From kmsujit at gmail.com  Wed Nov  1 10:31:12 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Wed, 1 Nov 2017 20:01:12 +0530
Subject: [talk] Go and C++ Performance Improvements
Message-ID: <CA+6mNepESjgqA=tc=fd=kNnt9BfSGKXewzkjWJiTpA_hjNLz5Q@mail.gmail.com>

I am in the process of evaluating solutions that perform better with
failover when
used with Distributed Computing, Similar to Hadoop in Distributed Computing and
K8/Docker in Failover. Is there any specific way to check this, Would
for example
using an C++ Server[1,2] cause this betterment.

Also GOlang which is an very new language I would love to check for
something that
helps in similar Garbage Collection[3], Polymorphism[a.k.a hack with
C++] to help in
performance improvements.


1.https://github.com/eidheim/Simple-Web-Server
2.https://github.com/ipkn/crow
3.https://blog.golang.org/go15gc



From mcevoy.pat at gmail.com  Wed Nov  1 14:08:50 2017
From: mcevoy.pat at gmail.com (Pat McEvoy)
Date: Wed, 1 Nov 2017 14:08:50 -0400
Subject: [talk] Tonight
Message-ID: <D0B61683-3FD3-4F55-978F-0FBC62B37806@gmail.com>

If anyone has any extra NYCBUG stickers from the last con, could you bring a few please?
TIA,

Patrick 



From viewtiful.icchan at gmail.com  Wed Nov  1 17:35:17 2017
From: viewtiful.icchan at gmail.com (Robert Menes)
Date: Wed, 1 Nov 2017 17:35:17 -0400
Subject: [talk] Tonight
In-Reply-To: <D0B61683-3FD3-4F55-978F-0FBC62B37806@gmail.com>
References: <D0B61683-3FD3-4F55-978F-0FBC62B37806@gmail.com>
Message-ID: <CA+TaHT03WoANRN-xj2tF_R1bhpdrqoaHQxEr1RcuuMjT+iWEkg@mail.gmail.com>

Guys,

I'm doing overtime at work and may be late. If I can't make it still, I'll
holler again.

If there are indeed leftover stickers, can someone save me a couple?

--Robert

On Nov 1, 2017 14:09, "Pat McEvoy" <mcevoy.pat at gmail.com> wrote:

> If anyone has any extra NYCBUG stickers from the last con, could you bring
> a few please?
> TIA,
>
> Patrick
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171101/2ba0706a/attachment.htm>

From edlinuxguru at gmail.com  Wed Nov  1 18:05:10 2017
From: edlinuxguru at gmail.com (Edward Capriolo)
Date: Wed, 1 Nov 2017 18:05:10 -0400
Subject: [talk] Go and C++ Performance Improvements
In-Reply-To: <CA+6mNepESjgqA=tc=fd=kNnt9BfSGKXewzkjWJiTpA_hjNLz5Q@mail.gmail.com>
References: <CA+6mNepESjgqA=tc=fd=kNnt9BfSGKXewzkjWJiTpA_hjNLz5Q@mail.gmail.com>
Message-ID: <CAENxBwxT_UpdwAERh-Xf5isN8AAFHiEDt3LWaj0yKsqYzbOFFA@mail.gmail.com>

On Wed, Nov 1, 2017 at 10:31 AM, Sujit K M <kmsujit at gmail.com> wrote:

> I am in the process of evaluating solutions that perform better with
> failover when
> used with Distributed Computing, Similar to Hadoop in Distributed
> Computing and
> K8/Docker in Failover. Is there any specific way to check this, Would
> for example
> using an C++ Server[1,2] cause this betterment.
>
> Also GOlang which is an very new language I would love to check for
> something that
> helps in similar Garbage Collection[3], Polymorphism[a.k.a hack with
> C++] to help in
> performance improvements.
>
>
> 1.https://github.com/eidheim/Simple-Web-Server
> 2.https://github.com/ipkn/crow
> 3.https://blog.golang.org/go15gc
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

Hadoop/Spark and similar tools typically divide long running processes
minutes/hours into set of tasks. There failure model is typically that a
failure of task only sets the process back small amounts. For example if I
am filtering a 12GB file and I divide it into 12x 1GB sized tasks, the
failure of task 10 can be retried without forcing the other tasks to retry.

For the three projects you are mentioning two of them look like web based
micro-service architectures. These are typically for short processes that
have small state and no failover.

I think in those cases you are looking for something closer to erlang's
actor model.

Java- Akka
C++- c-actor framework https://actor-framework.org/

In c-actor framework you can create services on different nodes and those
services are transparently connected. Data passed between the services and
if components die they can be re-spawned and then the framework will wire
the service back together.

Note: c-actor framework is not a web-server, or http based micro-service
framework.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171101/af8b4dbc/attachment.htm>

From jkeenan at pobox.com  Wed Nov  1 22:47:14 2017
From: jkeenan at pobox.com (James E Keenan)
Date: Wed, 1 Nov 2017 22:47:14 -0400
Subject: [talk] Tonight
In-Reply-To: <CA+TaHT03WoANRN-xj2tF_R1bhpdrqoaHQxEr1RcuuMjT+iWEkg@mail.gmail.com>
References: <D0B61683-3FD3-4F55-978F-0FBC62B37806@gmail.com>
 <CA+TaHT03WoANRN-xj2tF_R1bhpdrqoaHQxEr1RcuuMjT+iWEkg@mail.gmail.com>
Message-ID: <030e6c09-8a46-a48d-7a53-0c625902f161@pobox.com>

On 11/01/2017 05:35 PM, Robert Menes wrote:
> Guys,
> 
> I'm doing overtime at work and may be late. If I can't make it still, 
> I'll holler again.
> 
> If there are indeed leftover stickers, can someone save me a couple?
> 

Alas, there were no stickers.  But a good time was had by all N of us.

jimk



From kmsujit at gmail.com  Thu Nov  2 03:06:18 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Thu, 2 Nov 2017 12:36:18 +0530
Subject: [talk] Go and C++ Performance Improvements
In-Reply-To: <CAENxBwxT_UpdwAERh-Xf5isN8AAFHiEDt3LWaj0yKsqYzbOFFA@mail.gmail.com>
References: <CA+6mNepESjgqA=tc=fd=kNnt9BfSGKXewzkjWJiTpA_hjNLz5Q@mail.gmail.com>
 <CAENxBwxT_UpdwAERh-Xf5isN8AAFHiEDt3LWaj0yKsqYzbOFFA@mail.gmail.com>
Message-ID: <CA+6mNeocGjaznatO=-xTxCXDaX=36DmE6UNFkRPL_m9rSAwRfQ@mail.gmail.com>

Firstly Thanks For such a good pointer or 's.

On Thu, Nov 2, 2017 at 3:35 AM, Edward Capriolo <edlinuxguru at gmail.com> wrote:
>
>
> Hadoop/Spark and similar tools typically divide long running processes
> minutes/hours into set of tasks. There failure model is typically that a
> failure of task only sets the process back small amounts. For example if I
> am filtering a 12GB file and I divide it into 12x 1GB sized tasks, the
> failure of task 10 can be retried without forcing the other tasks to retry.

I am more interested in knowing about the timelines in Milli Seconds. I have
worked on an Back Up Product Which is based on similar model on the Web
Side which Had about 100 MS requirements. Though I must say If a User A
starts a process of back up and server 10 is checked for then it remains during
the entire process with server 10, also there were requirements that when a
user is created it is allocated a server, you would find atleast
1000's of servers and
on operation needs we generally add 3 - 4 servers every day., It could
last hours if
the back up is huge, but the thing was it was done on the web. Though
It might take
hours It still sends across the updates on the Back up Process to the
user, these were
in millisecond time lines.

>
> For the three projects you are mentioning two of them look like web based
> micro-service architectures. These are typically for short processes that
> have small state and no failover.

It could still be having fail over if we use a docker container for
example or isn't
it so.

> I think in those cases you are looking for something closer to erlang's
> actor model.
>
> Java- Akka
> C++- c-actor framework https://actor-framework.org/

Yes this is some thing I would look for.

> In c-actor framework you can create services on different nodes and those
> services are transparently connected. Data passed between the services and
> if components die they can be re-spawned and then the framework will wire
> the service back together.
>
> Note: c-actor framework is not a web-server, or http based micro-service
> framework.

Are there any other Low Level Latency Models like Actor Model illustrated. Also
could you please let me know whether Model Means a Design Pattern or Multiple
Design Patterns.



From george at ceetonetechnology.com  Sun Nov  5 10:02:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Sun, 05 Nov 2017 15:02:00 +0000
Subject: [talk] passwd entropy and strength
Message-ID: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>

This is something I've tinkered with for a long while, and thought I'd
raise it on talk@ even though it's a bit OT from BSD land.

Looking for feedback/correction on my argument here.

I toyed a bit with the xkcd passwds... the well-known https://xkcd.com/936/.

The passwords in question are:

Tr0ub4dor &3 (aka "Tr0")

versus

correct horse battery staple (aka "correct")

There is a unix program called ent in all BSD ports
(https://www.fourmilab.ch/random/) which calculates entropy with a bunch
of different measurements.  I fully don't understand all the tests, but
I generally look at the first one "Entropy" which is bits of entropy per
byte, ie, how much entropy/randomness per digit. So if you have a five
digit passwd and 3 bits of entropy per byte, the passwd entropy would be
5 digits X 3 bits of entropy per byte = 15 bits of entropy.  I think
that's correct.

Now the first Tr0... passwd has 3.546... bits per byte, and the second
correct... has 3.590... Therefore:

Tr0.. 3.546 x 12 digits (including space) and is 42.48 bits of entropy

correct... 3.590 x 28 digits and is 100.5 bits of entropy

This seems to confirm the argument of the xkcd cartoon. The easier
passwd correct... has more than double the bits of entropy and is easier
to remember.

But then look at the password strength wikipedia page, specifically the
chart entitled "desired password entropy".
https://en.wikipedia.org/wiki/Password_strength/

The Tr0 passwd is considered in the column of "All ASCII printable
characters" and the correct passwd is in the "case insensitive Latin
alphabet".  Even by this the Tr0 passwd is about 72 bits of entropy and
the correct passwd is 128 bits of entropy.

Certainly the recommended method from the cartoon would likely be a
massive improvement for most users. And with that, I don't think it's a
bad thing if there is some real mathematical improvement in passwd strength.

The problem with that argument, however, is the same problem with
Diceware. The words, like Diceware, are all in standard US English
dictionaries, and most methods of bits/entropy calculation doesn't take
that into account. Both xkcd and Diceware only use a "26 character
universe", ie, they limit their content to lower-case alphabet English.
So what may look better in terms of some calculations, doesn't add up
when it comes to determining patterns, ie, English words.

So someone getting some of the passwd really just needs a "Wheel of
Fortune" approach to determining a passwd in full.

co__ect ho_se batte_y staple

"Can I buy an 'r'?"

And "universe" is one of the criteria I think matters for password
strength. All ASCII printable characters is a 95 universe, which is much
better over the 26 in a lower-case (or upper-case) US English alphabet one.

Length matters, of course, but I think it's too often the main criteria
for users and sysadmins, and the think that intimidates users the most.

But it's third criteria that matters in this case, what I call
"diversity", ie, can you find it in any dictionary? Does it contain
common digraphs (in english, th, ng, st, etc).  Both xkcd and Diceware do.

Going back to the passwd strength chart, how long does a passwd in
26-universe alphabet have to be to equal on that uses a 95-character
ASCII universe?

alpha only/ascii

13/7 (40 bits/entropy in total)
25/13 (80 bits)
39/20 (128 bits)

etc.

The conclusion, to me, is that getting users to use the whole ASCII
universe of 95 characters with diversity is an achievable goal, and
removes the easy brute force dictionary attacks so common.

Can't imagine a more perfect Sunday morning post.

g

-- 


5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6



From arielsanchezmora at gmail.com  Sun Nov  5 10:34:58 2017
From: arielsanchezmora at gmail.com (Ariel Sanchez Mora)
Date: Sun, 5 Nov 2017 10:34:58 -0500
Subject: [talk] passwd entropy and strength
In-Reply-To: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
Message-ID: <CADN2GVuHoeiVxkT83qNez3EPmnUKrXhyZ35tWoOXKbewr5aseg@mail.gmail.com>

Love the topic and kudos on a very clear explanation :)

Personally, I combined both - long password combined with an easy to
remember but more complex character like # at the end, so the password
wasnt entirely derived from the "simple" character universe. Still easy to
remember :)

On Nov 5, 2017 10:03 AM, "George Rosamond" <george at ceetonetechnology.com>
wrote:

This is something I've tinkered with for a long while, and thought I'd
raise it on talk@ even though it's a bit OT from BSD land.

Looking for feedback/correction on my argument here.

I toyed a bit with the xkcd passwds... the well-known https://xkcd.com/936/.

The passwords in question are:

Tr0ub4dor &3 (aka "Tr0")

versus

correct horse battery staple (aka "correct")

There is a unix program called ent in all BSD ports
(https://www.fourmilab.ch/random/) which calculates entropy with a bunch
of different measurements.  I fully don't understand all the tests, but
I generally look at the first one "Entropy" which is bits of entropy per
byte, ie, how much entropy/randomness per digit. So if you have a five
digit passwd and 3 bits of entropy per byte, the passwd entropy would be
5 digits X 3 bits of entropy per byte = 15 bits of entropy.  I think
that's correct.

Now the first Tr0... passwd has 3.546... bits per byte, and the second
correct... has 3.590... Therefore:

Tr0.. 3.546 x 12 digits (including space) and is 42.48 bits of entropy

correct... 3.590 x 28 digits and is 100.5 bits of entropy

This seems to confirm the argument of the xkcd cartoon. The easier
passwd correct... has more than double the bits of entropy and is easier
to remember.

But then look at the password strength wikipedia page, specifically the
chart entitled "desired password entropy".
https://en.wikipedia.org/wiki/Password_strength/

The Tr0 passwd is considered in the column of "All ASCII printable
characters" and the correct passwd is in the "case insensitive Latin
alphabet".  Even by this the Tr0 passwd is about 72 bits of entropy and
the correct passwd is 128 bits of entropy.

Certainly the recommended method from the cartoon would likely be a
massive improvement for most users. And with that, I don't think it's a
bad thing if there is some real mathematical improvement in passwd strength.

The problem with that argument, however, is the same problem with
Diceware. The words, like Diceware, are all in standard US English
dictionaries, and most methods of bits/entropy calculation doesn't take
that into account. Both xkcd and Diceware only use a "26 character
universe", ie, they limit their content to lower-case alphabet English.
So what may look better in terms of some calculations, doesn't add up
when it comes to determining patterns, ie, English words.

