From matt at atopia.net  Tue Oct  5 09:57:49 2010
From: matt at atopia.net (Matt Juszczak)
Date: Tue, 5 Oct 2010 13:57:49 +0000
Subject: [nycbug-talk] openldap vs. 389
Message-ID: <1579928138-1286287071-cardhu_decombobulator_blackberry.rim.net-1316529166-@bda182.bisx.prod.on.blackberry>

Hi all,

We are currently evaluating which directory server to use for our authentication implementation, pdns backend, and puppet backend. 

We have a proof of concept working with openldap but have recently begun looking into 389. 

For those who have worked with these two, which do you find to be better for your needs?  Which has better replication options?  What about community and active development?  Any major features in one that isn't in the other that are important to you?

Thanks,

Matt



From bonsaime at gmail.com  Tue Oct  5 12:26:49 2010
From: bonsaime at gmail.com (Jesse Callaway)
Date: Tue, 5 Oct 2010 21:56:49 +0530
Subject: [nycbug-talk] Fwd:  openldap vs. 389
In-Reply-To: <AANLkTinL6JJ9KdHVrGawniJc71TO4vG2LBtN_k3Y5VEh@mail.gmail.com>
References: <1579928138-1286287071-cardhu_decombobulator_blackberry.rim.net-1316529166-@bda182.bisx.prod.on.blackberry>
	<AANLkTinL6JJ9KdHVrGawniJc71TO4vG2LBtN_k3Y5VEh@mail.gmail.com>
Message-ID: <AANLkTimX0rX+-3+L90MWzGwEC9j3YBDHX6NPnUJJhrKS@mail.gmail.com>

Whoops. Didn't copy the list...

(to Matt: I wasn't reading properly regarding the backend stuff. I
thought you wanted puppet and dns as a backend for ldap which sounded
a little backwards... and yeah so... yeah)

Ah, okay. I see it's the Fedora ldap thingey. That's always looked
promising and was hopefully easy to manage. I guess you're seeing the
same. OpenLDAP is certainly an active project, and has hella community
support. I've heard that there are some shortcuts and assumptions that
the fedora ldapd makes about your structure which may or may not be
helpful in the end. For a small org without needs for anything fancy,
I'd say jump on the bandwagon and ride it.

On the other hand, replication is very lightweight and is rather
flexible with openldap. You can write a filter to replicate part of
your directory to provide a certain "view" of the org. I think this is
trouble with the fedora server.

phpldapadmin is a pretty good front-end for openldap, which I'm
assuming you are already running. It's not stellar, but it certainly
gets the job done.

So if you need A/D, and the phpldapadmin GUI isn't cutting it for
you... then do it. If not, then I'd steer way clear of it for a while
to afford some flexibility as your implementation changes over the
coming months. After all it's LDAP so you can sync up what you need
and migrate if it's desirable. OpenLDAP can do everything 389 does,
except... you know I don't think that it's particularly performant for
writes. But who needs a directory server which is write performant?


In short, no I don't have any real working knowledge of 389, but I
have heard of some minor pains in that it can't do "certain" tasks (i
forget what) due to schema rigidity. OpenLDAP, on the other hand is
like being given limestone and sand and being told to build the taj
mahal.

-jesse


On Tue, Oct 5, 2010 at 7:27 PM, Matt Juszczak <matt at atopia.net> wrote:
> Hi all,
>
> We are currently evaluating which directory server to use for our authentication implementation, pdns backend, and puppet backend.
>
> We have a proof of concept working with openldap but have recently begun looking into 389.
>
> For those who have worked with these two, which do you find to be better for your needs? ?Which has better replication options? ?What about community and active development? ?Any major features in one that isn't in the other that are important to you?
>
> Thanks,
>
> Matt
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>



