From steve.b at osfda.org Tue Mar 3 14:20:43 2020 From: steve.b at osfda.org (steve.b at osfda.org) Date: Tue, 3 Mar 2020 14:20:43 -0500 Subject: [talk] parking near the NYU Tandon bldg In-Reply-To: References: Message-ID: <9a05dbe4-5732-e429-dae9-1144fa46eb35@osfda.org> Somebody might want to make a general announcement tonight on renewing letsencrypt certs, what with the flaw found (I have found letsencrypt's renewal system to be less than flawless...) HACKER HOLIDAY COMING UP! On 2/25/2020 2:21 PM, Rick Aliwalas wrote: > On Tue, 25 Feb 2020, George Rosamond wrote: > >> On 2/25/20 1:09 PM, Rick Aliwalas wrote: >>> Anyone know the parking situation in the NYU Tandon Building vicinity? >>> I'm contemplating driving to Bk for the talk next week (from New >>> Haven). >>> >> >> There's a lot south on Jay Street from Tandon... .before Jay turns into >> Smith St. > > Thanks George - good to know. > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org:8080/mailman/listinfo/talk From george at ceetonetechnology.com Tue Mar 3 14:46:16 2020 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 3 Mar 2020 14:46:16 -0500 Subject: [talk] NYU Paul Vixie meeting Tonight! Message-ID: <00956c8f-aacc-a4aa-b34f-158fb1381edd@ceetonetechnology.com> The meeting is still on. For those not local, the meeting will be streamed at Http://www.nycbug.org/index.cgi?action=streaming Security will have the RSVP list, but just mention the meeting and you should get in regardless. Email admin at lists.nycbug.org if you have any problems. Operating Systems as Dumb Pipes, Dr. Paul Vixie 2020-03-03 @ 18:45 - NYU Tandon Engineering Building (new), 370 Jay St, Room 1013, 10th Floor, Brooklyn (directly across Jay St from National Grid office). Closest subway exits in order are: Jay St - MetroTech Station (A, C, R, & F Trains) Borough Hall (4 & 5 Trains) Notice: You should RSVP for this meeting at rsvp AT lists.nycbug.org. You should receive an autoresponse email. Your email address is sufficient verification for entry. Abstract This meeting is cosponsored with NYU's Center for Cybersecurity. Apps and servers, especially on the Web, have an agenda which does not include or welcome any interference by any on-path actors such as ISPs, national security or regulation, or third parties from the supply chain or from the Internet core. The way the ideal role of on-path actors is often described by end users or application developers or online service providers is to say, "I just want you to be a dumb pipe". As of 2019, operating system developers and network and edge system administrators are also described this way. DNS over HTTPS (DoH) and HTTP over QUIC(HTTP/3) now bypass the operating system's implementation and configuration of DNS, and bypasses the kernel's implementation of TCP. At the March 2020 NYC*Bug meeting, Dr. Paul Vixie, CEO of Farsight Security, will tell the story of how we got here, and what this trend means for endpoint and network security. FreeBSD and "ipfw" will be used for demonstration. Speaker Biography Dr. Paul Vixie is Chairman, CEO and Cofounder of Farsight Security. Dr. Vixie is an internet pioneer. Currently, he is the Chairman, CEO and cofounder of award-winning Farsight Security, Inc. Dr. Vixie was inducted into the internet Hall of Fame in 2014 for work related to DNS and anti-spam technologies. He is the author of open source internet software including BIND 8, and of many internet standards documents concerning DNS and DNSSEC. In addition, he founded the first anti-spam company (MAPS, 1996), the first non-profit internet infrastructure company (ISC, 1994), and the first neutral and commercial internet exchange (PAIX, 1991). In 2018, he cofounded SIE Europe UG, a European data sharing collective to fight cybercrime. Dr. Vixie earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010. https://www.farsightsecurity.com/about-farsight-security/team/vixie/ From thornton.richard at gmail.com Tue Mar 3 16:16:11 2020 From: thornton.richard at gmail.com (Richard Thornton) Date: Tue, 3 Mar 2020 16:16:11 -0500 Subject: [talk] parking near the NYU Tandon bldg In-Reply-To: References: Message-ID: Don?t know all parking but for sure there is a garage across the street from the Blue Note on W3rd. I?ve used it before when I drove to the Village. Sent from my iPhone > On Feb 25, 2020, at 13:26, Rick Aliwalas wrote: > > ?Anyone know the parking situation in the NYU Tandon Building vicinity? > I'm contemplating driving to Bk for the talk next week (from New Haven). > > Thanks! > -rick > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org:8080/mailman/listinfo/talk From george at ceetonetechnology.com Tue Mar 3 17:19:14 2020 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 3 Mar 2020 17:19:14 -0500 Subject: [talk] parking near the NYU Tandon bldg In-Reply-To: References: Message-ID: The meeting is in Brooklyn, and an earlier reply noted a garage on Jay St by Livingston, a few blocks from Tandon. On 3/3/20 4:16 PM, Richard Thornton wrote: > Don?t know all parking but for sure there is a garage across the street from the Blue Note on W3rd. I?ve used it before when I drove to the Village. > > Sent from my iPhone > >> On Feb 25, 2020, at 13:26, Rick Aliwalas wrote: >> >> ?Anyone know the parking situation in the NYU Tandon Building vicinity? >> I'm contemplating driving to Bk for the talk next week (from New Haven). >> >> Thanks! >> -rick >> >> _______________________________________________ >> talk mailing list >> talk at lists.nycbug.org >> http://lists.nycbug.org:8080/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org:8080/mailman/listinfo/talk > From george at ceetonetechnology.com Wed Mar 4 08:48:51 2020 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 4 Mar 2020 08:48:51 -0500 Subject: [talk] Vixie meeting last night Message-ID: <5fc7dfe3-5fa4-1d48-d521-49ce4b462490@ceetonetechnology.com> Great meeting. Packed. Lots of debate. A lot of students in the room. I expected the numbers to be a lot lower, considering the concerns about the Corona virus. All credit to Patrick for the meeting. He reached out to Paul Vixie, and he got the meeting to happen. I think Vixie enjoyed the meeting also, and plans to do another in the future. Clearly we'll need a bigger room next time... g From raulcuza at gmail.com Wed Mar 4 12:25:44 2020 From: raulcuza at gmail.com (Raul Cuza) Date: Wed, 4 Mar 2020 12:25:44 -0500 Subject: [talk] Vixie meeting last night In-Reply-To: <5fc7dfe3-5fa4-1d48-d521-49ce4b462490@ceetonetechnology.com> References: <5fc7dfe3-5fa4-1d48-d521-49ce4b462490@ceetonetechnology.com> Message-ID: On Wed, Mar 4, 2020 at 8:49 AM George Rosamond wrote: > > Great meeting. Packed. Lots of debate. A lot of students in the room. > > I expected the numbers to be a lot lower, considering the concerns about > the Corona virus. > > All credit to Patrick for the meeting. He reached out to Paul Vixie, and > he got the meeting to happen. > > I think Vixie enjoyed the meeting also, and plans to do another in the > future. > > Clearly we'll need a bigger room next time... > > g No thinking about it. Vixie said this was one of the best meetings of this type he has attended. Now, if he has more Hollywood blood then I think he does OR was using "of this type" narrowly, I am wrong. But I don't think so. It was a fine talk and the civil (but heated) Q&A was worth the price of admission in and of itself (see what I did there?). And MUCHAS GRACIAS to Pat! - R. "raised too close to Hollywood to be taken seriously in NYC" From spork at bway.net Wed Mar 4 13:12:53 2020 From: spork at bway.net (Charles Sprickman) Date: Wed, 4 Mar 2020 13:12:53 -0500 Subject: [talk] Vixie meeting last night In-Reply-To: <5fc7dfe3-5fa4-1d48-d521-49ce4b462490@ceetonetechnology.com> References: <5fc7dfe3-5fa4-1d48-d521-49ce4b462490@ceetonetechnology.com> Message-ID: > On Mar 4, 2020, at 8:48 AM, George Rosamond wrote: > > Great meeting. Packed. Lots of debate. A lot of students in the room. > > I expected the numbers to be a lot lower, considering the concerns about > the Corona virus. Maybe your base is in Brooklyn and not Manhattan? Also just a periodic poke to see if anyone in NJ has found any meetups or similar that are *BSD-focused? C > All credit to Patrick for the meeting. He reached out to Paul Vixie, and > he got the meeting to happen. > > I think Vixie enjoyed the meeting also, and plans to do another in the > future. > > Clearly we'll need a bigger room next time... > > g > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org:8080/mailman/listinfo/talk From raulcuza at gmail.com Wed Mar 11 12:54:24 2020 From: raulcuza at gmail.com (Raul Cuza) Date: Wed, 11 Mar 2020 12:54:24 -0400 Subject: [talk] The Soul of a New(?) Machine Message-ID: https://www.youtube.com/watch?v=vvZA9n3e5pc Bryan Cantrill gave a talk at Stanford University (I guess in Feb, 2020) about the inappropriateness of the hardware people use when building out their own computes. I've only watched the first 30 min and I suspect the last part is touting his new company, but he does a great job of explaining the problem which is why I am sharing it with you all. The problems Vixie laid out with the layers between browsers and server processes doesn't stop there. They go all the way down to the hardware on both ends. Of course, the design that allows those problems is also the reason we have affordable ubiquitous computing. - Ra?l From george at ceetonetechnology.com Fri Mar 13 19:33:33 2020 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 13 Mar 2020 19:33:33 -0400 Subject: [talk] NYC*BUG meetings suspended Message-ID: <01b82b79-5507-1c80-146c-2e5bb08066e6@ceetonetechnology.com> For obvious reasons, we are suspending NYC*BUG meetings indefinitely until the crisis simmers down. In the meantime, we want to encourage everyone to join #nycbug on Freenode. We also should consider doing some type of virtual hackathon event... any ideas? Maybe even some IRC-based short workshops? Let the ideas flow... and stay safe everyone. g From george at ceetonetechnology.com Sun Mar 15 16:02:02 2020 From: george at ceetonetechnology.com (George Rosamond) Date: Sun, 15 Mar 2020 16:02:02 -0400 Subject: [talk] NYC*BUG meetings suspended In-Reply-To: <01b82b79-5507-1c80-146c-2e5bb08066e6@ceetonetechnology.com> References: <01b82b79-5507-1c80-146c-2e5bb08066e6@ceetonetechnology.com> Message-ID: On 3/13/20 7:33 PM, George Rosamond wrote: > For obvious reasons, we are suspending NYC*BUG meetings indefinitely > until the crisis simmers down. > > In the meantime, we want to encourage everyone to join #nycbug on Freenode. > > We also should consider doing some type of virtual hackathon event... > > any ideas? > > Maybe even some IRC-based short workshops? > > Let the ideas flow... and stay safe everyone. quick reminder about IRC: #nycbug on Freenode, then there's also #metabug. g From nonesuch at longcount.org Sun Mar 22 13:14:36 2020 From: nonesuch at longcount.org (Mark Saad) Date: Sun, 22 Mar 2020 13:14:36 -0400 Subject: [talk] =?utf-8?q?Let=E2=80=99s_talk_=40_2=3A30pm_edt?