So someone getting some of the passwd really just needs a "Wheel of
Fortune" approach to determining a passwd in full.

co__ect ho_se batte_y staple

"Can I buy an 'r'?"

And "universe" is one of the criteria I think matters for password
strength. All ASCII printable characters is a 95 universe, which is much
better over the 26 in a lower-case (or upper-case) US English alphabet one.

Length matters, of course, but I think it's too often the main criteria
for users and sysadmins, and the think that intimidates users the most.

But it's third criteria that matters in this case, what I call
"diversity", ie, can you find it in any dictionary? Does it contain
common digraphs (in english, th, ng, st, etc).  Both xkcd and Diceware do.

Going back to the passwd strength chart, how long does a passwd in
26-universe alphabet have to be to equal on that uses a 95-character
ASCII universe?

alpha only/ascii

13/7 (40 bits/entropy in total)
25/13 (80 bits)
39/20 (128 bits)

etc.

The conclusion, to me, is that getting users to use the whole ASCII
universe of 95 characters with diversity is an achievable goal, and
removes the easy brute force dictionary attacks so common.

Can't imagine a more perfect Sunday morning post.

g

--


5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6

_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171105/e0904f4d/attachment.htm>

From george at ceetonetechnology.com  Sun Nov  5 10:51:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Sun, 05 Nov 2017 15:51:00 +0000
Subject: [talk] passwd entropy and strength
In-Reply-To: <CADN2GVuHoeiVxkT83qNez3EPmnUKrXhyZ35tWoOXKbewr5aseg@mail.gmail.com>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
 <CADN2GVuHoeiVxkT83qNez3EPmnUKrXhyZ35tWoOXKbewr5aseg@mail.gmail.com>
Message-ID: <4d256ed2-15c3-ba0f-2c86-a480e5be1d71@ceetonetechnology.com>

Ariel Sanchez Mora:
> Love the topic and kudos on a very clear explanation :)

Why, thank you.

> 
> Personally, I combined both - long password combined with an easy to
> remember but more complex character like # at the end, so the password
> wasnt entirely derived from the "simple" character universe. Still easy to
> remember :)

That's cool, but also possibly considered predictable, in that if you
ask users to add numbers, they append passwds with 0, etc.

This post, though, is directed to those who could critique my view.

g

> 
> On Nov 5, 2017 10:03 AM, "George Rosamond" <george at ceetonetechnology.com>
> wrote:
> 
> This is something I've tinkered with for a long while, and thought I'd
> raise it on talk@ even though it's a bit OT from BSD land.
> 
> Looking for feedback/correction on my argument here.
> 
> I toyed a bit with the xkcd passwds... the well-known https://xkcd.com/936/.
> 
> The passwords in question are:
> 
> Tr0ub4dor &3 (aka "Tr0")
> 
> versus
> 
> correct horse battery staple (aka "correct")
> 
> There is a unix program called ent in all BSD ports
> (https://www.fourmilab.ch/random/) which calculates entropy with a bunch
> of different measurements.  I fully don't understand all the tests, but
> I generally look at the first one "Entropy" which is bits of entropy per
> byte, ie, how much entropy/randomness per digit. So if you have a five
> digit passwd and 3 bits of entropy per byte, the passwd entropy would be
> 5 digits X 3 bits of entropy per byte = 15 bits of entropy.  I think
> that's correct.
> 
> Now the first Tr0... passwd has 3.546... bits per byte, and the second
> correct... has 3.590... Therefore:
> 
> Tr0.. 3.546 x 12 digits (including space) and is 42.48 bits of entropy
> 
> correct... 3.590 x 28 digits and is 100.5 bits of entropy
> 
> This seems to confirm the argument of the xkcd cartoon. The easier
> passwd correct... has more than double the bits of entropy and is easier
> to remember.
> 
> But then look at the password strength wikipedia page, specifically the
> chart entitled "desired password entropy".
> https://en.wikipedia.org/wiki/Password_strength/
> 
> The Tr0 passwd is considered in the column of "All ASCII printable
> characters" and the correct passwd is in the "case insensitive Latin
> alphabet".  Even by this the Tr0 passwd is about 72 bits of entropy and
> the correct passwd is 128 bits of entropy.
> 
> Certainly the recommended method from the cartoon would likely be a
> massive improvement for most users. And with that, I don't think it's a
> bad thing if there is some real mathematical improvement in passwd strength.
> 
> The problem with that argument, however, is the same problem with
> Diceware. The words, like Diceware, are all in standard US English
> dictionaries, and most methods of bits/entropy calculation doesn't take
> that into account. Both xkcd and Diceware only use a "26 character
> universe", ie, they limit their content to lower-case alphabet English.
> So what may look better in terms of some calculations, doesn't add up
> when it comes to determining patterns, ie, English words.
> 
> So someone getting some of the passwd really just needs a "Wheel of
> Fortune" approach to determining a passwd in full.
> 
> co__ect ho_se batte_y staple
> 
> "Can I buy an 'r'?"
> 
> And "universe" is one of the criteria I think matters for password
> strength. All ASCII printable characters is a 95 universe, which is much
> better over the 26 in a lower-case (or upper-case) US English alphabet one.
> 
> Length matters, of course, but I think it's too often the main criteria
> for users and sysadmins, and the think that intimidates users the most.
> 
> But it's third criteria that matters in this case, what I call
> "diversity", ie, can you find it in any dictionary? Does it contain
> common digraphs (in english, th, ng, st, etc).  Both xkcd and Diceware do.
> 
> Going back to the passwd strength chart, how long does a passwd in
> 26-universe alphabet have to be to equal on that uses a 95-character
> ASCII universe?
> 
> alpha only/ascii
> 
> 13/7 (40 bits/entropy in total)
> 25/13 (80 bits)
> 39/20 (128 bits)
> 
> etc.
> 
> The conclusion, to me, is that getting users to use the whole ASCII
> universe of 95 characters with diversity is an achievable goal, and
> removes the easy brute force dictionary attacks so common.
> 
> Can't imagine a more perfect Sunday morning post.
> 
> g
> 
> --
> 
> 
> 5822 F82D 665B 5C6A 915B FAD4 B014 1CEE 545A A6C6
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
> 



From bcallah at devio.us  Sun Nov  5 11:35:48 2017
From: bcallah at devio.us (Brian Callahan)
Date: Sun, 5 Nov 2017 11:35:48 -0500
Subject: [talk] passwd entropy and strength
In-Reply-To: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
Message-ID: <377e927f-650d-5ce0-ea87-364b208799b1@devio.us>

One quick though at the bottom.

On 11/5/2017 10:02 AM, George Rosamond wrote:
> This is something I've tinkered with for a long while, and thought I'd
> raise it on talk@ even though it's a bit OT from BSD land.
>
> Looking for feedback/correction on my argument here.
>
> I toyed a bit with the xkcd passwds... the well-known https://xkcd.com/936/.
>
> The passwords in question are:
>
> Tr0ub4dor &3 (aka "Tr0")
>
> versus
>
> correct horse battery staple (aka "correct")
>
> There is a unix program called ent in all BSD ports
> (https://www.fourmilab.ch/random/) which calculates entropy with a bunch
> of different measurements.  I fully don't understand all the tests, but
> I generally look at the first one "Entropy" which is bits of entropy per
> byte, ie, how much entropy/randomness per digit. So if you have a five
> digit passwd and 3 bits of entropy per byte, the passwd entropy would be
> 5 digits X 3 bits of entropy per byte = 15 bits of entropy.  I think
> that's correct.
>
> Now the first Tr0... passwd has 3.546... bits per byte, and the second
> correct... has 3.590... Therefore:
>
> Tr0.. 3.546 x 12 digits (including space) and is 42.48 bits of entropy
>
> correct... 3.590 x 28 digits and is 100.5 bits of entropy
>
> This seems to confirm the argument of the xkcd cartoon. The easier
> passwd correct... has more than double the bits of entropy and is easier
> to remember.
>
> But then look at the password strength wikipedia page, specifically the
> chart entitled "desired password entropy".
> https://en.wikipedia.org/wiki/Password_strength/
>
> The Tr0 passwd is considered in the column of "All ASCII printable
> characters" and the correct passwd is in the "case insensitive Latin
> alphabet".  Even by this the Tr0 passwd is about 72 bits of entropy and
> the correct passwd is 128 bits of entropy.
>
> Certainly the recommended method from the cartoon would likely be a
> massive improvement for most users. And with that, I don't think it's a
> bad thing if there is some real mathematical improvement in passwd strength.
>
> The problem with that argument, however, is the same problem with
> Diceware. The words, like Diceware, are all in standard US English
> dictionaries, and most methods of bits/entropy calculation doesn't take
> that into account. Both xkcd and Diceware only use a "26 character
> universe", ie, they limit their content to lower-case alphabet English.
> So what may look better in terms of some calculations, doesn't add up
> when it comes to determining patterns, ie, English words.
>
> So someone getting some of the passwd really just needs a "Wheel of
> Fortune" approach to determining a passwd in full.
>
> co__ect ho_se batte_y staple
>
> "Can I buy an 'r'?"
>
> And "universe" is one of the criteria I think matters for password
> strength. All ASCII printable characters is a 95 universe, which is much
> better over the 26 in a lower-case (or upper-case) US English alphabet one.
>
> Length matters, of course, but I think it's too often the main criteria
> for users and sysadmins, and the think that intimidates users the most.
>
> But it's third criteria that matters in this case, what I call
> "diversity", ie, can you find it in any dictionary? Does it contain
> common digraphs (in english, th, ng, st, etc).  Both xkcd and Diceware do.
>
> Going back to the passwd strength chart, how long does a passwd in
> 26-universe alphabet have to be to equal on that uses a 95-character
> ASCII universe?
>
> alpha only/ascii
>
> 13/7 (40 bits/entropy in total)
> 25/13 (80 bits)
> 39/20 (128 bits)
>
> etc.
>
> The conclusion, to me, is that getting users to use the whole ASCII
> universe of 95 characters with diversity is an achievable goal, and
> removes the easy brute force dictionary attacks so common.
>

I know it's crazy impractical right now, but when emoji keyboards start
being a thing and passwords can include UTF-8 chars, I imagine we'll
have whole new xkcd cartoons about correct horse battery staple being 4

emojis and it being a stronger password than the entirety of the
combinations of the ASCII table (I'm being facetious but not by much).

But maybe that's something worth implementing more than "user education"
which I think is already a lost cause. Even my mom uses emojis (sorry
mom!), I bet if I told her "put some emojis in your password" she'd come
up with something like "<purple heart emoji>Il0ve<eggplant emoji><sun
emoji>All<female doctor emoji><horse emoji><ice cream emoji>my<umbrella
emoji>children<angel emoji>" -- which she'd probably already have
memorized the first time she typed it in, and now completely defeats
your Pat Sajak attack in the vast majority of cases.
"Il0veAllmychildren" is a terrible password, but the emojis make it much
much better.

I guess those LISP space cadet keyboards will have to make a comeback
for my dreams to come true...
Maybe UTF-8 passwords already exist somewhere, I don't know. But it's my
dream.

~Brian



From bcully at gmail.com  Sun Nov  5 12:32:18 2017
From: bcully at gmail.com (Brian Cully)
Date: Sun, 5 Nov 2017 09:32:18 -0800
Subject: [talk] passwd entropy and strength
In-Reply-To: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
Message-ID: <CANtshGnX993JqacHwqPYZv41kvr2vB59j9xyi0KVU_ME_8FxQg@mail.gmail.com>

On November 5, 2017 at 10:03:21, George Rosamond
(george at ceetonetechnology.com) wrote:
> Now the first Tr0... passwd has 3.546... bits per byte, and the second
> correct... has 3.590... Therefore:
>
> Tr0.. 3.546 x 12 digits (including space) and is 42.48 bits of entropy
>
> correct... 3.590 x 28 digits and is 100.5 bits of entropy
>
> This seems to confirm the argument of the xkcd cartoon. The easier
> passwd correct... has more than double the bits of entropy and is easier
> to remember.
>
> The problem with that argument, however, is the same problem with
> Diceware. The words, like Diceware, are all in standard US English
> dictionaries, and most methods of bits/entropy calculation doesn't take
> that into account. Both xkcd and Diceware only use a "26 character
> universe", ie, they limit their content to lower-case alphabet English.
> So what may look better in terms of some calculations, doesn't add up
> when it comes to determining patterns, ie, English words.
>
> So someone getting some of the passwd really just needs a "Wheel of
> Fortune" approach to determining a passwd in full.
>
> co__ect ho_se batte_y staple
>
> "Can I buy an 'r'?"
>
> And "universe" is one of the criteria I think matters for password
> strength. All ASCII printable characters is a 95 universe, which is much
> better over the 26 in a lower-case (or upper-case) US English alphabet one.
>
> Length matters, of course, but I think it's too often the main criteria
> for users and sysadmins, and the think that intimidates users the most.
>
> But it's third criteria that matters in this case, what I call
> "diversity", ie, can you find it in any dictionary? Does it contain
> common digraphs (in english, th, ng, st, etc). Both xkcd and Diceware do.

	The argument in XKCD, as you?ve mentioned, is finding a more optimal
entropy:memory ratio, since hard-to-remember passwords tend to be
easier to guess by reading post-it notes.

	I?m a fan of the short english-ish sentence approach. However, it
doesn?t have anywhere near the entropy you have calculated up above.
The reason is that if it?s known they?re English words, which you
should assume in order to calculate minimum entropy, then there?s a
lot less variation.

	/usr/share/dict/words has 235,886 entries on my Mac. That?s ~17.847
bits of entropy per word. The average English speaker?s vocabulary
seems to hover at about 15,000 words, which is ~13.872 bits of entropy
per word. Multiply that by 4 and you get ~55.5 bits of entropy. Not a
huge improvement over the mixed number-letter case.

	I am a big fan of this approach, though, since the
bits-of-entropy-per-bits-of-neuron ratio is really high. Our brains
are made for remembering language, and while scrambles of words aren?t
ideal for recall (vs real grammatical sentences), they?re a /lot/
better than what amounts to random letter substitution.

> The conclusion, to me, is that getting users to use the whole ASCII
> universe of 95 characters with diversity is an achievable goal, and
> removes the easy brute force dictionary attacks so common.

	I?d rather see longer strings of words, personally, since I think
it?s more efficient when meat-space storage is taken into account. My
ideal circumstance is basically to have a well-remembered sentence
that acts as a master password to 1Password or Keychain or something,
and then offload literally all of the rest of the completely random
and un-rememberable passwords to that.