--
-jesse



-- 
-jesse


From edlinuxguru at gmail.com  Tue Oct  5 16:34:46 2010
From: edlinuxguru at gmail.com (Edward Capriolo)
Date: Tue, 5 Oct 2010 16:34:46 -0400
Subject: [nycbug-talk] Fwd: openldap vs. 389
In-Reply-To: <AANLkTimX0rX+-3+L90MWzGwEC9j3YBDHX6NPnUJJhrKS@mail.gmail.com>
References: <1579928138-1286287071-cardhu_decombobulator_blackberry.rim.net-1316529166-@bda182.bisx.prod.on.blackberry>
	<AANLkTinL6JJ9KdHVrGawniJc71TO4vG2LBtN_k3Y5VEh@mail.gmail.com>
	<AANLkTimX0rX+-3+L90MWzGwEC9j3YBDHX6NPnUJJhrKS@mail.gmail.com>
Message-ID: <AANLkTi=kg7Hg95ED5tp=GkMnTyD4hj_8b+uk-7i0QmXQ@mail.gmail.com>

 On Tue, Oct 5, 2010 at 12:26 PM, Jesse Callaway <bonsaime at gmail.com> wrote:
> Whoops. Didn't copy the list...
>
> (to Matt: I wasn't reading properly regarding the backend stuff. I
> thought you wanted puppet and dns as a backend for ldap which sounded
> a little backwards... and yeah so... yeah)
>
> Ah, okay. I see it's the Fedora ldap thingey. That's always looked
> promising and was hopefully easy to manage. I guess you're seeing the
> same. OpenLDAP is certainly an active project, and has hella community
> support. I've heard that there are some shortcuts and assumptions that
> the fedora ldapd makes about your structure which may or may not be
> helpful in the end. For a small org without needs for anything fancy,
> I'd say jump on the bandwagon and ride it.
>
> On the other hand, replication is very lightweight and is rather
> flexible with openldap. You can write a filter to replicate part of
> your directory to provide a certain "view" of the org. I think this is
> trouble with the fedora server.
>
> phpldapadmin is a pretty good front-end for openldap, which I'm
> assuming you are already running. It's not stellar, but it certainly
> gets the job done.
>
> So if you need A/D, and the phpldapadmin GUI isn't cutting it for
> you... then do it. If not, then I'd steer way clear of it for a while
> to afford some flexibility as your implementation changes over the
> coming months. After all it's LDAP so you can sync up what you need
> and migrate if it's desirable. OpenLDAP can do everything 389 does,
> except... you know I don't think that it's particularly performant for
> writes. But who needs a directory server which is write performant?
>
>
> In short, no I don't have any real working knowledge of 389, but I
> have heard of some minor pains in that it can't do "certain" tasks (i
> forget what) due to schema rigidity. OpenLDAP, on the other hand is
> like being given limestone and sand and being told to build the taj
> mahal.
>
> -jesse
>
>
> On Tue, Oct 5, 2010 at 7:27 PM, Matt Juszczak <matt at atopia.net> wrote:
>> Hi all,
>>
>> We are currently evaluating which directory server to use for our authentication implementation, pdns backend, and puppet backend.
>>
>> We have a proof of concept working with openldap but have recently begun looking into 389.
>>
>> For those who have worked with these two, which do you find to be better for your needs? ?Which has better replication options? ?What about community and active development? ?Any major features in one that isn't in the other that are important to you?
>>
>> Thanks,
>>
>> Matt
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>>
>
>
>
> --
> -jesse
>
>
>
> --
> -jesse
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

I have used both 389 and open LDAP extensively.

The history 389/fedora directory server/ they derive from iplanet
which was a sun invention. 389 is now an open source fork of a product
that always had a commercial code base, if you combine
redhat/iplanet/(fedora directory server) you have a ton of
documentation and a lot of history.

They both support LDAPv2 and LDAPv3. The major differences I see is
that the the 389 management console is UNPARALLELED in its management
capability. It is not just some snap on after the fact GUI. The
management console does everything! including configure multi master
replication agreements, these can be done from command line as well.
This gives 389 an edge in management.


