From spork at bway.net  Sun May  6 22:17:55 2018
From: spork at bway.net (Charles Sprickman)
Date: Sun, 6 May 2018 22:17:55 -0400
Subject: [talk] Hosting Recommendations - email/web
Message-ID: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>

Hi all,

In my capacity as a volunteer/director at a political group out here in NJ, I?m trying to work on getting us setup with something better than what?s in place right now (a random Endurance Group hoster).

Cost is a huge concern (non-profit).

We have about 100 mailboxes.

We have one main site that sees most of the traffic and about 30 that see very little traffic.  All are WordPress and that?s not changing anytime soon.

So?  decent standalone email, plus hosting that?s optimized for WP (ie: nginx/php-fpm/varnish plus some basic security protections against foot-shooting not possible in most shared hosting setups).  I?m also open to doing the hosting on a VPS somewhere and just dealing with maintaining it myself as part of my volunteer time for the org.  I?m not at all open to self-hosting email for lots of reasons?

Who are your go-to hosting firms?  Not high-end stuff, stuff you?d recommend to a friend with a small business or similar.  And since we?re a progressive organization, we?d likely be avoiding any firms that clash with our values.

I got an awesome recommendation for server hardware here not too long ago, figure you guys must have favorites in this field (unless you?re all just DIY I guess?).

Thanks,

Charles


From kmsujit at gmail.com  Mon May  7 01:07:25 2018
From: kmsujit at gmail.com (Sujit K M)
Date: Mon, 07 May 2018 05:07:25 +0000
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
Message-ID: <CA+6mNeq-WGqgHzue_qSrHS8DUUpp0fEkv3G=eErYCD5c=F7X1A@mail.gmail.com>

On Mon, May 7, 2018, 8:05 AM Charles Sprickman <spork at bway.net> wrote:

> Hi all,
>
> In my capacity as a volunteer/director at a political group out here in
> NJ, I?m trying to work on getting us setup with something better than
> what?s in place right now (a random Endurance Group hoster).
>
> Cost is a huge concern (non-profit).
>
> We have about 100 mailboxes.
>
> We have one main site that sees most of the traffic and about 30 that see
> very little traffic.  All are WordPress and that?s not changing anytime
> soon.
>
> So?  decent standalone email, plus hosting that?s optimized for WP (ie:
> nginx/php-fpm/varnish plus some basic security protections against
> foot-shooting not possible in most shared hosting setups).  I?m also open
> to doing the hosting on a VPS somewhere and just dealing with maintaining
> it myself as part of my volunteer time for the org.  I?m not at all open to
> self-hosting email for lots of reasons?
>
> Who are your go-to hosting firms?  Not high-end stuff, stuff you?d
> recommend to a friend with a small business or similar.  And since we?re a
> progressive organization, we?d likely be avoiding any firms that clash with
> our values.
>
> I got an awesome recommendation for server hardware here not too long ago,
> figure you guys must have favorites in this field (unless you?re all just
> DIY I guess?).
>
> Thanks,
>
> Charles
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk


If you want cheap solution why don't you use WordPress hosting. I remember
I had some pages that gave some information.

>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180507/e8f90284/attachment.htm>

From mikel.king at gmail.com  Mon May  7 06:06:45 2018
From: mikel.king at gmail.com (Mikel king)
Date: Mon, 7 May 2018 06:06:45 -0400
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
Message-ID: <1B24ED60-1A7B-4407-91AD-CB216E57CF8F@gmail.com>

Charles,

So are you looking to roll all of these sites into a single WordPress Multisite or keep each 100% distinct?

There are a number of WP specialized possibilities that jump top of mind.

WP Engine
Interserver
Bluehost
Site Ground

Cheers,
Mikel


> On May 6, 2018, at 10:17 PM, Charles Sprickman <spork at bway.net> wrote:
> 
> Hi all,
> 
> In my capacity as a volunteer/director at a political group out here in NJ, I?m trying to work on getting us setup with something better than what?s in place right now (a random Endurance Group hoster).
> 
> Cost is a huge concern (non-profit).
> 
> We have about 100 mailboxes.
> 
> We have one main site that sees most of the traffic and about 30 that see very little traffic.  All are WordPress and that?s not changing anytime soon.
> 
> So?  decent standalone email, plus hosting that?s optimized for WP (ie: nginx/php-fpm/varnish plus some basic security protections against foot-shooting not possible in most shared hosting setups).  I?m also open to doing the hosting on a VPS somewhere and just dealing with maintaining it myself as part of my volunteer time for the org.  I?m not at all open to self-hosting email for lots of reasons?
> 
> Who are your go-to hosting firms?  Not high-end stuff, stuff you?d recommend to a friend with a small business or similar.  And since we?re a progressive organization, we?d likely be avoiding any firms that clash with our values.
> 
> I got an awesome recommendation for server hardware here not too long ago, figure you guys must have favorites in this field (unless you?re all just DIY I guess?).
> 
> Thanks,
> 
> Charles
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180507/09c37d8a/attachment.htm>

From justin at shiningsilence.com  Mon May  7 08:14:23 2018
From: justin at shiningsilence.com (Justin Sherrill)
Date: Mon, 7 May 2018 08:14:23 -0400
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
Message-ID: <CA+YR8=2ogfEJHZd9M4skczjQ5d3CSTLf5+qfnbROEOhg_RBxQQ@mail.gmail.com>

On Sun, May 6, 2018 at 10:17 PM, Charles Sprickman <spork at bway.net> wrote:
> Who are your go-to hosting firms?  Not high-end stuff, stuff you?d recommend to a friend with a small business or similar.  And since we?re
> a progressive organization, we?d likely be avoiding any firms that clash with our values.

I've used gandi.net for a few smaller sites.  They have a Wordpress
option as does everyone else under the sun, but it's for 1 site =  1
install of Wordpress; it sounds like you need 31.  That may be
possible in one of their cheap plans.



From kmsujit at gmail.com  Mon May  7 08:43:22 2018
From: kmsujit at gmail.com (Sujit K M)
Date: Mon, 07 May 2018 12:43:22 +0000
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
Message-ID: <CA+6mNepns4+Y491GU-aEnr_6yORQg3djLK9VFxXCZ_k2S+iZGA@mail.gmail.com>

On Mon, May 7, 2018, 8:05 AM Charles Sprickman <spork at bway.net> wrote:

> Hi all,
>
> In my capacity as a volunteer/director at a political group out here in
> NJ, I?m trying to work on getting us setup with something better than
> what?s in place right now (a random Endurance Group hoster).
>
> Cost is a huge concern (non-profit).
>
> We have about 100 mailboxes.
>
> We have one main site that sees most of the traffic and about 30 that see
> very little traffic.  All are WordPress and that?s not changing anytime
> soon.
>
> So?  decent standalone email, plus hosting that?s optimized for WP (ie:
> nginx/php-fpm/varnish plus some basic security protections against
> foot-shooting not possible in most shared hosting setups).  I?m also open
> to doing the hosting on a VPS somewhere and just dealing with maintaining
> it myself as part of my volunteer time for the org.  I?m not at all open to
> self-hosting email for lots of reasons?
>
> Who are your go-to hosting firms?  Not high-end stuff, stuff you?d
> recommend to a friend with a small business or similar.  And since we?re a
> progressive organization, we?d likely be avoiding any firms that clash with
> our values.
>
> I got an awesome recommendation for server hardware here not too long ago,
> figure you guys must have favorites in this field (unless you?re all just
> DIY I guess?).
>
> Thanks,
>
> Charles
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk


Other thing you have to note is you might only a single admin mail. But
some of the WordPress providers might let you plugin other mail sites.

>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180507/d7431c9d/attachment.htm>

From ike at blackskyresearch.net  Mon May  7 09:18:20 2018
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Mon, 7 May 2018 09:18:20 -0400
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
Message-ID: <8CBFE6F6-407D-4973-8DCE-BCFF25A55602@blackskyresearch.net>


> On May 6, 2018, at 10:17 PM, Charles Sprickman <spork at bway.net> wrote:
> 
> We have about 100 mailboxes.

Don?t know if this is in budget, (probably is) but I can?t say enough good things about my ESP fastmail.com (and reverse lookup a few of their IP?s and you?ll see their operation is hosted at NYI).  Solid and excellent in every way- from folks like us, to Gmail-user kind of folks.

You can try their services free for a month or something under their domain.

Rocket-
.ike


From scottro11 at gmail.com  Mon May  7 09:59:37 2018
From: scottro11 at gmail.com (Scott Robbins)
Date: Mon, 7 May 2018 09:59:37 -0400
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <8CBFE6F6-407D-4973-8DCE-BCFF25A55602@blackskyresearch.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
 <8CBFE6F6-407D-4973-8DCE-BCFF25A55602@blackskyresearch.net>
Message-ID: <20180507135937.GA18619@scott1.scottro.net>

On Mon, May 07, 2018 at 09:18:20AM -0400, Isaac (.ike) Levy wrote:
> 
> > On May 6, 2018, at 10:17 PM, Charles Sprickman <spork at bway.net> wrote:
> > 
> > We have about 100 mailboxes.
> 
> Don?t know if this is in budget, (probably is) but I can?t say enough good things about my ESP fastmail.com (and reverse lookup a few of their IP?s and you?ll see their operation is hosted at NYI).  Solid and excellent in every way- from folks like us, to Gmail-user kind of folks.
> 
> You can try their services free for a month or something under their domain.

I'm not sure if you can try 100 accounts free, but they generally do offer
discounts for 100 users. I believe it would probably run around $4-$5 per
user monthly. It's always worth writing them and seeing what they have to
say.  I also have many good things to say about fastmail, 
we migrated over 100 clients to them with almost no complaints.  

-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6



From schmonz-lists-netbsd-public-nycbug-talk at schmonz.com  Mon May  7 10:05:20 2018
From: schmonz-lists-netbsd-public-nycbug-talk at schmonz.com (Amitai Schleier)
Date: 7 May 2018 10:05:20 -0400
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
Message-ID: <A02D3AC0-3C64-4576-8087-051ABF419F80@schmonz.com>

On 6 May 2018, at 22:17, Charles Sprickman wrote:

> In my capacity as a volunteer/director at a political group out here 
> in NJ, I?m trying to work on getting us setup with something better 
> than what?s in place right now (a random Endurance Group hoster).
>
> Cost is a huge concern (non-profit).

DreamHost offers free hosting to non-profits. If you can provide legal 
documentation of non-profit status, and their hosting meets your needs, 
take them up on it.



From izaac at setec.org  Mon May  7 10:21:18 2018
From: izaac at setec.org (Izaac)
Date: Mon, 7 May 2018 10:21:18 -0400
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
Message-ID: <20180507T141956Z@localhost>

On Sun, May 06, 2018 at 10:17:55PM -0400, Charles Sprickman wrote:
> a political group
> non-profit

Political groups are not non-profits.  They may be tax exempt as 527s,
but do not misrepresent this to whatever provider you choose to
contract.

-- 
. ___ ___  .   .  ___
.  \    /  |\  |\ \
.  _\_ /__ |-\ |-\ \__



From Assafr at protonmail.com  Mon May  7 12:52:56 2018
From: Assafr at protonmail.com (assaf)
Date: Mon, 07 May 2018 12:52:56 -0400
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
Message-ID: <an22iKg9BOOIrBmaVAdPrwWF460RtKzgAgF113M0C1W3La2ZMOFaagvDCvdH3N6CHc3C-Ex8PZ2JXF3ULV5tBQooR8fm97J87X5_NHk0C9I=@protonmail.com>

I would add to the chorus of approval for fastmail as well. Excellent and reliable service. Used them for many years. I put in a request with my current provider, protonmail to see what they could offer you as a non profit. As soon as I hear back, ill let you know.

