From george at ceetonetechnology.com Tue Apr 2 19:41:07 2024 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 2 Apr 2024 19:41:07 -0400 Subject: [talk] NYC*BUG Wed Apr 3: 20 Years of NYC*BUG Message-ID: <9f55ed6a-8219-48c2-9d60-2424db2adf1d@ceetonetechnology.com> https://www.nycbug.org/index?action=view&id=10695 20 Years of NYC*BUG and Can We Handle 20 More? George Rosamond 2024-04-03 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building (new), 370 Jay St, 7th Floor kitchen area, Brooklyn (directly across Jay St from National Grid office). Closest subway exits in order are Jay St - MetroTech Station (A, C, R, & F Trains) Borough Hall (4 & 5 Trains). ***Notice: You should RSVP for this meeting at rsvp AT lists.nycbug.org. You should receive an autoresponse email. Your email address is sufficient verification for entry.*** The New York City *BSD User Group officially launched at Linux World Expo on January 2004 with a packed birds-of-a-feather session. The first meeting was held on February 4th. Several of us starting pulling together the group in December 2003, and carefully planned for the events. That makes January 2024 the official 20th anniversary of NYC*BUG, which is a long time in user-group years. Like every other organization, NYC*BUG's history isn't a simple linear process. There were ebbs and flows, some due to our own decisions and activities, others due to the larger world. But we are still operating, with regular monthly meetings after the pandemic, and still constantly assessing and reassessing what we're doing and where we're going. This isn't going to be a straight-forward presentation. Rather, the input from everyone who experienced the trajectory at any moment is vital for drawing a full picture. That input will provide important ingredients for the more polished version of this presentation at BSDCan May 31 through June 1st. We look forward to input from those who have been part of this journey. Hopefully the outcome will be a rich image of the history. George Rosamond is a founder and long-time admin@ member of NYC*BUG. He's the co-founder and CTO of ClearOPS, a privacy and security technology startup. A sysadmin by trade with citizenship in BSD Unix land, his area of interest and expertise lies with privacy-enhancing technologies, most importantly with the Tor Project. He thrives on creating and designing unorthodox solutions to ordinary problems, but so do most other people in the *BSD community. Offsite Participation: We plan to stream via NYC*BUG Website unless the speaker requests otherwise. Q&A will be via IRC on Libera.chat channel #nycbug - Please preface your questions with '[Q]' From jkeenan at pobox.com Thu Apr 4 09:51:16 2024 From: jkeenan at pobox.com (James E Keenan) Date: Thu, 4 Apr 2024 09:51:16 -0400 Subject: [talk] Article on bug detection in NY Times Message-ID: <11e1e827-1ab6-4616-a814-77ce87dc301e@pobox.com> It's not every day that an article about detecting a bug in open source software makes the front page of the New York Times. https://www.nytimes.com/2024/04/03/technology/prevent-cyberattack-linux.html From nonesuch at longcount.org Thu Apr 4 10:37:08 2024 From: nonesuch at longcount.org (Mark Saad) Date: Thu, 4 Apr 2024 10:37:08 -0400 Subject: [talk] Article on bug detection in NY Times In-Reply-To: <11e1e827-1ab6-4616-a814-77ce87dc301e@pobox.com> References: <11e1e827-1ab6-4616-a814-77ce87dc301e@pobox.com> Message-ID: Nice catch James, For the cheapskates out there like me, https://web.archive.org/web/20240404133045/https://www.nytimes.com/2024/04/03/technology/prevent-cyberattack-linux.html . On Thu, Apr 4, 2024 at 9:54?AM James E Keenan wrote: > It's not every day that an article about detecting a bug in open source > software makes the front page of the New York Times. > > > https://www.nytimes.com/2024/04/03/technology/prevent-cyberattack-linux.html > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > https://lists.nycbug.org:8443/mailman/listinfo/talk > -- mark saad | nonesuch at longcount.