From george at ceetonetechnology.com  Wed Oct  6 15:15:28 2010
From: george at ceetonetechnology.com (George Rosamond)
Date: Wed, 06 Oct 2010 15:15:28 -0400
Subject: [nycbug-talk] pfsense and bandwidth metering
Message-ID: <4CACCAD0.50906@ceetonetechnology.com>

I'm familiar with the various packages to use for bandwidth metering 
with pfSense.

However, those require the full install, and I'm on CF cards.

Is there an alternate path using the embedded pfSense for performing 
bandwidth metering?

TIA


From ike at blackskyresearch.net  Thu Oct  7 22:21:30 2010
From: ike at blackskyresearch.net (Isaac Levy)
Date: Thu, 7 Oct 2010 22:21:30 -0400
Subject: [nycbug-talk] pfsense and bandwidth metering
In-Reply-To: <4CACCAD0.50906@ceetonetechnology.com>
References: <4CACCAD0.50906@ceetonetechnology.com>
Message-ID: <201010080222.o982M2du015974@rs75.luxsci.com>

Word,

On Oct 6, 2010, at 3:15 PM, George Rosamond wrote:

> I'm familiar with the various packages to use for bandwidth metering with pfSense.
> 
> However, those require the full install, and I'm on CF cards.
> 
> Is there an alternate path using the embedded pfSense for performing bandwidth metering?


Not sure if it's what you were looking for, but I've pumped snmp data out of PFSense boxes, to mrtg/catct, very reliably before.

Thing is- my stats were all interface-based, not IP based- that's about as granular as I remember that setup getting- (without getting into some of the packages you mentioned which run from disk).

So if you're metering on a hard network out of the box, you're all set- just enable snmp on the PFSsense box, and collect it with mrtg.
http://doc.pfsense.org/index.php/SNMP_Daemon

--
Sidenote if this covers your needs:
I believe I actually used this ancient mrtg article by Michael Lucas: (I did that setup about 5 years ago, all the mrtg stuff is the same, the article is from 2000- yikes...):
http://onlamp.com/pub/a/bsd/2000/09/21/Big_Scary_Daemons.html

Rocket-
.ike




From nikolai at fetissov.org  Thu Oct  7 23:04:34 2010
From: nikolai at fetissov.org (Nikolai Fetissov)
Date: Thu, 7 Oct 2010 23:04:34 -0400
Subject: [nycbug-talk] October 2010 meeting audio
Message-ID: <7b418f2f22de1f87865402e92f10bc11.squirrel@www.geekisp.com>

Folks,

Audio recording of Cooper students' presentations is available at
http://www.fetissov.org/public/nycbug/nycbug-10-06-10.mp3

Cheers,
--
 Nikolai



From george at ceetonetechnology.com  Thu Oct  7 23:19:05 2010
From: george at ceetonetechnology.com (George Rosamond)
Date: Thu, 07 Oct 2010 23:19:05 -0400
Subject: [nycbug-talk] pfsense and bandwidth metering
In-Reply-To: <201010080222.o982M2du015974@rs75.luxsci.com>
References: <4CACCAD0.50906@ceetonetechnology.com>
	<201010080222.o982M2du015974@rs75.luxsci.com>
Message-ID: <4CAE8DA9.4000806@ceetonetechnology.com>

On 10/07/10 22:21, Isaac Levy wrote:
> Word,
>
> On Oct 6, 2010, at 3:15 PM, George Rosamond wrote:
>
>> I'm familiar with the various packages to use for bandwidth
>> metering with pfSense.
>>
>> However, those require the full install, and I'm on CF cards.
>>
>> Is there an alternate path using the embedded pfSense for
>> performing bandwidth metering?
>
>
> Not sure if it's what you were looking for, but I've pumped snmp data
> out of PFSense boxes, to mrtg/catct, very reliably before.
>
> Thing is- my stats were all interface-based, not IP based- that's
> about as granular as I remember that setup getting- (without getting
> into some of the packages you mentioned which run from disk).
>
> So if you're metering on a hard network out of the box, you're all
> set- just enable snmp on the PFSsense box, and collect it with mrtg.
> http://doc.pfsense.org/index.php/SNMP_Daemon
>
> -- Sidenote if this covers your needs: I believe I actually used this
> ancient mrtg article by Michael Lucas: (I did that setup about 5
> years ago, all the mrtg stuff is the same, the article is from 2000-
> yikes...):
> http://onlamp.com/pub/a/bsd/2000/09/21/Big_Scary_Daemons.html

