[Discuss] [Position-available] Network Engineer @ Financial Recovery Technologies - Medford, MA

[Matt Shields]

---
To post your own position-available or position-wanted
message, please follow the procedure at:
https://blu.qualitybox.us/wiki/Job_posting_policy
---

Financial Recovery Technologies is looking for a Network Engineer (with
some Linux skills).  If interested, please apply here:
https://app.jobvite.com/j/?cj=o2Rg8fw1 then send me an email (below)

Position: Network Engineer
Job Type: full-time
Location: Medford, MA

Company Description:
Join a fast growing company that is transforming its industry! Financial
Recovery Technologies has become a trusted partner to hedge funds, mutual
funds, custodians, sovereign wealth funds, and other institutional
investment firms, and our best-in-class people and technology have made FRT
a market leader.

Job description:
As a Network Engineer at FRT, you will use your strong understanding of IT
infrastructure, IT security, and IT best practices to ensure FRT’s network
and distributed system infrastructure are robust, reliable, and secure. If
you're a hands-on systems engineer who loves to geek out with various
technologies, we would love to talk to you.

The Role:
As a Network Engineer at FRT, you will:
- Be proactive in maintaining our existing network infrastructure,
identifying potential improvements, and proposing approaches to
implementation;
- Research and implement new hardware or software, picking the best tool
for the job and ensuring FRT is aligned with industry standards;
- Focus on the hardware - load balancers, firewalls, routers, switches;
- Identify any current or future risks in our current infrastructure and
propose efficient and appropriate plans to mitigate those risks;
- Participate in designing/planning and implement FRT internal
infrastructure improvement for three datacenters;
- Collaborate with CISO to implement security best practices utilizing the
latest software and utilities;
- Work with FRT business owners on improvement of processes and procedures.

Our Ideal Candidate Has:
- A firm understanding of IT infrastructure, IT security, and IT best
practices - networking and/or security certification would be a plus!
- 3-5 years’ experience in a 24x7 Technical Operations organization (though
you'll only have light on call duties here)
- Knowledge of multiple platforms - we are primarily Linux based (CentOS)
but we also use VMWare and Windows
- Experience with automation and configuration management (e.g., various
shells, Chef, Salt, CI/CD)
- Familiarity with Juniper EX network hardware and Dell, HP hardware
- Experience with some of our technology tool stack (various Atlassian
tools like JIRA, Splunk, Sensu, Grafana)
- A background with highly-available, distributed applications using
open-source technologies
- Comfort with security principles, solutions, and testing (e.g., NIST,
CIS, firewalls, IDS/IPS)
- A strong sense of accountability and a proactive orientation toward
problem solving;
- An open, active, and outgoing communication style, able to speak to
various stakeholders at appropriate levels of technical detail;
- A curious mind - you want to understand our business, are open to new
technologies, and are committed to continuous improvement;
- Of course, an interest in joining a growing company with a vibrant,
entrepreneurial culture, dedicated to being the top provider in the class
action recovery space.

What Benefits Does FRT Offer
- Health, dental, vision
- 401k (with company match!)
- Income protection plans (life, accidental death and dismemberment, short-
and long-term disability) and access to a suite of voluntary benefit
programs
- Close to public transit (walking distance to Wellington T on Orange Line)
- Free drinks and snacks
- Free parking onsite
- Free access to onsite gym
- Fun and diverse colleagues
- THIS POSITION IS BASED IN OUR MEDFORD, MA HEADQUARTERS. LOCAL CANDIDATES
ONLY, PLEASE.

AGENCIES: WE ARE ONLY WORKING WITH PREVIOUSLY APPROVED AGENCIES ON THIS
REQUISITION, SO IF YOU ARE NOT SUCH A FIRM, PLEASE DO NOT SUBMIT YOUR
CANDIDATES FOR THIS POSITION.

Matt Shields
m...@shields.tv
781-424-3531
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Matt Shields]

By your definition Bill's solution would fail your test of what you need in
a backup solution.  He makes a backup once every couple months, then runs
it offsite.  He has a risk of losing up to 2 months worth of data in his
scenario.  He can't get back changes from Monday or Tuesday.  Not saying
his solution is bad, but it doesn't solve *your* problem.

Again the solution depends on the user's needs, but at least my solution
provides backups up to the minute offsite, then if the cloud server dies I
can go back 24 hours.  My potential risk is 24 hours.  So my solution backs
up to the cloud, which has versions and that cloud server is backed up to
S3.  By your definition my solution *is* a backup. And yes, just to verify
I just went onto my ownCloud instance and can see numerous versions of
documents and photos.  One particular file has 35 versions going back to
Dec 2013.

This will be my last comment, since this seems to be going nowhere.  What's
sad about this back and forth is that a few people already made up their
minds to dismiss my solution because it doesn't fit their needs or
definition. I'm not saying it's the perfect solution for everyone,
especially since my solution has server overhead, but I do know that it's
worked better than any other solution I've tried with no effort on my part
and with excellent results, which is what makes it a usable solution for me.



Matt

On Thu, Sep 24, 2015 at 7:02 PM, Rich Pieri  wrote:

> On 9/24/2015 3:22 PM, Matt Shields wrote:
>
>> ownCloud has version control (
>>
>
> Version control is not backup. If the disk dies then the versioned files
> die with it.
>
> Also since I never delete from my S3 bucket where I have a nightly sync
>> from ownCloud to, the risk of losing everything is low.  I also have up to
>> 24 hours to recover files that might have been written over.
>>
>
> Create a file on Monday. Change and overwrite it on Tuesday. Discover on
> Thursday that you need Monday's version. Sure, you can put the files under
> some kind of version control but if the disk dies then the versioned files
> die with it.
>
>
> --
> Rich P.
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Matt Shields]

ownCloud has version control (
https://doc.owncloud.org/server/8.1/user_manual/files/version_control.html),
although you need to keep an eye on your server drive size.  It will start
to purge older versions if your disks exceed 50%.  But by your definition
this would still be considered a backup.

Also since I never delete from my S3 bucket where I have a nightly sync
from ownCloud to, the risk of losing everything is low.  I also have up to
24 hours to recover files that might have been written over.

Given that I already have enough safeguards for my personal needs, should
the need arise I could easily modify the sync process to do monthly full
backups (tar/gz), then incremental tar/gz for files that are new or
modified. As I mentioned, my solution may not be for everyone since I
already have cloud solutions in place for my business, which makes it
cheaper.  But it's easily scalable to the amount of redundancy I want.


Matt

On Thu, Sep 24, 2015 at 1:55 PM, Edward Ned Harvey (blu) 
wrote:

> > From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> > Behalf Of Jack Coats
> >
> > Syncing is a form of backup IMHO.
>
> The reason why syncing is not a backup, is because if you delete a file,
> and the deletion gets replicated, you cannot recover the deleted file.
>
> Ability to recover deleted files (or old versions of files that have been
> overwritten) is a pretty important characteristic of a backup system.
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Matt Shields]

Who says sync/sharing is not a backup?  Is the goal a backup not to have
two or more copies of your data in different locations?  If the datacenter
happens to fail, your other copy would be the local one, correct?
Swapping backup drives/tapes isn't without it's own problems.  What happens
if the bank building burns down?  Or the drive/tape becomes corrupt?
Computer dies before your bi-monthly/quarterly drive swap?

For me, using a live sync solution provides a better backup solution than
dealing with SneakerNet. My backups are up to the minute and automatic and
redundant (computer -> ownCloud -> S3 in other region). I personally have
no time for dealing with manually backing up our personal computers and
swapping a drive at my banks vault.  My solution works for me because it
solves my problem of having offsite backups (and recovery) and keeps it
simple.  The trick is to find what works for you because if it's burdensome
and complicated you're not going to do it or you're going to forget about
it.  With all these idea/solutions we're playing the odds.  What are the
odds that my cloud instance, S3 and my local computer all die at the same
time?  What are the chances that my computer dies the day before I get a
backup to disk and take it to the bank?  Don't write off sync
technologies/services as not acceptable.  Evaluate what your needs are and
what is acceptable for data loss is and make a choice based on that.  For
some the cost of hosting their own sync server will not be worth it and a
backup drive taken to the bank is "good enough".


Matt

On Thu, Sep 24, 2015 at 10:06 AM, Rich Pieri 
wrote:

> On 9/24/2015 6:36 AM, Matt Shields wrote:
>
>> Check out ownCloud.  It let's you run your own cloud based backup
>> service.
>>
>
> ownCloud is sync/sharing, not backup.
>
> On 9/24/2015 7:02 AM, Edward Ned Harvey (blu) wrote:
> > Oh god, no. If you're thinking about ownCloud, try Synctuary instead.
>
> So are Synctuary, SyncThing, SparkleShare, etc.
>
> Bill Cattey's answer is the correct one.
>
> What happens when your sync storage disk fails? You lose everything. So
> you get a RAID setup. What happens when the RAID controller goes stupid and
> scribbles garbage all over the disk? You lose everything. So you go to a
> big, safe cloud provider. What happens when the data center's power grids
> get hit by lightning four times in rapid succession? Maybe you lose
> everything.
>
> If it isn't on media that can be physically detached and stored securely
> (fire box, safe deposit box, etc.) then it isn't a backup. At best it is
> the first step in creating backups; at worst it is permanent data loss
> begging to happen.
>
> --
> Rich P.
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Matt Shields]

Depending what the person's use case is, sometimes "good enough" is "good
enough".  I can deal with my wife or one of my kids mistakenly naming
something with a bad character, because I only care that they can re-open
it on their computer, not on mine.  If they can save the file on a mac, and
re-sync back to a mac, then we're good.  Same goes for Windows to Windows
or Linux to Linux.  We rarely share files with each other and across
platforms.  It's mainly to keep a copy of what's on our computers offsite.
The cost is also almost zero for me since I maintain my own servers for
business.  So I allocate a small VM in my business.

As far as the interrupted sync. So far it hasn't happened, and for a
personal backup solution, I can deal with this and call it "good enough".
If we had a disaster with one or all our computers and I managed to recover
99% of my files from my ownCloud setup, I'd be more than happy because of
how little I've spent on the setup.

Again, if this were a business solution, I would pay for something that's
been proven and I know it's 100% solid.  My work computer has both
BackBlaze and I use DropBox Business.


Matt

On Thu, Sep 24, 2015 at 7:39 AM, Edward Ned Harvey (blu) 
wrote:

> > From: Matt Shields [mailto:m...@mattshields.org]
> >
> > So far have not had a single issue.
>
> I repeat the question: What happens if you interrupt the client or network
> in the middle of a file transfer? What happens if you create a file with a
> disallowed character in its name?
>
> Be sure to md5sum or something, before and after transfer, to ensure
> you'll notice if anything unexpected occurs.
>
> Be sure to look at the filesystem of the platforms where the disallowed
> character is disallowed. To see what appears there, if anything.
>
>
> > My main reason for not using something like Synctuary, Dropbox, etc is
> > this: https://www.conceptblossom.com/pricing  I would rather write a
> > custom rsync (or something else for Win) script to automatically sync my
> > personal files rather than pay for something.
>
> Synctuary is free for up to 3 users. Although the OP specifically asked
> about linux, and I admit the linux Synctuary client isn't as good as it
> should be. Ubuntu only, and sometimes crashes.
>
> But never causes data loss, which is more than I can say for the
> competition.
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Matt Shields]

So far have not had a single issue.  I have a private cloud in AWS that
myself and my family sync to using multiple platforms (Mac, Win & Linux).
That instance is backed up to S3.  Performance is great, computers never
have an issue, performance is great. And ownCloud offers a version that's
100% free with no limits.

My main reason for not using something like Synctuary, Dropbox, etc is
this: https://www.conceptblossom.com/pricing  I would rather write a custom
rsync (or something else for Win) script to automatically sync my personal
files rather than pay for something.  The only exception to this would be
if it were for work, then I would suggest paying for a service.


Matt

On Thu, Sep 24, 2015 at 7:02 AM, Edward Ned Harvey (blu) 
wrote:

> > From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
> > Behalf Of Matt Shields
> >
> > Check out ownCloud.  It let's you run your own cloud based backup
> service.
>
> Oh god, no. If you're thinking about ownCloud, try Synctuary instead.
>
> I probably can't make a statement about ownCloud without getting sued (I
> work for Concept Blossom and am a developer who works on Synctuary), so
> I'll just ask you to ask yourself these questions:
>
> What happens if you're in the middle of a file transfer, and the wifi
> drops, or the ethernet cable is removed, or you roam from one wifi to
> another, or close the lid of your computer?
>
> What happens if you create a file with a character in its name, that's not
> allowed on some other platform? The two most common ways this happens are:
> Someone on the mac creates a file with a ":" colon character in its name,
> which is not allowed on windows. Or someone on windows creates a file with
> a unicode 8211, the emphasized hyphen character, which is not allowed on
> linux.
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cloud-backup solutions for Linux?

[Matt Shields]

Check out ownCloud.  It let's you run your own cloud based backup service.

Matt

On Wed, Sep 23, 2015 at 5:21 PM, Rich Braun  wrote:

> What do you use for offsite backup?
>
> Here's why I ask: For a few years I've been using CrashPlan as my primary
> backup, and rsnapshot as a secondary.
>
> About once a year, it seems, CrashPlan does something troubling and it's
> always felt like Linux takes a back-seat to their Windows and Mac platform.
>
> My CrashPlan setup failed again 48 hours ago, with a difficult-to-resolve
> auto-update that messed up its omnibus-installed Java JRE.  Upon a fresh
> reinstallation the UI fails to start and I get peer-auth problems in logs.
>
> Enough's enough but I haven't found an alternative to spending a couple
> days
> of debugging busted CrashPlan, er, crap whenever this happens.
>
> BackBlaze still won't do Linux. CrashPlan has clearly invested the most
> effort
> into defining a useful system, but I'm ready to consider one of the others
> if
> any of y'all have had positive experiences elsewhere.
>
> -rich
>
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] pfSense and Amazon AWS expert needed

[Matt Shields]

Anyone on the list an expert with pfSense and Amazon AWS?  I'm trying to
setup an IPSec VPN on pfSense in AWS for one of my clients to connect to
and have some questions.  I have the tunnel up, but I seem to be having
issues getting traffic to route to or from the client's network and they
have everything configured correctly on their side.  I believe it's a
routing or security group issue on my side.  Would be great if we could
meet up and I show you what I'm trying to do.  Willing to pay for your time.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] OpenSWAN VPN

[Matt Shields]

Routing table looks good, on both sides I can see the other's routes in my
routing table and it shows the correct next hop.

I'd much prefer OpenVPN, that's what we normally use for both employees and
clients.  I even have it linked to Active Directory, plus custom rules when
they log in.  But this client doesn't want to setup a host for OpenVPN on
their side, they *only* use ipsec VPN's.

Matt

On Fri, Jul 10, 2015 at 6:58 PM, Matthew Gillen  wrote:

> Not familiar with OpenSWAN, but in OpenVPN sometimes you have to push
> routes to the clients to force traffic through.
>
> Does your routing table look right?
>
> On 7/9/2015 10:44 AM, Matt Shields wrote:
> > Does anyone have a working OpenSWAN config or can you see what the issue
> > might be below?  Current test environment is two Amazon VPC's with a VPN
> > server NAT'd behind firewall, UDP ports 500 & 4500 are being forwarded.
> > I'm using the config below and it "seems" to connect, but can't ping/ssh
> to
> > anything on either side.
> >
> > DC1:
> >  - External IP x.x.x.x
> >  - Internal Subnet 10.10.0.0/16
> >
> > DC2:
> >  - External IP y.y.y.y
> >  - Internal Subnet 192.168.0.0/24
> >
> > #this config resides on DC1 vpn server
> > config setup
> > # Debug-logging controls:  "none" for (almost) none, "all" for
> lots.
> > # klipsdebug=none
> > # plutodebug="control parsing"
> > # For Red Hat Enterprise Linux and Fedora, leave
> protostack=netkey
> > #   interfaces=%defaultroute
> > klipsdebug=none
> > #   nhelpers=0
> > plutodebug=none
> > plutostderrlog=/var/log/pluto.log
> > protostack=netkey
> > nat_traversal=yes
> > virtual_private=%v4:10.10.0.0/16,%v4:!192.168.0.0/24
> > oe=off
> > # Enable this if you see "failed to find any available worker"
> > # nhelpers=0
> > #   forceencaps=yes
> > conn dc1-to-dc2
> > auto=start
> > type=tunnel
> >
> > left=10.10.10.43
> > leftsourceip=x.x.x.x
> > leftsubnet=10.10.0.0/16
> > leftid=x.x.x.x
> >
> > right=y.y.y.y
> > rightsubnet=192.168.0.0/24
> > rightid=y.y.y.y
> >
> > #phase 1 encryption-integrity-DiffieHellman
> > keyexchange=ike
> > ike=3des-md5-modp1024,aes256-sha1-modp1024
> > ikelifetime=86400s
> > authby=secret #use presharedkey
> > rekey=yes  #should we rekey when key lifetime is about to expire
> >
> > #phase 2 encryption-pfsgroup
> > phase2=esp #esp for encryption | ah for authentication only
> > phase2alg=3des-md5;modp1024
> > pfs=no
> > forceencaps=yes
> >
> > #this config resides on DC2 vpn server
> > config setup
> > # Debug-logging controls:  "none" for (almost) none, "all" for
> lots.
> > # klipsdebug=none
> > # plutodebug="control parsing"
> > # For Red Hat Enterprise Linux and Fedora, leave
> protostack=netkey
> > #   interfaces=%defaultroute
> > klipsdebug=none
> > #   nhelpers=0
> > plutodebug=none
> > plutostderrlog=/var/log/pluto.log
> > protostack=netkey
> > nat_traversal=yes
> > virtual_private=%v4:192.168.0.0/24,%v4:!10.10.0.0/16
> > oe=off
> > # Enable this if you see "failed to find any available worker"
> > # nhelpers=0
> > #   forceencaps=yes
> > conn dc2-to-dc1
> > auto=start
> > type=tunnel
> >
> > left=192.168.0.22
> > leftsourceip=y.y.y.y
> > leftsubnet=192.168.0.0/24
> > leftid=y.y.y.y
> >
> > right=x.x.x.x
> > rightsubnet=10.10.0.0/16
> > rightid=x.x.x.x
> >
> > #phase 1 encryption-integrity-DiffieHellman
> > keyexchange=ike
> > ike=3des-md5-modp1024,aes256-sha1-modp1024
> > ikelifetime=86400s
> > authby=secret #use presharedkey
> > rekey=yes  #should we rekey when key lifetime is about to expire
> >
> > #phase 2 encryption-pfsgroup
> > phase2=esp #esp for encryption | ah for authentication only
> > phase2alg=3des-md5;modp1024
> > pfs=no
> > forceencaps=yes
> >
> > Matt
> > ___
> > Discuss mailing list
> > Discuss@blu.org
> > http://lists.blu.org/mailman/listinfo/discuss
> >
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] VPS suggestions

[Matt Shields]

Check out Linode.com

Matt

On Fri, Jul 10, 2015 at 9:54 AM, Eric Chadbourne  wrote:

> Hi All,
>
> Any VPS suggestions?  For the last year I’ve been using Digital Ocean.
> The price is right and the servers are fast.  Unfortunately it appears
> apt-get can’t update the kernel.  You have to use their web based gui.
> This isn’t acceptable to me.
>
> Anybody have any suggestions?  Are you happy with your VPS?  I also prefer
> hosts that use standard tools like ssh.  I don’t want to have to install
> stuff like gcloud compute just to login.  I don’t want strangely built
> versions of PHP that don’t work properly with PostgreSQL like Dreamhost
> has. I just want a “regular” gnu-linux or bsd box where I am root and
> things work as a normal human would expect.
>
> Thanks,
>
> Eric Chadbourne
> Nonprofit-CRM.org
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] OpenSWAN VPN

[Matt Shields]

Does anyone have a working OpenSWAN config or can you see what the issue
might be below?  Current test environment is two Amazon VPC's with a VPN
server NAT'd behind firewall, UDP ports 500 & 4500 are being forwarded.
I'm using the config below and it "seems" to connect, but can't ping/ssh to
anything on either side.