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From me at enzu.ru Sun Apr 7 19:45:35 2024 From: me at enzu.ru (Ahmed Khanzada) Date: Sun, 07 Apr 2024 19:45:35 -0400 Subject: [talk] Any OpenBSD dev in the NYC metro area want free equipment? Message-ID: <87le5o4u00.fsf@enzu.ru> Hey all, My wife is pregnant so I am getting rid of a bunch of stuff. I have two PowerPC iBooks and a SPARC64 Sun Ultra 45 that I would like to give to a local OpenBSD developer. They are all running OpenBSD, I think version 6.6 Any takers? You'd have to come pick them up, as my wife and I are carless. PS: This page lists an incorrect mailing list URL for the announce list: https://www.nycbug.org/index?action=lists Thanks, Ahmed From george at ceetonetechnology.com Wed Apr 10 13:08:59 2024 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 10 Apr 2024 13:08:59 -0400 Subject: [talk] xz compromise and ports systems Message-ID: There's a lot to be said about the security of ports supply chains. There are lots of mitigations to apply starting from the original developer, to distribution and packaging to the end user and operating system at the destination. You can build a nice ports/pkg system, verify the source with checksums, then move up to digital signatures, and so on. Clearly you can't mock ports systems, the need for original source code should go away. Raw pip or CPAN removes some basic guard rails. But most mitigations are looking to solve one moment in the ports supply chain. Ultimately the issue is most difficult when the original developer(s) of the source are the problem, conscious or not. "But the source was signed with the developer's keys!" You can call that a verified backdoor. All the crud on PyPi is a good example. Operating system mitigations matter, since few users will actually look at the original source or even changelogs. One might think that some 3p auditor could be used to verify code changes with some projects.... then we turn into a world of blue check marks for open source code. Now let's charge a fee! We can even validate it for SOC2 compliance! "Get a blue check for your application in four days cheap!" Certainly complexity makes things worse, including on the operating system level. Cough, cough systemd. Building out complex "supply chains" for applications needs to be avoided. And witch hunts aren't going to address these larger problems. https://www.wired.com/story/jia-tan-xz-backdoor/ g From mcevoy.pat at gmail.com Sun Apr 14 15:29:00 2024 From: mcevoy.pat at gmail.com (Pat McEvoy) Date: Sun, 14 Apr 2024 15:29:00 -0400 Subject: [talk] "Conference AV Streaming Donation" Message-ID: Hello, I am a member of both the BSDCan and EuroBSDcon stream teams along with the NYC*BUG meeting video person. As a community we have been streaming and producing the conference videos for both conferences for a few years now. I would like to ask the community for help to purchase equipment for our collective benefit for use in future conferences. While cameras are easy enough to rent, Decimators, the HDMI to SDI signal conversion units we have speakers plug into at conferences, do not seem to be an item AV rental companies stock. By making these purchases we can lower our yearly AV equipment rental bill and have the key pieces of equipment on hand for our conferences. The devices in the wish list below are the next model up from the units we used in Portugal and will work with the newest Mac laptops. Some members of the community have expressed interest in helping with the hardware upgrade and would like the benefit of a US tax system 501c3 donation write off. I have spoken to the FreeBSD Foundation and they have agreed to purchase the units for us using funds earmarked for the Conference AV Streaming Donation. FreeBSD Foundation: (Please label donation "Conference AV Streaming Donation" in Paypal comments / check memo please) https://freebsdfoundation.org/donate/ More info on the Decimator unit: https://www.decimator.com/Products/MiniConverters/12G-CROSS/12G-CROSS.html Wish List for a local NYC supplier that carries Decimators if you want to just buy directly.: https://www.bnh.com/wish/493426bf537e5b9873ebcad2b31e1ef0/ Patrick McEvoy -------------- next part -------------- An HTML attachment was scrubbed... URL: From jklowden at schemamania.org Mon Apr 15 13:33:14 2024 From: jklowden at schemamania.org (James K. Lowden) Date: Mon, 15 Apr 2024 13:33:14 -0400 Subject: [talk] "Conference AV Streaming Donation" In-Reply-To: References: Message-ID: <20240415133314.e8649a57664926ddccc95457@schemamania.org> On Sun, 14 Apr 2024 15:29:00 -0400 Pat McEvoy wrote: > While cameras are easy enough to