Yeah. ..  kind of suspected that would be my only route.

Although I wanted to avoid that route. . .

I might just put adapter for 2.5" drives into the Alix boards and do a
full pfSense install.

Thanks

g


From mspitzer at gmail.com  Thu Oct  7 23:21:20 2010
From: mspitzer at gmail.com (Marc Spitzer)
Date: Thu, 7 Oct 2010 23:21:20 -0400
Subject: [nycbug-talk] pfsense and bandwidth metering
In-Reply-To: <4CACCAD0.50906@ceetonetechnology.com>
References: <4CACCAD0.50906@ceetonetechnology.com>
Message-ID: <AANLkTi=O7_w2xJSQObNbXHL80B8XiQEzELtPiqA4JM3Z@mail.gmail.com>

On Wed, Oct 6, 2010 at 3:15 PM, George Rosamond
<george at ceetonetechnology.com> wrote:
> I'm familiar with the various packages to use for bandwidth metering with
> pfSense.
>
> However, those require the full install, and I'm on CF cards.
>
> Is there an alternate path using the embedded pfSense for performing
> bandwidth metering?

Argus might be a good place to start:
http://www.qosient.com/argus/index.shtml

it can throw its records over a socket so nothing sits on the box.
You should be able to do a billing/usage report easily from the
records it generates.  Netflow is another way to go for raw data.
Managing bandwidth dynamically would require more work to get going.

marc



-- 
Freedom is nothing but a chance to be better.
--Albert Camus

?The problem with socialism is that eventually you run out
of other people's money.
--Margaret Thatcher


From marco at metm.org  Fri Oct  8 15:24:40 2010
From: marco at metm.org (Marco Scoffier)
Date: Fri, 08 Oct 2010 15:24:40 -0400
Subject: [nycbug-talk] slides from git talk
Message-ID: <4CAF6FF8.7010007@metm.org>

Hi,

Are there any slides available from Brian Cullys Git talk back in
April?  We are about to move the company (pretty hacker friendly
place) to git and I wanted the parts about manually fixing the repo,
poking around in the .git/. They have been burned by svn dbs getting
corrupted.

The info is in gitrepository-layout(5) but I remember some nice
examples from the talk.

http://www.kernel.org/pub/software/scm/git/docs/gitrepository-layout.html


Thanks,

Marco


From mark.saad at ymail.com  Tue Oct 12 09:50:56 2010
From: mark.saad at ymail.com (Mark Saad)
Date: Tue, 12 Oct 2010 09:50:56 -0400
Subject: [nycbug-talk] Anyone here at HadoopWorld
Message-ID: <A4FE161B-EA95-4DEF-A056-B1C378C5B390@ymail.com>

Hello Talk,
  Is anyone at hadoop world ? Also I do not agree with the cloudera ceo, who said in his opening talk 
we don't need engineers, we should not know how the nuts and bolts works. 