= Message-ID: <6740C8A0-3763-4FFD-BE5C-80A4493D3CB3@longcount.org> I would like to start a discussion on irc ( freenode channel #nycbug ) at 2:30 today eastern daylight time . Topics . Virtual hack-a-thon , what are you working on , and so on. Also for using irc , if you haven?t done this before , check out https://freenode.net/kb/answer/chat If you need a irc client , pidgin chat , and BitchX , are my favorites but by no means the only options . Both should be available to most operating systems . --- Mark Saad | nonesuch at longcount.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Sun Mar 22 14:24:37 2020 From: george at ceetonetechnology.com (George Rosamond) Date: Sun, 22 Mar 2020 14:24:37 -0400 Subject: [talk] =?utf-8?q?Let=E2=80=99s_talk_=40_2=3A30pm_edt?= In-Reply-To: <6740C8A0-3763-4FFD-BE5C-80A4493D3CB3@longcount.org> References: <6740C8A0-3763-4FFD-BE5C-80A4493D3CB3@longcount.org> Message-ID: On 3/22/20 1:14 PM, Mark Saad wrote: > > I would like to start a discussion on irc ( freenode channel #nycbug ) at 2:30 today eastern daylight time . Topics . Virtual hack-a-thon , what are you working on , and so on. > > Also for using irc , if you haven?t done this before , check out https://freenode.net/kb/answer/chat > > If you need a irc client , pidgin chat , and BitchX , are my favorites but by no means the only options . Both should be available to most operating systems . weechat works too. And freenode is not tor-friendly, but they do have a .onion site. g From george at ceetonetechnology.com Mon Mar 23 19:26:36 2020 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 23 Mar 2020 19:26:36 -0400 Subject: [talk] Fwd: [bsdcan-announce] BSDCan 2020 - online, not in person In-Reply-To: References: Message-ID: <30cfe8a9-53b6-3dfc-90ef-73f1084f6a60@ceetonetechnology.com> FYI -------- Forwarded Message -------- Subject: [bsdcan-announce] BSDCan 2020 - online, not in person Date: Mon, 23 Mar 2020 18:58:11 -0400 Hello everyone, We said we'd wait and see if things improve and decide by 1 April. Things are clearly not improving and let's not wait. BSDCan 2020 will be an online conference. It will not be in person. Details will soon follow. Hope this helps in the short term. ? Dan Langille http://langille.org/ _______________________________________________ bsdcan-announce mailing list bsdcan-announce at lists.bsdcan.org https://lists.bsdcan.org/mailman/listinfo/bsdcan-announce From thornton.richard at gmail.com Tue Mar 24 07:28:17 2020 From: thornton.richard at gmail.com (Richard Thornton) Date: Tue, 24 Mar 2020 07:28:17 -0400 Subject: [talk] Fwd: [bsdcan-announce] BSDCan 2020 - online, not in person In-Reply-To: <30cfe8a9-53b6-3dfc-90ef-73f1084f6a60@ceetonetechnology.com> References: <30cfe8a9-53b6-3dfc-90ef-73f1084f6a60@ceetonetechnology.com> Message-ID: I?d suggest using zoom not Jitsi, which is crap by comparison. Sent from my iPhone > On Mar 23, 2020, at 19:27, George Rosamond wrote: > > ?FYI > > > -------- Forwarded Message -------- > Subject: [bsdcan-announce] BSDCan 2020 - online, not in person > Date: Mon, 23 Mar 2020 18:58:11 -0400 > > Hello everyone, > > We said we'd wait and see if things improve and decide by 1 April. > > Things are clearly not improving and let's not wait. > > BSDCan 2020 will be an online conference. It will not be in person. > > Details will soon follow. Hope this helps in the short term. > > ? Dan Langille > http://langille.org/ > > > > > > _______________________________________________ > bsdcan-announce mailing list > bsdcan-announce at lists.bsdcan.org > https://lists.bsdcan.org/mailman/listinfo/bsdcan-announce > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org:8080/mailman/listinfo/talk From george at ceetonetechnology.com Fri Mar 27 11:33:25 2020 From: george at ceetonetechnology.com (George Rosamond) Date: Fri, 27 Mar 2020 11:33:25 -0400 Subject: [talk] Spectum field workers... Message-ID: <77c3595f-bfee-4aae-6edd-d151e9e8c59b@ceetonetechnology.com> Sort of crazy... https://news.slashdot.org/story/20/03/26/2312258/instead-of-hazard-pay-spectrum-offered-a-25-gift-card-to-technicians-who-enter-homes-amid-the-coronavirus-pandemic I've seen Spectrum techs around my block... g From spork at bway.net Fri Mar 27 12:58:24 2020 From: spork at bway.net (Charles Sprickman) Date: Fri, 27 Mar 2020 12:58:24 -0400 Subject: [talk] Spectum field workers... In-Reply-To: <77c3595f-bfee-4aae-6edd-d151e9e8c59b@ceetonetechnology.com> References: <77c3595f-bfee-4aae-6edd-d151e9e8c59b@ceetonetechnology.com> Message-ID: <312801FB-3A50-4455-A20E-E13AD5DD7728@bway.net> > On Mar 27, 2020, at 11:33 AM, George Rosamond wrote: > > Sort of crazy... > > https://news.slashdot.org/story/20/03/26/2312258/instead-of-hazard-pay-spectrum-offered-a-25-gift-card-to-technicians-who-enter-homes-amid-the-coronavirus-pandemic Not totally surprising? https://arstechnica.com/tech-policy/2020/03/charter-faces-blowback-after-banning-work-from-home-during-pandemic/ C > I've seen Spectrum techs around my block... > > g > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org:8080/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Sat Mar 28 22:25:50 2020 From: george at ceetonetechnology.com (George Rosamond) Date: Sat, 28 Mar 2020 22:25:50 -0400 Subject: [talk] "death of IT" Message-ID: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> A novel idea... if you forget that behind the SASE network is a bunch of servers. Deskilling has been going on without question, that's undeniable.... https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ From jim at netgate.com Sat Mar 28 23:14:57 2020 From: jim at netgate.com (Jim Thompson) Date: Sat, 28 Mar 2020 22:14:57 -0500 Subject: [talk] "death of IT" In-Reply-To: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> Message-ID: > On Mar 28, 2020, at 9:29 PM, George Rosamond wrote: > > ?A novel idea... if you forget that behind the SASE network is a bunch of > servers. Deskilling has been going on without question, that's > undeniable.... > > https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ "[A] new fact has now become painfully clear to me: you don't say you have the Ph.D. unless you really have the Ph.D." ? Mark Stephens (as Robert X. Cringley. Cringley is a pen named used by 4-5 authors over the years.) https://en.wikipedia.org/wiki/Robert_X._Cringely -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Sat Mar 28 23:16:58 2020 From: george at ceetonetechnology.com (George Rosamond) Date: Sat, 28 Mar 2020 23:16:58 -0400 Subject: [talk] "death of IT" In-Reply-To: References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> Message-ID: On 3/28/20 11:14 PM, Jim Thompson wrote: > > >> On Mar 28, 2020, at 9:29 PM, George Rosamond wrote: >> >> ?A novel idea... if you forget that behind the SASE network is a bunch of >> servers. Deskilling has been going on without question, that's >> undeniable.... >> >> https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ > > "[A] new fact has now become painfully clear to me: you don't say you have the Ph.D. unless you really have the Ph.D." ? Mark Stephens (as Robert X. Cringley. Cringley is a pen named used by 4-5 authors over the years.) > > https://en.wikipedia.org/wiki/Robert_X._Cringely > Sort of secondary to the point... g From rick at aliwalas.com Sat Mar 28 23:37:21 2020 From: rick at aliwalas.com (Rick Aliwalas) Date: Sat, 28 Mar 2020 23:37:21 -0400 (EDT) Subject: [talk] "death of IT" In-Reply-To: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> Message-ID: On Sat, 28 Mar 2020, George Rosamond wrote: > A novel idea... if you forget that behind the SASE network is a bunch of > servers. Deskilling has been going on without question, that's > undeniable.... > > https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ IT == changing keyboards? From kmsujit at gmail.com Sun Mar 29 01:46:04 2020 From: kmsujit at gmail.com (Sujit K M) Date: Sun, 29 Mar 2020 11:16:04 +0530 Subject: [talk] "death of IT" In-Reply-To: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> Message-ID: On Sun, Mar 29, 2020, 7:56 AM George Rosamond wrote: > A novel idea... if you forget that behind the SASE network is a bunch of > servers. Deskilling has been going on without question, that's > undeniable.... > > https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ I remember a fun topic I had got it in here, of network cables in cloud. Looks like devops is already replaced system admins. But would agree a superior plan on paper is now the way forward. > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org:8080/mailman/listinfo/talk > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jpb at jimby.name Sun Mar 29 10:11:02 2020 From: jpb at jimby.name (jpb) Date: Sun, 29 Mar 2020 10:11:02 -0400 Subject: [talk] "death of IT" In-Reply-To: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> Message-ID: <20200329101102.5a15a589.jpb@jimby.name> On Sat, 28 Mar 2020 22:25:50 -0400 George Rosamond wrote: > A novel idea... if you forget that behind the SASE network is a bunch > of servers. Deskilling has been going on without question, that's > undeniable.... > > https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ > Everybody on this list surely knows "IT" is much more than a kid running around replacing keyboards. Sure Amazon can deliver a keyboard to your dentist office for Sally to plug in, but who will manage do backups? Futher, per ISO 27002 who will: - create and enforce segregation of duties? - create, deliver, and track information security awareness and training? - track assets? - manage access rights? - ensure cryptographic keys are competently managed? - enforce secure disposal or re-use of equipment? - manage installation of software on operational systems? - create, monitor, and enforce network controls? - perform system acceptance testing? - monitor supplier relationships? - assess, respond, and remediate information security vulnerabilities? - create, test, and actually perform business continuity in the event of a disaster (or a pandemic)? - ensure the protection of your privacy and personal information? That one kid running around with a keyboard? I don't think so. Information Technology spans a wide range of activities and to kidnap a former popular phrase - "it takes a collection of skilled people". We have to push back on 'deskilling', because if we don't we will all eventually be standing around waiting for *someone* to get that double NAT l2tp X.25 eigrp tunnel to route my cat videos to my AWS multicast server. Lol, Jim B. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3631 bytes Desc: not available URL: From callab5 at rpi.edu Sun Mar 29 10:16:50 2020 From: callab5 at rpi.edu (Brian Callahan) Date: Sun, 29 Mar 2020 10:16:50 -0400 Subject: [talk] "death of IT" In-Reply-To: <20200329101102.5a15a589.jpb@jimby.name> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> <20200329101102.5a15a589.jpb@jimby.name> Message-ID: <403dd584-5397-740a-40d5-a8db16ed052c@rpi.edu> On 2020-03-29 10:11 AM, jpb wrote: > On Sat, 28 Mar 2020 22:25:50 -0400 > George Rosamond wrote: > >> A novel idea... if you forget that behind the SASE network is a bunch >> of servers. Deskilling has been going on without question, that's >> undeniable.... >> >> https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ >> > > Everybody on this list surely knows "IT" is much more than a