-bjc



From jamex1642 at gmail.com  Sun Nov  5 13:24:42 2017
From: jamex1642 at gmail.com (James)
Date: Sun, 5 Nov 2017 14:54:42 -0330
Subject: [talk] passwd entropy and strength
In-Reply-To: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
Message-ID: <CALCVq+FmAxY2E4k8cbFdo+soGC7-2yu__kCQtoVcRU2XA4K8=A@mail.gmail.com>

On Sun, Nov 5, 2017 at 11:32 AM, George Rosamond
<george at ceetonetechnology.com> wrote:
> This is something I've tinkered with for a long while, and thought I'd
> raise it on talk@ even though it's a bit OT from BSD land.
>
> Looking for feedback/correction on my argument here.
>
> I toyed a bit with the xkcd passwds... the well-known https://xkcd.com/936/.
>
> The passwords in question are:
>
> Tr0ub4dor &3 (aka "Tr0")
>
> versus
>
> correct horse battery staple (aka "correct")
>
> There is a unix program called ent in all BSD ports
> (https://www.fourmilab.ch/random/) which calculates entropy with a bunch
> of different measurements.  I fully don't understand all the tests, but
> I generally look at the first one "Entropy" which is bits of entropy per
> byte, ie, how much entropy/randomness per digit. So if you have a five
> digit passwd and 3 bits of entropy per byte, the passwd entropy would be
> 5 digits X 3 bits of entropy per byte = 15 bits of entropy.  I think
> that's correct.
>
> Now the first Tr0... passwd has 3.546... bits per byte, and the second
> correct... has 3.590... Therefore:
>
> Tr0.. 3.546 x 12 digits (including space) and is 42.48 bits of entropy
>
> correct... 3.590 x 28 digits and is 100.5 bits of entropy
>

Hi,

I don't think that you can multiply the entropy per byte by the
length of password to get those values for total entropy of the
password and then compare them.

Eg. If you were to look at the entropy at the bit level would you
expect the same values?

Let's try:

$ echo -n Tr0ub4dor \&3|ent -b # :D
Entropy = 0.984604 bits per bit.

Optimum compression would reduce the size
of this 96 bit file by 1 percent.

Chi square distribution for 96 samples is 2.04, and randomly
would exceed this value 15.30 percent of the times.

Arithmetic mean value of data bits is 0.4271 (0.5 = random).
Monte Carlo value for Pi is 4.000000000 (error 27.32 percent).
Serial correlation coefficient is -0.021729 (totally uncorrelated = 0.0).
$ bc
0.984604 * 96
94.521984

So does the Tr0 password have 94.521984 or 42.48?

Actually, there is a small algebraic potatoe here:
Going over your calculations I think you have included
the newline in the password entropy calculation.

I hope this is constructive:


$ echo -n Tr0ub4dor \&3|ent # :D
Entropy = 3.418296 bits per byte.

Optimum compression would reduce the size
of this 12 byte file by 57 percent.

Chi square distribution for 12 samples is 286.67, and randomly
would exceed this value 8.42 percent of the times.

Arithmetic mean value of data bytes is 79.9167 (127.5 = random).
Monte Carlo value for Pi is 4.000000000 (error 27.32 percent).
Serial correlation coefficient is 0.051733 (totally uncorrelated = 0.0).
$ echo Tr0ub4dor \&3|ent # :D
Entropy = 3.546594 bits per byte.

Optimum compression would reduce the size
of this 13 byte file by 55 percent.

Chi square distribution for 13 samples is 282.38, and randomly
would exceed this value 11.49 percent of the times.

Arithmetic mean value of data bytes is 74.5385 (127.5 = random).
Monte Carlo value for Pi is 4.000000000 (error 27.32 percent).
Serial correlation coefficient is 0.126675 (totally uncorrelated = 0.0).
$



Cheers,
James



>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From jschauma at netmeister.org  Sun Nov  5 14:04:46 2017
From: jschauma at netmeister.org (Jan Schaumann)
Date: Sun, 5 Nov 2017 14:04:46 -0500
Subject: [talk] passwd entropy and strength
In-Reply-To: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
Message-ID: <20171105190446.GU4913@netmeister.org>

George Rosamond <george at ceetonetechnology.com> wrote:
 
> So someone getting some of the passwd really just needs a "Wheel of
> Fortune" approach to determining a passwd in full.
> 
> co__ect ho_se batte_y staple
> 
> "Can I buy an 'r'?"

It is rather rare that an attacker would have a partial password.

Unlike so frequently portrayed in the movies, brute-force cracking
doesn't work like picking a lock -- it can't guess the first correct
character and then move on to the next one.  Since the passphrase is
hashed, you always have to guess the full passphrase, and if it doesn't
match, you don't know whether or not you got some characters right.

While it's correct that with a $yourPrimaryLanguage charset passphrase
you somewhat limit the entropy of the individual characters to the
printable set, this is usually far outweighed by the length.

But this is technically true for _any_ restriction you make on a
password's complexity: if you require, say, 26 char length, and demand
that at least one must be a number, then one of the chars clearly has
less entropy than the others.  But due to the above (you don't know
which one, although the first or last ones are more likely candidates),
you can't trivially reduce your number of guesses other than eliminating
any guesses that do not contain a digit.

> Going back to the passwd strength chart, how long does a passwd in
> 26-universe alphabet have to be to equal on that uses a 95-character
> ASCII universe?

https://i.imgur.com/gfYw57t.png

> The conclusion, to me, is that getting users to use the whole ASCII
> universe of 95 characters with diversity is an achievable goal

I don't think it is.  People will continue to pick poor (i.e.
predictable) passwords.  Increasing the length overall is the best
strategy, as reflected in NIST's updated guidelines and across
experts.

Encouraging the use of password managers is the next best bet, but that
still faces usability and user education hurdles.  Excellent for
environments where you can enforce them (e.g. corporate), but still much
too high a bar for the general public.

-Jan



From bcallah at devio.us  Sun Nov  5 14:06:36 2017
From: bcallah at devio.us (Brian Callahan)
Date: Sun, 5 Nov 2017 14:06:36 -0500
Subject: [talk] passwd entropy and strength
In-Reply-To: <20171105190446.GU4913@netmeister.org>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
 <20171105190446.GU4913@netmeister.org>
Message-ID: <97267ece-e28b-65fa-5bdf-ef2551c4317d@devio.us>



On 11/05/17 14:04, Jan Schaumann wrote:
> George Rosamond <george at ceetonetechnology.com> wrote:
>   
>> So someone getting some of the passwd really just needs a "Wheel of
>> Fortune" approach to determining a passwd in full.
>>
>> co__ect ho_se batte_y staple
>>
>> "Can I buy an 'r'?"
> It is rather rare that an attacker would have a partial password.

Besides, everyone knows you're only allowed to buy vowels on Wheel of 
Fortune :)

~Brian



From lists at eitanadler.com  Sun Nov  5 14:19:16 2017
From: lists at eitanadler.com (Eitan Adler)
Date: Sun, 5 Nov 2017 11:19:16 -0800
Subject: [talk] passwd entropy and strength
In-Reply-To: <97267ece-e28b-65fa-5bdf-ef2551c4317d@devio.us>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
 <20171105190446.GU4913@netmeister.org>
 <97267ece-e28b-65fa-5bdf-ef2551c4317d@devio.us>
Message-ID: <CAF6rxgksKOQJo=wuSXMdXQJAuneAakZQ6jLaOyGSKD45vJQSRw@mail.gmail.com>

On 5 November 2017 at 11:06, Brian Callahan <bcallah at devio.us> wrote:
>
>
> On 11/05/17 14:04, Jan Schaumann wrote:
>>
>> George Rosamond <george at ceetonetechnology.com> wrote:
>>
>>>
>>> So someone getting some of the passwd really just needs a "Wheel of
>>> Fortune" approach to determining a passwd in full.
>>>
>>> co__ect ho_se batte_y staple
>>>
>>> "Can I buy an 'r'?"
>>
>> It is rather rare that an attacker would have a partial password.
>

Y'all may be interested in NIST Special Publication 800-63-2 which
attempts to define entropy for human generated passwords.





-- 
Eitan Adler



From jpb at jimby.name  Sun Nov  5 21:04:25 2017
From: jpb at jimby.name (Jim B.)
Date: Sun, 5 Nov 2017 21:04:25 -0500
Subject: [talk] passwd entropy and strength
In-Reply-To: <CANtshGnX993JqacHwqPYZv41kvr2vB59j9xyi0KVU_ME_8FxQg@mail.gmail.com>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
 <CANtshGnX993JqacHwqPYZv41kvr2vB59j9xyi0KVU_ME_8FxQg@mail.gmail.com>
Message-ID: <20171106020425.GA77316@jimby.name>

* Brian Cully <bcully at gmail.com> [2017-11-05 12:32]:
> On November 5, 2017 at 10:03:21, George Rosamond
> (george at ceetonetechnology.com) wrote:
> > Now the first Tr0... passwd has 3.546... bits per byte, and the second
> > correct... has 3.590... Therefore:
> >
> > Tr0.. 3.546 x 12 digits (including space) and is 42.48 bits of entropy
> >
> > correct... 3.590 x 28 digits and is 100.5 bits of entropy
> >
> > This seems to confirm the argument of the xkcd cartoon. The easier
> > passwd correct... has more than double the bits of entropy and is easier
> > to remember.
> >
> > The problem with that argument, however, is the same problem with
> > Diceware. The words, like Diceware, are all in standard US English
> > dictionaries, and most methods of bits/entropy calculation doesn't take
> > that into account. Both xkcd and Diceware only use a "26 character
> > universe", ie, they limit their content to lower-case alphabet English.
> > So what may look better in terms of some calculations, doesn't add up
> > when it comes to determining patterns, ie, English words.
> >
> > So someone getting some of the passwd really just needs a "Wheel of
> > Fortune" approach to determining a passwd in full.
> >
> > co__ect ho_se batte_y staple
> >
> > "Can I buy an 'r'?"
> >
> > And "universe" is one of the criteria I think matters for password
> > strength. All ASCII printable characters is a 95 universe, which is much
> > better over the 26 in a lower-case (or upper-case) US English alphabet one.
> >
> > Length matters, of course, but I think it's too often the main criteria
> > for users and sysadmins, and the think that intimidates users the most.
> >
> > But it's third criteria that matters in this case, what I call
> > "diversity", ie, can you find it in any dictionary? Does it contain
> > common digraphs (in english, th, ng, st, etc). Both xkcd and Diceware do.
> 
> 	The argument in XKCD, as you???ve mentioned, is finding a more optimal
> entropy:memory ratio, since hard-to-remember passwords tend to be
> easier to guess by reading post-it notes.
> 
> 	I???m a fan of the short english-ish sentence approach. However, it
> doesn???t have anywhere near the entropy you have calculated up above.
> The reason is that if it???s known they???re English words, which you
> should assume in order to calculate minimum entropy, then there???s a
> lot less variation.
> 
> 	/usr/share/dict/words has 235,886 entries on my Mac. That???s ~17.847
> bits of entropy per word. The average English speaker???s vocabulary
> seems to hover at about 15,000 words, which is ~13.872 bits of entropy
> per word. Multiply that by 4 and you get ~55.5 bits of entropy. Not a
> huge improvement over the mixed number-letter case.
> 
> 	I am a big fan of this approach, though, since the
> bits-of-entropy-per-bits-of-neuron ratio is really high. Our brains
> are made for remembering language, and while scrambles of words aren???t
> ideal for recall (vs real grammatical sentences), they???re a /lot/
> better than what amounts to random letter substitution.
> 
> > The conclusion, to me, is that getting users to use the whole ASCII
> > universe of 95 characters with diversity is an achievable goal, and
> > removes the easy brute force dictionary attacks so common.
> 
> 	I???d rather see longer strings of words, personally, since I think
> it???s more efficient when meat-space storage is taken into account. My
> ideal circumstance is basically to have a well-remembered sentence
> that acts as a master password to 1Password or Keychain or something,
> and then offload literally all of the rest of the completely random
> and un-rememberable passwords to that.
> 
> -bjc

Almost agreed.  I agree with the master password and password vault.
The "ease-ability" of remembering all passwords though is moot, IMHO.
I say this for several reasons.

 - The only time I need a password is when I *use* a password.  Since
   I'm actually on a computer every single time I actually need a password
   (discounting ATM PINs) I've concluded that the best strategy is to
   have a reliable password vault, so I created my own.

 - The hash cracking community (let's restrict our discussion to non 3LAs)
   has implemented extremely sophisticated hardware/software cracking
   platforms.  Visit hashcat.net for details.  I've personnaly gone
   through (ok, sampled) the results from just the RockYou hack, and the
   there are many examples of the "correct" variant above.  Since these
   are now part of well known word lists, you wouldn't want to use any
   of those again.  Let's hope the one you last thought of isn't in there.

 - Using a keyboard, you are usually restricted to ASCII 32-127, and in
   a lot of cases with websites, you are sometimes further severely
   restricted in case/number/specials.  This limits your ability to create
   complex passwords, and has the reverse (perverse!) impact of making
   them easier to crack.

 - Like George, I'm very interested in generating and using very hard to
   guess passwords.  Along with the password vault mentioned above, I
   have implemented my own complex password generator with nothing more
   than dd(1), tr(1), and fold(1):

   (export LC_ALL=C; dd if=/dev/random count=10 bs=1K | tr -cd "[:print:]" | tr -d " " ) | fold -w $LEN

   A few samples:
      #]_V\EZLxj1r;Bvd
      ~5r]&-2!{)T:v at M-
      {2kiK/T;(Sa6PP/]
      +<=\DQ6OM1Vjjo&_
      >09Y&.&Hvnw1WDo@
      !S_R3p-*rUU5mwwe
      &dJ]~`,I|aX7X4+)
      -K)!lN2TzA3*L*&@
      ."<^1RVD/0a4D7Pk
      "kjfJ]`YPvULQn1s
      KRug+zp1*JLlt#F]

So, for now, I'm done with remembering the gazillion passwords I need.
I only need to remember my own master password to my own vault.  Since
it's all on my own TrueOS box, I'm happy with my own attack surface at
the moment (except for that one thing https://xkcd.com/538/).

Best,
Jim B.



From jpb at jimby.name  Sun Nov  5 23:10:53 2017
From: jpb at jimby.name (Jim B.)
Date: Sun, 5 Nov 2017 23:10:53 -0500
Subject: [talk] passwd entropy and strength
In-Reply-To: <20171105190446.GU4913@netmeister.org>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
 <20171105190446.GU4913@netmeister.org>
Message-ID: <20171106041053.GA78375@jimby.name>

* Jan Schaumann <jschauma at netmeister.org> [2017-11-05 14:04]:
> George Rosamond <george at ceetonetechnology.com> wrote:
>  
> > So someone getting some of the passwd really just needs a "Wheel of
> > Fortune" approach to determining a passwd in full.
> > 
> > co__ect ho_se batte_y staple
> > 
> > "Can I buy an 'r'?"
> 
> It is rather rare that an attacker would have a partial password.

