From matthewstory at gmail.com  Wed Jun  5 17:21:15 2013
From: matthewstory at gmail.com (Matthew Story)
Date: Wed, 5 Jun 2013 17:21:15 -0400
Subject: [nycbug-talk] Demos for Tonight's Talk
Message-ID: <CAB+9ogf9=Jv8PKEdcBYwEwS2AHgoTPc48LXh=Zo8sDJmMVM2vg@mail.gmail.com>

For anyone who wants to play around with xapian during the talk, and follow
along on their own machine using xapian, the Demos are available via github:

https://github.com/matthewstory/portsdemo

You'll need to install:

databases/xapian-core
databases/xapian-bindings

And ensure you're installing at least the python bindings (requires python
2.7+).

-- 
regards,
matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130605/cadf61a1/attachment.htm>

From matthewstory at gmail.com  Thu Jun  6 11:19:02 2013
From: matthewstory at gmail.com (Matthew Story)
Date: Thu, 6 Jun 2013 11:19:02 -0400
Subject: [nycbug-talk] Slides, History and Thanks
Message-ID: <CAB+9ogcMjjm=kQTWQtquc=wTM1bQQvsWx-gOCOjhebhs5pg_sw@mail.gmail.com>

I've attached the slides from last night in PDF format, they are also
available on Google Drive here:

https://docs.google.com/presentation/d/1jkWLOSZGvRK8UsJ8MLARl-O19JbrSAHv1bg7T0f91ik/edit?usp=sharing

The demos are available here:

github.com/matthewstory/portsdemo

There were some questions around the history of Xapain, a complete(ish)
history is available:

http://xapian.org/history

The project has it's roots in the Muscat project, dating back to 1984.

There seemed to be some interest in making a real port of this tool.  I may
try to spend some time cleaning it up and wrapping it in a port if there is
interest.  Ultimately a C++ implementation would probably be best.

-- 
regards,
matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130606/3cc1bce0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Indexing the Ports Tree with Xapian -- NYC-BUG.pdf
Type: application/pdf
Size: 515565 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130606/3cc1bce0/attachment.pdf>

From mcevoy.pat at gmail.com  Thu Jun  6 16:49:53 2013
From: mcevoy.pat at gmail.com (Patrick McEvoy)
Date: Thu, 06 Jun 2013 16:49:53 -0400
Subject: [nycbug-talk] Last night
Message-ID: <51B0F5F1.4050104@gmail.com>

I got there late last night, was anyone able to record audio for last
nights talk?
P


From matthewstory at gmail.com  Sat Jun  8 14:34:50 2013
From: matthewstory at gmail.com (Matthew Story)
Date: Sat, 8 Jun 2013 14:34:50 -0400
Subject: [nycbug-talk] Slides, History and Thanks
In-Reply-To: <CAB+9ogcMjjm=kQTWQtquc=wTM1bQQvsWx-gOCOjhebhs5pg_sw@mail.gmail.com>
References: <CAB+9ogcMjjm=kQTWQtquc=wTM1bQQvsWx-gOCOjhebhs5pg_sw@mail.gmail.com>
Message-ID: <CAB+9ogdzaUoLdBuyut_imgpiUHtNQTm2mjFjDGV2tHN9jakL-Q@mail.gmail.com>

One more update here.  I talked briefly about how the Xapian project is GPL
due only to it's original GPL status going back to the OpenMuscat project,
and mentioned that the current maintainers generally commit under an MIT
license:

http://trac.xapian.org/browser/trunk/xapian-maintainer-tools/audit.py

There is a big push internally in the Xapian project right now (as there is
in the BSDs) to rid their code base of the GPL portions, moving over to MIT
for everything.  Just wanted to share, as the aims here are similar to the
aims of the BSD projects currently.  If they get rid of the GPL code, I
would see no reason not to ship xapian in base for searching pkg-ng and
ports.


On Thu, Jun 6, 2013 at 11:19 AM, Matthew Story <matthewstory at gmail.com>wrote:

> I've attached the slides from last night in PDF format, they are also
> available on Google Drive here:
>
>
> https://docs.google.com/presentation/d/1jkWLOSZGvRK8UsJ8MLARl-O19JbrSAHv1bg7T0f91ik/edit?usp=sharing
>
> The demos are available here:
>
> github.com/matthewstory/portsdemo
>
> There were some questions around the history of Xapain, a complete(ish)
> history is available:
>
> http://xapian.org/history
>
> The project has it's roots in the Muscat project, dating back to 1984.
>
> There seemed to be some interest in making a real port of this tool.  I
> may try to spend some time cleaning it up and wrapping it in a port if
> there is interest.  Ultimately a C++ implementation would probably be best.
>
> --
> regards,
> matt
>



-- 
regards,
matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130608/54699df8/attachment.htm>

From jonathan at kc8onw.net  Mon Jun 10 12:10:55 2013
From: jonathan at kc8onw.net (Jonathan Stewart)
Date: Mon, 10 Jun 2013 12:10:55 -0400
Subject: [nycbug-talk] Crypto Anarchy
In-Reply-To: <858524DD-A048-45AB-8E22-E4C221DB2C09@bway.net>
References: <1367359268.2031.YahooMailMobile@web140102.mail.bf1.yahoo.com>
 <858524DD-A048-45AB-8E22-E4C221DB2C09@bway.net>
Message-ID: <16c0198a214c4f68ec9724c798e53d9c@kc8onw.net>

On 30.04.2013 18:33, Charles Sprickman wrote:
> On Apr 30, 2013, at 6:01 PM, Mark Saad wrote:
>
>> All
>> I was rereading Tim May's Crypto Anarchy manifesto 1. While still 
>> relevant today there are a few things that date his work and I wonder 
>> if anyone could comment on them. He mentions Ku-Band transmitters , I 
>> assume he is talking about satalite microwave based communication but 
>> what system , is there or was there some form of this available to 
>> common users or just governments ?
>
> In many parts of the world, satellite internet is common.  I can't
> speak to it directly, but I believe that in Iraq it's still quite
> common and I would guess that in somewhere like Iran, it's probably
> your only option for unfiltered internet.  It's expensive and I
> believe Ku is not the preferred band anymore.  Anyhow, a fascinating
> topic.
>
> Here's some dated pricing from the Amazon dude with a boat:
>
> http://blog.mvdirona.com/2009/06/21/RemoteDataCommunicationCosts.aspx
>
> And this site looks like it's from 1998, but seems to have somewhat
> current information:
>
> http://www.satsig.net/
>
> Lots of options in the Middle East:
>
> http://www.satsig.net/ivsat2.htm
>
> No pricing though?

I used/provided satellite internet service when I was deployed to Iraq
about 5 years ago. It was primarily used for access to college courses
and social media like Facebook that was blocked on the military 
networks.
It was 7k USD/quarter for IIRC 2mbit down and 512kbit up shared 20:1 on
the satellite. This was an "unlimited" link and the only limit on the
actual data transfer used was congestion on the link which made it 
quite
a bit more expensive than a 20 or 50GB/month limited link.

Jonathan

There are some messages buried in the list archives from me at the time
but I don't feel like digging them up right now.



From pete at nomadlogic.org  Mon Jun 10 13:28:23 2013
From: pete at nomadlogic.org (Pete Wright)
Date: Mon, 10 Jun 2013 10:28:23 -0700
Subject: [nycbug-talk] pfsense and tor
Message-ID: <51B60CB7.1030708@nomadlogic.org>

has anyone had the chance to run tor on a pfsense system?  i'm not 
seeing it in the pfsense packages directory located here:

http://www.pfsense.com/packages/config/

while i have spare bandwidth @home for tor, not sure my router has the 
horsepower.  figured i'd test it out there first anyway then if that 
fails get tor up and running on another always-on appliance (like my 
mac-mini which drives my tv).

-p

-- 
Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA



From bcallah at devio.us  Mon Jun 10 19:59:19 2013
From: bcallah at devio.us (Brian Callahan)
Date: Mon, 10 Jun 2013 19:59:19 -0400
Subject: [nycbug-talk] pfsense and tor
In-Reply-To: <51B60CB7.1030708@nomadlogic.org>
References: <51B60CB7.1030708@nomadlogic.org>
Message-ID: <51B66857.1000901@devio.us>

On 6/10/2013 1:28 PM, Pete Wright wrote:
> has anyone had the chance to run tor on a pfsense system?  i'm not
> seeing it in the pfsense packages directory located here:
>
> http://www.pfsense.com/packages/config/
>
> while i have spare bandwidth @home for tor, not sure my router has the
> horsepower.  figured i'd test it out there first anyway then if that
> fails get tor up and running on another always-on appliance (like my
> mac-mini which drives my tv).
>
> -p
>

Can pfsense install vanilla FreeBSD packages? There should be a FreeBSD 
package available. (or install from ports, though I realize that's 
probably not what people want to do with their pfsense machines)

The latest stable is 0.2.3.25 and the latest unstable is 0.2.4.12-alpha. 
However, from experience running the OpenBSD tor relay, go for the 
unstable. It's quite an improvement over the stable branch.

~Brian


From george at ceetonetechnology.com  Mon Jun 10 21:48:27 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Mon, 10 Jun 2013 21:48:27 -0400
Subject: [nycbug-talk] pfsense and tor
In-Reply-To: <51B66857.1000901@devio.us>
References: <51B60CB7.1030708@nomadlogic.org> <51B66857.1000901@devio.us>
Message-ID: <51B681EB.3050800@ceetonetechnology.com>

Brian Callahan:
> On 6/10/2013 1:28 PM, Pete Wright wrote:
>> has anyone had the chance to run tor on a pfsense system?  i'm not
>> seeing it in the pfsense packages directory located here:
>>
>> http://www.pfsense.com/packages/config/
>>
>> while i have spare bandwidth @home for tor, not sure my router has the
>> horsepower.  figured i'd test it out there first anyway then if that
>> fails get tor up and running on another always-on appliance (like my
>> mac-mini which drives my tv).
>>
>> -p
>>
> 
> Can pfsense install vanilla FreeBSD packages? There should be a FreeBSD
> package available. (or install from ports, though I realize that's
> probably not what people want to do with their pfsense machines)

It can be installed that way.

But creating a pfSense Tor package has been on my list for a while now.
 They moved to PBIs from the old system, and haven't looked at it yet.

So if >100,000 pfSense installs as of November 2011, and 1% go Tor, you
have a huge impact on the Tor network.  Just like some ppl use pfSense
for a dhcpd appliance, the same could happen with Tor, I'd hope.  And
the Tor relays are a heavy Linux monoculture at this point, which would
be nice to diversify.

I will get to it... really.

> 
> The latest stable is 0.2.3.25 and the latest unstable is 0.2.4.12-alpha.
> However, from experience running the OpenBSD tor relay, go for the
> unstable. It's quite an improvement over the stable branch.

There are also some sysctls to set that should be noted... we have a
Tor-BSD list on our mailman if everyone doesnt know already...

We run two non-exit relays in the cabinet: NYCBUG0 (fbsd) and NYCBUG1
(obsd), the latter of which Brian is tweaking.

g

PS Gee, I wonder why ppl would be discussing this... ;)



From ike at blackskyresearch.net  Sun Jun 16 19:55:15 2013
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Sun, 16 Jun 2013 19:55:15 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies decrypt
	PGP, SSH
Message-ID: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>

Hi All,

To throw a little chicken little into what is otherwise a beautiful weekend,

A google translation says:
"The federal government declared that its secret services were basically able to decrypt PGP and Secure Shell, at least partially."

http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html

--
Apparently, GnuPG list and others merely have links to this article, I haven't found anything more except links to this vague original article.

Thoughts?  Is tomorrow morning's commute to work going to look like that new Brad Pitt movie, *or*, are we looking at a dopey expose of well-known widespread worst-practices in cryptographic misunderstandings?