kid running > around replacing keyboards. Sure Amazon can deliver a keyboard to your > dentist office for Sally to plug in, but who will manage do backups? > > Futher, per ISO 27002 who will: > > - create and enforce segregation of duties? > - create, deliver, and track information security awareness and > training? > - track assets? > - manage access rights? > - ensure cryptographic keys are competently managed? > - enforce secure disposal or re-use of equipment? > - manage installation of software on operational systems? > - create, monitor, and enforce network controls? > - perform system acceptance testing? > - monitor supplier relationships? > - assess, respond, and remediate information security vulnerabilities? > - create, test, and actually perform business continuity in the event > of a disaster (or a pandemic)? > - ensure the protection of your privacy and personal information? > > Wish my Infosec students were on this list--we covered ISO 27002 on Thursday! Great stuff Jim. I often end up teaching a lot of these skills indirectly in my programming courses because they are so crucial. ~Brian From jkeenan at pobox.com Sun Mar 29 12:15:00 2020 From: jkeenan at pobox.com (James E Keenan) Date: Sun, 29 Mar 2020 12:15:00 -0400 Subject: [talk] "death of IT" In-Reply-To: <403dd584-5397-740a-40d5-a8db16ed052c@rpi.edu> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> <20200329101102.5a15a589.jpb@jimby.name> <403dd584-5397-740a-40d5-a8db16ed052c@rpi.edu> Message-ID: On 3/29/20 10:16 AM, Brian Callahan wrote: > [snip] >> >> Futher, per ISO 27002 who will: >> >> ? - create and enforce segregation of duties? >> ? - create, deliver, and track information security awareness and >> ??? training? >> ? - track assets? >> ? - manage access rights? >> ? - ensure cryptographic keys are competently managed? >> ? - enforce secure disposal or re-use of equipment? >> ? - manage installation of software on operational systems? >> ? - create, monitor, and enforce network controls? >> ? - perform system acceptance testing? >> ? - monitor supplier relationships? >> ? - assess, respond, and remediate information security vulnerabilities? >> ? - create, test, and actually perform business continuity in the event >> ??? of a disaster (or a pandemic)? >> ? - ensure the protection of your privacy and personal information? >> >> > > Wish my Infosec students were on this list--we covered ISO 27002 on > Thursday! Great stuff Jim. > I often end up teaching a lot of these skills indirectly in my > programming courses because they are so crucial. > One of the limitations of being almost completely self-taught as a programmer is that I never learned any of the stuff on that list. jimk From steve.b at osfda.org Sun Mar 29 14:49:05 2020 From: steve.b at osfda.org (steve.b at osfda.org) Date: Sun, 29 Mar 2020 14:49:05 -0400 Subject: [talk] "death of IT" In-Reply-To: References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> <20200329101102.5a15a589.jpb@jimby.name> <403dd584-5397-740a-40d5-a8db16ed052c@rpi.edu> Message-ID: I? would call it the diminishment of IT. I actually envisaged the current empowerment and participation of employees in company's tech decades ago; but, like technology (except when monopolies are involved...), it's not so much a death, but re-purposing and change. IS+IT were all-powerful, it was not a consideration you could use your own keyboard back then; OK, so we have a greater diversity of accepted hardware standards, and employees can pick+choose now. The fight now is over network access: often if someone has a token authenticator for access to the company network, IT dictates the operating system, apps, and network software that an employee may use in conjunction with it (to blow off those stipulations is to risk getting fired; to sweeten the deal, companies configure laptops with the approved mix -providing equipment also serves as a moat against intellectual property claims in some instances...) If more apps migrate to web-based, then that will be less of an issue. But as we correspond, the Internet creaks because of Covid... On 3/29/2020 12:15 PM, James E Keenan wrote: > On 3/29/20 10:16 AM, Brian Callahan wrote: >> > [snip] > >>> >>> Futher, per ISO 27002 who will: >>> >>> ? - create and enforce segregation of duties? >>> ? - create, deliver, and track information security awareness and >>> ??? training? >>> ? - track assets? >>> ? - manage access rights? >>> ? - ensure cryptographic keys are competently managed? >>> ? - enforce secure disposal or re-use of equipment? >>> ? - manage installation of software on operational systems? >>> ? - create, monitor, and enforce network controls? >>> ? - perform system acceptance testing? >>> ? - monitor supplier relationships? >>> ? - assess, respond, and remediate information security >>> vulnerabilities? >>> ? - create, test, and actually perform business continuity in the event >>> ??? of a disaster (or a pandemic)? >>> ? - ensure the protection of your privacy and personal information? >>> >>> >> >> Wish my Infosec students were on this list--we covered ISO 27002 on >> Thursday! Great stuff Jim. >> I often end up teaching a lot of these skills indirectly in my >> programming courses because they are so crucial. >> > > One of the limitations of being almost completely self-taught as a > programmer is that I never learned any of the stuff on that list. > > jimk > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org:8080/mailman/listinfo/talk From ibsens at ripsbusker.no.eu.org Sun Mar 29 14:32:35 2020 From: ibsens at ripsbusker.no.eu.org (Ibsen S Ripsbusker) Date: Sun, 29 Mar 2020 18:32:35 +0000 Subject: [talk] "death of IT" In-Reply-To: References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> <20200329101102.5a15a589.jpb@jimby.name> <403dd584-5397-740a-40d5-a8db16ed052c@rpi.edu> Message-ID: <1ee2a146-06ac-4741-a622-afe0ae891687@www.fastmail.com> Why is the article significant? It looks like uninformed marketing bullshit of the sort that gets written by underpaid precarious workers, so don't see why it merits distribution to this list. On a similar note, it makes sense, Jim, that you would think you don't know the things Brian listed when it is said so fancy-like. From callab5 at rpi.edu Sun Mar 29 14:59:23 2020 From: callab5 at rpi.edu (Brian Callahan) Date: Sun, 29 Mar 2020 14:59:23 -0400 Subject: [talk] "death of IT" In-Reply-To: <1ee2a146-06ac-4741-a622-afe0ae891687@www.fastmail.com> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> <20200329101102.5a15a589.jpb@jimby.name> <403dd584-5397-740a-40d5-a8db16ed052c@rpi.edu> <1ee2a146-06ac-4741-a622-afe0ae891687@www.fastmail.com> Message-ID: Hi Ibsen -- On 2020-03-29 2:32 PM, Ibsen S Ripsbusker wrote: > Why is the article significant? It looks like uninformed marketing bullshit of the sort that gets written by underpaid precarious workers, so don't see why it merits distribution to this list. > > On a similar note, it makes sense, Jim, that you would think you don't know the things Brian listed when it is said so fancy-like. > I think you've misread the thread. That was jpb, not me, who rattled off that list. ~Brian From jpb at jimby.name Sun Mar 29 14:59:51 2020 From: jpb at jimby.name (jpb) Date: Sun, 29 Mar 2020 14:59:51 -0400 Subject: [talk] "death of IT" In-Reply-To: References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> <20200329101102.5a15a589.jpb@jimby.name> <403dd584-5397-740a-40d5-a8db16ed052c@rpi.edu> Message-ID: <20200329145951.4332dad1.jpb@jimby.name> On Sun, 29 Mar 2020 12:15:00 -0400 James E Keenan wrote: > On 3/29/20 10:16 AM, Brian Callahan wrote: > > > [snip] > > >> > >> Futher, per ISO 27002 who will: > >> > >> ? - create and enforce segregation of duties? > >> ? - create, deliver, and track information security awareness and > >> ??? training? > >> ? - track assets? > >> ? - manage access rights? > >> ? - ensure cryptographic keys are competently managed? > >> ? - enforce secure disposal or re-use of equipment? > >> ? - manage installation of software on operational systems? > >> ? - create, monitor, and enforce network controls? > >> ? - perform system acceptance testing? > >> ? - monitor supplier relationships? > >> ? - assess, respond, and remediate information security > >> vulnerabilities? > >> ? - create, test, and actually perform business continuity in the > >> event of a disaster (or a pandemic)? > >> ? - ensure the protection of your privacy and personal information? > >> > >> > > > > Wish my Infosec students were on this list--we covered ISO 27002 on > > Thursday! Great stuff Jim. > > I often end up teaching a lot of these skills indirectly in my > > programming courses because they are so crucial. > > > > One of the limitations of being almost completely self-taught as a > programmer is that I never learned any of the stuff on that list. > > jimk > Perhaps, but if you've worked in the corporate world for any length of time, you see them all the time. Pretty much everything on that list is a job for somebody, but hopefully not all the same person! Cheers, Jim B. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3631 bytes Desc: not available URL: From jkeenan at pobox.com Sun Mar 29 15:05:32 2020 From: jkeenan at pobox.com (James E Keenan) Date: Sun, 29 Mar 2020 15:05:32 -0400 Subject: [talk] "death of IT" In-Reply-To: <20200329145951.4332dad1.jpb@jimby.name> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> <20200329101102.5a15a589.jpb@jimby.name> <403dd584-5397-740a-40d5-a8db16ed052c@rpi.edu> <20200329145951.4332dad1.jpb@jimby.name> Message-ID: <500f0841-5281-9b89-bd0a-0afeca278c67@pobox.com> On 3/29/20 2:59 PM, jpb wrote: > On Sun, 29 Mar 2020 12:15:00 -0400 > James E Keenan wrote: > >> On 3/29/20 10:16 AM, Brian Callahan wrote: >>> >> [snip] >> >>>> >>>> Futher, per ISO 27002 who will: >>>> >>>> ? - create and enforce segregation of duties? >>>> ? - create, deliver, and track information security awareness and >>>> ??? training? >>>> ? - track assets? >>>> ? - manage access rights? >>>> ? - ensure cryptographic keys are competently managed? >>>> ? - enforce secure disposal or re-use of equipment? >>>> ? - manage installation of software on operational systems? >>>> ? - create, monitor, and enforce network controls? >>>> ? - perform system acceptance testing? >>>> ? - monitor supplier relationships? >>>> ? - assess, respond, and remediate information security >>>> vulnerabilities? >>>> ? - create, test, and actually perform business continuity in the >>>> event of a disaster (or a pandemic)? >>>> ? - ensure the protection of your privacy and personal information? >>>> >>>> >>> >>> Wish my Infosec students were on this list--we covered ISO 27002 on >>> Thursday! Great stuff Jim. >>> I often end up teaching a lot of these skills indirectly in my >>> programming courses because they are so crucial. >>> >> >> One of the limitations of being almost completely self-taught as a >> programmer is that I never learned any of the stuff on that list. >> >> jimk >> > > Perhaps, but if you've worked in the corporate world for any length of > time, you see them all the time. Pretty much everything on that list is > a job for somebody, but hopefully not all the same person! > > Cheers, > Jim