Rare perhaps, but when one or more words, phrases, numbers and or punctuations
are known to be (or could be) present it is extremely helpful.  I wrote a
"combinator" to attack just such a problem in trying to recover a
password that I used over 10 years ago.

See the README.txt file at http://www.jimby.name:81/comboleetor_latest/
where you can also download and try out the code.  Using this splendid tool,
and hashcat https://hashcat.net/hashcat I was able to recover the password
in less than two hours.

Taking the original post of 'Tr0ub4dor&3'  (no space in the xkcd original)
and the comboleetor tool I ran it with the following setup:

  blocks.txt
    troubador
    trombone

  numbers.txt
    %d
    1-10


  echo bNP | perl comboleetor.pl -c >  troubador.txt
  echo bPN | perl comboleetor.pl -c >> troubador.txt

produced a file of candidate passwords:

  $ wc troubador.txt 
    47040420 47707660 673705670 troubador.&xt

The winning entry was found about half way through the file:

  $ grep -n 'Tr0ub4dor&3' troubador.txt  
    28512753:Tr0ub4dor&3

While the real cracking speed depends on the hash type,
it's safe to assume that this password would be found within
an hour.

[OK, I've gotten *way far out there* on talk at . Apologies!]

> 
> Unlike so frequently portrayed in the movies, brute-force cracking
> doesn't work like picking a lock -- it can't guess the first correct
> character and then move on to the next one.  Since the passphrase is
> hashed, you always have to guess the full passphrase, and if it doesn't
> match, you don't know whether or not you got some characters right.
> 
> While it's correct that with a $yourPrimaryLanguage charset passphrase
> you somewhat limit the entropy of the individual characters to the
> printable set, this is usually far outweighed by the length.
> 
> But this is technically true for _any_ restriction you make on a
> password's complexity: if you require, say, 26 char length, and demand
> that at least one must be a number, then one of the chars clearly has
> less entropy than the others.  But due to the above (you don't know
> which one, although the first or last ones are more likely candidates),
> you can't trivially reduce your number of guesses other than eliminating
> any guesses that do not contain a digit.
> 
> > Going back to the passwd strength chart, how long does a passwd in
> > 26-universe alphabet have to be to equal on that uses a 95-character
> > ASCII universe?
> 
> https://i.imgur.com/gfYw57t.png

If I'm reading this right, looks like a 25 characters at 26universe is
roughly equal to 18 characters at 94universe.  

Great link.  Thanks.

> 
> > The conclusion, to me, is that getting users to use the whole ASCII
> > universe of 95 characters with diversity is an achievable goal
> 
> I don't think it is.  People will continue to pick poor (i.e.
> predictable) passwords.  Increasing the length overall is the best
> strategy, as reflected in NIST's updated guidelines and across
> experts.

I agree here. There is (will always be) a percentage of the population
that just doesn't get it or doesn't care.  Some people get burned and
learn, other newcomers come in and take their place.  I don't think
we will ever get everyone on the same page on this issue.

> 
> Encouraging the use of password managers is the next best bet, but that
> still faces usability and user education hurdles.  Excellent for
> environments where you can enforce them (e.g. corporate), but still much
> too high a bar for the general public.

Not too high for techfolk.  That's what make this a great list :-)

> 
> -Jan
> 

Jim B.



From _ at thomaslevine.com  Mon Nov  6 11:21:49 2017
From: _ at thomaslevine.com (Thomas Levine)
Date: Mon, 06 Nov 2017 16:21:49 +0000
Subject: [talk] passwd entropy and strength
In-Reply-To: <20171106041053.GA78375@jimby.name>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
 <20171105190446.GU4913@netmeister.org> <20171106041053.GA78375@jimby.name>
Message-ID: <20171106162152.1E51B7FAB2@mailuser.nyi.internal>

I am very satisfied with my password management approach, and
I keep debating whether it is safe to share. On one hand,
I theoretically think that sharing it would not provide an adversary
with enough information to guess my passwords or otherwise bother me,
but I also wonder whether it would tell the adversary enough to study
the relevant approaches/software enough to come up with a vulnerability.
Does anyone have any commentary on my concern?



From jpb at jimby.name  Mon Nov  6 15:10:21 2017
From: jpb at jimby.name (Jim B.)
Date: Mon, 6 Nov 2017 15:10:21 -0500
Subject: [talk] passwd entropy and strength
In-Reply-To: <20171106162152.1E51B7FAB2@mailuser.nyi.internal>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
 <20171105190446.GU4913@netmeister.org>
 <20171106041053.GA78375@jimby.name>
 <20171106162152.1E51B7FAB2@mailuser.nyi.internal>
Message-ID: <20171106201021.GA80696@jimby.name>

* Thomas Levine <_ at thomaslevine.com> [2017-11-06 11:22]:
> I am very satisfied with my password management approach, and
> I keep debating whether it is safe to share. On one hand,
> I theoretically think that sharing it would not provide an adversary
> with enough information to guess my passwords or otherwise bother me,
> but I also wonder whether it would tell the adversary enough to study
> the relevant approaches/software enough to come up with a vulnerability.
> Does anyone have any commentary on my concern?
> 

Like many valuable things, it depends on your risk model.
Who is your adversary?  A 3LA?  Large well funded criminal
enterprise?  A really good hacker?  Random scripty?

For most folks, I suspect it is the latter.  On the other hand,
it doesn't matter who it is - personally I want to keep my shit
safe from *all* prying eyes.  It may not be great shit but it's
*my* shit, and I want to keep it that way.

You could of course, follow the web of trust model - share
individually with those you trust and gain feedback to improve
your defenses.

That said, I'll share my approach.  Just don't hack me and steal
all my shit :-)  I'm going to number all the elements below
to allow for easy commentary.  I welcome all comments and
suggestions on how to improve this setup.


1. My "password vault" is just a text file on my TrueOS laptop.

2. The file (in some directory)  is encrypted with gpg2(1) with a
   strong password.  I do not keep a clear text version on hard
   disk.

3. To edit the file, I create a memory disk, format it with newfs(8)
   mount it, and lock down the mountpoint.
   
4. I copy the encrypted file to the memory disk, decrypt, edit,
   save, and re-encrypt it all on the memory disk.  Lastly, I
   use "rm -P" to "securely delete" the decrypted copy that
   I edited.

5. The encrypted file is copied back to my hard disk.

6. The memory disk is unmounted and deleted.

7. The ASCII-armored file is then steganographically embedded
   inside a JPEG file.  I use outguess(1) (by Niels Provos)
   for the steganography operations.  This operation has a
   completely different password.

8. The .JPG file is copied to a secure location online.


Thus, I have a local ASCII armored encrypted file on my disk,
and I have a copy of that file embedded inside a JPEG file
on my disk, and also somewhere online.


9. If I just want to view the file, I open up a new terminal,
   cat the encrypted file and pipe it to "gpg2 -d" which
   outputs the clear text to the terminal window.  I
   copy/paste whatever I need, and delete the terminal window
   when done.  pinentry(1) is used for passing the password
   to gpg2 in this step.


That's it.

Comments welcome!
Jim B.

 



From kmsujit at gmail.com  Tue Nov  7 04:36:36 2017
From: kmsujit at gmail.com (Sujit K M)
Date: Tue, 7 Nov 2017 15:06:36 +0530
Subject: [talk] passwd entropy and strength
In-Reply-To: <CA+6mNeqk3CJ5t1dNO2Aq+GjY2oAP77EBypjVFLOO2D8Nb70oMw@mail.gmail.com>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
 <20171105190446.GU4913@netmeister.org> <20171106041053.GA78375@jimby.name>
 <20171106162152.1E51B7FAB2@mailuser.nyi.internal>
 <20171106201021.GA80696@jimby.name>
 <CA+6mNeqk3CJ5t1dNO2Aq+GjY2oAP77EBypjVFLOO2D8Nb70oMw@mail.gmail.com>
Message-ID: <CA+6mNerCzqLJHeTMt1y8+om8UNPEUKM--QsV0o2b=ZThnP_bMg@mail.gmail.com>

On Nov 7, 2017 1:41 AM, "Jim B." <jpb at jimby.name> wrote:

* Thomas Levine <_ at thomaslevine.com> [2017-11-06 11:22]:
> I am very satisfied with my password management approach, and
> I keep debating whether it is safe to share. On one hand,
> I theoretically think that sharing it would not provide an adversary
> with enough information to guess my passwords or otherwise bother me,
> but I also wonder whether it would tell the adversary enough to study
> the relevant approaches/software enough to come up with a vulnerability.
> Does anyone have any commentary on my concern?
>

Like many valuable things, it depends on your risk model.
Who is your adversary?  A 3LA?  Large well funded criminal
enterprise?  A really good hacker?  Random scripty?

For most folks, I suspect it is the latter.  On the other hand,
it doesn't matter who it is - personally I want to keep my shit
safe from *all* prying eyes.  It may not be great shit but it's
*my* shit, and I want to keep it that way.

You could of course, follow the web of trust model - share
individually with those you trust and gain feedback to improve
your defenses.

That said, I'll share my approach.  Just don't hack me and steal
all my shit :-)  I'm going to number all the elements below
to allow for easy commentary.  I welcome all comments and
suggestions on how to improve this setup.


1. My "password vault" is just a text file on my TrueOS laptop.

2. The file (in some directory)  is encrypted with gpg2(1) with a
   strong password.  I do not keep a clear text version on hard
   disk.

3. To edit the file, I create a memory disk, format it with newfs(8)
   mount it, and lock down the mountpoint.

4. I copy the encrypted file to the memory disk, decrypt, edit,
   save, and re-encrypt it all on the memory disk.  Lastly, I
   use "rm -P" to "securely delete" the decrypted copy that
   I edited.

5. The encrypted file is copied back to my hard disk.

6. The memory disk is unmounted and deleted.

7. The ASCII-armored file is then steganographically embedded
   inside a JPEG file.  I use outguess(1) (by Niels Provos)
   for the steganography operations.  This operation has a
   completely different password.

8. The .JPG file is copied to a secure location online.


Thus, I have a local ASCII armored encrypted file on my disk,
and I have a copy of that file embedded inside a JPEG file
on my disk, and also somewhere online.


9. If I just want to view the file, I open up a new terminal,
   cat the encrypted file and pipe it to "gpg2 -d" which
   outputs the clear text to the terminal window.  I
   copy/paste whatever I need, and delete the terminal window
   when done.  pinentry(1) is used for passing the password
   to gpg2 in this step.


That's it.

Comments welcome!
Jim B.



_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk

Do open source developer's really need security. Not a joke. Look you have
source's of all projects.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171107/f3d5f8fb/attachment.htm>

From kula at tproa.net  Tue Nov  7 07:14:06 2017
From: kula at tproa.net (Thomas Kula)
Date: Tue, 7 Nov 2017 07:14:06 -0500
Subject: [talk] passwd entropy and strength
In-Reply-To: <CA+6mNerCzqLJHeTMt1y8+om8UNPEUKM--QsV0o2b=ZThnP_bMg@mail.gmail.com>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
 <20171105190446.GU4913@netmeister.org>
 <20171106041053.GA78375@jimby.name>
 <20171106162152.1E51B7FAB2@mailuser.nyi.internal>
 <20171106201021.GA80696@jimby.name>
 <CA+6mNeqk3CJ5t1dNO2Aq+GjY2oAP77EBypjVFLOO2D8Nb70oMw@mail.gmail.com>
 <CA+6mNerCzqLJHeTMt1y8+om8UNPEUKM--QsV0o2b=ZThnP_bMg@mail.gmail.com>
Message-ID: <20171107121406.fv4v7wg4ew2htc4p@keymaster.tproa.net>

On Tue, Nov 07, 2017 at 03:06:36PM +0530, Sujit K M wrote:
> 
> Do open source developer's really need security. Not a joke. Look you have
> source's of all projects.

I have things other than open source code that needs security. My bank
account information, for example.

I've been very fond of pass(1) for a while, and we've adopted it at work
to host all the shared credentially things my team is responsible for.

https://www.passwordstore.org/


-- 
Thomas L. Kula | kula at tproa.net | http://kula.tproa.net/



From edlinuxguru at gmail.com  Tue Nov  7 09:20:59 2017
From: edlinuxguru at gmail.com (Edward Capriolo)
Date: Tue, 7 Nov 2017 09:20:59 -0500
Subject: [talk] passwd entropy and strength
In-Reply-To: <CA+6mNerCzqLJHeTMt1y8+om8UNPEUKM--QsV0o2b=ZThnP_bMg@mail.gmail.com>
References: <6256906e-2fb6-deab-a407-dc9f624ce8d3@ceetonetechnology.com>
 <20171105190446.GU4913@netmeister.org> <20171106041053.GA78375@jimby.name>
 <20171106162152.1E51B7FAB2@mailuser.nyi.internal>
 <20171106201021.GA80696@jimby.name>
 <CA+6mNeqk3CJ5t1dNO2Aq+GjY2oAP77EBypjVFLOO2D8Nb70oMw@mail.gmail.com>
 <CA+6mNerCzqLJHeTMt1y8+om8UNPEUKM--QsV0o2b=ZThnP_bMg@mail.gmail.com>
Message-ID: <CAENxBwyYaQSPH3X0mdCdyWnTB+LO7GpGhh5NMe9Q=Av9ddooWA@mail.gmail.com>

On Tue, Nov 7, 2017 at 4:36 AM, Sujit K M <kmsujit at gmail.com> wrote:

>
>
> On Nov 7, 2017 1:41 AM, "Jim B." <jpb at jimby.name> wrote:
>
> * Thomas Levine <_ at thomaslevine.com> [2017-11-06 11:22]:
> > I am very satisfied with my password management approach, and
> > I keep debating whether it is safe to share. On one hand,
> > I theoretically think that sharing it would not provide an adversary
> > with enough information to guess my passwords or otherwise bother me,
> > but I also wonder whether it would tell the adversary enough to study
> > the relevant approaches/software enough to come up with a vulnerability.
> > Does anyone have any commentary on my concern?
> >
>
> Like many valuable things, it depends on your risk model.
> Who is your adversary?  A 3LA?  Large well funded criminal
> enterprise?  A really good hacker?  Random scripty?
>
> For most folks, I suspect it is the latter.  On the other hand,
> it doesn't matter who it is - personally I want to keep my shit
> safe from *all* prying eyes.  It may not be great shit but it's
> *my* shit, and I want to keep it that way.
>
> You could of course, follow the web of trust model - share
> individually with those you trust and gain feedback to improve
> your defenses.
>
> That said, I'll share my approach.  Just don't hack me and steal
> all my shit :-)  I'm going to number all the elements below
> to allow for easy commentary.  I welcome all comments and
> suggestions on how to improve this setup.
>
>
> 1. My "password vault" is just a text file on my TrueOS laptop.
>
> 2. The file (in some directory)  is encrypted with gpg2(1) with a
>    strong password.  I do not keep a clear text version on hard
>    disk.
>
> 3. To edit the file, I create a memory disk, format it with newfs(8)
>    mount it, and lock down the mountpoint.
>
> 4. I copy the encrypted file to the memory disk, decrypt, edit,
>    save, and re-encrypt it all on the memory disk.  Lastly, I
>    use "rm -P" to "securely delete" the decrypted copy that
>    I edited.
>
> 5. The encrypted file is copied back to my hard disk.
>
> 6. The memory disk is unmounted and deleted.
>
> 7. The ASCII-armored file is then steganographically embedded
>    inside a JPEG file.  I use outguess(1) (by Niels Provos)
>    for the steganography operations.  This operation has a
>    completely different password.
>
> 8. The .JPG file is copied to a secure location online.
>
>
> Thus, I have a local ASCII armored encrypted file on my disk,
> and I have a copy of that file embedded inside a JPEG file
> on my disk, and also somewhere online.
>
>
> 9. If I just want to view the file, I open up a new terminal,
>    cat the encrypted file and pipe it to "gpg2 -d" which
>    outputs the clear text to the terminal window.  I
>    copy/paste whatever I need, and delete the terminal window
>    when done.  pinentry(1) is used for passing the password
>    to gpg2 in this step.
>
>
> That's it.
>
> Comments welcome!
> Jim B.
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
> Do open source developer's really need security. Not a joke. Look you have
> source's of all projects.
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>


Fuse has a nice filesystem called https://github.com/vgough/encfs. I
previously used that to mount a directory with "secret stuff". It can do
some of the things in step 1-6.