Assaf

Sent from ProtonMail mobile

-------- Original Message --------
On May 6, 2018, 9:17 PM, Charles Sprickman wrote:

> Hi all,
>
> In my capacity as a volunteer/director at a political group out here in NJ, I?m trying to work on getting us setup with something better than what?s in place right now (a random Endurance Group hoster).
>
> Cost is a huge concern (non-profit).
>
> We have about 100 mailboxes.
>
> We have one main site that sees most of the traffic and about 30 that see very little traffic. All are WordPress and that?s not changing anytime soon.
>
> So? decent standalone email, plus hosting that?s optimized for WP (ie: nginx/php-fpm/varnish plus some basic security protections against foot-shooting not possible in most shared hosting setups). I?m also open to doing the hosting on a VPS somewhere and just dealing with maintaining it myself as part of my volunteer time for the org. I?m not at all open to self-hosting email for lots of reasons?
>
> Who are your go-to hosting firms? Not high-end stuff, stuff you?d recommend to a friend with a small business or similar. And since we?re a progressive organization, we?d likely be avoiding any firms that clash with our values.
>
> I got an awesome recommendation for server hardware here not too long ago, figure you guys must have favorites in this field (unless you?re all just DIY I guess?).
>
> Thanks,
>
> Charles
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180507/070996b1/attachment.htm>

From pvarga at pvrg.net  Mon May  7 20:35:35 2018
From: pvarga at pvrg.net (Peter Varga)
Date: Tue, 08 May 2018 00:35:35 +0000
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <an22iKg9BOOIrBmaVAdPrwWF460RtKzgAgF113M0C1W3La2ZMOFaagvDCvdH3N6CHc3C-Ex8PZ2JXF3ULV5tBQooR8fm97J87X5_NHk0C9I=@protonmail.com>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
 <an22iKg9BOOIrBmaVAdPrwWF460RtKzgAgF113M0C1W3La2ZMOFaagvDCvdH3N6CHc3C-Ex8PZ2JXF3ULV5tBQooR8fm97J87X5_NHk0C9I=@protonmail.com>
Message-ID: <1525739735.1733755.1364160584.261A2A0F@webmail.messagingengine.com>


FastMail has very simple UI for iOS and Apple.  They also host at NYI if
that helps   I do not work for them or any way affiliated.
On Mon, May 7, 2018, at 16:52, assaf wrote:
> I would add to the chorus of approval for fastmail as well. Excellent
> and reliable service. Used them for many years. I put in a request
> with my current provider, protonmail to see what they could offer you
> as a non profit. As soon as I hear back, ill let you know.> 
> Assaf
> 
> 
> Sent from ProtonMail mobile
> 
> 
> 
> -------- Original Message --------
> On May 6, 2018, 9:17 PM, Charles Sprickman  spork at bway.net> wrote:
>> 
>> Hi all,
>> 
>> In my capacity as a volunteer/director at a political group out here
>> in NJ, I?m trying to work on getting us setup with something better
>> than what?s in place right now (a random Endurance Group hoster).>> 
>> Cost is a huge concern (non-profit).
>> 
>> We have about 100 mailboxes.
>> 
>> We have one main site that sees most of the traffic and about 30 that
>> see very little traffic.  All are WordPress and that?s not changing
>> anytime soon.>> 
>> So?  decent standalone email, plus hosting that?s optimized for WP
>> (ie: nginx/php-fpm/varnish plus some basic security protections
>> against foot-shooting not possible in most shared hosting setups).
>> I?m also open to doing the hosting on a VPS somewhere and just
>> dealing with maintaining it myself as part of my volunteer time for
>> the org.  I?m not at all open to self-hosting email for lots of
>> reasons?>> 
>> Who are your go-to hosting firms?  Not high-end stuff, stuff you?d
>> recommend to a friend with a small business or similar.  And since
>> we?re a progressive organization, we?d likely be avoiding any firms
>> that clash with our values.>> 
>> I got an awesome recommendation for server hardware here not too long
>> ago, figure you guys must have favorites in this field (unless you?re
>> all just DIY I guess?).>> 
>> Thanks,
>> 
>> Charles
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>> 
>> _________________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180508/d27f097e/attachment.htm>

From _ at thomaslevine.com  Thu May 10 16:52:47 2018
From: _ at thomaslevine.com (Thomas Levine)
Date: Thu, 10 May 2018 20:52:47 +0000
Subject: [talk] Outside meeting
Message-ID: <20180510205248.4144AE47F2@mailuser.nyi.internal>

At last week's meeting I proposed holding meetings outdoors in order
to make scheduling easier. Since we live all over New York City,
I suggest Central Park; but other suggestions are welcome.

I am happy to bring some sort of writing implements and surface.
We can try a projector too, but that is an undertaking, as powerful
enough of a projector may be large and may use lots of electricity.



From mcevoy.pat at gmail.com  Fri May 11 18:36:42 2018
From: mcevoy.pat at gmail.com (Pat McEvoy)
Date: Fri, 11 May 2018 18:36:42 -0400
Subject: [talk] Outside meeting
In-Reply-To: <20180510205248.4144AE47F2@mailuser.nyi.internal>
References: <20180510205248.4144AE47F2@mailuser.nyi.internal>
Message-ID: <681BB578-A15A-461D-BF96-24FD426A64FF@gmail.com>


> On May 10, 2018, at 4:52 PM, Thomas Levine <_ at thomaslevine.com> wrote:
> 
> At last week's meeting I proposed holding meetings outdoors in order
> to make scheduling easier. Since we live all over New York City,
> I suggest Central Park; but other suggestions are welcome.
> 
> I am happy to bring some sort of writing implements and surface.
> We can try a projector too, but that is an undertaking, as powerful
> enough of a projector may be large and may use lots of electricity.
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

I can see the smokers in the group living this. Sounds like fun. 



From pvarga at pvrg.net  Fri May 11 23:23:56 2018
From: pvarga at pvrg.net (Peter Varga)
Date: Sat, 12 May 2018 03:23:56 +0000
Subject: [talk] Outside meeting
In-Reply-To: <681BB578-A15A-461D-BF96-24FD426A64FF@gmail.com>
References: <20180510205248.4144AE47F2@mailuser.nyi.internal>
 <681BB578-A15A-461D-BF96-24FD426A64FF@gmail.com>
Message-ID: <1526095436.2890602.1369397584.65B7624F@webmail.messagingengine.com>

Open space meetings produce a lot more interesting ideas.  Welcome the
idea.  I think that (in alphabetical prefer) Bryant Park, Madison Park,
NYU area, Union Square are more accessible to more paths of rail
transportation.
On Fri, May 11, 2018, at 22:36, Pat McEvoy wrote:
>
> > On May 10, 2018, at 4:52 PM, Thomas Levine <_ at thomaslevine.com>
> > wrote:> >
> > At last week's meeting I proposed holding meetings outdoors in order> > to make scheduling easier. Since we live all over New York City,
> > I suggest Central Park; but other suggestions are welcome.
> >
> > I am happy to bring some sort of writing implements and surface.
> > We can try a projector too, but that is an undertaking, as powerful> > enough of a projector may be large and may use lots of electricity.> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nycbug.org
> > http://lists.nycbug.org/mailman/listinfo/talk
>
> I can see the smokers in the group living this. Sounds like fun.
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180512/08f9d586/attachment.htm>

From spork at bway.net  Sat May 12 03:56:24 2018
From: spork at bway.net (Charles Sprickman)
Date: Sat, 12 May 2018 03:56:24 -0400
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
Message-ID: <EA6C36B5-DBAC-4D0A-9ECA-FFD268DB49FB@bway.net>


> On May 6, 2018, at 10:17 PM, Charles Sprickman <spork at bway.net> wrote:
> 
> Hi all,
> 
> In my capacity as a volunteer/director at a political group out here in NJ, I?m trying to work on getting us setup with something better than what?s in place right now (a random Endurance Group hoster).
> 
> Cost is a huge concern (non-profit).
> 
> We have about 100 mailboxes.
> 
> We have one main site that sees most of the traffic and about 30 that see very little traffic.  All are WordPress and that?s not changing anytime soon.

Wow, so thanks for all the info.  A few things are becoming clear?

- While you can rent a small, reliable VPS for like $1/month, hosting that includes ?unlimited? mailboxes for $10/month, actual email-only hosting really doesn?t dip below about $2/month and this price does not seem to be dropping in relation to other hosted servicdes.

- Everyone likes Fastmail. :)

- Dedicated WordPress hosting gets expensive since most billing plans seem to use the number of sites rather than transfer/traffic as the main metric

Where I?m currently at with this is that I?m leaning strongly towards an unmanaged VPS for the web portion.  I enjoy maintaining that sort of thing and I think I get a bit more control over the performance of the sites this way.  If I were to go with managed hosting, the only suggestion that really looks affordable would be SiteGround.  I?m so far happy with other things hosted on Vultr VPSs, so that or Digital Ocean are two known quantities.  Some hosting operations also throw in the ?unlimited? email plans with their own VPS/?Cloud? options.  I was looking at Dreamhost and that?s an option, but the email service is an unknown as far as reliability is concerned.

For email, I?m basically looking at three options.  The current host (BlueHost) is pretty awful for hosting (yay for 10 second page loads), but I have an email account configured for IMAP on four of my devices and haven?t seen any burps in that service. I could downgrade this to their cheapest package and just keep the email parked there.  Second is in my VPS shopping, continue looking for a hosting operation that has decent service and just adds their standard ?unlimited email? service.  Third is to look at the state of email-in-a-box setups like iredmail and see if that?s an option for self-hosting.  My concern there is that storage on most VPS providers gets expensive fast and I don?t even yet see a way to estimate my actual email storage usage with the current host.

So if I may continue with the questions?

- Any VPS providers you?ve worked with and like that are run by a traditional hosting firm?
- Any open source email ?suites? that you like?

Also regarding non-profit status - actually 501(c)4 groups like the one I?m a member of are truly non-profit.  I believe a 527 (a ?PAC?) is as well.  Unclear on ?Super PACs?.  The reason that most places won?t give you a discount has less to do with the fact that the group is political it?s that if we were a 501(c)3, then companies could call their donations/discounts a tax-deductible contribution and write that off.  Contributions to other non-profits are not tax-deductible.  At least that?s how I understand all this.

Thanks again, I really appreciate all the feedback.

Charles


From _ at thomaslevine.com  Sat May 12 21:37:45 2018
From: _ at thomaslevine.com (Thomas Levine)
Date: Sun, 13 May 2018 01:37:45 +0000
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <EA6C36B5-DBAC-4D0A-9ECA-FFD268DB49FB@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
 <EA6C36B5-DBAC-4D0A-9ECA-FFD268DB49FB@bway.net>
Message-ID: <20180513013745.D623AE4365@mailuser.nyi.internal>

Your situation might be appropriate for membership in my unincorporated
server cooperative. We have a dedicated server with more spare RAM, CPU,
and storage than you need. It is hosted in Thor Data Center in Iceland.

Unfortunately, the server runs Debian (presently stretch). You would get
a Linux Container with your own IP address.

If you are interested, tell me more about the organization of interest.

But I don't see how a normal VPS is too expensive. In case the plans
you have found charge too much for storage, consider some others here.
https://lowendbox.com/



From fire at firecrow.com  Sat May 12 22:49:44 2018
From: fire at firecrow.com (Firecrow)
Date: Sat, 12 May 2018 22:49:44 -0400
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
Message-ID: <16357676158.283b.c4ed0d0d703873026a53f0fbdf339555@firecrow.com>

Hi Charles,

Here is what I use, its just my personal, all be it rather complex for one 
person (2 vps, 12 domains, 3 email domains 6 inboxes etc.).