Best,
.ike





From gjb at FreeBSD.org  Sun Jun 16 20:03:00 2013
From: gjb at FreeBSD.org (Glen Barber)
Date: Sun, 16 Jun 2013 20:03:00 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
 decrypt PGP, SSH
In-Reply-To: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
Message-ID: <20130617000300.GA1692@glenbarber.us>

On Sun, Jun 16, 2013 at 07:55:15PM -0400, Isaac (.ike) Levy wrote:
> Hi All,
> 
> To throw a little chicken little into what is otherwise a beautiful weekend,
> 
> A google translation says:
> "The federal government declared that its secret services were
> basically able to decrypt PGP and Secure Shell, at least partially."
> 
> http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html
> 
> --
> Apparently, GnuPG list and others merely have links to this
> article, I haven't found anything more except links to this vague
> original article.
> 
> Thoughts?  Is tomorrow morning's commute to work going to look
> like that new Brad Pitt movie, *or*, are we looking at a dopey
> expose of well-known widespread worst-practices in cryptographic
> misunderstandings?
> 

http://www.xkcd.com/1181/

Glen
Sorry.  Couldn't resist.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130616/6e045f03/attachment.bin>

From ekeller at bitlancer.com  Sun Jun 16 20:06:51 2013
From: ekeller at bitlancer.com (Eric Keller)
Date: Sun, 16 Jun 2013 20:06:51 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
 decrypt PGP, SSH
In-Reply-To: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
Message-ID: <51BE531B.7070301@bitlancer.com>

Don't count out disinformation tactics either.  Why would an intel 
agency tell people their capabilities?  They are probably monitoring 
behavioral changes caused by the "announcement."

On 6/16/2013 7:55 PM, Isaac (.ike) Levy wrote:
> Hi All,
>
> To throw a little chicken little into what is otherwise a beautiful weekend,
>
> A google translation says:
> "The federal government declared that its secret services were basically able to decrypt PGP and Secure Shell, at least partially."
>
> http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html
>
> --
> Apparently, GnuPG list and others merely have links to this article, I haven't found anything more except links to this vague original article.
>
> Thoughts?  Is tomorrow morning's commute to work going to look like that new Brad Pitt movie, *or*, are we looking at a dopey expose of well-known widespread worst-practices in cryptographic misunderstandings?
>
> Best,
> .ike
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From ike at blackskyresearch.net  Sun Jun 16 20:05:20 2013
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Sun, 16 Jun 2013 20:05:20 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
	decrypt PGP, SSH
In-Reply-To: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
Message-ID: <1371427562-6460356.70749451.fr5H05LLU023692@rs149.luxsci.com>


On Jun 16, 2013, at 7:55 PM, "Isaac (.ike) Levy" <ike at blackskyresearch.net> wrote:
> Hi All,
> 
> To throw a little chicken little into what is otherwise a beautiful weekend,
> 
> A google translation says:
> "The federal government declared that its secret services were basically able to decrypt PGP and Secure Shell, at least partially."
> 
> http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html
> 
> --
> Apparently, GnuPG list and others merely have links to this article, I haven't found anything more except links to this vague original article.
> 
> Thoughts?  Is tomorrow morning's commute to work going to look like that new Brad Pitt movie, *or*, are we looking at a dopey expose of well-known widespread worst-practices in cryptographic misunderstandings?
> 
> Best,
> .ike


Actually, I (and others) apparently missed the fact that this article is a year old, (24.5.2012), and some American bloggers picked it up today and the misinformation spread...

It appears internet armageddon is not quite upon us tonight.

However, what in the world *was* this about when it happened?
(E.G. was this early ecdsa hyjinks, or some other known brute-forcing threshold for small key sizes?  The article and German gov. paper is so vague and confusing, I can't help but want to understand it?)

Rocket-
.ike





From george at ceetonetechnology.com  Sun Jun 16 20:09:50 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Sun, 16 Jun 2013 20:09:50 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
 decrypt PGP, SSH
In-Reply-To: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
Message-ID: <51BE53CE.6090605@ceetonetechnology.com>

Isaac (.ike) Levy:
> Hi All,
> 
> To throw a little chicken little into what is otherwise a beautiful
> weekend,
> 
> A google translation says: "The federal government declared that its
> secret services were basically able to decrypt PGP and Secure Shell,
> at least partially."
> 
> http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html
>
>  -- Apparently, GnuPG list and others merely have links to this
> article, I haven't found anything more except links to this vague
> original article.
> 
> Thoughts?  Is tomorrow morning's commute to work going to look like
> that new Brad Pitt movie, *or*, are we looking at a dopey expose of
> well-known widespread worst-practices in cryptographic
> misunderstandings?

I don't know if there's more to this, but this may be the important part:

<quote>
The response of the federal government is: "Yes, the technology used is
generally in a position, depending on the type and quality of the
encryption."
</quote>

What?  Key length?  Encryption type?  Password strength?

My feeling has always been that an adversary with sufficient resources
and high enough stakes can break anything.

If you're Jane Q Nobody crossing a border, and they image your drive and
there's cipher text that's hard to crack, I doubt they devote the
resources.  But if you're a priority target, I'm sure they would and
ultimately could.

Passwd strength is usually the weak link though, not the encryption itself.

g



From nop at insidiae.net  Sun Jun 16 20:26:44 2013
From: nop at insidiae.net (nop)
Date: Sun, 16 Jun 2013 20:26:44 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
 decrypt PGP, SSH
In-Reply-To: <51BE53CE.6090605@ceetonetechnology.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
 <51BE53CE.6090605@ceetonetechnology.com>
Message-ID: <CADvPcEV_a80amo0kcdEm-LM+2X-F1_ewQKngvPNOefFNdWdg_Q@mail.gmail.com>

Have you rotated your keys and update the bits this year?


On Sun, Jun 16, 2013 at 8:09 PM, George Rosamond <
george at ceetonetechnology.com> wrote:

> Isaac (.ike) Levy:
> > Hi All,
> >
> > To throw a little chicken little into what is otherwise a beautiful
> > weekend,
> >
> > A google translation says: "The federal government declared that its
> > secret services were basically able to decrypt PGP and Secure Shell,
> > at least partially."
> >
> >
> http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html
> >
> >  -- Apparently, GnuPG list and others merely have links to this
> > article, I haven't found anything more except links to this vague
> > original article.
> >
> > Thoughts?  Is tomorrow morning's commute to work going to look like
> > that new Brad Pitt movie, *or*, are we looking at a dopey expose of
> > well-known widespread worst-practices in cryptographic
> > misunderstandings?
>
> I don't know if there's more to this, but this may be the important part:
>
> <quote>
> The response of the federal government is: "Yes, the technology used is
> generally in a position, depending on the type and quality of the
> encryption."
> </quote>
>
> What?  Key length?  Encryption type?  Password strength?
>
> My feeling has always been that an adversary with sufficient resources
> and high enough stakes can break anything.
>
> If you're Jane Q Nobody crossing a border, and they image your drive and
> there's cipher text that's hard to crack, I doubt they devote the
> resources.  But if you're a priority target, I'm sure they would and
> ultimately could.
>
> Passwd strength is usually the weak link though, not the encryption itself.
>
> g
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130616/eb209020/attachment.htm>

From george at ceetonetechnology.com  Sun Jun 16 21:04:24 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Sun, 16 Jun 2013 21:04:24 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
 decrypt PGP, SSH
In-Reply-To: <CADvPcEV_a80amo0kcdEm-LM+2X-F1_ewQKngvPNOefFNdWdg_Q@mail.gmail.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
 <51BE53CE.6090605@ceetonetechnology.com>
 <CADvPcEV_a80amo0kcdEm-LM+2X-F1_ewQKngvPNOefFNdWdg_Q@mail.gmail.com>
Message-ID: <51BE6098.9040501@ceetonetechnology.com>

nop:
> Have you rotated your keys and update the bits this year?
> 

After you learn not to top-post and derail the thread!

;`

(not used to talking to nope on talk at .. thought _nop only resided on IRC)

Valid question...

What are current protocols at peoples' work sites now?

I know the Google forces SSH key pair changes frequently (monthly or
even weekly?), which makes sense.  It's not like forcing regular passwd
changes and users recycling passwds or writing them down as a forced bad
practice.

I assume people at least use different keys for work and personal.. and
use passwds with SSH and GPG/PGP?

And that 2048-bit keys aren't a hassle to your CPU compared to 1024...

g



From nop at insidiae.net  Sun Jun 16 21:10:30 2013
From: nop at insidiae.net (nop)
Date: Sun, 16 Jun 2013 21:10:30 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
 decrypt PGP, SSH
In-Reply-To: <51BE6098.9040501@ceetonetechnology.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
 <51BE53CE.6090605@ceetonetechnology.com>
 <CADvPcEV_a80amo0kcdEm-LM+2X-F1_ewQKngvPNOefFNdWdg_Q@mail.gmail.com>
 <51BE6098.9040501@ceetonetechnology.com>
Message-ID: <CADvPcEW1HSgsySR6EH2MJvZ9Db+X5b=Z=VRNZscN902aYwWG0Q@mail.gmail.com>

On Sun, Jun 16, 2013 at 9:04 PM, George Rosamond <
george at ceetonetechnology.com> wrote:

> nop:
> > Have you rotated your keys and update the bits this year?
> >
>
> After you learn not to top-post and derail the thread!
>
> ;`
>
> (not used to talking to nope on talk at .. thought _nop only resided on IRC)
>
> Valid question...
>
> What are current protocols at peoples' work sites now?
>

Whenever.


>
> I know the Google forces SSH key pair changes frequently (monthly or
> even weekly?), which makes sense.  It's not like forcing regular passwd
> changes and users recycling passwds or writing them down as a forced bad
> practice.
>
> I assume people at least use different keys for work and personal.. and
> use passwds with SSH and GPG/PGP?
>

Natch.


>
> And that 2048-bit keys aren't a hassle to your CPU compared to 1024...
>

You can "share" a connection in openssh now, so there is no reason to get
crazy on those bits.

http://protempore.net/~calvins/howto/ssh-connection-sharing/


>
> g
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130616/22a66072/attachment.htm>

From ike at blackskyresearch.net  Sun Jun 16 22:01:24 2013
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Sun, 16 Jun 2013 22:01:24 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
	decrypt PGP, SSH
In-Reply-To: <CADvPcEW1HSgsySR6EH2MJvZ9Db+X5b=Z=VRNZscN902aYwWG0Q@mail.gmail.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
 <51BE53CE.6090605@ceetonetechnology.com>
 <CADvPcEV_a80amo0kcdEm-LM+2X-F1_ewQKngvPNOefFNdWdg_Q@mail.gmail.com>
 <51BE6098.9040501@ceetonetechnology.com>
 <CADvPcEW1HSgsySR6EH2MJvZ9Db+X5b=Z=VRNZscN902aYwWG0Q@mail.gmail.com>
Message-ID: <1371434522-4075694.41738268.fr5H21PPa006387@rs149.luxsci.com>

On Jun 16, 2013, at 9:10 PM, nop <nop at insidiae.net> wrote:

> What are current protocols at peoples' work sites now?
> 
> Whenever.

Often.  Of course everyone around me changes keys every morning, and right after lunch, M-F.  (So, weekends are still obviously a vulnerable time.)

I am of course kidding, but *nobody* likes talking about these policies, because most environments are willfully lax here.  Why?  I don't know.

--
Major gains can be had, by at least hitting the basics:

In web shops, I've repeatedly gotten the greenest daisy-fresh rookie web devs to adhere to (and not be upset about), the most basic policies, by making it simple, and providing a quick start doc to them which walks them through these 3 steps:

TASK FOR USERS (make keys):
--
1) be explicit about making keys
# cd ~/.ssh/ 
# ssh-keygen -C 'Optional Comment Goes Here' -b 4096 -t rsa -f id_rsa
(this can conform to whatever your policies are, crypto, key size, etc...)

2) explain in a sentence that private key must stay on your laptop, (make another doc or a footnote to show how to use ssh-agent, if your environment warrants it)

3) explain to send public key to the admins, (usb key or email or other, whatever your environment warrants).
--

If you don't treat your devs like idiots, they typically comply, and even *gasp* can be compelled to read some man pages.

For other policy basics, in small web shops, I can't tell you how valuable spot-checking key passwords are, e.g. ask a user to do the following:
# ssh-add -D
# ssh -i /path/to/some_key user at somehost

If no password prompt, revoke the user key, and make the user generate a new one.

--
For policy changes, I've found nothing but forcing "key changing parties" gets this to happen among users.  For admins, the key changing parties are a non-thing kind of event, like shaving or clipping toe-nails.

For non-admin/security types, a case of beer typically helps smooth the event along.

--
One last thing about ssh agent use, it can be a real problem in those unavoidable 'tons of eggs in the basket' systems in your infrastructure? Worth a discussion with your fellow admins, IMHO.


> I know the Google forces SSH key pair changes frequently (monthly or
> even weekly?), which makes sense.  It's not like forcing regular passwd
> changes and users recycling passwds or writing them down as a forced bad
> practice.
> 
> I assume people at least use different keys for work and personal.. and
> use passwds with SSH and GPG/PGP?
> 
> Natch.

Natches, on your belt, for every key changed.