rent, Decimators, the HDMI to SDI > signal conversion units we have speakers plug into at conferences, do > not seem to be an item AV rental companies stock. HI Pat, AIUI you need a $500 gadget to prepare videos. My firm has agreed to pay for one. Simplest for us I think would be to buy it outright and ship it where you want it. It's not in stock at B&H but I found an outfit in Wisconsin that has one at the same price. But tell me what is best for you. I can send PayPal to the foundation, too. As you like. Regards, --jkl From george at ceetonetechnology.com Tue Apr 16 12:30:26 2024 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 16 Apr 2024 12:30:26 -0400 Subject: [talk] "Conference AV Streaming Donation" In-Reply-To: <20240415133314.e8649a57664926ddccc95457@schemamania.org> References: <20240415133314.e8649a57664926ddccc95457@schemamania.org> Message-ID: On 4/15/24 13:33, James K. Lowden wrote: > On Sun, 14 Apr 2024 15:29:00 -0400 > Pat McEvoy wrote: > >> While cameras are easy enough to rent, Decimators, the HDMI to SDI >> signal conversion units we have speakers plug into at conferences, do >> not seem to be an item AV rental companies stock. > > HI Pat, > > AIUI you need a $500 gadget to prepare videos. My firm has agreed to > pay for one. > > Simplest for us I think would be to buy it outright and ship it > where you want it. It's not in stock at B&H but I found an outfit in > Wisconsin that has one at the same price. > > But tell me what is best for you. I can send PayPal to the foundation, > too. As you like. Wow. Very generous James! Just another plug for Patrick here.... We attempted to get volunteers to do NYCBSDCon video and ended up with only disappearing people or debacles of some sort or another. Some people argued the only way to get a con on video was to hire an outside firm. Then Patrick came along.... he is the motor for many BSD-related events to be uploaded and circulated. His BSDTV YouTube channel is doing brilliantly, and he has put in the hard consistent work most people only say they're going to do. He travels a few hours home after a NYC*BUG meeting and the video is released not long after that. He never asks for anything, and I think he's even had to pay for certain cons. He shouldn't have to pay for anything if he's taping a con. He should be covereed 100% for his contributions. He is doing an enormous amount for BSD publicity for everyone's sake. Of course now that I posted this, Patrick will disappear and we'll never hear from him again! This was the kiss of disappearance! g From mwl at mwl.io Wed Apr 17 14:15:29 2024 From: mwl at mwl.io (Michael W. Lucas) Date: Wed, 17 Apr 2024 14:15:29 -0400 Subject: [talk] "Conference AV Streaming Donation" In-Reply-To: References: <20240415133314.e8649a57664926ddccc95457@schemamania.org> Message-ID: On Tue, Apr 16, 2024 at 12:30:26PM -0400, George Rosamond wrote: > Wow. Very generous James! Yes, thank you! This will benefit all BSD cons, not just BSDCan. Wearing my BSDCan con chair hat: the conference's official policy is "Give Patrick whatever the f*** he wants and stay the hell out of his way." ==ml -- Michael W. Lucas https://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Absolute FreeBSD, Butterfly Stomp Waltz, TLS Mastery, etc... ### New books: DNSSEC Mastery, Letters to ed(1), Prohibition Orcs ### From mcevoy.pat at gmail.com Wed Apr 17 14:47:04 2024 From: mcevoy.pat at gmail.com (Pat McEvoy) Date: Wed, 17 Apr 2024 14:47:04 -0400 Subject: [talk] "Conference AV Streaming Donation" In-Reply-To: References: Message-ID: <7B74A7C1-4E4E-49AE-AC7D-B9129AD750A5@gmail.com> > On Apr 17, 2024, at 14:15, Michael W. Lucas wrote: > > ?On Tue, Apr 16, 2024 at 12:30:26PM -0400, George Rosamond wrote: >> Wow. Very generous James! > > Yes, thank you! This will benefit all BSD cons, not just BSDCan. > > Wearing my BSDCan con chair hat: the conference's official policy is > "Give Patrick whatever the f*** he wants and stay the hell out of his > way." > > ==ml > > -- > Michael W. Lucas https://mwl.io/ > author of: Absolute OpenBSD, SSH Mastery, git commit murder, > Absolute FreeBSD, Butterfly Stomp Waltz, TLS Mastery, etc... > ### New books: DNSSEC Mastery, Letters to ed(1), Prohibition Orcs ### > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > https://lists.nycbug.org:8443/mailman/listinfo/talk Thank you