From _ at thomaslevine.com  Sat Oct  1 19:03:15 2016
From: _ at thomaslevine.com (Thomas Levine)
Date: Sat, 01 Oct 2016 23:03:15 +0000
Subject: [talk] Choosing wifi networks on OpenBSD
Message-ID: <1475362995.2831132.743051545.1F4B97CC@webmail.messagingengine.com>

I wrote something to choose which wifi network to connect to.
http://src.thomaslevine.com/nljo/artifact/1c512ccb16ffa2d2

    $ ./nljo -h
    USAGE:   ./nljo [-h] <interface>
    EXAMPLE: ./nljo iwn0
    
    You must create a file named /etc/hostname.<interface>.<identifier>
    ./nljo will automatically scan for nwids and check which files
    reference
    an appropriate nwid, and then it will symlink one of these files to
    /etc/hostname.<interface>. If multiple files match (perhaps because
    multiple nwids are available), the one with the lowest identifier
    will
    be chosen. Consider the following file names.
    
      /etc/hostname.iwn0.!home
      /etc/hostname.iwn0.REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
      /etc/hostname.iwn0.hackerspace
      /etc/hostname.iwn0.zzz.airport
      /etc/hostname.iwn0.zzz.GreyhoundTerminal FreeWIFI
      /etc/hostname.iwn0.zzz.MacDonalds
    
    If /etc/hostname.iwn0.!home and /etc/hostname.iwn0.airport both
    reference the available nwids (possibly the same nwid), !home will
    probably win because it is lower in alphabetical order, though this
    depends on your locale.

(I chose the name by banging on my keyboard, in case you were
wondering.)    

Surely someone has already written a better version of this program.
Can you point me to a more stable program with a similar interface?
Or does the base system perhaps already include a better approach
for choosing wifi networks?



From george at ceetonetechnology.com  Sat Oct  1 22:25:15 2016
From: george at ceetonetechnology.com (George Rosamond)
Date: Sat, 1 Oct 2016 22:25:15 -0400
Subject: [talk] Choosing wifi networks on OpenBSD
In-Reply-To: <1475362995.2831132.743051545.1F4B97CC@webmail.messagingengine.com>
References: <1475362995.2831132.743051545.1F4B97CC@webmail.messagingengine.com>
Message-ID: <126c04b3-ac90-13d5-fe83-9678d64cbbe8@ceetonetechnology.com>



Thomas Levine:
> I wrote something to choose which wifi network to connect to.
> http://src.thomaslevine.com/nljo/artifact/1c512ccb16ffa2d2
> 
>     $ ./nljo -h
>     USAGE:   ./nljo [-h] <interface>
>     EXAMPLE: ./nljo iwn0
>     
>     You must create a file named /etc/hostname.<interface>.<identifier>
>     ./nljo will automatically scan for nwids and check which files
>     reference
>     an appropriate nwid, and then it will symlink one of these files to
>     /etc/hostname.<interface>. If multiple files match (perhaps because
>     multiple nwids are available), the one with the lowest identifier
>     will
>     be chosen. Consider the following file names.
>     
>       /etc/hostname.iwn0.!home
>       /etc/hostname.iwn0.REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
>       /etc/hostname.iwn0.hackerspace
>       /etc/hostname.iwn0.zzz.airport
>       /etc/hostname.iwn0.zzz.GreyhoundTerminal FreeWIFI
>       /etc/hostname.iwn0.zzz.MacDonalds
>     
>     If /etc/hostname.iwn0.!home and /etc/hostname.iwn0.airport both
>     reference the available nwids (possibly the same nwid), !home will
>     probably win because it is lower in alphabetical order, though this
>     depends on your locale.
> 
> (I chose the name by banging on my keyboard, in case you were
> wondering.)    
> 
> Surely someone has already written a better version of this program.
> Can you point me to a more stable program with a similar interface?
> Or does the base system perhaps already include a better approach
> for choosing wifi networks?

Nice.

I need to dig it up, but there is some "wireless" port floating around
on github that Brian Conway (of Resflash) submitted to OpenBSD ports@
that was written in shell.

I looked into this recently... need to find the other related stuff.

g



From attila at stalphonsos.com  Mon Oct  3 11:15:09 2016
From: attila at stalphonsos.com (attila)
Date: Mon, 03 Oct 2016 10:15:09 -0500
Subject: [talk] Choosing wifi networks on OpenBSD
In-Reply-To: <126c04b3-ac90-13d5-fe83-9678d64cbbe8@ceetonetechnology.com>
References: <1475362995.2831132.743051545.1F4B97CC@webmail.messagingengine.com>
 <126c04b3-ac90-13d5-fe83-9678d64cbbe8@ceetonetechnology.com>
Message-ID: <874m4tsbuq.fsf@lmfao.l.stalphonsos.net>


George Rosamond <george at ceetonetechnology.com> writes:

> Thomas Levine:
>> I wrote something to choose which wifi network to connect to.
>> http://src.thomaslevine.com/nljo/artifact/1c512ccb16ffa2d2
>> 
>>     $ ./nljo -h
>>     USAGE:   ./nljo [-h] <interface>
>>     EXAMPLE: ./nljo iwn0
>>     
>>     You must create a file named /etc/hostname.<interface>.<identifier>
>>     ./nljo will automatically scan for nwids and check which files
>>     reference
>>     an appropriate nwid, and then it will symlink one of these files to
>>     /etc/hostname.<interface>. If multiple files match (perhaps because
>>     multiple nwids are available), the one with the lowest identifier
>>     will
>>     be chosen. Consider the following file names.
>>     
>>       /etc/hostname.iwn0.!home
>>       /etc/hostname.iwn0.REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
>>       /etc/hostname.iwn0.hackerspace
>>       /etc/hostname.iwn0.zzz.airport
>>       /etc/hostname.iwn0.zzz.GreyhoundTerminal FreeWIFI
>>       /etc/hostname.iwn0.zzz.MacDonalds
>>     
>>     If /etc/hostname.iwn0.!home and /etc/hostname.iwn0.airport both
>>     reference the available nwids (possibly the same nwid), !home will
>>     probably win because it is lower in alphabetical order, though this
>>     depends on your locale.
>> 
>> (I chose the name by banging on my keyboard, in case you were
>> wondering.)    
>> 
>> Surely someone has already written a better version of this program.
>> Can you point me to a more stable program with a similar interface?
>> Or does the base system perhaps already include a better approach
>> for choosing wifi networks?
>
> Nice.
>
> I need to dig it up, but there is some "wireless" port floating around
> on github that Brian Conway (of Resflash) submitted to OpenBSD ports@
> that was written in shell.
>
> I looked into this recently... need to find the other related stuff.

This has come up several times in recent memory on the OpenBSD lists.
Here's the first thread I could find easily, from June 2016 about
a script Rai Lai wrote called wifind:

    http://marc.info/?t=146488521800002&r=1&w=2

Many people keep reinventing this wheel; nobody seems to like anyone
else's.  Funny, that.  I myself have a script I have used for so long
it's kind of embarassing, but it's specific to my use case...

... and anyway, I avoid wifi.  It seems... unhygenic somehow...

Pax, -A

>
> g
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

Pax, -A
--
http://haqistan.net/~attila | attila at stalphonsos.com | 0x62A729CF



From _ at thomaslevine.com  Mon Oct  3 12:07:23 2016
From: _ at thomaslevine.com (Thomas Levine)
Date: Mon, 03 Oct 2016 16:07:23 +0000
Subject: [talk] Choosing wifi networks on OpenBSD
In-Reply-To: <874m4tsbuq.fsf@lmfao.l.stalphonsos.net>
References: <1475362995.2831132.743051545.1F4B97CC@webmail.messagingengine.com>
 <126c04b3-ac90-13d5-fe83-9678d64cbbe8@ceetonetechnology.com>
 <874m4tsbuq.fsf@lmfao.l.stalphonsos.net>
Message-ID: <1475510843.1441864.744406801.1504DCBE@webmail.messagingengine.com>

I think it would be neat to have a repository of all these bespoke
wifi-chooser programs.

On Mon, Oct 3, 2016, at 03:15 PM, attila wrote:
> 
> George Rosamond <george at ceetonetechnology.com> writes:
> 
> > Thomas Levine:
> >> I wrote something to choose which wifi network to connect to.
> >> http://src.thomaslevine.com/nljo/artifact/1c512ccb16ffa2d2
> >> 
> >>     $ ./nljo -h
> >>     USAGE:   ./nljo [-h] <interface>
> >>     EXAMPLE: ./nljo iwn0
> >>     
> >>     You must create a file named /etc/hostname.<interface>.<identifier>
> >>     ./nljo will automatically scan for nwids and check which files
> >>     reference
> >>     an appropriate nwid, and then it will symlink one of these files to
> >>     /etc/hostname.<interface>. If multiple files match (perhaps because
> >>     multiple nwids are available), the one with the lowest identifier
> >>     will
> >>     be chosen. Consider the following file names.
> >>     
> >>       /etc/hostname.iwn0.!home
> >>       /etc/hostname.iwn0.REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
> >>       /etc/hostname.iwn0.hackerspace
> >>       /etc/hostname.iwn0.zzz.airport
> >>       /etc/hostname.iwn0.zzz.GreyhoundTerminal FreeWIFI
> >>       /etc/hostname.iwn0.zzz.MacDonalds
> >>     
> >>     If /etc/hostname.iwn0.!home and /etc/hostname.iwn0.airport both
> >>     reference the available nwids (possibly the same nwid), !home will
> >>     probably win because it is lower in alphabetical order, though this
> >>     depends on your locale.
> >> 
> >> (I chose the name by banging on my keyboard, in case you were
> >> wondering.)    
> >> 
> >> Surely someone has already written a better version of this program.
> >> Can you point me to a more stable program with a similar interface?
> >> Or does the base system perhaps already include a better approach
> >> for choosing wifi networks?
> >
> > Nice.
> >
> > I need to dig it up, but there is some "wireless" port floating around
> > on github that Brian Conway (of Resflash) submitted to OpenBSD ports@
> > that was written in shell.
> >
> > I looked into this recently... need to find the other related stuff.
> 
> This has come up several times in recent memory on the OpenBSD lists.
> Here's the first thread I could find easily, from June 2016 about
> a script Rai Lai wrote called wifind:
> 
>     http://marc.info/?t=146488521800002&r=1&w=2
> 
> Many people keep reinventing this wheel; nobody seems to like anyone
> else's.  Funny, that.  I myself have a script I have used for so long
> it's kind of embarassing, but it's specific to my use case...
> 
> ... and anyway, I avoid wifi.  It seems... unhygenic somehow...
> 
> Pax, -A
> 
> >
> > g
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nycbug.org
> > http://lists.nycbug.org/mailman/listinfo/talk
> 
> Pax, -A
> --
> http://haqistan.net/~attila | attila at stalphonsos.com | 0x62A729CF



From george at ceetonetechnology.com  Wed Oct  5 14:08:11 2016
From: george at ceetonetechnology.com (George Rosamond)
Date: Wed, 5 Oct 2016 14:08:11 -0400
Subject: [talk] REMINDER: no NYC*BUG meeting Tonight
Message-ID: <bf6eb926-a993-25aa-25f8-6b67f5909787@ceetonetechnology.com>

As mentioned earlier, there is NO NYC*BUG meeting tonight.

Meetings will return next month on November 2 as usual.



From mark.saad at ymail.com  Thu Oct  6 09:57:54 2016
From: mark.saad at ymail.com (Mark Saad)
Date: Thu, 6 Oct 2016 09:57:54 -0400
Subject: [talk] Cabinet move
Message-ID: <478F1C7D-96BF-4DFD-BDB9-5B88C5827508@ymail.com>

All
  Today we bid farewell to our original trusty cabinet . After 12 years of service NYI has donated us a new better equipped cabinet. 
That being said most services will be off line today , www, dmesgd , lists, mirrors and a few openbsd related services . 