There also used to be this command line utility 'thrash' which attempted to
"secure delete" by writing over the blocks a variety of times.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171107/5c64f116/attachment.htm>

From Assafr at protonmail.com  Thu Nov  9 19:15:33 2017
From: Assafr at protonmail.com (assaf)
Date: Thu, 09 Nov 2017 19:15:33 -0500
Subject: [talk] December meeting?
Message-ID: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>

Hey all,
I will be in the States (new york) for the first week in December and am wondering if a meet up is planned for that week. Thanks.

Assaf
(Currently living in Ecuador )

Sent from ProtonMail mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171109/7239b274/attachment.htm>

From jkeenan at pobox.com  Thu Nov  9 19:45:19 2017
From: jkeenan at pobox.com (James E Keenan)
Date: Thu, 9 Nov 2017 19:45:19 -0500
Subject: [talk] December meeting?
In-Reply-To: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
Message-ID: <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>

On 11/09/2017 07:15 PM, assaf wrote:
> Hey all,
> I will be in the States (new york) for the first week in December and am 
> wondering if a meet up is planned for that week. Thanks.
> 
> Assaf
> (Currently living in Ecuador )
> 
> 

We don't currently have a technical meeting scheduled for December.

However, twice in the past three months we've had a social gathering on 
the first Wednesday when we did not have a tech meeting.

So stay tuned to the list for what might happen on Wed Dec 06.

Thank you very much.
Jim Keenan



From george at ceetonetechnology.com  Thu Nov  9 19:46:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Fri, 10 Nov 2017 00:46:00 +0000
Subject: [talk] December meeting?
In-Reply-To: <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
Message-ID: <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>

James E Keenan:
> On 11/09/2017 07:15 PM, assaf wrote:
>> Hey all,
>> I will be in the States (new york) for the first week in December and
>> am wondering if a meet up is planned for that week. Thanks.
>>
>> Assaf
>> (Currently living in Ecuador )
>>
>>
> 
> We don't currently have a technical meeting scheduled for December.
> 
> However, twice in the past three months we've had a social gathering on
> the first Wednesday when we did not have a tech meeting.
> 
> So stay tuned to the list for what might happen on Wed Dec 06.

We could sort out meeting at Suspenders for Dec 6.

Let's get some idea of how many people are interested.

g



From Assafr at protonmail.com  Thu Nov  9 19:48:47 2017
From: Assafr at protonmail.com (assaf)
Date: Thu, 09 Nov 2017 19:48:47 -0500
Subject: [talk] December meeting?
In-Reply-To: <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
Message-ID: <PLMYnrAzPchAxMPoO4zDct4lMrXHhhRfuWp8_lzb50-SCRceC89_zNXou53aMbZyINYNE-YFDQD7Vnsqy3R-Eura9tX0jMHOdQY3-iJvYDU=@protonmail.com>

I'm interested :)

Sent from ProtonMail mobile

-------- Original Message --------
On Nov 9, 2017, 7:46 PM, George Rosamond wrote:

> James E Keenan:
>> On 11/09/2017 07:15 PM, assaf wrote:
>>> Hey all,
>>> I will be in the States (new york) for the first week in December and
>>> am wondering if a meet up is planned for that week. Thanks.
>>>
>>> Assaf
>>> (Currently living in Ecuador )
>>>
>>>
>>
>> We don't currently have a technical meeting scheduled for December.
>>
>> However, twice in the past three months we've had a social gathering on
>> the first Wednesday when we did not have a tech meeting.
>>
>> So stay tuned to the list for what might happen on Wed Dec 06.
>
> We could sort out meeting at Suspenders for Dec 6.
>
> Let's get some idea of how many people are interested.
>
> g
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171109/20dcf62c/attachment.htm>

From bob at redivi.com  Thu Nov  9 19:54:57 2017
From: bob at redivi.com (Bob Ippolito)
Date: Thu, 9 Nov 2017 16:54:57 -0800
Subject: [talk] December meeting?
In-Reply-To: <PLMYnrAzPchAxMPoO4zDct4lMrXHhhRfuWp8_lzb50-SCRceC89_zNXou53aMbZyINYNE-YFDQD7Vnsqy3R-Eura9tX0jMHOdQY3-iJvYDU=@protonmail.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
 <PLMYnrAzPchAxMPoO4zDct4lMrXHhhRfuWp8_lzb50-SCRceC89_zNXou53aMbZyINYNE-YFDQD7Vnsqy3R-Eura9tX0jMHOdQY3-iJvYDU=@protonmail.com>
Message-ID: <CACwMPm_0xaqtXCOwdnjnDWsf+y1SjbcAb7VVMvRsj-i4ACC4iQ@mail.gmail.com>

I'm interested too :)

On Thu, Nov 9, 2017 at 4:48 PM, assaf <Assafr at protonmail.com> wrote:

> I'm interested :)
>
>
> Sent from ProtonMail mobile
>
>
>
> -------- Original Message --------
>
> On Nov 9, 2017, 7:46 PM, George Rosamond < george at ceetonetechnology.com>
> wrote:
>
>
> James E Keenan:
> > On 11/09/2017 07:15 PM, assaf wrote:
> >> Hey all,
> >> I will be in the States (new york) for the first week in December and
> >> am wondering if a meet up is planned for that week. Thanks.
> >>
> >> Assaf
> >> (Currently living in Ecuador )
> >>
> >>
> >
> > We don't currently have a technical meeting scheduled for December.
> >
> > However, twice in the past three months we've had a social gathering on
> > the first Wednesday when we did not have a tech meeting.
> >
> > So stay tuned to the list for what might happen on Wed Dec 06.
>
> We could sort out meeting at Suspenders for Dec 6.
>
> Let's get some idea of how many people are interested.
>
> g
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171109/b90ece47/attachment.htm>

From george at ceetonetechnology.com  Thu Nov  9 19:56:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Fri, 10 Nov 2017 00:56:00 +0000
Subject: [talk] December meeting?
In-Reply-To: <CACwMPm_0xaqtXCOwdnjnDWsf+y1SjbcAb7VVMvRsj-i4ACC4iQ@mail.gmail.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
 <PLMYnrAzPchAxMPoO4zDct4lMrXHhhRfuWp8_lzb50-SCRceC89_zNXou53aMbZyINYNE-YFDQD7Vnsqy3R-Eura9tX0jMHOdQY3-iJvYDU=@protonmail.com>
 <CACwMPm_0xaqtXCOwdnjnDWsf+y1SjbcAb7VVMvRsj-i4ACC4iQ@mail.gmail.com>
Message-ID: <ba0e815b-8301-9934-c34c-11ad74c734c2@ceetonetechnology.com>

Bob Ippolito:
> I'm interested too :)

Ha!  I've heard of you!

(Bob was around from the very beginnings of NYC*BUG... and it's always
great when he comes back to NYC)

g



From viewtiful.icchan at gmail.com  Fri Nov 10 12:47:12 2017
From: viewtiful.icchan at gmail.com (Robert Menes)
Date: Fri, 10 Nov 2017 12:47:12 -0500
Subject: [talk] December meeting?
In-Reply-To: <ba0e815b-8301-9934-c34c-11ad74c734c2@ceetonetechnology.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
 <PLMYnrAzPchAxMPoO4zDct4lMrXHhhRfuWp8_lzb50-SCRceC89_zNXou53aMbZyINYNE-YFDQD7Vnsqy3R-Eura9tX0jMHOdQY3-iJvYDU=@protonmail.com>
 <CACwMPm_0xaqtXCOwdnjnDWsf+y1SjbcAb7VVMvRsj-i4ACC4iQ@mail.gmail.com>
 <ba0e815b-8301-9934-c34c-11ad74c734c2@ceetonetechnology.com>
Message-ID: <CA+TaHT3_8A125pv6_PC7gi5hg+5sf-1PDQ_xu9SP7VDa8oVUNg@mail.gmail.com>

Interested!

--Robert

On Nov 9, 2017 19:57, "George Rosamond" <george at ceetonetechnology.com>
wrote:

> Bob Ippolito:
> > I'm interested too :)
>
> Ha!  I've heard of you!
>
> (Bob was around from the very beginnings of NYC*BUG... and it's always
> great when he comes back to NYC)
>
> g
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171110/ee2293b7/attachment.htm>

From bcallah at devio.us  Fri Nov 10 14:28:17 2017
From: bcallah at devio.us (Brian Callahan)
Date: Fri, 10 Nov 2017 14:28:17 -0500
Subject: [talk] December meeting?
In-Reply-To: <CA+TaHT3_8A125pv6_PC7gi5hg+5sf-1PDQ_xu9SP7VDa8oVUNg@mail.gmail.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
 <PLMYnrAzPchAxMPoO4zDct4lMrXHhhRfuWp8_lzb50-SCRceC89_zNXou53aMbZyINYNE-YFDQD7Vnsqy3R-Eura9tX0jMHOdQY3-iJvYDU=@protonmail.com>
 <CACwMPm_0xaqtXCOwdnjnDWsf+y1SjbcAb7VVMvRsj-i4ACC4iQ@mail.gmail.com>
 <ba0e815b-8301-9934-c34c-11ad74c734c2@ceetonetechnology.com>
 <CA+TaHT3_8A125pv6_PC7gi5hg+5sf-1PDQ_xu9SP7VDa8oVUNg@mail.gmail.com>
Message-ID: <3c9a0934-33bf-5ca8-1a1d-e2ec01a83dc5@devio.us>



On 11/10/2017 12:47 PM, Robert Menes wrote:
> Interested!
>
> --Robert
>
> On Nov 9, 2017 19:57, "George Rosamond" <george at ceetonetechnology.com 
> <mailto:george at ceetonetechnology.com>> wrote:
>
>     Bob Ippolito:
>     > I'm interested too :)
>
>     Ha!? I've heard of you!
>
>     (Bob was around from the very beginnings of NYC*BUG... and it's always
>     great when he comes back to NYC)
>
>     g
>
>     _______________________________________________
>     talk mailing list
>     talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>     http://lists.nycbug.org/mailman/listinfo/talk
>     <http://lists.nycbug.org/mailman/listinfo/talk>
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

I might be able to swing down.

~Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171110/cb16a3cb/attachment.htm>

From mcevoy.pat at gmail.com  Tue Nov 14 13:05:52 2017
From: mcevoy.pat at gmail.com (Pat McEvoy)
Date: Tue, 14 Nov 2017 13:05:52 -0500
Subject: [talk] December meeting?
In-Reply-To: <CA+TaHT3_8A125pv6_PC7gi5hg+5sf-1PDQ_xu9SP7VDa8oVUNg@mail.gmail.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
 <PLMYnrAzPchAxMPoO4zDct4lMrXHhhRfuWp8_lzb50-SCRceC89_zNXou53aMbZyINYNE-YFDQD7Vnsqy3R-Eura9tX0jMHOdQY3-iJvYDU=@protonmail.com>
 <CACwMPm_0xaqtXCOwdnjnDWsf+y1SjbcAb7VVMvRsj-i4ACC4iQ@mail.gmail.com>
 <ba0e815b-8301-9934-c34c-11ad74c734c2@ceetonetechnology.com>
 <CA+TaHT3_8A125pv6_PC7gi5hg+5sf-1PDQ_xu9SP7VDa8oVUNg@mail.gmail.com>
Message-ID: <F61CDC3F-254E-441C-BEAE-F26D947A1A8E@gmail.com>




> On Nov 10, 2017, at 12:47 PM, Robert Menes <viewtiful.icchan at gmail.com> wrote:
> 
> Interested!
> 
> --Robert
> 
>> On Nov 9, 2017 19:57, "George Rosamond" <george at ceetonetechnology.com> wrote:
>> Bob Ippolito:
>> > I'm interested too :)
>> 
>> Ha!  I've heard of you!
>> 
>> (Bob was around from the very beginnings of NYC*BUG... and it's always
>> great when he comes back to NYC)
>> 
>> g
>> 
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk


I'm in. Are we planning to stream anything?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171114/b9b1f2a8/attachment.htm>

From george at ceetonetechnology.com  Tue Nov 14 13:07:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Tue, 14 Nov 2017 18:07:00 +0000
Subject: [talk] December meeting?
In-Reply-To: <F61CDC3F-254E-441C-BEAE-F26D947A1A8E@gmail.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
 <PLMYnrAzPchAxMPoO4zDct4lMrXHhhRfuWp8_lzb50-SCRceC89_zNXou53aMbZyINYNE-YFDQD7Vnsqy3R-Eura9tX0jMHOdQY3-iJvYDU=@protonmail.com>
 <CACwMPm_0xaqtXCOwdnjnDWsf+y1SjbcAb7VVMvRsj-i4ACC4iQ@mail.gmail.com>
 <ba0e815b-8301-9934-c34c-11ad74c734c2@ceetonetechnology.com>
 <CA+TaHT3_8A125pv6_PC7gi5hg+5sf-1PDQ_xu9SP7VDa8oVUNg@mail.gmail.com>
 <F61CDC3F-254E-441C-BEAE-F26D947A1A8E@gmail.com>
Message-ID: <fb5c42ba-b706-d2fd-6623-b23e3d61e745@ceetonetechnology.com>

Pat McEvoy:
> 
> 
> 
>> On Nov 10, 2017, at 12:47 PM, Robert Menes <viewtiful.icchan at gmail.com> wrote:
>>
>> Interested!
>>
>> --Robert
>>
>>> On Nov 9, 2017 19:57, "George Rosamond" <george at ceetonetechnology.com> wrote:
>>> Bob Ippolito:
>>>> I'm interested too :)
>>>
>>> Ha!  I've heard of you!
>>>
>>> (Bob was around from the very beginnings of NYC*BUG... and it's always
>>> great when he comes back to NYC)
>>>
>>> g
>>>
>>> _______________________________________________
>>> talk mailing list
>>> talk at lists.nycbug.org
>>> http://lists.nycbug.org/mailman/listinfo/talk
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
> 
> 
> I'm in. Are we planning to stream anything?
> 

Hmmmm people eating and maybe drinking?