(nop did teach me how to use ssh properly, once upon a time :)

>  
> 
> And that 2048-bit keys aren't a hassle to your CPU compared to 1024?

My .02?

Shucks, 4096 bit RSA keys haven't been "too big" since 4u boxes were as punchy as my iPhone, (and the ssh logins could have a very noticeable effect on the performance of the MTA or web server on the box?).

Biggest keys everywhere, pretty much all the time, IMHO.

> 
> You can "share" a connection in openssh now, so there is no reason to get crazy on those bits.
> 
> http://protempore.net/~calvins/howto/ssh-connection-sharing/

Woah now.  Multiplexing is not only useful, it's also fun?  Not sure if fun is allowed.

Rocket-
.ike





From ike at blackskyresearch.net  Sun Jun 16 22:09:57 2013
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Sun, 16 Jun 2013 22:09:57 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
	decrypt PGP, SSH
In-Reply-To: <1371434522-4075694.41738268.fr5H21PPa006387@rs149.luxsci.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
 <51BE53CE.6090605@ceetonetechnology.com>
 <CADvPcEV_a80amo0kcdEm-LM+2X-F1_ewQKngvPNOefFNdWdg_Q@mail.gmail.com>
 <51BE6098.9040501@ceetonetechnology.com>
 <CADvPcEW1HSgsySR6EH2MJvZ9Db+X5b=Z=VRNZscN902aYwWG0Q@mail.gmail.com>
 <1371434522-4075694.41738268.fr5H21PPa006387@rs149.luxsci.com>
Message-ID: <1371435002-2799235.94128869.fr5H29wqT012177@rs149.luxsci.com>

On Jun 16, 2013, at 10:01 PM, "Isaac (.ike) Levy" <ike at blackskyresearch.net> wrote:

> In web shops, I've repeatedly gotten the greenest daisy-fresh rookie web devs to adhere to (and not be upset about), the most basic policies, by making it simple, and providing a quick start doc to them which walks them through?

Oh yeah also: most folks on list know this, but ML's SSH Mastery book has proven very helpful to have around the office, (several copies were always being swiped and found on different desks in my last shop?)  It's really well written for everyday (critical) life with ssh.

https://www.michaelwlucas.com/nonfiction/ssh-mastery

I wouldn't plug it if it weren't such a solid resource.  (Feel free to call me out folks if I'm stepping over the line with this).

Rocket-
.ike





From ike at blackskyresearch.net  Sun Jun 16 22:10:31 2013
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Sun, 16 Jun 2013 22:10:31 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
	decrypt PGP, SSH
In-Reply-To: <20130617000300.GA1692@glenbarber.us>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
 <20130617000300.GA1692@glenbarber.us>
Message-ID: <1371435062-6631989.81793756.fr5H29wqV012177@rs149.luxsci.com>

On Jun 16, 2013, at 8:03 PM, Glen Barber <gjb at FreeBSD.org> wrote:
> http://www.xkcd.com/1181/
> 
> Glen
> Sorry.  Couldn't resist.

More relevant than you take credit for IMHO.

Rocket-
.ike




From ike at blackskyresearch.net  Sun Jun 16 22:11:16 2013
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Sun, 16 Jun 2013 22:11:16 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
	decrypt PGP, SSH
In-Reply-To: <51BE531B.7070301@bitlancer.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
 <51BE531B.7070301@bitlancer.com>
Message-ID: <1371435122-8924929.69768518.fr5H29wqW012177@rs149.luxsci.com>

On Jun 16, 2013, at 8:06 PM, Eric Keller <ekeller at bitlancer.com> wrote:

> Don't count out disinformation tactics either.  Why would an intel agency tell people their capabilities?  They are probably monitoring behavioral changes caused by the "announcement."

Does that mean I get a failing grade, because I freaked out to list a year late? ;P

Rocket-
.ike





From ike at blackskyresearch.net  Sun Jun 16 22:20:18 2013
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Sun, 16 Jun 2013 22:20:18 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
	decrypt PGP, SSH
In-Reply-To: <51BE53CE.6090605@ceetonetechnology.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
 <51BE53CE.6090605@ceetonetechnology.com>
Message-ID: <1371435662-1465851.21152623.fr5H2KJwJ019100@rs149.luxsci.com>

On Jun 16, 2013, at 8:09 PM, George Rosamond <george at ceetonetechnology.com> wrote:

> I don't know if there's more to this, but this may be the important part:
> 
> <quote>
> The response of the federal government is: "Yes, the technology used is
> generally in a position, depending on the type and quality of the
> encryption."
> </quote>
> 
> What?  Key length?  Encryption type?  Password strength?
> 
> My feeling has always been that an adversary with sufficient resources
> and high enough stakes can break anything.

I believe you forgot 1 element, enough time, (time offset by greater resources, of course).

I mean, theoretically, how fast do folks think Google could brute-force a 4096 bit RSA ssh key?  or a 1024 bit DSA key?  (or an 8 bit ECDSA key haha?)

Even if it's faster, with ma$$ive resources thrown at "high value targets", it's still got to take a quantifiable amount of time- which could mean something in the context of the reason to throw the resources at it...

> 
> If you're Jane Q Nobody crossing a border, and they image your drive and
> there's cipher text that's hard to crack, I doubt they devote the
> resources.  But if you're a priority target, I'm sure they would and
> ultimately could.
> 
> Passwd strength is usually the weak link though, not the encryption itself.

Agreed, and frustrating.
(It's always a last-mile problem- perhaps the true nature of understanding scale are found in the last mile problems.)

Rocket-
.ike





From george at ceetonetechnology.com  Sun Jun 16 22:33:14 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Sun, 16 Jun 2013 22:33:14 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
 decrypt PGP, SSH
In-Reply-To: <1371435662-1465851.21152623.fr5H2KJwJ019100@rs149.luxsci.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
 <51BE53CE.6090605@ceetonetechnology.com>
 <1371435662-1465851.21152623.fr5H2KJwJ019100@rs149.luxsci.com>
Message-ID: <51BE756A.6080009@ceetonetechnology.com>

Isaac (.ike) Levy:
> On Jun 16, 2013, at 8:09 PM, George Rosamond
> <george at ceetonetechnology.com> wrote:
> 
>> I don't know if there's more to this, but this may be the important
>> part:
>> 
>> <quote> The response of the federal government is: "Yes, the
>> technology used is generally in a position, depending on the type
>> and quality of the encryption." </quote>
>> 
>> What?  Key length?  Encryption type?  Password strength?
>> 
>> My feeling has always been that an adversary with sufficient
>> resources and high enough stakes can break anything.
> 
> I believe you forgot 1 element, enough time, (time offset by greater
> resources, of course).
> 
> I mean, theoretically, how fast do folks think Google could
> brute-force a 4096 bit RSA ssh key?  or a 1024 bit DSA key?  (or an 8
> bit ECDSA key haha?)

Yes.. valid.  Maybe the FBSD ssh-keygen man page needs updating... what
is "sufficient"?


<quote>
Specifies the number of bits in the key to create.  For RSA keys, the
minimum size is 768 bits and the default is 2048 bits.	 Generally, 2048
bits is considered sufficient.
</quote>

> 
> Even if it's faster, with ma$$ive resources thrown at "high value
> targets", it's still got to take a quantifiable amount of time- which
> could mean something in the context of the reason to throw the
> resources at it...

Well, yes, that's a consideration, but I'm partially basing this on a
long-standing rumor that enormous amounts of time is not the issue as
much as inter-agency time sharing systems, to put it most obtusely.

> 
>> 
>> If you're Jane Q Nobody crossing a border, and they image your
>> drive and there's cipher text that's hard to crack, I doubt they
>> devote the resources.  But if you're a priority target, I'm sure
>> they would and ultimately could.
>> 
>> Passwd strength is usually the weak link though, not the encryption
>> itself.
> 
> Agreed, and frustrating. (It's always a last-mile problem- perhaps
> the true nature of understanding scale are found in the last mile
> problems.)

Or, as it should be called, the "Schneier's pole issue."  The best
encryption is only part of a security equation.  Often it's like having
a pole 200' in the air in front of a host/home/whatever that takes a lot
of effort to get over.  However, it's usually much simpler to walk
*around* that pole.

I hope I didn't bastardize his argument too much, but then again, he's
probably not on talk@ and isn't the type who has google alerts up for
his name...

g


From bcully at gmail.com  Mon Jun 17 02:09:21 2013
From: bcully at gmail.com (Brian Cully)
Date: Mon, 17 Jun 2013 02:09:21 -0400
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
	decrypt PGP, SSH
In-Reply-To: <51BE756A.6080009@ceetonetechnology.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
 <51BE53CE.6090605@ceetonetechnology.com>
 <1371435662-1465851.21152623.fr5H2KJwJ019100@rs149.luxsci.com>
 <51BE756A.6080009@ceetonetechnology.com>
Message-ID: <DB37BF66-DEDA-4F72-B591-77F826DA753D@gmail.com>

On Jun 16, 2013, at 22:33 , George Rosamond <george at ceetonetechnology.com> wrote:
> Isaac (.ike) Levy:
>> Agreed, and frustrating. (It's always a last-mile problem- perhaps
>> the true nature of understanding scale are found in the last mile
>> problems.)
> 
> Or, as it should be called, the "Schneier's pole issue."  The best
> encryption is only part of a security equation.  Often it's like having
> a pole 200' in the air in front of a host/home/whatever that takes a lot
> of effort to get over.  However, it's usually much simpler to walk
> *around* that pole.

	IOW, "rubber hose cryptanalysis." There's not much you can do about it short of avoiding detection in the first place, which is why I'm such a big proponent of end-to-end crypto everywhere. For a long time it's been the case that the best way to your secrets is to employ meat-space tactics, from the aforementioned rubber hose to more quotidian social engineering.

	Why crack a password when you can crack a human being?

	Good password policy and encryption is useful for keeping out a subsection of reddit and anonymous, but at the end of the day this is a political issue (politics, defined as human to human interaction). Security only exists in trust, and as you trust networks get larger your security gets weaker. It's a hard problem to scale security because it's ultimately a political issue.

-bjc


From freebsd-listen at fabiankeil.de  Mon Jun 17 06:26:44 2013
From: freebsd-listen at fabiankeil.de (Fabian Keil)
Date: Mon, 17 Jun 2013 12:26:44 +0200
Subject: [nycbug-talk] Hot Story: German Gov. intelligence agencies
 decrypt PGP, SSH
In-Reply-To: <51BE53CE.6090605@ceetonetechnology.com>
References: <1371426962-6558775.58675421.fr5GNtGGO017618@rs149.luxsci.com>
 <51BE53CE.6090605@ceetonetechnology.com>
Message-ID: <20130617122644.6fafe381@fabiankeil.de>

George Rosamond <george at ceetonetechnology.com> wrote:

> Isaac (.ike) Levy:

> > A google translation says: "The federal government declared that its
> > secret services were basically able to decrypt PGP and Secure Shell,
> > at least partially."
> > 
> > http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html
> >
> >  -- Apparently, GnuPG list and others merely have links to this
> > article, I haven't found anything more except links to this vague
> > original article.
> > 
> > Thoughts?  Is tomorrow morning's commute to work going to look like
> > that new Brad Pitt movie, *or*, are we looking at a dopey expose of
> > well-known widespread worst-practices in cryptographic
> > misunderstandings?
> 
> I don't know if there's more to this, but this may be the important part:
> 
> <quote>
> The response of the federal government is: "Yes, the technology used is
> generally in a position, depending on the type and quality of the
> encryption."
> </quote>
> 
> What?  Key length?  Encryption type?  Password strength?

Note that the question roughly translates to:

"Is the technology used also capable of, at least partly, decrypting
and/or analysing communication that is encrypted (e.g. by SSH or PGP)."

Obviously traffic analysis allows to figure out the destination
of a vanilla ssh connection or OpenPGP-encrypted mail. Due to
the "or", the question can be truthfully answered with "yes",
even if nothing can be decrypted.

The "type and quality of the encryption" part could refer to
the use of Tor or remailers which would complicate things.

> My feeling has always been that an adversary with sufficient resources
> and high enough stakes can break anything.
> 
> If you're Jane Q Nobody crossing a border, and they image your drive and
> there's cipher text that's hard to crack, I doubt they devote the
> resources.  But if you're a priority target, I'm sure they would and
> ultimately could.

Germany has no "the constitution doesn't matter at the border" case law.
If your drive gets accessed at the German side of the border you already
are a priority target (and it's unlikely that the "accessing" would be
done by the BND).

> Passwd strength is usually the weak link though, not the encryption
> itself.