B. > Well, I *did* work in the corporate (ad tech) world for 10 years ... but always at places that were large enough when I started that sysadmin and software dev roles were strictly separate. I suspect that if I had worked at a start-up of 10 people where everyone was wearing multiple hats, I would have absorbed all that sysadmin stuff by admosis. As it happened, most of what little I learned came from sitting next to Brian Coca. jimk From ibsens at ripsbusker.no.eu.org Sun Mar 29 15:12:23 2020 From: ibsens at ripsbusker.no.eu.org (Ibsen S Ripsbusker) Date: Sun, 29 Mar 2020 19:12:23 +0000 Subject: [talk] "death of IT" In-Reply-To: <500f0841-5281-9b89-bd0a-0afeca278c67@pobox.com> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> <20200329101102.5a15a589.jpb@jimby.name> <403dd584-5397-740a-40d5-a8db16ed052c@rpi.edu> <20200329145951.4332dad1.jpb@jimby.name> <500f0841-5281-9b89-bd0a-0afeca278c67@pobox.com> Message-ID: <4019134a-2154-43ea-b146-374affdf6355@www.fastmail.com> On Sun, Mar 29, 2020, at 19:05, James E Keenan wrote: > Well, I *did* work in the corporate (ad tech) world for 10 years ... but > always at places that were large enough when I started that sysadmin and > software dev roles were strictly separate. I suspect that if I had > worked at a start-up of 10 people where everyone was wearing multiple > hats, I would have absorbed all that sysadmin stuff by admosis. As it > happened, most of what little I learned came from sitting next to Brian > Coca. All of that is happening in Perl, and you must understand half of it given that you manage to contribute. On Sun, Mar 29, 2020, at 18:59, Brian Callahan wrote: > I think you've misread the thread. That was jpb, not me, who rattled off > that list. I agree. From jim at netgate.com Sun Mar 29 18:39:21 2020 From: jim at netgate.com (Jim Thompson) Date: Sun, 29 Mar 2020 17:39:21 -0500 Subject: [talk] "death of IT" In-Reply-To: References: Message-ID: >> On Mar 28, 2020, at 10:17 PM, George Rosamond wrote: > ? > >> On 3/28/20 11:14 PM, Jim Thompson wrote: >> >> >>>>> On Mar 28, 2020, at 9:29 PM, George Rosamond wrote: >>> ?A novel idea... if you forget that behind the SASE network is a bunch of >>> servers. Deskilling has been going on without question, that's >>> undeniable.... >>> https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ >> >> "[A] new fact has now become painfully clear to me: you don't say you have the Ph.D. unless you really have the Ph.D." ? Mark Stephens (as Robert X. Cringley. Cringley is a pen named used by 4-5 authors over the years.) >> >> https://en.wikipedia.org/wiki/Robert_X._Cringely > > Sort of secondary to the point... My point is that you?re citing an article written by a person (Mark Stephens), who has been disproven so many times that we?ve lost count. He might as well be a fiction writer. He even falsely claimed to have a PhD from Stanford, until Stanford called him out. So why put any stock in what he says about IT, especially when his lede is that you can get a keyboard from Amazon? Because he?s promoting SASE, which Gartner is (also) pimping? That boat won?t float. SASE is cloud-focused. It?s just another iteration on SD-WAN, and SD-WAN was only a reaction to MPLS circuits terminating at the data center, but the apps moving to public cloud. We had a call with Gartner. The pinhead on the call must have said ?L7 forwarding? 30 times. He seriously thinks the world will move to making routing decisions on the basis of payload. It was insanely stupid. L7 forwarding actually makes a certain amount of sense if (and only if) everything is a web app, *and* you?re a load balancer so you can, for example, make a decision to forward a given URL to that set of servers over there (or make the decision on any other (set of) layer 7 attribute(s) such as the detected browser type). But TLS makes that increasingly difficult, and nearly every web app has, or will soon have, TLS. Load balancers will perform TLS termination, but we were talking about ?forwarding?, remember? So, in the end, you have a bullsh*t artist (Stephens, writing under the Cringley pennant), spouting bullsh*t about ?the end of IT?, because Amazon can provide the keyboards and Cisco will sell you a new WAN. Got it. From pete at nomadlogic.org Mon Mar 30 14:36:49 2020 From: pete at nomadlogic.org (Pete Wright) Date: Mon, 30 Mar 2020 11:36:49 -0700 Subject: [talk] "death of IT" In-Reply-To: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> Message-ID: <01d0582a-ddad-fabd-8f95-7f5fe0c9eb7b@nomadlogic.org> On 3/28/20 7:25 PM, George Rosamond wrote: > A novel idea... if you forget that behind the SASE network is a bunch of > servers. Deskilling has been going on without question, that's > undeniable.... > > https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ heh that's a pretty interesting article.? one observation i have about IT is that things are changing now in new and potentially unforeseen ways, but i think that's always been the case.? AWS et. al. changed the game for lots of teams who didn't need to manage physical servers any more b/c it wasn't core to their business. same with the growth of SaaS. what i've observed is that with each of these shifts lower order tasks get commoditized and staff shifts to managing higher order problems.? so IMHO what i think is happening now is most IT teams are focusing on previously pretty isolated security roles in a wider extend. -p -- Pete Wright pete at nomadlogic.org @nomadlogicLA From dan at langille.org Mon Mar 30 18:00:52 2020 From: dan at langille.org (Dan Langille) Date: Mon, 30 Mar 2020 18:00:52 -0400 Subject: [talk] "death of IT" In-Reply-To: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> Message-ID: <05831e6b-f6ee-4506-afe1-14ea5cfb1546@www.fastmail.com> On Sat, Mar 28, 2020, at 10:25 PM, George Rosamond wrote: > A novel idea... if you forget that behind the SASE network is a bunch of > servers. Deskilling has been going on without question, that's > undeniable.... > > https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ The death of programming has been talking about for several decades. Hasn't happened yet. I see no reason to take the article seriously. -- Dan Langille dan at langille.org From imp at bsdimp.com Mon Mar 30 18:52:32 2020 From: imp at bsdimp.com (Warner Losh) Date: Mon, 30 Mar 2020 16:52:32 -0600 Subject: [talk] "death of IT" In-Reply-To: <05831e6b-f6ee-4506-afe1-14ea5cfb1546@www.fastmail.com> References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> <05831e6b-f6ee-4506-afe1-14ea5cfb1546@www.fastmail.com> Message-ID: On Mon, Mar 30, 2020 at 4:03 PM Dan Langille wrote: > On Sat, Mar 28, 2020, at 10:25 PM, George Rosamond wrote: > > A novel idea... if you forget that behind the SASE network is a bunch of > > servers. Deskilling has been going on without question, that's > > undeniable.... > > > > https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ > > > The death of programming has been talking about for several decades. > > Hasn't happened yet. > > I see no reason to take the article seriously. > In other news BSD is dying. Warner -------------- next part -------------- An HTML attachment was scrubbed... URL: From briancoca+nycbug at gmail.com Tue Mar 31 09:54:36 2020 From: briancoca+nycbug at gmail.com (Brian Coca) Date: Tue, 31 Mar 2020 09:54:36 -0400 Subject: [talk] "death of IT" In-Reply-To: References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> <05831e6b-f6ee-4506-afe1-14ea5cfb1546@www.fastmail.com> Message-ID: IME IT has 'died' every 4yrs, as technology changes fads come and go the jobe constantly changes and adapts to the 'new normal' . The SA is dead ...long live the SRE... at least until we find new names and acronyms to mean ' the people that keep the show running'. The term IT itself has been used to mean very diff things, though a lot of people confuse as 'just helpdesk', those in the know understand it is the lifeblood of automation. The 'IT crowd' has a hilarious scene with the head of IT interviewing for a job but unable to say what the acronym stands for....pretty sure we've all encountered similar people, let them say IT is dead, then turn around and call us 'cause they broke the internetses'. On Mon, Mar 30, 2020, 18:53 Warner Losh wrote: > > > On Mon, Mar 30, 2020 at 4:03 PM Dan Langille wrote: > >> On Sat, Mar 28, 2020, at 10:25 PM, George Rosamond wrote: >> > A novel idea... if you forget that behind the SASE network is a bunch of >> > servers. Deskilling has been going on without question, that's >> > undeniable.... >> > >> > https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ >> >> >> The death of programming has been talking about for several decades. >> >> Hasn't happened yet. >> >> I see no reason to take the article seriously. >> > > In other news BSD is dying. > > Warner > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org:8080/mailman/listinfo/talk > -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve.b at osfda.org Tue Mar 31 17:04:49 2020 From: steve.b at osfda.org (steve.b at osfda.org) Date: Tue, 31 Mar 2020 17:04:49 -0400 Subject: [talk] "death of IT" In-Reply-To: References: <83f6c4dd-f33f-7d4e-168d-eb2b8eeebe77@ceetonetechnology.com> <05831e6b-f6ee-4506-afe1-14ea5cfb1546@www.fastmail.com> Message-ID: <5d8ac326-7f12-e5b4-cc7b-7113ddce2851@osfda.org> Yeah, constant change (in PART driven by upsell...) https://www.dailymotion.com/video/x1793b?start=365 Never bought Yang's automation argument, other than the fact that this country has severely degraded access to quality education (thus abandoning people who need it...) On 3/31/2020 9:54 AM, Brian Coca wrote: > IME IT has 'died' every 4yrs, as technology changes fads come and go > the jobe constantly changes and adapts to the 'new normal' . > > The SA is dead ...long live the SRE... at least until we find new > names and acronyms to mean ' the people that keep the show running'. > > > The term IT itself has been used to mean very diff things, though a > lot of people confuse as 'just helpdesk', those in the know understand > it is the lifeblood of automation. > > > The 'IT crowd' has a hilarious scene with the head of IT interviewing > for a job but unable to say what the acronym stands for....pretty sure > we've all encountered similar people, let them say IT is dead, then > turn around and call us 'cause they broke the internetses'. > > On Mon, Mar 30, 2020, 18:53 Warner Losh > wrote: > > > > On Mon, Mar 30, 2020 at 4:03 PM Dan Langille > wrote: > > On Sat, Mar 28, 2020, at 10:25 PM, George Rosamond wrote: > > A novel idea... if you forget that behind the SASE network > is a bunch of > > servers.? Deskilling has been going on without question, that's > > undeniable.... > > > > https://www.cringely.com/2020/03/25/2020-brings-the-death-of-it/ > > > The death of programming has been talking about for several > decades. > > Hasn't happened yet. > > I see no reason to take the article seriously. > > > In other news? BSD is dying. > > Warner > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org:8080/mailman/listinfo/talk > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > http://lists.nycbug.org:8080/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: