing.com +1 718 763 7405 From george at ceetonetechnology.com Wed Aug 26 21:47:58 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 26 Aug 2009 21:47:58 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A95E2A6.5060808@3phasecomputing.com> References: <4A92F130.8070904@ceetonetechnology.com> <4A930834.9040500@ceetonetechnology.com> <4A93F020.1000600@3phasecomputing.com> <4A94262A.2060307@3phasecomputing.com> <3A0343E2-0695-4CAF-A9C6-B6C604999BEC@diversaform.com> <4A94B5FE.2020400@3phasecomputing.com> <4a94e5ed.G63d9jo4QZ9qZKwf%akosela@andykosela.com> <9F540713-CC71-4ED3-BAFE-E732FB18DA34@gmail.com> <4A9546D3.1060809@3phasecomputing.com> <4A95435C.2090602@3phasecomputing.com> <4A95E2A6.5060808@3phasecomputing.com> Message-ID: <4A95E5CE.3060208@ceetonetechnology.com> Jerry B. Altzman wrote: > on 8/26/2009 6:49 PM Miles Nordin said the following: >>>>>>> "jba" == Jerry B Altzman writes: >> jba> Why are you developing on production servers? >> You're not. > > Well, that's a grand relief! I can let my breath go now! > >> What I think Jerry's really saying is ``why do I have to put up with >> people smarter than me with all their fancy smart-person tools using >> my machines? I should have a separate space where I don't have to > > Ah, well you see, there you're wrong. Please note that I don't deign to > put words in your mouth. Yet, it seems that you have enough words for > both of us! This must be my lucky day! > > I have never claimed that you don't need tools on development servers. > Yes, wireshark is k-ool and 1338 and all that...but YAGNI. Capture with > tcpdump, carry it offline, and analyze it later. > > It works for us physicists, and we found the top quark. > > (Dtrace is something of a special case, for which I'd venture to say > that I'd make accommodations for it. X11? Why? I'm still curious why > you'd want to log onto a production server only to throw up an xcalc > window from there? You can't run xcalc on your local machine?) > >> accomodate them, so I'm maximally free to do the small job for which I >> was hired, a job at which I'm provably quite good.'' I think this is > > Sigh. Well, whatever, I'm sure you're the smartest person in the room > there with yourself. > >> a really valid view and a strong point. yeah these guys do break >> things. so long as you state it honestly, that what you're really >> doing is making your box deliberately rude, ponderous, and unwelcoming >> to keep other authorized people off of it, maybe people your >> management told you ``let them on,'' not defending from outside >> attackers. > > Or, alternatively, you're doing things not to make it friendly for > users, but to make it friendly for processing. You know, computing 'n' > stuff. > The box isn't there to make the developers' lives easy. It's there to > run the frikkin nuclear bomb simulation. While we're at it, by the way, > it ALSO has the added bonus of making it hard for unauthorized users to > do nasty things. Moby win! > >> however...using some of these powerful complicated observational tools >> is, serious win, like night and day, and if you can welcome these >> people in comfortably instead of talking obstructionist circles in >> meetings, you will all win big. I wish I'd brought it up so clearly. > > I know I know...and you CAN do that...but you don't have to do it on > production servers. Or you can bring in your specialized tools - when > you need them - and take them off again. (An aside with performance > measurement: be careful, lest you carefully measure your tools. But > that's a different issue--one that by and large people also ignore.) > >> jba> Once again, how can you have MORE clutter when FEWER things >> jba> are there? >> haha yeah. I leave this as an exercise for the reader. > > You're the smartest guy in the room there, I'm sure you and Euler can > figure it out. > > Thanks, Miles, I'm sure you're a fun guy and all, go put words in > someone else's mouth. Okay guys. . . enough. Jerry, Miles, etc., shhhh. end of this tangent of the thread. no more posts on this crap. g From max at neuropunks.org Thu Aug 27 09:31:54 2009 From: max at neuropunks.org (Max Gribov) Date: Thu, 27 Aug 2009 09:31:54 -0400 Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: References: Message-ID: <4A968ACA.9080604@neuropunks.org> Dru Lavigne wrote: > I'm finishing up an article for BSD mag on BSD tips and tricks. Anyone have a favourite tip or trick they'd like to see in this article? > > some random shell scripts i have laying around, hardly bsd specific, but pretty useful (and probably pretty well known) delete all mail for specific email address in postfix queue: for i in $(postqueue -p|grep email at domain.com|awk '{print $1}'|cut -c 1-10); do postsuper -d $i; done mysql full backup over ssh/mysqldump: mysqldump -u root --add-drop-table --complete-insert --password="pass" --all-databases |ssh rsync at host "cat > /backup/mysql_all.sql" symon/symux are excellent for machine usage graphing (its in ports) create and maintain a dynamic ip to a hostname mapping (you have to generate keys for bind first): #!/bin/sh cd /root/nsupdate ip=`/sbin/ifconfig dc0|grep inet|awk '{print $2}'` nsupdate -k Kkey.domain.com.+157+55946.private < Cheers, > > Dru > > > ------------------------------------------------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > From mark.saad at ymail.com Thu Aug 27 13:37:06 2009 From: mark.saad at ymail.com (Mark Saad) Date: Thu, 27 Aug 2009 10:37:06 -0700 (PDT) Subject: [nycbug-talk] fave BSD tips/tricks? In-Reply-To: <4A95E5CE.3060208@ceetonetechnology.com> Message-ID: <562956.4599.qm@web43405.mail.sp1.yahoo.com> Hello All I wanted to share a quick and dirty backup setup I use on my bsd systems using rdiff-backup. rdiff-backup allows me to keep a mirror and an incremental backup of my source data on a remote machine and has a fairly nice interface to push and retrieve data from. Here is what you need to do. I primarily use NetBSD's pkgsrc but this can be done wiht FreeBSD ports as well. I have also used this on Mac OSX and Redhat Linux. 1. build pkgsrc/sysutils/rdiff-backup 2. setup a ssh key from your source box to a remote box a. ssh-keygen -t rsa b. cat ~/.ssh/id_rsa.pub | ssh remote_host "cat >> .ssh/authorized_keys" 3. Setup a script to make a base backup. In this example I am just backing up my home directory and trimming backups older the 4 weeks. =====Script===== #!/bin/sh LOG="/home/msaad/home-backup.log" TARGET="msaad at backup2.example.net::/home/msaad/Backups/`hostname`" SOURCE="/home/msaad/" DATE=`date +%d%h%Y-%H:%m` echo "------ Backup Started at $DATE ------" >> $LOG #Backup Home /usr/pkg/bin/rdiff-backup --exclude $SOURCE/Storage/img $SOURCE $TARGET >> $LOG #Remove Old backups /usr/pkg/bin/rdiff-backup --force --remove-older-than 4W $TARGET >> $LOG echo "------ Backup Ended at $DATE ------" >> $LOG =====Script===== 4. Once I have a base backup established I run this via cron as needed. More examples of backups and restores can be found at rdiff-backups site under http://rdiff-backup.nongnu.org/examples.html -- Mark Saad mark.saad at ymail.com From nycbug-list at 2xlp.com Sat Aug 29 11:41:37 2009 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Sat, 29 Aug 2009 11:41:37 -0400 Subject: [nycbug-talk] Fwd: [newtech-1] Outsourcing LAMP Sys Admin References: <2058210083.1251493403983.JavaMail.nobody@james0> Message-ID: <1F26F5FF-3C77-41E6-905E-E142767C39CC@2xlp.com> Someone off the NY Tech Meetup list is looking to outsource server admin. I know that some people here work on that 'other' os too, and offered to repost it to the list with a better talent pool ;) Begin forwarded message: > From: GC > Date: August 28, 2009 5:03:24 PM EDT > To: newtech-1 at meetup.com > Subject: [newtech-1] Outsourcing LAMP Sys Admin > Reply-To: newtech-1 at meetup.com > > I am looking to outsource the system administration of a remote > LAMPhp server. My main concerns are the server?s security, batch > emailing efficiency (I?ll write the scripts), and the ability to > take online payments. Any suggestions for a good company? It > would be nice, but not necessary, if the company is in NYC. -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Sun Aug 30 11:59:53 2009 From: george at ceetonetechnology.com (George Rosamond) Date: Sun, 30 Aug 2009 11:59:53 -0400 Subject: [nycbug-talk] wed meeting Message-ID: <4A9AA1F9.60900@ceetonetechnology.com> good