Sometimes its the master key generation:
http://www.fabiankeil.de/gehacktes/geli-key-monitor/

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130617/0df911a7/attachment.bin>

From nick at hackermonkey.com  Mon Jun 17 19:25:55 2013
From: nick at hackermonkey.com (Nick Danger)
Date: Mon, 17 Jun 2013 19:25:55 -0400
Subject: [nycbug-talk] Nas4Free and LCD display - or specifically FreeBSD &
	CWlinux LCDProc
Message-ID: <51BF9B03.8030404@hackermonkey.com>

I got a display for my Nas4Free server. Its a CWLinux 1602 usb LCD 
display. It is supported by LCDProc. I can plug it into my Linux box and 
use the little test script to pump output to it and set the backlight 
and other settings. When I plug it into my Nas4Free box, it does show 
up, but I don't know how to address it.

Jun 17 19:15:43 triumph kernel: ugen2.2: <Prolific Technology Inc.> at 
usbus2
Jun 17 19:15:43 triumph kernel: uplcom0: <Prolific Technology Inc. 
USB-Serial Controller, class 0/0, rev 1.10/3.00, addr 2> on usbus2

Since there is no /dev/ttyUSB2, I have no idea how I address this 
device. I am assuming the Nas4Free issue is I just have to set the 
configuration correct, but when the second line of the config is 
"device=/dev/ttyUSB0", Im stumped at line 2 ;-)

Any ideas?

Thanks
Nick



From bcallah at devio.us  Mon Jun 17 23:30:28 2013
From: bcallah at devio.us (Brian Callahan)
Date: Mon, 17 Jun 2013 23:30:28 -0400
Subject: [nycbug-talk] Nas4Free and LCD display - or specifically
 FreeBSD & CWlinux LCDProc
In-Reply-To: <51BF9B03.8030404@hackermonkey.com>
References: <51BF9B03.8030404@hackermonkey.com>
Message-ID: <51BFD454.4000506@devio.us>

On 6/17/2013 7:25 PM, Nick Danger wrote:
> I got a display for my Nas4Free server. Its a CWLinux 1602 usb LCD
> display. It is supported by LCDProc. I can plug it into my Linux box and
> use the little test script to pump output to it and set the backlight
> and other settings. When I plug it into my Nas4Free box, it does show
> up, but I don't know how to address it.
>
> Jun 17 19:15:43 triumph kernel: ugen2.2: <Prolific Technology Inc.> at
> usbus2
> Jun 17 19:15:43 triumph kernel: uplcom0: <Prolific Technology Inc.
> USB-Serial Controller, class 0/0, rev 1.10/3.00, addr 2> on usbus2
>
> Since there is no /dev/ttyUSB2, I have no idea how I address this
> device. I am assuming the Nas4Free issue is I just have to set the
> configuration correct, but when the second line of the config is
> "device=/dev/ttyUSB0", Im stumped at line 2 ;-)
>

Wouldn't this be "device=/dev/cuaU0"?

> Any ideas?
>
> Thanks
> Nick
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From nick at hackermonkey.com  Tue Jun 18 07:59:04 2013
From: nick at hackermonkey.com (Nick Danger)
Date: Tue, 18 Jun 2013 07:59:04 -0400
Subject: [nycbug-talk] Nas4Free and LCD display - or specifically
 FreeBSD & CWlinux LCDProc
In-Reply-To: <51BFD454.4000506@devio.us>
References: <51BF9B03.8030404@hackermonkey.com> <51BFD454.4000506@devio.us>
Message-ID: <51C04B88.2070003@hackermonkey.com>

On 06/17/2013 11:30 PM, Brian Callahan wrote:
>
> Wouldn't this be "device=/dev/cuaU0"?

/dev/ttyU0

After I sent this, and another email to a FreeBSD friend, I found the
answer. Isn't that how it always happens?

Thanks :-)
Nick




From george at ceetonetechnology.com  Wed Jun 19 11:19:25 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Wed, 19 Jun 2013 11:19:25 -0400
Subject: [nycbug-talk] FreeBSD ARM pkgs
Message-ID: <51C1CBFD.4000103@ceetonetechnology.com>

As there is still no official FreeBSD pkgng repository, and a lot of us
are hacking on BeagleBones and Raspberry Pis, Steve K and I took it upon
ourselves to create a very *unofficial* and *untested* selection of
packages:

mirrors.nycbug.org/pub/FreeBSD_ARM/pkg

If you want to use this, put the following line:

PACKAGESITE	: http://mirrors.nycbug.org/pub/FreeBSD_ARM/pkg/

in your /usr/local/etc/pkg.conf

Hopefully, we can keep building packages and keep them reasonably
updated.  At least for some of us, it will save a lot of time.

If there's anything in particular you need, please feel free to ping the
list, as we or someone else might have the package built.

Also, no guarantee on security, checksums, integrity, etc., so use at
your own risk.

g


From pete at nomadlogic.org  Wed Jun 19 13:00:40 2013
From: pete at nomadlogic.org (Pete Wright)
Date: Wed, 19 Jun 2013 10:00:40 -0700
Subject: [nycbug-talk] Happy 20th Birthday FreeBSD!
Message-ID: <51C1E3B8.9070506@nomadlogic.org>

subject line pretty much says it all.  there is a twitter thread(?) 
going on with people posting freebsd related pictures with the #20years 
hashtag.  some good one's up so far - have to say this is my fav. so far :)

https://twitter.com/brixmeister/status/347357795445776384/photo/1


-pete

-- 
Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA



From okan at demirmen.com  Wed Jun 19 13:12:18 2013
From: okan at demirmen.com (Okan Demirmen)
Date: Wed, 19 Jun 2013 13:12:18 -0400
Subject: [nycbug-talk] Happy 20th Birthday FreeBSD!
In-Reply-To: <51C1E3B8.9070506@nomadlogic.org>
References: <51C1E3B8.9070506@nomadlogic.org>
Message-ID: <CACs0eVSe+ndc53Ovyqj-ZkiGF8oekkuDGPXg2utbdhUFHNh1Hg@mail.gmail.com>

On Wed, Jun 19, 2013 at 1:00 PM, Pete Wright <pete at nomadlogic.org> wrote:
> subject line pretty much says it all.  there is a twitter thread(?) going on
> with people posting freebsd related pictures with the #20years hashtag.
> some good one's up so far - have to say this is my fav. so far :)
>
> https://twitter.com/brixmeister/status/347357795445776384/photo/1

You might have been in a dark cave for a long time, but BSD is dead -
sorry to break the news.


From george at ceetonetechnology.com  Wed Jun 19 13:18:18 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Wed, 19 Jun 2013 13:18:18 -0400
Subject: [nycbug-talk] Happy 20th Birthday FreeBSD!
In-Reply-To: <CACs0eVSe+ndc53Ovyqj-ZkiGF8oekkuDGPXg2utbdhUFHNh1Hg@mail.gmail.com>
References: <51C1E3B8.9070506@nomadlogic.org>
 <CACs0eVSe+ndc53Ovyqj-ZkiGF8oekkuDGPXg2utbdhUFHNh1Hg@mail.gmail.com>
Message-ID: <51C1E7DA.5060201@ceetonetechnology.com>

Okan Demirmen:
> On Wed, Jun 19, 2013 at 1:00 PM, Pete Wright <pete at nomadlogic.org> wrote:
>> subject line pretty much says it all.  there is a twitter thread(?) going on
>> with people posting freebsd related pictures with the #20years hashtag.
>> some good one's up so far - have to say this is my fav. so far :)
>>
>> https://twitter.com/brixmeister/status/347357795445776384/photo/1
> 
> You might have been in a dark cave for a long time, but BSD is dead -
> sorry to break the news.

20 years of FreeBSD, and 9 mos of grumpy okans!

That is an awesome picture Pete.

g



From mspitzer at gmail.com  Wed Jun 19 13:20:21 2013
From: mspitzer at gmail.com (Marc Spitzer)
Date: Wed, 19 Jun 2013 13:20:21 -0400
Subject: [nycbug-talk] Happy 20th Birthday FreeBSD!
In-Reply-To: <CACs0eVSe+ndc53Ovyqj-ZkiGF8oekkuDGPXg2utbdhUFHNh1Hg@mail.gmail.com>
References: <51C1E3B8.9070506@nomadlogic.org>
 <CACs0eVSe+ndc53Ovyqj-ZkiGF8oekkuDGPXg2utbdhUFHNh1Hg@mail.gmail.com>
Message-ID: <CA+qr9e4kb-a03zoyh2Gr3W2GtbKF=O+c4USHFfubQeSUzARkkA@mail.gmail.com>

On Wed, Jun 19, 2013 at 1:12 PM, Okan Demirmen <okan at demirmen.com> wrote:
> On Wed, Jun 19, 2013 at 1:00 PM, Pete Wright <pete at nomadlogic.org> wrote:
>> subject line pretty much says it all.  there is a twitter thread(?) going on
>> with people posting freebsd related pictures with the #20years hashtag.
>> some good one's up so far - have to say this is my fav. so far :)
>>
>> https://twitter.com/brixmeister/status/347357795445776384/photo/1
>
> You might have been in a dark cave for a long time, but BSD is dead -
> sorry to break the news.

Naa, its like lisp.  It just smells funny is all.

marc

--
Freedom is nothing but a chance to be better.
--Albert Camus

The inherent vice of capitalism is the unequal sharing of blessings;
the inherent virtue of socialism is the equal sharing of miseries.
-- Winston Churchill

Do the arithmetic or be doomed to talk nonsense.
--John McCarthy


From pete at nomadlogic.org  Wed Jun 19 13:20:35 2013
From: pete at nomadlogic.org (Pete Wright)
Date: Wed, 19 Jun 2013 10:20:35 -0700
Subject: [nycbug-talk] Happy 20th Birthday FreeBSD!
In-Reply-To: <CACs0eVSe+ndc53Ovyqj-ZkiGF8oekkuDGPXg2utbdhUFHNh1Hg@mail.gmail.com>
References: <51C1E3B8.9070506@nomadlogic.org>
 <CACs0eVSe+ndc53Ovyqj-ZkiGF8oekkuDGPXg2utbdhUFHNh1Hg@mail.gmail.com>
Message-ID: <51C1E863.50402@nomadlogic.org>

On 06/19/13 10:12, Okan Demirmen wrote:
> On Wed, Jun 19, 2013 at 1:00 PM, Pete Wright <pete at nomadlogic.org> wrote:
>> subject line pretty much says it all.  there is a twitter thread(?) going on
>> with people posting freebsd related pictures with the #20years hashtag.
>> some good one's up so far - have to say this is my fav. so far :)
>>
>> https://twitter.com/brixmeister/status/347357795445776384/photo/1
>
> You might have been in a dark cave for a long time, but BSD is dead -
> sorry to break the news.
>
but but but - did you see the picture i posted?

he drew the logo on a tektronix 2230 - that's like 100 times cooler than 
ubuntu running on the cloud and shipping by browsing behavior to amazon 
isn't it?

:p


-p

-- 
Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA



From george at ceetonetechnology.com  Thu Jun 20 20:27:07 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Thu, 20 Jun 2013 20:27:07 -0400
Subject: [nycbug-talk] FreeBSD ARM pkgs
In-Reply-To: <51C1CBFD.4000103@ceetonetechnology.com>
References: <51C1CBFD.4000103@ceetonetechnology.com>
Message-ID: <51C39DDB.8020903@ceetonetechnology.com>

George Rosamond:
> As there is still no official FreeBSD pkgng repository, and a lot of us
> are hacking on BeagleBones and Raspberry Pis, Steve K and I took it upon
> ourselves to create a very *unofficial* and *untested* selection of
> packages:
> 
> mirrors.nycbug.org/pub/FreeBSD_ARM/pkg
> 
> If you want to use this, put the following line:
> 
> PACKAGESITE	: http://mirrors.nycbug.org/pub/FreeBSD_ARM/pkg/
> 
> in your /usr/local/etc/pkg.conf
> 
> Hopefully, we can keep building packages and keep them reasonably
> updated.  At least for some of us, it will save a lot of time.
> 
> If there's anything in particular you need, please feel free to ping the
> list, as we or someone else might have the package built.
> 
> Also, no guarantee on security, checksums, integrity, etc., so use at
> your own risk.
> 

So the list of pkgs has grown.. and more down the line.  We probably
have the most current and extensive repository of FreeBSD arm pkgng
around at this point.

If anyone else is building them, ping me offline.

The point of these little arm boards isn't just to let them sit around
and run an operating system for itself.  They need to have pkgs, to give
them a function...

g


From siraaj at khandkar.net  Tue Jun 25 10:36:17 2013
From: siraaj at khandkar.net (Siraaj Khandkar)
Date: Tue, 25 Jun 2013 10:36:17 -0400
Subject: [nycbug-talk] BSD on PS4
Message-ID: <51C9AAE1.6050109@khandkar.net>

http://www.vgleaks.com/some-details-about-playstation-4-os-development/


From pete at nomadlogic.org  Tue Jun 25 13:16:54 2013
From: pete at nomadlogic.org (Pete Wright)
Date: Tue, 25 Jun 2013 10:16:54 -0700
Subject: [nycbug-talk] BSD on PS4
In-Reply-To: <51C9AAE1.6050109@khandkar.net>
References: <51C9AAE1.6050109@khandkar.net>
Message-ID: <51C9D086.4070305@nomadlogic.org>

On 06/25/13 07:36, Siraaj Khandkar wrote:
> http://www.vgleaks.com/some-details-about-playstation-4-os-development/

you know i saw that yesterday and was thinking of forwarding it along. 
but from those screen shots i didn't see anything pointing to the fact 
that their systems is based on FreeBSD-9.0.

having said that - i would definitely not be surprised to see some sort 
of BSD based OS on these guys.

-pete

-- 
Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA



From george at ceetonetechnology.com  Tue Jun 25 13:58:16 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Tue, 25 Jun 2013 13:58:16 -0400
Subject: [nycbug-talk] BSD on PS4
In-Reply-To: <51C9D086.4070305@nomadlogic.org>
References: <51C9AAE1.6050109@khandkar.net> <51C9D086.4070305@nomadlogic.org>
Message-ID: <51C9DA38.2020500@ceetonetechnology.com>

Pete Wright:
> On 06/25/13 07:36, Siraaj Khandkar wrote:
>> http://www.vgleaks.com/some-details-about-playstation-4-os-development/
> 
> you know i saw that yesterday and was thinking of forwarding it along.
> but from those screen shots i didn't see anything pointing to the fact
> that their systems is based on FreeBSD-9.0.
> 
> having said that - i would definitely not be surprised to see some sort
> of BSD based OS on these guys.

it does, however, add to the relatively short list of systems running a
BSD that we know of.  And we'll never know the long list.

clause 4: you must put <h2>We use a BSD</h2> in the footer of your homepage.

;)

g


From skreuzer at exit2shell.com  Tue Jun 25 14:25:07 2013
From: skreuzer at exit2shell.com (Steven Kreuzer)
Date: Tue, 25 Jun 2013 14:25:07 -0400
Subject: [nycbug-talk] BSD on PS4
In-Reply-To: <51C9DA38.2020500@ceetonetechnology.com>
References: <51C9AAE1.6050109@khandkar.net> <51C9D086.4070305@nomadlogic.org>
 <51C9DA38.2020500@ceetonetechnology.com>
Message-ID: <51C9E083.6010208@exit2shell.com>

On 6/25/13 1:58 PM, George Rosamond wrote:
> Pete Wright:
>> On 06/25/13 07:36, Siraaj Khandkar wrote:
>>> http://www.vgleaks.com/some-details-about-playstation-4-os-development/
>> you know i saw that yesterday and was thinking of forwarding it along.
>> but from those screen shots i didn't see anything pointing to the fact
>> that their systems is based on FreeBSD-9.0.
>>
>> having said that - i would definitely not be surprised to see some sort
>> of BSD based OS on these guys.
> it does, however, add to the relatively short list of systems running a
> BSD that we know of.  And we'll never know the long list.
I am not quite sure why the blogosphere is exploding with this story but
CellOS, which is the operating system on the Playstation 3 is also
thought to be based on FreeBSD. The PSP and Vita are also rumored to be
running some version of FreeBSD as well.

Also, a patch for avx support on FreeBSD was sent in not to long ago by
someone from Sony
(http://lists.freebsd.org/pipermail/freebsd-amd64/2011-March/013744.html)
>
> clause 4: you must put <h2>We use a BSD</h2> in the footer of your homepage.
>
Might be worthwhile to start a page in the FreeBSD wiki on things known
or suspected to be running FreeBSD in one way or the other. I think some
Samsung SmartTV also runs FreeBSD under the hood.


From lists at eitanadler.com  Tue Jun 25 15:04:35 2013
From: lists at eitanadler.com (Eitan Adler)
Date: Tue, 25 Jun 2013 21:04:35 +0200
Subject: [nycbug-talk] BSD on PS4
In-Reply-To: <51C9E083.6010208@exit2shell.com>
References: <51C9AAE1.6050109@khandkar.net> <51C9D086.4070305@nomadlogic.org>
 <51C9DA38.2020500@ceetonetechnology.com>
 <51C9E083.6010208@exit2shell.com>
Message-ID: <CAF6rxgncA3ud0YzCXvG5pkeRR80kP9NhTykrhWL_mKyiLfn19w@mail.gmail.com>

On Tue, Jun 25, 2013 at 8:25 PM, Steven Kreuzer <skreuzer at exit2shell.com> wrote:
>> clause 4: you must put <h2>We use a BSD</h2> in the footer of your homepage.
>>
> Might be worthwhile to start a page in the FreeBSD wiki on things known
> or suspected to be running FreeBSD in one way or the other. I think some
> Samsung SmartTV also runs FreeBSD under the hood.

Wikipedia has such a list.  It would be nice to improve it and include
citations.


-- 
Eitan Adler


From george at ceetonetechnology.com  Tue Jun 25 15:08:06 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Tue, 25 Jun 2013 15:08:06 -0400
Subject: [nycbug-talk] BSD on PS4
In-Reply-To: <CAF6rxgncA3ud0YzCXvG5pkeRR80kP9NhTykrhWL_mKyiLfn19w@mail.gmail.com>
References: <51C9AAE1.6050109@khandkar.net> <51C9D086.4070305@nomadlogic.org>
 <51C9DA38.2020500@ceetonetechnology.com> <51C9E083.6010208@exit2shell.com>
 <CAF6rxgncA3ud0YzCXvG5pkeRR80kP9NhTykrhWL_mKyiLfn19w@mail.gmail.com>
Message-ID: <51C9EA96.9060907@ceetonetechnology.com>

Eitan Adler:
> On Tue, Jun 25, 2013 at 8:25 PM, Steven Kreuzer <skreuzer at exit2shell.com> wrote:
>>> clause 4: you must put <h2>We use a BSD</h2> in the footer of your homepage.
>>>
>> Might be worthwhile to start a page in the FreeBSD wiki on things known
>> or suspected to be running FreeBSD in one way or the other. I think some
>> Samsung SmartTV also runs FreeBSD under the hood.
> 
> Wikipedia has such a list.  It would be nice to improve it and include
> citations.
> 

and to make it *BSD so everyone could come to the party.

g



From bonsaime at gmail.com  Tue Jun 25 15:09:11 2013
From: bonsaime at gmail.com (Jesse Callaway)
Date: Tue, 25 Jun 2013 15:09:11 -0400
Subject: [nycbug-talk] BSD on PS4
In-Reply-To: <CAF6rxgncA3ud0YzCXvG5pkeRR80kP9NhTykrhWL_mKyiLfn19w@mail.gmail.com>
References: <51C9AAE1.6050109@khandkar.net> <51C9D086.4070305@nomadlogic.org>
 <51C9DA38.2020500@ceetonetechnology.com>
 <51C9E083.6010208@exit2shell.com>
 <CAF6rxgncA3ud0YzCXvG5pkeRR80kP9NhTykrhWL_mKyiLfn19w@mail.gmail.com>
Message-ID: <CAJU5ZBMi+C8pmVoqFoqvP3spTbduX7sTHAiLCb4MOAr+LyBg+A@mail.gmail.com>

On Tue, Jun 25, 2013 at 3:04 PM, Eitan Adler <lists at eitanadler.com> wrote:

> On Tue, Jun 25, 2013 at 8:25 PM, Steven Kreuzer <skreuzer at exit2shell.com>
> wrote:
> >> clause 4: you must put <h2>We use a BSD</h2> in the footer of your
> homepage.
> >>
> > Might be worthwhile to start a page in the FreeBSD wiki on things known
> > or suspected to be running FreeBSD in one way or the other. I think some
> > Samsung SmartTV also runs FreeBSD under the hood.
>
> (redacted: insufficient references)
>
>
> --
> Eitan Adler
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>



-- 
-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130625/33d7b800/attachment.htm>

From siraaj at khandkar.net  Tue Jun 25 15:41:24 2013
From: siraaj at khandkar.net (Siraaj Khandkar)
Date: Tue, 25 Jun 2013 15:41:24 -0400
Subject: [nycbug-talk] BSD on PS4
In-Reply-To: <20130625152642.GB12209@vm.eradman.com>
References: <51C9AAE1.6050109@khandkar.net>
 <20130625152642.GB12209@vm.eradman.com>
Message-ID: <51C9F264.3020009@khandkar.net>

On 06/25/2013 11:26 AM, Eric Radman wrote:
> On Tue, Jun 25, 2013 at 10:36:17AM -0400, Siraaj Khandkar wrote:
>> http://www.vgleaks.com/some-details-about-playstation-4-os-development/
>
> What was it about the four photos taken at random angles that caught
> your attention?
>
>

Last one looks like Star Wars. I like that.


From pete at nomadlogic.org  Wed Jun 26 13:52:56 2013
From: pete at nomadlogic.org (Pete Wright)
Date: Wed, 26 Jun 2013 10:52:56 -0700
Subject: [nycbug-talk] freebsd pkgng headsup
Message-ID: <51CB2A78.3080009@nomadlogic.org>

more of an FYI: just noticed on my freebsd nodes that the current pkgng 
version is 1.1.2.  the one huge feature i'm excited about with the 1.1 
release is the "lock" option:

  lock    Prevent modification or deletion of a package.


so now i can install a pkg i've manually downloaded from an external 
repo and not have to worry about it conflicting with a pkg i build in my 
internal repo.

so for example - i build VirtualBox w/o GUI support on my personal pkg 
repo - but installed a version supporting a GUI from the nycbug pkg repo 
on my workstation.  now i can lock that pkg on my workstation and can 
stop doing funny business when updating pkgs :)

there are obviously a bunch of other updates - but this one is going to 
make my life quite a bit easier...

-p

-- 
Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA



From george at ceetonetechnology.com  Wed Jun 26 14:00:22 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Wed, 26 Jun 2013 14:00:22 -0400
Subject: [nycbug-talk] freebsd pkgng headsup
In-Reply-To: <51CB2A78.3080009@nomadlogic.org>
References: <51CB2A78.3080009@nomadlogic.org>
Message-ID: <51CB2C36.6010709@ceetonetechnology.com>

Pete Wright:
> more of an FYI: just noticed on my freebsd nodes that the current pkgng
> version is 1.1.2.  the one huge feature i'm excited about with the 1.1
> release is the "lock" option:
> 
>  lock    Prevent modification or deletion of a package.
> 
> 
> so now i can install a pkg i've manually downloaded from an external
> repo and not have to worry about it conflicting with a pkg i build in my
> internal repo.

I caught that too.  Good stuff.

> 
> so for example - i build VirtualBox w/o GUI support on my personal pkg
> repo - but installed a version supporting a GUI from the nycbug pkg repo
> on my workstation.  now i can lock that pkg on my workstation and can
> stop doing funny business when updating pkgs :)
> 
> there are obviously a bunch of other updates - but this one is going to
> make my life quite a bit easier...

As I manually built a bunch of pkgs this last week, I have to say I'm
liking pkgng a lot.  It's really clean and simple, and seems to fill in
a lot of annoying old gaps.

Our repo hit 318 pkgs on mirrors.nycbug.org.  My intention was to only
put up a few pkgs for limited needs, but I got carried away.

If I knew it would hit this many pkgs, I would have started with
poudriere.  Now that's the next step, instead of a messy bunch of
scripts with sed being piped left and right.

g


From fastgoldfish at gmail.com  Wed Jun 26 18:45:29 2013
From: fastgoldfish at gmail.com (badon)
Date: Wed, 26 Jun 2013 22:45:29 +0000 (UTC)
Subject: [nycbug-talk] pfsense and tor
References: <51B60CB7.1030708@nomadlogic.org> <51B66857.1000901@devio.us>
 <51B681EB.3050800@ceetonetechnology.com>
Message-ID: <loom.20130627T004511-695@post.gmane.org>

George Rosamond <george <at> ceetonetechnology.com> writes:

> 
> Brian Callahan:
> > On 6/10/2013 1:28 PM, Pete Wright wrote:
> >> has anyone had the chance to run tor on a pfsense system?  i'm not
> >> seeing it in the pfsense packages directory located here:
> >>
> >> http://www.pfsense.com/packages/config/
> >>
> >> while i have spare bandwidth  <at> home for tor, not sure my router has the
> >> horsepower.  figured i'd test it out there first anyway then if that
> >> fails get tor up and running on another always-on appliance (like my
> >> mac-mini which drives my tv).
> >>
> >> -p
> >>
> > 
> > Can pfsense install vanilla FreeBSD packages? There should be a FreeBSD
> > package available. (or install from ports, though I realize that's
> > probably not what people want to do with their pfsense machines)
> 
> It can be installed that way.
> 
> But creating a pfSense Tor package has been on my list for a while now.
>  They moved to PBIs from the old system, and haven't looked at it yet.
> 
> So if >100,000 pfSense installs as of November 2011, and 1% go Tor, you
> have a huge impact on the Tor network.  Just like some ppl use pfSense
> for a dhcpd appliance, the same could happen with Tor, I'd hope.  And
> the Tor relays are a heavy Linux monoculture at this point, which would
> be nice to diversify.
> 
> I will get to it... really.
> 
> > 
> > The latest stable is 0.2.3.25 and the latest unstable is 0.2.4.12-alpha.
> > However, from experience running the OpenBSD tor relay, go for the
> > unstable. It's quite an improvement over the stable branch.
> 
> There are also some sysctls to set that should be noted... we have a
> Tor-BSD list on our mailman if everyone doesnt know already...
> 
> We run two non-exit relays in the cabinet: NYCBUG0 (fbsd) and NYCBUG1
> (obsd), the latter of which Brian is tweaking.
> 
> g
> 
> PS Gee, I wonder why ppl would be discussing this... ;)
> 
> 

I found this discussion by searching for "pfsense tor". My goal is to make a
router firewall thing to torify all network traffic to the internet. The
purpose is to eliminate the need to configure proxies, and prevent
accidental data leaks outside Tor. Right now, there's nothing I know of that
quite does this. Whonix takes a different approach, and restricts usage to
one pre-configured "desktop" that connects only to the Whonix Tor gateway.
Despite the restriction on what software can be used, Whonix still has some
higher hardware requirements because it's all virtualized. Whonix only works
for one user!

I just installed Pfsense, and it's already working and doing whatever it is
that it normally does. Correct me if I'm wrong, but I think my goal is
waiting for Tor to become available in Pfsense, which is what you are
planning to do. I'm not sure exactly how this will all have to be configured
to work like I'm hoping, but as best I can tell, Pfsense can do it once Tor
is available (I assume some sort of table of where data should go). Also,
the possibility of having an easy-to-run Tor relay is compelling too.

The mention of PBI's is interesting, because I just installed PCBSD too, and
I think that's what PCBSD uses. There is already a PBI in PCBSD, but I'm not
sure if that's suitable for Pfsense or not. It works quite well, but it's
still limited without a way to forcibly torify everything, and block
anything that doesn't cooperate.

Can you give me an idea of when you might want to make it possible to add
Tor to Pfsense, and whether your plans might work out well for my own plans?
Do you know if it will be possible to force everything to go out on Tor, and
also if it will be possible to configure a relay in a straightforward,
non-expert, I-just-turned-it-on-and-it-worked sort of way?

Thanks!



From bcallah at devio.us  Wed Jun 26 18:57:12 2013
From: bcallah at devio.us (Brian Callahan)
Date: Wed, 26 Jun 2013 15:57:12 -0700
Subject: [nycbug-talk] pfsense and tor
In-Reply-To: <loom.20130627T004511-695@post.gmane.org>
References: <51B60CB7.1030708@nomadlogic.org> <51B66857.1000901@devio.us>
 <51B681EB.3050800@ceetonetechnology.com>
 <loom.20130627T004511-695@post.gmane.org>
Message-ID: <51CB71C8.4070601@devio.us>

On 06/26/13 15:45, badon wrote:
> The mention of PBI's is interesting, because I just installed PCBSD 
> too, and I think that's what PCBSD uses. 

Makes sense, as both are based off FreeBSD ;-) The PBI is a PCBSD 
invention, but afaik the framework (though not necessarily the 
individual PBI packages) will work on any FreeBSD-based system, 
including vanilla FreeBSD.

> There is already a PBI in PCBSD, but I'm not sure if that's suitable 
> for Pfsense or not.

I would say "probably not" to this. But the mechanism for generating a 
suitable PBI for pfsense should be similar if not identical to PCBSD (if 
you know how to do that).

Otherwise - consider this a bump to George for making a pfsense Tor PBI :)

~Brian


From fastgoldfish at gmail.com  Wed Jun 26 22:09:24 2013
From: fastgoldfish at gmail.com (fastgoldfish at gmail.com)
Date: Wed, 26 Jun 2013 19:09:24 -0700
Subject: [nycbug-talk] pfsense and tor
In-Reply-To: <51CB71C8.4070601@devio.us>
References: <51B60CB7.1030708@nomadlogic.org> <51B66857.1000901@devio.us>
 <51B681EB.3050800@ceetonetechnology.com>
 <loom.20130627T004511-695@post.gmane.org>
 <51CB71C8.4070601@devio.us>
Message-ID: <CAFqMioyawy6avMY7x0-b_jAnxM-a=05bE_S5oGjWLbKmsYOWUw@mail.gmail.com>

I sent a message to adrelanos, the person developing the Whonix
system, to make him aware of this discussion. I think pfSense may have
the potential to provide a much more powerful and flexible replacement
for the Whonix Gateway. pfSense could be used to serve needs that the
Whonix Gateway currently is not designed for, but pfSense can still
serve the very narrow set of use cases that the Whonix system is
currently the best tool for.

Beyond that, pfSense can do things that we haven't even thought of
yet. one thing I've discussed with adrelanos is a Tor-friendly ISP
that could provide a Tor gateway that will forcibly torify all
communications. Some other very important use cases are:

* Making it easy for someone to conceal the location of a Tor hidden
service, even if it gets rooted (which Whonix theoretically could do).

* Making it easy for someone to run a Tor relay or bridge.

And more!

On Wed, Jun 26, 2013 at 3:57 PM, Brian Callahan <bcallah at devio.us> wrote:
> On 06/26/13 15:45, badon wrote:
>>
>> The mention of PBI's is interesting, because I just installed PCBSD too,
>> and I think that's what PCBSD uses.
>
>
> Makes sense, as both are based off FreeBSD ;-) The PBI is a PCBSD invention,
> but afaik the framework (though not necessarily the individual PBI packages)
> will work on any FreeBSD-based system, including vanilla FreeBSD.
>
>
>> There is already a PBI in PCBSD, but I'm not sure if that's suitable for
>> Pfsense or not.
>
>
> I would say "probably not" to this. But the mechanism for generating a
> suitable PBI for pfsense should be similar if not identical to PCBSD (if you
> know how to do that).
>
> Otherwise - consider this a bump to George for making a pfsense Tor PBI :)
>
> ~Brian


From ike at blackskyresearch.net  Thu Jun 27 10:53:13 2013
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Thu, 27 Jun 2013 10:53:13 -0400
Subject: [nycbug-talk] interesting read (old pacemaker thread)
In-Reply-To: <201108291308.p7TD82Ab002791@rs134.luxsci.com>
References: <201108291308.p7TD82Ab002791@rs134.luxsci.com>
Message-ID: <1372344844-6735640.08355267.fr5REr5x3014355@rs149.luxsci.com>

Hi All,

More news notes on a now 8 year old thread, 

>> On Sat, 21 May 2005 alex at pilosoft.com wrote:
>>>> Let's keep in mind that the trustworthiness of a life-critical
>>>> application has everything to do with how that program was written
> 
> http://lists.nycbug.org/pipermail/talk/2005-May/005497.html


The US FDA apparently publishing a vulnerability advisory regarding medical devices, (yes, the Food and Drug Administration),

http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htm
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-164-01

"Researchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting roughly 300 medical devices across approximately 40 vendors. According to their report, the vulnerability could be exploited to potentially change critical settings and/or modify device firmware."


On Aug 31, 2011, at 1:49 PM, Mark Saad <mark.saad at ymail.com> wrote:
>>>> "Earlier this month, Jay Radcliffe, a computer security professional who is also diabetic, showed how an attacker could remotely control insulin pumps to deliver too much or too little insulin to the individual wearing the device."
>>>> 
>>>> http://www.wired.com/threatlevel/2011/08/medical-device-security/

> My wife who is a diabetic heard about this and first said "why would
> he do that , now nothing will get approved by the FDA" . However she
> was looking into how she could listen to her wireless glucose monitor
> to have a desktop application that would show here count on the
> computer she was working at.  My take on this is that the FDA should
> publish a RFC for wireless device communications and design a nice
> strict protocol for communications . The big issue I see here is each
> dumb pharma company wants to copyright their product to make the most
> money on their work. If they do a crap job no one will know they keep
> all of their work closed and private. With the network they use open
> and well designed and freely licensable  , big pharma can concentrate
> on the nuts and bolts , the the over all quality of the mechanical
> parts in the devices, and the software.


Best,
.ike





From fastgoldfish at gmail.com  Thu Jun 27 18:26:41 2013
From: fastgoldfish at gmail.com (fastgoldfish at gmail.com)
Date: Thu, 27 Jun 2013 15:26:41 -0700
Subject: [nycbug-talk] pfsense and tor
In-Reply-To: <CAFqMioyawy6avMY7x0-b_jAnxM-a=05bE_S5oGjWLbKmsYOWUw@mail.gmail.com>
References: <51B60CB7.1030708@nomadlogic.org> <51B66857.1000901@devio.us>
 <51B681EB.3050800@ceetonetechnology.com>
 <loom.20130627T004511-695@post.gmane.org>
 <51CB71C8.4070601@devio.us>
 <CAFqMioyawy6avMY7x0-b_jAnxM-a=05bE_S5oGjWLbKmsYOWUw@mail.gmail.com>
Message-ID: <CAFqMioy=Hz=s+TiWXiwOYP3A=bCNkJFxn4xHsd3WGXUWB4pTsA@mail.gmail.com>

I found this, which looks to be straightforward:

http://doc.pfsense.org/index.php/Developing_Packages

I don't understand all that's going on with that. Does anyone know if
there's a  "hello world" package to play with? I couldn't find one.

On Wed, Jun 26, 2013 at 7:09 PM, fastgoldfish at gmail.com
<fastgoldfish at gmail.com> wrote:
> I sent a message to adrelanos, the person developing the Whonix
> system, to make him aware of this discussion. I think pfSense may have
> the potential to provide a much more powerful and flexible replacement
> for the Whonix Gateway. pfSense could be used to serve needs that the
> Whonix Gateway currently is not designed for, but pfSense can still
> serve the very narrow set of use cases that the Whonix system is
> currently the best tool for.
>
> Beyond that, pfSense can do things that we haven't even thought of
> yet. one thing I've discussed with adrelanos is a Tor-friendly ISP
> that could provide a Tor gateway that will forcibly torify all
> communications. Some other very important use cases are:
>
> * Making it easy for someone to conceal the location of a Tor hidden
> service, even if it gets rooted (which Whonix theoretically could do).
>
> * Making it easy for someone to run a Tor relay or bridge.
>
> And more!
>
> On Wed, Jun 26, 2013 at 3:57 PM, Brian Callahan <bcallah at devio.us> wrote:
>> On 06/26/13 15:45, badon wrote:
>>>
>>> The mention of PBI's is interesting, because I just installed PCBSD too,
>>> and I think that's what PCBSD uses.
>>
>>
>> Makes sense, as both are based off FreeBSD ;-) The PBI is a PCBSD invention,
>> but afaik the framework (though not necessarily the individual PBI packages)
>> will work on any FreeBSD-based system, including vanilla FreeBSD.
>>
>>
>>> There is already a PBI in PCBSD, but I'm not sure if that's suitable for
>>> Pfsense or not.
>>
>>
>> I would say "probably not" to this. But the mechanism for generating a
>> suitable PBI for pfsense should be similar if not identical to PCBSD (if you
>> know how to do that).
>>
>> Otherwise - consider this a bump to George for making a pfsense Tor PBI :)
>>
>> ~Brian


From george at ceetonetechnology.com  Fri Jun 28 00:05:56 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Fri, 28 Jun 2013 00:05:56 -0400
Subject: [nycbug-talk] pfsense and tor
In-Reply-To: <CAFqMioy=Hz=s+TiWXiwOYP3A=bCNkJFxn4xHsd3WGXUWB4pTsA@mail.gmail.com>
References: <51B60CB7.1030708@nomadlogic.org> <51B66857.1000901@devio.us>
 <51B681EB.3050800@ceetonetechnology.com>
 <loom.20130627T004511-695@post.gmane.org> <51CB71C8.4070601@devio.us>
 <CAFqMioyawy6avMY7x0-b_jAnxM-a=05bE_S5oGjWLbKmsYOWUw@mail.gmail.com>
 <CAFqMioy=Hz=s+TiWXiwOYP3A=bCNkJFxn4xHsd3WGXUWB4pTsA@mail.gmail.com>
Message-ID: <51CD0BA4.5040109@ceetonetechnology.com>

fastgoldfish at gmail.com:
> I found this, which looks to be straightforward:
> 
> http://doc.pfsense.org/index.php/Developing_Packages
> 
> I don't understand all that's going on with that. Does anyone know if
> there's a  "hello world" package to play with? I couldn't find one.
> 

'hello world' for pfSense packages??   woah.

More inline below.

> On Wed, Jun 26, 2013 at 7:09 PM, fastgoldfish at gmail.com
> <fastgoldfish at gmail.com> wrote:
>> I sent a message to adrelanos, the person developing the Whonix
>> system, to make him aware of this discussion. I think pfSense may have
>> the potential to provide a much more powerful and flexible replacement
>> for the Whonix Gateway. pfSense could be used to serve needs that the
>> Whonix Gateway currently is not designed for, but pfSense can still
>> serve the very narrow set of use cases that the Whonix system is
>> currently the best tool for.

I don't know a lot about Whonix, but I do know a bit about other similar
projects, and most have stopped moving forward in any real way.

pfSense has huge advantages as a platform over these other systems:

1.  it has a significant install base that they don't

2.  pfsense didn't try to be all things to all people when it launched,
but it has scaled to do more in time, as appropriate, with a solid
framework.

>>
>> Beyond that, pfSense can do things that we haven't even thought of
>> yet. one thing I've discussed with adrelanos is a Tor-friendly ISP
>> that could provide a Tor gateway that will forcibly torify all
>> communications. Some other very important use cases are:
>>
>> * Making it easy for someone to conceal the location of a Tor hidden
>> service, even if it gets rooted (which Whonix theoretically could do).
>>
>> * Making it easy for someone to run a Tor relay or bridge.
>>
>> And more!
>>
>> On Wed, Jun 26, 2013 at 3:57 PM, Brian Callahan <bcallah at devio.us> wrote:
>>> On 06/26/13 15:45, badon wrote:
>>>>
>>>> The mention of PBI's is interesting, because I just installed PCBSD too,
>>>> and I think that's what PCBSD uses.
>>>
>>>
>>> Makes sense, as both are based off FreeBSD ;-) The PBI is a PCBSD invention,
>>> but afaik the framework (though not necessarily the individual PBI packages)
>>> will work on any FreeBSD-based system, including vanilla FreeBSD.
>>>
>>>
>>>> There is already a PBI in PCBSD, but I'm not sure if that's suitable for
>>>> Pfsense or not.
>>>
>>>
>>> I would say "probably not" to this. But the mechanism for generating a
>>> suitable PBI for pfsense should be similar if not identical to PCBSD (if you
>>> know how to do that).
>>>
>>> Otherwise - consider this a bump to George for making a pfsense Tor PBI :)

So, yeah, this has been on my list for a while, and I know there's
interest in it.

I will be looking at it more seriously in the next week or so.  In the
meantime, try going to the pfsense shell and typing "pkg_add -r tor" or
tor-devel.  I think devel is fine.

I'll need to go back to the xml configs and start reworking.

Despite the long torrc file, there's only really a handful of config
options necessary, so a basic operational config isn't that hard.

Adding hidden services, etc., might be later goals, but to me the goal
should be a simple bridge or relay that any user could just setup in a
few minutes.

The number you can toss around is this:  if there were 100,000 known
pfSense installs in November 2011, 2% of them running a bridge or relay
would have an enormous impact on the Tor network, which only has about
3700 public relays at the moment, plus somewhere under 2000 known bridges.

Another important impact is on the current Linux monoculture.  The vast
majority of Tor nodes are Linux by a long shot.  Bumping up the FreeBSD
numbers, at least, would breakup that issue to an extent.

g



From fastgoldfish at gmail.com  Fri Jun 28 01:13:30 2013
From: fastgoldfish at gmail.com (fastgoldfish at gmail.com)
Date: Thu, 27 Jun 2013 22:13:30 -0700
Subject: [nycbug-talk] pfsense and tor
In-Reply-To: <51CD0BA4.5040109@ceetonetechnology.com>
References: <51B60CB7.1030708@nomadlogic.org> <51B66857.1000901@devio.us>
 <51B681EB.3050800@ceetonetechnology.com>
 <loom.20130627T004511-695@post.gmane.org>
 <51CB71C8.4070601@devio.us>
 <CAFqMioyawy6avMY7x0-b_jAnxM-a=05bE_S5oGjWLbKmsYOWUw@mail.gmail.com>
 <CAFqMioy=Hz=s+TiWXiwOYP3A=bCNkJFxn4xHsd3WGXUWB4pTsA@mail.gmail.com>
 <51CD0BA4.5040109@ceetonetechnology.com>
Message-ID: <CAFqMioyyJ=yZipAPZGL_4EgEpwrggC1a3Kj0cvR4-x68y6Lwmw@mail.gmail.com>

Enter an option: 8

[2.0.3-RELEASE][root at pfSense.localdomain]/root(1): pkg_add -r tor
Error: Unable to get
ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/Latest/tor.tbz:
File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch
'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/Latest/tor.tbz'
by URL
[2.0.3-RELEASE][root at pfSense.localdomain]/root(2): pkg_add -r tor-devel
Error: Unable to get
ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/Latest/tor-devel.tbz:
File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch
'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/Latest/tor-devel.tbz'
by URL
[2.0.3-RELEASE][root at pfSense.localdomain]/root(3):

Darn, I was hoping that would work.

Whonix is quite a bit different from the other similar efforts.
adrelanos seems to have found the magic balance between keeping it
simple, and making it eminently effective. He has delivered a finished
product that actually works, and works very well. It is able to
survive a root-job without losing anonymity, in some circumstances. I
have watched many other ideas come and go, and none of them reached
level of usability and common-sense simplicity that Whonix has. I
think that might be merely because it is an idea whose time has come.

adrelanos is investigating the possibility of building his next
version of the Whonix Gateway on pfSense. I'm not sure whether he'll
do that or not, but I think I've gotten his attention focused on
pfSense based on just a few of its many advantages that I'm aware of.
One thing that has kept Whonix on Debian is its wide usage. From the
point of view of adrelanos, he thinks that gives Debian more "peer
review" for bugs and other flaws.

Based on what I've learned about pfSense in this discussion, I think
pfSense is probably better even in the popularity contest comparison
because it's simpler and more specialized. That makes it an
apples-to-oranges comparison with a general purpose system (Debian),
and a refined network-specialist system (pfSense). pfSense is destined
to come out on top in that kind of a comparison.

And, like you said, the 100'000+ pfSense installs makes it much more
likely that Tor will be used on a significant fraction of them.

As best I can tell, it looks to me that pfSense can be used to force
Tor as the only way in or out of a network by setting up a static
route. The LAN interface is routed to Tor, and Tor is routed to the
WAN interface. That's essentially what the Whonix Gateway does, after
stripping out all of the superfluous unnecessary stuff from Debian, if
I understand it correctly.

For that use case, it would be nice to have a checkbox for "Isolate
LAN on Tor" which sets up the routing, perhaps with a brief guided
configuration step. From there, an entire network of machines and all
of their applications, can be forcibly Torified such that none of the
machines and applications on the LAN are aware of the public IP of the
WAN, and so they cannot leak it, even if they get rooted. Then, users
can happily use Flash, JavaScript, and all the other things they want,
with the benefits of Tor that suit their use cases. There are several
very different use cases that need to be spelled out so people
understand what they're getting and what they're not getting.

Finally, there's the very important ability to set up dedicated
bridges, relays, and exits in a straightforward way, such that anyone
running pfSense is ready to go. That will be very exciting, especially
because it opens up the possibility of ISP's contributing to the Tor
infrastructure, and maybe also offering their clients access to the
Tor network with little or no configuration on the client's part. The
clients would still need a solid understanding of what Tor can and
can't do for them, but once educated, they'll be able to benefit from
the advantages Tor can give them, while avoiding the pitfalls in
realms where Tor is unsuited.



On Thu, Jun 27, 2013 at 9:05 PM, George Rosamond
<george at ceetonetechnology.com> wrote:
> fastgoldfish at gmail.com:
>> I found this, which looks to be straightforward:
>>
>> http://doc.pfsense.org/index.php/Developing_Packages
>>
>> I don't understand all that's going on with that. Does anyone know if
>> there's a  "hello world" package to play with? I couldn't find one.
>>
>
> 'hello world' for pfSense packages??   woah.
>
> More inline below.
>
>> On Wed, Jun 26, 2013 at 7:09 PM, fastgoldfish at gmail.com
>> <fastgoldfish at gmail.com> wrote:
>>> I sent a message to adrelanos, the person developing the Whonix
>>> system, to make him aware of this discussion. I think pfSense may have
>>> the potential to provide a much more powerful and flexible replacement
>>> for the Whonix Gateway. pfSense could be used to serve needs that the
>>> Whonix Gateway currently is not designed for, but pfSense can still
>>> serve the very narrow set of use cases that the Whonix system is
>>> currently the best tool for.
>
> I don't know a lot about Whonix, but I do know a bit about other similar
> projects, and most have stopped moving forward in any real way.
>
> pfSense has huge advantages as a platform over these other systems:
>
> 1.  it has a significant install base that they don't
>
> 2.  pfsense didn't try to be all things to all people when it launched,
> but it has scaled to do more in time, as appropriate, with a solid
> framework.
>
>>>
>>> Beyond that, pfSense can do things that we haven't even thought of
>>> yet. one thing I've discussed with adrelanos is a Tor-friendly ISP
>>> that could provide a Tor gateway that will forcibly torify all
>>> communications. Some other very important use cases are:
>>>
>>> * Making it easy for someone to conceal the location of a Tor hidden
>>> service, even if it gets rooted (which Whonix theoretically could do).
>>>
>>> * Making it easy for someone to run a Tor relay or bridge.
>>>
>>> And more!
>>>
>>> On Wed, Jun 26, 2013 at 3:57 PM, Brian Callahan <bcallah at devio.us> wrote:
>>>> On 06/26/13 15:45, badon wrote:
>>>>>
>>>>> The mention of PBI's is interesting, because I just installed PCBSD too,
>>>>> and I think that's what PCBSD uses.
>>>>
>>>>
>>>> Makes sense, as both are based off FreeBSD ;-) The PBI is a PCBSD invention,
>>>> but afaik the framework (though not necessarily the individual PBI packages)
>>>> will work on any FreeBSD-based system, including vanilla FreeBSD.
>>>>
>>>>
>>>>> There is already a PBI in PCBSD, but I'm not sure if that's suitable for
>>>>> Pfsense or not.
>>>>
>>>>
>>>> I would say "probably not" to this. But the mechanism for generating a
>>>> suitable PBI for pfsense should be similar if not identical to PCBSD (if you
>>>> know how to do that).
>>>>
>>>> Otherwise - consider this a bump to George for making a pfsense Tor PBI :)
>
> So, yeah, this has been on my list for a while, and I know there's
> interest in it.
>
> I will be looking at it more seriously in the next week or so.  In the
> meantime, try going to the pfsense shell and typing "pkg_add -r tor" or
> tor-devel.  I think devel is fine.
>
> I'll need to go back to the xml configs and start reworking.
>
> Despite the long torrc file, there's only really a handful of config
> options necessary, so a basic operational config isn't that hard.
>
> Adding hidden services, etc., might be later goals, but to me the goal
> should be a simple bridge or relay that any user could just setup in a
> few minutes.
>
> The number you can toss around is this:  if there were 100,000 known
> pfSense installs in November 2011, 2% of them running a bridge or relay
> would have an enormous impact on the Tor network, which only has about
> 3700 public relays at the moment, plus somewhere under 2000 known bridges.
>
> Another important impact is on the current Linux monoculture.  The vast
> majority of Tor nodes are Linux by a long shot.  Bumping up the FreeBSD
> numbers, at least, would breakup that issue to an extent.
>
> g
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk


From mark.saad at ymail.com  Fri Jun 28 10:51:56 2013
From: mark.saad at ymail.com (Mark Saad)
Date: Fri, 28 Jun 2013 10:51:56 -0400
Subject: [nycbug-talk] Need cardboard boxes suitable for 1U and 2U servers
Message-ID: <CAMXt9NZeqSDoy8Z9e8SMA2O_cmWKqtVpsjUwfPg3boS5hbSKsA@mail.gmail.com>

All
 Does anyone have a vendor in the area who sells cardboard boxes suitable
for 1U and 2U servers ?