-=-=-=-=-=-=-=-=-=-
Mark Saad
mark.saad at ymail.com





From bcully at gmail.com  Tue Oct 12 10:49:19 2010
From: bcully at gmail.com (Brian Cully)
Date: Tue, 12 Oct 2010 10:49:19 -0400
Subject: [nycbug-talk] slides from git talk
In-Reply-To: <4CAF6FF8.7010007@metm.org>
References: <4CAF6FF8.7010007@metm.org>
Message-ID: <CBAE27B7-C257-4899-B506-6E571F8B956B@gmail.com>

On 8-Oct-2010, at 15:24, Marco Scoffier wrote:
> Are there any slides available from Brian Cullys Git talk back in
> April?  We are about to move the company (pretty hacker friendly
> place) to git and I wanted the parts about manually fixing the repo,
> poking around in the .git/. They have been burned by svn dbs getting
> corrupted.
> 
> The info is in gitrepository-layout(5) but I remember some nice
> examples from the talk.
> 
> http://www.kernel.org/pub/software/scm/git/docs/gitrepository-layout.html

	The slides and perl code are at http://github.com/bjc/dvcs-git-slides

-bjc


From george at ceetonetechnology.com  Tue Oct 12 10:52:54 2010
From: george at ceetonetechnology.com (George Rosamond)
Date: Tue, 12 Oct 2010 10:52:54 -0400
Subject: [nycbug-talk] slides from git talk
In-Reply-To: <CBAE27B7-C257-4899-B506-6E571F8B956B@gmail.com>
References: <4CAF6FF8.7010007@metm.org>
	<CBAE27B7-C257-4899-B506-6E571F8B956B@gmail.com>
Message-ID: <4CB47646.8040704@ceetonetechnology.com>

On 10/12/10 10:49, Brian Cully wrote:
> On 8-Oct-2010, at 15:24, Marco Scoffier wrote:
>> Are there any slides available from Brian Cullys Git talk back in
>> April?  We are about to move the company (pretty hacker friendly
>> place) to git and I wanted the parts about manually fixing the repo,
>> poking around in the .git/. They have been burned by svn dbs getting
>> corrupted.
>>
>> The info is in gitrepository-layout(5) but I remember some nice
>> examples from the talk.
>>
>> http://www.kernel.org/pub/software/scm/git/docs/gitrepository-layout.html
>
> 	The slides and perl code are at http://github.com/bjc/dvcs-git-slides
>

And linked on meeting posting here:

http://www.nycbug.org/index.php?NAV=Home;SUBM=10198

g


From mark.saad at ymail.com  Tue Oct 12 11:01:05 2010
From: mark.saad at ymail.com (Mark Saad)
Date: Tue, 12 Oct 2010 15:01:05 +0000
Subject: [nycbug-talk] Anyone at Hadoop world ?
Message-ID: <1485601746-1286895666-cardhu_decombobulator_blackberry.rim.net-490008054-@bda268.bisx.prod.on.blackberry>

Anyone at hadoopworld ? 
Mark Saad | mark.saad at ymail.com

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

.

From george at ceetonetechnology.com  Tue Oct 26 10:20:20 2010
From: george at ceetonetechnology.com (George Rosamond)
Date: Tue, 26 Oct 2010 10:20:20 -0400
Subject: [nycbug-talk] NYCBSDCon status
Message-ID: <4CC6E3A4.8090104@ceetonetechnology.com>

Greetings all.

We are coming down to the final weeks before the conference.

Registration has been moving along, and we're excited with the schedule.

A number of BoFs are planned, which will be announced during the week 
before the conference.  Email bof at nycbsdcon.org if you're interested 
in organizing one.

If you haven't registered yet, you should do so ASAP.  Early 
registration closes on November 1st, and the rate will jump up.

However, if you're feeling generous, wait until the conference fee jumps 
up, then register :)

We do need broader publicity for the conference, as always.  Please make 
sure you ping your friends and collaborators, hit the internal work 
mailing lists, tweet, blog, etc.