Probably not :)

g



From raulcuza at gmail.com  Thu Nov 16 06:24:48 2017
From: raulcuza at gmail.com (Raul Cuza)
Date: Thu, 16 Nov 2017 06:24:48 -0500
Subject: [talk] December meeting?
In-Reply-To: <fb5c42ba-b706-d2fd-6623-b23e3d61e745@ceetonetechnology.com>
References: <GHzhfuLIGDsJPY-oyQ7A5FeZTsKxl8YprpVa746wnifxRbKC-mTe4chBsakgYOyZ4sq2oj-aB6xiyNNWR2tRwbR3sE5oMyrd0pUKxeiIuQU=@protonmail.com>
 <90fb67f1-8a43-f7c3-3713-7d321a218ae6@pobox.com>
 <5fc1986c-48f4-8628-4412-f700c67285e7@ceetonetechnology.com>
 <PLMYnrAzPchAxMPoO4zDct4lMrXHhhRfuWp8_lzb50-SCRceC89_zNXou53aMbZyINYNE-YFDQD7Vnsqy3R-Eura9tX0jMHOdQY3-iJvYDU=@protonmail.com>
 <CACwMPm_0xaqtXCOwdnjnDWsf+y1SjbcAb7VVMvRsj-i4ACC4iQ@mail.gmail.com>
 <ba0e815b-8301-9934-c34c-11ad74c734c2@ceetonetechnology.com>
 <CA+TaHT3_8A125pv6_PC7gi5hg+5sf-1PDQ_xu9SP7VDa8oVUNg@mail.gmail.com>
 <F61CDC3F-254E-441C-BEAE-F26D947A1A8E@gmail.com>
 <fb5c42ba-b706-d2fd-6623-b23e3d61e745@ceetonetechnology.com>
Message-ID: <CAOnfn2yoT3Vxrqe0xYJAeyAvMm8Qoi7m7qvDdJ+DUGd31iRpRA@mail.gmail.com>

On Nov 14, 2017 13:07, "George Rosamond" <george at ceetonetechnology.com>
wrote:

Pat McEvoy:
>
>
>
>> On Nov 10, 2017, at 12:47 PM, Robert Menes <viewtiful.icchan at gmail.com>
wrote:
>>
>> Interested!
>>
>> --Robert
>>
>>> On Nov 9, 2017 19:57, "George Rosamond" <george at ceetonetechnology.com>
wrote:
>>> Bob Ippolito:
>>>> I'm interested too :)
>>>
>>> Ha!  I've heard of you!
>>>
>>> (Bob was around from the very beginnings of NYC*BUG... and it's always
>>> great when he comes back to NYC)
>>>
>>> g
>>>
>>> _______________________________________________
>>> talk mailing list
>>> talk at lists.nycbug.org
>>> http://lists.nycbug.org/mailman/listinfo/talk
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>
>
> I'm in. Are we planning to stream anything?
>

Hmmmm people eating and maybe drinking?

Probably not :)

g


I hear people dig that on the Internet.

I'm interested.

Ra?l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171116/4bb4a5a7/attachment.htm>

From spork at bway.net  Fri Nov 17 17:51:12 2017
From: spork at bway.net (Charles Sprickman)
Date: Fri, 17 Nov 2017 17:51:12 -0500
Subject: [talk] SD cards for Pi?
Message-ID: <09C36A74-42CD-41A5-A253-06A1A775FA42@bway.net>

Hi all,

I know there are a ton of ARM fans here running various Pi clones and such?  I had a model B sitting around and I decided that I?d move my znc proxy and ssh/tmux jumphost off of my big media server and onto the Pi.  I have a UPS, and like to let the big server shutdown 10 minutes into a power outage, and then just let the rest of the stuff run until the battery is near death.  So the Pi looked like a nice option that would take very little power.  I installed FreeBSD 11.1/ARM on there and installed a few packages, all was well for about 8 months.

Last night, the Pi disappeared.  Today I looked at it and on checking the SD card, it seemed dead. Laptop recognized it, but no partition table and any attempt to dd things from or to it failed with an IO error.  

So two questions:

- At a local Walgreens or Staples, what?s a decent SD card?  I know nothing of these things.
- Is there any tweaking I should have done to FreeBSD to make it not write excessively to the card (I did not have swap enabled)?

Thanks,

Charles

PS - Ike, I dropped the OS-X thread not out of frustration, but more like it?s too long of a convo to have via email.  I?ll say this though - anyone still using OS-X, take a look at iTerm and the tmux integration feature, it?s awesome.


From ike at blackskyresearch.net  Fri Nov 17 18:07:00 2017
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Fri, 17 Nov 2017 18:07:00 -0500
Subject: [talk] SD cards for Pi?
In-Reply-To: <09C36A74-42CD-41A5-A253-06A1A775FA42@bway.net>
References: <09C36A74-42CD-41A5-A253-06A1A775FA42@bway.net>
Message-ID: <1510960020.2916991.1176425432.09F46F01@webmail.messagingengine.com>

Word,

On Fri, Nov 17, 2017, at 05:51 PM, Charles Sprickman wrote:
> Hi all,
> 
> I know there are a ton of ARM fans here running various Pi clones and
> such?  I had a model B sitting around and I decided that I?d move my znc
> proxy and ssh/tmux jumphost off of my big media server and onto the Pi. 
> I have a UPS, and like to let the big server shutdown 10 minutes into a
> power outage, and then just let the rest of the stuff run until the
> battery is near death.  So the Pi looked like a nice option that would
> take very little power.  I installed FreeBSD 11.1/ARM on there and
> installed a few packages, all was well for about 8 months.
> 
> Last night, the Pi disappeared.  Today I looked at it and on checking the
> SD card, it seemed dead. Laptop recognized it, but no partition table and
> any attempt to dd things from or to it failed with an IO error.  
> 
> So two questions:
> 
> - At a local Walgreens or Staples, what?s a decent SD card?  I know
> nothing of these things.

SanDisk are my common go-to, as fast as you want to pay for.

They all die, but still sometimes have probs with bootloader on no-brand
stuff.
(Yes, in 2017, still problems here with cheap media.)

> - Is there any tweaking I should have done to FreeBSD to make it not
> write excessively to the card (I did not have swap enabled)?

/etc/defaults/rc.conf has a few goodies that recently surprised me, easy
easy memdisk for tmp and var.
Also, disable swap.

--
tmpmfs="AUTO"           # Set to YES to always create an mfs /tmp, NO to
never
tmpsize="20m"           # Size of mfs /tmp if created
tmpmfs_flags="-S"       # Extra mdmfs options for the mfs /tmp
varmfs="AUTO"           # Set to YES to always create an mfs /var, NO to
never
varsize="32m"           # Size of mfs /var if created
varmfs_flags="-S"       # Extra mount options for the mfs /var
mfs_type="auto"         # "md", "tmpfs", "auto" to prefer tmpfs with md
as fallback
populate_var="AUTO"     # Set to YES to always (re)populate /var, NO to
never
--

Next big thing: your application.  Write to a mem disk if it writes
often.

> 
> Thanks,
> 
> Charles
> 
> PS - Ike, I dropped the OS-X thread not out of frustration, but more like
> it?s too long of a convo to have via email.  

Ha! Indeed.  Next time with drink in hand.

Best,
.ike


> I?ll say this though -
> anyone still using OS-X, take a look at iTerm and the tmux integration
> feature, it?s awesome.
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From spork at bway.net  Sat Nov 18 14:53:13 2017
From: spork at bway.net (Charles Sprickman)
Date: Sat, 18 Nov 2017 14:53:13 -0500
Subject: [talk] SD cards for Pi?
In-Reply-To: <1510960020.2916991.1176425432.09F46F01@webmail.messagingengine.com>
References: <09C36A74-42CD-41A5-A253-06A1A775FA42@bway.net>
 <1510960020.2916991.1176425432.09F46F01@webmail.messagingengine.com>
Message-ID: <D8B81F6A-148F-4B68-9B2F-9AAE35B561E6@bway.net>

Yay!

> On Nov 17, 2017, at 6:07 PM, Isaac (.ike) Levy <ike at blackskyresearch.net> wrote:
> 
> Word,
> 
> On Fri, Nov 17, 2017, at 05:51 PM, Charles Sprickman wrote:
>> Hi all,
>> 
>> I know there are a ton of ARM fans here running various Pi clones and
>> such?  I had a model B sitting around and I decided that I?d move my znc
>> proxy and ssh/tmux jumphost off of my big media server and onto the Pi. 
>> I have a UPS, and like to let the big server shutdown 10 minutes into a
>> power outage, and then just let the rest of the stuff run until the
>> battery is near death.  So the Pi looked like a nice option that would
>> take very little power.  I installed FreeBSD 11.1/ARM on there and
>> installed a few packages, all was well for about 8 months.
>> 
>> Last night, the Pi disappeared.  Today I looked at it and on checking the
>> SD card, it seemed dead. Laptop recognized it, but no partition table and
>> any attempt to dd things from or to it failed with an IO error.  
>> 
>> So two questions:
>> 
>> - At a local Walgreens or Staples, what?s a decent SD card?  I know
>> nothing of these things.
> 
> SanDisk are my common go-to, as fast as you want to pay for.
> 
> They all die, but still sometimes have probs with bootloader on no-brand
> stuff.
> (Yes, in 2017, still problems here with cheap media.)

WalMart, $12 16GB SanDisk ?class 10?.  Old one was ?Maxell? micro SD in
an adapter.  Maxell have apparently gone from cassette tapes to flash storage 
I guess, I do not recall this happening when I inserted it into the Pi: 
https://www.youtube.com/watch?v=IBem3x7G6bc <https://www.youtube.com/watch?v=IBem3x7G6bc>
> 
>> - Is there any tweaking I should have done to FreeBSD to make it not
>> write excessively to the card (I did not have swap enabled)?
> 
> /etc/defaults/rc.conf has a few goodies that recently surprised me, easy
> easy memdisk for tmp and var.
> Also, disable swap.
> 
> --
> tmpmfs="AUTO"           # Set to YES to always create an mfs /tmp, NO to
> never
> tmpsize="20m"           # Size of mfs /tmp if created
> tmpmfs_flags="-S"       # Extra mdmfs options for the mfs /tmp
> varmfs="AUTO"           # Set to YES to always create an mfs /var, NO to
> never
> varsize="32m"           # Size of mfs /var if created
> varmfs_flags="-S"       # Extra mount options for the mfs /var
> mfs_type="auto"         # "md", "tmpfs", "auto" to prefer tmpfs with md
> as fallback
> populate_var="AUTO"     # Set to YES to always (re)populate /var, NO to
> never

This worked but for ?varmfs? - in 11.1, that seems to be either ?YES? or
?NO? - no ?AUTO? option.

> Next big thing: your application.  Write to a mem disk if it writes
> often.

ZNC and tmux, that?s it.

Thanks so much, that was extremely helpful.

Charles

Oh - and if you?re ever eating/drinking at NJ NYI, I?m about 20 minutes north of there.

> 
>> 
>> Thanks,
>> 
>> Charles
>> 
>> PS - Ike, I dropped the OS-X thread not out of frustration, but more like
>> it?s too long of a convo to have via email.  
> 
> Ha! Indeed.  Next time with drink in hand.
> 
> Best,
> .ike
> 
> 
>> I?ll say this though -
>> anyone still using OS-X, take a look at iTerm and the tmux integration
>> feature, it?s awesome.
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>> http://lists.nycbug.org/mailman/listinfo/talk <http://lists.nycbug.org/mailman/listinfo/talk>
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
> http://lists.nycbug.org/mailman/listinfo/talk <http://lists.nycbug.org/mailman/listinfo/talk>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171118/6045be07/attachment.htm>

From arielsanchezmora at gmail.com  Sat Nov 18 15:09:47 2017
From: arielsanchezmora at gmail.com (Ariel Sanchez Mora)
Date: Sat, 18 Nov 2017 15:09:47 -0500
Subject: [talk] SD cards for Pi?
In-Reply-To: <D8B81F6A-148F-4B68-9B2F-9AAE35B561E6@bway.net>
References: <09C36A74-42CD-41A5-A253-06A1A775FA42@bway.net>
 <1510960020.2916991.1176425432.09F46F01@webmail.messagingengine.com>
 <D8B81F6A-148F-4B68-9B2F-9AAE35B561E6@bway.net>
Message-ID: <CADN2GVv+DQcc0MBzjPEgLjR6vA-XqKtjEoixqtLNtXuKGgRgeQ@mail.gmail.com>

I remember having read a lot and finally settling on this one (after
noticing the first one I tried was very slow)

Samsung 32GB EVO Plus Class 10 Micro SDHC with Adapter 80mb/s
(MB-MC32DA/AM)
https://www.amazon.com/dp/B00WR4IJBE/ref=cm_sw_r_cp_apa_5mjeAbHJE0HR9

See if you can find it :)

On Nov 18, 2017 2:53 PM, "Charles Sprickman" <spork at bway.net> wrote:

> Yay!
>
> On Nov 17, 2017, at 6:07 PM, Isaac (.ike) Levy <ike at blackskyresearch.net>
> wrote:
>
> Word,
>
> On Fri, Nov 17, 2017, at 05:51 PM, Charles Sprickman wrote:
>
> Hi all,
>
> I know there are a ton of ARM fans here running various Pi clones and
> such?  I had a model B sitting around and I decided that I?d move my znc
> proxy and ssh/tmux jumphost off of my big media server and onto the Pi.
> I have a UPS, and like to let the big server shutdown 10 minutes into a
> power outage, and then just let the rest of the stuff run until the
> battery is near death.  So the Pi looked like a nice option that would
> take very little power.  I installed FreeBSD 11.1/ARM on there and
> installed a few packages, all was well for about 8 months.
>
> Last night, the Pi disappeared.  Today I looked at it and on checking the
> SD card, it seemed dead. Laptop recognized it, but no partition table and
> any attempt to dd things from or to it failed with an IO error.
>
> So two questions:
>
> - At a local Walgreens or Staples, what?s a decent SD card?  I know
> nothing of these things.
>
>
> SanDisk are my common go-to, as fast as you want to pay for.
>
> They all die, but still sometimes have probs with bootloader on no-brand
> stuff.
> (Yes, in 2017, still problems here with cheap media.)
>
>
> WalMart, $12 16GB SanDisk ?class 10?.  Old one was ?Maxell? micro SD in
> an adapter.  Maxell have apparently gone from cassette tapes to flash
> storage
> I guess, I do not recall this happening when I inserted it into the Pi:
> https://www.youtube.com/watch?v=IBem3x7G6bc
>
>
> - Is there any tweaking I should have done to FreeBSD to make it not
> write excessively to the card (I did not have swap enabled)?
>
>
> /etc/defaults/rc.conf has a few goodies that recently surprised me, easy
> easy memdisk for tmp and var.
> Also, disable swap.
>
> --
> tmpmfs="AUTO"           # Set to YES to always create an mfs /tmp, NO to
> never
> tmpsize="20m"           # Size of mfs /tmp if created
> tmpmfs_flags="-S"       # Extra mdmfs options for the mfs /tmp
> varmfs="AUTO"           # Set to YES to always create an mfs /var, NO to
> never
> varsize="32m"           # Size of mfs /var if created
> varmfs_flags="-S"       # Extra mount options for the mfs /var
> mfs_type="auto"         # "md", "tmpfs", "auto" to prefer tmpfs with md
> as fallback
> populate_var="AUTO"     # Set to YES to always (re)populate /var, NO to
> never
>
>
> This worked but for ?varmfs? - in 11.1, that seems to be either ?YES? or
> ?NO? - no ?AUTO? option.
>
> Next big thing: your application.  Write to a mem disk if it writes
> often.
>
>
> ZNC and tmux, that?s it.
>
> Thanks so much, that was extremely helpful.
>
> Charles
>
> Oh - and if you?re ever eating/drinking at NJ NYI, I?m about 20 minutes
> north of there.
>
>
>
> Thanks,
>
> Charles
>
> PS - Ike, I dropped the OS-X thread not out of frustration, but more like
> it?s too long of a convo to have via email.
>
>
> Ha! Indeed.  Next time with drink in hand.
>
> Best,
> .ike
>
>
> I?ll say this though -
> anyone still using OS-X, take a look at iTerm and the tmux integration
> feature, it?s awesome.
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171118/bae4d436/attachment.htm>

From zaphod at berentweb.com  Sat Nov 18 17:27:05 2017
From: zaphod at berentweb.com (Beeblebrox)
Date: Sat, 18 Nov 2017 22:27:05 +0000
Subject: [talk] Used parts outlet?
Message-ID: <2C52C575-15A9-4553-AE11-DFD44FBDA7FF@berentweb.com>

Hello everyone.
Just moved back to NYC area after living for two decades in Europe.
I brought my MoBo & HDDs with me, but there was no point of lugging the case and power unit over the ocean.
I found a 550w Power Sup on Amazon for about $17, but the case is a problem as I'd prefer to buy a used one for 15-20 bucks.

Anyone have an old ATX compatible box laying around or maybe point me to a decent second hand electronics outfit?
Thanks & Regards.



From sjt.kar at gmail.com  Sun Nov 19 00:43:29 2017
From: sjt.kar at gmail.com (Sujit K M)
Date: Sun, 19 Nov 2017 11:13:29 +0530
Subject: [talk] Used parts outlet?
In-Reply-To: <2C52C575-15A9-4553-AE11-DFD44FBDA7FF@berentweb.com>
References: <2C52C575-15A9-4553-AE11-DFD44FBDA7FF@berentweb.com>
Message-ID: <CAOPOgtCGzYipeDc8Anz1tv4AGSao++duy9bCDb17XYrj3Bspjg@mail.gmail.com>

On Sun, Nov 19, 2017 at 3:57 AM, Beeblebrox <zaphod at berentweb.com> wrote:
> Hello everyone.
> Just moved back to NYC area after living for two decades in Europe.
> I brought my MoBo & HDDs with me, but there was no point of lugging the case and power unit over the ocean.
> I found a 550w Power Sup on Amazon for about $17, but the case is a problem as I'd prefer to buy a used one for 15-20 bucks.
>
> Anyone have an old ATX compatible box laying around or maybe point me to a decent second hand electronics outfit?
> Thanks & Regards.

amazon doesn't sell old part? ebay does in my opinion.



From zaphod at berentweb.com  Sun Nov 19 08:46:30 2017
From: zaphod at berentweb.com (Beeblebrox)
Date: Sun, 19 Nov 2017 13:46:30 +0000
Subject: [talk] Used parts outlet?
In-Reply-To: <CAOPOgtCGzYipeDc8Anz1tv4AGSao++duy9bCDb17XYrj3Bspjg@mail.gmail.com>
References: <2C52C575-15A9-4553-AE11-DFD44FBDA7FF@berentweb.com>
 <CAOPOgtCGzYipeDc8Anz1tv4AGSao++duy9bCDb17XYrj3Bspjg@mail.gmail.com>
Message-ID: <3B92C115-690B-45E0-BC89-F70913A7198A@berentweb.com>

Thanks Sujit.
Amazon had higher prices than ebay for case, but shipment cost might cancel the savings I thought. I thus decided to narrow the radius and just imagined there might be a second hand PC store somewhere.



From nycbug-talk at reynolds.users.panix.com  Sun Nov 19 18:13:41 2017
From: nycbug-talk at reynolds.users.panix.com (Brian Reynolds)
Date: Sun, 19 Nov 2017 18:13:41 -0500
Subject: [talk] SD cards for Pi?
In-Reply-To: <09C36A74-42CD-41A5-A253-06A1A775FA42@bway.net>
References: <09C36A74-42CD-41A5-A253-06A1A775FA42@bway.net>
Message-ID: <20171119231341.GA17310@panix.com>

[I did not realize that nycbug-talk does not reply to the list (at
least with mutt), so I'm (again) resending this (lightly edited).]

I have several Raspberry Pis running 24 hours a day at various loads.
Most of them run one of several different Linux distros intended for
specific tasks.

In particular I have a Raspberry Pi 2 model B running LibreELEC
hanging off my TV.  I use it to watch various videos I download from
the Internet to the SD card used to boot the RPi.  I frequently fill
and empty this card.  Downloading new videos while simultaneously
viewing other videos can tax both the IO system and CPU on the RPi.

I find that the most important factor for SD card stability with the
RPi is power supply quality.  If your power supply is flaky, or on the
low end of the recommended power range you can expect trouble.  Since
switching to 2.5A power supplies from good vendors (Adafruit, Micro
Center) I haven't had trouble.

Charles Sprickman wrote:
> 
> So two questions:
> 
> - At a local Walgreens or Staples, what???s a decent SD card?  I
> know nothing of these things.

I tend to use SanDisk SDHC or microSD cards, mostly because that's
what I use for my photography.  Cards with Class 10 or U3 ratings
should be fast enough.

At last month's Photo Plus Expo I asked the representative at the
SanDisk booth about which card to use for SBC filesystems.  He hadn't
realized that anyone was using SD cards that way, but suggested that I
look for cards used for surveillance cameras on their website.
Unfortunately their website is big on flashy presentation, and low on
technical content.

> - Is there any tweaking I should have done to FreeBSD to make it not
> write excessively to the card (I did not have swap enabled)?

.ike has good ideas on changes you could make.

I have a lightly loaded original Raspberry Pi Model B (256MB RAM)
running FreeBSD 10.2-STABLE that I use for fiddling around.  Without
my making changes, it has /tmp as mfs in /etc/fstab.  I assume .ike's
recommendations are for more recent releases.

I'll eventually update the release on this RPi, and I may get back to
my experiments in booting FreeBSD off of a hard disk instead of the SD
card.  On older models you need an SD card to hold the FAT filesystem,
but root (and other partitions) can be on a USB drive.  I got this far
a while ago.  On the Raspberry Pi 3 model B there is beta support for
hard disk, or network booting without a SD card.  I have not tried
this with FreeBSD yet.

-- 
Brian Reynolds                   | "It's just like flying a spaceship.
reynolds at panix.com               |  You push some buttons and see
https://www.panix.com/~reynolds/ |  what happens." -- Zapp Brannigan
NAR# 54438                       |  



From spork at bway.net  Sun Nov 19 19:48:27 2017
From: spork at bway.net (Charles Sprickman)
Date: Sun, 19 Nov 2017 19:48:27 -0500
Subject: [talk] Used parts outlet?
In-Reply-To: <3B92C115-690B-45E0-BC89-F70913A7198A@berentweb.com>
References: <2C52C575-15A9-4553-AE11-DFD44FBDA7FF@berentweb.com>
 <CAOPOgtCGzYipeDc8Anz1tv4AGSao++duy9bCDb17XYrj3Bspjg@mail.gmail.com>
 <3B92C115-690B-45E0-BC89-F70913A7198A@berentweb.com>
Message-ID: <D756D07D-7E9E-40FD-8A0D-2308B122D024@bway.net>


> On Nov 19, 2017, at 8:46 AM, Beeblebrox <zaphod at berentweb.com> wrote:
> 
> Thanks Sujit.
> Amazon had higher prices than ebay for case, but shipment cost might cancel the savings I thought. I thus decided to narrow the radius and just imagined there might be a second hand PC store somewhere.

If there is an ?e-waste? drop-off spot where you live, I highly recommend looking there.

In my town, there is always a gigantic pile of electronics stuff, dead PCs included.  I?ve dumped quite a few there myself.  It?s very hard not taking things back with me - receivers that probably just have blown fuses, so many misc. computer bits, and a staggering array of flat screen TVs (last time I counted at least 30, and this is a relatively small town).

The rules may prohibit poking around or removing stuff, but it never hurts to ask?

Charles

> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From spork at bway.net  Sun Nov 19 20:13:13 2017
From: spork at bway.net (Charles Sprickman)
Date: Sun, 19 Nov 2017 20:13:13 -0500
Subject: [talk] SD cards for Pi?
In-Reply-To: <20171119231341.GA17310@panix.com>
References: <09C36A74-42CD-41A5-A253-06A1A775FA42@bway.net>
 <20171119231341.GA17310@panix.com>
Message-ID: <37B17ED9-2FEF-4A98-9C35-A6B6B95DB2DD@bway.net>

Thanks for the info, Brian - 

> On Nov 19, 2017, at 6:13 PM, Brian Reynolds <nycbug-talk at reynolds.users.panix.com> wrote:

...

> In particular I have a Raspberry Pi 2 model B running LibreELEC
> hanging off my TV.  I use it to watch various videos I download from
> the Internet to the SD card used to boot the RPi.  I frequently fill
> and empty this card.  Downloading new videos while simultaneously
> viewing other videos can tax both the IO system and CPU on the RPi.

Is this a SanDisk card? I imagine that it sees a fair amount of writes.

> I find that the most important factor for SD card stability with the
> RPi is power supply quality.  If your power supply is flaky, or on the
> low end of the recommended power range you can expect trouble.  Since
> switching to 2.5A power supplies from good vendors (Adafruit, Micro
> Center) I haven't had trouble.

I found that out early on, the included power supply in my bundle was
total junk. I?m now using of all things an extra iPhone cube that seems 
to work well.  I think it?s 1A or 1.5A.  I see some people recommend 2A
but I have no peripherals...

> 
> Charles Sprickman wrote:
>> 
>> So two questions:
>> 
>> - At a local Walgreens or Staples, what???s a decent SD card?  I
>> know nothing of these things.
> 
> I tend to use SanDisk SDHC or microSD cards, mostly because that's
> what I use for my photography.  Cards with Class 10 or U3 ratings
> should be fast enough.

Are you aware of any link between the write speed (?class?) and the
flash endurance?

> At last month's Photo Plus Expo I asked the representative at the
> SanDisk booth about which card to use for SBC filesystems.  He hadn't
> realized that anyone was using SD cards that way, but suggested that I
> look for cards used for surveillance cameras on their website.
> Unfortunately their website is big on flashy presentation, and low on
> technical content.

Good to know.

> 
>> - Is there any tweaking I should have done to FreeBSD to make it not
>> write excessively to the card (I did not have swap enabled)?
> 
> .ike has good ideas on changes you could make.

Done, and I think I had a very crappy card as well (Maxell).

> I have a lightly loaded original Raspberry Pi Model B (256MB RAM)
> running FreeBSD 10.2-STABLE that I use for fiddling around.  Without
> my making changes, it has /tmp as mfs in /etc/fstab.  I assume .ike's
> recommendations are for more recent releases.
> 
> I'll eventually update the release on this RPi, and I may get back to
> my experiments in booting FreeBSD off of a hard disk instead of the SD
> card.  On older models you need an SD card to hold the FAT filesystem,
> but root (and other partitions) can be on a USB drive.  I got this far
> a while ago.  On the Raspberry Pi 3 model B there is beta support for
> hard disk, or network booting without a SD card.  I have not tried
> this with FreeBSD yet.

I?m looking for something - either more Pis or beaglebones or whatever
the current hot/cheap thing is - to put at some client sites.  When we
take over something where we?re managing some of their internal stuff
a generic ?unix box? inside that can tunnel out, serve up some splash
page for a captive portal, relay some logs out, or a ton of other things
would be handy.  I?d have more buy-in if I could grab something for
$50 or so. As far as the hardware goes, storage is the most worrisome.
Have you had any luck with sticking ?real? SSDs in a USB enclosure
and hooking that up to a Pi?  At least they have some published
endurance specs.  Not sure if you can pull SMART data over USB
though?

Thanks,

Charles

> 
> -- 
> Brian Reynolds                   | "It's just like flying a spaceship.
> reynolds at panix.com               |  You push some buttons and see
> https://www.panix.com/~reynolds/ |  what happens." -- Zapp Brannigan
> NAR# 54438                       |  
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From zaphod at berentweb.com  Sun Nov 19 22:52:53 2017
From: zaphod at berentweb.com (Beeblebrox)
Date: Mon, 20 Nov 2017 03:52:53 +0000
Subject: [talk] Used parts outlet?
In-Reply-To: <D756D07D-7E9E-40FD-8A0D-2308B122D024@bway.net>
References: <2C52C575-15A9-4553-AE11-DFD44FBDA7FF@berentweb.com>
 <CAOPOgtCGzYipeDc8Anz1tv4AGSao++duy9bCDb17XYrj3Bspjg@mail.gmail.com>
 <3B92C115-690B-45E0-BC89-F70913A7198A@berentweb.com>
 <D756D07D-7E9E-40FD-8A0D-2308B122D024@bway.net>
Message-ID: <C459559B-A908-4355-8A9E-4BD6E26F7121@berentweb.com>


>If there is an ?e-waste? drop-off spot where you live, I highly
>recommend looking there.