Fastmail for email hosting, great admin preferences

DigitalOcean for vps (FreeBSD) 2 hosts resonably priced

DigitalOcean for nameservers

Hope that helps

~fire

On May 6, 2018 10:35:02 PM Charles Sprickman <spork at bway.net> wrote:

> Hi all,
>
> In my capacity as a volunteer/director at a political group out here in NJ, 
> I?m trying to work on getting us setup with something better than what?s in 
> place right now (a random Endurance Group hoster).
>
> Cost is a huge concern (non-profit).
>
> We have about 100 mailboxes.
>
> We have one main site that sees most of the traffic and about 30 that see 
> very little traffic.  All are WordPress and that?s not changing anytime soon.
>
> So?  decent standalone email, plus hosting that?s optimized for WP (ie: 
> nginx/php-fpm/varnish plus some basic security protections against 
> foot-shooting not possible in most shared hosting setups).  I?m also open 
> to doing the hosting on a VPS somewhere and just dealing with maintaining 
> it myself as part of my volunteer time for the org.  I?m not at all open to 
> self-hosting email for lots of reasons?
>
> Who are your go-to hosting firms?  Not high-end stuff, stuff you?d 
> recommend to a friend with a small business or similar.  And since we?re a 
> progressive organization, we?d likely be avoiding any firms that clash with 
> our values.
>
> I got an awesome recommendation for server hardware here not too long ago, 
> figure you guys must have favorites in this field (unless you?re all just 
> DIY I guess?).
>
> Thanks,
>
> Charles
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From kmsujit at gmail.com  Sun May 13 03:55:14 2018
From: kmsujit at gmail.com (Sujit K M)
Date: Sun, 13 May 2018 13:25:14 +0530
Subject: [talk] Hosting Recommendations - email/web
In-Reply-To: <EA6C36B5-DBAC-4D0A-9ECA-FFD268DB49FB@bway.net>
References: <F78F4060-4F52-4CCF-BE85-B11668F1A1E1@bway.net>
 <EA6C36B5-DBAC-4D0A-9ECA-FFD268DB49FB@bway.net>
Message-ID: <CA+6mNeoTB90nY5CcGRQ-5ddgx6YCTp7JDdywGN8fMbUwGgfedg@mail.gmail.com>

> - Dedicated WordPress hosting gets expensive since most billing plans seem to use the number of sites rather than transfer/traffic as the main metric

Could you please elaborate on this. If found only at most costly
prices for example WordPress/Year, But they don't mention either
number of sites or transfer
or traffic. Below  a cheap one I found billed Yearly.

https://wpforms.com/pricing/#pricing-table-comparison


>
> Where I?m currently at with this is that I?m leaning strongly towards an unmanaged VPS for the web portion.  I enjoy maintaining that sort of thing and I think I get a bit more control over the performance of the sites this way.  If I were to go with managed hosting, the only suggestion that really looks affordable would be SiteGround.  I?m so far happy with other things hosted on Vultr VPSs, so that or Digital Ocean are two known quantities.  Some hosting operations also throw in the ?unlimited? email plans with their own VPS/?Cloud? options.  I was looking at Dreamhost and that?s an option, but the email service is an unknown as far as reliability is concerned.

I have tried this path and found horrendous. Only you would get a
single server/2GB RAM or Space not more than 6GB.



From ike at blackskyresearch.net  Mon May 14 07:37:16 2018
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Mon, 14 May 2018 07:37:16 -0400
Subject: [talk] PGP vuln coming
Message-ID: <E8453B25-3A1E-4C22-B23E-F456B37A36B9@blackskyresearch.net>

Hi all,

I bet you?ve already seen this, but if not, some PGP/GPG vuln coming:

https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now

Worth watching for sure...

Best,
.ike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180514/f5d3fc82/attachment.htm>

From george at ceetonetechnology.com  Mon May 14 08:20:00 2018
From: george at ceetonetechnology.com (George Rosamond)
Date: Mon, 14 May 2018 12:20:00 +0000
Subject: [talk] PGP vuln coming
In-Reply-To: <E8453B25-3A1E-4C22-B23E-F456B37A36B9@blackskyresearch.net>
References: <E8453B25-3A1E-4C22-B23E-F456B37A36B9@blackskyresearch.net>
Message-ID: <63537f07-eb7b-bb11-d022-21262bd938ca@ceetonetechnology.com>

Isaac (.ike) Levy:
> Hi all,
> 
> I bet you?ve already seen this, but if not, some PGP/GPG vuln
> coming:
> 
> https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
>
>  Worth watching for sure...

Well.... FWIW

https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html

I really hope no one is sending or allow HTML display of email on this list.

g



From ike at blackskyresearch.net  Mon May 14 08:32:41 2018
From: ike at blackskyresearch.net (Isaac (.ike) Levy)
Date: Mon, 14 May 2018 08:32:41 -0400
Subject: [talk] PGP vuln coming
In-Reply-To: <63537f07-eb7b-bb11-d022-21262bd938ca@ceetonetechnology.com>
References: <E8453B25-3A1E-4C22-B23E-F456B37A36B9@blackskyresearch.net>
 <63537f07-eb7b-bb11-d022-21262bd938ca@ceetonetechnology.com>
Message-ID: <1526301161.889830.1371293928.5EDEDB02@webmail.messagingengine.com>

On Mon, May 14, 2018, at 8:20 AM, George Rosamond wrote:
> Isaac (.ike) Levy:
> > Hi all,
> > 
> > I bet you?ve already seen this, but if not, some PGP/GPG vuln
> > coming:
> > 
> > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
> >
> >  Worth watching for sure...
> 
> Well.... FWIW
> 
> https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
> 
> I really hope no one is sending or allow HTML display of email on this list.
> 
> g

Man, I barely just got UTF-8 encoding all worked out.

Best,
.ike



From shawn.webb at hardenedbsd.org  Mon May 14 09:57:18 2018
From: shawn.webb at hardenedbsd.org (Shawn Webb)
Date: Mon, 14 May 2018 09:57:18 -0400
Subject: [talk] PGP vuln coming
In-Reply-To: <63537f07-eb7b-bb11-d022-21262bd938ca@ceetonetechnology.com>
References: <E8453B25-3A1E-4C22-B23E-F456B37A36B9@blackskyresearch.net>
 <63537f07-eb7b-bb11-d022-21262bd938ca@ceetonetechnology.com>
Message-ID: <20180514135718.acyz4rd7dzl627qc@mutt-hbsd>

On Mon, May 14, 2018 at 12:20:00PM +0000, George Rosamond wrote:
> Isaac (.ike) Levy:
> > Hi all,
> > 
> > I bet you?ve already seen this, but if not, some PGP/GPG vuln
> > coming:
> > 
> > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
> >
> >  Worth watching for sure...
> 
> Well.... FWIW
> 
> https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
> 
> I really hope no one is sending or allow HTML display of email on this list.

mutt/neomutt ftw!

More info: https://efail.de/

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
Tor+XMPP+OTR:        lattera at is.a.hacker.sx
GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180514/41b3ab6f/attachment.bin>

From scottro11 at gmail.com  Mon May 14 11:47:00 2018
From: scottro11 at gmail.com (Scott Robbins)
Date: Mon, 14 May 2018 11:47:00 -0400
Subject: [talk] PGP vuln coming
In-Reply-To: <20180514135718.acyz4rd7dzl627qc@mutt-hbsd>
References: <E8453B25-3A1E-4C22-B23E-F456B37A36B9@blackskyresearch.net>
 <63537f07-eb7b-bb11-d022-21262bd938ca@ceetonetechnology.com>
 <20180514135718.acyz4rd7dzl627qc@mutt-hbsd>
Message-ID: <20180514154700.GB2380@scott1.scottro.net>

On Mon, May 14, 2018 at 09:57:18AM -0400, Shawn Webb wrote:
> > 
> > I really hope no one is sending or allow HTML display of email on this list.
> 
> mutt/neomutt ftw!

Unfortunately, it becomes harder and harder to just use mutt as HTML mail
prevails. I remember the late 90's/early 00's when even Windows mailling
lists discouraged html, but now everyone has to have their pretty colors
for what seems, at least to me (an admittedly aging grouch), no benefit and
tons of bandwidth usage, attack vectors, and the like.

Even my wife refuses to not use it when sending me email and I usually have
to wind up using a browser to open it because it will have something not
visible.  (Which isn't hard to do in mutt, see 


http://jasonwryan.com/blog/2012/05/12/mutt/ and I agree with the author's
feelings about html mail.



-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6



From mcevoy.pat at gmail.com  Mon May 14 17:15:33 2018
From: mcevoy.pat at gmail.com (Pat McEvoy)
Date: Mon, 14 May 2018 17:15:33 -0400
Subject: [talk] So.... anyone want to give a talk on email encryption?
Message-ID: <2A5FD709-753A-42AF-A98C-BDC3960DB46D@gmail.com>

I think it would be a well attended talk.

Patrick 



From george at ceetonetechnology.com  Mon May 14 22:22:00 2018
From: george at ceetonetechnology.com (George Rosamond)
Date: Tue, 15 May 2018 02:22:00 +0000
Subject: [talk] So.... anyone want to give a talk on email encryption?
In-Reply-To: <2A5FD709-753A-42AF-A98C-BDC3960DB46D@gmail.com>
References: <2A5FD709-753A-42AF-A98C-BDC3960DB46D@gmail.com>
Message-ID: <1c58cb70-4737-dfd8-fc31-8a1f7e679231@ceetonetechnology.com>



Pat McEvoy:
> I think it would be a well attended talk.

NOt sure what exactly you mean, but generally this is approached with
PGP key signings.

I fought long and hard to get someone from NetBSD to do an NGP talk, but
to no avail.

A GnuPG talk would be, well, long and miserable, IMHO.

g



From fire at firecrow.com  Mon May 14 22:50:36 2018
From: fire at firecrow.com (Firecrow)
Date: Mon, 14 May 2018 22:50:36 -0400
Subject: [talk] So.... anyone want to give a talk on email encryption?
In-Reply-To: <1c58cb70-4737-dfd8-fc31-8a1f7e679231@ceetonetechnology.com>
References: <2A5FD709-753A-42AF-A98C-BDC3960DB46D@gmail.com>
 <1c58cb70-4737-dfd8-fc31-8a1f7e679231@ceetonetechnology.com>
Message-ID: <16361b4e860.283b.c4ed0d0d703873026a53f0fbdf339555@firecrow.com>



On May 14, 2018 10:22:47 PM George Rosamond <george at ceetonetechnology.com> 
wrote:

> Pat McEvoy:
>> I think it would be a well attended talk.
>
> NOt sure what exactly you mean, but generally this is approached with
> PGP key signings.
>
> I fought long and hard to get someone from NetBSD to do an NGP talk, but
> to no avail.
>
> A GnuPG talk would be, well, long and miserable, IMHO.
>
> g

It may be interestig to do a wider cryptography talk, aes for hard drive 
encryption, rsa public keys etc, would be fascinating for those of us not 
well versed in the crypto.

~fire
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From mcevoy.pat at gmail.com  Tue May 15 01:50:23 2018
From: mcevoy.pat at gmail.com (Patrick McEvoy)
Date: Tue, 15 May 2018 01:50:23 -0400
Subject: [talk] So.... anyone want to give a talk on email encryption?
In-Reply-To: <16361b4e860.283b.c4ed0d0d703873026a53f0fbdf339555@firecrow.com>
References: <2A5FD709-753A-42AF-A98C-BDC3960DB46D@gmail.com>
 <1c58cb70-4737-dfd8-fc31-8a1f7e679231@ceetonetechnology.com>
 <16361b4e860.283b.c4ed0d0d703873026a53f0fbdf339555@firecrow.com>
Message-ID: <5AFA751F.5090308@gmail.com>

Firecrow wrote:
> 
> 
> On May 14, 2018 10:22:47 PM George Rosamond
> <george at ceetonetechnology.com> wrote:
> 
>> Pat McEvoy:
>>> I think it would be a well attended talk.
>>
>> NOt sure what exactly you mean, but generally this is approached with
>> PGP key signings.
>>
>> I fought long and hard to get someone from NetBSD to do an NGP talk, but
>> to no avail.
>>
>> A GnuPG talk would be, well, long and miserable, IMHO.
>>
>> g
> 
> It may be interestig to do a wider cryptography talk, aes for hard drive
> encryption, rsa public keys etc, would be fascinating for those of us
> not well versed in the crypto.
> 
> ~fire

Yes Please! This sounds very interesting indeed!