We hope everything will be back up and running later today stay tuned for updates .

---
Mark Saad | mark.saad at ymail.com


From ike at blackskyresearch.net  Thu Oct  6 20:46:39 2016
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Thu, 6 Oct 2016 20:46:39 -0400
Subject: [talk] Cabinet move
In-Reply-To: <478F1C7D-96BF-4DFD-BDB9-5B88C5827508@ymail.com>
References: <478F1C7D-96BF-4DFD-BDB9-5B88C5827508@ymail.com>
Message-ID: <9EEA4593-82E5-4786-8833-BCCFF6602446@blackskyresearch.net>

Hi All,

Today?s cabinet move was truly a whopping success, with all the help from NYC*BUG volunteers!
(Even the box running this list was moved?)

I?m grateful to even the folks who couldn?t join us, but joining me today was:

 Robert Menes
 Brian Reynolds
 James Keenan
 Patrick McEvoy
 George Rosamond
 NYI NOC Staff on 21st Floor

Tactical admin support from remote locales,

 Mark Saad
 Okan Demirmen

As I stood at the end of the day surveying the details, it dawned on me, WE FINISHED IN ONE DAY!  (After 12 years of Open Source projects in/out of the cabinet, this is nothing to sneeze at...)

Datacenter work has lots of standing around, lots of menial tasks, and particularly with all our hodgepodge of donated gear, lots of ?gee, how do we mount this? sort of problem solving- and everyone who came today was creative, attentive, and really just pushed hard to get it all done as a *team*.

Working with everyone today made me really proud to be one of the hackers at NYC*BUG.

Also, we can?t thank NYI enough for their continued support, and use of their stellar facilities.

Rocket-
.ike



> On Oct 6, 2016, at 9:57 AM, Mark Saad <mark.saad at ymail.com> wrote:
> 
> All
>  Today we bid farewell to our original trusty cabinet . After 12 years of service NYI has donated us a new better equipped cabinet. 
> That being said most services will be off line today , www, dmesgd , lists, mirrors and a few openbsd related services . 
> 
> We hope everything will be back up and running later today stay tuned for updates .
> 
> ---
> Mark Saad | mark.saad at ymail.com
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From jkeen at verizon.net  Thu Oct  6 21:33:21 2016
From: jkeen at verizon.net (James E Keenan)
Date: Thu, 06 Oct 2016 21:33:21 -0400
Subject: [talk] Cabinet move
In-Reply-To: <478F1C7D-96BF-4DFD-BDB9-5B88C5827508@ymail.com>
References: <478F1C7D-96BF-4DFD-BDB9-5B88C5827508@ymail.com>
Message-ID: <f0100fd9-2d1c-48c4-475b-a9bf762b9344@verizon.net>

On 10/06/2016 09:57 AM, Mark Saad wrote:
> All
>   Today we bid farewell to our original trusty cabinet . After 12 years of service NYI has donated us a new better equipped cabinet.
> That being said most services will be off line today , www, dmesgd , lists, mirrors and a few openbsd related services .
>
> We hope everything will be back up and running later today stay tuned for updates .
>

Thanks in particular to Ike for playing the role of community organizer 
in this.  I enjoyed the experience -- my once a millennium visit to a 
major data center ;-)

jimk



From jkeen at verizon.net  Thu Oct  6 21:33:54 2016
From: jkeen at verizon.net (James E Keenan)
Date: Thu, 06 Oct 2016 21:33:54 -0400
Subject: [talk] NYC BUG web site: some mysterious pages
Message-ID: <a321a420-6704-f944-4bcf-b23b280e071e@verizon.net>

The following link, which is one of the drop-downs at the top of the 
NYCBUG home page, has material that is out of date -- and probably 
moreso as of today's cabinet change:

http://www.nycbug.org/index.cgi?action=colo

The following link, which is also one of the drop-downs at the top of 
our home page -- well, I can't figure out at all what it is supposed to 
be about:

http://www.nycbug.org/index.cgi?action=streaming

jimk



From phair.kevin at gmail.com  Thu Oct  6 22:32:54 2016
From: phair.kevin at gmail.com (Kevin Phair)
Date: Thu, 6 Oct 2016 22:32:54 -0400
Subject: [talk] NYC BUG web site: some mysterious pages
In-Reply-To: <a321a420-6704-f944-4bcf-b23b280e071e@verizon.net>
References: <a321a420-6704-f944-4bcf-b23b280e071e@verizon.net>
Message-ID: <CAGBfrTCuX30_E=MgAOJSLEk4Qws4Z2J_jQnqw0gZw=wnBvcgQw@mail.gmail.com>

On Thu, Oct 6, 2016 at 9:33 PM, James E Keenan <jkeen at verizon.net> wrote:

> The following link, which is one of the drop-downs at the top of the
> NYCBUG home page, has material that is out of date -- and probably moreso
> as of today's cabinet change:
>
> http://www.nycbug.org/index.cgi?action=colo
>
> The following link, which is also one of the drop-downs at the top of our
> home page -- well, I can't figure out at all what it is supposed to be
> about:
>
> http://www.nycbug.org/index.cgi?action=streaming


This second link has been used at times to stream NYCBUG meetings, though
its been awhile since I've been able to be online when a meeting was
happening to see if its still used as such.


>
>
> jimk
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20161006/29629483/attachment.htm>

From george at ceetonetechnology.com  Thu Oct  6 22:40:31 2016
From: george at ceetonetechnology.com (George Rosamond)
Date: Thu, 6 Oct 2016 22:40:31 -0400
Subject: [talk] Cabinet move
In-Reply-To: <f0100fd9-2d1c-48c4-475b-a9bf762b9344@verizon.net>
References: <478F1C7D-96BF-4DFD-BDB9-5B88C5827508@ymail.com>
 <f0100fd9-2d1c-48c4-475b-a9bf762b9344@verizon.net>
Message-ID: <20b6d2a6-c9d6-d2e6-0955-29b215c4e57e@ceetonetechnology.com>

On 10/06/16 21:33, James E Keenan wrote:
> On 10/06/2016 09:57 AM, Mark Saad wrote:
>> All
>>   Today we bid farewell to our original trusty cabinet . After 12
>> years of service NYI has donated us a new better equipped cabinet.
>> That being said most services will be off line today , www, dmesgd ,
>> lists, mirrors and a few openbsd related services .
>>
>> We hope everything will be back up and running later today stay tuned
>> for updates .
>>
> 
> Thanks in particular to Ike for playing the role of community organizer
> in this.  I enjoyed the experience -- my once a millennium visit to a
> major data center ;-)

Yes.  Good stuff today all.  Great to have so many people engaged.

I like the idea of more BSD-related projects flowing out of the cabinet
in the future.

g



From spork at bway.net  Thu Oct  6 22:32:58 2016
From: spork at bway.net (Charles Sprickman)
Date: Thu, 6 Oct 2016 22:32:58 -0400
Subject: [talk] Cabinet move
In-Reply-To: <9EEA4593-82E5-4786-8833-BCCFF6602446@blackskyresearch.net>
References: <478F1C7D-96BF-4DFD-BDB9-5B88C5827508@ymail.com>
 <9EEA4593-82E5-4786-8833-BCCFF6602446@blackskyresearch.net>
Message-ID: <17E07BA6-600B-4BAD-A7A1-7290A7630FCB@bway.net>


> On Oct 6, 2016, at 8:46 PM, Isaac (.ike) Levy <ike at blackskyresearch.net> wrote:
> 
> Hi All,
> 
> Today?s cabinet move was truly a whopping success, with all the help from NYC*BUG volunteers!
> (Even the box running this list was moved?)

Pictures or it didn?t happen. :)

> 
> I?m grateful to even the folks who couldn?t join us, but joining me today was:
> 
> Robert Menes
> Brian Reynolds
> James Keenan
> Patrick McEvoy
> George Rosamond
> NYI NOC Staff on 21st Floor
> 
> Tactical admin support from remote locales,
> 
> Mark Saad
> Okan Demirmen
> 
> As I stood at the end of the day surveying the details, it dawned on me, WE FINISHED IN ONE DAY!  (After 12 years of Open Source projects in/out of the cabinet, this is nothing to sneeze at...)
> 
> Datacenter work has lots of standing around, lots of menial tasks, and particularly with all our hodgepodge of donated gear, lots of ?gee, how do we mount this? sort of problem solving- and everyone who came today was creative, attentive, and really just pushed hard to get it all done as a *team*.
> 
> Working with everyone today made me really proud to be one of the hackers at NYC*BUG.
> 
> Also, we can?t thank NYI enough for their continued support, and use of their stellar facilities.
> 
> Rocket-
> .ike
> 
> 
> 
>> On Oct 6, 2016, at 9:57 AM, Mark Saad <mark.saad at ymail.com> wrote:
>> 
>> All
>> Today we bid farewell to our original trusty cabinet . After 12 years of service NYI has donated us a new better equipped cabinet. 
>> That being said most services will be off line today , www, dmesgd , lists, mirrors and a few openbsd related services . 
>> 
>> We hope everything will be back up and running later today stay tuned for updates .
>> 
>> ---
>> Mark Saad | mark.saad at ymail.com
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From bonsaime at gmail.com  Thu Oct  6 23:08:21 2016
From: bonsaime at gmail.com (Jesse Callaway)
Date: Thu, 6 Oct 2016 20:08:21 -0700
Subject: [talk] Soekris drive
In-Reply-To: <CAJU5ZBMTJqcipz9LfDw_3PB5r-G3=zryPqszw7Qm_xytMBzJSg@mail.gmail.com>
References: <CAJU5ZBOxpSvbCD9=MAoChHDsfe=t2uMLsF+jiAVEY8t=7pOMBQ@mail.gmail.com>
 <CAJU5ZBM14_-jA2DbyJxofjc-70YqC+QGvsyDWdTtdb9McLTArA@mail.gmail.com>
 <CAJU5ZBM2b5U6udY0RBhPVhf_2xVRdOWm0O44727sSpGQ=fynXQ@mail.gmail.com>
 <CAJU5ZBOGxEsbSYu_xwkJxDWmHqXjX7YJE9aCa-MhY=Y48mAy6g@mail.gmail.com>
 <CAJU5ZBM9yS8t7aqk09Ts+xBEdXBvy_TTDdbiiHmsi-21gLt+rA@mail.gmail.com>
 <CAJU5ZBMR505mGNQ0rBqpGrmh-dayrrx5p6KQipswfp9PhVdxOA@mail.gmail.com>
 <CAJU5ZBMmA6=mqyiFzy4MKs1n-NqxUC9SZ5Hc_tg2cbSZ3MPQWw@mail.gmail.com>
 <CAJU5ZBOEN2c=xRaX87-sPBWbd-6U0jjpoiM_OzidfiL4G0mm9A@mail.gmail.com>
 <CAJU5ZBNd517LvpQ4zFkWBR5j92RHrLN3CMkHm0nZVdDJ-_TDNg@mail.gmail.com>
 <CAJU5ZBMTJqcipz9LfDw_3PB5r-G3=zryPqszw7Qm_xytMBzJSg@mail.gmail.com>
Message-ID: <CAJU5ZBNUworJaBBwH3QVbqDuLN2r+sfwMfqMws0+=1vLXRTe6A@mail.gmail.com>

Sorry for the misleading topic. Today I was driving around exploring the
new habitat I've defected to... Santa Cruz. After making a right hand turn
on a whim I saw a small office building with a couple of dentists and
Soekris Engineering listed on the sign.