very much James! This will be a big help for streaming the conferences. From assaf at eml.cc Tue Apr 23 20:19:55 2024 From: assaf at eml.cc (assaf rutenberg) Date: Tue, 23 Apr 2024 20:19:55 -0400 Subject: [talk] Truenas configuration help Message-ID: <75bf1b49-7036-4c07-8f77-0697a8373297@app.fastmail.com> I have, and am using, a truenas box in my apartment. It is only a file server but I need some help optimizing it. I'm hoping someone on list might know of someone I could hire for a couple of hours to go over the box and make sure it's doing what it should. IXSystems is a huge disappointment from a support standpoint. Any suggestions would be most welcome. As well as some guidance regarding cost of such a consultation. As always, thank you. Assaf -------------- next part -------------- An HTML attachment was scrubbed... URL: From mcevoy.pat at gmail.com Sun Apr 28 11:57:20 2024 From: mcevoy.pat at gmail.com (Pat McEvoy) Date: Sun, 28 Apr 2024 11:57:20 -0400 Subject: [talk] BSDCan U90 rooms Message-ID: <77CDF406-9D54-41DF-AAE0-012A757A1B41@gmail.com> If you plan to attend BSDCan and want a room in U90, please get in touch soon. The org committee has a few to spare. Patrick McEvoy From george at ceetonetechnology.com Mon Apr 29 13:15:45 2024 From: george at ceetonetechnology.com (George Rosamond) Date: Mon, 29 Apr 2024 13:15:45 -0400 Subject: [talk] May 1 NYC*BUG: Demystify ZFS Replication Message-ID: <98ffa4fa-437e-4723-974b-f25ceaec87dc@ceetonetechnology.com> Demystify ZFS Replication With a Safe and Powerful Approach, Daniel J. Bell 2024-05-01 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building (new), 370 Jay St, 7th Floor kitchen area, Brooklyn (directly across Jay St from National Grid office). Closest subway exits in order are Jay St - MetroTech Station (A, C, R, & F Trains) Borough Hall (4 & 5 Trains). Notice: You should RSVP for this meeting at rsvp AT lists.nycbug.org. You should receive an autoresponse email. Your email address is sufficient verification for entry. ZFS is theoretically a powerhouse for data protection and performance, but only if you can dodge its many traps. I'll demonstrate the common ZFS pitfalls and their solutions, along with practical strategies to simplify and scale your backups. I'll also introduce Zelta, a toolkit of management scripts built on Unix fundamentals designed to help you master ZFS with finesse. Daniel J. Bell is the CEO of Bell Tower Integration, an NYC-based IT consultancy with over two decades of experience. A FreeBSD aficionado for over 25 years, he's all about making advanced systems approachable. Catch up or learn more about Zelta at https://zelta.space Offsite Participation: We plan to stream via NYC*BUG Website unless the speaker requests otherwise. Q&A will be via IRC on Libera.chat channel #nycbug - Please preface your questions with '[Q]' From to at lnlsn.dev Tue Apr 30 11:28:14 2024 From: to at lnlsn.dev (Lenilson Jose Dias) Date: Tue, 30 Apr 2024 15:28:14 +0000 Subject: [talk] BSDCan U90 rooms In-Reply-To: <77CDF406-9D54-41DF-AAE0-012A757A1B41@gmail.com> References: <77CDF406-9D54-41DF-AAE0-012A757A1B41@gmail.com> Message-ID: <8tJ6qZE4amBPOLhWeJenebxBNdcnthfC0equvkrHnD4ev-kqagdD00YP-KdFS2DEdMsEHtSbmBpZ4XNvRhjI0G7Kw0pG60L4FoNHNhZztrE=@lnlsn.dev> Hello, Unfortunately, I will not be able to participate this year due to an unforeseen event. Thank you very much and have a good conference. Lenilson On Sunday, April 28th, 2024 at 3:57 PM, Pat McEvoy wrote: > > > If you plan to attend BSDCan and want a room in U90, please get in touch soon. > The org committee has a few to spare. > > Patrick McEvoy > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > https://lists.nycbug.org:8443/mailman/listinfo/talk From george at ceetonetechnology.com Tue Apr 30 20:02:11 2024 From: george at ceetonetechnology.com (George Rosamond) Date: Tue, 30 Apr 2024 20:02:11 -0400 Subject: [talk] BSDCan updates Message-ID: <511734d0-3c46-4d12-9d89-d0ea6311c99c@ceetonetechnology.com> If anyone is interested in getting announces for BSDCan 2024, you should be subscribed to the BSDCan-Announce list. We won't be posting those emails here, as not everyone on this list is necessarily interested. On that note, you should go to BSDCan if you're not already set! You can subscribe here: https://lists.bsdcan.org/mailman/listinfo/bsdcan-announce g