From mark.saad at ymail.com  Tue May 15 20:04:20 2018
From: mark.saad at ymail.com (Mark Saad)
Date: Tue, 15 May 2018 20:04:20 -0400
Subject: [talk] FreeBSD ioat driver
Message-ID: <F3F2E59C-9B42-4E6D-AE73-6C5042ADD27C@ymail.com>


Hey talk
  Anyone out there using FreeBSD ioat driver on intel cpus ? It?s supported on 11.0 and newer . 


---
Mark Saad | mark.saad at ymail.com


From _ at thomaslevine.com  Sun May 20 10:07:42 2018
From: _ at thomaslevine.com (Thomas Levine)
Date: Sun, 20 May 2018 14:07:42 +0000
Subject: [talk] Outside meeting
In-Reply-To: <1526095436.2890602.1369397584.65B7624F@webmail.messagingengine.com>
References: <20180510205248.4144AE47F2@mailuser.nyi.internal>
 <681BB578-A15A-461D-BF96-24FD426A64FF@gmail.com>
 <1526095436.2890602.1369397584.65B7624F@webmail.messagingengine.com>
Message-ID: <20180520140743.49AEFE444F@mailuser.nyi.internal>

Then let us hold a meeting in Bryant Park on Wednesday, June 6 at 18:45
(the normal time of the month).

We cancel it in case of rain, unless someone else has ideas.

Can anyone bring an easel or chalkboard? If not, I will acquire and
bring them, or something equivalent.

We can propose presentations now, or not.



From edlinuxguru at gmail.com  Sun May 20 11:28:36 2018
From: edlinuxguru at gmail.com (Edward Capriolo)
Date: Sun, 20 May 2018 11:28:36 -0400
Subject: [talk] Outside meeting
In-Reply-To: <20180520140743.49AEFE444F@mailuser.nyi.internal>
References: <20180510205248.4144AE47F2@mailuser.nyi.internal>
 <681BB578-A15A-461D-BF96-24FD426A64FF@gmail.com>
 <1526095436.2890602.1369397584.65B7624F@webmail.messagingengine.com>
 <20180520140743.49AEFE444F@mailuser.nyi.internal>
Message-ID: <CAENxBwzPF-0XMXmS51Dex4hSE7WRiGRrRXpd6KbuXiHwB+XYOw@mail.gmail.com>

On Sun, May 20, 2018 at 10:07 AM, Thomas Levine <_ at thomaslevine.com> wrote:

> Then let us hold a meeting in Bryant Park on Wednesday, June 6 at 18:45
> (the normal time of the month).
>
> We cancel it in case of rain, unless someone else has ideas.
>
> Can anyone bring an easel or chalkboard? If not, I will acquire and
> bring them, or something equivalent.
>
> We can propose presentations now, or not.
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

There is no sandbox or patch of dirt? That would make it super official.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180520/1b999552/attachment.htm>

From _ at thomaslevine.com  Sun May 20 12:05:41 2018
From: _ at thomaslevine.com (Thomas Levine)
Date: Sun, 20 May 2018 16:05:41 +0000
Subject: [talk] Outside meeting
In-Reply-To: <CAENxBwzPF-0XMXmS51Dex4hSE7WRiGRrRXpd6KbuXiHwB+XYOw@mail.gmail.com>
References: <20180510205248.4144AE47F2@mailuser.nyi.internal>
 <681BB578-A15A-461D-BF96-24FD426A64FF@gmail.com>
 <1526095436.2890602.1369397584.65B7624F@webmail.messagingengine.com>
 <20180520140743.49AEFE444F@mailuser.nyi.internal>
 <CAENxBwzPF-0XMXmS51Dex4hSE7WRiGRrRXpd6KbuXiHwB+XYOw@mail.gmail.com>
Message-ID: <20180520160542.56B44E444F@mailuser.nyi.internal>

Edward Capriolo writes:
> There is no sandbox or patch of dirt? That would make it super official.

I like that better. I don't think Bryant Park has those, but we could
go somewhere else. Do you know of any appropriate parks in Manhattan?



From mark.saad at ymail.com  Wed May 23 07:21:18 2018
From: mark.saad at ymail.com (Mark Saad)
Date: Wed, 23 May 2018 07:21:18 -0400
Subject: [talk] So Netgate bails on FreeBSD
Message-ID: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>

All
  So in today?s netgate newsletter I read about their new platform tnsr . Digging into it some more I stumbled on ?installing centos? section.

https://www.netgate.com/docs/tnsr/

We so long and thanks for the fish . 

---
Mark Saad | mark.saad at ymail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180523/eac9f7f9/attachment.htm>

From steve.b at osfda.org  Wed May 23 11:35:31 2018
From: steve.b at osfda.org (Steve)
Date: Wed, 23 May 2018 11:35:31 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
Message-ID: <39928093-3588-c69b-db51-2d0cc3415fbc@osfda.org>

I happen to do a lot of Linux; and while Red Hat has benefited the Linux 
community, they have made a surprising number of blunders that were in 
all likelihood fomented by having to kowtow to their Fortune 1000 base:

1. They were invested in MySQL. When Oracle bought MySQL and Red Hat did 
not like where they saw things going, did they switch over to postgres?
Nah -"we'll make our own MySQL: MariaDB!" That has done nothing but put 
their database users on an isolated tropical island.

2. I once asked a Redhat employee why would they choose to go with the 
gnome desktop as a standard over KDE [KDE is much easier to customize, 
has a desktop that supports touch, and is more likely to win over former 
corporate Windows users...] He angrily responded that the KDE project 
had onerous license issues WHICH HAD SINCE BEEN LIFTED. So they have to 
throw good money after bad now, remaining committed to gnome when they 
don't have to??

3. I had a civic-oriented application running on Linux that I needed to 
make sure I had an option for corporate support. I asked Redhat if there 
was a straightforward kernel options to switch off the selinux with (and 
perhaps use App Armor instead...); or for that matter, where a repo was 
that had the kernel compiled without it. [When you tell some user 
audiences concerned about privacy issues that the software has been 
developed under the auspices of the NSA -they're not too crazy about 
that...] I was told it was an impossibility to get Redhat/CentoOS that way.

4. And without going into details (unless somebody from Redhat wants to 
inquire...): their community is kabuki open; it's a club for employees 
and corporate customers.

The reason why Redhat exists is contractors like me sometimes get 
harassed by high end customers who insist on the option of getting a 24 
hour driver hotline for any of their regional offices in the U.S. (even 
if they don't require it TODAY, they want an assurance that such a thing 
can be requisitioned in about six weeks...) With CentOS, I can say the 
upgrade path is trivial.

But for other customers nowadays: debian or BSD. I also find a lot of 
techs who don't want to get into the details of the OS tend to pick 
Ubuntu; but their differing architectures can cause a lot of confusion 
when you have to run down a problem. Debian has gotten their shit MUCH 
tighter than years ago. But right now I am having to drop an app on 
Ubuntu because "it's what they know..."

On 5/23/2018 7:21 AM, Mark Saad wrote:
> All
> ? So in today?s netgate newsletter I read about their new platform 
> tnsr . Digging into it some more I stumbled on ?installing centos? 
> section.
>
> https://www.netgate.com/docs/tnsr/
>
> We so long and thanks for the fish .
>
> ---
> Mark Saad | mark.saad at ymail.com <mailto:mark.saad at ymail.com>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180523/41204fc8/attachment.htm>

From izaac at setec.org  Wed May 23 15:29:23 2018
From: izaac at setec.org (Izaac)
Date: Wed, 23 May 2018 15:29:23 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
Message-ID: <20180523T192329Z@localhost>

On Wed, May 23, 2018 at 07:21:18AM -0400, Mark Saad wrote:
> https://www.netgate.com/docs/tnsr/

You do understand that this is initially targeting AWS, right?  Which
means Linux.

And then they intend it to be shipping boxes with high performance
hardware and the associated driver support.  Which means Linux.

FreeBSD is incapable of either -- in both present and future.

You may rest assured, though, that they will ultimately fail in this
venture.  Netgate simply does not have the sales and marketing
organization to compete with the existing suppliers , e.g. Palo Alto
Networks, for the target customers.

-- 
. ___ ___  .   .  ___
.  \    /  |\  |\ \
.  _\_ /__ |-\ |-\ \__



From spork at bway.net  Wed May 23 15:50:36 2018
From: spork at bway.net (Charles Sprickman)
Date: Wed, 23 May 2018 15:50:36 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
Message-ID: <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>


> On May 23, 2018, at 7:21 AM, Mark Saad <mark.saad at ymail.com> wrote:
> 
> All
>   So in today?s netgate newsletter I read about their new platform tnsr . Digging into it some more I stumbled on ?installing centos? section.
> 
> https://www.netgate.com/docs/tnsr/ <https://www.netgate.com/docs/tnsr/>
> 
> We so long and thanks for the fish . 

As someone who is prone to inertia, this gives me the shove I needed to try opnsense at home.

In the past, some of the QoS features seemed lacking, but with 1Gb/s FiOS, can?t say I care if that?s still the case - I pulled all the shaping off my pfsense config anyhow and haven?t had an issue with VoIP, ssh or wifi calling so?

Thanks for the headsup!

Charles

> 
> ---
> Mark Saad | mark.saad at ymail.com <mailto:mark.saad at ymail.com>_______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180523/1700bb32/attachment.htm>

From mark.saad at ymail.com  Wed May 23 16:04:28 2018
From: mark.saad at ymail.com (Mark Saad)
Date: Wed, 23 May 2018 16:04:28 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
Message-ID: <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>

Charles 
 I like opnsense, I moved my office off pfsense to opnsense about 24 months ago and it?s been good . 

They do not have a complete rest api yet but it?s been easier t deal with opnsense for various uses.

Also as someone who uses both FreeBSD and pfsense in a large corporation,  the irrational belief that Linux is better at something ; just because it?s Linux , is rampant . 

 As to Jim?s site where they say tnsr will do 10g and beyond. I am already doing it and it didn?t require a strange setup to get there . But hey bullshit sells . 

---
Mark Saad | mark.saad at ymail.com

> On May 23, 2018, at 3:50 PM, Charles Sprickman <spork at bway.net> wrote:
> 
> 
>> On May 23, 2018, at 7:21 AM, Mark Saad <mark.saad at ymail.com> wrote:
>> 
>> All
>>   So in today?s netgate newsletter I read about their new platform tnsr . Digging into it some more I stumbled on ?installing centos? section.
>> 
>> https://www.netgate.com/docs/tnsr/
>> 
>> We so long and thanks for the fish . 
> 
> As someone who is prone to inertia, this gives me the shove I needed to try opnsense at home.
> 
> In the past, some of the QoS features seemed lacking, but with 1Gb/s FiOS, can?t say I care if that?s still the case - I pulled all the shaping off my pfsense config anyhow and haven?t had an issue with VoIP, ssh or wifi calling so?
> 
> Thanks for the headsup!
> 
> Charles
> 
>> 
>> ---
>> Mark Saad | mark.saad at ymail.com
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180523/d461d309/attachment.htm>

From jkeenan at pobox.com  Wed May 23 16:05:40 2018
From: jkeenan at pobox.com (James E Keenan)
Date: Wed, 23 May 2018 16:05:40 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <20180523T192329Z@localhost>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <20180523T192329Z@localhost>
Message-ID: <620a060e-d930-7e17-aad5-7d4f7629783b@pobox.com>

On 05/23/2018 03:29 PM, Izaac wrote:
> On Wed, May 23, 2018 at 07:21:18AM -0400, Mark Saad wrote:
>> https://www.netgate.com/docs/tnsr/
> 
> You do understand that this is initially targeting AWS, right?  Which
> means Linux.
> 
> And then they intend it to be shipping boxes with high performance
> hardware and the associated driver support.  Which means Linux.
> 
> FreeBSD is incapable of either -- in both present and future.
> 

Ooooh, them's fighting words!

Care to elaborate?



From pete at nomadlogic.org  Wed May 23 16:09:35 2018
From: pete at nomadlogic.org (Pete Wright)
Date: Wed, 23 May 2018 13:09:35 -0700
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
Message-ID: <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>



On 05/23/2018 13:04, Mark Saad wrote:
> Charles
> ?I like opnsense, I moved my office off pfsense to opnsense about 24 
> months ago and it?s been good .
>
> They do not have a complete rest api yet but it?s been easier t deal 
> with opnsense for various uses.
>
> Also as someone who uses both FreeBSD and pfsense in a large 
> corporation, ?the irrational belief that Linux is better at something 
> ; just because it?s Linux , is rampant .
>
> ?As to Jim?s site where they say tnsr will do 10g and beyond. I am 
> already doing it and it didn?t require a strange setup to get there . 
> But hey bullshit sells .

man this is rough - i know jim can be crusty at times, but i've been 
happy with pfsense for ages despite some design choices i wouldn't have 
made.

i'm confused as to if/why centos-7 is only supported platform. centos is 
not something i'd ever want to run as a router or firewall - even if i 
had to run linux a rhel variant would be beyond my last choice.

my bet is that this setup requires some sketchy binary blobs from a 
hardware vendor which only supports centos...which makes it even worse 
in my eyes :(

-p

-- 
Pete Wright
pete at nomadlogic.org
@nomadlogicLA



From jim at netgate.com  Wed May 23 17:08:06 2018
From: jim at netgate.com (Jim Thompson)
Date: Wed, 23 May 2018 16:08:06 -0500
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
Message-ID: <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>



> On May 23, 2018, at 3:09 PM, Pete Wright <pete at nomadlogic.org> wrote:
> 
> On 05/23/2018 13:04, Mark Saad wrote:
>> Charles
>>  I like opnsense, I moved my office off pfsense to opnsense about 24 months ago and it?s been good .
>> 
>> They do not have a complete rest api yet but it?s been easier t deal with opnsense for various uses.
>> 
>> Also as someone who uses both FreeBSD and pfsense in a large corporation,  the irrational belief that Linux is better at something ; just because it?s Linux , is rampant .
>> 
>>  As to Jim?s site where they say tnsr will do 10g and beyond. I am already doing it and it didn?t require a strange setup to get there . But hey bullshit sells .

(To Mark Saad):

You?re not doing 10gbps forwarding with 64 byte packets.  Let me know when you do.  Maybe you?re doing 10gpbs IP forwarding with 1500 byte packets, but that?s only around 880,000 packets per second.
To do 10Gbps the hard way, you need to be able to forward 14.88 million packets per second.  We?re far beyond that, Mark.

Meanwhile, TNSR can do 
42.60 Mpps (note: not Mbps, Mpps) IPv4 routing, with 700K routes and 500 ACLs,
15.93 Gpbs IPsec (AES-GCM using AES-NI) or 36.32 Gbps IPsec (AES-CBC-128 + HMAC-SHA1) using quick assist offloads.

All these on a i7-6950X with Intel 40G NICs, and QAT offload where noted.

You can?t do this with kernel networking on any platform.  What you?re seeing with TNSR is the (near) culmination of over two years of work.  That?s why it?s on the website.
It?s announced.  Finally.

The ?defend your bullshit if you can? token is now in your lap, Mark.



Now Pete:

> man this is rough - i know jim can be crusty at times,

Guilty.  <grin>

> but i've been happy with pfsense for ages despite some design choices i wouldn't have made.

Care to enumerate these?  I?m always listening.

> i'm confused as to if/why centos-7 is only supported platform. centos is not something i'd ever want to run as a router or firewall - even if i had to run linux a rhel variant would be beyond my last choice.

Because the enterprise market knows and accepts RHEL/Centos.   Ports to Unbuntu are underway, and yes, we?ve investigated running all this on top of FreeBSD, but time to market is a thing, as this is all 100% self-funded.  The long pole in the tent is porting VPP to FreeBSD.  Want to help?  Pick up a keyboard, pull requests accepted: https://github.com/gonzopancho/vpp-fdio

> my bet is that this setup requires some sketchy binary blobs from a hardware vendor which only supports centos...which makes it even worse in my eyes :(

Your bet is wrong. It's 100% pure source code make of:

DPDK (Open Source, https://github.com/DPDK/dpdk <https://github.com/DPDK/dpdk>)
FD.io?s VPP (Open Source, https://github.com/FDio/vpp <https://github.com/FDio/vpp>)
Using Clixon (open source, https://github.com/clicon/clixon <https://github.com/clicon/clixon>) for CLI and RESTCONF.

See also: https://github.com/freebsd/freebsd-ports/blob/d49a37a725669f8ce60da2f3072ffd34be28c25d/devel/cligen/Makefile <https://github.com/freebsd/freebsd-ports/blob/d49a37a725669f8ce60da2f3072ffd34be28c25d/devel/cligen/Makefile>
https://github.com/freebsd/freebsd-ports/blob/e00c85c4bcb88042122d21a763b3dbbe3d461fc7/devel/clixon/Makefile <https://github.com/freebsd/freebsd-ports/blob/e00c85c4bcb88042122d21a763b3dbbe3d461fc7/devel/clixon/Makefile>

Plus Strongswan and FRR (I?ll assume people here know what those are, but they?re also both open source).
And a bunch of our own code (not open source).

I didn?t come here to make an ?ad? out of our for-sale product, but when people go off on a tangent about how I?ve ?abandoned? FreeBSD, when, point-in-fact, I have not, it makes me wonder what their agenda might be.

To be absolutely clear, no we have not abandoned FreeBSD.

Three of us will be at BSDCan in a couple weeks. Why would I attend a conference in Canada sans a commitment to BSD?

We continue to bring support for new hardware to FreeBSD/pfSense

- Marvell Armada 38x NIC, SD/eMMC and interrupt drivers.
- Mavell Armada 37x0, via support for espresso.bin http://espressobin.net https://gist.github.com/gonzopancho/760ab9ecee9dfbc1b6033e48647a4b48 <https://gist.github.com/gonzopancho/760ab9ecee9dfbc1b6033e48647a4b48>
- Various bits and pieces for Intel C3000
- future boards I?m not ready to talk about.

As well as maintenance to various ports that might matter to you.  Example: https://github.com/freebsd/freebsd-ports/commit/2f71ec69391e42b6a81ff849a50ae297d97d105c <https://github.com/freebsd/freebsd-ports/commit/2f71ec69391e42b6a81ff849a50ae297d97d105c>

I think I?ll stop there, except to note to Izaac, we get calls from PAN customers all the time.  pfSense can?t line up against PAN.  This can.

Jim



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180523/01782c9a/attachment.htm>

From pete at nomadlogic.org  Wed May 23 17:41:41 2018
From: pete at nomadlogic.org (Pete Wright)
Date: Wed, 23 May 2018 14:41:41 -0700
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
Message-ID: <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>



On 05/23/2018 14:08, Jim Thompson wrote:
>
>> i'm confused as to if/why centos-7 is only supported platform. centos 
>> is not something i'd ever want to run as a router or firewall - even 
>> if i had to run linux a rhel variant would be beyond my last choice.
>
> Because the enterprise market knows and accepts RHEL/Centos. Ports to 
> Unbuntu are underway, and yes, we?ve investigated running all this on 
> top of FreeBSD, but time to market is a thing, as this is all 100% 
> self-funded. ?The long pole in the tent is porting VPP to FreeBSD. 
> ?Want to help? ?Pick up a keyboard, pull requests accepted: 
> https://github.com/gonzopancho/vpp-fdio
>
>

that's a shame.? business is business - i get it.

but i stand by my commitment to never again run rhel on my 
infrastructure (after starting to use it in the late 90's and using it 
in some very large scale, low latency environments).? it's unfortunate 
how the linux ecosystem shook out the past 10 years or so, but it is 
what it is.

-p

-- 
Pete Wright
pete at nomadlogic.org
@nomadlogicLA



From mark.saad at ymail.com  Wed May 23 16:23:05 2018
From: mark.saad at ymail.com (Mark Saad)
Date: Wed, 23 May 2018 16:23:05 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
Message-ID: <9C7FC80C-CC6C-4FEC-94F8-B2B37EFC6D6C@ymail.com>



> On May 23, 2018, at 4:09 PM, Pete Wright <pete at nomadlogic.org> wrote:
> 
> 
> 
>> On 05/23/2018 13:04, Mark Saad wrote:
>> Charles
>>  I like opnsense, I moved my office off pfsense to opnsense about 24 months ago and it?s been good .
>> 
>> They do not have a complete rest api yet but it?s been easier t deal with opnsense for various uses.
>> 
>> Also as someone who uses both FreeBSD and pfsense in a large corporation,  the irrational belief that Linux is better at something ; just because it?s Linux , is rampant .
>> 
>>  As to Jim?s site where they say tnsr will do 10g and beyond. I am already doing it and it didn?t require a strange setup to get there . But hey bullshit sells .
> 
> man this is rough - i know jim can be crusty at times, but i've been happy with pfsense for ages despite some design choices i wouldn't have made.
> 
> i'm confused as to if/why centos-7 is only supported platform. centos is not something i'd ever want to run as a router or firewall - even if i had to run linux a rhel variant would be beyond my last choice.
> 

So tnsr is using a fairly exotic kernel bypass setup called vpp or vector packet processing . It builds on top of intel?s dpdk or data plane development kit. While not binary per say they were developed targeting Linux and using ?ohh look at this new shiny kernel feature of .. in Linux ? . 

> my bet is that this setup requires some sketchy binary blobs from a hardware vendor which only supports centos...which makes it even worse in my eyes :(
> 
> -p
> 

Netgate did a talk at bsdcan? About their work on vpp and dpdk on FreeBSD . But if memory serves me Jim is on this list .

Jim what?s the deal ?


> -- 
> Pete Wright
> pete at nomadlogic.org
> @nomadlogicLA
> 

---
Mark Saad | mark.saad at ymail.com


From kmsujit at gmail.com  Thu May 24 01:09:46 2018
From: kmsujit at gmail.com (Sujit K M)
Date: Thu, 24 May 2018 10:39:46 +0530
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
Message-ID: <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>

> that's a shame.  business is business - i get it.

I agree. But if you look at it we have tonnes of BSD derivatives, but
they are not innovations.
I was on similar lines and saw a new centos based derivative which is
very innovative is what
I feel. Link http://www.nethserver.org/



From steve.b at osfda.org  Thu May 24 01:56:36 2018
From: steve.b at osfda.org (Steve)
Date: Thu, 24 May 2018 01:56:36 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
Message-ID: <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>

That still doesn't address the fact that you can't opt out of selinux.

And I'm not wearing a tinfoil hat; the settings and code complexity of 
selinux is immense, and Snowden documented well the way NIST-sponsored 
projects had been specifically engineered with weaknesses.

I remember a consultant working for NIST made the same allegation all 
the way back in ~2002-2003 (!) with regards to NIST-sponsored 
crypto-algorithms. I tried google searching him, but he has dropped off 
the search engines. At the time, the press did a "whoo hoo, crazy 
disgruntled employee..."

But Snowden vindicated his claims so many years later...

On 5/24/2018 1:09 AM, Sujit K M wrote:
>> that's a shame.  business is business - i get it.
> I agree. But if you look at it we have tonnes of BSD derivatives, but
> they are not innovations.
> I was on similar lines and saw a new centos based derivative which is
> very innovative is what
> I feel. Link http://www.nethserver.org/
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From steve.b at osfda.org  Thu May 24 01:58:26 2018
From: steve.b at osfda.org (Steve)
Date: Thu, 24 May 2018 01:58:26 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
 <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
Message-ID: <bf865d6f-3f37-6423-956b-f8a1aa001f6b@osfda.org>

(correction: crazy disgruntled CONTRACTOR...)

On 5/24/2018 1:56 AM, Steve wrote:
> That still doesn't address the fact that you can't opt out of selinux.
>
> And I'm not wearing a tinfoil hat; the settings and code complexity of 
> selinux is immense, and Snowden documented well the way NIST-sponsored 
> projects had been specifically engineered with weaknesses.
>
> I remember a consultant working for NIST made the same allegation all 
> the way back in ~2002-2003 (!) with regards to NIST-sponsored 
> crypto-algorithms. I tried google searching him, but he has dropped 
> off the search engines. At the time, the press did a "whoo hoo, crazy 
> disgruntled employee..."
>
> But Snowden vindicated his claims so many years later...
>
> On 5/24/2018 1:09 AM, Sujit K M wrote:
>>> that's a shame.? business is business - i get it.
>> I agree. But if you look at it we have tonnes of BSD derivatives, but
>> they are not innovations.
>> I was on similar lines and saw a new centos based derivative which is
>> very innovative is what
>> I feel. Link http://www.nethserver.org/
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>



From kmsujit at gmail.com  Thu May 24 02:07:33 2018
From: kmsujit at gmail.com (Sujit K M)
Date: Thu, 24 May 2018 11:37:33 +0530
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
 <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
Message-ID: <CA+6mNep=JqPMkR9T1byttr-vqu6E1-R-yek49w6QT+j7GAa20w@mail.gmail.com>

On Thu, May 24, 2018 at 11:26 AM, Steve <steve.b at osfda.org> wrote:
> That still doesn't address the fact that you can't opt out of selinux.

Why Opt Out? SELinux AFAK(http://selinuxproject.org/page/Main_Page) is
configurable. The initial claim seems to be covered for. And facts remaining
can be incoporated by big INFOSEC companies.



From steve.b at osfda.org  Thu May 24 02:24:45 2018
From: steve.b at osfda.org (Steve)
Date: Thu, 24 May 2018 02:24:45 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <bf865d6f-3f37-6423-956b-f8a1aa001f6b@osfda.org>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
 <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
 <bf865d6f-3f37-6423-956b-f8a1aa001f6b@osfda.org>
Message-ID: <2050f3e9-9cb9-e3e2-8d3f-f18ee6a8f4e5@osfda.org>

Afterthought: the entire sell of Linux was that you did not have to buy 
into Microsoft's program of bolting things in, in a desperate attempt to 
get users used to and consequently addicted to features they could just 
as well do without."Hey, look: it's Linux. Don't want a package or 
subsystem? Uninstall it..."

And now the largest distributor of Linux in the US has done exactly 
that: bolted in something which is clearly demonstrated in other distros 
not being _absolutely required_ (as superior the security might be 
claimed to be...)

In the same way an admin should have the right to opt out of updates 
-even security ones- and have the discretion when they should be applied 
(though strong recommendations and suggested update settings are clearly 
a Good Idea!), selinux should not have been BOLTED in.

Ready to roll? Sure.
Having it enabled by default?? I can live with that...

On 5/24/2018 1:58 AM, Steve wrote:
> (correction: crazy disgruntled CONTRACTOR...)
>
> On 5/24/2018 1:56 AM, Steve wrote:
>> That still doesn't address the fact that you can't opt out of selinux.
>>
>> And I'm not wearing a tinfoil hat; the settings and code complexity 
>> of selinux is immense, and Snowden documented well the way 
>> NIST-sponsored projects had been specifically engineered with 
>> weaknesses.
>>
>> I remember a consultant working for NIST made the same allegation all 
>> the way back in ~2002-2003 (!) with regards to NIST-sponsored 
>> crypto-algorithms. I tried google searching him, but he has dropped 
>> off the search engines. At the time, the press did a "whoo hoo, crazy 
>> disgruntled employee..."
>>
>> But Snowden vindicated his claims so many years later...
>>
>> On 5/24/2018 1:09 AM, Sujit K M wrote:
>>>> that's a shame.? business is business - i get it.
>>> I agree. But if you look at it we have tonnes of BSD derivatives, but
>>> they are not innovations.
>>> I was on similar lines and saw a new centos based derivative which is
>>> very innovative is what
>>> I feel. Link http://www.nethserver.org/
>>>
>>> _______________________________________________
>>> talk mailing list
>>> talk at lists.nycbug.org
>>> http://lists.nycbug.org/mailman/listinfo/talk
>>
>



From scottro11 at gmail.com  Thu May 24 06:10:07 2018
From: scottro11 at gmail.com (Scott Robbins)
Date: Thu, 24 May 2018 06:10:07 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <2050f3e9-9cb9-e3e2-8d3f-f18ee6a8f4e5@osfda.org>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
 <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
 <bf865d6f-3f37-6423-956b-f8a1aa001f6b@osfda.org>
 <2050f3e9-9cb9-e3e2-8d3f-f18ee6a8f4e5@osfda.org>
Message-ID: <20180524101007.GA4662@scott1.scottro.net>

On Thu, May 24, 2018 at 02:24:45AM -0400, Steve wrote:
> Afterthought: the entire sell of Linux was that you did not have to buy into
> Microsoft's program of bolting things in, in a desperate attempt to get
> users used to and consequently addicted to features they could just as well
> do without."Hey, look: it's Linux. Don't want a package or subsystem?
> Uninstall it..."
> 
> And now the largest distributor of Linux in the US has done exactly that:
> bolted in something which is clearly demonstrated in other distros not being
> _absolutely required_ (as superior the security might be claimed to be...)
> 
Aside from systemd?  :)

Edit /etc/sysconfig/selinux.  Change to disabled. 

Whether there is still a backdoor or not, I don't know, and RH has become
the MS of opensource, seemingly designed by single user laptop owners with
litte knowledge of system administration--I exaggerate, but only a bit--but
SELinux is easily turned off.

-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6



From gnn at neville-neil.com  Wed May 23 18:23:50 2018
From: gnn at neville-neil.com (George Neville-Neil)
Date: Wed, 23 May 2018 18:23:50 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <9C7FC80C-CC6C-4FEC-94F8-B2B37EFC6D6C@ymail.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <9C7FC80C-CC6C-4FEC-94F8-B2B37EFC6D6C@ymail.com>
Message-ID: <66DCB032-8BCB-44F2-B137-2DEC164DEC85@neville-neil.com>



On 23 May 2018, at 16:23, Mark Saad wrote:

>> On May 23, 2018, at 4:09 PM, Pete Wright <pete at nomadlogic.org> wrote:
>>
>>
>>
>>> On 05/23/2018 13:04, Mark Saad wrote:
>>> Charles
>>>  I like opnsense, I moved my office off pfsense to opnsense about 24 
>>> months ago and it?s been good .
>>>
>>> They do not have a complete rest api yet but it?s been easier t 
>>> deal with opnsense for various uses.
>>>
>>> Also as someone who uses both FreeBSD and pfsense in a large 
>>> corporation,  the irrational belief that Linux is better at 
>>> something ; just because it?s Linux , is rampant .
>>>
>>>  As to Jim?s site where they say tnsr will do 10g and beyond. I am 
>>> already doing it and it didn?t require a strange setup to get 
>>> there . But hey bullshit sells .
>>
>> man this is rough - i know jim can be crusty at times, but i've been 
>> happy with pfsense for ages despite some design choices i wouldn't 
>> have made.
>>
>> i'm confused as to if/why centos-7 is only supported platform. centos 
>> is not something i'd ever want to run as a router or firewall - even 
>> if i had to run linux a rhel variant would be beyond my last choice.
>>
>
> So tnsr is using a fairly exotic kernel bypass setup called vpp or 
> vector packet processing . It builds on top of intel?s dpdk or data 
> plane development kit. While not binary per say they were developed 
> targeting Linux and using ?ohh look at this new shiny kernel feature 
> of .. in Linux ? .
>

Exotic?  No.  It's logical as is DPDK.  They target Linux because Linux 
is the gorilla and because Intel wanted to bypass dealing directly with 
the Linux clowns and their clown kernel and clown community.

I've poked at this off and on for a bit but I've not had time to make 
much progress on this.  Jim's call for hands is a serious one, it would 
be nice to have a few folks poke at this and make it actually portable.

Is it the be all and end all?  No, for reasons I've mentioned in many 
talks, but, it is a good solution for things like a cheap switch or a 
simple router.

Best,
George

>> my bet is that this setup requires some sketchy binary blobs from a 
>> hardware vendor which only supports centos...which makes it even 
>> worse in my eyes :(
>>
>> -p
>>
>
> Netgate did a talk at bsdcan? About their work on vpp and dpdk on 
> FreeBSD . But if memory serves me Jim is on this list .
>
> Jim what?s the deal ?
>
>
>> -- 
>> Pete Wright
>> pete at nomadlogic.org
>> @nomadlogicLA
>>
>
> ---
> Mark Saad | mark.saad at ymail.com
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From franco at opnsense.org  Thu May 24 07:43:33 2018
From: franco at opnsense.org (Franco Fichtner)
Date: Thu, 24 May 2018 13:43:33 +0200
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <66DCB032-8BCB-44F2-B137-2DEC164DEC85@neville-neil.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <9C7FC80C-CC6C-4FEC-94F8-B2B37EFC6D6C@ymail.com>
 <66DCB032-8BCB-44F2-B137-2DEC164DEC85@neville-neil.com>
Message-ID: <3E240B10-C4C5-46CB-9385-2AB69A104824@opnsense.org>


> On 24. May 2018, at 12:23 AM, George Neville-Neil <gnn at neville-neil.com> wrote:
> 
> Exotic?  No.  It's logical as is DPDK.  They target Linux because Linux is the gorilla and because Intel wanted to bypass dealing directly with the Linux clowns and their clown kernel and clown community.

The only winners are 6WIND and Intel, selling SDKs and NICs to
anyone with loose change.  The time to market is easily 5 years
ago.

Reel in enough profit to buy more SDKs to accelerate VPN and
other stuff.  The cycle never ends.  Bottom line is vendors all
have the same offering, the only difference they claim is higher
high speed.

It's a lose-lose for anyone attempting a product now, especially
one that claims "open source based" and asks for community help.

> I've poked at this off and on for a bit but I've not had time to make much progress on this.  Jim's call for hands is a serious one, it would be nice to have a few folks poke at this and make it actually portable.

Please don't advocate volunteering for Netgate.  FreeBSD is a
better place without the drama they used to induce for at least
half a decade.


Cheers,
Franco


From gnn at neville-neil.com  Thu May 24 09:08:54 2018
From: gnn at neville-neil.com (George Neville-Neil)
Date: Thu, 24 May 2018 09:08:54 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <3E240B10-C4C5-46CB-9385-2AB69A104824@opnsense.org>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <9C7FC80C-CC6C-4FEC-94F8-B2B37EFC6D6C@ymail.com>
 <66DCB032-8BCB-44F2-B137-2DEC164DEC85@neville-neil.com>
 <3E240B10-C4C5-46CB-9385-2AB69A104824@opnsense.org>
Message-ID: <E6AD48AA-64F8-4BA1-B2AC-55BBCA3CB40D@neville-neil.com>



On 24 May 2018, at 7:43, Franco Fichtner wrote:

>> On 24. May 2018, at 12:23 AM, George Neville-Neil 
>> <gnn at neville-neil.com> wrote:
>>
>> Exotic?  No.  It's logical as is DPDK.  They target Linux because 
>> Linux is the gorilla and because Intel wanted to bypass dealing 
>> directly with the Linux clowns and their clown kernel and clown 
>> community.
>
> The only winners are 6WIND and Intel, selling SDKs and NICs to
> anyone with loose change.  The time to market is easily 5 years
> ago.

The code also runs on Chelsio and it is open source so one can make it 
their own, which is how that thing works.

> Reel in enough profit to buy more SDKs to accelerate VPN and
> other stuff.  The cycle never ends.  Bottom line is vendors all
> have the same offering, the only difference they claim is higher
> high speed.
>
> It's a lose-lose for anyone attempting a product now, especially
> one that claims "open source based" and asks for community help.
>

I'd love to see an alternative.  Luigi's work is nice but no one is 
really picking it up.  Again, hands, time and attention?

>> I've poked at this off and on for a bit but I've not had time to make 
>> much progress on this.  Jim's call for hands is a serious one, it 
>> would be nice to have a few folks poke at this and make it actually 
>> portable.
>
> Please don't advocate volunteering for Netgate.  FreeBSD is a
> better place without the drama they used to induce for at least
> half a decade.

Funny, I wasn't advocating for that, I was pointing out that Jim's call 
is the right one.  In open source people can put up or shut up (or as we 
say on FreeBSD, "Shut up and code.") so, I'd be interested in 
alternatives but I've yet to see any that are viable.  I also know how 
many hands it would take, and it's more than 2 or 4.

Best,
George



From jim at netgate.com  Thu May 24 09:54:57 2018
From: jim at netgate.com (Jim Thompson)
Date: Thu, 24 May 2018 08:54:57 -0500
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <E6AD48AA-64F8-4BA1-B2AC-55BBCA3CB40D@neville-neil.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <9C7FC80C-CC6C-4FEC-94F8-B2B37EFC6D6C@ymail.com>
 <66DCB032-8BCB-44F2-B137-2DEC164DEC85@neville-neil.com>
 <3E240B10-C4C5-46CB-9385-2AB69A104824@opnsense.org>
 <E6AD48AA-64F8-4BA1-B2AC-55BBCA3CB40D@neville-neil.com>
Message-ID: <16D27439-BC71-4283-898C-C97F9184F947@netgate.com>



> On May 24, 2018, at 8:08 AM, George Neville-Neil <gnn at neville-neil.com> wrote:
> 
> 
> 
> On 24 May 2018, at 7:43, Franco Fichtner wrote:
> 
>>> On 24. May 2018, at 12:23 AM, George Neville-Neil <gnn at neville-neil.com> wrote:
>>> 
>>> Exotic?  No.  It's logical as is DPDK.  They target Linux because Linux is the gorilla and because Intel wanted to bypass dealing directly with the Linux clowns and their clown kernel and clown community.
>> 
>> The only winners are 6WIND and Intel, selling SDKs and NICs to
>> anyone with loose change.  The time to market is easily 5 years
>> ago.
> 
> The code also runs on Chelsio and it is open source so one can make it their own, which is how that thing works.

And Melanox, and every decent arm64 SoC aimed at the networking space.  (Marvell, NXP, Cavium Thunder-X, Annapurna, ...)

No SDK required, since it?s all Apache or BSD licensed. 

>> Reel in enough profit to buy more SDKs to accelerate VPN and
>> other stuff.  The cycle never ends.  Bottom line is vendors all
>> have the same offering, the only difference they claim is higher
>> high speed.
>> 
>> It's a lose-lose for anyone attempting a product now, especially
>> one that claims "open source based" and asks for community help.

I didn?t ask so much as point out the existing effort to bring VPP to FreeBSD  and invite others to participate. 

> I'd love to see an alternative.  Luigi's work is nice but no one is really picking it up.  Again, hands, time and attention?

It looks straight forward to integrate netmap into VPP and that opens every NIC on FreeBSD, especially as the iflib effort progresses further.  That would also eliminate Franco?s paranoia about Intel/DPDK, and provide security benefits at the cost of about 10% top-end performance. 

We?ve already shown 14Mpps l3 forwarding on a single core. 100Gbps the easy way (1500 byte frames) only requires a bit under 9Mpps.

VPP over netmap is the ultimate netmap-fwd. (Luiz agrees, btw.)

>>> I've poked at this off and on for a bit but I've not had time to make much progress on this.  Jim's call for hands is a serious one, it would be nice to have a few folks poke at this and make it actually portable.
>> 
>> Please don't advocate volunteering for Netgate.  FreeBSD is a better place without the drama they used to induce for at least
>> half a decade.

Naked aggression much, Franco?

The point was to port VPP to FreeBSD. I?ve already pointed out the ports for clixon and cligen, (brought back an old committer).

> Funny, I wasn't advocating for that, I was pointing out that Jim's call is the right one.  

Thanks. 

> In open source people can put up or shut up (or as we say on FreeBSD, "Shut up and code.") so, I'd be interested in alternatives but I've yet to see any that are viable.  I also know how many hands it would take, and it's more than 2 or 4.
> 
> Best,
> George
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From izaac at setec.org  Thu May 24 10:13:18 2018
From: izaac at setec.org (Izaac)
Date: Thu, 24 May 2018 10:13:18 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <620a060e-d930-7e17-aad5-7d4f7629783b@pobox.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <20180523T192329Z@localhost>
 <620a060e-d930-7e17-aad5-7d4f7629783b@pobox.com>
Message-ID: <20180524T140346Z@localhost>

On Wed, May 23, 2018 at 04:05:40PM -0400, James E Keenan wrote:
> > FreeBSD is incapable of either -- in both present and future.
> 
> Ooooh, them's fighting words!

Them's a realistic assessment of the technical and market limitations.

> Care to elaborate?

AWS is either wrapping up or has already completed its conversion to
Nitro (aka Linux KVM) for EC2.   Unless FreeBSD specifically directs
resources to maintaining the kinds of optimizations which come "for
free" with Linux both now and in the future, it will always
underperform.  Netgate realizes this and is betting on the horse without
a limp.

Manufacturers direct driver development resources and support to make
their hardware function for the largest number of customers.  Twenty
years ago, this meant Windows in consumer products and probably SCO for
embedded.  Today, it still means Windows for consumer products (consumer
devices for Apple products are practically their own industry) and Linux
for embedded.  FreeBSD will never be a target; which means drivers have
to come from the community and will underperform.  Netgate realizes this
and is betting on the horse without a limp.

-- 
. ___ ___  .   .  ___
.  \    /  |\  |\ \
.  _\_ /__ |-\ |-\ \__



From steve.b at osfda.org  Thu May 24 15:28:10 2018
From: steve.b at osfda.org (Steve)
Date: Thu, 24 May 2018 15:28:10 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <CA+6mNep=JqPMkR9T1byttr-vqu6E1-R-yek49w6QT+j7GAa20w@mail.gmail.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
 <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
 <CA+6mNep=JqPMkR9T1byttr-vqu6E1-R-yek49w6QT+j7GAa20w@mail.gmail.com>
Message-ID: <d55616ae-4427-d8c4-b84a-8ee20b1d2e29@osfda.org>

Redhat claimed no [CentOS or otherwise] distro with selinux not baked in 
is available...


On 5/24/2018 2:07 AM, Sujit K M wrote:
> On Thu, May 24, 2018 at 11:26 AM, Steve <steve.b at osfda.org> wrote:
>> That still doesn't address the fact that you can't opt out of selinux.
> Why Opt Out? SELinux AFAK(http://selinuxproject.org/page/Main_Page) is
> configurable. The initial claim seems to be covered for. And facts remaining
> can be incoporated by big INFOSEC companies.
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From steve.b at osfda.org  Thu May 24 15:30:01 2018
From: steve.b at osfda.org (Steve)
Date: Thu, 24 May 2018 15:30:01 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <20180524101007.GA4662@scott1.scottro.net>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
 <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
 <bf865d6f-3f37-6423-956b-f8a1aa001f6b@osfda.org>
 <2050f3e9-9cb9-e3e2-8d3f-f18ee6a8f4e5@osfda.org>
 <20180524101007.GA4662@scott1.scottro.net>
Message-ID: <9234cd4a-c780-9f54-9aee-0d5b78f09f48@osfda.org>

Possible misunderstanding: the code and hooks are still on the system. 
For reasons of palatability with regards to privacy concerns, I needed 
in an instance to say NO selinux was on the distro...

On 5/24/2018 6:10 AM, Scott Robbins wrote:
> On Thu, May 24, 2018 at 02:24:45AM -0400, Steve wrote:
>> Afterthought: the entire sell of Linux was that you did not have to buy into
>> Microsoft's program of bolting things in, in a desperate attempt to get
>> users used to and consequently addicted to features they could just as well
>> do without."Hey, look: it's Linux. Don't want a package or subsystem?
>> Uninstall it..."
>>
>> And now the largest distributor of Linux in the US has done exactly that:
>> bolted in something which is clearly demonstrated in other distros not being
>> _absolutely required_ (as superior the security might be claimed to be...)
>>
> Aside from systemd?  :)
>
> Edit /etc/sysconfig/selinux.  Change to disabled.
>
> Whether there is still a backdoor or not, I don't know, and RH has become
> the MS of opensource, seemingly designed by single user laptop owners with
> litte knowledge of system administration--I exaggerate, but only a bit--but
> SELinux is easily turned off.
>



From scottro11 at gmail.com  Fri May 25 18:28:51 2018
From: scottro11 at gmail.com (Scott Robbins)
Date: Fri, 25 May 2018 18:28:51 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <20180524101007.GA4662@scott1.scottro.net>
References: <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
 <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
 <bf865d6f-3f37-6423-956b-f8a1aa001f6b@osfda.org>
 <2050f3e9-9cb9-e3e2-8d3f-f18ee6a8f4e5@osfda.org>
 <20180524101007.GA4662@scott1.scottro.net>
Message-ID: <20180525222850.GA5279@scott1.scottro.net>

Have you seen the new forum?  Its choices are interesting. Hate to sound
like an old guy, but shucks, I AM an old guy.

I just present without comment.  

https://forum.netgate.com/ 

-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6



From spork at bway.net  Fri May 25 18:37:27 2018
From: spork at bway.net (Charles Sprickman)
Date: Fri, 25 May 2018 18:37:27 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <20180525222850.GA5279@scott1.scottro.net>
References: <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
 <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
 <bf865d6f-3f37-6423-956b-f8a1aa001f6b@osfda.org>
 <2050f3e9-9cb9-e3e2-8d3f-f18ee6a8f4e5@osfda.org>
 <20180524101007.GA4662@scott1.scottro.net>
 <20180525222850.GA5279@scott1.scottro.net>
Message-ID: <55517738-E02A-4818-BC7E-40A0CA213CE3@bway.net>

Either Discourse or a clone?  I hate the whole ?we don?t have topics, we have TAGS!? thing.

> On May 25, 2018, at 6:28 PM, Scott Robbins <scottro11 at gmail.com> wrote:
> 
> Have you seen the new forum?  Its choices are interesting. Hate to sound
> like an old guy, but shucks, I AM an old guy.
> 
> I just present without comment.  
> 
> https://forum.netgate.com/ 
> 
> -- 
> Scott Robbins
> PGP keyID EB3467D6
> ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
> gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk



From jim at netgate.com  Fri May 25 22:05:10 2018
From: jim at netgate.com (Jim Thompson)
Date: Fri, 25 May 2018 20:05:10 -0600
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <20180525222850.GA5279@scott1.scottro.net>
References: <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
 <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
 <bf865d6f-3f37-6423-956b-f8a1aa001f6b@osfda.org>
 <2050f3e9-9cb9-e3e2-8d3f-f18ee6a8f4e5@osfda.org>
 <20180524101007.GA4662@scott1.scottro.net>
 <20180525222850.GA5279@scott1.scottro.net>
Message-ID: <68751000-5D1B-48D9-BA6F-839625AD6DAA@netgate.com>



> On May 25, 2018, at 4:28 PM, Scott Robbins <scottro11 at gmail.com> wrote:
> 
> Have you seen the new forum?  Its choices are interesting. Hate to sound
> like an old guy, but shucks, I AM an old guy.
> 
> I just present without comment.  
> 
> https://forum.netgate.com/ 
> 
> -- 
> Scott Robbins

Scott,

I?m an old guy too, and I?m curious to know what this has to do with NYC and/or BSD.

Or is this just, ?keep the thread going??