DC1:
 - External IP x.x.x.x
 - Internal Subnet 10.10.0.0/16

DC2:
 - External IP y.y.y.y
 - Internal Subnet 192.168.0.0/24

#this config resides on DC1 vpn server
config setup
# Debug-logging controls:  "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
#   interfaces=%defaultroute
klipsdebug=none
#   nhelpers=0
plutodebug=none
plutostderrlog=/var/log/pluto.log
protostack=netkey
nat_traversal=yes
virtual_private=%v4:10.10.0.0/16,%v4:!192.168.0.0/24
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
#   forceencaps=yes
conn dc1-to-dc2
auto=start
type=tunnel

left=10.10.10.43
leftsourceip=x.x.x.x
leftsubnet=10.10.0.0/16
leftid=x.x.x.x

right=y.y.y.y
rightsubnet=192.168.0.0/24
rightid=y.y.y.y

#phase 1 encryption-integrity-DiffieHellman
keyexchange=ike
ike=3des-md5-modp1024,aes256-sha1-modp1024
ikelifetime=86400s
authby=secret #use presharedkey
rekey=yes  #should we rekey when key lifetime is about to expire

#phase 2 encryption-pfsgroup
phase2=esp #esp for encryption | ah for authentication only
phase2alg=3des-md5;modp1024
pfs=no
forceencaps=yes

#this config resides on DC2 vpn server
config setup
# Debug-logging controls:  "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
#   interfaces=%defaultroute
klipsdebug=none
#   nhelpers=0
plutodebug=none
plutostderrlog=/var/log/pluto.log
protostack=netkey
nat_traversal=yes
virtual_private=%v4:192.168.0.0/24,%v4:!10.10.0.0/16
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
#   forceencaps=yes
conn dc2-to-dc1
auto=start
type=tunnel

left=192.168.0.22
leftsourceip=y.y.y.y
leftsubnet=192.168.0.0/24
leftid=y.y.y.y

right=x.x.x.x
rightsubnet=10.10.0.0/16
rightid=x.x.x.x

#phase 1 encryption-integrity-DiffieHellman
keyexchange=ike
ike=3des-md5-modp1024,aes256-sha1-modp1024
ikelifetime=86400s
authby=secret #use presharedkey
rekey=yes  #should we rekey when key lifetime is about to expire

#phase 2 encryption-pfsgroup
phase2=esp #esp for encryption | ah for authentication only
phase2alg=3des-md5;modp1024
pfs=no
forceencaps=yes

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Juniper VPN's

[Matt Shields]

I ended up telling them to open a ticket with Juniper and they were able to
get their web based vpn portal to work with OS X.  I guess it was an issue
where the web portal wasn't telling OS X browsers to launch java properly.

Matt

On Thu, Jun 11, 2015 at 4:35 PM, Tom Metro  wrote:

> Matt Shields wrote:
> > Anyone using the Juniper SA series VPN's?
>
> We're working with a client that uses a Juniper VPN. (We hate
> proprietary VPNs. What's worse is they have it configured to prevent
> split networking.)
>
> We've found that there are per-user settings on the server side that
> controls what sort of client you are fed (Java) or what sort of
> connection it expects. With OS X you have a choice between the older
> Network Connect client and the newer Junos Pulse, which you mentioned.
> I'm pretty sure you can't arbitrarily switch between these on the client
> side. The server settings have to be switched to match.
>
> Similarly, we're using OpenConnect as the client on Linux machines, and
> before that would work our accounts needed to be switch to "Linux mode"
> as the Windows admin called it.
>
> According to what I've read, OpenConnect will run on OS X, and gives you
> a lot greater control over the connection (like the ability to force
> split networking). However, to get Juniper functionality working you
> really need to build the bleeding edge version of OpenConnect, and even
> then might still need to apply a patch posted to the OpenConnect mailing
> list. (We've been involved in a few threads on the list. I can send you
> a link to the patch if you need it.)
>
> The funny thing about these proprietary VPNs is that they give the
> perception of being easier to use for the non-techie Windows users, yet
> then tend to be significantly time consuming to work with for power
> users. Open source has taken over most fields. Why are VPNs still a
> holdout? Is there not a super easy OpenVPN client for Windows yet? I
> know there is commercial support for OpenVPN.
>
>  -Tom
>
> --
> Tom Metro
> The Perl Shop, Newton, MA, USA
> "Predictable On-demand Perl Consulting."
> http://www.theperlshop.com/
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Juniper VPN's

[Matt Shields]

It's a paid contact, but I'm working on their Linux servers, not their
network.  Their answer is "everyone just goes to the web portal to log
in".  I don't think they have any Mac or Linux users, only Win, so that
works for them.

If I do need to purchase anything it will be billed back to them,
unfortunately I don't believe you can just purchase the Java Secure
Application Manager without having purchased one of their VPN appliances.
And this company doesn't know enough to open a ticket with Juniper to get
the software or log in to download it.

Matt

On Thu, Jun 11, 2015 at 8:44 AM, Edward Ned Harvey (blu) 
wrote:

> > From: Discuss [mailto:discuss-bounces+blu=nedharvey....@blu.org] On
> > Behalf Of Matt Shields
> >
> > All the download links I've found are behind Juniper's locked down
> > download site.
>
> If they're paying you, or anyone else doing work over that thing, they
> should pay Juniper for a support contract.
>
> Even if there weren't incompatibility problems (as there obviously are)
> there continue to be security flaws that require patching. But I assume
> you've already told them that, and you must be volunteering your time?  ;-)
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Juniper VPN's

[Matt Shields]

Anyone using the Juniper SA series VPN's?  I'm doing work as a contractor
and their web based VPN is not working for me (Mac laptop).  I also tried
their Junos Pulse software and it's not working either.  I read online
somewhere on the Mac to try the Java Secure Application Manager (Juniper's
java based SSL VPN client).  Anyone happen to have a copy of this java
app?  All the download links I've found are behind Juniper's locked down
download site.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] xapo, what do you think?

[Matt Shields]

Check out Circle.com.  It was started by Jeremy Allaire (of
Allaire/Macromedia fame) and backed by a number of well known VC's

Matt

On Tue, Jun 2, 2015 at 11:13 AM, Eric Chadbourne  wrote:

>
> > On Jun 2, 2015, at 11:02 AM, Dan Ritter  wrote:
> >
> > On Tue, Jun 02, 2015 at 09:55:12AM -0400, Eric Chadbourne wrote:
> >> Hi All,
> >>
> >> I stumbled across an interesting looking bitcoin site https://xapo.com/
> >>
> >> Right now I’m playing around with Electrum but the extra services
> provided by xapo looks compelling.  Anybody ever use it or hear anything
> about them?
> >>
> >
> > I have come up with a list of the methods that have actually
> > been used to make money with Bitcoins.
> >
> > 1. Join five+ years ago, mine BTC.
> > 2. Run a BTC exchange. Charge a high spread.
> > 3. Run a BTC exchange. Abscond with the money.
> > 4. Invade a BTC exchange and steal from it.
> > 5. Steal BTC wallets.
> >
> > Anything else?
> >
> > -dsr-
>
>
> Oh I’m not trying to make money, I’m trying to easily transfer.  Kind of
> use it like PayPal.  I wouldn’t use it as a bank, as Rich made a valid
> point.
>
> FWIW, Xapo at the moment, from what I can tell, might be legit.  Just
> curious if anybody has interacted with them.
>
> Thanks,
>
> Eric
>
>
>
>
>
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Cross platform Anti-Virus/Anti-Malware

[Matt Shields]

I'm fishing for what others are using for anti-virus/anti-malware on their
Windows and Linux servers.  Both commercial and open-source is an option.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Virtualized guests of OS X?

[Matt Shields]

I believe you can use Parallels Desktop and VirtualBox as well.

Matt

On Thu, Apr 9, 2015 at 9:04 AM, Anthony Gabrielson  wrote:

> Hi Eric,
> Yes, I use vmware fusion and it just works. You just need to download the
> installer for the version of OS X you want.
>
> Anthony
>
> - Original Message -
>
> From: "Eric Chadbourne" 
> To: "BLU" 
> Sent: Thursday, April 9, 2015 9:01:00 AM
> Subject: [Discuss] Virtualized guests of OS X?
>
> Hi All,
>
> Is it possible to make OS X guests on an OS X host? I thought somebody
> mentioned an easy way to do this in a previous thread. I want to test some
> stuff and not bork my host.
>
> Thanks,
>
> Eric
>
>
>
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] External network scanning service

[Matt Shields]

Thanks Tom & Dan, I'll check them out.  At a previous company our security
officer used the self-hosted Nessus.

Matt

On Sat, Mar 28, 2015 at 7:30 AM, Dan Ritter  wrote:

> On Fri, Mar 27, 2015 at 04:28:35PM -0400, Tom Metro wrote:
> > Matt Shields wrote:
> > > I'm
> > > looking for a SAAS that I can add my subnets and they will scan them
> daily
> > > and check for open ports and known vulnerabilities, etc and send us a
> > > report.
> >
> > I asked a similar question back in June:
> >
> > http://www.mail-archive.com/discuss%40blu.org/msg09068.html
> >
> > Although my expectation was that a SaaS solution wouldn't do the job as
> > some exploits need to be performed on the same network segment, although
> > so few potential attackers would have that access, a SaaS approach is
> > probably good enough.
> >
> > The answer I got back was, "Isn't that what Metasploit is for?"
> >
> > So why the lack of SaaS offerings? Is it due to technical reasons or
> > because of fear of liability? (A search did turn up
> > https://www.qualys.com/; I can't find pricing on their site.)
> >
> > It sure seems like there ought to be a market for this.
>
> Veracode offers this, calling it automated web application
> perimeter testing. They want about $2K/year, for which you get
> more or less unlimited usage.
>
> Tenable offers Nessus Cloud, which is the Nessus scanner, plus
> their secret sauce, as a web service. That's also around
> $2K/year.
>
> Nessus was forked before Tenable closed it, and the resulting
> project is called OpenVAS. I don't know how many groups will run
> it against you for some amount of money.
>
> In general, the term you want to google for is "vulnerability
> assessment".
>
> -dsr-
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] External network scanning service

[Matt Shields]

I've used a number of open source tools such as nmap, Nessus, Saint.  I'm
looking for a SAAS that I can add my subnets and they will scan them daily
and check for open ports and known vulnerabilities, etc and send us a
report.

They don't necessarily need to be full pen testing, but it would be nice if
as they were scanning they could detect things that are being exposed.  For
example, years ago before I knew to turn off Apache httpd's mod_info/server
info, I remember being able to use open source tools to figure out what
version of Apache, PHP, and the operating system.  The report should have
the ability to mark things as known/acceptable, and the report be sent if
something changes.

Also, would be helpful if they offered some type of certification to show
our clients.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] bitnami stacks are awful

[Matt Shields]

I found that out the hard way when one of my clients was using the Bitnami
Drupal AMI and was complaining how slow his website was for getting barely
any traffic..  It was using ApacheFriends XAMPP as the backend web/db
server.  The problem was the way the AMI was deployed it used all the stock
configs which are meant for desktop development environment, not for
production loads.

Matt

On Thu, Mar 5, 2015 at 3:35 PM, Greg Rundlett (freephile) <
g...@freephile.com> wrote:

> If you want to launch an Amazon Cloud instance with an application + LAMP
> stack, don't try to "make things easier" by starting off with a Bitnami
> AMI.  You'll only shoot yourself in the foot, and end up starting over.
>
> I'm against vendor lock-in, and their AMI doesn't come with an "uninstall"
> option; changes the location of and functioning of the principle services
> (the A, the M and the P plus if you consider the MOTD, the L too) and
> requires you to rely on their documentation in order to do anything instead
> of just setting things up the 'normal' way.  It's the antithesis of open
> source IMHO.
>
> Greg Rundlett
> http://eQuality-Tech.com
> http://freephile.org
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] os x = poop?

[Matt Shields]

Also, I should add that back in the 2009-10 timeframe, besides the MSOffice
issues.  The other major issues I had were hardware related.  I spent a
good deal of time dealing with wifi or printer trying to figure out how to
get them to work, or why they stopped working for unknown reasons.  I'm
sure it's gotten a lot better for Linux on the desktop, but I've never had
the same issues with Mac.

Matt

On Thu, Feb 12, 2015 at 8:56 AM, Matt Shields  wrote:

> Going back as far as '95 I've been using Linux and ever since then I've
> tried over and over to use Linux on the desktop.  Each time I'd have
> limited success, usually the main reason for going back to Windows on the
> desktop is because of some corporate software needs (most often Office,
> Outlook, Project, Visio).  My closest time of using Linux on the desktop
> was around 2009-10 when I used Evolution for mail/calendaring, and had a
> second laptop using Synergy2 for Project/Visio.  But Evolution still
> sucked, a lot.  So in 2010 I had the opportunity to get a Mac at work.  And
> as much as I had previously hated Apple because I thought they were over
> priced, it was the perfect mid-ground between needing a *nix on my desktop
> since I write a lot of bash & python and getting an X terminal when I need
> one, plus being able to use the dreaded MSOffice products for places I
> worked.  my only wish was that I had switched earlier. So, I've come to
> love OSX. But, I'll still always run Linux in the server environment.
>
>
> Matt
>
> On Wed, Feb 11, 2015 at 8:22 PM, Eric Chadbourne <
> eric.chadbou...@icloud.com> wrote:
>
>> I’ve been using a mac mini for the last few months and I must say the
>> hardware is nice but the software is pretty bad.  Push notifications in
>> Safari (yuck), iCloud hiccuped when I moved from gmail to protonmail,
>> iCloud can’t backup by directory by default, the default email client is
>> very slow, their Xcode IDE is merely adequate, their server products blow,
>> you really can’t change the look significantly, by default it can’t read
>> many other file system formats, case insensitive terminal, iTunes can’t
>> read free codecs, etc.  I am very unimpressed with the software.  With so
>> much cash behind them one would think they could write good code but no.
>> It really sucks.  My Ubuntu boxes are so much more stable and have more
>> features.
>>
>> Anybody here like OS X?  Why?  I’m not trolling.  I’m curious.  Why would
>> somebody want to use this terrible piece of proprietary poop?
>>
>> Eric C - the one who is googling how to install Ubuntu on a new mac mini.
>>
>> ___
>> Discuss mailing list
>> Discuss@blu.org
>> http://lists.blu.org/mailman/listinfo/discuss
>>
>
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] os x = poop?

[Matt Shields]

Going back as far as '95 I've been using Linux and ever since then I've
tried over and over to use Linux on the desktop.  Each time I'd have
limited success, usually the main reason for going back to Windows on the
desktop is because of some corporate software needs (most often Office,
Outlook, Project, Visio).  My closest time of using Linux on the desktop
was around 2009-10 when I used Evolution for mail/calendaring, and had a
second laptop using Synergy2 for Project/Visio.  But Evolution still
sucked, a lot.  So in 2010 I had the opportunity to get a Mac at work.  And
as much as I had previously hated Apple because I thought they were over
priced, it was the perfect mid-ground between needing a *nix on my desktop
since I write a lot of bash & python and getting an X terminal when I need
one, plus being able to use the dreaded MSOffice products for places I
worked.  my only wish was that I had switched earlier. So, I've come to
love OSX. But, I'll still always run Linux in the server environment.


Matt

On Wed, Feb 11, 2015 at 8:22 PM, Eric Chadbourne  wrote:

> I’ve been using a mac mini for the last few months and I must say the
> hardware is nice but the software is pretty bad.  Push notifications in
> Safari (yuck), iCloud hiccuped when I moved from gmail to protonmail,
> iCloud can’t backup by directory by default, the default email client is
> very slow, their Xcode IDE is merely adequate, their server products blow,
> you really can’t change the look significantly, by default it can’t read
> many other file system formats, case insensitive terminal, iTunes can’t
> read free codecs, etc.  I am very unimpressed with the software.  With so
> much cash behind them one would think they could write good code but no.
> It really sucks.  My Ubuntu boxes are so much more stable and have more
> features.
>
> Anybody here like OS X?  Why?  I’m not trolling.  I’m curious.  Why would
> somebody want to use this terrible piece of proprietary poop?
>
> Eric C - the one who is googling how to install Ubuntu on a new mac mini.
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] OS X server question

[Matt Shields]

Ditto.  I installed it on my mac mini out of curiosity.  I haven't used it
in production, probably wouldn't use it in the datacenter since I'm a
die-hard linux on the server guy, but I would consider if it were an all
Mac office.  It seems to do a nice job of tying services that are Apple
specific and what Apple users would find useful, file/printer sharing, Time
Machine backups, directory, dhcp, contacts/calendar/mail service, etc.

Matt

On Sun, Feb 1, 2015 at 6:52 PM, Richard Pieri 
wrote:

> On 2/1/2015 4:17 PM, Bill Horne wrote:
>
>> Please. I'm begging you. Run while you still can. OS X Server will suck
>> your brain dry and leave only dust.
>>
>
> It's not that bad.
>
> *snicker*
>
> Yes it is. The only reason to even consider OS X Server is if you need to
> virtualize OS X on non-Apple hardware.
>
> --
> Rich P.
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Python module for Windows services that runs on Linux

[Matt Shields]

So far this looks the most promising.  For those interested, here's the
test script I wrote and it let's me display the status of all services.

import sys
import os
sys.path.append(os.path.abspath("/usr/bin"))  #path where impacket example
scripts installed
import services #import the /usr/bin/services.py script

username="Administrator"
password="testpass"
address="app001"

class options():
pass
options = options()
options.action="list"
options.hashes=None

services = services.SVCCTL(username, password, domain, options)
try:
services.run(address)
except Exception, e:
print e

Matt

On Mon, Dec 1, 2014 at 5:42 PM, Mike Small  wrote:

> Matt Shields  writes:
>
> > Anyone know of a python module that will let me query/start/stop a
> Windows
> > service?  The module needs to be able work on a Linux system.  I've
> looked
> > around but it seems all the modules I find require the python app to run
> on
> > a Windows machine.
>
> Never had to do it, but impacket looks promising:
>
>
> https://code.google.com/p/impacket/source/browse/tags/impacket_0_9_12/examples/services.py
>
> Seems the others use the client side SCM and WIN32 API to it rather than
> using the
> wire protocol (http://msdn.microsoft.com/en-us/library/cc245832.aspx)
> manually like this guy does.
>
> --
> Mike Small
> sma...@panix.com
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Python module for Windows services that runs on Linux

[Matt Shields]

I'm sure SaltStack is great for config management and remove control, but
we have a custom internal dashboard where they would like to see the status
of each of the servers Windows service and be abel to start/stop them from
this dashboard.  It's a Flask/python app which runs on a linux box.

Matt

On Tue, Dec 2, 2014 at 10:57 AM, John Hall  wrote:

>
> Have you considered using SaltStack?
> http://docs.saltstack.com/en/latest/topics/index.html#
>
> On Tue, Dec 2, 2014 at 8:01 AM, Matt Shields  wrote:
>
>> Yes, run the python app on Linux but connect to a Windows server and
>> query/start/stop a service.
>>
>> Matt
>>
>> On Mon, Dec 1, 2014 at 5:24 PM, Edward Ned Harvey (blu) <
>> b...@nedharvey.com>
>> wrote:
>>
>> > > From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
>> > > bounces+blu=nedharvey@blu.org] On Behalf Of Matt Shields
>> > >
>> > > Anyone know of a python module that will let me query/start/stop a
>> > > Windows
>> > > service?  The module needs to be able work on a Linux system.  I've
>> > looked
>> > > around but it seems all the modules I find require the python app to
>> run
>> > on
>> > > a Windows machine.
>> >
>> > You mean you want to run something on linux, which will somehow reach
>> out
>> > to a windows machine and start/stop windows services remotely, right?
>> >
>> > You're looking for a linux equivalent of these?
>> > sc \\machine stop 
>> > or
>> > psexec \\machine net stop 
>> > etc
>> >
>> ___
>> Discuss mailing list
>> Discuss@blu.org
>> http://lists.blu.org/mailman/listinfo/discuss
>>
>
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Python module for Windows services that runs on Linux

[Matt Shields]

Yes, run the python app on Linux but connect to a Windows server and
query/start/stop a service.

Matt

On Mon, Dec 1, 2014 at 5:24 PM, Edward Ned Harvey (blu) 
wrote:

> > From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> > bounces+blu=nedharvey@blu.org] On Behalf Of Matt Shields
> >
> > Anyone know of a python module that will let me query/start/stop a
> > Windows
> > service?  The module needs to be able work on a Linux system.  I've
> looked
> > around but it seems all the modules I find require the python app to run
> on
> > a Windows machine.
>
> You mean you want to run something on linux, which will somehow reach out
> to a windows machine and start/stop windows services remotely, right?
>
> You're looking for a linux equivalent of these?
> sc \\machine stop 
> or
> psexec \\machine net stop 
> etc
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Python module for Windows services that runs on Linux

[Matt Shields]

Anyone know of a python module that will let me query/start/stop a Windows
service?  The module needs to be able work on a Linux system.  I've looked
around but it seems all the modules I find require the python app to run on
a Windows machine.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Nagios config

[Matt Shields]

If you're going to use Nagios, use Icinga instead.  Same modules, same
configs, better interface.  One example is say you are trying to
acknowledge a number of services that are down.  In Nagios you need to
acknowledge them one by one.  In Icinga, you can select them all, then do a
mass acknowledgement of all of them.

Matt

On Mon, Nov 3, 2014 at 11:59 AM, John Malloy  wrote:

> We are setting up Nagios for the first time in our shop.
>
> Does anyone have suggestions on build,  initial configs and autodiscovery,
> etc?
>
> Thanks!
>
>
> John Malloy
> jomal...@gmail.com
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Monitoring your AWS instances

[Matt Shields]

Did you get an email telling you about reboots begin scheduled?  I know I
have a number of systems being rebooted today around 2pm.  If you log into
the console, and go to EC2 then click on Events on the left side it will
show you any ones that are scheduled in the future.  If you change one of
the drop down options it will show you closed events.