George


From gnn at neville-neil.com  Tue Oct 26 10:27:47 2010
From: gnn at neville-neil.com (George Neville-Neil)
Date: Tue, 26 Oct 2010 10:27:47 -0400
Subject: [nycbug-talk] NYCBSDCon status
In-Reply-To: <4CC6E3A4.8090104@ceetonetechnology.com>
References: <4CC6E3A4.8090104@ceetonetechnology.com>
Message-ID: <875EB6FE-DA16-4EA1-841C-7D529188118A@neville-neil.com>


On Oct 26, 2010, at 10:20 , George Rosamond wrote:

> Greetings all.
> 
> We are coming down to the final weeks before the conference.
> 
> Registration has been moving along, and we're excited with the schedule.
> 
> A number of BoFs are planned, which will be announced during the week before the conference.  Email bof at nycbsdcon.org if you're interested in organizing one.
> 

FYI one of the BoFs is  "BSD Status Reports" and I'd like to get one person from each of Net, Open, and DragonFly to
do a report.  I'll be doing FreeBSD status.

The status BoF will be at 11am on Sunday the 14th.  Email me off list to sign up for that, or any other BoF.

Best,
George




From drulavigne at sympatico.ca  Tue Oct 26 10:34:14 2010
From: drulavigne at sympatico.ca (Dru Lavigne)
Date: Tue, 26 Oct 2010 14:34:14 +0000
Subject: [nycbug-talk] NYCBSDCon status
In-Reply-To: <875EB6FE-DA16-4EA1-841C-7D529188118A@neville-neil.com>
References: <4CC6E3A4.8090104@ceetonetechnology.com>,
	<875EB6FE-DA16-4EA1-841C-7D529188118A@neville-neil.com>
Message-ID: <BAY143-W8463F18B987DB56526F11AC420@phx.gbl>



> FYI one of the BoFs is  "BSD Status Reports" and I'd like to get one person from each of Net, Open, and DragonFly to
> do a report.  I'll be doing FreeBSD status.


Can we include PC-BSD in that BOF? If so, Kris Moore can do that status report. Should there be slides for the status reports and how long should they be?

Cheers,

Dru
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20101026/29e9d5eb/attachment.htm>

From gnn at neville-neil.com  Tue Oct 26 11:24:03 2010
From: gnn at neville-neil.com (George Neville-Neil)
Date: Tue, 26 Oct 2010 11:24:03 -0400
Subject: [nycbug-talk] NYCBSDCon status
In-Reply-To: <BAY143-W8463F18B987DB56526F11AC420@phx.gbl>
References: <4CC6E3A4.8090104@ceetonetechnology.com>,
	<875EB6FE-DA16-4EA1-841C-7D529188118A@neville-neil.com>
	<BAY143-W8463F18B987DB56526F11AC420@phx.gbl>
Message-ID: <3D63D140-DFE8-4D57-A21D-6A807C959954@neville-neil.com>


On Oct 26, 2010, at 10:34 , Dru Lavigne wrote:

> 
> > FYI one of the BoFs is "BSD Status Reports" and I'd like to get one person from each of Net, Open, and DragonFly to
> > do a report. I'll be doing FreeBSD status.
> 
> 
> Can we include PC-BSD in that BOF? If so, Kris Moore can do that status report. Should there be slides for the status reports and how long should they be?
> 

Each report will be 10 minutes, and yes, Kris should do PC-BSD.  Slides are welcome but I'd like them emailed to me
before the BoF so we can get them all on one machine.

Best,
George




From siraaj at khandkar.net  Sun Oct 31 23:58:30 2010
From: siraaj at khandkar.net (Siraaj Khandkar)
Date: Sun, 31 Oct 2010 23:58:30 -0400
Subject: [nycbug-talk] Running a mail server on Amazon EC2
Message-ID: <44014B9E-506A-4B0F-95D2-DB28E4CDB6AC@khandkar.net>

Hello Gentlemen,

Have any of you ever run a mail server on Amazon's EC2? If so, did you experience any problems due to blacklisting of EC2 addresses?

I'm thinking about moving a couple of mail servers from another VPS host to EC2. Wikipedia, as well some other posts I've read, state that spam and malware distribution from EC2 address has been common enough that their entire IP pools are being blacklisted.

http://en.wikipedia.org/wiki/Amazon_EC2#Abuse

Any thoughts?

Thanks!	

-- Siraaj Khandkar