Was neat to see this small firm existing out there in the neighborhood. Not
sure what I'm getting at here, but made me think of the doers attitude of
Nycbug and wanted to share my feelings and good wishes to every poacher who
wants to sell a hare. (See Lincolnshire Poacher song for reference, not the
numbers stations)

-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20161006/83ad2a10/attachment.htm>

From ike at blackskyresearch.net  Fri Oct  7 10:04:49 2016
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Fri, 7 Oct 2016 10:04:49 -0400
Subject: [talk] Soekris drive
In-Reply-To: <CAJU5ZBNUworJaBBwH3QVbqDuLN2r+sfwMfqMws0+=1vLXRTe6A@mail.gmail.com>
References: <CAJU5ZBOxpSvbCD9=MAoChHDsfe=t2uMLsF+jiAVEY8t=7pOMBQ@mail.gmail.com>
 <CAJU5ZBM14_-jA2DbyJxofjc-70YqC+QGvsyDWdTtdb9McLTArA@mail.gmail.com>
 <CAJU5ZBM2b5U6udY0RBhPVhf_2xVRdOWm0O44727sSpGQ=fynXQ@mail.gmail.com>
 <CAJU5ZBOGxEsbSYu_xwkJxDWmHqXjX7YJE9aCa-MhY=Y48mAy6g@mail.gmail.com>
 <CAJU5ZBM9yS8t7aqk09Ts+xBEdXBvy_TTDdbiiHmsi-21gLt+rA@mail.gmail.com>
 <CAJU5ZBMR505mGNQ0rBqpGrmh-dayrrx5p6KQipswfp9PhVdxOA@mail.gmail.com>
 <CAJU5ZBMmA6=mqyiFzy4MKs1n-NqxUC9SZ5Hc_tg2cbSZ3MPQWw@mail.gmail.com>
 <CAJU5ZBOEN2c=xRaX87-sPBWbd-6U0jjpoiM_OzidfiL4G0mm9A@mail.gmail.com>
 <CAJU5ZBNd517LvpQ4zFkWBR5j92RHrLN3CMkHm0nZVdDJ-_TDNg@mail.gmail.com>
 <CAJU5ZBMTJqcipz9LfDw_3PB5r-G3=zryPqszw7Qm_xytMBzJSg@mail.gmail.com>
 <CAJU5ZBNUworJaBBwH3QVbqDuLN2r+sfwMfqMws0+=1vLXRTe6A@mail.gmail.com>
Message-ID: <8C275E20-4C28-4D03-B93A-2173C7FE9CFA@blackskyresearch.net>


> On Oct 6, 2016, at 11:08 PM, Jesse Callaway <bonsaime at gmail.com> wrote:
> 
> Sorry for the misleading topic. Today I was driving around exploring the new habitat I've defected to... Santa Cruz. After making a right hand turn on a whim I saw a small office building with a couple of dentists and Soekris Engineering listed on the sign.
> 
> Was neat to see this small firm existing out there in the neighborhood. Not sure what I'm getting at here, but made me think of the doers attitude of Nycbug and wanted to share my feelings and good wishes to every poacher who wants to sell a hare. (See Lincolnshire Poacher song for reference, not the numbers stations)
> 
> -jesse

Oh, as always we certainly miss you Jesse!

I had no idea Soekris folks also practiced dentistry? :P

Rocket-
.ike




From okan at demirmen.com  Fri Oct  7 10:33:40 2016
From: okan at demirmen.com (Okan Demirmen)
Date: Fri, 7 Oct 2016 10:33:40 -0400
Subject: [talk] NYC BUG web site: some mysterious pages
In-Reply-To: <a321a420-6704-f944-4bcf-b23b280e071e@verizon.net>
References: <a321a420-6704-f944-4bcf-b23b280e071e@verizon.net>
Message-ID: <20161007143340.GA17156@carbon.khaoz.org>

On Thu 2016.10.06 at 21:33 -0400, James E Keenan wrote:
> The following link, which is one of the drop-downs at the top of the NYCBUG
> home page, has material that is out of date -- and probably moreso as of
> today's cabinet change:
> 
> http://www.nycbug.org/index.cgi?action=colo

Maybe some parts, but it should reflect most of reality - it'll likely be
sync'd up with our colo runbook once the dust settles from the cabinet work.

> The following link, which is also one of the drop-downs at the top of our
> home page -- well, I can't figure out at all what it is supposed to be
> about:
> 
> http://www.nycbug.org/index.cgi?action=streaming

Yes, that's up for streaming meetings whenever streaming can be done; ususally
since it's last minute, we just keep the page there just in case - less moving
parts while getting a meeting going.

Thanks though!



From ike at blackskyresearch.net  Sat Oct  8 10:58:54 2016
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Sat, 8 Oct 2016 10:58:54 -0400
Subject: [talk] Dallas Hotel for ARIN 38?
Message-ID: <C60020BE-CDC3-4FFC-89BC-01C95CD8ED02@blackskyresearch.net>

Hey All,

I?m attending ARIN 38, on the 20th, and trying to find a *cheap* hotel in Dallas TX?

Does anyone know anything about staying in Dallas TX?!
Is anyone here, or anyone you know, going to ARIN 38 and can take a room-crasher?  (Folks who know me from conferences know I?ll happily crash on the floor if necessary :)

Rocket-
.ike




From kmsujit at gmail.com  Sat Oct  8 12:14:14 2016
From: kmsujit at gmail.com (Sujit K M)
Date: Sat, 8 Oct 2016 21:44:14 +0530
Subject: [talk] Browser Abuse.
Message-ID: <CA+6mNeoZ=YatLpAbDmLrSDaOt86g-KOWEJSiRbLG8p_pcpQgzg@mail.gmail.com>

Hi All,

I had a simple question for all, If you look at an web browser what are the
sort of abuses it still cannot handle.

 For one, I find Ajax has a lot of security concerns regarding the pace at which
it does transactions. Any Ideas?

Regards,
Sujit K M



From ike at blackskyresearch.net  Tue Oct 11 12:29:45 2016
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Tue, 11 Oct 2016 12:29:45 -0400
Subject: [talk] Browser Abuse.
In-Reply-To: <CA+6mNeoZ=YatLpAbDmLrSDaOt86g-KOWEJSiRbLG8p_pcpQgzg@mail.gmail.com>
References: <CA+6mNeoZ=YatLpAbDmLrSDaOt86g-KOWEJSiRbLG8p_pcpQgzg@mail.gmail.com>
Message-ID: <9DB1B05F-0054-48AB-8ADC-2356C72CEB11@blackskyresearch.net>

Hi Suit,

> On Oct 8, 2016, at 12:14 PM, Sujit K M <kmsujit at gmail.com> wrote:
> 
> Hi All,
> 
> I had a simple question for all, If you look at an web browser what are the
> sort of abuses it still cannot handle.
> 
> For one, I find Ajax has a lot of security concerns regarding the pace at which
> it does transactions. Any Ideas?
> 
> Regards,
> Sujit K M


Sorry there was no good response here on this, but I think browser abuses are something which folks around NYC*BUG aren?t too engaged in tracking- it?s been a disaster since JS et. al. were invented?  I mean, who thought that running arbitrary code from an untrusted source on the internet, from simply navigating to some site, was ever a good idea?  :)

With that, there are many OS facilities which attempt restricting/sandboxing running processes- with more and less fuss.  (FreeBSD has facilities like jail(2) and capsicum(4), OpenBSD has pledge(2), etc?)

Is there a specific applied security case you are trying to handle?

Best,
.ike




From _ at thomaslevine.com  Tue Oct 11 13:06:21 2016
From: _ at thomaslevine.com (Thomas Levine)
Date: Tue, 11 Oct 2016 17:06:21 +0000
Subject: [talk] Browser Abuse.
In-Reply-To: <9DB1B05F-0054-48AB-8ADC-2356C72CEB11@blackskyresearch.net>
References: <CA+6mNeoZ=YatLpAbDmLrSDaOt86g-KOWEJSiRbLG8p_pcpQgzg@mail.gmail.com>
 <9DB1B05F-0054-48AB-8ADC-2356C72CEB11@blackskyresearch.net>
Message-ID: <20161011170628.62513F29CD@mailuser.nyi.internal>

xombrero might give you some ideas.



From _ at thomaslevine.com  Tue Oct 11 14:20:57 2016
From: _ at thomaslevine.com (Thomas Levine)
Date: Tue, 11 Oct 2016 18:20:57 +0000
Subject: [talk] Browser Abuse.
In-Reply-To: <20161011175325.GB10729@scott1.scottro.net>
References: <CA+6mNeoZ=YatLpAbDmLrSDaOt86g-KOWEJSiRbLG8p_pcpQgzg@mail.gmail.com>
 <9DB1B05F-0054-48AB-8ADC-2356C72CEB11@blackskyresearch.net>
 <20161011170628.62513F29CD@mailuser.nyi.internal>
 <20161011175325.GB10729@scott1.scottro.net>
Message-ID: <20161011182104.00667F29D3@mailuser.nyi.internal>

It still might give you ideas. It works on OpenBSD, but you don't need
to run it; you can just check the man page. Commands starting with these
words are interesting, for example: cert, cookie, https, js, loadimages.

Scott Robbins writes:
> On Tue, Oct 11, 2016 at 05:06:21PM +0000, Thomas Levine wrote:
> > xombrero might give you some ideas.
> > 
> 
> I don't think it's developed any longer.  I know it's marked as broken on
> FreeBSD, not sure about OpenBSD.  
> 
> https://news.ycombinator.com/item?id=12046368
> 
> 
> 
> -- 
> Scott Robbins
> PGP keyID EB3467D6
> ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
> gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
> 



From scottro at nyc.rr.com  Tue Oct 11 14:26:54 2016
From: scottro at nyc.rr.com (Scott Robbins)
Date: Tue, 11 Oct 2016 14:26:54 -0400
Subject: [talk] Browser Abuse.
In-Reply-To: <20161011182104.00667F29D3@mailuser.nyi.internal>
References: <CA+6mNeoZ=YatLpAbDmLrSDaOt86g-KOWEJSiRbLG8p_pcpQgzg@mail.gmail.com>
 <9DB1B05F-0054-48AB-8ADC-2356C72CEB11@blackskyresearch.net>
 <20161011170628.62513F29CD@mailuser.nyi.internal>
 <20161011175325.GB10729@scott1.scottro.net>
 <20161011182104.00667F29D3@mailuser.nyi.internal>
Message-ID: <20161011182654.GA19859@scott1.scottro.net>

On Tue, Oct 11, 2016 at 06:20:57PM +0000, Thomas Levine wrote:
> It still might give you ideas. It works on OpenBSD, but you don't need
> to run it; you can just check the man page. Commands starting with these
> words are interesting, for example: cert, cookie, https, js, loadimages.
> 
> Scott Robbins writes:
> > On Tue, Oct 11, 2016 at 05:06:21PM +0000, Thomas Levine wrote:
> > > xombrero might give you some ideas.
> > > 
> > 
> > I don't think it's developed any longer.  I know it's marked as broken on
> > FreeBSD, not sure about OpenBSD.  


Good point.  You're quite right.

-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6



From scottro at nyc.rr.com  Tue Oct 11 13:53:25 2016
From: scottro at nyc.rr.com (Scott Robbins)
Date: Tue, 11 Oct 2016 13:53:25 -0400
Subject: [talk] Browser Abuse.
In-Reply-To: <20161011170628.62513F29CD@mailuser.nyi.internal>
References: <CA+6mNeoZ=YatLpAbDmLrSDaOt86g-KOWEJSiRbLG8p_pcpQgzg@mail.gmail.com>
 <9DB1B05F-0054-48AB-8ADC-2356C72CEB11@blackskyresearch.net>
 <20161011170628.62513F29CD@mailuser.nyi.internal>
Message-ID: <20161011175325.GB10729@scott1.scottro.net>

On Tue, Oct 11, 2016 at 05:06:21PM +0000, Thomas Levine wrote:
> xombrero might give you some ideas.
> 

I don't think it's developed any longer.  I know it's marked as broken on
FreeBSD, not sure about OpenBSD.  

https://news.ycombinator.com/item?id=12046368



-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6



From mark.saad at ymail.com  Tue Oct 11 20:24:50 2016
From: mark.saad at ymail.com (Mark Saad)
Date: Tue, 11 Oct 2016 20:24:50 -0400
Subject: [talk] FreeBSD loader
Message-ID: <CCCAF940-FE0B-4C4F-9FF5-1523139F64B0@ymail.com>

All
  I wanted to know if anyone knows of FreeBSD's loader can read from a fat/msdosfs disk or partition ? I was so playing around with mfsbsd and I wanted to see if I could load the mfsbsd from a fat formatted disk . 