Yes, we moved forum platforms. The reasons and outcome are discussed in a blog post. 

https://www.netgate.com/blog/introducing-the-netgate-forum.html

Jim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180525/c5b85069/attachment.htm>

From scottro11 at gmail.com  Sat May 26 07:00:26 2018
From: scottro11 at gmail.com (Scott Robbins)
Date: Sat, 26 May 2018 07:00:26 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <68751000-5D1B-48D9-BA6F-839625AD6DAA@netgate.com>
References: <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
 <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
 <bf865d6f-3f37-6423-956b-f8a1aa001f6b@osfda.org>
 <2050f3e9-9cb9-e3e2-8d3f-f18ee6a8f4e5@osfda.org>
 <20180524101007.GA4662@scott1.scottro.net>
 <20180525222850.GA5279@scott1.scottro.net>
 <68751000-5D1B-48D9-BA6F-839625AD6DAA@netgate.com>
Message-ID: <20180526110026.GA1411@scott1.scottro.net>

On Fri, May 25, 2018 at 08:05:10PM -0600, Jim Thompson wrote:
> 
> 
> > 
> > Have you seen the new forum?  Its choices are interesting. Hate to sound
> > like an old guy, but shucks, I AM an old guy.
> > 
> > I just present without comment.  
> > 
> > https://forum.netgate.com/ 
> > 
> > -- 
> > Scott Robbins
> 
> Scott,
> 
> I?m an old guy too, and I?m curious to know what this has to do with NYC and/or BSD.
> 
> Or is this just, ?keep the thread going??

Fair enough as far as what it has to do with NY or FreeBSD, and so one
can, if they choose, consider it a keep the thread going post.

-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6



From jnn at synfin.org  Sat May 26 08:22:51 2018
From: jnn at synfin.org (John Newman)
Date: Sat, 26 May 2018 07:22:51 -0500
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <20180526110026.GA1411@scott1.scottro.net>
References: <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <023a97ed-7997-7f9f-e758-77f8fe52d7b0@nomadlogic.org>
 <CA+6mNeoVsOpern84d3QSbjVgCikv-+qwTy_YjepJbxmRjVjMrw@mail.gmail.com>
 <9ca7b47a-671c-7edc-3388-b4b28120920f@osfda.org>
 <bf865d6f-3f37-6423-956b-f8a1aa001f6b@osfda.org>
 <2050f3e9-9cb9-e3e2-8d3f-f18ee6a8f4e5@osfda.org>
 <20180524101007.GA4662@scott1.scottro.net>
 <20180525222850.GA5279@scott1.scottro.net>
 <68751000-5D1B-48D9-BA6F-839625AD6DAA@netgate.com>
 <20180526110026.GA1411@scott1.scottro.net>
Message-ID: <C838C99C-498E-4DA5-9AD1-4476B1C4F825@synfin.org>



On May 26, 2018 6:00:26 AM CDT, Scott Robbins <scottro11 at gmail.com> wrote:
>On Fri, May 25, 2018 at 08:05:10PM -0600, Jim Thompson wrote:
>> 
>> 
>> > 
>> > Have you seen the new forum?  Its choices are interesting. Hate to
>sound
>> > like an old guy, but shucks, I AM an old guy.
>> > 
>> > I just present without comment.  
>> > 
>> > https://forum.netgate.com/ 
>> > 
>> > -- 
>> > Scott Robbins
>> 
>> Scott,
>> 
>> I?m an old guy too, and I?m curious to know what this has to do with
>NYC and/or BSD.
>> 
>> Or is this just, ?keep the thread going??
>
>Fair enough as far as what it has to do with NY or FreeBSD, and so one
>can, if they choose, consider it a keep the thread going post.
>

What's the interest in keeping a talked-out thread with a 
totally deceptive subject line going? Threads like this 
should just die.

John

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20180526/cbe4d07e/attachment.bin>

From mark.saad at ymail.com  Sat May 26 13:19:41 2018
From: mark.saad at ymail.com (Mark Saad)
Date: Sat, 26 May 2018 17:19:41 +0000 (UTC)
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
Message-ID: <1893169894.1496394.1527355181452@mail.yahoo.com>

Jim
  I think some people misunderstood what I was saying. I owe you a bit of an apology. 



________________________________
From: Jim Thompson <jim at netgate.com>
To: Pete Wright <pete at nomadlogic.org> 
Cc: Mark Saad <mark.saad at ymail.com>; Charles Sprickman <spork at bway.net>; NYCBUG Talk <talk at lists.nycbug.org>
Sent: Wednesday, May 23, 2018 5:08 PM
Subject: Re: [talk] So Netgate bails on FreeBSD







On May 23, 2018, at 3:09 PM, Pete Wright <pete at nomadlogic.org> wrote:
>
>On 05/23/2018 13:04, Mark Saad wrote:
>
>Charles
>> I like opnsense, I moved my office off pfsense to opnsense about 24 months ago and it?s been good .
>>
>>They do not have a complete rest api yet but it?s been easier t deal with opnsense for various uses.
>>
>>Also as someone who uses both FreeBSD and pfsense in a large corporation,  the irrational belief that Linux is better at something ; just because it?s Linux , is rampant .
>>
>> As to Jim?s site where they say tnsr will do 10g and beyond. I am already doing it and it didn?t require a strange setup to get there . But hey bullshit sells .
>>

(To Mark Saad):
You?re not doing 10gbps forwarding with 64 byte packets.  Let me know when you do.  Maybe you?re doing 10gpbs IP forwarding with 1500 byte packets, but that?s only around 880,000 packets per second.
To do 10Gbps the hard way, you need to be able to forward 14.88 million packets per second.  We?re far beyond that, Mark.

Meanwhile, TNSR can do 
42.60 Mpps (note: not Mbps, Mpps) IPv4 routing, with 700K routes and 500 ACLs,
15.93 Gpbs IPsec (AES-GCM using AES-NI) or 36.32 Gbps IPsec (AES-CBC-128 + HMAC-SHA1) using quick assist offloads.

All these on a i7-6950X with Intel 40G NICs, and QAT offload where noted.

You can?t do this with kernel networking on any platform.  What you?re seeing with TNSR is the (near) culmination of over two years of work.  That?s why it?s on the website.
It?s announced.  Finally.


The ?defend your bullshit if you can? token is now in your lap, Mark.



Now Pete:


man this is rough - i know jim can be crusty at times,
Guilty.  <grin>


but i've been happy with pfsense for ages despite some design choices i wouldn't have made.
>
Care to enumerate these?  I?m always listening.


i'm confused as to if/why centos-7 is only supported platform. centos is not something i'd ever want to run as a router or firewall - even if i had to run linux a rhel variant would be beyond my last choice.
>
Because the enterprise market knows and accepts RHEL/Centos.   Ports to Unbuntu are underway, and yes, we?ve investigated running all this on top of FreeBSD, but time to market is a thing, as this is all 100% self-funded.  The long pole in the tent is porting VPP to FreeBSD.  Want to help?  Pick up a keyboard, pull requests accepted: https://github.com/gonzopancho/vpp-fdio


my bet is that this setup requires some sketchy binary blobs from a hardware vendor which only supports centos...which makes it even worse in my eyes :(
>

Your bet is wrong. It's 100% pure source code make of:

DPDK (Open Source, https://github.com/DPDK/dpdk)
FD.io?s VPP (Open Source, https://github.com/FDio/vpp)
Using Clixon (open source, https://github.com/clicon/clixon) for CLI and RESTCONF.

See also: https://github.com/freebsd/freebsd-ports/blob/d49a37a725669f8ce60da2f3072ffd34be28c25d/devel/cligen/Makefile
https://github.com/freebsd/freebsd-ports/blob/e00c85c4bcb88042122d21a763b3dbbe3d461fc7/devel/clixon/Makefile

Plus Strongswan and FRR (I?ll assume people here know what those are, but they?re also both open source).
And a bunch of our own code (not open source).

I didn?t come here to make an ?ad? out of our for-sale product, but when people go off on a tangent about how I?ve ?abandoned? FreeBSD, when, point-in-fact, I have not, it makes me wonder what their agenda might be.

To be absolutely clear, no we have not abandoned FreeBSD.

Three of us will be at BSDCan in a couple weeks. Why would I attend a conference in Canada sans a commitment to BSD?

We continue to bring support for new hardware to FreeBSD/pfSense

- Marvell Armada 38x NIC, SD/eMMC and interrupt drivers.
- Mavell Armada 37x0, via support for espresso.bin http://espressobin.net https://gist.github.com/gonzopancho/760ab9ecee9dfbc1b6033e48647a4b48
- Various bits and pieces for Intel C3000
- future boards I?m not ready to talk about.

As well as maintenance to various ports that might matter to you.  Example: https://github.com/freebsd/freebsd-ports/commit/2f71ec69391e42b6a81ff849a50ae297d97d105c

I think I?ll stop there, except to note to Izaac, we get calls from PAN customers all the time.  pfSense can?t line up against PAN.  This can.



Jim




-- Mark Saad mark.saad at ymail.com



From izaac at setec.org  Wed May 30 11:44:05 2018
From: izaac at setec.org (Izaac)
Date: Wed, 30 May 2018 11:44:05 -0400
Subject: [talk] So Netgate bails on FreeBSD
In-Reply-To: <1893169894.1496394.1527355181452@mail.yahoo.com>
References: <926D857E-A931-4571-849F-F27C8400AB79@ymail.com>
 <419F32B2-8D83-446E-96A8-DF8AD2FCB25E@bway.net>
 <CED88758-F41A-4D10-9EA7-0E36D6462362@ymail.com>
 <8025e15d-b320-cd04-e03a-e219872c7f3f@nomadlogic.org>
 <67A73F46-3840-440A-A0F0-8CBB3294C9A5@netgate.com>
 <1893169894.1496394.1527355181452@mail.yahoo.com>
Message-ID: <20180530T142533Z@localhost>

On Sat, May 26, 2018 at 05:19:41PM +0000, Mark Saad wrote:
> I think I?ll stop there, except to note to Izaac, we get calls from
> PAN customers all the time.  pfSense can?t line up against PAN.  This
> can.

I just shit-canned eight PANs and replaced them with pfSense on some
ancient Dell R210s the other week.  I investigated what it would cost
out-of-pocket to have a) them shredded and b) the remnants shipped to
our rep.  I still may.

It felt really, really good.  And performance is better in nearly every
respect.  The only issue is "selling" the idea to the our paranoid
customers who associate the Palo Alto name with some fantasy of
excellence.  So far, it's been effective to list the suite of packages,
e.g. Suricata, and impress them with the sheer weight of text on
multiple lines.

And this is the real problem.  It's not about the technology.  It's
about perception and market inertia.

You've 100% done the right thing in coming out with a completely
detached product marketed at the space.  There's no way pfSense would be
satisfactorily whacked into an "Enterprise" form to make those people
happy.  "Based on the experience of developing" is about the most you
can get out of it.

But this market has nothing to do with technology and everything to do
with the promotion of irrational decisions.  The prey are executives who
desperately want to spend money on a thing so as to give the appearance
of having "done" something about it to their board.  The predators are
experienced.  They understand how to cultivate fear and offer relief.
They know how to weasel their products into positions from which they
can sell additional services.  They know how to cultivate drones who
constantly push the product into further integrations and refuse to
consider leaving.  Textbook psychopathy in a sales force.

Just read the commanding tone of this communication I got from them a
month ago:

   Date: Mon, 30 Apr 2018 21:54:41 +0000
   From: XXXXXXXX XXXXXXXX <XXXXXXXX at paloaltonetworks.com>
   Subject: Time to take a second look

   Hello,

   [You] previously evaluated Palo Alto Networks. Unfortunately, we
   went our separate ways. Since then, we released new hardware at lower
   prices and our new operating system with enhancements for cloud,
   phishing attacks, and more. It is worth another conversation.

   Let?s do an overview next Thursday afternoon? Let me know what time
   works best for you.

   XXXXXXXX XXXXXXXX | Business Development Representative, XXXXXXXX
   XXXXXXXX XXXXXXXX | Palo Alto Networks

Re-read it with the words "hey baby" in front for amusement.

I'm happy that I don't think you can compete with them at that level.
Be better.  I'd hope and expect that if you build your strategy around
being a competent alternative, you may have some luck -- and I genuinely
wish you guys luck.

-- 
. ___ ___  .   .  ___
.  \    /  |\  |\ \
.  _\_ /__ |-\ |-\ \__