Matt

On Sun, Sep 28, 2014 at 9:56 AM, Edward Ned Harvey (blu) 
wrote:

> I would really like to hear from anybody else who has AWS machines, and
> alerting/monitoring of those systems (by a system other than Amazon's own
> monitoring system).
>
> The number of alerts I'm receiving about systems being unreachable and
> then becoming reachable again is ... Crazy to say the least.  Several dozen
> last night alone, several dozen in the prior week, several dozen again each
> weekend for the last several weeks.  It's horrible.
>
> All systems being monitored, as well as the system doing the monitoring,
> are in US VA East.
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Home security & automation

[Matt Shields]

Lots of good points from everyone.  I work from home, and am very careful
on who I let it in.  I take self-defense training (Krav-Maga) and we go
over most common scenarios (at home and away).  So I know all the
statistics about it usually being via someone you know or through someone
you know (ie. posting about going on vacation on Facebook and your friend
comments, which let's all their friends see).  I also have other various
lines of home defense.  This is more an exercise in I want to build
something rather than buy something.

This started with me waiting for FedEx to show up with my delivery of the
iPhone 6. The problem is if I'm working with headphones on in my office I
can't hear the doorbell or a knock on the door, so I setup wireless
pan/tilt/zoom camera in the front window and had it on one of my NOC
displays in my office all day.  It just got me thinking I can buy a
multi-camera and dvr setup from BJ's for a few hundred bucks.  Maybe I can
put a bunch of things together using a common interface.  It's quite
possible that all the DIY components are hacky and not worth my time, but
figured I'd do some research to see what's out there.  At the very least
I'll be doing a multi-camera setup on my own.

Matt

On Mon, Sep 22, 2014 at 12:37 AM, Bill Horne  wrote:

> On 9/21/2014 5:31 PM, Matt Shields wrote: On Sat, Sep 20, 2014 at 10:21
> AM, Richard Pieri  wrote:
>
>> On 9/19/2014 4:37 PM, Matt Shields wrote:
>>>
>>>> I'd rather not go with a provider based system (like Comcast, ADT,
>>>> Vivint, etc) since I want to control everything and not have to rely
>>>> on a company for service or pay a monthly fee.
>>>>
>>> [...]
>>>
>>>> Any suggestions?
>>>>
>>> Pay a professional to help you plan the system, install and configure it
>>> correctly. It'll be worth it in the long run.
>>>
>>>  Part of wanting to do it myself is because I would learn about all the
>> different components and be able to troubleshoot and fix them if
>> necessary.
>>
>>
> I think what Rich recommends is good advice: a professional will be able
> to tell you, gently, that most thefts are done by people you know, and that
> most of your planning will be concerned with ways to prevent that.
>
> Here are a few items to consider:
>
> */Theft prevention:/*
>
> 1. It's important to understand that most "snatch and grab" thefts
>can't be prevented. Police response times allow junkies to force
>entry, heist your TV and iPad and iPhone, and get out of reach
>before the police arrive. That's what insurance is for.
> 2. Every "home monitoring" system that's sold to civilians can be
>disabled in seconds with a pair of wire cutters. Anyone who has
>spent time in prison knows this trick: even amateurs will take the
>phone off the hook and dial a nonsensical number, to disable
>old-school burglar alarms which are tied to the phone line. Banks,
>gun shops, and other target risks all have radio backup systems
>which are secured behind effective barriers. So, if you are trying
>to protect high-value items, think of WiMax or Satellite Internet
>service as a minimum first step.
> 3. If you have jewelry, antiques, firearms, or other high-value items,
>you'll probably need a safe, depending on the value of the item(s)
>you're protecting, and applicable laws. Your insurance carrier will
>insist on it if you ask them to cover high-value items, and on
>having a notification procedure when the jewels (or whatever) are
>being taken off-premise. The safe will have to be appropriately
>rated (that's why the testing company is called the
>_/Underwriters/_/' //Laboratory/) and professionally installed so
>that it can't be dragged away and cut open later.
> 4. You will need to set up security zones. You can't put a Maginot line
>around your home, because experienced thieves will be gaining entry
>when they visit family members, or come to a Tupperware party, etc.
>You're going to need "Private" areas where casual visitors are never
>allowed, and (more importantly) the willingness to erect barriers to
>exclude them.
> 5. Alarms and safes and security zones are all about buying time.
>Safes, for example, are rated by how long they can withstand various
>kinds of attacks, and a properly designed and installed system will
>delay attackers until help can get there.
> 6. You and your family members might be asked to attend
>security-awareness and self-defense training. Safes are only as good
>as your wi

Re: [Discuss] Home security & automation

[Matt Shields]

Part of wanting to do it myself is because I would learn about all the
different components and be able to troubleshoot and fix them if necessary.

Matt

On Sat, Sep 20, 2014 at 10:21 AM, Richard Pieri 
wrote:

> On 9/19/2014 4:37 PM, Matt Shields wrote:
> > I'd rather not go with a provider based system (like Comcast, ADT,
> > Vivint, etc) since I want to control everything and not have to rely
> > on a company for service or pay a monthly fee.
> [...]
> > Any suggestions?
>
> Pay a professional to help you plan the system, install and configure it
> correctly. It'll be worth it in the long run.
>
> --
> Rich P.
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Home security & automation

[Matt Shields]

I'm considering setting up my own home security system, video surveillance
and home automation.  I'd rather not go with a provider based system (like
Comcast, ADT, Vivint, etc) since I want to control everything and not have
to rely on a company for service or pay a monthly fee.

Ideally I would like it to have all three things (security, video &
automation) all work together in the same system and I'd like to have it
network based and even have a mobile app.

Any suggestions?

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Wireless devices, 2 Wireless Routers, local network. DD-WRT

[Matt Shields]

It does, except when you're the only ops guy for the company (btw not
complaining, I love where I work).  So even vacations mean you're still
technically on call in case of emergency.  I recently went to Bermuda and
while our Director of Engineer could handle the day to day stuff, I took
care of any alerts that would pop up.

Matt


On Wed, Aug 27, 2014 at 10:37 AM, Richard Pieri 
wrote:

> On 8/27/2014 8:38 AM, ma...@mohawksoft.com wrote:
> > I should be able to connect to the camp ground's wireless with the high
> > gain antenna using the Wireless-G router with a DHCP assign IP address.
>
> And here I thought "camping" meant getting away from things like this.
>
> But to address the question, you need two access points each with two
> wireless network interfaces. Configure AP1 wlan1 as a client to the
> site's network. Configure AP1 wlan0 as a Repeater Bridge endpoint.
> Configure AP2 wlan1 as a Repeater Bridge endpoint. Configure AP2 wlan0
> as a normal access point for your devices.
>
> --
> Rich P.
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Wireless devices, 2 Wireless Routers, local network. DD-WRT

[Matt Shields]

I haven't, but I'm interested in your results.  I also go camping and have
had to resort to getting a mifi which has a 10GB limit and I often go over.
 if there was a way to do what you're doing and limit my mifi use, I'd be
interested.  I'd also be interested to see if someone could accomplish with
a Raspberry Pi.

Matt


On Wed, Aug 27, 2014 at 8:38 AM,  wrote:

> Here's the scenario:
>
> I like to go camping and often times they provide wireless access, but the
> camp site is often pretty far away from the wireless access point. I have
> a long distance wireless-G router with a high gain antenna. I have a
> second wireless-N router. Both routers are running DD-WRT.
>
>
> I should be able to connect to the camp ground's wireless with the high
> gain antenna using the Wireless-G router with a DHCP assign IP address. I
> should then be able to NAT to my own local subnet and be able to connect
> the Wireless-N to my local subnet and provide access to phones, tablets,
> and laptops.
>
> If these were standard linux boxes, this would be fairly easy, but the
> standard tools don't seem available on DD-WRT's shell.
>
> Has anyone done this? Got a good link? (I have googled, but the examples
> I've found aren't quite right or don't really work.)
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Selling GNU/Linux Hosting Business

[Matt Shields]

Also keep in mind that the price of web hosting clients is really low when
you are just looking to sell to anyone.  Usually 9 to 12 times monthly
revenue and they will want to look back for the past 2-5 years to see what
revenue has been.  Being that you are a local business and your clients
probably know everyone there by name, finding another local business would
be of greater value for both you and your clients because if you just pick
some random hosting company in another state, there's a good chance some of
your clients will leave. The new company might choose to hold some funds in
escrow to make sure that all the clients don't leave as soon as the
business has been sold.  If they don't treat your clients with the personal
handholding that you currently do, then you could be out money if they lose
your customers.

Matt


On Thu, Aug 7, 2014 at 5:18 PM, Will Rico  wrote:

> Thanks Matt!  I took a look at webhostingtalk.com and it looks like a
> valuable resource for this.  Also, your advice to choose a buyer based
> on the care they will give the customers is well taken.
>
> Will
>
> On 07/28/2014 10:14 AM, Matt Shields wrote:
> > Check out webhostingtalk.com <http://webhostingtalk.com>   They have a
> > section for people looking to sell their hosting business.  Just do
> > due diligence to make sure whoever is taking over your business is
> > good.  Even though they will no longer be your customers, the
> > customers will still remember who you choose to care for them in the
> > future which will affect the rest of your business.
> >
> > Matt
> >
> >
> > On Mon, Jul 28, 2014 at 10:06 AM, Will Rico  > <mailto:willr...@gmail.com>> wrote:
> >
> > Hello everyone,
> >
> > As a side effect of my web consulting business, my company has been
> > hosting websites for 15 years.  Over this time, we've transitioned
> > away
> > from web development/application work to marketing, and it makes
> > little
> > sense to continue with the technical services related to hosting.  We
> > host about 80 sites and generate roughly $1500/month in income.
> >
> > I'm looking for a good home for my hosting clients and some
> > compensation
> > for selling this part of our business.  I'd be happy to provide more
> > information to any interested parties.
> >
> > If anyone has any feedback or suggestions, please send them along.
> >
> > Will
> >
> >
> >
> >
> >
> > ___
> > Discuss mailing list
> > Discuss@blu.org <mailto:Discuss@blu.org>
> > http://lists.blu.org/mailman/listinfo/discuss
> >
> >
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Sync Revisited

[Matt Shields]

It's dropbox replacement.  Gives you a GUI for management of your or your
companies files.  Also gives you a GUI file editor and you can create apps
that live on top of the system, like a calendar service.  Obviously it's
larger than what some people are looking for.

Matt


On Wed, Jul 30, 2014 at 10:27 AM, Richard Pieri 
wrote:

> On 7/30/2014 8:06 AM, Matt Shields wrote:
> > Did you try ownCloud?
>
> Yes. It's horrible. I mean, BTSync and Syncthing are single executables.
> Start the daemon and you're syncing files. Bang, done. ownCloud requires
> a full LAMP stack on a dedicated server and the associated
> administrative overhead.
>
> I'm sure that ownCloud has a purpose but that purpose is not me keeping
> files synchronized between my computers.
>
> --
> Rich P.
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Sync Revisited

[Matt Shields]

Ed,
It looks great (at least from the website) but it's not free.

What were the issues with ownCloud?

Matt


On Wed, Jul 30, 2014 at 10:03 AM, Edward Ned Harvey (blu)  wrote:

> > From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> > bounces+blu=nedharvey@blu.org] On Behalf Of Matt Shields
> >
> > Did you try ownCloud?  It's a self-hosted replacement for Dropbox.  They
> > even have some built in apps, so I can use the web interface when I don't
> > have my computer or phone to log in and edit documents similar to Google
> > Apps.
>
> I have been dissatisfied with owncloud, as have many IT people I've talked
> with.  Now I use Synctuary http://conceptblossom.com
> Full disclosure:  I founded Concept Blossom and created Synctuary due to
> limitations with competing alternatives such as Boxcryptor/Encfs.
>
> The crypto parts are open source.  http://tinhatrandom.org and
> http://cbcrypt.org
> We haven't released the linux client yet.  It is currently top development
> priority, so it should be ready soon.
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Sync Revisited

[Matt Shields]

Did you try ownCloud?  It's a self-hosted replacement for Dropbox.  They
even have some built in apps, so I can use the web interface when I don't
have my computer or phone to log in and edit documents similar to Google
Apps.

Matt


On Tue, Jul 29, 2014 at 7:07 PM, Richard Pieri 
wrote:

> At this point in time I've mostly given up on automated sync systems.
> Too many little problems for me to deal with.
>
> I dropped Dropbox a while back because, quite frankly, there's about
> zero security to it. Anything based on third-party cloud storage is
> automatically on my non-starter list these days, especially after the
> Code Spaces breach.
>
> I like the idea of BitTorrent Sync, how it goes about synchronizing
> arbitrary directories. The startup times and memory footprint, however,
> make it a poor tool for large-scale synchronization. By "large" I mean
> half-TB worth of data and hundreds of thousands of files on up.
>
> I gave Syncthing a try now that it's moved beyond the "don't use this in
> production" phase. I won't use it for real. It synchronizes nodes, not
> directories, and continuously spews error messages when any node in the
> group doesn't synchronize all directories under Syncthing control. The
> developer (one guy) says that's how it's supposed to work. I say that it
> a flawed design because I don't want to sync 600GB of data to my 16GB
> tablet. The developer says that he isn't changing Syncthing's behavior
> so I say that I'm not using Syncthing.
>
> As of this week I'm back to Unison and some little wrapper scripts.
> Nothing -- still -- does sync as well, as fast, and as securely as Unison.
>
> --
> Rich P.
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Selling GNU/Linux Hosting Business

[Matt Shields]

Check out webhostingtalk.com   They have a section for people looking to
sell their hosting business.  Just do due diligence to make sure whoever is
taking over your business is good.  Even though they will no longer be your
customers, the customers will still remember who you choose to care for
them in the future which will affect the rest of your business.

Matt


On Mon, Jul 28, 2014 at 10:06 AM, Will Rico  wrote:

> Hello everyone,
>
> As a side effect of my web consulting business, my company has been
> hosting websites for 15 years.  Over this time, we've transitioned away
> from web development/application work to marketing, and it makes little
> sense to continue with the technical services related to hosting.  We
> host about 80 sites and generate roughly $1500/month in income.
>
> I'm looking for a good home for my hosting clients and some compensation
> for selling this part of our business.  I'd be happy to provide more
> information to any interested parties.
>
> If anyone has any feedback or suggestions, please send them along.
>
> Will
>
>
>
>
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] GPS feature in cellphones?

[Matt Shields]

Having worked for McCaw Cellular aka Cellular One aka AT&T Wireless
Services, I remember them doing this in the 90's.  Even if your cell phone
doesn't have GPS capabilities, the phone companies could track you using
what's called triangulation.  It's not as accurate as GPS, but it's close
enough.  I remember working next to our fraud department in Ft Lauderdale
and they would help the FBI and other law enforcement agencies track down
people doing illegal things.  It was a daily occurrence that some form of
law enforcement was in our office getting info.

Read more here: http://en.wikipedia.org/wiki/Mobile_phone_tracking


Matt


On Thu, Jun 5, 2014 at 9:25 AM, Oliver Holmes 
wrote:

> Hi All!
>
> Thank you for reading and answering my post in advance.
>
> My question is old voice flip phones could only be traced to the
> transmitting tower. But I understand now that GPS is built in and is active
> whether you activate it or not. So there is the potential to track you
> within three meters. Is this so?
>
>
> Oliver
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Antenna Signal Issues

[Matt Shields]

> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.blu.org/mailman/listinfo/discuss
> > or, via email, send a message with subject or body 'help' to
> > discuss-requ...@blu.org
> >
> > You can reach the person managing the list at
> > discuss-ow...@blu.org
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Discuss digest..."
> >
> >
> > Today's Topics:
> >
> >1. Antenna Signal Issues (Matt Shields)
> >2. Re: Antenna Signal Issues (Bill Horne)
> >
> >
> > --
> >
> > Message: 1
> > Date: Wed, 4 Jun 2014 09:25:05 -0400
> > From: Matt Shields 
> > To: discuss@blu.org
> > Subject: [Discuss] Antenna Signal Issues
> > Message-ID:
> > <
> > caotd2yrqnrmfoxyebooxweawkco1k1wqs3ywp87uirk1v_i...@mail.gmail.com>
> > Content-Type: text/plain; charset=UTF-8
> >
> > This is not computer or linux related but I'm hoping that someone on the
> > list might have some technical experience in radio signals or wireless
> > systems for audio engineering.
> >
> > I have the following wireless equipment.  2 wireless handheld mics, 2
> > wireless headset mics and 8 in ear wireless monitor systems(IEM).  We're
> > having issues with signal dropout probably due to antenna issues, those
> > cheap plastic ones that come with the units.  Both the handheld and
> headset
> > mics run on the 2.4Ghz spectrum and the IEM's run on 566-608Mhz.  We have
> > already figured out which frequencies work best for the environment, so
> > that's not an issue and we don't have any conflicts with WIFI.
> >
> > So the issue we think we have is range issue.  Can I buy a high gain
> > directional antenna and a splitter and run cables to each of the
> > devices(single antenna array)?  Or do I need to have the mic's and IEM's
> > use 2 separate antenna's since one is send and one is receive?  Or do I
> > need to have every system use a separate antenna?
> >
> > A few years back I did something similar with my WIFI router, bought a
> > larger +12dbi gain omnidirectional antenna and my range almost doubled.
> >  The idea is that if I get a more directional antenna I should get a
> decent
> > amount of gain.
> >
> > Here's the equipment I'm using:
> > 2x Line 6 XD-V75 - handheld wireless mics
> > 2x Line 6 XD-V55HS - headset wireless mics
> > 8x Sennheiser EW300IEMG3-G - In Ear Wireless Monitor
> >
> > Matt
> >
> >
> > --
> >
> > Message: 2
> > Date: Wed, 04 Jun 2014 11:37:31 -0400
> > From: Bill Horne 
> > To: BLU Discussion List 
> > Subject: Re: [Discuss] Antenna Signal Issues
> > Message-ID: <538f3d3b.5060...@horne.net>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> > On 6/4/2014 9:25 AM, Matt Shields wrote:
> > > This is not computer or linux related but I'm hoping that someone on
> the
> > > list might have some technical experience in radio signals or wireless
> > > systems for audio engineering.
> >
> > Wouldn't you rather talk about DMARC? ;-)
> >
> > > I have the following wireless equipment.  ...
> > >
> > > So the issue we think we have is range issue.  Can I buy a high gain
> > > directional antenna and a splitter and run cables to each of the
> > > devices(single antenna array)?  Or do I need to have the mic's and
> IEM's
> > > use 2 separate antenna's since one is send and one is receive?  Or do I
> > > need to have every system use a separate antenna?
> >
> > Splitters cost power; as much as 1/2 of your power can be lost when
> > using them.
> >
> > Directional antennas are a double-edged sword: you get /some/added gain
> > in /some/ direction, but they are never perfect, and will tend to leave
> > dead spots in odd places.
> >
> > I suggest you start simply: elevate the transmitters and receivers above
> > the floor as much as you can, for example, by placing them on top of
> > emergency lights. Try to get wireless mic receivers out in the middle of
> > the crowd instead of on the stage: they work better when tied to
> > ceiling-mounted video projectors in the middle of the room.
> >
> > Let us know how well that works. Simplest is always better.
> >
> > Bill
> >
> > --
> > Bill Horne
> > William Warren Consulting
> > 339-364-8487
> >
> >
> >
> > --
> >
> > ___
> > Discuss mailing list
> > Discuss@blu.org
> > http://lists.blu.org/mailman/listinfo/discuss
> >
> >
> > End of Discuss Digest, Vol 37, Issue 2
> > **
> >
>
>
>
> --
> Thanks,
> Stu
>
> 617-462-0552
> genuineau...@gmail.com
> blu...@netzero.net
> stuart.con...@state.ma.us
>
> Stuart Conner
> 62 Rhodes Cir
> Hingham, MA 02043
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Antenna Signal Issues

[Matt Shields]

This is not computer or linux related but I'm hoping that someone on the
list might have some technical experience in radio signals or wireless
systems for audio engineering.

I have the following wireless equipment.  2 wireless handheld mics, 2
wireless headset mics and 8 in ear wireless monitor systems(IEM).  We're
having issues with signal dropout probably due to antenna issues, those
cheap plastic ones that come with the units.  Both the handheld and headset
mics run on the 2.4Ghz spectrum and the IEM's run on 566-608Mhz.  We have
already figured out which frequencies work best for the environment, so
that's not an issue and we don't have any conflicts with WIFI.

So the issue we think we have is range issue.  Can I buy a high gain
directional antenna and a splitter and run cables to each of the
devices(single antenna array)?  Or do I need to have the mic's and IEM's
use 2 separate antenna's since one is send and one is receive?  Or do I
need to have every system use a separate antenna?

A few years back I did something similar with my WIFI router, bought a
larger +12dbi gain omnidirectional antenna and my range almost doubled.
 The idea is that if I get a more directional antenna I should get a decent
amount of gain.

Here's the equipment I'm using:
2x Line 6 XD-V75 - handheld wireless mics
2x Line 6 XD-V55HS - headset wireless mics
8x Sennheiser EW300IEMG3-G - In Ear Wireless Monitor

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Are there any SSL certificate authorities that don't cost a king's ransom?