---
Mark Saad | mark.saad at ymail.com


From kmsujit at gmail.com  Wed Oct 12 04:24:35 2016
From: kmsujit at gmail.com (Sujit K M)
Date: Wed, 12 Oct 2016 13:54:35 +0530
Subject: [talk] Browser Abuse.
In-Reply-To: <9DB1B05F-0054-48AB-8ADC-2356C72CEB11@blackskyresearch.net>
References: <CA+6mNeoZ=YatLpAbDmLrSDaOt86g-KOWEJSiRbLG8p_pcpQgzg@mail.gmail.com>
 <9DB1B05F-0054-48AB-8ADC-2356C72CEB11@blackskyresearch.net>
Message-ID: <CA+6mNerc=g15h2R+DfG2SGzGapbR6YyGxWutB4nP_5rv8h9UdQ@mail.gmail.com>

> Is there a specific applied security case you are trying to handle?

I was more interested with problems like SQL Injection for that matter
even an XSS Hack with respect to Ajax.



From pete at nomadlogic.org  Wed Oct 12 11:59:34 2016
From: pete at nomadlogic.org (Pete Wright)
Date: Wed, 12 Oct 2016 08:59:34 -0700
Subject: [talk] Browser Abuse.
In-Reply-To: <CA+6mNerc=g15h2R+DfG2SGzGapbR6YyGxWutB4nP_5rv8h9UdQ@mail.gmail.com>
References: <CA+6mNeoZ=YatLpAbDmLrSDaOt86g-KOWEJSiRbLG8p_pcpQgzg@mail.gmail.com>
 <9DB1B05F-0054-48AB-8ADC-2356C72CEB11@blackskyresearch.net>
 <CA+6mNerc=g15h2R+DfG2SGzGapbR6YyGxWutB4nP_5rv8h9UdQ@mail.gmail.com>
Message-ID: <100fea25-772a-290e-fbb6-76a901566442@nomadlogic.org>



On 10/12/16 1:24 AM, Sujit K M wrote:
>> Is there a specific applied security case you are trying to handle?
>
> I was more interested with problems like SQL Injection for that matter
> even an XSS Hack with respect to Ajax.
>

while browsers are certainly a great attack vector - i still think a 
majority of the issues that arise are due to poorly implemented server 
and client-side code.  That would certainly seem to be the case for 
XSS/SQL Injection/Auth attacks.

It's not clear to me that a majority of the javascript and front-end 
dev's out there fully understand the security implications of the code 
they are writing.  while it's easy to say "ah shitty javascript is 
shitty" - i think there is more than enough blame for w3c standards and 
how browsers and platforms are still pretty incompatible.

so i reckon security usually falls off the table when they have to burn 
cycles still messing around with trying to get UI's consistent b/w 
browsers and platforms.

-pete


-- 
Pete Wright
pete at nomadlogic.org
nomadlogicLA



From fire at firecrow.com  Wed Oct 12 12:14:15 2016
From: fire at firecrow.com (firecrow silvernight)
Date: Wed, 12 Oct 2016 12:14:15 -0400
Subject: [talk] Browser Abuse.
In-Reply-To: <100fea25-772a-290e-fbb6-76a901566442@nomadlogic.org>
References: <CA+6mNeoZ=YatLpAbDmLrSDaOt86g-KOWEJSiRbLG8p_pcpQgzg@mail.gmail.com>
 <9DB1B05F-0054-48AB-8ADC-2356C72CEB11@blackskyresearch.net>
 <CA+6mNerc=g15h2R+DfG2SGzGapbR6YyGxWutB4nP_5rv8h9UdQ@mail.gmail.com>
 <100fea25-772a-290e-fbb6-76a901566442@nomadlogic.org>
Message-ID: <1476288855.1339817.753784097.3C503901@webmail.messagingengine.com>



-- 
  firecrow silvernight
  fire at firecrow.com

On Wed, Oct 12, 2016, at 11:59 AM, Pete Wright wrote:
> 
> 
> On 10/12/16 1:24 AM, Sujit K M wrote:
> >> Is there a specific applied security case you are trying to handle?
> >
> > I was more interested with problems like SQL Injection for that matter
> > even an XSS Hack with respect to Ajax.
> >
> 
> while browsers are certainly a great attack vector - i still think a 
> majority of the issues that arise are due to poorly implemented server 
> and client-side code.  That would certainly seem to be the case for 
> XSS/SQL Injection/Auth attacks.
> 
> It's not clear to me that a majority of the javascript and front-end 
> dev's out there fully understand the security implications of the code 
> they are writing.  while it's easy to say "ah shitty javascript is 
> shitty" - i think there is more than enough blame for w3c standards and 
> how browsers and platforms are still pretty incompatible.
It's true, the easiest attack vector, is to use javascript to read a
session cookie, and then include that cookie in the url of an inserted
image src attribute, thus passing the cookie value to whatever host the
image lives on.

this can be avoided if the server sets the cookie to not be javascript
accessible, but it's true not all web devs understand the necessity of
such a thing
http://stackoverflow.com/a/11924457/80479

~fire
fire at firecrow.com
> 
> so i reckon security usually falls off the table when they have to burn 
> cycles still messing around with trying to get UI's consistent b/w 
> browsers and platforms.
> 
> -pete
> 
> 
> -- 
> Pete Wright
> pete at nomadlogic.org
> nomadlogicLA
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From kmsujit at gmail.com  Sat Oct 15 09:12:05 2016
From: kmsujit at gmail.com (Sujit K M)
Date: Sat, 15 Oct 2016 18:42:05 +0530
Subject: [talk] Databases
Message-ID: <CA+6mNerWcAKLuoWwUK43BcgDOrs=wP--h+AAxGZ+M8+VZRvBrQ@mail.gmail.com>

Hi All,

Might be I am trying to hog the limelight. I was recently looking at
databases or infact user who are readonly. I wanted to know whether
MySQL on FreeBSD happens to have a write configuration which lets you
disable the write part totally.

Regards,
Sujit K M



From njt at ayvali.org  Sun Oct 16 22:27:17 2016
From: njt at ayvali.org (N.J. Thomas)
Date: Sun, 16 Oct 2016 19:27:17 -0700
Subject: [talk] Databases
In-Reply-To: <CA+6mNerWcAKLuoWwUK43BcgDOrs=wP--h+AAxGZ+M8+VZRvBrQ@mail.gmail.com>
References: <CA+6mNerWcAKLuoWwUK43BcgDOrs=wP--h+AAxGZ+M8+VZRvBrQ@mail.gmail.com>
Message-ID: <20161017022717.GB52383@ayvali.org>

* Sujit K M <kmsujit at gmail.com> [2016-10-15 18:42:05+0530]:
> I was recently looking at databases or infact user who are readonly. I
> wanted to know whether MySQL on FreeBSD happens to have a write
> configuration which lets you disable the write part totally.

If I understood you correctly, I think what you want is to create a user
and grant them only read permissions. Here's the syntax for the GRANT
command:

    http://dev.mysql.com/doc/refman/5.7/en/grant.html

You can do this at the database or table level.

Thomas



From kmsujit at gmail.com  Mon Oct 17 11:40:43 2016
From: kmsujit at gmail.com (Sujit K M)
Date: Mon, 17 Oct 2016 21:10:43 +0530
Subject: [talk] Databases
In-Reply-To: <20161017022717.GB52383@ayvali.org>
References: <CA+6mNerWcAKLuoWwUK43BcgDOrs=wP--h+AAxGZ+M8+VZRvBrQ@mail.gmail.com>
 <20161017022717.GB52383@ayvali.org>
Message-ID: <CA+6mNeqhsxAsnt5ifFjCpyZz_ebgCpP5p39YaYcsdpZ1MCa6jg@mail.gmail.com>

On Mon, Oct 17, 2016 at 7:57 AM, N.J. Thomas <njt at ayvali.org> wrote:
> * Sujit K M <kmsujit at gmail.com> [2016-10-15 18:42:05+0530]:
>> I was recently looking at databases or infact user who are readonly. I
>> wanted to know whether MySQL on FreeBSD happens to have a write
>> configuration which lets you disable the write part totally.
>
> If I understood you correctly, I think what you want is to create a user
> and grant them only read permissions. Here's the syntax for the GRANT
> command:
>
>     http://dev.mysql.com/doc/refman/5.7/en/grant.html
>
> You can do this at the database or table level.

I was more interested in making the mysql server itself readonly. The below link
suggested something but I haven't verified it as of yet. I also find
Slaves being
made readonly though not currently advisable in production.

https://dev.mysql.com/doc/refman/5.6/en/innodb-read-only-instance.html

My set of thinking on is on the below lines.
"If we make an Database read only then we need to return 0 in the case of
Insert/Update statements", 0 being the number of records which are inserted.



From edlinuxguru at gmail.com  Mon Oct 17 11:46:30 2016
From: edlinuxguru at gmail.com (Edward Capriolo)
Date: Mon, 17 Oct 2016 11:46:30 -0400
Subject: [talk] Databases
In-Reply-To: <CA+6mNeqhsxAsnt5ifFjCpyZz_ebgCpP5p39YaYcsdpZ1MCa6jg@mail.gmail.com>
References: <CA+6mNerWcAKLuoWwUK43BcgDOrs=wP--h+AAxGZ+M8+VZRvBrQ@mail.gmail.com>
 <20161017022717.GB52383@ayvali.org>
 <CA+6mNeqhsxAsnt5ifFjCpyZz_ebgCpP5p39YaYcsdpZ1MCa6jg@mail.gmail.com>
Message-ID: <CAENxBwyaNFvfCO+e20E7PAbsRj6Y7bm=rWEGjJ4KJgSQUuTW_g@mail.gmail.com>

On Mon, Oct 17, 2016 at 11:40 AM, Sujit K M <kmsujit at gmail.com> wrote:

> On Mon, Oct 17, 2016 at 7:57 AM, N.J. Thomas <njt at ayvali.org> wrote:
> > * Sujit K M <kmsujit at gmail.com> [2016-10-15 18:42:05+0530]:
> >> I was recently looking at databases or infact user who are readonly. I
> >> wanted to know whether MySQL on FreeBSD happens to have a write
> >> configuration which lets you disable the write part totally.
> >
> > If I understood you correctly, I think what you want is to create a user
> > and grant them only read permissions. Here's the syntax for the GRANT
> > command:
> >
> >     http://dev.mysql.com/doc/refman/5.7/en/grant.html
> >
> > You can do this at the database or table level.
>
> I was more interested in making the mysql server itself readonly. The
> below link
> suggested something but I haven't verified it as of yet. I also find
> Slaves being
> made readonly though not currently advisable in production.
>
> https://dev.mysql.com/doc/refman/5.6/en/innodb-read-only-instance.html
>
> My set of thinking on is on the below lines.
> "If we make an Database read only then we need to return 0 in the case of
> Insert/Update statements", 0 being the number of records which are
> inserted.
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

I was not exactly sure what you meant here. I can think of a few options:

1) Use mysql-proxy. https://downloads.mysql.com/archives/proxy/ You need to
do a little bit of coding do do exactly what you want, but many people have
expressed they use it to route queries based on application logic.