meeting this week. . . Wednesday, September 02, 2009 Jeffrey Hsu on How to Get Started with Kernel Programming 6:45 PM, Suspenders Restaurant http://www.suspendersbar.com/location.php This talk is intended to introduce kernel programming for the absolute novice. We will cover: # basic setup # building and booting test kernels # how to write your first system call # a quick overview of the major subsystems including # kernel locking and synchronization primitives # device drivers # VFS layer # memory allocation # networking Bio Jeffrey M. Hsu became a member the FreeBSD project in 1994 as one of its first 10 committers. He has contributed to many sections of the operating system in areas such as the networking stack, Java, and a large number of the early ports in the language category. He has worked professionally on FreeBSD and NetBSD was offered commit bits to both the OpenBSD and DragonFlyBSD projects when they were first being formed and is active in the DragonFlyBSD project today. He holds a degree from U.C. Berkeley in computer science. In the past, he has consulted for leading companies such as the Western Software Laboratory division of Digital Equipment Corporation, Cygnus, Encanto, Netscape, ClickArray, Palm, Wasabi, and Cisco Systems. Jeffrey enjoys giving talks and meeting BSD enthusiasts all over the world. _______________________________________________ announce mailing list announce at lists.nycbug.org http://lists.nycbug.org/mailman/listinfo/announce From nikolai at fetissov.org Mon Aug 31 02:37:11 2009 From: nikolai at fetissov.org (Nikolai Fetissov) Date: Mon, 31 Aug 2009 02:37:11 -0400 Subject: [nycbug-talk] wed meeting In-Reply-To: <4A9AA1F9.60900@ceetonetechnology.com> References: <4A9AA1F9.60900@ceetonetechnology.com> Message-ID: <5029D3A8-84C6-4CEE-97C0-CAA11DE469E5@fetissov.org> Folks, Unfortunatly I can't make it to this meeting. I'd really really appreciate if somebody could take over the audio recording. Cheers, -- Nikolai On Aug 30, 2009, at 11:59 AM, George Rosamond wrote: > good meeting this week. . . > > Wednesday, September 02, 2009 > > Jeffrey Hsu on How to Get Started with Kernel Programming > > 6:45 PM, Suspenders Restaurant > > http://www.suspendersbar.com/location.php > > This talk is intended to introduce kernel programming for the absolute > novice. We will cover: > > # basic setup > # building and booting test kernels > # how to write your first system call > # a quick overview of the major subsystems including > # kernel locking and synchronization primitives > # device drivers > # VFS layer > # memory allocation > # networking > > Bio > > Jeffrey M. Hsu became a member the FreeBSD project in 1994 as one of > its > first 10 committers. He has contributed to many sections of the > operating system in areas such as the networking stack, Java, and a > large number of the early ports in the language category. He has > worked > professionally on FreeBSD and NetBSD was offered commit bits to both > the > OpenBSD and DragonFlyBSD projects when they were first being formed > and > is active in the DragonFlyBSD project today. He holds a degree from > U.C. > Berkeley in computer science. > > In the past, he has consulted for leading companies such as the > Western > Software Laboratory division of Digital Equipment Corporation, Cygnus, > Encanto, Netscape, ClickArray, Palm, Wasabi, and Cisco Systems. > Jeffrey > enjoys giving talks and meeting BSD enthusiasts all over the world. > _______________________________________________ > announce mailing list > announce at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/announce > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk From marco at metm.org Mon Aug 31 09:56:07 2009 From: marco at metm.org (Marco Scoffier) Date: Mon, 31 Aug 2009 09:56:07 -0400 Subject: [nycbug-talk] wed meeting In-Reply-To: <5029D3A8-84C6-4CEE-97C0-CAA11DE469E5@fetissov.org> References: <4A9AA1F9.60900@ceetonetechnology.com> <5029D3A8-84C6-4CEE-97C0-CAA11DE469E5@fetissov.org> Message-ID: <4A9BD677.4010508@metm.org> I am definitely going to try to make this one. I will bring my audio recorder. Marco Nikolai Fetissov wrote: > Folks, > > Unfortunatly I can't make it to this meeting. > I'd really really appreciate if somebody could take over the audio > recording. > > Cheers, > -- > Nikolai > > On Aug 30, 2009, at 11:59 AM, George Rosamond > wrote: > > >> good meeting this week. . . >> >> Wednesday, September 02, 2009 >> >> Jeffrey Hsu on How to Get Started with Kernel Programming >> >> 6:45 PM, Suspenders Restaurant >> >> http://www.suspendersbar.com/location.php >> >> This talk is intended to introduce kernel programming for the absolute >> novice. We will cover: >> >> # basic setup >> # building and booting test kernels >> # how to write your first system call >> # a quick overview of the major subsystems including >> # kernel locking and synchronization primitives >> # device drivers >> # VFS layer >> # memory allocation >> # networking >> >> Bio >> >> Jeffrey M. Hsu became a member the FreeBSD project in 1994 as one of >> its >> first 10 committers. He has contributed to many sections of the >> operating system in areas such as the networking stack, Java, and a >> large number of the early ports in the language category. He has >> worked >> professionally on FreeBSD and NetBSD was offered commit bits to both >> the >> OpenBSD and DragonFlyBSD projects when they were first being formed >> and >> is active in the DragonFlyBSD project today. He holds a degree from >> U.C. >> Berkeley in computer science. >> >> In the past, he has consulted for leading companies such as the >> Western >> Software Laboratory division of Digital Equipment Corporation, Cygnus, >> Encanto, Netscape, ClickArray, Palm, Wasabi, and Cisco Systems. >> Jeffrey >> enjoys giving talks and meeting BSD enthusiasts all over the world. >> _______________________________________________ >> announce mailing list >> announce at lists.nycbug.org >> http://lists.nycbug.org/mailman/listinfo/announce >> >> _______________________________________________ >> talk mailing list >> talk at lists.nycbug.org >> http://lists.nycbug.org/mailman/listinfo/talk >> > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk > From jonathan at kc8onw.net Mon Aug 31 20:32:29 2009 From: jonathan at kc8onw.net (Jonathan) Date: Mon, 31 Aug 2009 20:32:29 -0400 Subject: [nycbug-talk] UPS / battery backups Message-ID: <4A9C6B9D.8040604@kc8onw.net> Does anyone have recommendations for a good UPS for home use? I'm looking for something that can handle at least 800 watts. I've come to the realization that unfortunately I'm not going to get much runtime at that level of power draw but I'm alright with that. Thanks, Jonathan From lists at kithalsted.com Mon Aug 31 22:45:42 2009 From: lists at kithalsted.com (Kit Halsted) Date: Mon, 31 Aug 2009 21:45:42 -0500 Subject: [nycbug-talk] UPS / battery backups In-Reply-To: <4A9C6B9D.8040604@kc8onw.net> References: <4A9C6B9D.8040604@kc8onw.net> Message-ID: <328101B2-DB7A-4B96-91F0-40A10996A726@kithalsted.com> After the 3rd time my old APC took down my entire rack, I replaced it with either a CyberPower or a Tripp LIte. I'm a little foggy now, as a month earlier my other ancient APC had started taking down my home entertainment stuff, so I replaced that with the other brand. Either one is *way* better bang for the buck than APC. I will never use another APC unit after seeing them fail this way. (I.e. wall power still working fine, but UPS stops supplying power.) Kinda defeats the purpose of buying one in the first place, no? Okay, I looked. I bought a 485VA CyberPower on sale at Staples to use with my AV gear and a Tripp Lite Smart 1000 LCD 1KVA unit from New Egg for my rack. The big one was right around $150 shipped. It's not rackable, but the LED does rotate for horizontal or vertical deployment. It did well in the recent double-whammy power outage we had here, keeping me on teh Intarwebs in spite of the darkness. Cheers, HTH, -Kit On Aug 31, 2009, at 7:32 PM, Jonathan wrote: > Does anyone have recommendations for a good UPS for home use? I'm > looking for something that can handle at least 800 watts. I've come > to > the realization that unfortunately I'm not going to get much runtime > at > that level of power draw but I'm alright with that. > > Thanks, > Jonathan > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org/mailman/listinfo/talk >