This is an excellent idea. Thanks!

Thanks for the CL link  Rick,
I had looked through the list but all I found was junk. I guess I did not do the search that well.



From ike at blackskyresearch.net  Mon Nov 20 08:39:28 2017
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Mon, 20 Nov 2017 08:39:28 -0500
Subject: [talk] Used parts outlet?
In-Reply-To: <2C52C575-15A9-4553-AE11-DFD44FBDA7FF@berentweb.com>
References: <2C52C575-15A9-4553-AE11-DFD44FBDA7FF@berentweb.com>
Message-ID: <1511185168.2345994.1178443968.17C4EBE2@webmail.messagingengine.com>

Hi there,

Good question, not such good answers:

On Sat, Nov 18, 2017, at 05:27 PM, Beeblebrox wrote:
> Hello everyone.
> Just moved back to NYC area after living for two decades in Europe.

Wow how things have sadly changed for hardware in two decades.

- There are no longer any small computer stores, the exceptions prove
this. (Just retail fashion outlets like the Apple store which happen to
sell odd toy things that contain computers.)

- There are no longer any large computer stores, with one exception-
MicroCenter.  When MicroCenter BK opened there was actually chering and
jubilation amongst us geeks.  Seriously, the big-box MicroCenter got
cheers.  We're that starved.

> I brought my MoBo & HDDs with me, but there was no point of lugging the
> case and power unit over the ocean.
> I found a 550w Power Sup on Amazon for about $17, but the case is a
> problem as I'd prefer to buy a used one for 15-20 bucks.

Online is your best bet.  MicroCenter is a great "I need this now"
option.

The recycling center note that Charles posted is a good idea too, but in
NYC, it's really hard to figure out how to get at the stuff- (and
impossible to know if some component has sat out with the trash in the
rain or something).

> 
> Anyone have an old ATX compatible box laying around or maybe point me to
> a decent second hand electronics outfit?

Closest second-hand electronics outfit I can think of would be places in
Southern California.  (Frys, UNIX Surplus, etc...)

--
Curious: what's this scene like in countries in Europe?  Is there a
culture of sustainable/decent hardware computer stores?

Best,
.ike


> Thanks & Regards.
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From ike at blackskyresearch.net  Mon Nov 20 16:20:36 2017
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Mon, 20 Nov 2017 16:20:36 -0500
Subject: [talk] Intel finally recognizes ME/SPS/TXE security flaws
Message-ID: <1511212836.3217357.1178990696.2117A629@webmail.messagingengine.com>


Hi All,

Years of warning, but global wailing and gnashing of teeth can commence
...........now:

Intel finally recognizes ME/SPS/TXE security flaws
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

--
Some recent interesting fun on the topic,
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
https://www.theregister.co.uk/2017/09/26/intel_management_engine_exploit/
And as the topc gains in popularity,
https://www.blackhat.com/eu-17/briefings.html#intel-me-flash-file-system-explained

And in *related* news, has anyone seen this impressive piece of fun:
"The Memory Sinkhole - Unleashing An X86 Design Flaw Allowing Universal
Privilege Escalation"
https://www.youtube.com/watch?v=lR0nh-TdpVg&t=1379s

--
Are we about done with x86 and Intel yet?

Best,
.ike



From scottro11 at gmail.com  Wed Nov 22 08:01:07 2017
From: scottro11 at gmail.com (Scott Robbins)
Date: Wed, 22 Nov 2017 08:01:07 -0500
Subject: [talk] drm-next-kmod in CURRENT
Message-ID: <20171122130107.GA4859@scott1.scottro.net>

Until now, to get my Haswell ULT working well in FreeBSD, I had to install
a snapshot, then use git to pull the latest drm-next, and build a kernel.
The more recent kernels also did something a bit weird that broke sudo with
an error of no tty present and no askpass program.  I never did figure out
what it did to ttys, but either used doas or sudo -S as workaround.

Anyway, there is a now a package for drm-next-kmod.  Although the port is
in 11.x, I don't think it works with anything but CURRENT at this point,
but regardless, it's working better than the git repo I had been using. I
did a brief write up at http://srobb.net/freebsdintel.html but anyone with
a later laptop that hadn't been working with FreeBSD and and Intel card
might give it a try.

In addition, the CURRENT snapshot I used seems to be doing better at
wireless. The yoga2 I was using has an Intel 7260 dual band card. With
Linux, I get speeds of 30-50 MB on the LAN, with FreeBSD I was only getting
2-3 MB.  Now, I sometimes, (though not always, sometimes it still only does
2-3 MB) 11-12 MB.  So, there are noticeable improvements, at least for my
yoga2 in the latest CURRENT.  (I do rebuild the kernel with
GENERIC-NODEBUG). 


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6



From _ at thomaslevine.com  Wed Nov 22 13:03:57 2017
From: _ at thomaslevine.com (Thomas Levine)
Date: Wed, 22 Nov 2017 18:03:57 +0000
Subject: [talk] SD cards for Pi?
In-Reply-To: <37B17ED9-2FEF-4A98-9C35-A6B6B95DB2DD@bway.net>
References: <09C36A74-42CD-41A5-A253-06A1A775FA42@bway.net>
 <20171119231341.GA17310@panix.com>
 <37B17ED9-2FEF-4A98-9C35-A6B6B95DB2DD@bway.net>
Message-ID: <20171122180400.235667E8BF@mailuser.nyi.internal>

During my forway into portable disposible computing, I determined that
anything other than flash memory was not worth the hassle. SD cards are
stupidly cheap and fast enough, so I thought it was best just to have an
easy process for replacing them. I don't think I ever managed to mount a
hard drive nor SSD, possibly because there wasn't enough power. And they
wouldn't have been very fast anyway because the USB controller is slow.

Sadly, I found that the need to use an operating system other than
OpenBSD was not worth the convenience of portable disposible computers,
so now I am back to a ThinkPad X201.



From sjt.kar at gmail.com  Thu Nov 23 07:31:15 2017
From: sjt.kar at gmail.com (Sujit K M)
Date: Thu, 23 Nov 2017 18:01:15 +0530
Subject: [talk] Intel finally recognizes ME/SPS/TXE security flaws
In-Reply-To: <1511212836.3217357.1178990696.2117A629@webmail.messagingengine.com>
References: <1511212836.3217357.1178990696.2117A629@webmail.messagingengine.com>
Message-ID: <CAOPOgtB-jSv49YB++y4pR1DPAYDHrwinSjeCT6vWSth6_2n-kw@mail.gmail.com>

On Tue, Nov 21, 2017 at 2:50 AM, Isaac (.ike) Levy
<ike at blackskyresearch.net> wrote:
>
> Hi All,
>
> Years of warning, but global wailing and gnashing of teeth can commence
> ...........now:
>
> Intel finally recognizes ME/SPS/TXE security flaws
> https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Looks more like for switches and routers.

>
> --
> Some recent interesting fun on the topic,
> https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
> https://www.theregister.co.uk/2017/09/26/intel_management_engine_exploit/
> And as the topc gains in popularity,
> https://www.blackhat.com/eu-17/briefings.html#intel-me-flash-file-system-explained

These don't seem possible in an desktop etc.

>
> And in *related* news, has anyone seen this impressive piece of fun:
> "The Memory Sinkhole - Unleashing An X86 Design Flaw Allowing Universal
> Privilege Escalation"
> https://www.youtube.com/watch?v=lR0nh-TdpVg&t=1379s

FWIK It requires hardware access which is not to be available in Data
Centers etc.

> --
> Are we about done with x86 and Intel yet?

Intel is a fun company with a lot of history so I don't think We will
seem them end soon.
Intel Can easily move forward with the sort of hardware engineering
skills that they primarily
look forward.

>
> Best,
> .ike
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



-- 
-- Sujit K M

blog(http://kmsujit.blogspot.com/)



From Assafr at protonmail.com  Tue Nov 28 19:59:12 2017
From: Assafr at protonmail.com (assaf)
Date: Tue, 28 Nov 2017 19:59:12 -0500
Subject: [talk] Vpn service
Message-ID: <4tqhlqLcl7niRkksG0OJUvAB4hr0T21yQ6U-cD0aigvI6kqhYwmkeU63jzXhhAIi_jwmzVVFc4T94Vpnj3We-hmNVtGpfMHmEHXshNHiZB8=@protonmail.com>

Hey all,
I apologize if this is off topic for the list, or a rehash of an existing thread. I am having a great deal of trouble deciding on a vpn service provider and i was hoping the folks on this list would have some suggestions.

Thanks
Assaf

Sent from ProtonMail mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171128/ecdf0ffb/attachment.htm>

From Assafr at protonmail.com  Wed Nov 29 12:01:39 2017
From: Assafr at protonmail.com (assaf)
Date: Wed, 29 Nov 2017 12:01:39 -0500
Subject: [talk] Vpn service
In-Reply-To: <b31d817b-985d-f968-9471-96fcf0b2302a@mitnal.com>
References: <4tqhlqLcl7niRkksG0OJUvAB4hr0T21yQ6U-cD0aigvI6kqhYwmkeU63jzXhhAIi_jwmzVVFc4T94Vpnj3We-hmNVtGpfMHmEHXshNHiZB8=@protonmail.com>
 <b31d817b-985d-f968-9471-96fcf0b2302a@mitnal.com>
Message-ID: <5I01bbXrvpyo2NhdR9uqqPOR1z_4yjslzxhtS7is1Afc8gaPZ05FfwezJz_rQsI2tUDEzEVy-xj9cmMtKLkgawBNZ135_imgttRSmv47aCw=@protonmail.com>

Thanks. That list is very comprehensive. I'm leaning towards NordVPN as they have plenty Of South American nodes. Anyone heard anything about them good or bad?

Assaf

Sent from ProtonMail mobile

-------- Original Message --------
On Nov 28, 2017, 10:50 PM, Ah Pook wrote:

> On 11/28/2017 07:59 PM, assaf wrote:
>> Hey all,
>> I apologize if this is off topic for the list, or a rehash of an
>> existing thread. I am having a great deal of trouble deciding on a vpn
>> service provider and i was hoping the folks on this list would have some
>> suggestions.
> https://thatoneprivacysite.net/simple-vpn-comparison-chart/
>
> The downloadable file is pretty nuts.
>
> I like Windscribe - easy to use, plugins are fine, works on phone,
> desktop, whatever. Lifetime subscription is 40 or 50 bucks. I think
> the one complaint this guy had about it was that it's from a Five Eyes
> country (Canada). It's stable, and lots of nodes. I won't pretend to
> have a lot of different experience though.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20171129/4aa33510/attachment.htm>

From george at ceetonetechnology.com  Wed Nov 29 12:12:00 2017
From: george at ceetonetechnology.com (George Rosamond)
Date: Wed, 29 Nov 2017 17:12:00 +0000
Subject: [talk] Vpn service
In-Reply-To: <5I01bbXrvpyo2NhdR9uqqPOR1z_4yjslzxhtS7is1Afc8gaPZ05FfwezJz_rQsI2tUDEzEVy-xj9cmMtKLkgawBNZ135_imgttRSmv47aCw=@protonmail.com>
References: <4tqhlqLcl7niRkksG0OJUvAB4hr0T21yQ6U-cD0aigvI6kqhYwmkeU63jzXhhAIi_jwmzVVFc4T94Vpnj3We-hmNVtGpfMHmEHXshNHiZB8=@protonmail.com>
 <b31d817b-985d-f968-9471-96fcf0b2302a@mitnal.com>
 <5I01bbXrvpyo2NhdR9uqqPOR1z_4yjslzxhtS7is1Afc8gaPZ05FfwezJz_rQsI2tUDEzEVy-xj9cmMtKLkgawBNZ135_imgttRSmv47aCw=@protonmail.com>
Message-ID: <d354e282-1335-4c99-d338-f030b40e7ad4@ceetonetechnology.com>

assaf:
> Thanks. That list is very comprehensive. I'm leaning towards NordVPN as they have plenty Of South American nodes. Anyone heard anything about them good or bad?
> 

I don't use any provider's VPN service.  I stick to Tor and my own
proxies for certain functions.

What exactly is the use-case you're looking to satisfy?

I tend to be suspicious of VPN providers.

This piece works through some of the threat modeling around VPNs v Tor v
SSH tunnels:

https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN

There's another doc I can't find at the moment which is something like
"Ten questions you should ask your proxy/vpn provider" which basically
dismantles the argument that VPNs are an anonymity solution.

g

> Assaf
> 
> Sent from ProtonMail mobile
> 
> -------- Original Message --------
> On Nov 28, 2017, 10:50 PM, Ah Pook wrote:
> 
>> On 11/28/2017 07:59 PM, assaf wrote:
>>> Hey all,
>>> I apologize if this is off topic for the list, or a rehash of an
>>> existing thread. I am having a great deal of trouble deciding on a vpn
>>> service provider and i was hoping the folks on this list would have some
>>> suggestions.
>> https://thatoneprivacysite.net/simple-vpn-comparison-chart/
>>
>> The downloadable file is pretty nuts.
>>
>> I like Windscribe - easy to use, plugins are fine, works on phone,
>> desktop, whatever. Lifetime subscription is 40 or 50 bucks. I think
>> the one complaint this guy had about it was that it's from a Five Eyes
>> country (Canada). It's stable, and lots of nodes. I won't pretend to
>> have a lot of different experience though.
>>
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk



From mirimir at riseup.net  Wed Nov 29 16:16:41 2017
From: mirimir at riseup.net (Mirimir)
Date: Wed, 29 Nov 2017 10:16:41 -1100
Subject: [talk] Vpn service
In-Reply-To: <4tqhlqLcl7niRkksG0OJUvAB4hr0T21yQ6U-cD0aigvI6kqhYwmkeU63jzXhhAIi_jwmzVVFc4T94Vpnj3We-hmNVtGpfMHmEHXshNHiZB8=@protonmail.com>
References: <4tqhlqLcl7niRkksG0OJUvAB4hr0T21yQ6U-cD0aigvI6kqhYwmkeU63jzXhhAIi_jwmzVVFc4T94Vpnj3We-hmNVtGpfMHmEHXshNHiZB8=@protonmail.com>
Message-ID: <30c877a4-d902-f0f7-ef30-55f4de846f86@riseup.net>

On 11/28/2017 01:59 PM, assaf wrote:
> Hey all,
> I apologize if this is off topic for the list, or a rehash of an existing thread. I am having a great deal of trouble deciding on a vpn service provider and i was hoping the folks on this list would have some suggestions.

That's been a more-or-less lively topic on
https://www.wilderssecurity.com/ for several years. My short list is
AirVPN, IVPN, Mullvad and PIA. They're among the oldest ones, and I've
never seen anything negative about them.

> Thanks
> Assaf
> 
> Sent from ProtonMail mobile
> 
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>