2) Setup a user that only has SELECT priv.

3) Creative replication: You can use things like the blackhole-storage
engine in your replication chain.
http://dev.mysql.com/doc/refman/5.7/en/blackhole-storage-engine.html
I do not know exactly how to get at a read only DB using blackhole but you
might come up with something that works for you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20161017/3b723910/attachment.htm>

From njt at ayvali.org  Mon Oct 17 12:58:38 2016
From: njt at ayvali.org (N.J. Thomas)
Date: Mon, 17 Oct 2016 09:58:38 -0700
Subject: [talk] Databases
In-Reply-To: <CA+6mNeqhsxAsnt5ifFjCpyZz_ebgCpP5p39YaYcsdpZ1MCa6jg@mail.gmail.com>
References: <CA+6mNerWcAKLuoWwUK43BcgDOrs=wP--h+AAxGZ+M8+VZRvBrQ@mail.gmail.com>
 <20161017022717.GB52383@ayvali.org>
 <CA+6mNeqhsxAsnt5ifFjCpyZz_ebgCpP5p39YaYcsdpZ1MCa6jg@mail.gmail.com>
Message-ID: <20161017165838.GE52383@ayvali.org>

* Sujit K M <kmsujit at gmail.com> [2016-10-17 21:10:43+0530]:
> > If I understood you correctly, I think what you want is to create a
> > user and grant them only read permissions. Here's the syntax for the
> > GRANT command:
>
> I was more interested in making the mysql server itself readonly.

[...]

> "If we make an Database read only then we need to return 0 in the case of
> Insert/Update statements", 0 being the number of records which are inserted.

Okay. Can I ask why you want this? What are you trying to accomplish by
doing this?

Giving a user readonly access to a table/database is a fairly common
thing. What you are trying to do is less common, and AFAICT, from the
MYSQL docs, not really recommended.

Thomas



From kmsujit at gmail.com  Mon Oct 17 22:42:14 2016
From: kmsujit at gmail.com (Sujit K M)
Date: Tue, 18 Oct 2016 08:12:14 +0530
Subject: [talk] Databases
In-Reply-To: <20161017165838.GE52383@ayvali.org>
References: <CA+6mNerWcAKLuoWwUK43BcgDOrs=wP--h+AAxGZ+M8+VZRvBrQ@mail.gmail.com>
 <20161017022717.GB52383@ayvali.org>
 <CA+6mNeqhsxAsnt5ifFjCpyZz_ebgCpP5p39YaYcsdpZ1MCa6jg@mail.gmail.com>
 <20161017165838.GE52383@ayvali.org>
Message-ID: <CA+6mNeqCHcKgbwa2kM_juc7VzpnBt5hY5nCWp-NZ=Z0xN9Ak7A@mail.gmail.com>

> Okay. Can I ask why you want this? What are you trying to accomplish by
> doing this?

Just wanted to check performance of the app, If we can distribute the load of
select vs insert/update. Though I am not saying there is no way to insert/update
for the app.



From jhb at freebsd.org  Wed Oct 19 11:40:34 2016
From: jhb at freebsd.org (John Baldwin)
Date: Wed, 19 Oct 2016 08:40:34 -0700
Subject: [talk] FreeBSD loader
In-Reply-To: <CCCAF940-FE0B-4C4F-9FF5-1523139F64B0@ymail.com>
References: <CCCAF940-FE0B-4C4F-9FF5-1523139F64B0@ymail.com>
Message-ID: <13250749.M5OqIPdyLe@ralph.baldwin.cx>

On Tuesday, October 11, 2016 08:24:50 PM Mark Saad wrote:
> All
>   I wanted to know if anyone knows of FreeBSD's loader can read from a fat/msdosfs disk or partition ? I was so playing around with mfsbsd and I wanted to see if I could load the mfsbsd from a fat formatted disk . 

Yes, libstand includes a 'dosfs' filesystem that can read from those.
Use 'lsdev' to see what disk partitions are available to read from.
'lsdev -v' might tell you the filesystem types.

-- 
John Baldwin



From mark.saad at ymail.com  Wed Oct 19 16:23:18 2016
From: mark.saad at ymail.com (Mark Saad)
Date: Wed, 19 Oct 2016 20:23:18 +0000 (UTC)
Subject: [talk] FreeBSD loader
In-Reply-To: <13250749.M5OqIPdyLe@ralph.baldwin.cx>
References: <CCCAF940-FE0B-4C4F-9FF5-1523139F64B0@ymail.com>
 <13250749.M5OqIPdyLe@ralph.baldwin.cx>
Message-ID: <1912528356.1212548.1476908598496@mail.yahoo.com>




On Wednesday, October 19, 2016 11:50 AM, John Baldwin <jhb at freebsd.org> wrote:


>
>
>On Tuesday, October 11, 2016 08:24:50 PM Mark Saad wrote:
>
>> All
>>   I wanted to know if anyone knows of FreeBSD's loader can read from a fat/msdosfs disk or partition ? I was so playing around with mfsbsd and I wanted to see if I could load the mfsbsd from a fat formatted disk . 
>
>Yes, libstand includes a 'dosfs' filesystem that can read from those.
>Use 'lsdev' to see what disk partitions are available to read from.
>'lsdev -v' might tell you the filesystem types.
>
>-- 
>John Baldwin
>
>
>
>

>

John
  I'll have to try again . Thanks for the poitners. 

-- Mark Saad mark.saad at ymail.com



From george at ceetonetechnology.com  Fri Oct 21 12:22:02 2016
From: george at ceetonetechnology.com (George Rosamond)
Date: Fri, 21 Oct 2016 12:22:02 -0400
Subject: [talk] extra hardware..
Message-ID: <ab2a857f-50cd-7839-02e8-a50c5b65033d@ceetonetechnology.com>

I picked up a device for cheap and was wondering if anyone had the need
for it.

It's a CATX-USB, "computer access module" from Adder (.com).

Outside of that, it was unmarked, and I couldn't look it up at the time.
Yes, I was hoping it was some remote IP KVM device... but it's not.

I has an rj45 port on the one end, and two cables on the other end: usb
and vga.

If anyone has a need for it, ping me offlist and I'll bring it to the
next meeting.  It's just taking up space here...

g



From mark.saad at ymail.com  Fri Oct 21 13:58:41 2016
From: mark.saad at ymail.com (Mark Saad)
Date: Fri, 21 Oct 2016 17:58:41 +0000 (UTC)
Subject: [talk] Dyn DDos , now what can you do.
References: <615552034.499742.1477072721186.ref@mail.yahoo.com>
Message-ID: <615552034.499742.1477072721186@mail.yahoo.com>

All
  So I take it a few of you are being affected by the on going DynDNS DDos. 

I am in the minority who does not use Dyn but I am still unable to get to a bunch of sites.
I was talking to an old boddy who's entire operation is off line, and it looks like
their only option it to change the authoritative dns servers for their domains. Does anyone know 

if there is a fast option for pushing that change out ? Anyone have any creative options here ?






1.https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/

 -- Mark Saad mark.saad at ymail.com



From george at ceetonetechnology.com  Fri Oct 21 14:30:10 2016
From: george at ceetonetechnology.com (George Rosamond)
Date: Fri, 21 Oct 2016 14:30:10 -0400
Subject: [talk] PCEngines APU question
Message-ID: <7419dd89-0c23-e217-3945-a78750a33858@ceetonetechnology.com>

Has anyone run an APU as a production server?

I'm not talking about a network device (firewall, etc).. but rather a
full server using mSATA storage?

Curious about experiences.  It seems like a decent alternative to i/o
light functionality.

g



From ike at blackskyresearch.net  Fri Oct 21 14:36:46 2016
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Fri, 21 Oct 2016 14:36:46 -0400
Subject: [talk] PCEngines APU question
In-Reply-To: <7419dd89-0c23-e217-3945-a78750a33858@ceetonetechnology.com>
References: <7419dd89-0c23-e217-3945-a78750a33858@ceetonetechnology.com>
Message-ID: <DE77A197-536C-4F35-9359-C80B88C1E63C@blackskyresearch.net>

Word,

> On Oct 21, 2016, at 2:30 PM, George Rosamond <george at ceetonetechnology.com> wrote:
> 
> Has anyone run an APU as a production server?

Yes absolutely, APU (original not APU2), with 1Tb Samsung 850evo SSD, formatted with ZFS even, FreeBSD 10.x.  HTTP and automated file shuffling / backup applications, so the little suckers weren?t idle.  The SSD cost more than the APU, but absolutely worth it- 500Gb variants are much much cheaper.

With applied use actually using the CPU for applications, did not use ZFS compression to improve IO- (ssd was plenty fast).

Uptime nearly 10 months the last time I touched em.

> 
> I'm not talking about a network device (firewall, etc).. but rather a
> full server using mSATA storage?

I chose stable storage from guidelines here,
http://www.storagereview.com/best_drives

SSD media is surprisingly persnickety, some of it is real garbage so it?s important to just check reviews online for various mSata SSD?s before buying.

> 
> Curious about experiences.  It seems like a decent alternative to i/o
> light functionality.

Actually, it?s impressive how performant the APU?s were in practice? truly a punchy little box, particularly with enough storage.  Do it!

Rocket-
.ike


> 
> g
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From ike at blackskyresearch.net  Fri Oct 21 16:58:12 2016
From: ike at blackskyresearch.net (Isaac Levy (.ike))
Date: Fri, 21 Oct 2016 16:58:12 -0400
Subject: [talk] ARIN 38 involvement, vote!
Message-ID: <75F1871B-9F5B-4E9C-BCC6-2FC0CC694652@blackskyresearch.net>

Hi All,

I just attended the ARIN 38 proceedings, (got to hang out with Ray Percival a bit in TX here!)

Two big things relevant to NYC*BUG, (and the BSD projects as a whole):

1) I got nominated for a seat on the ARIN Advisory Council, and for my candidacy, I?m running explicitly as a liaison to the entire *BSD community at large, and got to stand on stage yesterday to promise that.

If I do get elected, please expect me to be reaching out to NYC*BUG, as well as relevant lists for the projects- on various policy issues which would impact, or could be positively impacted by, the *BSD community.

2) VOTE?! If you are POC for an ARIN netblock or ASN, you can log in to your ARIN online account and vote for me, (provided of course you want to! :)  The election ends next Friday the 28th, 2pm sharp.

ARIN strongly encourages you to view the candidate biographies available in the ARIN Elections 2016 Voter Guide at:

 https://www.arin.net/participate/elections/candidate_bios.pdf

--
Regardless of weather I get elected or not, ARIN 38 was truly enlightening- directly engaging live internet policy issues- and I plan to stay engaged in ARIN activities long term.

Yet, if I do get elected- I?m certainly dragging *ALL OF YOU* along with me, I certainly need your shoulders to stand on.

At the next NYC*BUG meeting, I?ll be happy to relay cool reflections on ARIN 38!

Best,
.ike




From kmsujit at gmail.com  Sat Oct 22 02:25:05 2016
From: kmsujit at gmail.com (Sujit K M)
Date: Sat, 22 Oct 2016 11:55:05 +0530
Subject: [talk] Dyn DDos , now what can you do.
In-Reply-To: <615552034.499742.1477072721186@mail.yahoo.com>
References: <615552034.499742.1477072721186.ref@mail.yahoo.com>
 <615552034.499742.1477072721186@mail.yahoo.com>
Message-ID: <CA+6mNepy30_t7TQe5aW3=x659em3ww1467N8pGnEPSR5Zw1cpg@mail.gmail.com>

>
> 1.https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/

https://news.slashdot.org/story/16/09/24/028228/why-the-silencing-of-krebsonsecurity-opens-a-troubling-chapter-for-the-internet

For some technical detail. I feel they just have to blacklist the IP
For these requests. I feel they could use something like
Same Origin in their request to nullify the attacks.



From mark.saad at ymail.com  Mon Oct 24 15:43:29 2016
From: mark.saad at ymail.com (Mark Saad)
Date: Mon, 24 Oct 2016 19:43:29 +0000 (UTC)
Subject: [talk] FreeBSD 11.0-RELEASE on the PcEngines APU2
References: <831658302.1603102.1477338209992.ref@mail.yahoo.com>
Message-ID: <831658302.1603102.1477338209992@mail.yahoo.com>

All
 I was wondering if anyone was running FreeBSD 11.0-RELEASE on a PcEngine's APU2 ?

I am running into a strange issue with the serial console. On a fresh install of 10.3-RELEASE (all amd64 installs btw)

the APU2 correctly outputs the console to the serial port. The installer see's I am on a serial port and askes me to
select my terminal . The install works and I am left with a working box.  Now if I upgrade to 11.0-RELEASE 

my console is now working. No method of adjusting boot.config with -D -S115200 or adjusting loader.conf with 

boot_serial or comconsole works either. So I decided to try a fresh install of 11.0-RELEASE in the hopes I somehow
broke the upgrade; However the system stops displaying output after the loader passes the console to the kernel. Booting
with -D will get the system to display the kernel boot up messages, but it then hangs at 
random: unblocking device.  I am not sure whats broken here ? setting console=serial kills the console as if its outputting
to another serial port . In any case I am reverting back to 10.3-RELEASE for now. Anyone have any ideas ?




 -- Mark Saad mark.saad at ymail.com



From george at ceetonetechnology.com  Mon Oct 24 16:10:03 2016
From: george at ceetonetechnology.com (George Rosamond)
Date: Mon, 24 Oct 2016 16:10:03 -0400
Subject: [talk] FreeBSD 11.0-RELEASE on the PcEngines APU2
In-Reply-To: <831658302.1603102.1477338209992@mail.yahoo.com>
References: <831658302.1603102.1477338209992.ref@mail.yahoo.com>
 <831658302.1603102.1477338209992@mail.yahoo.com>
Message-ID: <b4aeb40a-3129-3085-acea-f62001668d83@ceetonetechnology.com>

On 10/24/16 15:43, Mark Saad wrote:
> All I was wondering if anyone was running FreeBSD 11.0-RELEASE on a
> PcEngine's APU2 ?

11-RELEASE on APU1 here

> 
> I am running into a strange issue with the serial console. On a fresh
> install of 10.3-RELEASE (all amd64 installs btw)
> 
> the APU2 correctly outputs the console to the serial port. The
> installer see's I am on a serial port and askes me to select my
> terminal . The install works and I am left with a working box.  Now
> if I upgrade to 11.0-RELEASE
> 
> my console is now working. No method of adjusting boot.config with -D
> -S115200 or adjusting loader.conf with
> 
> boot_serial or comconsole works either. So I decided to try a fresh

I have this in my /boot/loader.conf

boot_serial="yes"
comconsole_speed="115200"
console="comconsole"



> install of 11.0-RELEASE in the hopes I somehow broke the upgrade;
> However the system stops displaying output after the loader passes
> the console to the kernel. Booting with -D will get the system to
> display the kernel boot up messages, but it then hangs at random:
> unblocking device.  I am not sure whats broken here ? setting
> console=serial kills the console as if its outputting to another
> serial port . In any case I am reverting back to 10.3-RELEASE for
> now. Anyone have any ideas ?

I haven't looked closely at why.. but I bet the above /boot/loader.conf
solves it.

I need to look at the release notes, but am happy to say that blacklistd
is now in the FreeBSD base system, and am just waiting to put in on a
public box.

g



From shawn.webb at hardenedbsd.org  Mon Oct 24 16:43:28 2016
From: shawn.webb at hardenedbsd.org (Shawn Webb)
Date: Mon, 24 Oct 2016 16:43:28 -0400
Subject: [talk] FreeBSD 11.0-RELEASE on the PcEngines APU2
In-Reply-To: <b4aeb40a-3129-3085-acea-f62001668d83@ceetonetechnology.com>
References: <831658302.1603102.1477338209992.ref@mail.yahoo.com>
 <831658302.1603102.1477338209992@mail.yahoo.com>
 <b4aeb40a-3129-3085-acea-f62001668d83@ceetonetechnology.com>
Message-ID: <20161024204328.GA90915@mutt-hardenedbsd>

On Mon, Oct 24, 2016 at 04:10:03PM -0400, George Rosamond wrote:
> On 10/24/16 15:43, Mark Saad wrote:
> > All I was wondering if anyone was running FreeBSD 11.0-RELEASE on a
> > PcEngine's APU2 ?
> 
> 11-RELEASE on APU1 here
> 
> > 
> > I am running into a strange issue with the serial console. On a fresh
> > install of 10.3-RELEASE (all amd64 installs btw)
> > 
> > the APU2 correctly outputs the console to the serial port. The
> > installer see's I am on a serial port and askes me to select my
> > terminal . The install works and I am left with a working box.  Now
> > if I upgrade to 11.0-RELEASE
> > 
> > my console is now working. No method of adjusting boot.config with -D
> > -S115200 or adjusting loader.conf with
> > 
> > boot_serial or comconsole works either. So I decided to try a fresh
> 
> I have this in my /boot/loader.conf
> 
> boot_serial="yes"
> comconsole_speed="115200"
> console="comconsole"
> 
> 
> 
> > install of 11.0-RELEASE in the hopes I somehow broke the upgrade;
> > However the system stops displaying output after the loader passes
> > the console to the kernel. Booting with -D will get the system to
> > display the kernel boot up messages, but it then hangs at random:
> > unblocking device.  I am not sure whats broken here ? setting
> > console=serial kills the console as if its outputting to another
> > serial port . In any case I am reverting back to 10.3-RELEASE for
> > now. Anyone have any ideas ?
> 
> I haven't looked closely at why.. but I bet the above /boot/loader.conf
> solves it.
> 
> I need to look at the release notes, but am happy to say that blacklistd
> is now in the FreeBSD base system, and am just waiting to put in on a
> public box.

I can give it another try this weekend, but I think mine is busted and I
need to either RMA or order a new one. For more info why I think mine's
busted:

http://www.pcengines.info/forums/?page=post&id=3B327362-FD62-4B6E-8C96-26D003D5F8CB&fid=DF5ACB70-99C4-4C61-AFA6-4C0E0DB05B2A

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20161024/610f1a12/attachment.bin>

From mark.saad at ymail.com  Tue Oct 25 12:54:23 2016
From: mark.saad at ymail.com (Mark Saad)
Date: Tue, 25 Oct 2016 16:54:23 +0000 (UTC)
Subject: [talk] FreeBSD 11.0-RELEASE on the PcEngines APU2
In-Reply-To: <20161024204328.GA90915@mutt-hardenedbsd>
References: <831658302.1603102.1477338209992.ref@mail.yahoo.com>
 <831658302.1603102.1477338209992@mail.yahoo.com>
 <b4aeb40a-3129-3085-acea-f62001668d83@ceetonetechnology.com>
 <20161024204328.GA90915@mutt-hardenedbsd>
Message-ID: <175919746.634567.1477414463553@mail.yahoo.com>






> On Monday, October 24, 2016 4:43 PM, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
> > On Mon, Oct 24, 2016 at 04:10:03PM -0400, George Rosamond wrote:
> 
>>  On 10/24/16 15:43, Mark Saad wrote:
>>  > All I was wondering if anyone was running FreeBSD 11.0-RELEASE on a
>>  > PcEngine's APU2 ?
>> 
>>  11-RELEASE on APU1 here
>> 
>>  > 
>>  > I am running into a strange issue with the serial console. On a fresh
>>  > install of 10.3-RELEASE (all amd64 installs btw)
>>  > 
>>  > the APU2 correctly outputs the console to the serial port. The
>>  > installer see's I am on a serial port and askes me to select my
>>  > terminal . The install works and I am left with a working box.  Now
>>  > if I upgrade to 11.0-RELEASE
>>  > 
>>  > my console is now working. No method of adjusting boot.config with -D
>>  > -S115200 or adjusting loader.conf with
>>  > 
>>  > boot_serial or comconsole works either. So I decided to try a fresh
>> 
>>  I have this in my /boot/loader.conf
>> 
>>  boot_serial="yes"
>>  comconsole_speed="115200"
>>  console="comconsole"
>> 
>> 
>> 
>>  > install of 11.0-RELEASE in the hopes I somehow broke the upgrade;
>>  > However the system stops displaying output after the loader passes
>>  > the console to the kernel. Booting with -D will get the system to
>>  > display the kernel boot up messages, but it then hangs at random:
>>  > unblocking device.  I am not sure whats broken here ? setting
>>  > console=serial kills the console as if its outputting to another
>>  > serial port . In any case I am reverting back to 10.3-RELEASE for
>>  > now. Anyone have any ideas ?
>> 
>>  I haven't looked closely at why.. but I bet the above /boot/loader.conf
>>  solves it.
>> 
>>  I need to look at the release notes, but am happy to say that blacklistd
>>  is now in the FreeBSD base system, and am just waiting to put in on a
>>  public box.
> 
> I can give it another try this weekend, but I think mine is busted and I
> need to either RMA or order a new one. For more info why I think mine's
> busted:
> 
> http://www.pcengines.info/forums/?page=post&id=3B327362-FD62-4B6E-8C96-26D003D5F8CB&fid=DF5ACB70-99C4-4C61-AFA6-4C0E0DB05B2A
> 
> -- 
> Shawn Webb
> Cofounder and Security Engineer

> HardenedBSD> 
> GPG Key ID:          0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

> 


Two follow up quesitons for you shawn ? Did you upgrade the bios on the box
to the last version noted here 
http://pcengines.ch/howto.htm#bios ?

Also have you tried a newer 11-STABLE ?







-- Mark Saad mark.saad at ymail.com> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
> 



From mark.saad at ymail.com  Tue Oct 25 16:41:41 2016
From: mark.saad at ymail.com (Mark Saad)
Date: Tue, 25 Oct 2016 20:41:41 +0000 (UTC)
Subject: [talk] FreeBSD 11.0-RELEASE on the PcEngines APU2
In-Reply-To: <175919746.634567.1477414463553@mail.yahoo.com>
References: <831658302.1603102.1477338209992.ref@mail.yahoo.com>
 <831658302.1603102.1477338209992@mail.yahoo.com>
 <b4aeb40a-3129-3085-acea-f62001668d83@ceetonetechnology.com>
 <20161024204328.GA90915@mutt-hardenedbsd>
 <175919746.634567.1477414463553@mail.yahoo.com>
Message-ID: <1504020653.833500.1477428101896@mail.yahoo.com>






> On Tuesday, October 25, 2016 12:54 PM, Mark Saad <mark.saad at ymail.com> wrote:
> > 
> 
> 
> 
> 
>>  On Monday, October 24, 2016 4:43 PM, Shawn Webb 
> <shawn.webb at hardenedbsd.org> wrote:
>>  > On Mon, Oct 24, 2016 at 04:10:03PM -0400, George Rosamond wrote:
>> 
>>>   On 10/24/16 15:43, Mark Saad wrote:
>>>   > All I was wondering if anyone was running FreeBSD 11.0-RELEASE on 
> a
>>>   > PcEngine's APU2 ?
>>> 
>>>   11-RELEASE on APU1 here
>>> 
>>>   > 
>>>   > I am running into a strange issue with the serial console. On a 
> fresh
>>>   > install of 10.3-RELEASE (all amd64 installs btw)
>>>   > 
>>>   > the APU2 correctly outputs the console to the serial port. The
>>>   > installer see's I am on a serial port and askes me to select 
> my
>>>   > terminal . The install works and I am left with a working box.  
> Now
>>>   > if I upgrade to 11.0-RELEASE
>>>   > 
>>>   > my console is now working. No method of adjusting boot.config 
> with -D
>>>   > -S115200 or adjusting loader.conf with
>>>   > 
>>>   > boot_serial or comconsole works either. So I decided to try a 
> fresh
>>> 
>>>   I have this in my /boot/loader.conf
>>> 
>>>   boot_serial="yes"
>>>   comconsole_speed="115200"
>>>   console="comconsole"
>>> 
>>> 
>>> 
>>>   > install of 11.0-RELEASE in the hopes I somehow broke the upgrade;
>>>   > However the system stops displaying output after the loader 
> passes
>>>   > the console to the kernel. Booting with -D will get the system to
>>>   > display the kernel boot up messages, but it then hangs at random:
>>>   > unblocking device.  I am not sure whats broken here ? setting
>>>   > console=serial kills the console as if its outputting to another
>>>   > serial port . In any case I am reverting back to 10.3-RELEASE for
>>>   > now. Anyone have any ideas ?
>>> 
>>>   I haven't looked closely at why.. but I bet the above 
> /boot/loader.conf
>>>   solves it.
>>> 
>>>   I need to look at the release notes, but am happy to say that 
> blacklistd
>>>   is now in the FreeBSD base system, and am just waiting to put in on a
>>>   public box.
>> 
>>  I can give it another try this weekend, but I think mine is busted and I
>>  need to either RMA or order a new one. For more info why I think mine's
>>  busted:
>> 
>> 
> http://www.pcengines.info/forums/?page=post&id=3B327362-FD62-4B6E-8C96-26D003D5F8CB&fid=DF5ACB70-99C4-4C61-AFA6-4C0E0DB05B2A
>> 
>>  -- 
>>  Shawn Webb
>>  Cofounder and Security Engineer
> 
>>  HardenedBSD> 
>>  GPG Key ID:          0x6A84658F52456EEE
>>  GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
> 
>> 
> 
> 
> Two follow up quesitons for you shawn ? Did you upgrade the bios on the box
> to the last version noted here 
> http://pcengines.ch/howto.htm#bios ?
> 
> Also have you tried a newer 11-STABLE ?
> 
> 
> 
> 
> 
> 

> 

Shawn
   After a lot of testing it appears to be a bug in the bios of the APU but I am not sure exactly how or why 11.x is acting up with it. Its odd
as pre 11.x will boot up and the bootloader and kernel will output to the serial console wiht out any special options . No boot.conf no loader.conf options.
11.x and on require what George noted above. 


Also I was able to flash the bios using flashrom in 9.3 and 10.3 RELEASES. 

-- Mark Saad mark.saad at ymail.com> -- Mark Saad mark.saad at ymail.com> 
> _______________________________________________
> 
>>  talk mailing list
>>  talk at lists.nycbug.org
>>  http://lists.nycbug.org/mailman/listinfo/talk
>> 
> 



From george at ceetonetechnology.com  Thu Oct 27 15:00:24 2016
From: george at ceetonetechnology.com (George Rosamond)
Date: Thu, 27 Oct 2016 15:00:24 -0400
Subject: [talk] NYC*BUG Nov 2: Ike on Infrastructure in a Post-Cloud Era
Message-ID: <375f7529-8335-415c-cff2-b4913d8e237a@ceetonetechnology.com>

We are working on some upcoming meeting topics. Feel free to ping admin@
if you have a potential meeting idea.

Wednesday, November 2
Infrastructure in a Post-Cloud Era, Isaac (.ike) Levy
18:45, Woolworth Building: 233 Broadway, 21st Floor
Notice: Location Change

Abstract

With a *BSD-minded perspective, we'll walk through the money and
administrative ends of deploying cloud infrastructure, and compare it to
experiences in colocation.

Building modern internet applications is challenging; so why are so many
technology companies relinquishing control over their technology? The
public clouds, after all, are just computers owned by somebody else.

This presentation contains real data crunched by data scientists, to
help cut through marketing hype. Also covered, strategies and approaches
to help you keep your stack "infrastructure agnostic", as well as
strategies to make cloud metered costs less opaque.

Note: This material was previously presented at LHMK, April 2016 - and
will be presented assuming a technical audience.

Speaker Bio

Standing on the shoulders of giants, ike's background includes
partnering to run a Virtual Server ISP before anyone called it a cloud,
as well as having a long history building internet-facing infrastructure
with UNIX systems.

NYC startup veteran, and a long-time community contributor to the *BSD
UNIX family, ike has grown computing infrastructure from a hand-full of
virtual servers, to full datacenter-scale internet-facing infrastructure
for a number of growth stage startups.

.ike has been a part of NYC*BUG since it was first launched in January
2004, was a long-time member of the Lower East Side Mac Unix User Group.
He has spoken frequently on a number of UNIX and internet security
topics at various venues, particularly on the topic of FreeBSD's
jail(8), and his involvement in the OPNsense router firewall project.



From edlinuxguru at gmail.com  Thu Oct 27 15:15:00 2016
From: edlinuxguru at gmail.com (Edward Capriolo)
Date: Thu, 27 Oct 2016 15:15:00 -0400
Subject: [talk] NYC*BUG Nov 2: Ike on Infrastructure in a Post-Cloud Era
In-Reply-To: <375f7529-8335-415c-cff2-b4913d8e237a@ceetonetechnology.com>
References: <375f7529-8335-415c-cff2-b4913d8e237a@ceetonetechnology.com>
Message-ID: <CAENxBwzf-k_udB3UnkvzTzkOrO8QU2qh5nK2NVsO0tt1Ojk+MQ@mail.gmail.com>

As a guy who once registered the domain http://groundcomputing.com/ I will
definitely attend.

On Thu, Oct 27, 2016 at 3:00 PM, George Rosamond <
george at ceetonetechnology.com> wrote:

> We are working on some upcoming meeting topics. Feel free to ping admin@
> if you have a potential meeting idea.
>
> Wednesday, November 2
> Infrastructure in a Post-Cloud Era, Isaac (.ike) Levy
> 18:45, Woolworth Building: 233 Broadway, 21st Floor
> Notice: Location Change
>
> Abstract
>
> With a *BSD-minded perspective, we'll walk through the money and
> administrative ends of deploying cloud infrastructure, and compare it to
> experiences in colocation.
>
> Building modern internet applications is challenging; so why are so many
> technology companies relinquishing control over their technology? The
> public clouds, after all, are just computers owned by somebody else.
>
> This presentation contains real data crunched by data scientists, to
> help cut through marketing hype. Also covered, strategies and approaches
> to help you keep your stack "infrastructure agnostic", as well as
> strategies to make cloud metered costs less opaque.
>
> Note: This material was previously presented at LHMK, April 2016 - and
> will be presented assuming a technical audience.
>
> Speaker Bio
>
> Standing on the shoulders of giants, ike's background includes
> partnering to run a Virtual Server ISP before anyone called it a cloud,
> as well as having a long history building internet-facing infrastructure
> with UNIX systems.
>
> NYC startup veteran, and a long-time community contributor to the *BSD
> UNIX family, ike has grown computing infrastructure from a hand-full of
> virtual servers, to full datacenter-scale internet-facing infrastructure
> for a number of growth stage startups.
>
> .ike has been a part of NYC*BUG since it was first launched in January
> 2004, was a long-time member of the Lower East Side Mac Unix User Group.
> He has spoken frequently on a number of UNIX and internet security
> topics at various venues, particularly on the topic of FreeBSD's
> jail(8), and his involvement in the OPNsense router firewall project.
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20161027/26b34b2b/attachment.htm>

From george at ceetonetechnology.com  Thu Oct 27 22:15:52 2016
From: george at ceetonetechnology.com (George Rosamond)
Date: Thu, 27 Oct 2016 22:15:52 -0400
Subject: [talk] NYC*BUG Nov 2: Ike on Infrastructure in a Post-Cloud Era
In-Reply-To: <CAENxBwzf-k_udB3UnkvzTzkOrO8QU2qh5nK2NVsO0tt1Ojk+MQ@mail.gmail.com>
References: <375f7529-8335-415c-cff2-b4913d8e237a@ceetonetechnology.com>
 <CAENxBwzf-k_udB3UnkvzTzkOrO8QU2qh5nK2NVsO0tt1Ojk+MQ@mail.gmail.com>
Message-ID: <8227df06-c9d8-1608-50ea-709730ef706c@ceetonetechnology.com>

On 10/27/16 15:15, Edward Capriolo wrote:
> As a guy who once registered the domain http://groundcomputing.com/ I will
> definitely attend.

Oh, my favorite top-poster on list... Mr. Capriolo.

I missed Ike's earlier version, but this is *that* meeting everyone
should be pulling their cloud-in-the-brain sysadmins to.

The more general point that is well-understood on this list is that the
"bare metal-era" never ended, it's just being outsourced, and priced in
a deceptive manner.

Sure, cloud or hybrid solutions make sense in certain contexts.

I can think of a few cases:

1. a business that scales seasonally and therefore doesn't want to do
the capital expenditures on hardware for a few months of use, only to be
replaced in the next interval.

2. and most commonly today, a startup that just wants to be acquired,
and doesn't want capital expenditures on their books.

I'm looking forward to this meeting, and I strongly urge people to drag
along others who don't get that the cloud is just a marketing term for
outsourcing hardware.

g



From edlinuxguru at gmail.com  Fri Oct 28 01:00:25 2016
From: edlinuxguru at gmail.com (Edward Capriolo)
Date: Fri, 28 Oct 2016 01:00:25 -0400
Subject: [talk] NYC*BUG Nov 2: Ike on Infrastructure in a Post-Cloud Era
In-Reply-To: <8227df06-c9d8-1608-50ea-709730ef706c@ceetonetechnology.com>
References: <375f7529-8335-415c-cff2-b4913d8e237a@ceetonetechnology.com>
 <CAENxBwzf-k_udB3UnkvzTzkOrO8QU2qh5nK2NVsO0tt1Ojk+MQ@mail.gmail.com>
 <8227df06-c9d8-1608-50ea-709730ef706c@ceetonetechnology.com>
Message-ID: <CAENxBwwHK5i+zanF13DK3A13ug-o0g5q+5Dcm6_2SPKO9S8wAw@mail.gmail.com>

On Thu, Oct 27, 2016 at 10:15 PM, George Rosamond <
george at ceetonetechnology.com> wrote:

> On 10/27/16 15:15, Edward Capriolo wrote:
> > As a guy who once registered the domain http://groundcomputing.com/ I
> will
> > definitely attend.
>
> Oh, my favorite top-poster on list... Mr. Capriolo.
>
> I missed Ike's earlier version, but this is *that* meeting everyone
> should be pulling their cloud-in-the-brain sysadmins to.
>
> The more general point that is well-understood on this list is that the
> "bare metal-era" never ended, it's just being outsourced, and priced in
> a deceptive manner.
>
> Sure, cloud or hybrid solutions make sense in certain contexts.
>
> I can think of a few cases:
>
> 1. a business that scales seasonally and therefore doesn't want to do
> the capital expenditures on hardware for a few months of use, only to be
> replaced in the next interval.
>
> 2. and most commonly today, a startup that just wants to be acquired,
> and doesn't want capital expenditures on their books.
>
> I'm looking forward to this meeting, and I strongly urge people to drag
> along others who don't get that the cloud is just a marketing term for
> outsourcing hardware.
>
> g
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

I would say it has to run its course. It will more easily topple when we
need to have fiber and 5(6,7,8) G everywhere. Then the "internet of things"
will be "more real", IP V6 will more "more real". Clouds wont be big data
centers in another state next to a big dam owned by google or apple, but
hardware and software that seamlessly couples. Until we have a true "cloud"
with distributed processing, storage, and routing we will by bound to  the
walmart of computing we have now.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20161028/d2cd8b1b/attachment.htm>

From shawn.webb at hardenedbsd.org  Sat Oct 29 15:09:08 2016
From: shawn.webb at hardenedbsd.org (Shawn Webb)
Date: Sat, 29 Oct 2016 15:09:08 -0400
Subject: [talk] FreeBSD 11.0-RELEASE on the PcEngines APU2
In-Reply-To: <1504020653.833500.1477428101896@mail.yahoo.com>
References: <831658302.1603102.1477338209992.ref@mail.yahoo.com>
 <831658302.1603102.1477338209992@mail.yahoo.com>
 <b4aeb40a-3129-3085-acea-f62001668d83@ceetonetechnology.com>
 <20161024204328.GA90915@mutt-hardenedbsd>
 <175919746.634567.1477414463553@mail.yahoo.com>
 <1504020653.833500.1477428101896@mail.yahoo.com>
Message-ID: <20161029190908.GA3701@mutt-hardenedbsd>

On Tue, Oct 25, 2016 at 08:41:41PM +0000, Mark Saad wrote:
> 
> 
> 
> 
> 
> > On Tuesday, October 25, 2016 12:54 PM, Mark Saad <mark.saad at ymail.com> wrote:
> > > 
> > 
> > 
> > 
> > 
> >>  On Monday, October 24, 2016 4:43 PM, Shawn Webb 
> > <shawn.webb at hardenedbsd.org> wrote:
> >>  > On Mon, Oct 24, 2016 at 04:10:03PM -0400, George Rosamond wrote:
> >> 
> >>>   On 10/24/16 15:43, Mark Saad wrote:
> >>>   > All I was wondering if anyone was running FreeBSD 11.0-RELEASE on 
> > a
> >>>   > PcEngine's APU2 ?
> >>> 
> >>>   11-RELEASE on APU1 here
> >>> 
> >>>   > 
> >>>   > I am running into a strange issue with the serial console. On a 
> > fresh
> >>>   > install of 10.3-RELEASE (all amd64 installs btw)
> >>>   > 
> >>>   > the APU2 correctly outputs the console to the serial port. The
> >>>   > installer see's I am on a serial port and askes me to select 
> > my
> >>>   > terminal . The install works and I am left with a working box.  
> > Now
> >>>   > if I upgrade to 11.0-RELEASE
> >>>   > 
> >>>   > my console is now working. No method of adjusting boot.config 
> > with -D
> >>>   > -S115200 or adjusting loader.conf with
> >>>   > 
> >>>   > boot_serial or comconsole works either. So I decided to try a 
> > fresh
> >>> 
> >>>   I have this in my /boot/loader.conf
> >>> 
> >>>   boot_serial="yes"
> >>>   comconsole_speed="115200"
> >>>   console="comconsole"
> >>> 
> >>> 
> >>> 
> >>>   > install of 11.0-RELEASE in the hopes I somehow broke the upgrade;
> >>>   > However the system stops displaying output after the loader 
> > passes
> >>>   > the console to the kernel. Booting with -D will get the system to
> >>>   > display the kernel boot up messages, but it then hangs at random:
> >>>   > unblocking device.  I am not sure whats broken here ? setting
> >>>   > console=serial kills the console as if its outputting to another
> >>>   > serial port . In any case I am reverting back to 10.3-RELEASE for
> >>>   > now. Anyone have any ideas ?
> >>> 
> >>>   I haven't looked closely at why.. but I bet the above 
> > /boot/loader.conf
> >>>   solves it.
> >>> 
> >>>   I need to look at the release notes, but am happy to say that 
> > blacklistd
> >>>   is now in the FreeBSD base system, and am just waiting to put in on a
> >>>   public box.
> >> 
> >>  I can give it another try this weekend, but I think mine is busted and I
> >>  need to either RMA or order a new one. For more info why I think mine's
> >>  busted:
> >> 
> >> 
> > http://www.pcengines.info/forums/?page=post&id=3B327362-FD62-4B6E-8C96-26D003D5F8CB&fid=DF5ACB70-99C4-4C61-AFA6-4C0E0DB05B2A
> >> 
> >>  -- 
> >>  Shawn Webb
> >>  Cofounder and Security Engineer
> > 
> >>  HardenedBSD> 
> >>  GPG Key ID:          0x6A84658F52456EEE
> >>  GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
> > 
> >> 
> > 
> > 
> > Two follow up quesitons for you shawn ? Did you upgrade the bios on the box
> > to the last version noted here 
> > http://pcengines.ch/howto.htm#bios ?
> > 
> > Also have you tried a newer 11-STABLE ?
> > 
> > 
> > 
> > 
> > 
> > 
> 
> > 
> 
> Shawn
>    After a lot of testing it appears to be a bug in the bios of the APU but I am not sure exactly how or why 11.x is acting up with it. Its odd
> as pre 11.x will boot up and the bootloader and kernel will output to the serial console wiht out any special options . No boot.conf no loader.conf options.
> 11.x and on require what George noted above. 
> 
> 
> Also I was able to flash the bios using flashrom in 9.3 and 10.3 RELEASES. 

I haven't gotten anything to work. Tried again with FreeBSD
10.3-RELEASE, 11.0-RELEASE, and 12-CURRENT. Pretty sure I misapplied the
heat pads, breaking the hardware.

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20161029/e55ca11d/attachment.bin>

From ike at blackskyresearch.net  Mon Oct 31 13:36:02 2016
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Mon, 31 Oct 2016 13:36:02 -0400
Subject: [talk] NYC*BUG Nov 2: Ike on Infrastructure in a Post-Cloud Era
In-Reply-To: <375f7529-8335-415c-cff2-b4913d8e237a@ceetonetechnology.com>
References: <375f7529-8335-415c-cff2-b4913d8e237a@ceetonetechnology.com>
Message-ID: <24A9F864-32DA-4FB7-8944-E275FB494F9E@blackskyresearch.net>

Hey All,

One more little bit for Wed. meeting:

ARIN 38!
If nobody objects, I?d like to give a brief report from ARIN proceedings, and a quick report on Internet and Numbers related issues the BSD community can strategically make a great impact with, (and how to help and engage!)

Unless there are any objections, I?ll just plan to spend 5 (10) minutes on it!

Best,
.ike



> On Oct 27, 2016, at 3:00 PM, George Rosamond <george at ceetonetechnology.com> wrote:
> 
> We are working on some upcoming meeting topics. Feel free to ping admin@
> if you have a potential meeting idea.
> 
> Wednesday, November 2
> Infrastructure in a Post-Cloud Era, Isaac (.ike) Levy
> 18:45, Woolworth Building: 233 Broadway, 21st Floor
> Notice: Location Change
> 
> Abstract
> 
> With a *BSD-minded perspective, we'll walk through the money and
> administrative ends of deploying cloud infrastructure, and compare it to
> experiences in colocation.
> 
> Building modern internet applications is challenging; so why are so many
> technology companies relinquishing control over their technology? The
> public clouds, after all, are just computers owned by somebody else.
> 
> This presentation contains real data crunched by data scientists, to
> help cut through marketing hype. Also covered, strategies and approaches
> to help you keep your stack "infrastructure agnostic", as well as
> strategies to make cloud metered costs less opaque.
> 
> Note: This material was previously presented at LHMK, April 2016 - and
> will be presented assuming a technical audience.
> 
> Speaker Bio
> 
> Standing on the shoulders of giants, ike's background includes
> partnering to run a Virtual Server ISP before anyone called it a cloud,
> as well as having a long history building internet-facing infrastructure
> with UNIX systems.
> 
> NYC startup veteran, and a long-time community contributor to the *BSD
> UNIX family, ike has grown computing infrastructure from a hand-full of
> virtual servers, to full datacenter-scale internet-facing infrastructure
> for a number of growth stage startups.
> 
> .ike has been a part of NYC*BUG since it was first launched in January
> 2004, was a long-time member of the Lower East Side Mac Unix User Group.
> He has spoken frequently on a number of UNIX and internet security
> topics at various venues, particularly on the topic of FreeBSD's
> jail(8), and his involvement in the OPNsense router firewall project.
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From george at ceetonetechnology.com  Mon Oct 31 13:56:45 2016
From: george at ceetonetechnology.com (George Rosamond)
Date: Mon, 31 Oct 2016 13:56:45 -0400
Subject: [talk] NYC*BUG Nov 2: Ike on Infrastructure in a Post-Cloud Era
In-Reply-To: <24A9F864-32DA-4FB7-8944-E275FB494F9E@blackskyresearch.net>
References: <375f7529-8335-415c-cff2-b4913d8e237a@ceetonetechnology.com>
 <24A9F864-32DA-4FB7-8944-E275FB494F9E@blackskyresearch.net>
Message-ID: <e2fe8f4a-53af-74a8-08e8-45226a82f646@ceetonetechnology.com>

On 10/31/16 13:36, Isaac (.ike) Levy wrote:
> Hey All,
> 
> One more little bit for Wed. meeting:
> 
> ARIN 38!
> If nobody objects, I?d like to give a brief report from ARIN proceedings, and a quick report on Internet and Numbers related issues the BSD community can strategically make a great impact with, (and how to help and engage!)
> 
> Unless there are any objections, I?ll just plan to spend 5 (10) minutes on it!

+1 if you make it >=15 minutes!

g




From shawn.webb at hardenedbsd.org  Mon Oct 31 14:03:28 2016
From: shawn.webb at hardenedbsd.org (Shawn Webb)
Date: Mon, 31 Oct 2016 14:03:28 -0400
Subject: [talk] NYC*BUG Nov 2: Ike on Infrastructure in a Post-Cloud Era
In-Reply-To: <375f7529-8335-415c-cff2-b4913d8e237a@ceetonetechnology.com>
References: <375f7529-8335-415c-cff2-b4913d8e237a@ceetonetechnology.com>
Message-ID: <20161031180328.GA76439@mutt-hardenedbsd>

On Thu, Oct 27, 2016 at 03:00:24PM -0400, George Rosamond wrote:
> We are working on some upcoming meeting topics. Feel free to ping admin@
> if you have a potential meeting idea.
> 
> Wednesday, November 2
> Infrastructure in a Post-Cloud Era, Isaac (.ike) Levy
> 18:45, Woolworth Building: 233 Broadway, 21st Floor
> Notice: Location Change
> 
> Abstract
> 
> With a *BSD-minded perspective, we'll walk through the money and
> administrative ends of deploying cloud infrastructure, and compare it to
> experiences in colocation.
> 
> Building modern internet applications is challenging; so why are so many
> technology companies relinquishing control over their technology? The
> public clouds, after all, are just computers owned by somebody else.
> 
> This presentation contains real data crunched by data scientists, to
> help cut through marketing hype. Also covered, strategies and approaches
> to help you keep your stack "infrastructure agnostic", as well as
> strategies to make cloud metered costs less opaque.
> 
> Note: This material was previously presented at LHMK, April 2016 - and
> will be presented assuming a technical audience.
> 
> Speaker Bio
> 
> Standing on the shoulders of giants, ike's background includes
> partnering to run a Virtual Server ISP before anyone called it a cloud,
> as well as having a long history building internet-facing infrastructure
> with UNIX systems.
> 
> NYC startup veteran, and a long-time community contributor to the *BSD
> UNIX family, ike has grown computing infrastructure from a hand-full of
> virtual servers, to full datacenter-scale internet-facing infrastructure
> for a number of growth stage startups.
> 
> .ike has been a part of NYC*BUG since it was first launched in January
> 2004, was a long-time member of the Lower East Side Mac Unix User Group.
> He has spoken frequently on a number of UNIX and internet security
> topics at various venues, particularly on the topic of FreeBSD's
> jail(8), and his involvement in the OPNsense router firewall project.

Any chance of live streaming this?

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20161031/c445157f/attachment.bin>