I am looking for 275Lbs Test single corrugated boxes 38x24x8 and 38x24x18 .
I only need  3 of each .


-- 

Mark Saad | mark.saad at ymail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130628/d413fa80/attachment.htm>

From george at ceetonetechnology.com  Fri Jun 28 10:54:41 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Fri, 28 Jun 2013 10:54:41 -0400
Subject: [nycbug-talk] Need cardboard boxes suitable for 1U and 2U
	servers
In-Reply-To: <CAMXt9NZeqSDoy8Z9e8SMA2O_cmWKqtVpsjUwfPg3boS5hbSKsA@mail.gmail.com>
References: <CAMXt9NZeqSDoy8Z9e8SMA2O_cmWKqtVpsjUwfPg3boS5hbSKsA@mail.gmail.com>
Message-ID: <51CDA3B1.1000704@ceetonetechnology.com>

Mark Saad:
> All
>  Does anyone have a vendor in the area who sells cardboard boxes suitable
> for 1U and 2U servers ?
> 
> I am looking for 275Lbs Test single corrugated boxes 38x24x8 and 38x24x18 .
> I only need  3 of each .

What about the shipper?

There's also shipping supply places around Manhattan.

g



From george at ceetonetechnology.com  Fri Jun 28 12:15:45 2013
From: george at ceetonetechnology.com (George Rosamond)
Date: Fri, 28 Jun 2013 12:15:45 -0400
Subject: [nycbug-talk] FreeBSD armv6 packages, update
Message-ID: <51CDB6B1.2050706@ceetonetechnology.com>

Hello talk@

So the original intention of building some pkgs was to just,  build some
packages.  Nothing more.

If I had wanted to maintain the full repository, I would have started
with poudriere.

Meanwhile, our mirrors. repo has hit 324 packages, all maintained
through a series of scripts.

However, the people at Your.org are setting up a full repository at
http://ftpmirror.your.org/pub/FreeBSD-Unofficial-Packages/100armv6-default/

Of course, it's not official, but everything should be there.

I'll keep our mirror up for the near future, but their mirror should be
considered the default one until the official project repos are back online.

g


From mark.saad at ymail.com  Fri Jun 28 12:22:10 2013
From: mark.saad at ymail.com (Mark Saad)
Date: Fri, 28 Jun 2013 12:22:10 -0400
Subject: [nycbug-talk] Need cardboard boxes suitable for 1U and 2U
	servers
In-Reply-To: <51CDA3B1.1000704@ceetonetechnology.com>
References: <CAMXt9NZeqSDoy8Z9e8SMA2O_cmWKqtVpsjUwfPg3boS5hbSKsA@mail.gmail.com>
 <51CDA3B1.1000704@ceetonetechnology.com>
Message-ID: <CAMXt9NYmj=sJyHP9s6S8oKTfs3PV=dgR0LKZHeNuMngXth7rkA@mail.gmail.com>

On Fri, Jun 28, 2013 at 10:54 AM, George Rosamond <
george at ceetonetechnology.com> wrote:

> Mark Saad:
> > All
> >  Does anyone have a vendor in the area who sells cardboard boxes suitable
> > for 1U and 2U servers ?
> >
> > I am looking for 275Lbs Test single corrugated boxes 38x24x8 and
> 38x24x18 .
> > I only need  3 of each .
>
> What about the shipper?
>
>
That would be me , short story I received a bunch of HP servers and I had
to unbox them to save space. I had to dispose of the boxes to save space.
Now I need to ship out a few servers to other Datacenters and I am out of
usable boxes.


> There's also shipping supply places around Manhattan.
>
> g
>
>
I called a few places we used but I cant find things that would work and I
don't need 300 of them .


> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>



-- 

Mark Saad | mark.saad at ymail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130628/e65d5f6d/attachment.htm>

From raulcuza at gmail.com  Fri Jun 28 13:06:05 2013
From: raulcuza at gmail.com (Raul Cuza)
Date: Fri, 28 Jun 2013 13:06:05 -0400
Subject: [nycbug-talk] Need cardboard boxes suitable for 1U and 2U
	servers
In-Reply-To: <CAMXt9NYmj=sJyHP9s6S8oKTfs3PV=dgR0LKZHeNuMngXth7rkA@mail.gmail.com>
References: <CAMXt9NZeqSDoy8Z9e8SMA2O_cmWKqtVpsjUwfPg3boS5hbSKsA@mail.gmail.com>
 <51CDA3B1.1000704@ceetonetechnology.com>
 <CAMXt9NYmj=sJyHP9s6S8oKTfs3PV=dgR0LKZHeNuMngXth7rkA@mail.gmail.com>
Message-ID: <CAOnfn2zrd+LvOCYExmuhh-LZfyQdqg5x1EM=hMpVtU52aaoaww@mail.gmail.com>

On Fri, Jun 28, 2013 at 12:22 PM, Mark Saad <mark.saad at ymail.com> wrote:
>
>
>
> On Fri, Jun 28, 2013 at 10:54 AM, George Rosamond
> <george at ceetonetechnology.com> wrote:
>>
>> Mark Saad:
>> > All
>> >  Does anyone have a vendor in the area who sells cardboard boxes
>> > suitable
>> > for 1U and 2U servers ?
>> >
>> > I am looking for 275Lbs Test single corrugated boxes 38x24x8 and
>> > 38x24x18 .
>> > I only need  3 of each .
>>
>> What about the shipper?
>>
>
> That would be me , short story I received a bunch of HP servers and I had to
> unbox them to save space. I had to dispose of the boxes to save space. Now I
> need to ship out a few servers to other Datacenters and I am out of usable
> boxes.
>
>>
>> There's also shipping supply places around Manhattan.
>>
>> g
>>
>
> I called a few places we used but I cant find things that would work and I
> don't need 300 of them .
>
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>
>
>
>
> --
>
> Mark Saad | mark.saad at ymail.com
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

I was going to recommend that you contact HP, but nevermind:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00578811&prodSeriesId=428936

Duct tape and bubble wrap? Build one with your Makerbot?

Ra?l



From pete at nomadlogic.org  Fri Jun 28 13:22:06 2013
From: pete at nomadlogic.org (Pete Wright)
Date: Fri, 28 Jun 2013 10:22:06 -0700
Subject: [nycbug-talk] Need cardboard boxes suitable for 1U and 2U
	servers
In-Reply-To: <CAMXt9NYmj=sJyHP9s6S8oKTfs3PV=dgR0LKZHeNuMngXth7rkA@mail.gmail.com>
References: <CAMXt9NZeqSDoy8Z9e8SMA2O_cmWKqtVpsjUwfPg3boS5hbSKsA@mail.gmail.com>
 <51CDA3B1.1000704@ceetonetechnology.com>
 <CAMXt9NYmj=sJyHP9s6S8oKTfs3PV=dgR0LKZHeNuMngXth7rkA@mail.gmail.com>
Message-ID: <51CDC63E.4090805@nomadlogic.org>

On 06/28/2013 09:22 AM, Mark Saad wrote:
>
>
>
> On Fri, Jun 28, 2013 at 10:54 AM, George Rosamond 
> <george at ceetonetechnology.com <mailto:george at ceetonetechnology.com>> 
> wrote:
>
>     Mark Saad:
>     > All
>     >  Does anyone have a vendor in the area who sells cardboard boxes
>     suitable
>     > for 1U and 2U servers ?
>     >
>     > I am looking for 275Lbs Test single corrugated boxes 38x24x8 and
>     38x24x18 .
>     > I only need  3 of each .
>
>     What about the shipper?
>
>
> That would be me , short story I received a bunch of HP servers and I 
> had to unbox them to save space. I had to dispose of the boxes to save 
> space. Now I need to ship out a few servers to other Datacenters and I 
> am out of usable boxes.

when i got in this same situation a couple years ago i was lucky enough 
to find that someone else at 111 8th had just finished depalletizing a 
bunch of dell servers.  i was able to dumpster dive what i needed.  that 
was lucky.  the other times this has happened i found a cardboard box 
whole seller on 6th ave and bought boxes big enough for my gear and then 
proceeded to pack everything in too much bubblewrap and news papers.  
unfortunately that was back in the day so i don't have any addresses 
anymore that can help :/

not super helpful i know - but maybe that'll spark some creative 
solutions for you ;)

-pete


ps: if you don't like the guy doing the receiving be sure to use packing 
peanuts.  dc-ops guys love packing peanuts :p

-- 
Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130628/84e0fff8/attachment.htm>

From zippy1981 at gmail.com  Sat Jun 29 08:57:56 2013
From: zippy1981 at gmail.com (Justin Dearing)
Date: Sat, 29 Jun 2013 08:57:56 -0400
Subject: [nycbug-talk] Need cardboard boxes suitable for 1U and 2U
	servers
In-Reply-To: <51CDC63E.4090805@nomadlogic.org>
References: <CAMXt9NZeqSDoy8Z9e8SMA2O_cmWKqtVpsjUwfPg3boS5hbSKsA@mail.gmail.com>
 <51CDA3B1.1000704@ceetonetechnology.com>
 <CAMXt9NYmj=sJyHP9s6S8oKTfs3PV=dgR0LKZHeNuMngXth7rkA@mail.gmail.com>
 <51CDC63E.4090805@nomadlogic.org>
Message-ID: <CABsCM1MNkv4LdSkxmu6ydoBZOe7uQJeRvNWaz9f2d08iM2G1fQ@mail.gmail.com>

On Fri, Jun 28, 2013 at 1:22 PM, Pete Wright <pete at nomadlogic.org> wrote:

>
>
> ps: if you don't like the guy doing the receiving be sure to use packing
peanuts.  dc-ops guys love packing peanuts :p\

If you want your servers
  killed by electrostatic discharge, packing peanuts are optimized for that
 On 06/28/2013 09:22 AM, Mark Saad wrote:




On Fri, Jun 28, 2013 at 10:54 AM, George Rosamond <
george at ceetonetechnology.com> wrote:

> Mark Saad:
> > All
> >  Does anyone have a vendor in the area who sells cardboard boxes suitable
> > for 1U and 2U servers ?
> >
> > I am looking for 275Lbs Test single corrugated boxes 38x24x8 and
> 38x24x18 .
> > I only need  3 of each .
>
>  What about the shipper?
>
>
That would be me , short story I received a bunch of HP servers and I had
to unbox them to save space. I had to dispose of the boxes to save space.
Now I need to ship out a few servers to other Datacenters and I am out of
usable boxes.



when i got in this same situation a couple years ago i was lucky enough to
find that someone else at 111 8th had just finished depalletizing a bunch
of dell servers.  i was able to dumpster dive what i needed.  that was
lucky.  the other times this has happened i found a cardboard box whole
seller on 6th ave and bought boxes big enough for my gear and then
proceeded to pack everything in too much bubblewrap and news papers.
unfortunately that was back in the day so i don't have any addresses
anymore that can help :/

not super helpful i know - but maybe that'll spark some creative solutions
for you ;)

-pete


ps: if you don't like the guy doing the receiving be sure to use packing
peanuts.  dc-ops guys love packing peanuts :p

-- 
Pete Wrightpete at nomadlogic.org
twitter => @nomadlogicLA


_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130629/bff73eb2/attachment.htm>

From ericshane at eradman.com  Tue Jun 25 11:26:42 2013
From: ericshane at eradman.com (Eric Radman)
Date: Tue, 25 Jun 2013 11:26:42 -0400
Subject: [nycbug-talk] BSD on PS4
In-Reply-To: <51C9AAE1.6050109@khandkar.net>
References: <51C9AAE1.6050109@khandkar.net>
Message-ID: <20130625152642.GB12209@vm.eradman.com>

On Tue, Jun 25, 2013 at 10:36:17AM -0400, Siraaj Khandkar wrote:
> http://www.vgleaks.com/some-details-about-playstation-4-os-development/

What was it about the four photos taken at random angles that caught
your attention?