[Matt Shields]

On Sun, Jul 28, 2013 at 11:06 AM, Bill Horne  wrote:

> I'm pricing SSL certificates for my employer: we're talking about putting
> up a "donations" page, and that means using SSL.
>
> Symantec is charging for Beluga caviar and delivering fish eggs: over $700
> per year.
>
> Thawte, their little-known-but-lower-priced subsidiary, wants $200/year,
> for a single domain.
>
> I want to know where I can get one for less. When I look at the list of
> certificates that Firefox came with, I'm sure that there is /someone/,
> /somewhere/, who can sign a certificate without asking my employer to grant
> them an annuity.
>
> I know that there are maybe-yes, maybe-no players in the game, but I can't
> use them. I need a certificate from someone who's already in /EVERY/
> browser: in other words, I can only recommend a purchase from an
> established certificate authority, not someplace who is trying to become
> one. Having said /that/, I'll also say that I don't care if I use a company
> in South Africa or one in Beijing: I only care if the users see a lock icon.
>
> Bill
>
> --
> Bill Horne
> 339-364-8487
>
>
>
I hate to even suggest this because I despise them, but GoDaddy offers
really cheap certs.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] encrypted basic cable

[Matt Shields]

On Thu, Apr 25, 2013 at 9:14 PM, Tom Metro  wrote:

> Daniel Barrett wrote:
> > I found a similar no-set-top-box plan on FIOS for even less money,
> > $10/month, switched, and never had a problem again.
>
> You're referring to a plan that only covers the retransmission of local
> broadcast stations (and probably public access stations), right?
>
> Are you using it with digital or analog tuners?
>
> At one time, and perhaps still currently, FIOS optical network terminals
> (ONTs) actually provided the basic channels as analog video. Something
> Comcast got rid of years ago. Given the architecture of Comcast's
> network, they had more incentive to do so, as it ate up shared bandwidth
> on their system.
>
> Now that the FCC has ruled that cable companies have no obligation to
> provide the basic tier as unencrypted digital, I wonder how long you'll
> be able to continue using this service without a converter box. (A
> converter box the FCC says you can be charged for, after 2 years.)
>
> The cable companies cited faster service and lower technician costs as
> the main reason why they wanted all signals encrypted so they could
> electronically alter your subscription level. A laughable claim, once
> you see what the ONTs are capable of.
>
> Comcast could install a box at the termination point at your house,
> which like an ONT spits out unencrypted analog and digital video for
> no-set-top-box service. But then they couldn't get away with charging
> you a per-TV rental fee for an ONT or upsell you on pay-per-view and
> other services that require a set-top-box.
>
> Showing once again that the FCC are either chumps, or are willingly
> doing what's most profitable for the industry they supposedly regulate,
> rather than in the best interest of the public.
>
>  -Tom
>
> --
> Tom Metro
> Venture Logic, Newton, MA, USA
> "Enterprise solutions through open source."
> Professional Profile: http://tmetro.venturelogic.com/
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

If you have any cable package with comcast (basic or other) you can use the
HDHomeRun to decrypt their signal and do what you want with it.  I have a
macmini running EyeTV for my dvr service and when I'm not using my tv I
have an EyeTV iPad app which I can use to watch tv.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Cable Modem Woes / Looking to Compare Notes

[Matt Shields]

On Thu, Apr 25, 2013 at 8:33 AM, Rick Umali  wrote:

> Hello all,
>
> I'm looking to compare notes with people who use Comcast Internet.
>
> For the past month or so, my wife, who works from home, has complained for
> fairly regular outages with our Internet. We live in Arlington, and the
> outages happen typically between noon and 4 PM. The outages are of a long
> duration (sometimes seconds, sometimes a few minutes). She's begun to
> become very familiar with the light patterns on the cable modem, and she's
> not technical at all.
>
> When our TV began to exhibit tiling, we called Comcast, and the technician
> determined our signal wasn't strong enough. He put in new coax "from the
> pole" to the side of our house.
>
> A week or so after that, we contacted Comcast about our cable modem issues,
> and another technician came out, and said the signal to our cable modem was
> weak, and he took the coax from the side of the house and directly
> connected it to the cable modem.
>
> However, the outages continue to happen. Now Comcast has suggested we
> replace the cable modem. We're hopeful this makes our Internet stay alive.
>
> Has anyone had any similar experiences? My big fear is that replacing the
> cable modem won't fix anything. The other cloud hanging over me: the first
> technician said that the coax in our house walls are of an older
> generation. He recommended that we replace it, but it's something an
> electrician would have to do.
>
> Thank you all for any thoughts on this matter!
> --
> Rick Umali / www.rickumali.com
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

A few years back I had a lot of issues with Comcast and they kept saying
there was nothing wrong.  I always have something like DynDNS setup so I
know my home IP address, so I setup Pingdom.com to monitor my home internet
connection and alert me.  I used those graphs to prove to Comcast that
there service kept going down and managed to get 2 free months of service
because of all the problems.  After that they came out and fixed the issues.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Patch/Server management software

[Matt Shields]

Love puppet for config management, but last time I used Puppet it was
servers checking in to see what it should do not me seeing what needs
to be updating and selectively updating what I want and when I want.

Matt


On Tue, Mar 26, 2013 at 11:14 AM, Drew Van Zandt
 wrote:
> You mean something like Puppet or Chef?  Or something orthogonal to those
> features?
>
> http://bitfieldconsulting.com/puppet-vs-chef
>
> Drew Van Zandt
> Cam # US2010035593 (M:Liam Hopkins R: Bastian Rotgeld)
> Domain Coordinator, MA-003-D.  Masquerade aVST
>
>
>
> On Tue, Mar 26, 2013 at 11:07 AM, Matt Shields  wrote:
>>
>> Anyone know of software that will give me a dashboard of my servers in
>> my network, what software is installed on them, what software needs to
>> be updated and let me target a remote update for those pieces of
>> software.  Say for example there's an SSH update for my CentOS 5.6
>> boxes, I hit one button and all those remote machines update that
>> package.  Or there is a Windows update for IIS, again one button push
>> tells those hosts to apply that update.
>>
>> Also, it would be ideal that this software would have a dashboard that
>> can be used in our NOC to show threat level
>>
>> Matt
>> ___
>> Discuss mailing list
>> Discuss@blu.org
>> http://lists.blu.org/mailman/listinfo/discuss
>
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Patch/Server management software

[Matt Shields]

Anyone know of software that will give me a dashboard of my servers in
my network, what software is installed on them, what software needs to
be updated and let me target a remote update for those pieces of
software.  Say for example there's an SSH update for my CentOS 5.6
boxes, I hit one button and all those remote machines update that
package.  Or there is a Windows update for IIS, again one button push
tells those hosts to apply that update.

Also, it would be ideal that this software would have a dashboard that
can be used in our NOC to show threat level

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] On-site backups revisited - rsnapshot vs. CrashPlan

[Matt Shields]

On Wed, Feb 20, 2013 at 4:40 PM, Rich Braun  wrote:

> I wrote last month a query about CrashPlan free peer-to-peer software from
> Code42.  I failed to get satisfaction from the vendor, even though the CEO
> of
> Code42 made a response, you can view the thread at
>
> https://crashplan.zendesk.com/entries/64160-How-do-I-request-a-full-integrity-check
> ; he didn't follow up any further though.
>
> I am developing an alternative strategy based on suggestions from BLU.
>  Here's
> what I posted at the CrashPlan forum about that:
>
> I haven't yet found a suitable replacement for CrashPlan (peer-to-peer) off
> the shelf, but here's the strategy I'm using going forward:
>
> * Set up a central backup server using rsnapshot which can easily
>   be set up to make incremental filesystem backups similar to
>   CrashPlan's peer-to-peer mechanism
> * Supplement rsnapshot with a script to make sha256sum checksums of
>   the archive contents, stored in a simple db table
> * Craft a monitoring script to warn me in case the archive files no
>   longer match checksums, and to warn when backups are incomplete
>   or stale
> * Make a tool that makes it more obvious to me whether a given local
>   directory or computer is being backed up
>
> That's all I really wanted CrashPlan's peer-to-peer software to do, but
> it's
> hard to find out what it's actually doing under the covers.  For on-site
> backups, I don't need some of the other features that CrashPlan provides:
> encryption, de-duplication, the convenient UI.  But I do urgently need
> monitoring that goes beyond CrashPlan's weekly status emails, along with
> integrity checks that I control and understand.
>
> I /think/ I'm still happy with the paid remote-site backup service but I
> have
> to supplement or replace my local backups as noted above.
>
> ---
> I'm not sure how aggressive I have to be with the integrity checking --
> I've
> actually never had a known instance of a file getting corrupt -- but I
> figure
> it's worthwhile for a long-term archive.  Have any of you found or
> developed
> tools for this part of it, in particular doing it in conjunction with
> rsnapshot or another similar tool?
>
> Setting up rsnapshot is fairly easy, though at some point I want to write
> up
> and post a better how-to for the benefit of future users.  In particular
> the
> two-step process of "sync" and "rotate" isn't well-documented in the
> places I
> looked online, and you really want to have a separate script (beyond what
> cron
> does by itself) to invoke the rotation methods.
>
> -rich
>
>
>
How about OwnCloud? http://owncloud.org/features/  Setup your own Dropbox
service with no dependencies on anyone else.


Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Network monitoring tool recommendation

[Matt Shields]

On Wed, Feb 6, 2013 at 6:29 PM, David Rosenstrauch wrote:

> On 02/06/2013 02:00 PM, David Rosenstrauch wrote:
>
>> On 02/06/2013 12:34 PM, Matt Shields wrote:
>>
>>> Also try ntop.  Set it up on a standalone computer.  2 network ports, one
>>> for management, one where you mirror all your traffic at the
>>> switchport to
>>> it and have the interface in promiscuous mode.  Then it'll give you nice
>>> charts to show you who is talking to what (ie. User1 is streaming content
>>> from Youtube, etc).
>>>
>>> Matt
>>>
>>
>> Will check that out - thanks!
>>
>> DR
>>
>
> Great suggestion on ntop!  Looks like what I need.
>
>
> Just one thing I'm not sure about with it, though:
>
> It seems like the intention is that you would run ntop on your gateway
> machine (which all traffic on the network passes through) and that way get
> full stats for the entire network.
>
> However, that's not the setup I have.  I do have a gateway, but it's our
> firewall box, which I can't run ntop on.  The machine I am running it on is
> our ssh entrypoint into the network.  But the other machines on the network
> can initiate connections directly to the Internet through firewall without
> going through the ssh entrypoint.  So I'm thinking that by running ntop on
> the ssh entrypoint box, it's not going to actually be seeing all the
> incoming or outgoing traffic for the network, and so won't be able to
> report on it accurately.
>
> Am I right on this?  And if so, how best to work around this?  (Without
> having to run an instance of ntop on every machine in the network.)
>
> Thanks,
>
>
> DR
> __**_
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/**listinfo/discuss<http://lists.blu.org/mailman/listinfo/discuss>
>

I have a separate machine that I use for ntop, snort, tcpdump, nessus and
other monitoring tools.  It has 2 nics, one is management (ssh, http, etc)
and the second is set to promiscuous mode and connected to my core switch.
 On the core switch I have that port be a mirror of the main link.  So all
traffic in and out of the network is mirrored to my monitoring server where
I do analysis on what's going on.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Network monitoring tool recommendation

[Matt Shields]

On Wed, Feb 6, 2013 at 12:21 PM, Drew Van Zandt wrote:

> Cacti, Nagios, and Intellipool are all solid for this.
>
> *
> Drew Van Zandt
> Cam # US2010035593 (M:Liam Hopkins R: Bastian Rotgeld)
> Domain Coordinator, MA-003-D.  Masquerade aVST
> *
>
>
> On Wed, Feb 6, 2013 at 12:11 PM, David Rosenstrauch  >wrote:
>
> > We've got some machine (or machines) sucking up a lot of bandwidth on our
> > network.  I'm trying to pin down exactly what, but not having much luck
> so
> > far.
> >
> > The network's got about a dozen machines, behind a firewall.  What I'd
> > like to see is a high-level view of the whole network's bandwidth usage
> > over the span of, say, 24 hours.  I.e., which machines are using the most
> > bandwidth (i.e., in Gb), and connections to which external sites are
> > causing most of the hogging.
> >
> > Clearly, micro-level tools like iftop aren't going to cut it here, as
> they
> > only show me a) what's using bandwidth right now, and b) an individual
> > machine basis.
> >
> > I tried running darkstat on each machine in the network, but it didn't
> > really give me what I was looking for.  Again, the reporting was
> > per-machine, and so didn't provide a comprehensive view.  (Among other
> > problems.)
> >
> > Bandwidthd looks like it might have some promise, but would take some
> time
> > to set up to give me a comprehensive view.  (I.e., configure a pgsql
> > database.)
> >
> >
> > Anyone have any particular recommendations for a situation like this?
> >
> > Thanks,
> >
> > DR
>

Also try ntop.  Set it up on a standalone computer.  2 network ports, one
for management, one where you mirror all your traffic at the switchport to
it and have the interface in promiscuous mode.  Then it'll give you nice
charts to show you who is talking to what (ie. User1 is streaming content
from Youtube, etc).

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Boston CO's

[Matt Shields]

On Tue, Jan 29, 2013 at 9:13 AM, Alex Pennace  wrote:

> On Tue, Jan 29, 2013 at 09:09:27AM -0500, Matt Shields wrote:
> > Anyone have a list of CO's (Telco Central Office) in the city of Boston?
>  I
> > know there's one at 1 Summer St and 300 Congress.  I'm looking for a list
> > of all CO's for a project I'm working on.
>
> Try this:
> http://www.telcodata.us/search-switches-by-city-state?city=Boston&state=MA
>
> --
> Alex Pennace, a...@pennace.org, http://osiris.978.org/~alex/
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

Perfect.  Thank you very much

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Boston CO's

[Matt Shields]

Anyone have a list of CO's (Telco Central Office) in the city of Boston?  I
know there's one at 1 Summer St and 300 Congress.  I'm looking for a list
of all CO's for a project I'm working on.


Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] webmin

[Matt Shields]

On Thu, Jan 24, 2013 at 1:08 PM, Mark Woodward  wrote:

> I am setting up a server for a fairly technical guy, not a admin level
> guy, but a smart kid that can do/figure out most tasks, and I also trust
> that he has the temperament to recognize and call me before he does
> anything *bad*. Generally speaking, of course.
>
> The webmin package seems to be a very powerful admin package and I've
> noticed similarities between it and the D-Link NAS I have.
>
> My question for the group
>
> Has anyone used it? Are there better options? How's the security? General
> opinions?
>

A long time ago when I was first learning linux it was the best thing, but
if I ever encountered a linux admin now that was using it I wouldn't let
them touch any of my boxes.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Travelling abroad & taking technology

[Matt Shields]

On Mon, Dec 31, 2012 at 1:21 PM, Rich Braun  wrote:

> I learned something about international shipping this year. Know why we
> don't make much in the USA anymore? Because a couple of companies have
> built an oligopoly of shipping services: the costs are incredible, and the
> paperwork burden is horrendous.
>
> I moved into a house vacated by a Taiwanese friend. He asked me to ship a
> few things. My jaw dropped at the price quoted by UPS: anyone in China or
> Hong Kong or most places in Asia can send a package to the USA for a few
> dollars; we have to spend tens to hundreds going the other way.
>
> I tried sending a laptop battery at a downtown UPS store. After 20 minutes
> of writing up my order, the store manager cancelled it, apologizing that he
> didn't have the precisely correct hazmat label to get past the (American)
> bureaucrats to make it across our border.
>
> At work, it took about 5 weeks to transfer 2 boxes of embedded-systems
> equipment to the office of one of our contractors in India.
>
> So: you're better off hand-carrying equipment than mailing it. I look out
> at the harbor wistfully, looking at Chinese-flagged container ships filled
> with Chinese Christmas goodies as they arrived earlier this month, empty
> steel boxes going back the other way.
>
> YMMV.
>
> -rich


My 2 load balancers that I shipped over a month ago have just been shipped
back to me.  We provided them the original invoice which showed we paid
$100k for them a couple years ago.  This would be what we'd pay for them if
they were lost to get the latest model with support/replacement.  UK
customs said our price was wrong, to send an eBay page with what they go
for used.  The current value (without support/replacement) is around $5k.
 So custom's told FedEx to ship them back.

Anyone have experience taking servers/network gear on the plane with them?
 What should I expect as far as taxes and penalties?  etc?

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] satellite Internet vs. fixed wireless

[Matt Shields]

On Wed, Jan 9, 2013 at 6:00 PM, Dan Ritter  wrote:

> On Wed, Jan 09, 2013 at 04:54:13PM -0500, Tom Metro wrote:
> > It makes you wonder what happened to fixed wireless around here? People
> > were all excited about it back around 2000. I think there are still a
> > few companies in the Boston area doing expensive fixed-wireless links
> > for medium+ businesses. Nothing for consumers or small businesses. It
> > seems like we got distracted by Wimax, which had more technical
> > challenges dealing with mobile end-points, was undercut by cheap cable
> > Internet, and increasingly cheaper 3G and now 4G cell data.
>
> I had TowerStream service in Cambridge in 2003-2004. At the time it was
> terrible: high packet loss, worse packet loss in rainstorms or with high
> winds, service randomly out. It was very fast to install,
> though, and priced reasonably (at the time.)
>
> Their website currently advertises a special price of $500/month for
> 5Mb/s service. That's... not good. If you're in a Cogent-lit building,
> you can get 100Mb/s for $1000/month. If you are in a facility already
> served by another major ISP, you can probably get prices around $15-20
> per Mb/s. Local loop charges can be nasty, if you have to pay them, but
> you are still unlikely to have to pay $100 per Mb/s...
>
> -dsr-
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

Their service has gotten better.  I currently use it at my office as a
redundant connection.  Their prices do come down at the higher speeds.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] data caps

[Matt Shields]

On Tue, Jan 8, 2013 at 10:11 AM, Edward Ned Harvey (blu)
wrote:

> > From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> > bounces+blu=nedharvey@blu.org] On Behalf Of Matt Shields
> >
> > profit sharing.  Quincy happened to strike a good deal with Comcast and
> > they do not want to renegotiate with them to allow competitors because
> > their percentage per household in the city will go down and thereby
> cutting
> > some of the revenue for the town.
>
> Somebody should take away those voters' right to vote.;-)   "Yes, I'll
> vote for higher prices, or lower freedom or less quality, if it means lower
> taxes."  I'll repeat:  "I'll vote for less competition, and higher prices,
> and lower taxes."hehehehh   "I would rather pay Comcast the same money
> directly, instead of paying the same money to local government for
> something else."
>
> (not serious, to anyone who would actually take it seriously and flip out
> like a crazy person)
>
>
Don't get me wrong, I think Comcast and other's should pay a fee for using
public polls or digging in the ground to run their lines.  The city is
responsible for this public space and has to maintain it, so they need
funds to do so.  But I also think Comcast/Verizon or others shouldn't be
able to hold a town hostage from bringing in competitors from offering
services by threatening to lower their fee they pay to the town/city.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] data caps

[Matt Shields]

On Tue, Jan 8, 2013 at 3:13 AM, Tom Metro  wrote:

> Lets move on from DRM and GPL to another topic we all love - data caps!
>
> The clips and commentary below became too long, so I'll provide a tl;dr
> summary up top, and pose a question for discussion. Here's the premise:
> data caps are not about solving network congestion, they're about
> increasing revenues and staving off competition from other content
> providers; data delivery has gotten increasingly more profitable for
> ISPs as their delivery costs have dropped and their investment in
> infrastructure has shrunk; the lack of competition permits this to happen.
>
> Read further below if you want to see the articles that support the above.
>
> Given this, if you were choosing a broadband provider, and you didn't
> want to reward companies that follow these practices, who would you
> pick? While you can currently avoid data caps by selecting a
> business-class service, you're still rewarding the same companies with
> your business, and what's to stop them from introducing caps later?
>
> In the sub-$200/month price range, there doesn't seem to be an
> alternative to cable and telco fiber, unless you are willing to slow
> down to DSL speeds, or happen to be in one of the few areas where there
> is a fixed wireless provider.
>
>
Sorry for not reading the whole article, I promise I will later.  While I
would love to punish the companies that abuse datacaps in favor of profit.
 Some people do not have much of a choice when it comes to what service is
available.  In Quincy we have Comcast.  If you don't want Comcast you
either need to go with Clear.com whose service stinks (they don't have a
cap but they throttle) or buy a traditional T circuit which is really
expensive.  I would love for there to be more competition but in this state
the individual towns/cities make their own deals with the companies for
profit sharing.  Quincy happened to strike a good deal with Comcast and
they do not want to renegotiate with them to allow competitors because
their percentage per household in the city will go down and thereby cutting
some of the revenue for the town.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Travelling abroad & taking technology

[Matt Shields]

On Mon, Dec 31, 2012 at 11:02 AM, Mark Woodward wrote:

> What am I missing? Why can't you FedEx it?
>
>
> On 12/31/2012 10:36 AM, Matt Shields wrote:
>
>> I have buildout a datacenter in London in January and I've ordered
>> everything I need directly to the datacenter because of everything I've
>> heard about dealing with customs.  The only exception of a single piece of
>> equipment we forgot that probably won't make it if I ship it now (a Cisco
>> serial console server).  I know that I can carry my laptop on the plane
>> and
>> go through custom's fine, but is it possible to carry something like that
>> with me or pack it in a suitcase and go through customs?
>>
>> Matt
>>
>

My understanding is Fedex or UPS'ing it would take a month to get through
customs.  That's just what I've been told.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Travelling abroad & taking technology

[Matt Shields]

I have buildout a datacenter in London in January and I've ordered
everything I need directly to the datacenter because of everything I've
heard about dealing with customs.  The only exception of a single piece of
equipment we forgot that probably won't make it if I ship it now (a Cisco
serial console server).  I know that I can carry my laptop on the plane and
go through custom's fine, but is it possible to carry something like that
with me or pack it in a suitcase and go through customs?

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Open Source Monitoring

[Matt Shields]

I've been a longtime supporter of Nagios (and more recently Icinga) and
Cacti, but I've become extremely frustrated with the complexity it takes to
manage extremely large installations.  It usually starts out fine but when
you've got a lot of people in it, it gets messy.  Nagios also should have
built in graphing and tie in Cacti to Nagios is messy at best.  Recently I
checked out Groundworks (gwos.com) and was impressed with their ability to
tie in a lot of different open source tools into a single system.  But
their price nearly gave me a heart attack.

Has anyone used and recommend some of the lesser known Open Source
monitoring/trending/alerting systems out there such as Zabbix, PandoraFMS,
OpenNMS, Zenoss, etc.  I'm looking for the ability to easily write/port
Nagios plugins and have a collection of standard ones for both Linux and
Windows, reporting/trending, ability to create useful dashboards for a NOC,
and my biggest is the ability like Groundworks to have an agent that when a
new node comes online after imaging checks into the server and based on
hostname (using regex) automatically add itself to a hostgroup and start
monitoring the appropriate resources.


Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] [Slightly OT] Streaming video services?

[Matt Shields]

On Fri, Nov 30, 2012 at 8:42 AM, Kyle Leslie  wrote:

> I'd add that with Netflix depending on the unit you get varies the content
> you get. My XBox 360 has always had different streaming content than a
> friends PS3 or Set top box.
>
> That could have changed now but I dropped my subscription because the XBox
> 360 streaming options were atrocious and never updated.  I am planning on
> putting together an XBMC box one of these to test that method of streaming
> netflix though.
>
> FWIW - Most people I know who stream most of their content usually have
> multiple services to fulfill there needs, there is no silver bullet.
>
> Generally I hear TV streamers use - Hulu, Amazon, Itunes and Movie people
> Netflix, Amazon, Itunes.  But that is all anecdotal.
>
>
Of those who have gone to internet media.  Have most people kept basic
cable to get local news?  And is there anything you miss about not having
cable such as certain programs not available to Hulu, Netflix, Amazon, etc?
 And have you had any issues with getting close to
exceeding bandwidth limits set by providers like Comcast?


Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] [Position-available] Sr and Jr Linux/Network Engineer

[Matt Shields]

We have a couple positions open for both Sr & Jr Linux/Network System
Engineers.  Below is the description of the Sr position. Please contact me
directly if interested.


Location: South Boston (near South Station)

Compensation: commensurate with experience

Benefits: Medical, Dental, Vision, Life, 401k, plus more

Job Type: Permanent, Direct Hire

*Position Overview:*

The Sr Network/Systems Engineer is responsible for building, implementing,
and managing products and solutions for Bullhorn's production environment,
while ensuring 24/7 availability.  The position will require an expert
understanding of network stack along with excellent understanding of Linux
and Windows services and configuration.  The ideal candidate will have
proven technical experience with a solid foundation of networking skills
along with a positive attitude.

*Responsibilities:*

   - Design, build, implement, and manage products and solutions for
   Bullhorn's production environment
   - Monitor and maintain all production system equipment and services
   - Participate in the planning and coordination of new product deployment
   and enhancement projects, ensuring preparedness in servicing the product
   - Ensure 24/7 availability of the production application environment.
   This will include 24/7 on-call responsibilities on a rotating basis.
   - Document technical environments, processes and procedures, testing
   plans, project plans.
   - Provide direct support to Software Development, Quality Engineering,
   Customer Support, Professional Services and third party vendors as needed
   to resolve production problems
   - Maintain network and systems configurations for national and
   international data centers.


*Required Skills and Experience:*

   - Bachelor?s Degree or equivalent experience required.
   - 5+ years total experience as a network engineer
   - 5+ years total experience with systems administration, as well as
   hardware and software troubleshooting
   - Must work well in high pressure environmentsExcellent written and
   verbal communication
   - Analytical and detail oriented
   - Have senior/expert knowledge of Cisco routers, switches, load
   balancing and security concepts; BGP/RIP/OSPF routing concepts,
   TCP/IP/ARP/MAC/Spanning-tree issues and configuration, VPN technologies,
   troubleshooting VLAN or physical connectivity using Wireshark/Tcpdump
   - Create and update network documentation/diagrams
   - Redhat or CentOS linux
   - JBoss/TomCat/Apache
   - Shell, PHP and Perl scripting
   - Previous experience in a SaaS and/or high volume website environment
   preferred

*Skills that are considered a plus*

   - Cisco or Juniper network certification (CCNA or CCNP)
   - Experience with pfSense and Cisco ASA firewalls
   - Experience with OpenVPN
   - Monitoring using Nagios, Cacti and Splunk/SyslogNG/Greylog
   - Open Source Project experience
   - Previous oncall experience



Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] 'nother question

[Matt Shields]

On Wed, Aug 8, 2012 at 10:07 PM, Tom Metro  wrote:

> Matt Shields wrote:
> > On the client, try "nmap -sT serverIP" to see if your client
> > can see port 22 open.
>
> FYI, you can test SSH connectivity more simply like:
>
> % telnet ssh-server 22
> Trying 192.168.0.123...
> Connected to ssh-server.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_...
>
> Then hit the escape character and type 'cl' and enter to exit.
>
> It's a nice simple sanity test that can be ran from just about any client.
>
>  -Tom
>
> --
> Tom Metro
> Venture Logic, Newton, MA, USA
> "Enterprise solutions through open source."
> Professional Profile: http://tmetro.venturelogic.com/
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

True, there are lots of different ways to test like using netcat (nc
serverip 22).  Just trying to show options.  nmap, tcpdump, netstat are
some good tools for people to know.


Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] 'nother question

[Matt Shields]

On Wed, Aug 8, 2012 at 4:14 PM, Derek Martin  wrote:

> On Tue, Aug 07, 2012 at 07:10:44PM -0400, dan moylan wrote:
> > > Maybe add the verbose option and post the output to the list.
> >
> > ok, here 'tis:
> >   Executing: program /usr/bin/ssh host 192.168.0.103, user moylan,
> command scp -v -t -- .
> >   OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
> >   debug1: Reading configuration data /etc/ssh/ssh_config
> >   debug1: /etc/ssh/ssh_config line 19: Applying options for *
> >   debug1: Connecting to 192.168.0.103 [192.168.0.103] port 22.
> >   debug1: connect to address 192.168.0.103 port 22: Connection refused
> >   ssh: connect to host 192.168.0.103 port 22: Connection refused
> >   lost connection
>
> Seems as though there's no server running on 192.168.0.103, port 22.
> But you say ssh works?  Perhaps you should repeat this exercise with
> ssh.  Basically scp == ssh, so one would expect them both to work, or
> both to not work.
>
> Is it perhaps that when you ran ssh, it was in the opposite direction?
>
> --
> Derek D. Martinhttp://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
> -=-=-=-=-
> This message is posted from an invalid address.  Replying to it will
> result in
> undeliverable mail due to spam prevention.  Sorry for the inconvenience.
>
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
>
I missed the first part of the conversation, but here's a few things you
can check.  Do you have to the server?  If so, check "netstat -lpn | grep
ssh" to see if ssh is running on port 22.  Then try using "tcpdump -i any
port 22" to see if you can see any host trying to connect on port 22.  You
can check iptables to make sure that ssh isn't being blocked.  Check
/etc/hosts.deny to make sure that your IP isn't being blocked by
tcp_wrappers.  On the client, try "nmap -sT serverIP" to see if your client
can see port 22 open.



Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] [Position-available] Sr and Jr Linux System Engineers

[Matt Shields]

We have a couple positions open for both Sr & Jr Linux System Engineers.
Please contact me directly if interested.

Position Overview: The Systems Engineer is responsible for building,
implementing, and managing products and solutions for production
environment, while ensuring 24/7 availability. The position will require an
excellent understanding of LAMP stack technologies along with windows
services and configuration. The ideal candidate will have proven technical
experience with a solid foundation of operating system and networking
skills along with a positive attitude.

Location: South Boston (near South Station)

Compensation: commensurate with experience

Benefits: Medical, Dental, Vision, Life, 401k, plus more

Job Type: Permanent, Direct Hire

Responsibilities:
* Design, build, implement, and manage products and solutions for
production environment
* Monitor and maintain all production system equipment and services
* Participate in the planning and coordination of new product deployment
and enhancement projects, ensuring preparedness in servicing the product
* Ensure 24/7 availability of the production application environment. This
will include 24/7 on-call responsibilities on a rotating basis.
* Develop system analysis and reporting tools and tools for task automation
* Document technical environments, processes and procedures, testing plans,
project plans.
* Provide direct support to Software Development, Quality Engineering,
Customer Support, Professional Services and third party vendors as needed
to resolve production problems
* Maintain network and systems configurations for national and
international data centers.

Required Skills and Experience:
* Bachelor’s Degree or equivalent experience required.
* 3+ years total experience with systems administration, as well as
hardware and software troubleshooting
* Must work well in high pressure environments
* Redhat or CentOS
* Windows server 2003, 2008
* Solid understanding of TCP/IP, network devices such as switches, hubs,
routers, firewalls
* JBoss/TomCat/Apache
* Shell, PHP, Perl or Python scripting
* Previous experience in a SaaS and/or high volume website environment
preferred
* Experience in automation and managing large server environments

Skills that are considered a plus:
* LDAP/Kerberos authentication against Microsoft Active Directory
* SAN and NAS technologies (iSCSI, FCP, CIFS, NFS, etc)
* Java/Tomcat
* Open Source Project experience
* Previous oncall experience
* Puppet/CFEngine
* Splunk/SyslogNG

Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] iPhone vs. Android - the backup problem

[Matt Shields]

On Fri, Jul 20, 2012 at 10:26 AM, Kent Borg  wrote:

> Matt Shields wrote (privately, but I think it is of general interest and
> not confidential):
>
>  Just an FYI for anyone who uses iTunes and buy's apps and music from
>> Apple.  If you have lost your content for whatever reason, iTunes allows
>> you to redownload load all your content again.  I believe they started
>> doing this last fall.
>>
>
> I recently bought my wife an Ipad (she loves it), and I noticed they are
> willing to play (or download) all her Itunes-purchased songs from the cloud.
>
>
> -kb, the Kent who is of the Android persuasion.
>
>
iTunes Match is different than downloading previously purchased content.
 If you buy anything from iTunes, you can download it as much as you want
to any of your devices (iPhone, iTouch, iPad, Mac's, etc) if you ever
delete it.

iTunes Match is a yearly fee to take any songs you didn't purchase from
Apple and they will "match" them in the cloud for you so you can stream or
download them to any device.  That way you don't have to rip/copy them to
all your computers


Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Looking for work

[Matt Shields]

On Tue, Jul 3, 2012 at 1:19 PM, Rich Braun  wrote:

> Jerry wrote:
> >> Don't volunteer anything and don't be negative.
>
> Edward Ned Harvey responded:
> > Agreed with everything Jerry just said, except "don't volunteer
> anything."
> > ... I feel the best interviews
> > are usually the ones where the candidates show energy and enthusiasm,
> > passion for the technology and love what they do.
>
> You're both right. ;-)  I have quite recent experience with this; just got
> the
> thumbs-down yesterday from an interview 10 days earlier.  My failure mode
> in
> interviews is that I ramble until a timer goes off inside me reminding me
> to
> give the interviewer a chance to ask a question.  On this occasion, my
> rambling took me down a dangerous turn.  One of my previous jobs ended in a
> horrendous way, and to this day I still feel a whole lot of rage and angst
> about it.  Deep in my subconscious is a desire to get all this off my chest
> and transcend the person who caused this wound in my life.
>
> *But* I shouldn't ever talk about it.  10 days ago, I did, without being
> prompted.  The facial expression of this hiring manager changed for the
> rest
> of the interview, so I pretty much knew his decision 10 days before it was
> officially communicated to me.  Perhaps there was another reason behind the
> adverse decision, but this gaffe stood out in an otherwise positive 3
> hours of
> discussions with 5 screeners.
>
> So in response to this advise from Jerry & Ned:  I think it's good advice
> to
> ramble on about positive achievements and/or things that you know the
> hiring
> company is working on, for up to about 2 minutes, but then you need to
> bring
> your comments to the point and prompt another question from your
> interviewer
> (usually, by asking an innocuous question of your own).
>
> -rich
>
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

It's not bad to talk about negative experiences, in fact good interviewers
ask you about these experiences.  These experiences could be dealing with a
severe outage, a high conflict coworker, mis-management of a company, etc.
 It's how you reacted and dealt with a negative situation that they want to
know.  If you acted poorly, then of course they may not consider you.  If
you found a way to deal with the negativity in a good way, then it's a good
thing.  Honestly I believe that negative situations if dealt with correctly
help you build up.


Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] [Position-available] Sr and Jr Linux System Engineers

[Matt Shields]

We have a couple positions open for both Sr & Jr Linux System Engineers.
Please contact me directly if interested.

Position Overview: The Systems Engineer is responsible for building,
implementing, and managing products and solutions for production
environment, while ensuring 24/7 availability. The position will require an
excellent understanding of LAMP stack technologies along with windows
services and configuration. The ideal candidate will have proven technical
experience with a solid foundation of operating system and networking
skills along with a positive attitude.

Location: South Boston (near South Station)

Compensation: commensurate with experience

Benefits: Medical, Dental, Vision, Life, 401k, plus more

Job Type: Permanent, Direct Hire

Responsibilities:
* Design, build, implement, and manage products and solutions for
production environment
* Monitor and maintain all production system equipment and services
* Participate in the planning and coordination of new product deployment
and enhancement projects, ensuring preparedness in servicing the product
* Ensure 24/7 availability of the production application environment. This
will include 24/7 on-call responsibilities on a rotating basis.
* Develop system analysis and reporting tools and tools for task automation
* Document technical environments, processes and procedures, testing plans,
project plans.
* Provide direct support to Software Development, Quality Engineering,
Customer Support, Professional Services and third party vendors as needed
to resolve production problems
* Maintain network and systems configurations for national and
international data centers.

Required Skills and Experience:
* Bachelor’s Degree or equivalent experience required.
* 3+ years total experience with systems administration, as well as
hardware and software troubleshooting
* Must work well in high pressure environments
* Redhat or CentOS
* Windows server 2003, 2008
* Solid understanding of TCP/IP, network devices such as switches, hubs,
routers, firewalls
* JBoss/TomCat/Apache
* Shell, PHP, Perl or Python scripting
* Previous experience in a SaaS and/or high volume website environment
preferred
* Experience in automation and managing large server environments

Skills that are considered a plus:
* LDAP/Kerberos authentication against Microsoft Active Directory
* SAN and NAS technologies (iSCSI, FCP, CIFS, NFS, etc)
* Java/Tomcat
* Open Source Project experience
* Previous oncall experience
* Puppet/CFEngine
* Splunk/SyslogNG
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Web Maintenance software (for Windows)

[Matt Shields]

On Thu, Jun 7, 2012 at 7:18 PM, Richard Pieri wrote:

> On Jun 7, 2012, at 7:37 AM, Jerry Feldman wrote:
> >
> > The only way he is going to do it is through DreamWeaver, period. I
> > always found light colonels to be stubborn.
>
> Here's the thing: he isn't doing you a favor by managing the site.  You're
> doing him a favor by hosting it.  Make it clear to him that he must adapt
> to your security model.  He can do that by using a tool that you provide or
> he can buy himself a Dreamweaver upgrade.
>
> Or he can find himself a new host.
>
> Period.
>
> --Rich P.
>
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

As I and someone else mentioned have him check out ExpanDrive.  He won't
even notice that he's connecting to another server, it'll just make the
sftp/ssh session appear as a network drive which he edit as if it were a
local drive.  I have a few designers doing this and it works great on both
Mac and Windows.


Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Collection of New England "resources"

[Matt Shields]

All,
This weekend's emergency has had me thinking I was wondering if it would be
worthwhile to create some pages on the BLU site where we can list resources
such as consultants including their areas of expertise like programming,
sysadmin, DBA's, networking, etc and brief summary of their areas of
expertise and their contact information.  It might also be beneficial to
add vendors such as ISPs and colo facilities, hardware/software vendors,
etc to the list.

BTW, speaking of vendors, I'm not sure how many people have had issues with
CDW or other vendors but for the past 4-5 years I've been dealing with a
local NE company called AddOn Data.  They can meet or beat any quotes from
any vendor.  I've even had them Dell's own internal sales rep's prices on
Dell hardware.  Not to mention it's nice to support a NE company instead of
some company way out in Texas. If anyone is interested, Sherri has been
with them for 14 years and is amazing.

Sherri Fiore Mireault
AddOn Data
sfi...@addondata.com
978-988-1900


Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Emergency consultant needed

[Matt Shields]

On Sat, May 5, 2012 at 2:58 PM, Matt Shields  wrote:

> I wish I had the time to do this myself but I'm booked solid.  I have a
> friend who is in need of a consultant.  They know the office environment is
> Windows, not sure what the office network is.  They also have some cloud
> services at Amazon but they're not sure what is hosted there(Windows/Linux
> or AWS specific services).  They will need probably a couple hours this
> weekend, then to come into the office during work hours.  Since they don't
> know what they're network consists of it would be good to have someone that
> knows Windows, Linux and networking.  Someone to do a complete audit.
>
> Sorry for being so vague but can discuss more about the opportunity if
> anyone is interested.  Pay is billable by the hour and I'm pretty sure
> they'll pay whatever to get the help they need.  If interested, email me
> with your contact number.
>
> Matthew Shields
> www.sysadminvalley.com
> www.jeeprally.com
>
>
Just found out that they're cloud services is not Amazon but Microsoft
Azure.

Also, should add that they just told me that they are willing to hire
either an individual or a consulting firm.

Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Emergency consultant needed

[Matt Shields]

I wish I had the time to do this myself but I'm booked solid.  I have a
friend who is in need of a consultant.  They know the office environment is
Windows, not sure what the office network is.  They also have some cloud
services at Amazon but they're not sure what is hosted there(Windows/Linux
or AWS specific services).  They will need probably a couple hours this
weekend, then to come into the office during work hours.  Since they don't
know what they're network consists of it would be good to have someone that
knows Windows, Linux and networking.  Someone to do a complete audit.

Sorry for being so vague but can discuss more about the opportunity if
anyone is interested.  Pay is billable by the hour and I'm pretty sure
they'll pay whatever to get the help they need.  If interested, email me
with your contact number.

Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Boston-area green screen? [OT]

[Matt Shields]

On Fri, Apr 20, 2012 at 4:53 PM, Ricker, William wrote:

> I don't know if pro photo gear rental shops are even open on the weekend
> --Original Message--
> From: Tom Metro
> To: Daniel C.
> Cc: L-blu
> Subject: Re: [Discuss] Boston-area green screen? [OT]
> Sent: Apr 20, 2012 16:49
>
> Daniel C. wrote:
> > Apologies for the off topic message, but does anyone know where I
> > could go to get a green screen for a few hours this weekend?
>
> Green screen? As in a monochrome monitor with green phosphor? (A
> reasonable assumption on BLU Discuss.)
>
> Oh, a green background for chroma key video compositing:
> http://en.wikipedia.org/wiki/Green_screen
>
> Buy a tarp at Home Depot? :-)
> (Probably too textured and shiny to work well.)
>
>  -Tom
>
> --
> Tom Metro
> Venture Logic, Newton, MA, USA
> "Enterprise solutions through open source."
> Professional Profile: http://tmetro.venturelogic.com/
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
>
> Bill, typing with thumbs
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

A few years back I remember coming across a video to computer usb device
that was made by Pinnacle and was at Best Buy, it included not only the
convertor but also the Pinnacle Studio editor software and with a green
screen.  I think it was around $100.  Might be a waste if you don't need
the software or hardware, but depending how desperate you are, might be
worth it.

You can also make your own but you need to make sure that the material has
very fine texture and not visible by the camera.  Also when you use one,
make sure you have stretched it so there are no wrinkles and you use a
backlight to make sure the sheet is lit evenly, otherwise the green screen
will have different shades in different areas and won't work right.

Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Discuss - Software Engineering union

[Matt Shields]

On Thu, Apr 19, 2012 at 5:41 PM, Jack Coats  wrote:

> Union have had their place, and some times they may have use today.
>
> Unions came about when employers were abusing employees.
> More resent history have employees abusing employers.
>
> If we all played nice like we were taught in kindergarten, none of that
> and lawyers wouldn't be necessary.
>
> Instead, we are stuck with unions, lawyers, etc ... a whole system designed
> to enforce the kindergarten rules of how to treat each other.
>
> --
>
> When I was younger a friend was an engineer for a big firm that had
> union 'skilled workers' but non-professional.  The engineers formed a
> union just to make sure they got the same raises the 'skilled workers' got.
> Before that they got no cost of living raises.
>
> ..
>
> If unions are happy about companies sending lower skilled (and some higher
> skilled) out of the country, they are doing a good job.
>
> In todays world, We want to be paid to make stuff in the USA, but we
> just don't want to buy it (Wal-Mart had a 'made in USA program' that
> failed, because USA manufacturers could not meet the cost control
> needs. ... Off-shore manufacturers did. ... without that WMT couldn't sell
> product in the USA at the prices that were demanded by customers).
>
> .
>
> Unions and businesses are both constructive and destructive, often at
> the same time.
>
> I just find it interesting that when the ownership of GM and Chrysler
> were stolen
> from the rightful owners (common stock holders) the were given to the
> UNIONs
> and government, not back to the people the assets were stolen from.
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

That's not Walmart's only problem.  Walmart has been known for questionable
purchasing practices.  Let's say you make product X and you're the only one
who makes that product.  You sell around 100,000 units per month for $10
each throughout the US from a few small retail locations, to which you sell
it to those retail stores for around $7 each.  Walmart finds out about it
and comes to you and says that it will commit to 1,000,000 units/month but
it wants to but it for $6 each.  This goes on for a few months, which makes
you happy because you've been able to grow you production and hire more
people.  Now Walmart comes back to you and says since it's selling so many
it will commit to 2,000,000/month but it wants it for $5/month.  You say
yes because you don't want to lose your existing orders and at $5 you can
still make a bit of profit. But after this, this is when Walmart starts to
demand that you only sell through them and continues pushing your price
down further and further to the point some manufacturers have had to go out
of business.  All because American's want to save a few cents and Walmart
wants to get more customers and earn a few more cents.

Here's just one of many articles.  I think there was even a documentary
about what they're doing.
http://www.fastcompany.com/magazine/77/walmart.html

If you want to save your job, your income, your American lifestyle, I
firmly believe we need to be investing more into small local businesses and
less into these big chains.  Yes you can't get rid of large corporations
and in some cases we do need them, but there's a lot of times it would be
more beneficial to purchase local services/goods.

Matthew Shields
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Bourne Shell variable assignment question

[Matt Shields]

On Thu, Dec 15, 2011 at 4:12 PM, Matt Shields  wrote:

> On Thu, Dec 15, 2011 at 3:57 PM, Jerry Feldman  wrote:
>
>> I have not done my homework on this as much as I should.
>> A coworker needs to set variable names and values input from another
>> file. Normally, I would source that file, but he specifically wants to
>> parse the file.
>> So, in simple terms, he has a file that has something like:
>> var1=foo
>>
>> Instead of sourcing he wants to parse the file using readline so he
>> reads the variable name, then he wants to assign a variable of the same
>> name.
>> So, in his code he has something like
>> readline
>> ... - code to parse the line
>> Where varname contains the variable name(eg var1), and value contains
>> the value(eg foo)
>>
>> --
>> Jerry Feldman 
>> Boston Linux and Unix
>> PGP key id:3BC1EB90
>> PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90
>>
>>
>>
>> ___
>> Discuss mailing list
>> Discuss@blu.org
>> http://lists.blu.org/mailman/listinfo/discuss
>>
>>
> Maybe not the most elegant way, but it works.  See below
>
> Matts-MacBook-Pro:temp matt$ cat test1.sh
> #!/bin/bash
> var1=dog
> var2=cat
> var3=cow
>
> Matts-MacBook-Pro:temp matt$ cat test2.sh
> #!/bin/bash
> myvar=`cat test1.sh | grep var2 | cut -d"=" -f2`
> echo $myvar
>
> Matts-MacBook-Pro:temp matt$ bash test2.sh
> cow
>
> Matthew Shields
> Owner
> BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
> Managed Services
> www.beantownhost.com
> www.sysadminvalley.com
> www.jeeprally.com
> Like us on Facebook <http://www.facebook.com/beantownhost>
> Follow us on Twitter <https://twitter.com/#!/beantownhost>
>
>
>
Sorry, first file should be the follow.  That's why the output was wrong.

Matts-MacBook-Pro:temp matt$ cat test1.sh
#!/bin/bash
var1=dog
var2=cow
var3=cat



Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook <http://www.facebook.com/beantownhost>
Follow us on Twitter <https://twitter.com/#!/beantownhost>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Bourne Shell variable assignment question

[Matt Shields]

On Thu, Dec 15, 2011 at 3:57 PM, Jerry Feldman  wrote:

> I have not done my homework on this as much as I should.
> A coworker needs to set variable names and values input from another
> file. Normally, I would source that file, but he specifically wants to
> parse the file.
> So, in simple terms, he has a file that has something like:
> var1=foo
>
> Instead of sourcing he wants to parse the file using readline so he
> reads the variable name, then he wants to assign a variable of the same
> name.
> So, in his code he has something like
> readline
> ... - code to parse the line
> Where varname contains the variable name(eg var1), and value contains
> the value(eg foo)
>
> --
> Jerry Feldman 
> Boston Linux and Unix
> PGP key id:3BC1EB90
> PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90
>
>
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
>
Maybe not the most elegant way, but it works.  See below

Matts-MacBook-Pro:temp matt$ cat test1.sh
#!/bin/bash
var1=dog
var2=cat
var3=cow

Matts-MacBook-Pro:temp matt$ cat test2.sh
#!/bin/bash
myvar=`cat test1.sh | grep var2 | cut -d"=" -f2`
echo $myvar

Matts-MacBook-Pro:temp matt$ bash test2.sh
cow

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Backing up LVM partitions using snapshots

[Matt Shields]

On Wed, Dec 14, 2011 at 2:00 PM, Richard Pieri wrote:

> On 12/14/2011 12:34 PM, Bill Bogstad wrote:
>
>> I've been watching the (second?) incarnation of this thread for a
>> while now and I think that I see your point.  I wonder if the "TRIM"
>> functionality that is being added to filesystems in order to handle
>> SSDs could help with this.
>>
>
> I don't think so.  The problem I describe is that once a dump goes missing
> then any differentials against it will have inconsistencies between the
> file data and the file metadata structures.  TRIMming freed blocks won't
> make this go away.  It might make things worse what with dangling inode
> lists pointing to de-allocated SSD blocks.
>
>
> As an aside, enterprise backup systems like Amanda and Bacula and TSM do,
> indeed, maintain databases of backed up files and what media they are on.
>
> __**_
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/**listinfo/discuss
>

Correct me if I'm wrong, but I thought differentials are a backup of all
things that have changed since the last full.  Incrementals are changes
since the last incremental, differential or full, whichever happened last.

For example one my SQL Servers has a schedule that is a full once per week
(wednesday's), a differential every night (except wednesday), then
incrementals every 10 minutes.  If I want to restore up to this past Monday
at 9AM I would take the full from last wednesday, then the differential
from Sunday night/Monday morning, then I would apply all incrementals from
the time of the differential up to 9AM on Monday.  What I don't have to do
is apply every differential (Thursday, Friday, Saturday & Sunday).

Also, I believe I mentioned this in the last LVM discussion.  When you
snapshot LVM it does not make a copy of the original content.  It marks all
blocks in that original volume as read-only until the snapshot is released.
 Any new writes to either the original volume or the newly created snapshot
happen in the "scratch" space.  You can take as many snapshots as long as
you monitor your scratch space to make sure it's not filled up.  During a
snapshot whether you access the original volume (+ changes) or the snapshot
(+changes) it is on the fly deciding to pull blocks from the original
volume and the scratch space to recreate what you're asking for.

One thing to keep in mind when using snapshots is if your scratch space
goes to 100%, then all snapshots are released and all changes to the
original volume (which up to this point are being held in scratch space)
are written back to the original volume.

Allocating scratch space is done by not assigning to any logical volumes,
and deciding how much to allocate is hugely dependent on amount of changes
to your data over the amount of time that you keep your snapshots online
and the number of snapshots and whether or not you also modify your
snapshots.  I've always told people if you don't have time to build, test,
rebuild until you get it right, then just overallocate.

Now, some cool tricks you can do with LVM are adding more drives to your
volume and growing your volume on the fly.  If you decide that you want to
go from a 500GB volume to a 1TB volume, you can do an add and migrate of
your data.  All new data will be written to the new drive and during idle
time blocks on your old drive will be migrated to the new volume.  Once
data is off your old volume it can be removed from the group and removed.


Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Competition of broadband

[Matt Shields]

On Sun, Dec 4, 2011 at 9:08 AM, Jerry Feldman  wrote:

> On 12/02/2011 07:44 PM, Richard Pieri wrote:
>
>> I see that Bill H. says that TV service isn't an issue for him, but it is
>> one. In fact, TV service is the root of how broadband is deployed in
>> Massachusetts.
>>
>> Back in the 1970s, when cable TV was new around here, the MA legislature
>> decided to leave service carrier choice up to individual cities and towns.
>>  Most towns then proceeded to pick one exclusive provider, granting the
>> chosen providers a limited monopoly.  The primary reason for this is so
>> that all residents have comparable TV service, particularly in the
>> community access TV channels.  Two different cable companies wouldn't
>> necessarily share community access facilities, after all, thus most towns
>> picked one provider.  My town happened to pick Continental Cablevision.
>>
>> Then Cablevision's assets in MA were acquired by MediaOne.  These assets
>> were acquired in turn by Southwestern Bell along with several other cable
>> companies back in 1999 or thenabouts.  The collected assets were branded
>> "AT&T Broadband".  This marked the end of cable TV competition in MA.
>>  Comcast acquired all of AT&T Broadband when SBC divested itself of the
>> TV/broadband services.
>>
>> This is what many of us are stuck with.  Comcast lobbies the various
>> local governments where it operates with this tactic, "demonstrating" how
>> competing cable TV providers would be detrimental to their communities.
>>  Mayor Tom in particular is very, very "convinced" by Comcast's lobbying
>> efforts.
>>
>>  I believe that AT&T Broadband was divested by AT&T before Southwestern
> Bell acquired AT&T.
>
> In any case, the issue today is that TV, Broadband, and Telephone are, in
> essence, much different today than in the past. Back during deregulation,
> the electric power monopolies were broken up into delivery companies (eg.
> NSTAR), and generation companies. (For instance Pilgrim Nuke is owned by
> Entergy). However, there was a time when broadband companies were required
> to use their cables to allow other services, such as Earthlink over
> Comcast. Additionally, phone and cable companies are handled differently..
> Verizon is a phone provider who offers TV and Internet services, and
> Comcast is a Cable TV company that offers phone and Internet services.
> Additionally, electircal power companies could also use their cables to
> provide services, but federal law prohibits that from back in the days when
> AT&T was the only phone company.
>
> The bottom line is there is a hodgepodge of old laws on the books.
>
> --
> Jerry Feldman
> Boston Linux and Unix
> PGP key id:3BC1EB90
> PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90
>
>
> __**_
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/**listinfo/discuss
>

I don't believe the internet over power was a federal issue.  FPL in
Florida has been doing this for quite some time, as far back as late 90's
when I lived there.  I do know that at the time they were having other
issues with how the technology worked.  Not to mention it wasn't cheap yet.

For more info see http://www.fplfibernet.com/

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Any Subversion geniuses out there?

[Matt Shields]

On Fri, Dec 2, 2011 at 10:01 AM, John Abreau  wrote:

> I've seen this before with "text" files on Windows. Just changing the
> MIME type wil not work, because the files are encoded in UTF-16
> (note *NOT* UTF-8). 16-bit characters, not 8-bit characters. If you
> change the MIME type to force it to be interpreted as normal text,
> the file will have a null byte between each and every character.
>
> When I had to deal with those issues at a previous job, I used iconv(1)
> in my shell scripts to convert the MS "text" to UTF-8.
>
>iconv --from-code=UTF-16 --to-code=UTF-8 ms-text-file.txt >
> plain-text-file.txt
>
> I also ran it through "tr -d '\r'" to scrape off the ^M at the end of
> each line before dropping it into the output file, but that's a separate
> issue.
>
>
> On Fri, Dec 2, 2011 at 9:40 AM, Matt Shields  wrote:
> > On Fri, Dec 2, 2011 at 8:11 AM, Edward Ned Harvey 
> wrote:
> >
> >> > From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> >> > bounces+blu=nedharvey@blu.org] On Behalf Of Matt Shields
> >> >
> >> >  What I was wondering is it possible in Subversion when a changeset is
> >> > being committed that a hook could be used to change the mime-type.
>  So if
> >> > the file being committed is a *.sql, then it would override whatever
> >> > mime-type the client is saying and apply text/x-sql.
> >>
> >> This question will be best answered by the subversion-users mailing
> list,
> >> http://subversion.apache.org/mailing-lists.html
> >> but let's see what we can say about it here.
> >>
> >> The mime type, I believe, is determined by the svn client, and it's
> >> determined by file contents.  What do you get, if you run linux "file"
> on
> >> the file?  What do you see if you try to open the file in vim or emacs?
> >>
> >> I'm sure you can change the mime-type as a precommit or postcommit hook
> >> (probably best precommit) but I'm almost equally sure that it's not what
> >> you
> >> want to do.  When they detect the contents and select a mime type, the
> >> reason they're doing it is because svn internally employs all sorts of
> diff
> >> and compression algorithms, to optimize both the network traffic and
> disk
> >> storage.  If you go overriding the mime types against its natural
> wishes,
> >> you run the risk of ...  Suboptimizing performance.  Is probably the
> >> diplomatic way of saying effing everything up.
> >>
> >> Another option you might consider, I believe, is that they have a
> mechanism
> >> of some kind to allow you to inject a custom client-side diff utility
> for
> >> certain files or mime types or something like that.  You might
> configure it
> >> so that your client doing the diff might run something like the SQL
> >> equivalent of "dos2unix" to convert a file format and then diff it, or
> >> something like that.  Of course the odds of success doing this are
> >> diminished by trac.  You might just have to use something like
> tortoisesvn
> >> or whatever to perform these diffs.
> >>
> >> In fact, tortoisesvn does some pretty excellent diffing.  What happens
> if
> >> you try diffing with tortoise?
> >>
> >>
> > Yes, I'm aware of that, and I can put something in each client's
> svnconfig
> > to override this behavior for specific filetypes.  I don't want to have
> to
> > do that since everytime we get a new developer it's one more step I have
> to
> > remember to do to their dev machine.
> >
> > The issue is SQL Server Management Studio is encoding it weird and
> > TortoiseSVN is then taking that as it being a binary and not a text file.
> >  See the two outputs of file.  The first has been fixed by me forcing it
> to
> > be proper encoding and the proper mime-type.  The second was created in
> > SSMS and committed.
> >
> > dbo.Proc_.sql: Little-endian UTF-16 Unicode c program text,
> > with CRLF, CR line terminators
> > dbo.Proc_.sql: ASCII c program text, with CRLF line
> > terminators
> >
> > Yes, diff's in TortoiseSVN are great, same with Unix command line.  The
> > issue is the Dir of Tech prefer's to use Trac to review all changes, and
> > because it's encoded wrong, that means svn is applying the wrong
> mime-type
> > which causes Trac's diff feature not to work.
> >

Re: [Discuss] Any Subversion geniuses out there?

[Matt Shields]

On Fri, Dec 2, 2011 at 8:11 AM, Edward Ned Harvey  wrote:

> > From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> > bounces+blu=nedharvey@blu.org] On Behalf Of Matt Shields
> >
> >  What I was wondering is it possible in Subversion when a changeset is
> > being committed that a hook could be used to change the mime-type.  So if
> > the file being committed is a *.sql, then it would override whatever
> > mime-type the client is saying and apply text/x-sql.
>
> This question will be best answered by the subversion-users mailing list,
> http://subversion.apache.org/mailing-lists.html
> but let's see what we can say about it here.
>
> The mime type, I believe, is determined by the svn client, and it's
> determined by file contents.  What do you get, if you run linux "file" on
> the file?  What do you see if you try to open the file in vim or emacs?
>
> I'm sure you can change the mime-type as a precommit or postcommit hook
> (probably best precommit) but I'm almost equally sure that it's not what
> you
> want to do.  When they detect the contents and select a mime type, the
> reason they're doing it is because svn internally employs all sorts of diff
> and compression algorithms, to optimize both the network traffic and disk
> storage.  If you go overriding the mime types against its natural wishes,
> you run the risk of ...  Suboptimizing performance.  Is probably the
> diplomatic way of saying effing everything up.
>
> Another option you might consider, I believe, is that they have a mechanism
> of some kind to allow you to inject a custom client-side diff utility for
> certain files or mime types or something like that.  You might configure it
> so that your client doing the diff might run something like the SQL
> equivalent of "dos2unix" to convert a file format and then diff it, or
> something like that.  Of course the odds of success doing this are
> diminished by trac.  You might just have to use something like tortoisesvn
> or whatever to perform these diffs.
>
> In fact, tortoisesvn does some pretty excellent diffing.  What happens if
> you try diffing with tortoise?
>
>
Yes, I'm aware of that, and I can put something in each client's svnconfig
to override this behavior for specific filetypes.  I don't want to have to
do that since everytime we get a new developer it's one more step I have to
remember to do to their dev machine.

The issue is SQL Server Management Studio is encoding it weird and
TortoiseSVN is then taking that as it being a binary and not a text file.
 See the two outputs of file.  The first has been fixed by me forcing it to
be proper encoding and the proper mime-type.  The second was created in
SSMS and committed.

dbo.Proc_.sql: Little-endian UTF-16 Unicode c program text,
with CRLF, CR line terminators
dbo.Proc_.sql: ASCII c program text, with CRLF line
terminators

Yes, diff's in TortoiseSVN are great, same with Unix command line.  The
issue is the Dir of Tech prefer's to use Trac to review all changes, and
because it's encoded wrong, that means svn is applying the wrong mime-type
which causes Trac's diff feature not to work.

In this case I don't believe there is any harm forcing svn to use a
specific mime-type since they are both text. I'll check out the
check-mime-type.pl that Greg mentioned.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook <http://www.facebook.com/beantownhost>
Follow us on Twitter <https://twitter.com/#!/beantownhost>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Any Subversion geniuses out there?

[Matt Shields]

It's a long story but basically we have a number of developers that all use
MS Sql Server Management Studio to write/edit their schema (along with
other tools such as Visual Studio, notepad, etc).  For some reason when you
create a .sql script using SSMS even though it's text it does some funky
encoding and when the developer checks in the code it adds the mime-type of
application/octet-stream (a binary file).  Because of this we can't review
diff's directly in Trac, we need to do them one by one on our computer.
 Using any other tool to create the .sql files is fine but it's something
about SSMS.

Now, getting the developers to use another tools isn't an option.  Adding a
setting to their svn config is a pain because as developers come and go
it's an additional step that needs to happen to every computer install.
 What I was wondering is it possible in Subversion when a changeset is
being committed that a hook could be used to change the mime-type.  So if
the file being committed is a *.sql, then it would override whatever
mime-type the client is saying and apply text/x-sql.

If this is possible, anyone have an example?  I'm sort of familiar with the
hooks and how they work, I installed one that emails me when a commit
happens with the changes, but would just need to know how to do a mime-type
change based on file extension.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Howdy

[Matt Shields]

On Wed, Nov 30, 2011 at 12:14 PM, John Abreau  wrote:

> On Wed, Nov 30, 2011 at 12:07 PM, Jerry Feldman  wrote:
>
> > I live in Newton where we have Vz (FIOS), Comcast, and RCN. In general my
> > Comcast service has been excellent with any outage not their fault.
>
>
> The difference is that you live in a town where there is actually some
> competition in the broadband market, so the companies *have* to provide
> good service in order to retain customers.
>
> Most towns give a monopoly to one broadband provider, who then has
> no incentive to give adequate service.
>
>
>
> --
> John Abreau / Executive Director, Boston Linux & Unix
> OLD GnuPG KeyID: D5C7B5D9 / Email: abre...@gmail.com
> OLD GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
> 2011 PGP KeyID: 32A492D8 / Email: abre...@gmail.com
> 2011 PGP FP: 7834 AEC2 EFA3 565C A4B6  9BA4 0ACB AD85 32A4 92D8
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

I was talking with a friend who is the LAN/WAN manager for a town here in
MA and he was involved in the negotiations with Comcast and Verizon for
that town.  Previously Comcast had an exclusive multi-year(think it was 10
or 20 years) agreement and the town received a payment for each resident
that had Comcast service.  When FIOS came out, the town went back to
Comcast and told them if they didn't want to allow Verizon in then they
would pull their rights and only allow Verizon.  I guess Comcast agreed so
they now have both.

Unfortunately, not all the towns are doing this.  In Quincy where I live,
I've heard two different stories.  I've heard that they don't have the
balls to try a renegotiation, and I've heard that the payment they get from
Comcast is quite substantial and they're happy getting the money from
Comcast and if they renegotiated the amount per subscriber could be
significantly less.

But as one person had mentioned, where there are no other alternatives you
can always sign up for Clear.com.  Since I need to be on 24x7 and can't
have Comcast being down when I need to be online, I've got a Clear.com
wireless account for backup.  $55/month for unlimited wireless service.
 Not the fastest service (although Netflix and Hulu do work fine), but it's
great for when Comcast is down or when I'm on the go and need WIFI service.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Security

[Matt Shields]

On Wed, Nov 2, 2011 at 4:18 PM, Jerry Feldman  wrote:

> On 11/02/2011 01:10 PM, ma...@mohawksoft.com wrote:
> > At my work, here are a few vending machines. One of these machines has a
> > nice little antenna on it. Presumably, it communicates via cellular
> > network to the vendor in order to report on usage and supplies. Yes, good
> > idea. Cool.
> >
> > It occurs to me that this machine, most likely, did not have to go
> through
> > any vetting. Not only that, I bet the grunts that stock these machines
> are
> > hired more for strong backs and no criminal record.
> >
> > So, here we have a powered machine with external wireless connectivity on
> > the premises with no actual over site. It is there 24x7, powered!
> >
> > Think of all the cool/evil things you could put in a vending machine with
> > a wireless link. Imagine having direct access to a Linux box in almost
> any
> > company you want. You could run any software you want. You could have
> > wi-fi too. Could you break the company's wireless security? Could you
> > monitor their wireless communications? Could you eaves drop on
> > conversations near by?
> >
> > Everyone suspects the cleaning crew, and if you are interested in
> > security, you do background checks. Almost no one cares about the vending
> > machines.
> The vending machine was placed in your office by Homeland Security
> because it thinks you are a terrorist and is currently spying on you :-)
>
> --
> Jerry Feldman 
> Boston Linux and Unix
> PGP key id:3BC1EB90
> PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

Actually it was placed there by insurance companies so they can get out of
having to pay for your medical bills.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Security

[Matt Shields]

On Wed, Nov 2, 2011 at 2:05 PM, Gregory Boyce  wrote:

> On Wed, Nov 2, 2011 at 1:10 PM,   wrote:
> > At my work, here are a few vending machines. One of these machines has a
> > nice little antenna on it. Presumably, it communicates via cellular
> > network to the vendor in order to report on usage and supplies. Yes, good
> > idea. Cool.
> >
> > It occurs to me that this machine, most likely, did not have to go
> through
> > any vetting. Not only that, I bet the grunts that stock these machines
> are
> > hired more for strong backs and no criminal record.
> >
> > So, here we have a powered machine with external wireless connectivity on
> > the premises with no actual over site. It is there 24x7, powered!
> >
> > Think of all the cool/evil things you could put in a vending machine with
> > a wireless link. Imagine having direct access to a Linux box in almost
> any
> > company you want. You could run any software you want. You could have
> > wi-fi too. Could you break the company's wireless security? Could you
> > monitor their wireless communications? Could you eaves drop on
> > conversations near by?
> >
> > Everyone suspects the cleaning crew, and if you are interested in
> > security, you do background checks. Almost no one cares about the vending
> > machines.
>
> There's nothing that device can do to your wilreless network that a
> person with a directional antennae can't already do.  As long as you
> don't plug it into your internal network, you're not worse off.
>
> As for the eavesdropping, you wouldn't need an obvious antennae for
> that.  There could be a camera or microphone in older vending
> machines, televisions, coffee machines, fridges, ceiling tiles or even
> a cabinet.  These could have less obvious antennas or hey, just have
> the recordings picked up occasionally during maintenance.
>
> There's an infinite number of things that "could" happen.  You need to
> consider the likelihood and impact of those sorts of attacks.  In most
> cases the likelihood is minimal.  Impact is probably minimal as well
> unless its in the board room.
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

I think his point was more that these "smart" vending machines are becoming
more commonplace.  Even these days companies put ethernet jacks in the
kitchen, so what *if* someone who was malicious put something inside a
vending machine and plugged it into your network.  Or what if it had
camera/microphone, most people talk shop even in the kitchen.

Speaking of that, I remember a few years ago a company I was at talking
about checking ethernet jacks periodically to make sure no devices were
plugged in that shouldn't be.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] lvm snapshot cloning

[Matt Shields]

On Tue, Oct 25, 2011 at 10:16 PM, Richard Pieri wrote:

> On Oct 25, 2011, at 7:51 PM, ma...@mohawksoft.com wrote:
> >
> > The snapshot has no effect on the master, and yes, we've already said and
> > we already know it is a weakness in LVM that if you don't extend your
> > snapshots you lose them. This can be mitigated by monitoring and
> automatic
> > volume extension.
>
> You missed it.  This isn't about what happens to master.  It's what happens
> to b when a disappears.  If master<-a<-b and a disappears due to reaping
> then b becomes useless.  Or b is reaped, too.  Either way you're dealing
> with data loss.  This is why LVM will not do what you originally asked
> about.
>
> Monitoring has problems.  If the volume fills up faster than the monitor
> polls capacity then you lose your data.  If the volume fills up faster than
> it can be extended then you lose your data.  If the volume cannot be
> extended because the volume group has no more extents available then you
> lose your data.  Like I wrote at the start: LVM will quite happily bite your
> face off.
>
> Now, to address your most recent question:
>
> How do I back up a 1TB disk.  Think about this: how do you intend to do a
> restore from this backup?  The most important part of a backup system is
> being able to restore from backup in a timely fashion.
>
> I have in production a compute server with two 8TB file systems and a 9TB
> file system, all sitting on LVM volumes.  I have an automated backup that
> runs every night on this server.  It's an incremental file system backup so
> I'm only backing up the changes every night.  This is, as you might expect,
> quite faster than trying to do full backups of 25TB every night -- which I
> can't because it would take three days to do it.
>
> On smaller capacity volumes, in the several hundred GB range, I use
> rsnapshot to do incremental file snapshots to a storage server.  Again, I
> don't back up the raw disk partitions every time.  I only back up the
> changed files.
>
> In both cases -- and in fact with all my backups -- they are file level
> backups.  The reason being that if I need to restore a single file or
> directory then I don't have to rebuild the entire volume to do so.  I can
> restore as little or as much as I need to recover from a mistake or a
> disaster.
>
> Suppose the case of a live volume that needs to be in a frozen state for
> doing a backup.  Database servers are prime examples of this.  Here, I would
> freeze the database, make a snapshot of the underlying volume, and then thaw
> the database.  Now I can do my backup of the read-only snapshot volume
> without interfering with the running system.  I would delete the snapshot
> when the backup is complete.
>
> If I were using plain LVM and ext3 for my users' home directories then I
> would do something similar with read-only snapshots.  There would be no
> freeze step, and I would keep several days worth of snapshots on the file
> server to make error recovery faster than going to tape or network storage.
>  As it is, I use OpenAFS which has file system snapshots so I don't need to
> do any of this and users can go back in time just by looking in .clone in
> their home directories.  I still have nightly backups to tape for long-term
> archives.
>
> Now, time to poke holes in your proposal.  I have a physics graduate
> student doing his thesis research project on a shared compute server along
> with a dozen others.  They collectively have 7.5TB of data on there.  This
> is a real-world case on the aforementioned compute server.  Said student
> accidentally wipes out his entire thesis project, 200GB worth of files.
>  It's 9:30 PM and he needs his files by 8am or he fails his thesis defense,
> doesn't graduate and I'm looking for a new job.
>
> With my file level backup system I can have his files restored within a
> couple of hours at the outside without affecting anyone else's work.
>
> With your volume level backup system I would spend the night on Monster
> looking for a new job.  The problem with it is that I can't restore
> individual files because it isn't individual files that are backed up.  It's
> the disk blocks.  I can't just drop those backed-up blocks onto the volume.
>  Here:
>
>  master->changes->changes->changes
>   \->backup
>
> If I dumped the backup blocks onto the volume then I'd scramble the file
> system.  Restoration would require me to replicate the entire volume at the
> block level as it was when the backup was made.  This would destroy all the
> other researchers' work done in the past however many hours since that
> backup was made.  I would fire myself for gross incompetence if I were
> relying on this kind of backup system.  It's that bad.
>
> It gets worse.  What happens when the whole thing fails outright?  Total
> disaster on your 1TB disk.  Now it's not just 29 minutes to restore last
> night's blocks.  It's two hours to restore the initial replica and then 30
> minutes times however many del

[Discuss] Any Amazon EC2 experts?

[Matt Shields]

I need a way to be able to copy around 30x Win2k3 AMI's (EBS backed) from
us-east-1 to us-west-1 weekly, so automation and ease of use would be great.
 Not looking for a extremely manual process like creating new AMI in
us-west-1, then recreating everything manually.  I've checked out
CloudyScripts (https://cloudyscripts.com/tool/show/5) and Ylastic and both
only offer support for Win2k8 or Linux.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Server Room Power

[Matt Shields]

On Thu, Oct 13, 2011 at 8:46 PM, Edward Ned Harvey wrote:

> > From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> > bounces+blu=nedharvey@blu.org] On Behalf Of Matt Shields
> >
> > A long time ago I got fed up with trying to calculate amperage, so I
> > invested in a clamp on ammeter.  Then I test my servers when I get them
> and
> > record the high and average usage.
>
> This is an excellent practice.  I have been using kill-a-watt, but the
> clamp
> is more convenient.  Besides knowing the A, you also want to know the VA
> and
> W so you can spec your UPS appropriately.
>
> One thing to be keenly aware of is that power draw of a server is variable.
> To reach max power, you need to find ways of stressing the high power
> components - Usually the CPU and GPU (if any.)  But a "while 1 { ; }" loop
> will not stress much of the cpu, so it doesn't do a good job of reaching
> max
> power.  The best stuff will be things like the AES instruction set, and
> generating random numbers and doing parallel compression.  Get the max
> power
> of the system and fluff it a bit.
>
>
I also have a killawatt but the problem comes when I have to work on someone
else's live equipment.  The clampon ammeter means I don't have to shut the
server's off. I can also clamp on to the rack's main power feed if I don't
have a APC PDU.  Well worth the money I spent.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook <http://www.facebook.com/beantownhost>
Follow us on Twitter <https://twitter.com/#!/beantownhost>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Server Room Power

[Matt Shields]

On Thu, Oct 13, 2011 at 1:00 PM, Jerry Feldman  wrote:

> One question I have is in planning. One day we received a shipment of about
> 5 or 6 Intel systems from out Toronto office. We ordered a rack, switch, and
> a rack KVM. We initially plugged everything in to a wall outlet. ran fine
> until it tripped a breaker, and the breaker box was not in the computer
> room, but somewhere else on the floor where we had to call building
> management. All I knew that the wall outlets were NEMA 5-20. The solution at
> that time was to take the two 6U monsters and plug them in to separate
> outlets in the ceiling. This worked for quite a while until my boss brought
> in a system he had at home (another 4U Intel whitebox). At that time I had a
> rack power strip, and the power strip popped a breaker, but the wall circuit
> was fine. I then bought another strip to split the load. before all that I
> estimated our power usage by adding up the wattage on the power supplies
> (each was about 700W). Each wall outlet also went to a separate breaker. It
> was at this point when we were getting the HP ESX box and IT somewhat
> dictated that we get 2 240V outlets). Right now I am pulling about 15A (7 on
> one, 8 on the other). But, the critical factor is at takeoff, or when
> starting all the systems, such as after a power fail. You've got all your
> systems spinning up drives and fans. This is what we need to plan. So, I
> would need a rule of thumb that I can take the wattage of each power supply
> and figure out my maximum amps. Had I performed that calculation initially,
> I would have had fewer outages. I can't help when a truck, bus, or tree
> takes out the entire Riverside T station and us :-)
>
>
> On 10/13/2011 12:29 PM, Tom Metro wrote:
>
>> Edward Ned Harvey wrote:
>>
>>> Hold it.  P=VI is a DC rule.  Power is more complex in AC.
>>> What's the difference between VA and W?
>>>
>>> If you have inefficient power supplies, you might be overpaying 30%
>>> for power.
>>>
>> You're referring to power factor:
>> http://en.wikipedia.org/wiki/**Power_factor
>>
>>   The power factor of an AC electric power system is defined as the
>>   ratio of the real power flowing to the load over the apparent power in
>>   the circuit,[1][2] and is a dimensionless number between 0 and 1
>>   (frequently expressed as a percentage, e.g. 0.5 pf = 50% pf).
>>   [...]
>>   Circuits containing purely resistive [loads] have a power factor of
>>   1.0. Circuits containing inductive or capacitive elements (electric
>>   motors, solenoid valves, lamp ballasts, and others ) often have a
>>   power factor below 1.0.
>>
>> So when PF=1.0, VA==Watts. The better the quality of your power supply,
>> the closer its PF will be to 1.0. In the last decade it has become
>> common for name brand computer power supplies to specify a PF as a
>> selling point.
>>
>> See also:
>> http://en.wikipedia.org/wiki/**Switching_regulator#Power_**factor
>>
>> for discussion of PF with respect to computer power supplies.
>>
>>
>>  When you're talking about 208, you're talking 3-phase.
>>>
>> You can attach single phase loads to a multi-phase supply, as long as
>> they are balanced:
>> http://en.wikipedia.org/wiki/**Three-phase_electric_power#**
>> Single-phase_loads
>>
>>
>>  If you want to use 3-phase 208, you need a special power supply in the
>>> server.  Generally you don't have such a thing...
>>>
>> Old power supplies used to have a 120V/240V mechanical switch. Most
>> modern switching supplies will work fine with any input voltage from
>> like 90V up to 250V (check your supply specifications). The ability to
>> handle a wide input range is a byproduct of the switching regulator
>> design:
>>
>> http://en.wikipedia.org/wiki/**Switching_regulator
>>
>>  -Tom
>>
>>
>
> --
> Jerry Feldman
> Boston Linux and Unix
> PGP key id:3BC1EB90
> PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90
>
> __**_
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/**listinfo/discuss
>

NEMA 5-20 is both the connector type, but also tells you it's a 20amp
circuit.  To be safe and up to fire code you CANNOT use more than 80% of
your available power.  So for a 20amp circuit you can use up to 16amps.
 Keep in mind if you have two different 20amp circuits to distribute the
load of a rack of servers and you're hovering at 16amps (actually anything
more than 8-9), when you lose power on circuit 1, you will trip circuit 2
because it cannot handle all the load.  Remember that dual power supply
servers draw half the load from both power supplies, so when one fails it
draws full load from the circuit that's still up.

Also, calculating server

Re: [Discuss] Old computers Re: (OT) Steve Jobs 1955-2011

[Matt Shields]

On Sat, Oct 8, 2011 at 11:42 AM, Rich Braun  wrote:

> Jerry Feldman mentioned an old computer:
> > My first home computer was an Apple II (1978). What Jobs saw back
> > then was that a desktop computer could be useful to real people.
> > At the time, there were a few hobby computers. I almost bought a
> > MITS Altair
>
> The first desktop I ever ran across was in my math teacher's class in
> Arlington, VA in 1977:  an HP 9830A (you can find pics of it via Google).
> Anyone else remember those?  It had 4K of RAM, kept your programs on a
> cassette tape, printed out (quickly) on an 80-column wide thermal printer.
> You programmed it in BASIC; I remember writing a banner printing program
> and a
> biorhythm chart generator.
>
> Being exposed to bigger mainframe computers starting around '72, I never
> thought of these micro things as anything other than toys.  So when the
> TRS-80
> and Apple ][ came out, they held little interest for me--my first
> factory-built (i.e. not cobbled-together) home computer was a 1982 DEC
> surplus
> PDT-11/150; it ran RT-11.  The first "real" home computer, that rivaled
> mainframe performance, came along about 10 years later:  the Intel 486.
> That's when speed-of-light constraints came to favor microchips over the
> "frames" containing CPUs in multiple circuit boards spread across a
> backplane,
> and transistor density has accelerated ever since.
>
> By the time of the 486, Linux was available: today's supercomputing
> clusters
> usually run Linux.
>
> -rich
>
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

Mine was a Commodore Pet.  Dad bought one for his business and one for home.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] (OT) Steve Jobs 1955-2011

[Matt Shields]

On Thu, Oct 6, 2011 at 11:07 AM, Ben Eisenbraun  wrote:

> On Thu, Oct 06, 2011 at 10:19:49AM -0400, Matthew Gillen wrote:
> > On 10/06/2011 09:23 AM, Dan O'Donovan wrote:
> > >> My next cell phone will be an openmoko
> > >
> > > I remember saying that five years ago - kinda glad I got an iPhone
> now...
> >
> > I will never buy one of those.  The way they treat jailbreakers (sue
> > them for copyright infringement, brick their phones)
>
> I call bullshit. A cursory Google doesn't return any hits for Apple suing
> people who jailbreak their phones, and I doubt you'll find _any_ reliable
> reference saying that they are deliberately bricking jailbroken phones with
> their updates.
>
> So, references please.
>
> As an aside, there is an incredible amount of FUD spread on this list.
> Instead of concentrating on the cool innovations that are happening in the
> open source community, half of the threads seem to be about how we are all
> getting screwed by Apple/Microsoft/Google/etc.
>
> -ben
>
> --
> inspiration exists, but it has to find you working. 
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

I used to be an Apple hater.  A bigger Apple hater than I was a Windows
hater.  There were two main reasons.  First I thought they were extremely
overpriced.  And second I thought they were forcing user's to do things
their way, not the way I would want to do things.  So for the previous 10
years I ran both Windows and Linux side by side (with Synergy2) and hacked
my way getting things done.  I would have preferred running only Linux, but
I usually had integration issues with non-Linux people/systems.  Working
with all my datacenter assets worked flawlessly on a Linux desktop, but the
Linux desktop did have other issues with being quirky and not very polished.
 Since moving to Mac I've found like so many say, "It just works".  And I
don't find their idea of the desktop experience intrusive or that it
conflicts with what I want a desktop to be.

On the issue of cost, I usually buy higher end laptops (more memory, faster
drive, higher graphics, 3 yr warranty) instead of the $399 cheapo's.  For
the same cost or less I can get a better MBP.  Last summer when I was
spec'ing out new machines, all the HP & Dell machines I wanted were around
$2000-$2500, my MBP was $2100 with 3 yr AppleCare.

Now, I'm running a single MBP, I integrate perfectly in a Windows
front-office, and a Linux datacenter, and I get the desktop experience I
want.  I'll dare say that Mac is the perfect desktop for Linux
administrators.  The only thing I regret is putting aside my hate for Apple
and not trying them out sooner.  I also have an iPhone4 and iPad2, they both
work seamlessly with my MBP.  When I an Android or Blackberry I never had
them work seamlessly with my desktops.

Now some other notes of interest.  Let's say I want lower end desktops for
my office workers.  The MacMini's actually pack more punch for the same cost
of a lower end PC.  Also, the MacMini's use very little power, making them
great for building large clusters in a datacenter or lab (and can run linux
too).  Apple is coming out with more tools to make managing Mac in the
enterprise easier (directory, database, internal wiki, vpn, file, remote
desktop, mail servers).

That said, Apple has been no more litigious than any other large company
(MS, HP, Oracle).  I do find that all the lawsuits.  They do give back to
the Open Source community (WebKit).

So all that said, my only regret is that I did hate them for so long, for
reason's that were based on my own misconceptions.  I wish I had my Mac's,
iPhone and iPad sooner.  Still won't give up on Linux in the datacenter
though :)

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thumbs Up To Ben

[Matt Shields]

On Thu, Oct 6, 2011 at 11:49 AM,  wrote:

>
> Today the biggest threat to long term freedom, and history as a whole, is
> the cultural and legal acceptance of DRM. If you think about this and its
> eventual elimination of the free flow of information, you should be
> scared. VERY SCARED.
>
> Steve Jobs is one of the biggest violators of the freedom to actually
> control what you own.
>
>
>
Everyone that purchases music from iTunes can easily bypass the DRM by
creating a CD of their music, then ripping it back as whatever format they
wish.  I do this for backup purposes should something ever happen to
Apple/iTunes.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] more on software patent

[Matt Shields]

On Tue, Oct 4, 2011 at 9:29 AM, Kyle Leslie  wrote:

> While I don't have a ton of a background in this whole Patent thing, I have
> been reading this thread and trying to form my own opinions and gain
> knowledge. I decided to read the article that Matt posted and in doing so I
> stumbled upon one of the patents that the company is claiming has been
> infringed on.  I found it so interesting because some things look like they
> are just thrown in there for added benefit of blocking other people.
>
> US5546397 - (Abstract)
>
> A high reliability access point for RF communications in a wireless local
> area network. The high reliability access point includes a central
> processing unit (CPU) for handling high level protocol functions and for
> interfacing with the infrastructure of the local area network. The high
> reliability access point also includes at least two wireless adapters. Each
> wireless adapter includes a radio, a media access control (MAC) processor
> for handling low level protocol functions, and at least one antenna. The
> multiple wireless adapters allow the access point to perform self
> monitoring, reduce the effects of multipath interference, reduce some
> occurrences of collisions at the access point and provide infrastructure
> backup in the event of an infrastructure failure. The access points also
> allow for wireless network infrastructure communication for connection of
> one or more remote access points to the infrastructure. *A backup power
> supply for the access point is also shown.
>
> *---
>
> The last sentence is what I found so interesting.  From everything I have
> read, if someone designed a similar item but included a backup power supply
> then they would be infringing because that is patented.
>
> To prove infringement, the patent owner must establish that the accused
> party practices all the requirements of at least one of the claims of the
> patent. (This is from wikipedia)
>
> You essentially can't have an access point with a backup power supply
> because this patent holds that.  This is my understanding of how patents
> are
> used to block other people.  Find one small thing that is similar or the
> same and say "No you can't use it or pay me money".  It literally looks as
> if someone was standing over the shoulder of the person writing the patent
> and said "Oh put that in there so you can hold the patent for it".
>
> It was always my understanding that a part of innovation was to build off
> the ideas of other people.  To take what they created and make it better.
>
> If what I am saying is totally wrong then just delete this email.. but if
> what I understand patents to be and how they work correct then how is
> anyone
> supposed to be inventive with out the penalty of cost?
>
> If a program's algorithms are able to be patented, then software is in
> trouble (from what I read it sounds like it already is). What if HTML code
> were to be patented.  You wouldn't be able to use head or title tags with
> out a fee?
>
> Please let me know if I am stating things here that are correct in theory.
>
> Thanks,
>
> Kyle  (Trying to learn about Software Patents)
>
> On Tue, Oct 4, 2011 at 2:57 AM, John Abreau  wrote:
>
> > The BLU leadership has neither the interest nor the funds to support
> this.
> >
> >
> >
> > 2011/10/3 Hsuanyeh Chang :
> > > If I have the honor, what I can offer now is to write up, in the name
> of
> > > BLU, a "request for ex parte reexamination" and get it on file in the
> > patent
> > > office in an attempt to invalidate the asserted patent(s).  But, I
> would
> > > need support from the BLU (e.g., knowledge and time to find prior art,
> > > official fees to be paid to the patent office, and other costs). Would
> > > anyone be willing to take action together?
> > >
> > > HYC on the go
> > >
> > > 在 Oct 3, 2011 9:01 PM 時，Matt Shields  寫到：
> > >
> > >> On Mon, Oct 3, 2011 at 10:57 AM, Hsuan-Yeh Chang 
> > >> wrote:
> > >> 35 U.S.C. 101 Inventions patentable.
> > >>
> > >> "Whoever invents or discovers any new and useful process, machine,
> > >> manufacture, or composition of matter, or any new and useful
> > >> improvement thereof, may obtain a patent therefor, subject to the
> > >> conditions and requirements of this title."
> > >>
> > >> Talking about this particular patent (USP 7,818,225), the claims are
> > >> directed to "a financial instrument," which does not even fall into
> > >>

Re: [Discuss] more on software patent

[Matt Shields]

On Mon, Oct 3, 2011 at 10:57 AM, Hsuan-Yeh Chang  wrote:

> 35 U.S.C. 101 Inventions patentable.
>
> "Whoever invents or discovers any new and useful process, machine,
> manufacture, or composition of matter, or any new and useful
> improvement thereof, may obtain a patent therefor, subject to the
> conditions and requirements of this title."
>
> Talking about this particular patent (USP 7,818,225), the claims are
> directed to "a financial instrument," which does not even fall into
> the four statutory patentable classes (i.e., "process," "machine,"
> "manufacture," and "composition of matter").  This very patent cannot
> really prove that the patent system is screwed up.  This patent only
> proves that the Patent Office should train their Examiners better.
> Plus, there are administrative proceedings that one can use to knock
> down this patent.  The owner of this patent should better not seek
> enforcement, or it would be invalidated rather easily...
>
> HYC
> - Hide quoted text -
>
> On Mon, Oct 3, 2011 at 10:03 AM,  wrote:
> >
> > >> See the poster child
> > >> http://www.1201tuesday.com/1201_tuesday/2010/10/poster-child.html
> > >>
> > >> If this is a valid patent; already in; how do you accommodate that?
> > >
> > >
> > > If I were the Examiner, I would reject the claims and have the
> applicant
> > > appeal my decision.  With this particular case, I would blame the
> Examiner
> > > for passing this application to issuance.
> > >
> > And that's the problem. You assume the patent examiner has the real
> > ability to reject this patent. He or she does not. The patent examiner
> > must have a defensible reason to reject a patent, it can not be
> arbitrary.
> > There are limited tools with which they can reject a patent application.
> >
> > With Bilski, its a little easier, but it is still hard. The weight is on
> > the examiner to prove it can't be patented, the patent application is
> > assumed to be patentable otherwise. This is why absurd patents get
> > approved.
> >
> > The patent system has been destroyed by IP lawyers and it is broken.
> >
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

Hsuan-Yeh,
This is exactly the kind of ridiculous stupidity that IP and patent lawyers
do to waste people's time and money.  Again, I'll repeat my recommendation
to you, if you are serious about helping the OSS community or the industry
in general, donate your time to defend against these trolls.

http://yro.slashdot.org/story/11/10/03/2236255/Patent-Troll-Says-Anyone-Using-Wi-Fi-Infringes?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29


Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Self-introduction and more on software patent

[Matt Shields]

On Fri, Sep 30, 2011 at 2:38 PM, Hsuan-Yeh Chang  wrote:

> Thanks to many kind notes from BLU members.  I believe what I have done
> wrong is that I failed to introduce myself before speaking out.  So, here
> is
> a little bit of myself.
>
> I have a graduate degree in theoretical physics and done some real
> computations using FORTRAN, C, and other/scripting languages.  As a
> scientist, I unfortunately couldn't find any position to do science and/or
> research.  Like everyone else, I need to eat and, luckily, I found a job in
> the patent field.  That led me to pursue my law degree, which I will get in
> about a year from now.  So, I am still not qualified as a "patent lawyer,"
> but I have passed the patent bar exam and worked in the patent industry for
> quite many years.  It is a pity that I have contributed zero line of code
> in
> the open source repositories.  However, I have worked under the open source
> environment to do various things for almost 20 years.
>
> Now, a bit more about software patents.  To be clear, I am not and will not
> advocate whether software patent, or patent as a whole, is good or bad for
> the society.  I also would not conclude whether the patent system is
> screwed
> up or not.  These are of your personal opinion or belief, and I would
> respect it in any possible way.  What I was trying to do in another thread
> is to tell you folks WHAT patents are, and HOW the patent system currently
> works to the extent possible to protect the open source community.
>
> I understand many of you may have very strong feelings against software
> patents or maybe against the entire patent system.  Honestly, I am not
> surprised.  But what I hope is that if you have a different opinion, please
> focus on the point and not attack me or anyone personally.
>
> I myself have once been convinced by RMS's agenda that the government
> should
> abolish software patents entirely, and that all software patents should be
> invalid.  But after these years as a patent professional, I found that
> RMS's
> agenda has not done anything good for the open source community.  Software
> patents are still there and will still be there for quite many years if not
> decades.  Open source community must do something in parallel and not put
> all eggs in the same basket.  Don't forget, people from the other side are
> still accumulating their patent strength and are always ready to attack
> whenever time matures.
>
> In the real world, patents are often used as weapons against competing
> businesses.  Everyone knows weapons are dangerous and may serve good and
> bad
> purposes.  But it would be really really tough to eliminate weapons when
> "bearing arm" is citizen's right protected by the US constitution.  Many of
> you probably don't know that "patent protection," similar to everyone's
> liberty and property interests, is guaranteed by the US Constitution.  No
> need to explain, you would see how hard it is to persuade the Congress to
> abolish the ENTIRE patent system.
>
> Even if you want to carve out software patents, it would still be very
> difficult.  The very first question is, where do we draw the line?  Namely,
> what should be considered as software and what should not?  We know that if
> you write some codes, it's software.  But if someone uses computer codes to
> control the ABS system for automobiles in a fancifully new way, should that
> be allowed or prohibited from seeking patent protection?  That would lead
> to
> more contention and would make the already complicated patent system even
> more chaotic.  Plus, it would create more jobs for lawyers, which you guys
> probably don't want to see that happen.
>
> Enough said, I have to acknowledge that I am a human being who makes
> mistakes.  It's my mistake by stating Dr. King as ever being a lawyer.  But
> if that single mistake could lead you to believe that all my other points
> are bogus, then you are not listening.  For those of you who don't believe
> in patent attorneys, I'd like to ask:  would you learn science with an
> artist, learn art with a businessman, and learn business with a scientist?
> I personally would rather learn science with a scientist, learn art with an
> artist, and learn business with a businessman.  My two cents for your
> consideration.
>
> Hope to meet with you guys in any of the BLU meetings.
>
> HYC
> http://hsuanyeh.com
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

Welcome, officially, to the BLU list.  If you're looking for a way to
contribute to the OSS community, it doesn't have to be in code.  If you're
on your way to becoming a lawyer, how about looking at using that knowledge
to help OSS?  Contact one of the OSS organizations and see how you can help.
 I'm sure they would love to get some legal assistance, and you can add that
to your resume.

Back to patents.  Everyone keeps bringing up software patents, but I 

Re: [Discuss] How do I determine what hard drive screws I need?

[Matt Shields]

On Thu, Sep 29, 2011 at 7:41 AM, Edward Ned Harvey wrote:

> > From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> > bounces+blu=nedharvey@blu.org] On Behalf Of John Abreau
> >
> > I've got an HP ProLiant DL360 G5 server, which uses 2.5-inch SAS or
> > SATA drives.
> > The machine had no drives in it, so I ordered a couple of drives,
> > along with some
> > drive trays.
> >
> > Neither the hard drives nor the trays came with mounting screws. How do I
> > figure out what size screws I need?
> >
> > The drives are Seagate Momentus 750gb 2.5-inch SATA drives.
>
> The same way you figure out the right thread to re-attach a bolt on the
> kids' swingset in the back yard.  Bring it in to the nearest shop, where
> they'll have bins full of the screws and you can try them to make sure you
> get the right fit before buying.  Once you know the right fit, feel free to
> buy a box online, or from the local store where the guy was helpful enough
> maybe he deserves the $2 you'll be giving him instead of some online
> megamart.
>
> It really sucks if you order $0.23 worth of screws from the internet, with
> $4 shipping, and 2 days later when it arrives you discover you got the
> wrong
> ones.
>
> Hard drives all use a standard thread, but that does not necessarily mean
> they're the same for 2.5" versus 3.5" ... and when you're talking about a
> sliding rail kit in the server, you'll probably be needing the V-shaped
> countersunk head, and the length has to be just right, so they've got bite
> without going too deep and bottoming out.
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

I would try Microcenter, they'd probably be more helpful than a hardware
store.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] The America Invents Act

[Matt Shields]

On Wed, Sep 28, 2011 at 11:42 AM, Hsuan-Yeh Chang wrote:

>
> 2.  Apparently, engineering schools should consider opening at some courses
> on patent and copyright laws for future engineers.  Filing a patent
> application doesn't mean you should ultimately pursue and get a patent.  A
> patent application can be file for preventive purposes.  Because all patent
> applications will become published after 18 months, any idea thus published
> will prevent late comers in getting a patent, regardless of whether the
> person filing it eventually get a patent or not.
>
>
Absolutely.  My degree is in audio engineering (recording studio/live sound)
and we were required to take a course on copyright law taught by a former
copyright lawyer in the music industry, and that was over 15 years ago.  Why
aren't schools doing this now?

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] LVM Re: A really interesting chain of functionality

[Matt Shields]

On Tue, Sep 27, 2011 at 8:10 AM, Edward Ned Harvey wrote:

> > From: Mark Woodward [mailto:ma...@mohawksoft.com]
> >
> > I don't think this is right. Running nagios on a snapshot would do
> > nothing. A snapshot is protected from change. Typically, what you would
> > do is this:
> >
> > Create a volume, monitor it, create a snapshot to get a "point in time"
> > image of the volume, backup the snapshot, and then remove the snapshot.
> >
> > Pretty much the same model as the other things.
>
> My memory is similar to what Matt wrote.  Suppose you have a 400G volume,
> and you use a 100G volume for snapshots.  You create a snapshot, and then
> the 400G is frozen, while all new changes get written to the 100G.  When
> 100G runs out, the snapshot disappears.  I don't know if you have to
> monitor
> available usage using df on the pool, df on the snapshot, or lvdisplay or
> some other command, but I'm sure there's a command that will let you
> monitor
> the amount of space remaining in your snapshot device.  It is not allocated
> or resized dynamically.  If you want to make it reallocate dynamically,
> you're doing some pretty crazy scripting which is not necessary on other
> snapshot systems (zfs etc)
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

See previous comment.  vgdisplay and the second to last line is "Free PE /
Size".  Here's one of my desktops below.  See the bottom section, on this
150GB drive, it has 4753 x 32MB extents, I've allocated all of them to the
volume, and I have 0 free extents.  If I was building this for snapshots I
wouldn't use all the extents.

[root@mattlinux matt]# vgdisplay
  --- Volume group ---
  VG Name   vg_mattlinux
  System ID
  Formatlvm2
  Metadata Areas1
  Metadata Sequence No  4
  VG Access read/write
  VG Status resizable
  MAX LV0
  Cur LV3
  Open LV   3
  Max PV0
  Cur PV1
  Act PV1
  VG Size   148.53 GiB
  PE Size   32.00 MiB
  Total PE  4753
  Alloc PE / Size   4753 / 148.53 GiB
  Free  PE / Size   0 / 0
  VG UUID   dwP9d1-YYaJ-GisZ-8Lm4-1hiz-g1sc-XcTRMt

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] LVM Re: A really interesting chain of functionality

[Matt Shields]

On Mon, Sep 26, 2011 at 10:17 PM, Bill Bogstad  wrote:

> On Mon, Sep 26, 2011 at 9:45 PM, Mark Woodward 
> wrote:
> > On 09/26/2011 07:17 PM, Edward Ned Harvey wrote:
> >>
> >> So, this all serves to rather emphasize my point, which is to say...
> >> (LVM) Create snapshot, mount it, monitor it with nagios or whatever,
> >> lvextend it, lvextend the filesystem, resize2fs, unmount and release
> >> snapshot...
> >> versus
> >> (ZFS, Netapp, Volume Shadow Services, etc.)  Do nothing, and don't worry
> >> about it.  It's all automatic and dynamic and just works.
> >
> > I don't think this is right. Running nagios on a snapshot would do
> nothing.
> > A snapshot is protected from change.
>
> This is neither true in the logical nor physical sense with LVM.   It
> was never true in a physical sense, in that the storage for the
> snapshot is slowly used up due to copy-on-write as applications write
> to the original copy of the filesystem.   It's not true in the logical
> sense because LVM snapshots have actually been read/write for quite a
> while.  A common usage pattern for this appears to be when you want
> multiple copies of essentially the same virtual machine image.
> You start with a single gold copy and then create writable snapshots
> for each virtual machine.
>
> Bill Bogstad
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

Correct, but from the way it's been desribed to me.  If you have a 500GB
drive, and only allocated 400GB, the 100GB becomes like a scratch space.
 When you take a snapshot, the 400GB volume is frozen and all changes (both
original and snapshot) go to the unallocated space.  If you run vgdisplay,
there will be a line that says "Free PE / Size".  If this get's to 0 while
you have a snapshot, the snapshot will release so all those changes can be
written back to the main volume.

You can also take as many snapshots as you want.  For example, in the past I
had a QA department that needed weekly refreshes of a MySQL database which
were over 750GB.  Copying and restoring would take too long and they
couldn't afford to be down that long.  They also needed a MySQL master-slave
setup, but at the time we couldn't give them more than a single server.  So
we bumped up the memory on the server, attached it to a 4TB volume on the
SAN.  Then we setup mysql in /var/lib/mysql (running on a separate IP and
port) mounted as a 1TB volume on the SAN drive (notice only 25% allocated).
 This copy of MySQL was a slave process of what was running in production,
so it's always up to date with the latest copy, but is a read-only copy.

Next to give QA a working master and slave with the most recent data, I
wrote a script that shuts down MySQL(prod-slave), snapshots /var/lib/mysql
to /var/lib/mysql-master and /var/lib/mysql-slave, then starts MySQL
(prod-slave) back up and starts replicating again.  Next a couple of cleanup
processes were run against the two snapshot folders so they wouldn't try to
replicate from production.  Starts mysql on QA-master and QA-slave, then
rans a few more commands to make the slave instance a slave of the master
instance.  Running my snapshot script took gave our QA department a fresh
snapshot of 750GB of data in about 1 minute.

The to keep track of the unused 75% of the volume since changes from all
three volumes were writing to it, I had a nagios process that monitored the
SAN drive's "Free PE / Size", so when it got to a certain threshold if QA
hadn't requested a refresh we told them it was about time.  If anyone's
interested I'll dig through my archive to see if I can find my script,
although I might have to clean them up a bit.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] LVM Re: A really interesting chain of functionality

[Matt Shields]

On Mon, Sep 26, 2011 at 12:15 PM, Rich Braun  wrote:

> The open-source LVM manager in Linux provides excellent _read_ performance.
> Where it suffers relative to commercial products (NetApp, Isilon, et al) is
> the _write_ performance.
>
> In this thread, a criticism is leveled that it eats up disk space.  Well,
> if
> you were to allocate 2x the storage of your runtime volume, you'd never run
> out of space on a given snapshot.  With 2TB drives dropping under $100
> these
> days, I hardly see that space is much of a criterion when planning to use
> LVM
> or not.  If you want to create a lot of active snapshots, then this might
> be a
> consideration.
>
> Each active snapshot drops write performance due to the copy-on-write
> implementation.  (I'm not sure why the open-source product persists in this
> requirement, perhaps there are no active developers looking into this
> problem--there are other ways to attack this problem which would provide
> better performance.  Future versions of LVM will someday drop the
> copy-on-write implementation.)
>
> But as some have noted here, this is only a problem for active filesystems
> that see a lot of scattered writes.  Compare an SVN server with a MySQL
> server.  The impact of copy-on-write is far greater on a large (50GB+)
> InnoDB
> database tied to an active social-networking site than on a modest (10GB)
> source-code repository.  If frequently-updated files are a small percentage
> of
> your overall dataset, then snapshots are not much of a performance
> factor--especially (as is typical in case of developer teams) most of the
> activity causes updates to the same files.
>
> There are many applications where the performance hit is negligible, or at
> least outweighed by the benefit of fast file recovery or other capabilities
> that snapshots provide.
>
> -rich
>
>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

As far as eating disk space, this depends on how many changes happen between
when you take the snapshot and when you release it.  If you have a 500GB
drive, 400GB allocated to the volume, and 100GB free for snapshots, then you
can alter your data 4x (assuming you're using 100% available space).  The
math isn't exact but it's usually fairly close.  There are also commands you
can use to monitor the free space.

>From what I've seen when I used LVM it's not meant to keep the snapshot
longterm, it's meant to grab a picture of the contents at a point in time
without having other processes change the files then move it to where you
can do something else with it.  So a perfect example is a backup of MySQL.
 You cannot copy the MySQL files why MySQL is running.  So shutdown MySQL,
take a snapshot, start MySQL, copy the snapshot to wherever you want since
it won't affect the running version, when the copy is done stop MySQL,
release snapshot, start MySQL again, then go over to your other system and
work with that copy you made.

The problem I've seen with LVM is that people are running it with one or two
physical drives and they're complaining about performance problems.  In the
past I've built a database that had a SAN backend (numerous physical
drives), the volume was managed by LVM and the physical drives had enough
spindles to deal with read/write performance even since there was a higher
than normal load.  Think of it this way, without LVM if your drives started
having more IOPS, how do you solve the latency issue?  Add more drives.

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook 
Follow us on Twitter 
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] How do rack vendors compare?

[Matt Shields]

On Thu, Sep 22, 2011 at 1:51 PM, Derek Atkins  wrote:

> Hey all,
>
> I'm looking to install some basic 19" racks in my house/basement to make
> it easier to mount some of my home networking equipment, including about
> 200 wire terminations for ethernet, cable, and phone, and a couple
> computers (e.g. MythTV and such).
>
> Does anyone have any good (or anti-) recommendations for inexpensive
> four-post racks?  Tripp Lite?  Intellinet?
>
> Also, are there any good guides or how-tos where I can learn how to
> lay out my room?
>
> -derek
> --
>   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>   Member, MIT Student Information Processing Board  (SIPB)
>   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
>   warl...@mit.eduPGP key available
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss


Out of the totally enclosed racks (closets) I've used the APC and HP (yes,
the computer maker) racks and both are very good.  I can't remember which
manufacturer I used to use for open racks.  Pretty much any manufacturer
will do but the biggest thing is quality of the product and has the options
you want (cable runs, square or hole mounting, cooling, etc)

Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss